Skip to content

Commit

Permalink
Support PEM decoding for EchConfigListBytes
Browse files Browse the repository at this point in the history
  • Loading branch information
ctz committed Sep 27, 2024
1 parent f7d8e7d commit eab3852
Show file tree
Hide file tree
Showing 5 changed files with 45 additions and 4 deletions.
5 changes: 5 additions & 0 deletions src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -761,6 +761,11 @@ impl EchConfigListBytes<'_> {
}
}

#[cfg(feature = "alloc")]
impl PemObjectFilter for EchConfigListBytes<'static> {
const KIND: SectionKind = SectionKind::EchConfigList;
}

impl fmt::Debug for EchConfigListBytes<'_> {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
hex(f, self.as_ref())
Expand Down
11 changes: 10 additions & 1 deletion src/pem.rs
Original file line number Diff line number Diff line change
Expand Up @@ -357,13 +357,21 @@ pub enum SectionKind {
///
/// Appears as "CERTIFICATE REQUEST" in PEM files.
Csr,

/// An EchConfigList structure, as specified in
/// <https://www.ietf.org/archive/id/draft-farrell-tls-pemesni-05.html>.
///
/// Appears as "ECHCONFIG" in PEM files.
EchConfigList,
}

impl SectionKind {
fn secret(&self) -> bool {
match self {
Self::RsaPrivateKey | Self::PrivateKey | Self::EcPrivateKey => true,
Self::Certificate | Self::PublicKey | Self::Crl | Self::Csr => false,
Self::Certificate | Self::PublicKey | Self::Crl | Self::Csr | Self::EchConfigList => {
false
}
}
}
}
Expand All @@ -380,6 +388,7 @@ impl TryFrom<&[u8]> for SectionKind {
b"EC PRIVATE KEY" => Self::EcPrivateKey,
b"X509 CRL" => Self::Crl,
b"CERTIFICATE REQUEST" => Self::Csr,
b"ECHCONFIG" => Self::EchConfigList,
_ => return Err(()),
})
}
Expand Down
7 changes: 7 additions & 0 deletions tests/data/ech.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VuBCIEICjd4yGRdsoP9gU7YT7My8DHx1Tjme8GYDXrOMCi8v1V
-----END PRIVATE KEY-----
-----BEGIN ECHCONFIG-----
AD7+DQA65wAgACA8wVN2BtscOl3vQheUzHeIkVmKIiydUhDCliA4iyQRCwAEAAEA
AQALZXhhbXBsZS5jb20AAA==
-----END ECHCONFIG-----
4 changes: 4 additions & 0 deletions tests/data/zen.pem
Original file line number Diff line number Diff line change
Expand Up @@ -162,4 +162,8 @@ gdiZyLcf1VDCCUGaskEi2CsggCQQJNyGi+8BSQ8MPKm/m0KrSchGQ157eWCCjopz
f5GQe2UGOg5T7g8+S4GdECMwkMlTGUwlAM6LuOG/NZqP528PCAYQv0eOYdSwALQT
GwTyU4AZ9y1uBFuaFxABew9GbDEtNY/XHTF8308edUwGBk6jfD+UuTeEwRZGs9E=
-----END CERTIFICATE REQUEST-----
-----BEGIN ECHCONFIG-----
AD7+DQA65wAgACA8wVN2BtscOl3vQheUzHeIkVmKIiydUhDCliA4iyQRCwAEAAEA
AQALZXhhbXBsZS5jb20AAA==
-----END ECHCONFIG-----
... that's all folks!
22 changes: 19 additions & 3 deletions tests/pem.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,9 @@ use std::io::Cursor;

use rustls_pki_types::pem::PemObject;
use rustls_pki_types::{
pem, CertificateDer, CertificateRevocationListDer, CertificateSigningRequestDer, PrivateKeyDer,
PrivatePkcs1KeyDer, PrivatePkcs8KeyDer, PrivateSec1KeyDer, SubjectPublicKeyInfoDer,
pem, CertificateDer, CertificateRevocationListDer, CertificateSigningRequestDer,
EchConfigListBytes, PrivateKeyDer, PrivatePkcs1KeyDer, PrivatePkcs8KeyDer, PrivateSec1KeyDer,
SubjectPublicKeyInfoDer,
};

#[test]
Expand Down Expand Up @@ -180,6 +181,20 @@ fn crls() {
);
}

#[test]
fn ech_config() {
let data = include_bytes!("data/zen.pem");

EchConfigListBytes::from_pem_slice(data).unwrap();
EchConfigListBytes::from_pem_reader(&mut Cursor::new(&data[..])).unwrap();
EchConfigListBytes::from_pem_file("tests/data/zen.pem").unwrap();

assert!(matches!(
EchConfigListBytes::from_pem_file("tests/data/certificate.chain.pem").unwrap_err(),
pem::Error::NoItemsFound
));
}

#[test]
fn certificates_with_binary() {
let data = include_bytes!("data/gunk.pem");
Expand Down Expand Up @@ -212,7 +227,7 @@ fn parse_in_order() {
let items = <(pem::SectionKind, Vec<u8>) as PemObject>::pem_slice_iter(data)
.collect::<Result<Vec<_>, _>>()
.unwrap();
assert_eq!(items.len(), 11);
assert_eq!(items.len(), 12);
assert!(matches!(items[0], (pem::SectionKind::Certificate, _)));
assert!(matches!(items[1], (pem::SectionKind::Certificate, _)));
assert!(matches!(items[2], (pem::SectionKind::Certificate, _)));
Expand All @@ -224,6 +239,7 @@ fn parse_in_order() {
assert!(matches!(items[8], (pem::SectionKind::PrivateKey, _)));
assert!(matches!(items[9], (pem::SectionKind::Crl, _)));
assert!(matches!(items[10], (pem::SectionKind::Csr, _)));
assert!(matches!(items[11], (pem::SectionKind::EchConfigList, _)));
}

#[test]
Expand Down

0 comments on commit eab3852

Please sign in to comment.