diff --git a/Cargo.toml b/Cargo.toml index 051e55f..fc645d1 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rustls-pki-types" -version = "1.10.1" +version = "1.11.0" edition = "2021" rust-version = "1.60" license = "MIT OR Apache-2.0" diff --git a/src/alg_id.rs b/src/alg_id.rs new file mode 100644 index 0000000..637027d --- /dev/null +++ b/src/alg_id.rs @@ -0,0 +1,271 @@ +//! Common values of the PKIX [`AlgorithmIdentifier`] type. +//! +//! If you need to use an [`AlgorithmIdentifier`] not defined here, +//! you can define it locally. + +use super::AlgorithmIdentifier; + +// See src/data/README.md. + +/// AlgorithmIdentifier for `id-ecPublicKey` with named curve `secp256r1`. +/// +/// This is: +/// +/// ```text +/// # ecPublicKey +/// OBJECT_IDENTIFIER { 1.2.840.10045.2.1 } +/// # secp256r1 +/// OBJECT_IDENTIFIER { 1.2.840.10045.3.1.7 } +/// ``` +pub const ECDSA_P256: AlgorithmIdentifier = + AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-p256.der")); + +/// AlgorithmIdentifier for `id-ecPublicKey` with named curve `secp384r1`. +/// +/// This is: +/// +/// ```text +/// # ecPublicKey +/// OBJECT_IDENTIFIER { 1.2.840.10045.2.1 } +/// # secp384r1 +/// OBJECT_IDENTIFIER { 1.3.132.0.34 } +/// ``` +pub const ECDSA_P384: AlgorithmIdentifier = + AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-p384.der")); + +/// AlgorithmIdentifier for `id-ecPublicKey` with named curve `secp521r1`. +/// +/// This is: +/// +/// ```text +/// # ecPublicKey +/// OBJECT_IDENTIFIER { 1.2.840.10045.2.1 } +/// # secp521r1 +/// OBJECT_IDENTIFIER { 1.3.132.0.35 } +/// ``` +pub const ECDSA_P521: AlgorithmIdentifier = + AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-p521.der")); + +/// AlgorithmIdentifier for `ecdsa-with-SHA256`. +/// +/// This is: +/// +/// ```text +/// # ecdsa-with-SHA256 +/// OBJECT_IDENTIFIER { 1.2.840.10045.4.3.2 } +/// ``` +pub const ECDSA_SHA256: AlgorithmIdentifier = + AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-sha256.der")); + +/// AlgorithmIdentifier for `ecdsa-with-SHA384`. +/// +/// This is: +/// +/// ```text +/// # ecdsa-with-SHA384 +/// OBJECT_IDENTIFIER { 1.2.840.10045.4.3.3 } +/// ``` +pub const ECDSA_SHA384: AlgorithmIdentifier = + AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-sha384.der")); + +/// AlgorithmIdentifier for `ecdsa-with-SHA512`. +/// +/// This is: +/// +/// ```text +/// # ecdsa-with-SHA512 +/// OBJECT_IDENTIFIER { 1.2.840.10045.4.3.4 } +/// ``` +pub const ECDSA_SHA512: AlgorithmIdentifier = + AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-sha512.der")); + +/// AlgorithmIdentifier for `rsaEncryption`. +/// +/// This is: +/// +/// ```text +/// # rsaEncryption +/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.1 } +/// NULL {} +/// ``` +pub const RSA_ENCRYPTION: AlgorithmIdentifier = + AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-encryption.der")); + +/// AlgorithmIdentifier for `sha256WithRSAEncryption`. +/// +/// This is: +/// +/// ```text +/// # sha256WithRSAEncryption +/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.11 } +/// NULL {} +/// ``` +pub const RSA_PKCS1_SHA256: AlgorithmIdentifier = + AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pkcs1-sha256.der")); + +/// AlgorithmIdentifier for `sha384WithRSAEncryption`. +/// +/// This is: +/// +/// ```text +/// # sha384WithRSAEncryption +/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.12 } +/// NULL {} +/// ``` +pub const RSA_PKCS1_SHA384: AlgorithmIdentifier = + AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pkcs1-sha384.der")); + +/// AlgorithmIdentifier for `sha512WithRSAEncryption`. +/// +/// This is: +/// +/// ```text +/// # sha512WithRSAEncryption +/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.13 } +/// NULL {} +/// ``` +pub const RSA_PKCS1_SHA512: AlgorithmIdentifier = + AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pkcs1-sha512.der")); + +/// AlgorithmIdentifier for `rsassaPss` with: +/// +/// - hashAlgorithm: sha256 +/// - maskGenAlgorithm: mgf1 with sha256 +/// - saltLength: 32 +/// +/// This is: +/// +/// ```text +/// # rsassa-pss +/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 } +/// SEQUENCE { +/// # hashAlgorithm: +/// [0] { +/// SEQUENCE { +/// # sha256 +/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.1 } +/// NULL {} +/// } +/// } +/// # maskGenAlgorithm: +/// [1] { +/// SEQUENCE { +/// # mgf1 +/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 } +/// SEQUENCE { +/// # sha256 +/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.1 } +/// NULL {} +/// } +/// } +/// } +/// # saltLength: +/// [2] { +/// INTEGER { 32 } +/// } +/// } +/// ``` +/// +/// See for +/// the meaning of the context-specific tags. +pub const RSA_PSS_SHA256: AlgorithmIdentifier = + AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pss-sha256.der")); + +/// AlgorithmIdentifier for `rsassaPss` with: +/// +/// - hashAlgorithm: sha384 +/// - maskGenAlgorithm: mgf1 with sha384 +/// - saltLength: 48 +/// +/// This is: +/// +/// ```text +/// # rsassa-pss +/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 } +/// SEQUENCE { +/// # hashAlgorithm: +/// [0] { +/// SEQUENCE { +/// # sha384 +/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.2 } +/// NULL {} +/// } +/// } +/// # maskGenAlgorithm: +/// [1] { +/// SEQUENCE { +/// # mgf1 +/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 } +/// SEQUENCE { +/// # sha384 +/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.2 } +/// NULL {} +/// } +/// } +/// } +/// # saltLength: +/// [2] { +/// INTEGER { 48 } +/// } +/// } +/// ``` +/// +/// See for +/// the meaning of the context-specific tags. +pub const RSA_PSS_SHA384: AlgorithmIdentifier = + AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pss-sha384.der")); + +/// AlgorithmIdentifier for `rsassaPss` with: +/// +/// - hashAlgorithm: sha512 +/// - maskGenAlgorithm: mgf1 with sha512 +/// - saltLength: 64 +/// +/// This is: +/// +/// ```text +/// # rsassa-pss +/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 } +/// SEQUENCE { +/// # hashAlgorithm: +/// [0] { +/// SEQUENCE { +/// # sha512 +/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.3 } +/// NULL {} +/// } +/// } +/// # maskGenAlgorithm: +/// [1] { +/// SEQUENCE { +/// # mgf1 +/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 } +/// SEQUENCE { +/// # sha512 +/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.3 } +/// NULL {} +/// } +/// } +/// } +/// # saltLength: +/// [2] { +/// INTEGER { 64 } +/// } +/// } +/// ``` +/// +/// See for +/// the meaning of the context-specific tags. +pub const RSA_PSS_SHA512: AlgorithmIdentifier = + AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pss-sha512.der")); + +/// AlgorithmIdentifier for `ED25519`. +/// +/// This is: +/// +/// ```text +/// # ed25519 +/// OBJECT_IDENTIFIER { 1.3.101.112 } +/// ``` +pub const ED25519: AlgorithmIdentifier = + AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ed25519.der")); diff --git a/src/data/README.md b/src/data/README.md new file mode 100644 index 0000000..45cf697 --- /dev/null +++ b/src/data/README.md @@ -0,0 +1,21 @@ +These files contain the binary DER encoding of the *values* of some +ASN.1 [`AlgorithmIdentifier`]s, without the outer `SEQUENCE` tag or the outer +length component. + +These files were encoded with the help of [der-ascii]. They can be decoded +using: + +```sh +go install github.com/google/der-ascii/cmd/der2ascii@latest +der2ascii -i -o .ascii +``` + +New or modified der-ascii files can be encoded using: + +```sh +go install github.com/google/der-ascii/cmd/ascii2der@latest +ascii2der i .ascii -o +``` + +[`AlgorithmIdentifier`]: https://tools.ietf.org/html/rfc5280#section-4.1.1.2] +[der-ascii]: https://github.com/google/der-ascii diff --git a/src/data/alg-ecdsa-p256.der b/src/data/alg-ecdsa-p256.der new file mode 100644 index 0000000..d49c30d --- /dev/null +++ b/src/data/alg-ecdsa-p256.der @@ -0,0 +1 @@ +*†HÎ=*†HÎ= \ No newline at end of file diff --git a/src/data/alg-ecdsa-p384.der b/src/data/alg-ecdsa-p384.der new file mode 100644 index 0000000..8b24916 Binary files /dev/null and b/src/data/alg-ecdsa-p384.der differ diff --git a/src/data/alg-ecdsa-p521.der b/src/data/alg-ecdsa-p521.der new file mode 100644 index 0000000..9ad544c Binary files /dev/null and b/src/data/alg-ecdsa-p521.der differ diff --git a/src/data/alg-ecdsa-sha256.der b/src/data/alg-ecdsa-sha256.der new file mode 100644 index 0000000..b2ee128 --- /dev/null +++ b/src/data/alg-ecdsa-sha256.der @@ -0,0 +1 @@ +*†HÎ= \ No newline at end of file diff --git a/src/data/alg-ecdsa-sha384.der b/src/data/alg-ecdsa-sha384.der new file mode 100644 index 0000000..7c61d3a --- /dev/null +++ b/src/data/alg-ecdsa-sha384.der @@ -0,0 +1 @@ +*†HÎ= \ No newline at end of file diff --git a/src/data/alg-ecdsa-sha512.der b/src/data/alg-ecdsa-sha512.der new file mode 100644 index 0000000..d87b899 --- /dev/null +++ b/src/data/alg-ecdsa-sha512.der @@ -0,0 +1 @@ +*†HÎ= \ No newline at end of file diff --git a/src/data/alg-ed25519.der b/src/data/alg-ed25519.der new file mode 100644 index 0000000..7ca46fd --- /dev/null +++ b/src/data/alg-ed25519.der @@ -0,0 +1 @@ ++ep \ No newline at end of file diff --git a/src/data/alg-rsa-encryption.der b/src/data/alg-rsa-encryption.der new file mode 100644 index 0000000..77d159a Binary files /dev/null and b/src/data/alg-rsa-encryption.der differ diff --git a/src/data/alg-rsa-pkcs1-sha256.der b/src/data/alg-rsa-pkcs1-sha256.der new file mode 100644 index 0000000..ab52bcd Binary files /dev/null and b/src/data/alg-rsa-pkcs1-sha256.der differ diff --git a/src/data/alg-rsa-pkcs1-sha384.der b/src/data/alg-rsa-pkcs1-sha384.der new file mode 100644 index 0000000..c0d43b1 Binary files /dev/null and b/src/data/alg-rsa-pkcs1-sha384.der differ diff --git a/src/data/alg-rsa-pkcs1-sha512.der b/src/data/alg-rsa-pkcs1-sha512.der new file mode 100644 index 0000000..71aded5 Binary files /dev/null and b/src/data/alg-rsa-pkcs1-sha512.der differ diff --git a/src/data/alg-rsa-pss-sha256.der b/src/data/alg-rsa-pss-sha256.der new file mode 100644 index 0000000..87328f7 Binary files /dev/null and b/src/data/alg-rsa-pss-sha256.der differ diff --git a/src/data/alg-rsa-pss-sha384.der b/src/data/alg-rsa-pss-sha384.der new file mode 100644 index 0000000..9c3b170 Binary files /dev/null and b/src/data/alg-rsa-pss-sha384.der differ diff --git a/src/data/alg-rsa-pss-sha512.der b/src/data/alg-rsa-pss-sha512.der new file mode 100644 index 0000000..c0ad57d Binary files /dev/null and b/src/data/alg-rsa-pss-sha512.der differ diff --git a/src/lib.rs b/src/lib.rs index 20dc4b9..358abd8 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -83,6 +83,7 @@ use std::time::SystemTime; #[cfg(all(target_family = "wasm", target_os = "unknown", feature = "web"))] use web_time::SystemTime; +pub mod alg_id; mod base64; mod server_name; @@ -914,7 +915,8 @@ pub struct InvalidSignature; /// The outer sequence encoding is *not included*, so this is the DER encoding /// of an OID for `algorithm` plus the `parameters` value. /// -/// For example, this is the `rsaEncryption` algorithm: +/// For example, this is the `rsaEncryption` algorithm (but prefer to use the constant +/// [`alg_id::RSA_ENCRYPTION`] instead): /// /// ``` /// let rsa_encryption = rustls_pki_types::AlgorithmIdentifier::from_slice( @@ -925,7 +927,10 @@ pub struct InvalidSignature; /// 0x05, 0x00 /// ] /// ); +/// assert_eq!(rustls_pki_types::alg_id::RSA_ENCRYPTION, rsa_encryption); /// ``` +/// +/// Common values for this type are provided in the [`alg_id`] module. #[derive(Clone, Copy, PartialEq, Eq)] pub struct AlgorithmIdentifier(&'static [u8]);