Move AlgorithmIdentifier values to here from rustls-webpki

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "rustls-pki-types"
-version = "1.10.1"
+version = "1.11.0"
 edition = "2021"
 rust-version = "1.60"
 license = "MIT OR Apache-2.0"

src/alg_id.rs

@@ -0,0 +1,271 @@
+//! Common values of the PKIX [`AlgorithmIdentifier`] type.
+//!
+//! If you need to use an [`AlgorithmIdentifier`] not defined here,
+//! you can define it locally.
+
+use super::AlgorithmIdentifier;
+
+// See src/data/README.md.
+
+/// AlgorithmIdentifier for `id-ecPublicKey` with named curve `secp256r1`.
+///
+/// This is:
+///
+/// ```text
+/// # ecPublicKey
+/// OBJECT_IDENTIFIER { 1.2.840.10045.2.1 }
+/// # secp256r1
+/// OBJECT_IDENTIFIER { 1.2.840.10045.3.1.7 }
+/// ```
+pub const ECDSA_P256: AlgorithmIdentifier =
+    AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-p256.der"));
+
+/// AlgorithmIdentifier for `id-ecPublicKey` with named curve `secp384r1`.
+///
+/// This is:
+///
+/// ```text
+/// # ecPublicKey
+/// OBJECT_IDENTIFIER { 1.2.840.10045.2.1 }
+/// # secp384r1
+/// OBJECT_IDENTIFIER { 1.3.132.0.34 }
+/// ```
+pub const ECDSA_P384: AlgorithmIdentifier =
+    AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-p384.der"));
+
+/// AlgorithmIdentifier for `id-ecPublicKey` with named curve `secp521r1`.
+///
+/// This is:
+///
+/// ```text
+/// # ecPublicKey
+/// OBJECT_IDENTIFIER { 1.2.840.10045.2.1 }
+/// # secp521r1
+/// OBJECT_IDENTIFIER { 1.3.132.0.35 }
+/// ```
+pub const ECDSA_P521: AlgorithmIdentifier =
+    AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-p521.der"));
+
+/// AlgorithmIdentifier for `ecdsa-with-SHA256`.
+///
+/// This is:
+///
+/// ```text
+/// # ecdsa-with-SHA256
+/// OBJECT_IDENTIFIER { 1.2.840.10045.4.3.2 }
+/// ```
+pub const ECDSA_SHA256: AlgorithmIdentifier =
+    AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-sha256.der"));
+
+/// AlgorithmIdentifier for `ecdsa-with-SHA384`.
+///
+/// This is:
+///
+/// ```text
+/// # ecdsa-with-SHA384
+/// OBJECT_IDENTIFIER { 1.2.840.10045.4.3.3 }
+/// ```
+pub const ECDSA_SHA384: AlgorithmIdentifier =
+    AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-sha384.der"));
+
+/// AlgorithmIdentifier for `ecdsa-with-SHA512`.
+///
+/// This is:
+///
+/// ```text
+/// # ecdsa-with-SHA512
+/// OBJECT_IDENTIFIER { 1.2.840.10045.4.3.4 }
+/// ```
+pub const ECDSA_SHA512: AlgorithmIdentifier =
+    AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-sha512.der"));
+
+/// AlgorithmIdentifier for `rsaEncryption`.
+///
+/// This is:
+///
+/// ```text
+/// # rsaEncryption
+/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.1 }
+/// NULL {}
+/// ```
+pub const RSA_ENCRYPTION: AlgorithmIdentifier =
+    AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-encryption.der"));
+
+/// AlgorithmIdentifier for `sha256WithRSAEncryption`.
+///
+/// This is:
+///
+/// ```text
+/// # sha256WithRSAEncryption
+/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.11 }
+/// NULL {}
+/// ```
+pub const RSA_PKCS1_SHA256: AlgorithmIdentifier =
+    AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pkcs1-sha256.der"));
+
+/// AlgorithmIdentifier for `sha384WithRSAEncryption`.
+///
+/// This is:
+///
+/// ```text
+/// # sha384WithRSAEncryption
+/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.12 }
+/// NULL {}
+/// ```
+pub const RSA_PKCS1_SHA384: AlgorithmIdentifier =
+    AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pkcs1-sha384.der"));
+
+/// AlgorithmIdentifier for `sha512WithRSAEncryption`.
+///
+/// This is:
+///
+/// ```text
+/// # sha512WithRSAEncryption
+/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.13 }
+/// NULL {}
+/// ```
+pub const RSA_PKCS1_SHA512: AlgorithmIdentifier =
+    AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pkcs1-sha512.der"));
+
+/// AlgorithmIdentifier for `rsassaPss` with:
+///
+/// - hashAlgorithm: sha256
+/// - maskGenAlgorithm: mgf1 with sha256
+/// - saltLength: 32
+///
+/// This is:
+///
+/// ```text
+/// # rsassa-pss
+/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 }
+/// SEQUENCE {
+///   # hashAlgorithm:
+///   [0] {
+///     SEQUENCE {
+///       # sha256
+///       OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.1 }
+///       NULL {}
+///     }
+///   }
+///   # maskGenAlgorithm:
+///   [1] {
+///     SEQUENCE {
+///       # mgf1
+///       OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 }
+///       SEQUENCE {
+///         # sha256
+///         OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.1 }
+///         NULL {}
+///       }
+///     }
+///   }
+///   # saltLength:
+///   [2] {
+///     INTEGER { 32 }
+///   }
+/// }
+/// ```
+///
+/// See <https://datatracker.ietf.org/doc/html/rfc4055#section-3.1> for
+/// the meaning of the context-specific tags.
+pub const RSA_PSS_SHA256: AlgorithmIdentifier =
+    AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pss-sha256.der"));
+
+/// AlgorithmIdentifier for `rsassaPss` with:
+///
+/// - hashAlgorithm: sha384
+/// - maskGenAlgorithm: mgf1 with sha384
+/// - saltLength: 48
+///
+/// This is:
+///
+/// ```text
+/// # rsassa-pss
+/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 }
+/// SEQUENCE {
+///   # hashAlgorithm:
+///   [0] {
+///     SEQUENCE {
+///       # sha384
+///       OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.2 }
+///       NULL {}
+///     }
+///   }
+///   # maskGenAlgorithm:
+///   [1] {
+///     SEQUENCE {
+///       # mgf1
+///       OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 }
+///       SEQUENCE {
+///         # sha384
+///         OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.2 }
+///         NULL {}
+///       }
+///     }
+///   }
+///   # saltLength:
+///   [2] {
+///     INTEGER { 48 }
+///   }
+/// }
+/// ```
+///
+/// See <https://datatracker.ietf.org/doc/html/rfc4055#section-3.1> for
+/// the meaning of the context-specific tags.
+pub const RSA_PSS_SHA384: AlgorithmIdentifier =
+    AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pss-sha384.der"));
+
+/// AlgorithmIdentifier for `rsassaPss` with:
+///
+/// - hashAlgorithm: sha512
+/// - maskGenAlgorithm: mgf1 with sha512
+/// - saltLength: 64
+///
+/// This is:
+///
+/// ```text
+/// # rsassa-pss
+/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 }
+/// SEQUENCE {
+///   # hashAlgorithm:
+///   [0] {
+///     SEQUENCE {
+///       # sha512
+///       OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.3 }
+///       NULL {}
+///     }
+///   }
+///   # maskGenAlgorithm:
+///   [1] {
+///     SEQUENCE {
+///       # mgf1
+///       OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 }
+///       SEQUENCE {
+///         # sha512
+///         OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.3 }
+///         NULL {}
+///       }
+///     }
+///   }
+///   # saltLength:
+///   [2] {
+///     INTEGER { 64 }
+///   }
+/// }
+/// ```
+///
+/// See <https://datatracker.ietf.org/doc/html/rfc4055#section-3.1> for
+/// the meaning of the context-specific tags.
+pub const RSA_PSS_SHA512: AlgorithmIdentifier =
+    AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pss-sha512.der"));
+
+/// AlgorithmIdentifier for `ED25519`.
+///
+/// This is:
+///
+/// ```text
+/// # ed25519
+/// OBJECT_IDENTIFIER { 1.3.101.112 }
+/// ```
+pub const ED25519: AlgorithmIdentifier =
+    AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ed25519.der"));

src/data/README.md

@@ -0,0 +1,21 @@
+These files contain the binary DER encoding of the *values* of some
+ASN.1 [`AlgorithmIdentifier`]s, without the outer `SEQUENCE` tag or the outer
+length component.
+
+These files were encoded with the help of [der-ascii]. They can be decoded
+using:
+
+```sh
+go install github.com/google/der-ascii/cmd/der2ascii@latest
+der2ascii -i <filename> -o <filename>.ascii
+```
+
+New or modified der-ascii files can be encoded using:
+
+```sh
+go install github.com/google/der-ascii/cmd/ascii2der@latest
+ascii2der i <filename>.ascii -o <filename>
+```
+
+[`AlgorithmIdentifier`]: https://tools.ietf.org/html/rfc5280#section-4.1.1.2]
+[der-ascii]: https://github.com/google/der-ascii

src/data/alg-ecdsa-p256.der

@@ -0,0 +1 @@
+*†HÎ=
*†HÎ=


src/data/alg-ecdsa-sha256.der

@@ -0,0 +1 @@
+*†HÎ=

src/data/alg-ecdsa-sha384.der

@@ -0,0 +1 @@
+*†HÎ=

src/data/alg-ecdsa-sha512.der

@@ -0,0 +1 @@
+*†HÎ=

src/data/alg-ed25519.der

@@ -0,0 +1 @@
++ep

src/lib.rs

@@ -83,6 +83,7 @@ use std::time::SystemTime;
 #[cfg(all(target_family = "wasm", target_os = "unknown", feature = "web"))]
 use web_time::SystemTime;
 
+pub mod alg_id;
 mod base64;
 mod server_name;
 
@@ -914,7 +915,8 @@ pub struct InvalidSignature;
 /// The outer sequence encoding is *not included*, so this is the DER encoding
 /// of an OID for `algorithm` plus the `parameters` value.
 ///
-/// For example, this is the `rsaEncryption` algorithm:
+/// For example, this is the `rsaEncryption` algorithm (but prefer to use the constant
+/// [`alg_id::RSA_ENCRYPTION`] instead):
 ///
 /// ```
 /// let rsa_encryption = rustls_pki_types::AlgorithmIdentifier::from_slice(
@@ -925,7 +927,10 @@ pub struct InvalidSignature;
 ///         0x05, 0x00
 ///     ]
 /// );
+/// assert_eq!(rustls_pki_types::alg_id::RSA_ENCRYPTION, rsa_encryption);
 /// ```
+///
+/// Common values for this type are provided in the [`alg_id`] module.
 #[derive(Clone, Copy, PartialEq, Eq)]
 pub struct AlgorithmIdentifier(&'static [u8]);