pkcs12: initial types with decoders/encoders

pkcs12/Cargo.toml

@@ -15,14 +15,19 @@ edition = "2021"
 rust-version = "1.65"
 
 [dependencies]
-der = { version = "0.7.8", features = ["alloc"] }
-zeroize = "1.6"
-
-# optional dependencies
-digest = { version = "0.10.7", features = ["alloc"], optional = true }
+der = { version = "0.7.8", features = ["alloc", "derive", "oid", "pem"] }
+spki = { version = "0.7" }
+x509-cert = { version = "0.2.3", default-features = false, features = ["pem"] }
+const-oid = { version = "0.9", features = ["db"] } # TODO: path = "../const-oid"
+cms = "0.2.1"
+digest = { version = "0.10.7", features=["alloc"], optional = true }
+zeroize = "1.6.0"
 
 [dev-dependencies]
-hex-literal = "0.4"
+hex-literal = "0.3.3"
+pkcs8 = { version = "0.10.2", features = ["pkcs5", "getrandom"] }
+pkcs5 = {version = "0.7.1", features = ["pbes2", "3des"]}
+subtle-encoding = "0.5.1"
 sha2 = "0.10.7"
 whirlpool = "0.10.4"
 
@@ -32,3 +37,4 @@ kdf = ["dep:digest"]
 [package.metadata.docs.rs]
 all-features = true
 rustdoc-args = ["--cfg", "docsrs"]
+

pkcs12/src/authenticated_safe.rs

@@ -0,0 +1,16 @@
+//! AuthenticatedSafe-related types
+
+use alloc::vec::Vec;
+use cms::content_info::ContentInfo;
+
+/// The `AuthenticatedSafe` type is defined in [RFC 7292 Section 4.1].
+///
+/// ```text
+/// AuthenticatedSafe ::= SEQUENCE OF ContentInfo
+///        -- Data if unencrypted
+///        -- EncryptedData if password-encrypted
+///        -- EnvelopedData if public key-encrypted
+/// ```
+///
+/// [RFC 7292 Section 4.1]: https://www.rfc-editor.org/rfc/rfc7292#section-4.1
+pub type AuthenticatedSafe<'a> = Vec<ContentInfo>;

pkcs12/src/bag_type.rs

@@ -0,0 +1,59 @@
+//! BagType-related types
+
+use der::asn1::ObjectIdentifier;
+use der::{ErrorKind, FixedTag, Tag};
+
+/// Indicates the type of content.
+#[derive(Copy, Clone, Debug, Eq, Hash, PartialEq, PartialOrd, Ord)]
+pub enum BagType {
+    /// Plain data content type
+    Key,
+
+    /// Signed-data content type
+    Pkcs8,
+
+    /// Enveloped-data content type
+    Cert,
+
+    /// Signed-and-enveloped-data content type
+    Crl,
+
+    /// Digested-data content type
+    Secret,
+
+    /// Encrypted-data content type
+    SafeContents,
+}
+
+impl FixedTag for BagType {
+    const TAG: Tag = Tag::ObjectIdentifier;
+}
+
+impl From<BagType> for ObjectIdentifier {
+    fn from(content_type: BagType) -> ObjectIdentifier {
+        match content_type {
+            BagType::Key => crate::PKCS_12_KEY_BAG_OID,
+            BagType::Pkcs8 => crate::PKCS_12_PKCS8_KEY_BAG_OID,
+            BagType::Cert => crate::PKCS_12_CERT_BAG_OID,
+            BagType::Crl => crate::PKCS_12_CRL_BAG_OID,
+            BagType::Secret => crate::PKCS_12_SECRET_BAG_OID,
+            BagType::SafeContents => crate::PKCS_12_SAFE_CONTENTS_BAG_OID,
+        }
+    }
+}
+
+impl TryFrom<ObjectIdentifier> for BagType {
+    type Error = der::Error;
+
+    fn try_from(oid: ObjectIdentifier) -> der::Result<Self> {
+        match oid {
+            crate::PKCS_12_KEY_BAG_OID => Ok(Self::Key),
+            crate::PKCS_12_PKCS8_KEY_BAG_OID => Ok(Self::Pkcs8),
+            crate::PKCS_12_CERT_BAG_OID => Ok(Self::Cert),
+            crate::PKCS_12_CRL_BAG_OID => Ok(Self::Crl),
+            crate::PKCS_12_SECRET_BAG_OID => Ok(Self::Secret),
+            crate::PKCS_12_SAFE_CONTENTS_BAG_OID => Ok(Self::SafeContents),
+            _ => Err(ErrorKind::OidUnknown { oid }.into()),
+        }
+    }
+}

pkcs12/src/cert_type.rs

@@ -0,0 +1,43 @@
+//! CertBag-related types
+
+use der::asn1::{ObjectIdentifier, OctetString};
+use der::Sequence;
+
+/// The `CertBag` type is defined in [RFC 7292 Section 4.2.3].
+///
+///```text
+/// CertBag ::= SEQUENCE {
+///     certId      BAG-TYPE.&id   ({CertTypes}),
+///     certValue   [0] EXPLICIT BAG-TYPE.&Type ({CertTypes}{@certId})
+/// }
+///```
+///
+/// [RFC 7292 Section 4.2.3]: https://www.rfc-editor.org/rfc/rfc7292#section-4.2.3
+#[derive(Clone, Debug, Eq, PartialEq, Sequence)]
+#[allow(missing_docs)]
+pub struct CertBag {
+    pub cert_id: ObjectIdentifier,
+    #[asn1(context_specific = "0", tag_mode = "EXPLICIT")]
+    pub cert_value: CertTypes,
+}
+
+// todo defer: add sdsiCertificate support
+/// The `CertTypes` type is defined in [RFC 7292 Section 4.2.3].
+///
+///```text
+///    x509Certificate BAG-TYPE ::=
+///        {OCTET STRING IDENTIFIED BY {certTypes 1}}
+///        -- DER-encoded X.509 certificate stored in OCTET STRING
+///    sdsiCertificate BAG-TYPE ::=
+///        {IA5String IDENTIFIED BY {certTypes 2}}
+///        -- Base64-encoded SDSI certificate stored in IA5String
+///
+///    CertTypes BAG-TYPE ::= {
+///        x509Certificate |
+///        sdsiCertificate,
+///        ... -- For future extensions
+///    }
+///```
+///
+/// [RFC 7292 Section 4.2.3]: https://www.rfc-editor.org/rfc/rfc7292#section-4.2.3
+pub type CertTypes = OctetString;

pkcs12/src/crl_type.rs

@@ -0,0 +1,39 @@
+//! CertBag-related types
+
+use der::asn1::{ObjectIdentifier, OctetString};
+use der::Sequence;
+
+/// The `CertBag` type is defined in [RFC 7292 Section 4.2.4].
+///
+///```text
+///     CRLBag ::= SEQUENCE {
+///      crlId     BAG-TYPE.&id ({CRLTypes}),
+///      crltValue [0] EXPLICIT BAG-TYPE.&Type ({CRLTypes}{@crlId})
+///  }
+///```
+///
+/// [RFC 7292 Section 4.2.4]: https://www.rfc-editor.org/rfc/rfc7292#section-4.2.4
+#[derive(Clone, Debug, Eq, PartialEq, Sequence)]
+#[allow(missing_docs)]
+pub struct CrlBag {
+    pub crl_id: ObjectIdentifier,
+    #[asn1(context_specific = "0", tag_mode = "EXPLICIT")]
+    pub crl_value: CrlTypes,
+}
+
+// todo defer: add support for other CRL types
+/// The `CRLTypes` type is defined in [RFC 7292 Section 4.2.4].
+///
+///```text
+///  x509CRL BAG-TYPE ::=
+///      {OCTET STRING IDENTIFIED BY {crlTypes 1}}
+///      -- DER-encoded X.509 CRL stored in OCTET STRING
+///
+///  CRLTypes BAG-TYPE ::= {
+///      x509CRL,
+///      ... -- For future extensions
+///  }
+///```
+///
+/// [RFC 7292 Section 4.2.4]: https://www.rfc-editor.org/rfc/rfc7292#section-4.2.4
+pub type CrlTypes = OctetString;

pkcs12/src/digest_info.rs

@@ -0,0 +1,18 @@
+//! DigestInfo-related types
+
+use der::{asn1::OctetString, Sequence, ValueOrd};
+use spki::AlgorithmIdentifierOwned;
+
+/// ```text
+/// DigestInfo ::= SEQUENCE {
+/// digestAlgorithm DigestAlgorithmIdentifier,
+/// digest Digest }
+/// ```
+#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)]
+pub struct DigestInfo {
+    /// the algorithm.
+    pub algorithm: AlgorithmIdentifierOwned,
+
+    /// the digest
+    pub digest: OctetString,
+}