lib.rs source code [crates/rustls-webpki-0.103.1/src/lib.rs]

1	// Copyright 2015 Brian Smith.
2	//
3	// Permission to use, copy, modify, and/or distribute this software for any
4	// purpose with or without fee is hereby granted, provided that the above
5	// copyright notice and this permission notice appear in all copies.
6	//
7	// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
8	// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9	// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
10	// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11	// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
12	// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
13	// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
14
15	//! webpki: Web PKI X.509 Certificate Validation.
16	//!
17	//! See `EndEntityCert`'s documentation for a description of the certificate
18	//! processing steps necessary for a TLS connection.
19	//!
20	//! # Features
21	//!
22	//! \| Feature \| Description \|
23	//! \| ------- \| ----------- \|
24	//! \| `alloc` \| Enable features that require use of the heap. Currently all RSA signature algorithms require this feature. \|
25	//! \| `std` \| Enable features that require libstd. Implies `alloc`. \|
26	//! \| `ring` \| Enable use of the ring* crate for cryptography. \|*
27	//! \| `aws-lc-rs` \| Enable use of the aws-lc-rs crate for cryptography. Previously this feature was named `aws_lc_rs`. \|
28
29	#![no_std]
30	#![warn(elided_lifetimes_in_paths, unreachable_pub, clippy::use_self)]
31	#![deny(missing_docs, clippy::as_conversions)]
32	#![allow(
33	clippy::len_without_is_empty,
34	clippy::manual_let_else,
35	clippy::new_without_default,
36	clippy::single_match,
37	clippy::single_match_else,
38	clippy::type_complexity,
39	clippy::upper_case_acronyms
40	)]
41	// Enable documentation for all features on docs.rs
42	#![cfg_attr(docsrs, feature(doc_cfg, doc_auto_cfg))]
43
44	#[cfg(any(feature = "std", test))]
45	extern crate std;
46
47	#[cfg(any(test, feature = "alloc"))]
48	#[cfg_attr(test, macro_use)]
49	extern crate alloc;
50
51	#[macro_use]
52	mod der;
53
54	#[cfg(feature = "aws-lc-rs")]
55	mod aws_lc_rs_algs;
56	mod cert;
57	mod end_entity;
58	mod error;
59	#[cfg(feature = "ring")]
60	mod ring_algs;
61	mod rpk_entity;
62	mod signed_data;
63	mod subject_name;
64	mod time;
65	mod trust_anchor;
66
67	mod crl;
68	mod verify_cert;
69	mod x509;
70
71	#[cfg(test)]
72	pub(crate) mod test_utils;
73
74	pub use {
75	cert::Cert,
76	crl::{
77	BorrowedCertRevocationList, BorrowedRevokedCert, CertRevocationList, ExpirationPolicy,
78	RevocationCheckDepth, RevocationOptions, RevocationOptionsBuilder, RevocationReason,
79	UnknownStatusPolicy,
80	},
81	end_entity::EndEntityCert,
82	error::{DerTypeId, Error, InvalidNameContext},
83	rpk_entity::RawPublicKeyEntity,
84	trust_anchor::anchor_from_trusted_cert,
85	verify_cert::KeyUsage,
86	verify_cert::VerifiedPath,
87	};
88
89	#[cfg(feature = "alloc")]
90	pub use crl::{OwnedCertRevocationList, OwnedRevokedCert};
91
92	#[cfg(feature = "ring")]
93	/// Signature verification algorithm implementations using the ring* crypto library.*
94	pub mod ring {
95	pub use super::ring_algs::{
96	ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384, ED25519,
97	};
98
99	#[cfg(feature = "alloc")]
100	pub use super::ring_algs::{
101	RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512,
102	RSA_PKCS1_3072_8192_SHA384, RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
103	RSA_PSS_2048_8192_SHA384_LEGACY_KEY, RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
104	};
105	}
106
107	#[cfg(feature = "aws-lc-rs")]
108	/// Signature verification algorithm implementations using the aws-lc-rs crypto library.
109	pub mod aws_lc_rs {
110	pub use super::aws_lc_rs_algs::{
111	ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384,
112	ECDSA_P521_SHA256, ECDSA_P521_SHA384, ECDSA_P521_SHA512, ED25519,
113	RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512,
114	RSA_PKCS1_3072_8192_SHA384, RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
115	RSA_PSS_2048_8192_SHA384_LEGACY_KEY, RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
116	};
117	}
118
119	/// An array of all the verification algorithms exported by this crate.
120	///
121	/// This will be empty if the crate is built without the `ring` and `aws-lc-rs` features.
122	pub static ALL_VERIFICATION_ALGS: &[&dyn pki_types::SignatureVerificationAlgorithm] = &[
123	#[cfg(feature = "ring")]
124	ring::ECDSA_P256_SHA256,
125	#[cfg(feature = "ring")]
126	ring::ECDSA_P256_SHA384,
127	#[cfg(feature = "ring")]
128	ring::ECDSA_P384_SHA256,
129	#[cfg(feature = "ring")]
130	ring::ECDSA_P384_SHA384,
131	#[cfg(feature = "ring")]
132	ring::ED25519,
133	#[cfg(all(feature = "ring", feature = "alloc"))]
134	ring::RSA_PKCS1_2048_8192_SHA256,
135	#[cfg(all(feature = "ring", feature = "alloc"))]
136	ring::RSA_PKCS1_2048_8192_SHA384,
137	#[cfg(all(feature = "ring", feature = "alloc"))]
138	ring::RSA_PKCS1_2048_8192_SHA512,
139	#[cfg(all(feature = "ring", feature = "alloc"))]
140	ring::RSA_PKCS1_3072_8192_SHA384,
141	#[cfg(all(feature = "ring", feature = "alloc"))]
142	ring::RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
143	#[cfg(all(feature = "ring", feature = "alloc"))]
144	ring::RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
145	#[cfg(all(feature = "ring", feature = "alloc"))]
146	ring::RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
147	#[cfg(feature = "aws-lc-rs")]
148	aws_lc_rs::ECDSA_P256_SHA256,
149	#[cfg(feature = "aws-lc-rs")]
150	aws_lc_rs::ECDSA_P256_SHA384,
151	#[cfg(feature = "aws-lc-rs")]
152	aws_lc_rs::ECDSA_P384_SHA256,
153	#[cfg(feature = "aws-lc-rs")]
154	aws_lc_rs::ECDSA_P384_SHA384,
155	#[cfg(feature = "aws-lc-rs")]
156	aws_lc_rs::ECDSA_P521_SHA256,
157	#[cfg(feature = "aws-lc-rs")]
158	aws_lc_rs::ECDSA_P521_SHA384,
159	#[cfg(feature = "aws-lc-rs")]
160	aws_lc_rs::ECDSA_P521_SHA512,
161	#[cfg(feature = "aws-lc-rs")]
162	aws_lc_rs::ED25519,
163	#[cfg(feature = "aws-lc-rs")]
164	aws_lc_rs::RSA_PKCS1_2048_8192_SHA256,
165	#[cfg(feature = "aws-lc-rs")]
166	aws_lc_rs::RSA_PKCS1_2048_8192_SHA384,
167	#[cfg(feature = "aws-lc-rs")]
168	aws_lc_rs::RSA_PKCS1_2048_8192_SHA512,
169	#[cfg(feature = "aws-lc-rs")]
170	aws_lc_rs::RSA_PKCS1_3072_8192_SHA384,
171	#[cfg(feature = "aws-lc-rs")]
172	aws_lc_rs::RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
173	#[cfg(feature = "aws-lc-rs")]
174	aws_lc_rs::RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
175	#[cfg(feature = "aws-lc-rs")]
176	aws_lc_rs::RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
177	];
178
179	fn public_values_eq(a: untrusted::Input<'_>, b: untrusted::Input<'_>) -> bool {
180	a.as_slice_less_safe() == b.as_slice_less_safe()
181	}
182