rpk_entity.rs source code [crates/rustls-webpki-0.103.1/src/rpk_entity.rs]

1	use crate::error::Error;
2	use crate::signed_data::SubjectPublicKeyInfo;
3	use crate::{DerTypeId, der, signed_data};
4	use pki_types::{SignatureVerificationAlgorithm, SubjectPublicKeyInfoDer};
5
6	/// A Raw Public Key, used for connections using raw public keys as specified
7	/// in [RFC 7250](https://www.rfc-editor.org/rfc/rfc7250).
8	#[derive(Debug)]
9	pub struct RawPublicKeyEntity<'a> {
10	inner: untrusted::Input<'a>,
11	}
12
13	impl<'a> TryFrom<&'a SubjectPublicKeyInfoDer<'a>> for RawPublicKeyEntity<'a> {
14	type Error = Error;
15
16	/// Parse the ASN.1 DER-encoded SPKI encoding of the raw public key `spki`.
17	/// Since we are parsing a raw public key, we first strip the outer sequence tag.
18	fn try_from(spki: &'a SubjectPublicKeyInfoDer<'a>) -> Result<Self, Self::Error> {
19	let input: Input<'_> = untrusted::Input::from(bytes:spki.as_ref());
20	let spki: Input<'_> = input.read_all(
21	incomplete_read:Error::TrailingData(DerTypeId::SubjectPublicKeyInfo),
22	\|reader: &mut Reader<'_>\| {
23	let untagged_spki: Input<'_> = der::expect_tag(input:reader, der::Tag::Sequence)?;
24	der::read_all::<SubjectPublicKeyInfo<'_>>(input:untagged_spki)?;
25	Ok(untagged_spki)
26	},
27	)?;
28	Ok(Self { inner: spki })
29	}
30	}
31
32	impl RawPublicKeyEntity<'_> {
33	/// Verifies the signature `signature` of message `msg` using a raw public key,
34	/// supporting RFC 7250.
35	///
36	/// For more information on `signature_alg` and `signature` see the documentation for [`crate::end_entity::EndEntityCert::verify_signature`].
37	pub fn verify_signature(
38	&self,
39	signature_alg: &dyn SignatureVerificationAlgorithm,
40	msg: &[u8],
41	signature: &[u8],
42	) -> Result<(), Error> {
43	signed_data::verify_signature(
44	signature_alg,
45	self.inner,
46	msg:untrusted::Input::from(msg),
47	signature:untrusted::Input::from(bytes:signature),
48	)
49	}
50	}
51
52	#[cfg(feature = "alloc")]
53	#[cfg(test)]
54	mod tests {
55	use super::*;
56
57	#[test]
58	fn test_ee_read_for_rpk() {
59	// Try to read an end entity certificate into a RawPublicKeyEntity.
60	// It will fail to parse the key value since we expect no unused bits.
61	let ee = include_bytes!("../tests/ed25519/ee.der");
62	let ee_der = SubjectPublicKeyInfoDer::from(ee.as_slice());
63	assert_eq!(
64	RawPublicKeyEntity::try_from(&ee_der).expect_err("unexpectedly parsed certificate"),
65	Error::TrailingData(DerTypeId::BitString)
66	);
67	}
68
69	#[test]
70	fn test_spki_read_for_rpk() {
71	let pubkey = include_bytes!("../tests/ed25519/ee-pubkey.der");
72	let spki_der = SubjectPublicKeyInfoDer::from(pubkey.as_slice());
73	let rpk = RawPublicKeyEntity::try_from(&spki_der).expect("failed to parse rpk");
74
75	// Retrieved the SPKI from the pubkey.der using the following commands (as in [`cert::test_spki_read`]):
76	// xxd -plain -cols 1 tests/ed255519/ee-pubkey.der
77	let expected_spki = [
78	`0x30`, `0x05`, `0x06`, `0x03`, `0x2b`, `0x65`, `0x70`, `0x03`, `0x21`, `0x00`, `0xfe`, `0x5a`, `0x1e`, `0x36`,
79	`0x6c`, `0x17`, `0x27`, `0x5b`, `0xf1`, `0x58`, `0x1e`, `0x3a`, `0x0e`, `0xe6`, `0x56`, `0x29`, `0x8d`, `0x9e`,
80	`0x1b`, `0x3f`, `0xd3`, `0x3f`, `0x96`, `0x46`, `0xef`, `0xbf`, `0x04`, `0x6b`, `0xc7`, `0x3d`, `0x47`, `0x5c`,
81	];
82	assert_eq!(expected_spki, rpk.inner.as_slice_less_safe())
83	}
84	}
85