alg_id.rs source code [crates/rustls_pki_types/src/alg_id.rs]

1	//! The PKIX [`AlgorithmIdentifier`] type, and common values.
2	//!
3	//! If you need to use an [`AlgorithmIdentifier`] not defined here,
4	//! you can define it locally.
5
6	use core::fmt;
7	use core::ops::Deref;
8
9	// See src/data/README.md.
10
11	/// AlgorithmIdentifier for `id-ecPublicKey` with named curve `secp256r1`.
12	///
13	/// This is:
14	///
15	/// ```text
16	/// # ecPublicKey
17	/// OBJECT_IDENTIFIER { 1.2.840.10045.2.1 }
18	/// # secp256r1
19	/// OBJECT_IDENTIFIER { 1.2.840.10045.3.1.7 }
20	/// ```
21	pub const ECDSA_P256: AlgorithmIdentifier =
22	AlgorithmIdentifier::from_slice(bytes:include_bytes!("data/alg-ecdsa-p256.der"));
23
24	/// AlgorithmIdentifier for `id-ecPublicKey` with named curve `secp384r1`.
25	///
26	/// This is:
27	///
28	/// ```text
29	/// # ecPublicKey
30	/// OBJECT_IDENTIFIER { 1.2.840.10045.2.1 }
31	/// # secp384r1
32	/// OBJECT_IDENTIFIER { 1.3.132.0.34 }
33	/// ```
34	pub const ECDSA_P384: AlgorithmIdentifier =
35	AlgorithmIdentifier::from_slice(bytes:include_bytes!("data/alg-ecdsa-p384.der"));
36
37	/// AlgorithmIdentifier for `id-ecPublicKey` with named curve `secp521r1`.
38	///
39	/// This is:
40	///
41	/// ```text
42	/// # ecPublicKey
43	/// OBJECT_IDENTIFIER { 1.2.840.10045.2.1 }
44	/// # secp521r1
45	/// OBJECT_IDENTIFIER { 1.3.132.0.35 }
46	/// ```
47	pub const ECDSA_P521: AlgorithmIdentifier =
48	AlgorithmIdentifier::from_slice(bytes:include_bytes!("data/alg-ecdsa-p521.der"));
49
50	/// AlgorithmIdentifier for `ecdsa-with-SHA256`.
51	///
52	/// This is:
53	///
54	/// ```text
55	/// # ecdsa-with-SHA256
56	/// OBJECT_IDENTIFIER { 1.2.840.10045.4.3.2 }
57	/// ```
58	pub const ECDSA_SHA256: AlgorithmIdentifier =
59	AlgorithmIdentifier::from_slice(bytes:include_bytes!("data/alg-ecdsa-sha256.der"));
60
61	/// AlgorithmIdentifier for `ecdsa-with-SHA384`.
62	///
63	/// This is:
64	///
65	/// ```text
66	/// # ecdsa-with-SHA384
67	/// OBJECT_IDENTIFIER { 1.2.840.10045.4.3.3 }
68	/// ```
69	pub const ECDSA_SHA384: AlgorithmIdentifier =
70	AlgorithmIdentifier::from_slice(bytes:include_bytes!("data/alg-ecdsa-sha384.der"));
71
72	/// AlgorithmIdentifier for `ecdsa-with-SHA512`.
73	///
74	/// This is:
75	///
76	/// ```text
77	/// # ecdsa-with-SHA512
78	/// OBJECT_IDENTIFIER { 1.2.840.10045.4.3.4 }
79	/// ```
80	pub const ECDSA_SHA512: AlgorithmIdentifier =
81	AlgorithmIdentifier::from_slice(bytes:include_bytes!("data/alg-ecdsa-sha512.der"));
82
83	/// AlgorithmIdentifier for `rsaEncryption`.
84	///
85	/// This is:
86	///
87	/// ```text
88	/// # rsaEncryption
89	/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.1 }
90	/// NULL {}
91	/// ```
92	pub const RSA_ENCRYPTION: AlgorithmIdentifier =
93	AlgorithmIdentifier::from_slice(bytes:include_bytes!("data/alg-rsa-encryption.der"));
94
95	/// AlgorithmIdentifier for `sha256WithRSAEncryption`.
96	///
97	/// This is:
98	///
99	/// ```text
100	/// # sha256WithRSAEncryption
101	/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.11 }
102	/// NULL {}
103	/// ```
104	pub const RSA_PKCS1_SHA256: AlgorithmIdentifier =
105	AlgorithmIdentifier::from_slice(bytes:include_bytes!("data/alg-rsa-pkcs1-sha256.der"));
106
107	/// AlgorithmIdentifier for `sha384WithRSAEncryption`.
108	///
109	/// This is:
110	///
111	/// ```text
112	/// # sha384WithRSAEncryption
113	/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.12 }
114	/// NULL {}
115	/// ```
116	pub const RSA_PKCS1_SHA384: AlgorithmIdentifier =
117	AlgorithmIdentifier::from_slice(bytes:include_bytes!("data/alg-rsa-pkcs1-sha384.der"));
118
119	/// AlgorithmIdentifier for `sha512WithRSAEncryption`.
120	///
121	/// This is:
122	///
123	/// ```text
124	/// # sha512WithRSAEncryption
125	/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.13 }
126	/// NULL {}
127	/// ```
128	pub const RSA_PKCS1_SHA512: AlgorithmIdentifier =
129	AlgorithmIdentifier::from_slice(bytes:include_bytes!("data/alg-rsa-pkcs1-sha512.der"));
130
131	/// AlgorithmIdentifier for `rsassaPss` with:
132	///
133	/// - hashAlgorithm: sha256
134	/// - maskGenAlgorithm: mgf1 with sha256
135	/// - saltLength: 32
136	///
137	/// This is:
138	///
139	/// ```text
140	/// # rsassa-pss
141	/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 }
142	/// SEQUENCE {
143	/// # hashAlgorithm:
144	/// [0] {
145	/// SEQUENCE {
146	/// # sha256
147	/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.1 }
148	/// NULL {}
149	/// }
150	/// }
151	/// # maskGenAlgorithm:
152	/// [1] {
153	/// SEQUENCE {
154	/// # mgf1
155	/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 }
156	/// SEQUENCE {
157	/// # sha256
158	/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.1 }
159	/// NULL {}
160	/// }
161	/// }
162	/// }
163	/// # saltLength:
164	/// [2] {
165	/// INTEGER { 32 }
166	/// }
167	/// }
168	/// ```
169	///
170	/// See <https://datatracker.ietf.org/doc/html/rfc4055#section-3.1> for
171	/// the meaning of the context-specific tags.
172	pub const RSA_PSS_SHA256: AlgorithmIdentifier =
173	AlgorithmIdentifier::from_slice(bytes:include_bytes!("data/alg-rsa-pss-sha256.der"));
174
175	/// AlgorithmIdentifier for `rsassaPss` with:
176	///
177	/// - hashAlgorithm: sha384
178	/// - maskGenAlgorithm: mgf1 with sha384
179	/// - saltLength: 48
180	///
181	/// This is:
182	///
183	/// ```text
184	/// # rsassa-pss
185	/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 }
186	/// SEQUENCE {
187	/// # hashAlgorithm:
188	/// [0] {
189	/// SEQUENCE {
190	/// # sha384
191	/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.2 }
192	/// NULL {}
193	/// }
194	/// }
195	/// # maskGenAlgorithm:
196	/// [1] {
197	/// SEQUENCE {
198	/// # mgf1
199	/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 }
200	/// SEQUENCE {
201	/// # sha384
202	/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.2 }
203	/// NULL {}
204	/// }
205	/// }
206	/// }
207	/// # saltLength:
208	/// [2] {
209	/// INTEGER { 48 }
210	/// }
211	/// }
212	/// ```
213	///
214	/// See <https://datatracker.ietf.org/doc/html/rfc4055#section-3.1> for
215	/// the meaning of the context-specific tags.
216	pub const RSA_PSS_SHA384: AlgorithmIdentifier =
217	AlgorithmIdentifier::from_slice(bytes:include_bytes!("data/alg-rsa-pss-sha384.der"));
218
219	/// AlgorithmIdentifier for `rsassaPss` with:
220	///
221	/// - hashAlgorithm: sha512
222	/// - maskGenAlgorithm: mgf1 with sha512
223	/// - saltLength: 64
224	///
225	/// This is:
226	///
227	/// ```text
228	/// # rsassa-pss
229	/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 }
230	/// SEQUENCE {
231	/// # hashAlgorithm:
232	/// [0] {
233	/// SEQUENCE {
234	/// # sha512
235	/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.3 }
236	/// NULL {}
237	/// }
238	/// }
239	/// # maskGenAlgorithm:
240	/// [1] {
241	/// SEQUENCE {
242	/// # mgf1
243	/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 }
244	/// SEQUENCE {
245	/// # sha512
246	/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.3 }
247	/// NULL {}
248	/// }
249	/// }
250	/// }
251	/// # saltLength:
252	/// [2] {
253	/// INTEGER { 64 }
254	/// }
255	/// }
256	/// ```
257	///
258	/// See <https://datatracker.ietf.org/doc/html/rfc4055#section-3.1> for
259	/// the meaning of the context-specific tags.
260	pub const RSA_PSS_SHA512: AlgorithmIdentifier =
261	AlgorithmIdentifier::from_slice(bytes:include_bytes!("data/alg-rsa-pss-sha512.der"));
262
263	/// AlgorithmIdentifier for `ED25519`.
264	///
265	/// This is:
266	///
267	/// ```text
268	/// # ed25519
269	/// OBJECT_IDENTIFIER { 1.3.101.112 }
270	/// ```
271	pub const ED25519: AlgorithmIdentifier =
272	AlgorithmIdentifier::from_slice(bytes:include_bytes!("data/alg-ed25519.der"));
273
274	/// A DER encoding of the PKIX AlgorithmIdentifier type:
275	///
276	/// ```ASN.1
277	/// AlgorithmIdentifier ::= SEQUENCE {
278	/// algorithm OBJECT IDENTIFIER,
279	/// parameters ANY DEFINED BY algorithm OPTIONAL }
280	/// -- contains a value of the type
281	/// -- registered for use with the
282	/// -- algorithm object identifier value
283	/// ```
284	/// (from <https://www.rfc-editor.org/rfc/rfc5280#section-4.1.1.2>)
285	///
286	/// The outer sequence encoding is not included, so this is the DER encoding
287	/// of an OID for `algorithm` plus the `parameters` value.
288	///
289	/// For example, this is the `rsaEncryption` algorithm (but prefer to use the constant
290	/// [`RSA_ENCRYPTION`] instead):
291	///
292	/// ```
293	/// let rsa_encryption = rustls_pki_types::AlgorithmIdentifier::from_slice(
294	/// &[
295	/// // algorithm: 1.2.840.113549.1.1.1
296	/// `0x06`, `0x09`, `0x2a`, `0x86`, `0x48`, `0x86`, `0xf7`, `0x0d`, `0x01`, `0x01`, `0x01`,
297	/// // parameters: NULL
298	/// `0x05`, `0x00`
299	/// ]
300	/// );
301	/// assert_eq!(rustls_pki_types::alg_id::RSA_ENCRYPTION, rsa_encryption);
302	/// ```
303	///
304	/// Common values for this type are provided in this module.
305	#[derive(Clone, Copy, PartialEq, Eq)]
306	pub struct AlgorithmIdentifier(&'static [u8]);
307
308	impl AlgorithmIdentifier {
309	/// Makes a new `AlgorithmIdentifier` from a static octet slice.
310	///
311	/// This does not validate the contents of the slice.
312	pub const fn from_slice(bytes: &'static [u8]) -> Self {
313	Self(bytes)
314	}
315	}
316
317	impl AsRef<[u8]> for AlgorithmIdentifier {
318	fn as_ref(&self) -> &[u8] {
319	self.0
320	}
321	}
322
323	impl fmt::Debug for AlgorithmIdentifier {
324	fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
325	super::hex(f, self.0)
326	}
327	}
328
329	impl Deref for AlgorithmIdentifier {
330	type Target = [u8];
331
332	fn deref(&self) -> &Self::Target {
333	self.as_ref()
334	}
335	}
336