RustCrypto · tarcieri · Sep 18, 2021 · Sep 15, 2021 · Sep 16, 2021 · Sep 18, 2021
diff --git a/.github/workflows/spki.yml b/.github/workflows/spki.yml
@@ -55,4 +55,6 @@ jobs:
           toolchain: ${{ matrix.rust }}
           override: true
       - run: cargo test --release
+      - run: cargo test --release --features fingerprint
+      - run: cargo test --release --features fingerprint,alloc
       - run: cargo test --release --all-features
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/spki/Cargo.toml b/spki/Cargo.toml
@@ -16,5 +16,18 @@ readme = "README.md"
 [dependencies]
 der = { version = "0.4", features = ["oid"], path = "../der" }
 
+# Optional dependencies
+sha2 = { version = "0.9.8", optional = true, default-features = false }
+base64ct = { version = "1", path = "../base64ct", optional = true, default-features = false }
+
+[dev-dependencies]
+hex-literal = "0.3"
+
 [features]
 std = ["der/std"]
+fingerprint = ["sha2"]
+alloc = ["base64ct/alloc"]
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs"]
diff --git a/spki/src/lib.rs b/spki/src/lib.rs
@@ -30,6 +30,7 @@
 //! [RFC 5280 Section 4.1]: https://tools.ietf.org/html/rfc5280#section-4.1
 
 #![no_std]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc(
     html_logo_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg",
     html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg",
@@ -38,6 +39,9 @@
 #![forbid(unsafe_code, clippy::unwrap_used)]
 #![warn(missing_docs, rust_2018_idioms, unused_qualifications)]
 
+#[cfg(feature = "alloc")]
+extern crate alloc;
+
 mod algorithm;
 mod spki;
 

diff --git a/spki/src/spki.rs b/spki/src/spki.rs
@@ -1,11 +1,17 @@
 //! X.509 `SubjectPublicKeyInfo`
 
 use crate::AlgorithmIdentifier;
+#[cfg(feature = "alloc")]
+use alloc::string::String;
+#[cfg(all(feature = "fingerprint", feature = "alloc"))]
+use base64ct::{Base64, Encoding};
 use core::convert::TryFrom;
 use der::{
     asn1::{Any, BitString},
     Decodable, Encodable, Error, Message, Result,
 };
+#[cfg(feature = "fingerprint")]
+use sha2::{digest::Output, Digest, Sha256};
 
 /// X.509 `SubjectPublicKeyInfo` (SPKI) as defined in [RFC 5280 Section 4.1.2.7].
 ///
@@ -57,3 +63,24 @@ impl<'a> Message<'a> for SubjectPublicKeyInfo<'a> {
         f(&[&self.algorithm, &BitString::new(self.subject_public_key)?])
     }
 }
+
+#[cfg(feature = "fingerprint")]
+#[cfg_attr(docsrs, doc(cfg(feature = "fingerprint")))]
+impl<'a> SubjectPublicKeyInfo<'a> {
+    const BUFSIZE: usize = 4096;
+
+    #[cfg(all(feature = "fingerprint", feature = "alloc"))]
+    #[cfg_attr(docsrs, doc(cfg(all(feature = "fingerprint", feature = "alloc"))))]
+    /// Calculate the SHA-256 fingerprint of this SubjectPublicKeyInfo and encode it as a Base64 string
+    pub fn fingerprint_base64(&self) -> core::result::Result<String, Error> {
+        Ok(Base64::encode_string(self.fingerprint()?.as_slice()))
+    }
+
+    #[cfg(feature = "fingerprint")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "fingerprint")))]
+    /// Calculate the SHA-256 fingerprint of this SubjectPublicKeyInfo
+    pub fn fingerprint(&self) -> core::result::Result<Output<Sha256>, Error> {
+        let mut buf = [0u8; Self::BUFSIZE];
+        Ok(Sha256::digest(self.encode_to_slice(&mut buf)?))
+    }
+}
diff --git a/spki/tests/examples/ed25519-pub.der b/spki/tests/examples/ed25519-pub.der
diff --git a/spki/tests/spki.rs b/spki/tests/spki.rs
@@ -0,0 +1,65 @@
+//! SubjectPublicKeyInfo tests
+#[cfg(feature = "fingerprint")]
+use core::convert::TryFrom;
+#[cfg(feature = "fingerprint")]
+use hex_literal::hex;
+#[cfg(feature = "fingerprint")]
+use spki::SubjectPublicKeyInfo;
+
+#[cfg(feature = "fingerprint")]
+// Taken from pkcs8/tests/public_key.rs
+/// Ed25519 `SubjectPublicKeyInfo` encoded as ASN.1 DER
+const ED25519_DER_EXAMPLE: &[u8] = include_bytes!("examples/ed25519-pub.der");
+
+/// The SPKI fingerprint for `ED25519_SPKI_FINGERPRINT` as a Base64 string
+///
+/// Generated using `cat ed25519-pub.der | openssl dgst -binary -sha256 | base64`
+#[cfg(all(feature = "fingerprint", feature = "alloc"))]
+const ED25519_SPKI_FINGERPRINT_BASE64: &str = "Vd1MdLDkhTTi9OFzzs61DfjyenrCqomRzHrpFOAwvO0=";
+
+/// The SPKI fingerprint for `ED25519_SPKI_FINGERPRINT` as straight hash bytes
+///
+/// Generated using `cat ed25519-pub.der | openssl dgst -sha256`
+#[cfg(all(feature = "fingerprint"))]
+const ED25519_SPKI_FINGERPRINT: &[u8] =
+    &hex!("55dd4c74b0e48534e2f4e173ceceb50df8f27a7ac2aa8991cc7ae914e030bced");
+
+#[cfg(all(feature = "fingerprint", feature = "alloc"))]
+#[test]
+fn decode_and_base64fingerprint_spki() {
+    // Repeat the decode test from the pkcs8 crate
+    let spki = SubjectPublicKeyInfo::try_from(ED25519_DER_EXAMPLE).unwrap();
+
+    assert_eq!(spki.algorithm.oid, "1.3.101.112".parse().unwrap());
+    assert_eq!(spki.algorithm.parameters, None);
+    assert_eq!(
+        spki.subject_public_key,
+        &hex!("4D29167F3F1912A6F7ADFA293A051A15C05EC67B8F17267B1C5550DCE853BD0D")[..]
+    );
+
+    // Check the fingerprint
+    assert_eq!(
+        spki.fingerprint_base64().unwrap(),
+        ED25519_SPKI_FINGERPRINT_BASE64
+    );
+}
+
+#[cfg(feature = "fingerprint")]
+#[test]
+fn decode_and_fingerprint_spki() {
+    // Repeat the decode test from the pkcs8 crate
+    let spki = SubjectPublicKeyInfo::try_from(ED25519_DER_EXAMPLE).unwrap();
+
+    assert_eq!(spki.algorithm.oid, "1.3.101.112".parse().unwrap());
+    assert_eq!(spki.algorithm.parameters, None);
+    assert_eq!(
+        spki.subject_public_key,
+        &hex!("4D29167F3F1912A6F7ADFA293A051A15C05EC67B8F17267B1C5550DCE853BD0D")[..]
+    );
+
+    // Check the fingerprint
+    assert_eq!(
+        spki.fingerprint().unwrap().as_slice(),
+        ED25519_SPKI_FINGERPRINT
+    );
+}