Skip to content

passing PKCS7 Content Info to readable #11922

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 8, 2024
Merged

passing PKCS7 Content Info to readable #11922

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 35 additions & 16 deletions src/rust/cryptography-x509/src/pkcs7.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,15 +9,15 @@ pub const PKCS7_SIGNED_DATA_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840,
pub const PKCS7_ENVELOPED_DATA_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 7, 3);
pub const PKCS7_ENCRYPTED_DATA_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 7, 6);

#[derive(asn1::Asn1Write)]
#[derive(asn1::Asn1Write, asn1::Asn1Read)]
pub struct ContentInfo<'a> {
pub _content_type: asn1::DefinedByMarker<asn1::ObjectIdentifier>,

#[defined_by(_content_type)]
pub content: Content<'a>,
}

#[derive(asn1::Asn1DefinedByWrite)]
#[derive(asn1::Asn1DefinedByWrite, asn1::Asn1DefinedByRead)]
pub enum Content<'a> {
#[defined_by(PKCS7_ENVELOPED_DATA_OID)]
EnvelopedData(asn1::Explicit<Box<EnvelopedData<'a>>, 0>),
Expand All @@ -29,22 +29,38 @@ pub enum Content<'a> {
EncryptedData(asn1::Explicit<EncryptedData<'a>, 0>),
}

#[derive(asn1::Asn1Write)]
#[derive(asn1::Asn1Write, asn1::Asn1Read)]
pub struct SignedData<'a> {
pub version: u8,
pub digest_algorithms: asn1::SetOfWriter<'a, common::AlgorithmIdentifier<'a>>,
pub digest_algorithms: common::Asn1ReadableOrWritable<
asn1::SetOf<'a, common::AlgorithmIdentifier<'a>>,
asn1::SetOfWriter<'a, common::AlgorithmIdentifier<'a>>,
>,
pub content_info: ContentInfo<'a>,
#[implicit(0)]
pub certificates: Option<asn1::SetOfWriter<'a, &'a certificate::Certificate<'a>>>,
pub certificates: Option<
common::Asn1ReadableOrWritable<
asn1::SetOf<'a, certificate::Certificate<'a>>,
asn1::SetOfWriter<'a, &'a certificate::Certificate<'a>>,
>,
>,

// We don't ever supply any of these, so for now, don't fill out the fields.
#[implicit(1)]
pub crls: Option<asn1::SetOfWriter<'a, asn1::Sequence<'a>>>,

pub signer_infos: asn1::SetOfWriter<'a, SignerInfo<'a>>,
pub crls: Option<
common::Asn1ReadableOrWritable<
asn1::SetOf<'a, asn1::Sequence<'a>>,
asn1::SetOfWriter<'a, asn1::Sequence<'a>>,
>,
>,

pub signer_infos: common::Asn1ReadableOrWritable<
asn1::SetOf<'a, SignerInfo<'a>>,
asn1::SetOfWriter<'a, SignerInfo<'a>>,
>,
}

#[derive(asn1::Asn1Write)]
#[derive(asn1::Asn1Write, asn1::Asn1Read)]
pub struct SignerInfo<'a> {
pub version: u8,
pub issuer_and_serial_number: IssuerAndSerialNumber<'a>,
Expand All @@ -59,42 +75,45 @@ pub struct SignerInfo<'a> {
pub unauthenticated_attributes: Option<csr::Attributes<'a>>,
}

#[derive(asn1::Asn1Write)]
#[derive(asn1::Asn1Write, asn1::Asn1Read)]
pub struct EnvelopedData<'a> {
pub version: u8,
pub recipient_infos: asn1::SetOfWriter<'a, RecipientInfo<'a>>,
pub recipient_infos: common::Asn1ReadableOrWritable<
asn1::SetOf<'a, RecipientInfo<'a>>,
asn1::SetOfWriter<'a, RecipientInfo<'a>>,
>,
pub encrypted_content_info: EncryptedContentInfo<'a>,
}

#[derive(asn1::Asn1Write)]
#[derive(asn1::Asn1Write, asn1::Asn1Read)]
pub struct RecipientInfo<'a> {
pub version: u8,
pub issuer_and_serial_number: IssuerAndSerialNumber<'a>,
pub key_encryption_algorithm: common::AlgorithmIdentifier<'a>,
pub encrypted_key: &'a [u8],
}

#[derive(asn1::Asn1Write)]
#[derive(asn1::Asn1Write, asn1::Asn1Read)]
pub struct IssuerAndSerialNumber<'a> {
pub issuer: name::Name<'a>,
pub serial_number: asn1::BigInt<'a>,
}

#[derive(asn1::Asn1Write)]
#[derive(asn1::Asn1Write, asn1::Asn1Read)]
pub struct EncryptedData<'a> {
pub version: u8,
pub encrypted_content_info: EncryptedContentInfo<'a>,
}

#[derive(asn1::Asn1Write)]
#[derive(asn1::Asn1Write, asn1::Asn1Read)]
pub struct EncryptedContentInfo<'a> {
pub content_type: asn1::ObjectIdentifier,
pub content_encryption_algorithm: common::AlgorithmIdentifier<'a>,
#[implicit(0)]
pub encrypted_content: Option<&'a [u8]>,
}

#[derive(asn1::Asn1Write)]
#[derive(asn1::Asn1Write, asn1::Asn1Read)]
pub struct DigestInfo<'a> {
pub algorithm: common::AlgorithmIdentifier<'a>,
pub digest: &'a [u8],
Expand Down
24 changes: 17 additions & 7 deletions src/rust/src/pkcs7.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,14 +59,16 @@ fn serialize_certificates<'p>(

let signed_data = pkcs7::SignedData {
version: 1,
digest_algorithms: asn1::SetOfWriter::new(&[]),
digest_algorithms: common::Asn1ReadableOrWritable::new_write(asn1::SetOfWriter::new(&[])),
content_info: pkcs7::ContentInfo {
_content_type: asn1::DefinedByMarker::marker(),
content: pkcs7::Content::Data(None),
},
certificates: Some(asn1::SetOfWriter::new(&raw_certs)),
certificates: Some(common::Asn1ReadableOrWritable::new_write(
asn1::SetOfWriter::new(&raw_certs),
)),
crls: None,
signer_infos: asn1::SetOfWriter::new(&[]),
signer_infos: common::Asn1ReadableOrWritable::new_write(asn1::SetOfWriter::new(&[])),
};

let content_info = pkcs7::ContentInfo {
Expand Down Expand Up @@ -133,7 +135,9 @@ fn encrypt_and_serialize<'p>(

let enveloped_data = pkcs7::EnvelopedData {
version: 0,
recipient_infos: asn1::SetOfWriter::new(&recipient_infos),
recipient_infos: common::Asn1ReadableOrWritable::new_write(asn1::SetOfWriter::new(
&recipient_infos,
)),

encrypted_content_info: pkcs7::EncryptedContentInfo {
content_type: PKCS7_DATA_OID,
Expand Down Expand Up @@ -317,18 +321,24 @@ fn sign_and_serialize<'p>(

let signed_data = pkcs7::SignedData {
version: 1,
digest_algorithms: asn1::SetOfWriter::new(&digest_algs),
digest_algorithms: common::Asn1ReadableOrWritable::new_write(asn1::SetOfWriter::new(
&digest_algs,
)),
content_info: pkcs7::ContentInfo {
_content_type: asn1::DefinedByMarker::marker(),
content: pkcs7::Content::Data(content.map(asn1::Explicit::new)),
},
certificates: if options.contains(types::PKCS7_NO_CERTS.get(py)?)? {
None
} else {
Some(asn1::SetOfWriter::new(&certs))
Some(common::Asn1ReadableOrWritable::new_write(
asn1::SetOfWriter::new(&certs),
))
},
crls: None,
signer_infos: asn1::SetOfWriter::new(&signer_infos),
signer_infos: common::Asn1ReadableOrWritable::new_write(asn1::SetOfWriter::new(
&signer_infos,
)),
};

let content_info = pkcs7::ContentInfo {
Expand Down