spki: make key param an attribute of spki

baloo · baloo · commit 25b9e19c4d90 · 2022-11-29T22:57:12.000-08:00
diff --git a/der/src/asn1.rs b/der/src/asn1.rs
@@ -27,7 +27,7 @@ mod videotex_string;
 
 pub use self::{
     any::AnyRef,
-    bit_string::{BitStringIter, BitStringRef},
+    bit_string::{BitStringIter, BitStringLike, BitStringRef},
     choice::Choice,
     context_specific::{ContextSpecific, ContextSpecificRef},
     generalized_time::GeneralizedTime,
diff --git a/der/src/asn1/bit_string.rs b/der/src/asn1/bit_string.rs
@@ -1,8 +1,8 @@
 //! ASN.1 `BIT STRING` support.
 
 use crate::{
-    asn1::AnyRef, ByteSlice, DecodeValue, DerOrd, EncodeValue, Error, ErrorKind, FixedTag, Header,
-    Length, Reader, Result, Tag, ValueOrd, Writer,
+    asn1::AnyRef, ByteSlice, Decode, DecodeValue, DerOrd, Encode, EncodeValue, Error, ErrorKind,
+    FixedTag, Header, Length, Reader, Result, Tag, ValueOrd, Writer,
 };
 use core::{cmp::Ordering, iter::FusedIterator};
 
@@ -153,8 +153,8 @@ impl ValueOrd for BitStringRef<'_> {
     }
 }
 
-impl<'a> From<&BitStringRef<'a>> for BitStringRef<'a> {
-    fn from(value: &BitStringRef<'a>) -> BitStringRef<'a> {
+impl<'a, 'k> From<&'k BitStringRef<'a>> for BitStringRef<'a> {
+    fn from(value: &'k BitStringRef<'a>) -> BitStringRef<'a> {
         *value
     }
 }
@@ -441,6 +441,18 @@ where
     }
 }
 
+/// Trait used as a marker to ensure the type can hold the content of a Bit String
+pub trait BitStringLike<'pointer, 'slice: 'pointer>
+where
+    Self: Decode<'slice> + Encode + FixedTag + 'pointer,
+{
+}
+
+impl<'slice: 'pointer, 'pointer> BitStringLike<'pointer, 'slice> for BitStringRef<'slice> {}
+
+#[cfg(feature = "alloc")]
+impl<'a> BitStringLike<'a, 'a> for BitString {}
+
 #[cfg(test)]
 mod tests {
     use super::{BitStringRef, Result, Tag};
diff --git a/pkcs1/src/traits.rs b/pkcs1/src/traits.rs
@@ -18,7 +18,7 @@ use {
 #[cfg(feature = "pkcs8")]
 use {
     crate::{ALGORITHM_ID, ALGORITHM_OID},
-    der::asn1::BitString,
+    der::asn1::BitStringRef,
 };
 
 #[cfg(feature = "std")]
@@ -188,7 +188,7 @@ impl<T: pkcs8::DecodePublicKey> DecodeRsaPublicKey for T {
     fn from_pkcs1_der(public_key: &[u8]) -> Result<Self> {
         Ok(Self::try_from(pkcs8::SubjectPublicKeyInfoRef {
             algorithm: ALGORITHM_ID,
-            subject_public_key: BitString::from_bytes(public_key)?,
+            subject_public_key: BitStringRef::from_bytes(public_key)?,
         })?)
     }
 }
diff --git a/spki/src/lib.rs b/spki/src/lib.rs
@@ -49,7 +49,10 @@ pub use crate::{
 pub use der::{self, asn1::ObjectIdentifier};
 
 #[cfg(feature = "alloc")]
-pub use {crate::traits::EncodePublicKey, der::Document};
+pub use {
+    crate::{spki::SubjectPublicKeyInfoOwned, traits::EncodePublicKey},
+    der::Document,
+};
 
 #[cfg(feature = "fingerprint")]
 pub use crate::fingerprint::FingerprintBytes;
diff --git a/spki/src/spki.rs b/spki/src/spki.rs
@@ -3,12 +3,15 @@
 use crate::{AlgorithmIdentifier, Error, Result};
 use core::cmp::Ordering;
 use der::{
-    asn1::{AnyRef, BitString, BitStringRef},
+    asn1::{AnyRef, BitStringLike, BitStringRef},
     Choice, Decode, DecodeValue, DerOrd, Encode, Header, Reader, Sequence, ValueOrd,
 };
 
 #[cfg(feature = "alloc")]
-use der::Document;
+use der::{
+    asn1::{Any, BitString},
+    Document,
+};
 
 #[cfg(feature = "fingerprint")]
 use crate::{fingerprint, FingerprintBytes};
@@ -22,8 +25,12 @@ use {
 #[cfg(feature = "pem")]
 use der::pem::PemLabel;
 
-/// [`SubjectPublicKeyInfo`] with [`AnyRef`] algorithm parameters.
-pub type SubjectPublicKeyInfoRef<'a> = SubjectPublicKeyInfo<AnyRef<'a>>;
+/// [`SubjectPublicKeyInfo`] with [`AnyRef`] algorithm parameters, and [`BitStringRef`] params.
+pub type SubjectPublicKeyInfoRef<'a> = SubjectPublicKeyInfo<AnyRef<'a>, BitStringRef<'a>>;
+
+/// [`SubjectPublicKeyInfo`] with [`Any`] algorithm parameters, and [`BitString`] params.
+#[cfg(feature = "alloc")]
+pub type SubjectPublicKeyInfoOwned = SubjectPublicKeyInfo<Any, BitString>;
 
 /// X.509 `SubjectPublicKeyInfo` (SPKI) as defined in [RFC 5280 § 4.1.2.7].
 ///
@@ -38,24 +45,19 @@ pub type SubjectPublicKeyInfoRef<'a> = SubjectPublicKeyInfo<AnyRef<'a>>;
 ///
 /// [RFC 5280 § 4.1.2.7]: https://tools.ietf.org/html/rfc5280#section-4.1.2.7
 #[derive(Clone, Debug, Eq, PartialEq)]
-pub struct SubjectPublicKeyInfo<Params> {
+pub struct SubjectPublicKeyInfo<Params, Key> {
     /// X.509 [`AlgorithmIdentifier`] for the public key type
     pub algorithm: AlgorithmIdentifier<Params>,
 
     /// Public key data
-    pub subject_public_key: BitString,
-}
-
-impl<Params> SubjectPublicKeyInfo<Params> {
-    /// Get a [`BitString`] representing the `subject_public_key`
-    fn bitstring(&self) -> BitStringRef<'_> {
-        BitStringRef::from(&self.subject_public_key)
-    }
+    pub subject_public_key: Key,
 }
 
-impl<'a, Params> SubjectPublicKeyInfo<Params>
+impl<'a: 'k, 'k, Params, Key: 'k> SubjectPublicKeyInfo<Params, Key>
 where
     Params: Choice<'a> + Encode,
+    Key: BitStringLike<'k, 'a>,
+    BitStringRef<'a>: From<&'k Key>,
 {
     /// Calculate the SHA-256 fingerprint of this [`SubjectPublicKeyInfo`] and
     /// encode it as a Base64 string.
@@ -84,35 +86,40 @@ where
     }
 }
 
-impl<'a, Params> DecodeValue<'a> for SubjectPublicKeyInfo<Params>
+impl<'a: 'k, 'k, Params, Key: 'k> DecodeValue<'a> for SubjectPublicKeyInfo<Params, Key>
 where
     Params: Choice<'a> + Encode,
+    Key: Decode<'a>,
 {
     fn decode_value<R: Reader<'a>>(reader: &mut R, header: Header) -> der::Result<Self> {
         reader.read_nested(header.length, |reader| {
             Ok(Self {
                 algorithm: reader.decode()?,
-                subject_public_key: BitString::decode(reader)?,
+                subject_public_key: Key::decode(reader)?,
             })
         })
     }
 }
 
-impl<'a, Params> Sequence<'a> for SubjectPublicKeyInfo<Params>
+impl<'a: 'k, 'k, Params, Key: 'k> Sequence<'a> for SubjectPublicKeyInfo<Params, Key>
 where
     Params: Choice<'a> + Encode,
+    Key: BitStringLike<'k, 'a>,
+    BitStringRef<'a>: From<&'k Key>,
 {
     fn fields<F, T>(&self, f: F) -> der::Result<T>
     where
         F: FnOnce(&[&dyn Encode]) -> der::Result<T>,
     {
-        f(&[&self.algorithm, &self.bitstring()])
+        f(&[&self.algorithm, &self.subject_public_key])
     }
 }
 
-impl<'a, Params> TryFrom<&'a [u8]> for SubjectPublicKeyInfo<Params>
+impl<'a: 'k, 'k, Params, Key: 'k> TryFrom<&'a [u8]> for SubjectPublicKeyInfo<Params, Key>
 where
     Params: Choice<'a> + Encode,
+    Key: BitStringLike<'k, 'a>,
+    BitStringRef<'a>: From<&'k Key>,
 {
     type Error = Error;
 
@@ -121,46 +128,51 @@ where
     }
 }
 
-impl<'a, Params> ValueOrd for SubjectPublicKeyInfo<Params>
+impl<'a, Params, Key> ValueOrd for SubjectPublicKeyInfo<Params, Key>
 where
     Params: Choice<'a> + DerOrd + Encode,
+    Key: ValueOrd,
 {
     fn value_cmp(&self, other: &Self) -> der::Result<Ordering> {
         match self.algorithm.der_cmp(&other.algorithm)? {
-            Ordering::Equal => self.bitstring().der_cmp(&other.bitstring()),
+            Ordering::Equal => self.subject_public_key.value_cmp(&other.subject_public_key),
             other => Ok(other),
         }
     }
 }
 
 #[cfg(feature = "alloc")]
 #[cfg_attr(docsrs, doc(cfg(feature = "alloc")))]
-impl<'a, Params> TryFrom<SubjectPublicKeyInfo<Params>> for Document
+impl<'a: 'k, 'k, Params, Key: 'k> TryFrom<SubjectPublicKeyInfo<Params, Key>> for Document
 where
     Params: Choice<'a> + Encode,
+    Key: BitStringLike<'k, 'a>,
+    BitStringRef<'a>: From<&'k Key>,
 {
     type Error = Error;
 
-    fn try_from(spki: SubjectPublicKeyInfo<Params>) -> Result<Document> {
+    fn try_from(spki: SubjectPublicKeyInfo<Params, Key>) -> Result<Document> {
         Self::try_from(&spki)
     }
 }
 
 #[cfg(feature = "alloc")]
 #[cfg_attr(docsrs, doc(cfg(feature = "alloc")))]
-impl<'a, Params> TryFrom<&SubjectPublicKeyInfo<Params>> for Document
+impl<'a: 'k, 'k, Params, Key: 'k> TryFrom<&SubjectPublicKeyInfo<Params, Key>> for Document
 where
     Params: Choice<'a> + Encode,
+    Key: BitStringLike<'k, 'a>,
+    BitStringRef<'a>: From<&'k Key>,
 {
     type Error = Error;
 
-    fn try_from(spki: &SubjectPublicKeyInfo<Params>) -> Result<Document> {
+    fn try_from(spki: &SubjectPublicKeyInfo<Params, Key>) -> Result<Document> {
         Ok(Self::encode_msg(spki)?)
     }
 }
 
 #[cfg(feature = "pem")]
 #[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
-impl<Params> PemLabel for SubjectPublicKeyInfo<Params> {
+impl<Params, Key> PemLabel for SubjectPublicKeyInfo<Params, Key> {
     const PEM_LABEL: &'static str = "PUBLIC KEY";
 }
diff --git a/spki/tests/spki.rs b/spki/tests/spki.rs
@@ -55,7 +55,7 @@ fn decode_ec_p256_der() {
         "1.2.840.10045.3.1.7".parse().unwrap()
     );
 
-    assert_eq!(spki.subject_public_key, &hex!("041CACFFB55F2F2CEFD89D89EB374B2681152452802DEEA09916068137D839CF7FC481A44492304D7EF66AC117BEFE83A8D08F155F2B52F9F618DD447029048E0F")[..]);
+    assert_eq!(spki.subject_public_key.raw_bytes(), &hex!("041CACFFB55F2F2CEFD89D89EB374B2681152452802DEEA09916068137D839CF7FC481A44492304D7EF66AC117BEFE83A8D08F155F2B52F9F618DD447029048E0F")[..]);
 }
 
 #[test]
@@ -67,7 +67,7 @@ fn decode_ed25519_and_fingerprint_spki() {
     assert_eq!(spki.algorithm.oid, "1.3.101.112".parse().unwrap());
     assert_eq!(spki.algorithm.parameters, None);
     assert_eq!(
-        spki.subject_public_key,
+        spki.subject_public_key.raw_bytes(),
         &hex!("4D29167F3F1912A6F7ADFA293A051A15C05EC67B8F17267B1C5550DCE853BD0D")[..]
     );
 
@@ -87,7 +87,7 @@ fn decode_ed25519_and_fingerprint_base64() {
     assert_eq!(spki.algorithm.oid, "1.3.101.112".parse().unwrap());
     assert_eq!(spki.algorithm.parameters, None);
     assert_eq!(
-        spki.subject_public_key,
+        spki.subject_public_key.raw_bytes(),
         &hex!("4D29167F3F1912A6F7ADFA293A051A15C05EC67B8F17267B1C5550DCE853BD0D")[..]
     );
 
@@ -104,7 +104,7 @@ fn decode_rsa_2048_der() {
 
     assert_eq!(spki.algorithm.oid, "1.2.840.113549.1.1.1".parse().unwrap());
     assert!(spki.algorithm.parameters.unwrap().is_null());
-    assert_eq!(spki.subject_public_key, &hex!("3082010A0282010100B6C42C515F10A6AAF282C63EDBE24243A170F3FA2633BD4833637F47CA4F6F36E03A5D29EFC3191AC80F390D874B39E30F414FCEC1FCA0ED81E547EDC2CD382C76F61C9018973DB9FA537972A7C701F6B77E0982DFC15FC01927EE5E7CD94B4F599FF07013A7C8281BDF22DCBC9AD7CABB7C4311C982F58EDB7213AD4558B332266D743AED8192D1884CADB8B14739A8DADA66DC970806D9C7AC450CB13D0D7C575FB198534FC61BC41BC0F0574E0E0130C7BBBFBDFDC9F6A6E2E3E2AFF1CBEAC89BA57884528D55CFB08327A1E8C89F4E003CF2888E933241D9D695BCBBACDC90B44E3E095FA37058EA25B13F5E295CBEAC6DE838AB8C50AF61E298975B872F0203010001")[..]);
+    assert_eq!(spki.subject_public_key.raw_bytes(), &hex!("3082010A0282010100B6C42C515F10A6AAF282C63EDBE24243A170F3FA2633BD4833637F47CA4F6F36E03A5D29EFC3191AC80F390D874B39E30F414FCEC1FCA0ED81E547EDC2CD382C76F61C9018973DB9FA537972A7C701F6B77E0982DFC15FC01927EE5E7CD94B4F599FF07013A7C8281BDF22DCBC9AD7CABB7C4311C982F58EDB7213AD4558B332266D743AED8192D1884CADB8B14739A8DADA66DC970806D9C7AC450CB13D0D7C575FB198534FC61BC41BC0F0574E0E0130C7BBBFBDFDC9F6A6E2E3E2AFF1CBEAC89BA57884528D55CFB08327A1E8C89F4E003CF2888E933241D9D695BCBBACDC90B44E3E095FA37058EA25B13F5E295CBEAC6DE838AB8C50AF61E298975B872F0203010001")[..]);
 }
 
 #[test]
