Make PSS/OAEP params use generic AlgorithmIdentifier (#799)

Moves assert_algorithm_oid to generic impl:

The assert_algorithm_oid() method doesn't depend on the actual
AlgorithmIdentifier's Params type and thus can be a part of the generic
AlgorithmIdentifier<Params> implementation rather than being specific to
AlgorithmIdentifierRef only.

Params: switch to generic AlgorithmIdentifier implementation

The AlgorithmIdentifier for the MGF uses another AlgorithmIdentifier as
params field. Implement this in the code rater than using the generic
AlgorithmIdentifierRef.

Signed-off-by: Dmitry Baryshkov <[email protected]>

Author: lumag

pkcs1/src/params.rs

@@ -6,15 +6,12 @@ use der::{
     asn1::ContextSpecificRef, Decode, DecodeValue, Encode, EncodeValue, FixedTag, Reader, Sequence,
     Tag, TagMode, TagNumber, Writer,
 };
-use spki::AlgorithmIdentifierRef;
+use spki::{AlgorithmIdentifier, AlgorithmIdentifierRef};
 
 const OID_SHA_1: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.3.14.3.2.26");
 const OID_MGF_1: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.8");
 const OID_PSPECIFIED: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.9");
 
-// TODO(tarcieri): make `AlgorithmIdentifier` generic around params; use `OID_SHA_1`
-const SEQ_OID_SHA_1_DER: &[u8] = &[0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a];
-
 const SHA_1_AI: AlgorithmIdentifierRef<'_> = AlgorithmIdentifierRef {
     oid: OID_SHA_1,
     parameters: None,
@@ -84,7 +81,7 @@ pub struct RsaPssParams<'a> {
     pub hash: AlgorithmIdentifierRef<'a>,
 
     /// Mask Generation Function (MGF)
-    pub mask_gen: AlgorithmIdentifierRef<'a>,
+    pub mask_gen: AlgorithmIdentifier<AlgorithmIdentifierRef<'a>>,
 
     /// Salt length
     pub salt_len: u8,
@@ -180,13 +177,10 @@ impl<'a> TryFrom<&'a [u8]> for RsaPssParams<'a> {
 }
 
 /// Default Mask Generation Function (MGF): SHA-1.
-fn default_mgf1_sha1<'a>() -> AlgorithmIdentifierRef<'a> {
-    AlgorithmIdentifierRef {
+fn default_mgf1_sha1<'a>() -> AlgorithmIdentifier<AlgorithmIdentifierRef<'a>> {
+    AlgorithmIdentifier::<AlgorithmIdentifierRef<'a>> {
         oid: OID_MGF_1,
-        parameters: Some(
-            AnyRef::new(Tag::Sequence, SEQ_OID_SHA_1_DER)
-                .expect("error creating default MGF1 params"),
-        ),
+        parameters: Some(SHA_1_AI),
     }
 }
 
@@ -211,7 +205,7 @@ pub struct RsaOaepParams<'a> {
     pub hash: AlgorithmIdentifierRef<'a>,
 
     /// Mask Generation Function (MGF)
-    pub mask_gen: AlgorithmIdentifierRef<'a>,
+    pub mask_gen: AlgorithmIdentifier<AlgorithmIdentifierRef<'a>>,
 
     /// The source (and possibly the value) of the label L
     pub p_source: AlgorithmIdentifierRef<'a>,

pkcs1/tests/params.rs

@@ -1,10 +1,7 @@
 //! PKCS#1 algorithm params tests
 
 use const_oid::db;
-use der::{
-    asn1::{ObjectIdentifier, OctetStringRef},
-    Decode, Encode,
-};
+use der::{asn1::OctetStringRef, Encode};
 use hex_literal::hex;
 use pkcs1::{RsaOaepParams, RsaPssParams, TrailerField};
 
@@ -31,15 +28,12 @@ fn decode_pss_param() {
         .mask_gen
         .assert_algorithm_oid(db::rfc5912::ID_MGF_1)
         .is_ok());
-    assert_eq!(
-        param
-            .mask_gen
-            .parameters_any()
-            .unwrap()
-            .sequence(|reader| Ok(ObjectIdentifier::decode(reader)?))
-            .unwrap(),
-        db::rfc5912::ID_SHA_256
-    );
+    assert!(param
+        .mask_gen
+        .parameters
+        .unwrap()
+        .assert_algorithm_oid(db::rfc5912::ID_SHA_256)
+        .is_ok());
     assert_eq!(param.salt_len, 32);
     assert_eq!(param.trailer_field, TrailerField::BC);
 }
@@ -67,15 +61,12 @@ fn decode_pss_param_default() {
         .mask_gen
         .assert_algorithm_oid(db::rfc5912::ID_MGF_1)
         .is_ok());
-    assert_eq!(
-        param
-            .mask_gen
-            .parameters_any()
-            .unwrap()
-            .sequence(|reader| Ok(ObjectIdentifier::decode(reader)?))
-            .unwrap(),
-        db::rfc5912::ID_SHA_1
-    );
+    assert!(param
+        .mask_gen
+        .parameters
+        .unwrap()
+        .assert_algorithm_oid(db::rfc5912::ID_SHA_1)
+        .is_ok());
     assert_eq!(param.salt_len, 20);
     assert_eq!(param.trailer_field, TrailerField::BC);
     assert_eq!(param, Default::default())
@@ -103,15 +94,12 @@ fn decode_oaep_param() {
         .mask_gen
         .assert_algorithm_oid(db::rfc5912::ID_MGF_1)
         .is_ok());
-    assert_eq!(
-        param
-            .mask_gen
-            .parameters_any()
-            .unwrap()
-            .sequence(|reader| Ok(ObjectIdentifier::decode(reader)?))
-            .unwrap(),
-        db::rfc5912::ID_SHA_256
-    );
+    assert!(param
+        .mask_gen
+        .parameters
+        .unwrap()
+        .assert_algorithm_oid(db::rfc5912::ID_SHA_256)
+        .is_ok());
     assert!(param
         .p_source
         .assert_algorithm_oid(db::rfc5912::ID_P_SPECIFIED)
@@ -145,15 +133,12 @@ fn decode_oaep_param_default() {
         .mask_gen
         .assert_algorithm_oid(db::rfc5912::ID_MGF_1)
         .is_ok());
-    assert_eq!(
-        param
-            .mask_gen
-            .parameters_any()
-            .unwrap()
-            .sequence(|reader| Ok(ObjectIdentifier::decode(reader)?))
-            .unwrap(),
-        db::rfc5912::ID_SHA_1
-    );
+    assert!(param
+        .mask_gen
+        .parameters
+        .unwrap()
+        .assert_algorithm_oid(db::rfc5912::ID_SHA_1)
+        .is_ok());
     assert!(param
         .p_source
         .assert_algorithm_oid(db::rfc5912::ID_P_SPECIFIED)

spki/src/algorithm.rs

@@ -78,7 +78,7 @@ where
 /// `AlgorithmIdentifier` reference which has `AnyRef` parameters.
 pub type AlgorithmIdentifierRef<'a> = AlgorithmIdentifier<AnyRef<'a>>;
 
-impl<'a> AlgorithmIdentifierRef<'a> {
+impl<Params> AlgorithmIdentifier<Params> {
     /// Assert the `algorithm` OID is an expected value.
     pub fn assert_algorithm_oid(&self, expected_oid: ObjectIdentifier) -> Result<ObjectIdentifier> {
         if self.oid == expected_oid {
@@ -87,7 +87,9 @@ impl<'a> AlgorithmIdentifierRef<'a> {
             Err(Error::OidUnknown { oid: expected_oid })
         }
     }
+}
 
+impl<'a> AlgorithmIdentifierRef<'a> {
     /// Assert `parameters` is an OID and has the expected value.
     pub fn assert_parameters_oid(
         &self,