diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2023-05-05 17:25:04 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-05-05 16:25:04 -0500 |
| commit | 4da2e580a9cb6544cdaf32787677f16513bb6f6d (patch) | |
| tree | 79ba61ddee4cf810758392f948f0e57ed82f9a64 | |
| parent | 10688d1ba27e0899812f2eb12be0d8a2a352ba85 (diff) | |
| download | cryptography-4da2e580a9cb6544cdaf32787677f16513bb6f6d.tar.gz | |
Use defined_by for hash AlgorithmIdentifiers (#8876)
| -rw-r--r-- | src/rust/cryptography-x509/src/common.rs | 11 | ||||
| -rw-r--r-- | src/rust/src/pkcs7.rs | 14 | ||||
| -rw-r--r-- | src/rust/src/x509/ocsp.rs | 79 | ||||
| -rw-r--r-- | src/rust/src/x509/sign.rs | 9 |
4 files changed, 64 insertions, 49 deletions
diff --git a/src/rust/cryptography-x509/src/common.rs b/src/rust/cryptography-x509/src/common.rs index 4dd83d926..f44308a85 100644 --- a/src/rust/cryptography-x509/src/common.rs +++ b/src/rust/cryptography-x509/src/common.rs @@ -21,6 +21,17 @@ impl AlgorithmIdentifier<'_> { #[derive(asn1::Asn1DefinedByRead, asn1::Asn1DefinedByWrite, PartialEq, Hash, Clone)] pub enum AlgorithmParameters<'a> { + #[defined_by(oid::SHA1_OID)] + Sha1(asn1::Null), + #[defined_by(oid::SHA224_OID)] + Sha224(asn1::Null), + #[defined_by(oid::SHA256_OID)] + Sha256(asn1::Null), + #[defined_by(oid::SHA384_OID)] + Sha384(asn1::Null), + #[defined_by(oid::SHA512_OID)] + Sha512(asn1::Null), + #[defined_by(oid::ED25519_OID)] Ed25519, #[defined_by(oid::ED448_OID)] diff --git a/src/rust/src/pkcs7.rs b/src/rust/src/pkcs7.rs index 589be5673..6bc90173f 100644 --- a/src/rust/src/pkcs7.rs +++ b/src/rust/src/pkcs7.rs @@ -179,16 +179,10 @@ fn sign_and_serialize<'p>( ) }; - let digest_alg = common::AlgorithmIdentifier { - oid: asn1::DefinedByMarker::marker(), - params: common::AlgorithmParameters::Other( - x509::ocsp::HASH_NAME_TO_OIDS[py_hash_alg - .getattr(pyo3::intern!(py, "name"))? - .extract::<&str>()?] - .clone(), - Some(*x509::sign::NULL_TLV), - ), - }; + let digest_alg = x509::ocsp::HASH_NAME_TO_ALGORITHM_IDENTIFIERS[py_hash_alg + .getattr(pyo3::intern!(py, "name"))? + .extract::<&str>()?] + .clone(); // Technically O(n^2), but no one will have that many signers. if !digest_algs.contains(&digest_alg) { digest_algs.push(digest_alg.clone()); diff --git a/src/rust/src/x509/ocsp.rs b/src/rust/src/x509/ocsp.rs index 0ea5555c1..53a0f2c4e 100644 --- a/src/rust/src/x509/ocsp.rs +++ b/src/rust/src/x509/ocsp.rs @@ -19,16 +19,47 @@ pub(crate) static OIDS_TO_HASH: Lazy<HashMap<&asn1::ObjectIdentifier, &str>> = L h.insert(&oid::SHA512_OID, "SHA512"); h }); -pub(crate) static HASH_NAME_TO_OIDS: Lazy<HashMap<&str, &asn1::ObjectIdentifier>> = - Lazy::new(|| { - let mut h = HashMap::new(); - h.insert("sha1", &oid::SHA1_OID); - h.insert("sha224", &oid::SHA224_OID); - h.insert("sha256", &oid::SHA256_OID); - h.insert("sha384", &oid::SHA384_OID); - h.insert("sha512", &oid::SHA512_OID); - h - }); +pub(crate) static HASH_NAME_TO_ALGORITHM_IDENTIFIERS: Lazy< + HashMap<&str, common::AlgorithmIdentifier<'_>>, +> = Lazy::new(|| { + let mut h = HashMap::new(); + h.insert( + "sha1", + common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::Sha1(()), + }, + ); + h.insert( + "sha224", + common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::Sha224(()), + }, + ); + h.insert( + "sha256", + common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::Sha256(()), + }, + ); + h.insert( + "sha384", + common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::Sha384(()), + }, + ); + h.insert( + "sha512", + common::AlgorithmIdentifier { + oid: asn1::DefinedByMarker::marker(), + params: common::AlgorithmParameters::Sha512(()), + }, + ); + h +}); pub(crate) fn certid_new<'p>( py: pyo3::Python<'p>, @@ -51,16 +82,10 @@ pub(crate) fn certid_new<'p>( )?; Ok(CertID { - hash_algorithm: common::AlgorithmIdentifier { - oid: asn1::DefinedByMarker::marker(), - params: common::AlgorithmParameters::Other( - HASH_NAME_TO_OIDS[hash_algorithm - .getattr(pyo3::intern!(py, "name"))? - .extract::<&str>()?] - .clone(), - Some(*x509::sign::NULL_TLV), - ), - }, + hash_algorithm: x509::ocsp::HASH_NAME_TO_ALGORITHM_IDENTIFIERS[hash_algorithm + .getattr(pyo3::intern!(py, "name"))? + .extract::<&str>()?] + .clone(), issuer_name_hash, issuer_key_hash, serial_number: cert.raw.borrow_value_public().tbs_cert.serial, @@ -75,16 +100,10 @@ pub(crate) fn certid_new_from_hash<'p>( hash_algorithm: &'p pyo3::PyAny, ) -> CryptographyResult<CertID<'p>> { Ok(CertID { - hash_algorithm: common::AlgorithmIdentifier { - oid: asn1::DefinedByMarker::marker(), - params: common::AlgorithmParameters::Other( - HASH_NAME_TO_OIDS[hash_algorithm - .getattr(pyo3::intern!(py, "name"))? - .extract::<&str>()?] - .clone(), - Some(*x509::sign::NULL_TLV), - ), - }, + hash_algorithm: x509::ocsp::HASH_NAME_TO_ALGORITHM_IDENTIFIERS[hash_algorithm + .getattr(pyo3::intern!(py, "name"))? + .extract::<&str>()?] + .clone(), issuer_name_hash, issuer_key_hash, serial_number, diff --git a/src/rust/src/x509/sign.rs b/src/rust/src/x509/sign.rs index d30a27064..c2dc3e651 100644 --- a/src/rust/src/x509/sign.rs +++ b/src/rust/src/x509/sign.rs @@ -6,15 +6,6 @@ use crate::error::{CryptographyError, CryptographyResult}; use crate::exceptions; use cryptography_x509::{common, oid}; -use once_cell::sync::Lazy; - -static NULL_DER: Lazy<Vec<u8>> = Lazy::new(|| { - // TODO: kind of verbose way to say "\x05\x00". - asn1::write_single(&()).unwrap() -}); -pub(crate) static NULL_TLV: Lazy<asn1::Tlv<'static>> = - Lazy::new(|| asn1::parse_single(&NULL_DER).unwrap()); - #[derive(Debug, PartialEq)] pub(crate) enum KeyType { Rsa, |