rustls_pki_types/alg_id.rs
1//! The PKIX [`AlgorithmIdentifier`] type, and common values.
2//!
3//! If you need to use an [`AlgorithmIdentifier`] not defined here,
4//! you can define it locally.
5
6use core::fmt;
7use core::ops::Deref;
8
9// See src/data/README.md.
10
11/// AlgorithmIdentifier for `id-ecPublicKey` with named curve `secp256r1`.
12///
13/// This is:
14///
15/// ```text
16/// # ecPublicKey
17/// OBJECT_IDENTIFIER { 1.2.840.10045.2.1 }
18/// # secp256r1
19/// OBJECT_IDENTIFIER { 1.2.840.10045.3.1.7 }
20/// ```
21pub const ECDSA_P256: AlgorithmIdentifier =
22 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-p256.der"));
23
24/// AlgorithmIdentifier for `id-ecPublicKey` with named curve `secp384r1`.
25///
26/// This is:
27///
28/// ```text
29/// # ecPublicKey
30/// OBJECT_IDENTIFIER { 1.2.840.10045.2.1 }
31/// # secp384r1
32/// OBJECT_IDENTIFIER { 1.3.132.0.34 }
33/// ```
34pub const ECDSA_P384: AlgorithmIdentifier =
35 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-p384.der"));
36
37/// AlgorithmIdentifier for `id-ecPublicKey` with named curve `secp521r1`.
38///
39/// This is:
40///
41/// ```text
42/// # ecPublicKey
43/// OBJECT_IDENTIFIER { 1.2.840.10045.2.1 }
44/// # secp521r1
45/// OBJECT_IDENTIFIER { 1.3.132.0.35 }
46/// ```
47pub const ECDSA_P521: AlgorithmIdentifier =
48 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-p521.der"));
49
50/// AlgorithmIdentifier for `ecdsa-with-SHA256`.
51///
52/// This is:
53///
54/// ```text
55/// # ecdsa-with-SHA256
56/// OBJECT_IDENTIFIER { 1.2.840.10045.4.3.2 }
57/// ```
58pub const ECDSA_SHA256: AlgorithmIdentifier =
59 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-sha256.der"));
60
61/// AlgorithmIdentifier for `ecdsa-with-SHA384`.
62///
63/// This is:
64///
65/// ```text
66/// # ecdsa-with-SHA384
67/// OBJECT_IDENTIFIER { 1.2.840.10045.4.3.3 }
68/// ```
69pub const ECDSA_SHA384: AlgorithmIdentifier =
70 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-sha384.der"));
71
72/// AlgorithmIdentifier for `ecdsa-with-SHA512`.
73///
74/// This is:
75///
76/// ```text
77/// # ecdsa-with-SHA512
78/// OBJECT_IDENTIFIER { 1.2.840.10045.4.3.4 }
79/// ```
80pub const ECDSA_SHA512: AlgorithmIdentifier =
81 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-sha512.der"));
82
83/// AlgorithmIdentifier for `rsaEncryption`.
84///
85/// This is:
86///
87/// ```text
88/// # rsaEncryption
89/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.1 }
90/// NULL {}
91/// ```
92pub const RSA_ENCRYPTION: AlgorithmIdentifier =
93 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-encryption.der"));
94
95/// AlgorithmIdentifier for `sha256WithRSAEncryption`.
96///
97/// This is:
98///
99/// ```text
100/// # sha256WithRSAEncryption
101/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.11 }
102/// NULL {}
103/// ```
104pub const RSA_PKCS1_SHA256: AlgorithmIdentifier =
105 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pkcs1-sha256.der"));
106
107/// AlgorithmIdentifier for `sha384WithRSAEncryption`.
108///
109/// This is:
110///
111/// ```text
112/// # sha384WithRSAEncryption
113/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.12 }
114/// NULL {}
115/// ```
116pub const RSA_PKCS1_SHA384: AlgorithmIdentifier =
117 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pkcs1-sha384.der"));
118
119/// AlgorithmIdentifier for `sha512WithRSAEncryption`.
120///
121/// This is:
122///
123/// ```text
124/// # sha512WithRSAEncryption
125/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.13 }
126/// NULL {}
127/// ```
128pub const RSA_PKCS1_SHA512: AlgorithmIdentifier =
129 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pkcs1-sha512.der"));
130
131/// AlgorithmIdentifier for `rsassaPss` with:
132///
133/// - hashAlgorithm: sha256
134/// - maskGenAlgorithm: mgf1 with sha256
135/// - saltLength: 32
136///
137/// This is:
138///
139/// ```text
140/// # rsassa-pss
141/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 }
142/// SEQUENCE {
143/// # hashAlgorithm:
144/// [0] {
145/// SEQUENCE {
146/// # sha256
147/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.1 }
148/// NULL {}
149/// }
150/// }
151/// # maskGenAlgorithm:
152/// [1] {
153/// SEQUENCE {
154/// # mgf1
155/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 }
156/// SEQUENCE {
157/// # sha256
158/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.1 }
159/// NULL {}
160/// }
161/// }
162/// }
163/// # saltLength:
164/// [2] {
165/// INTEGER { 32 }
166/// }
167/// }
168/// ```
169///
170/// See <https://datatracker.ietf.org/doc/html/rfc4055#section-3.1> for
171/// the meaning of the context-specific tags.
172pub const RSA_PSS_SHA256: AlgorithmIdentifier =
173 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pss-sha256.der"));
174
175/// AlgorithmIdentifier for `rsassaPss` with:
176///
177/// - hashAlgorithm: sha384
178/// - maskGenAlgorithm: mgf1 with sha384
179/// - saltLength: 48
180///
181/// This is:
182///
183/// ```text
184/// # rsassa-pss
185/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 }
186/// SEQUENCE {
187/// # hashAlgorithm:
188/// [0] {
189/// SEQUENCE {
190/// # sha384
191/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.2 }
192/// NULL {}
193/// }
194/// }
195/// # maskGenAlgorithm:
196/// [1] {
197/// SEQUENCE {
198/// # mgf1
199/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 }
200/// SEQUENCE {
201/// # sha384
202/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.2 }
203/// NULL {}
204/// }
205/// }
206/// }
207/// # saltLength:
208/// [2] {
209/// INTEGER { 48 }
210/// }
211/// }
212/// ```
213///
214/// See <https://datatracker.ietf.org/doc/html/rfc4055#section-3.1> for
215/// the meaning of the context-specific tags.
216pub const RSA_PSS_SHA384: AlgorithmIdentifier =
217 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pss-sha384.der"));
218
219/// AlgorithmIdentifier for `rsassaPss` with:
220///
221/// - hashAlgorithm: sha512
222/// - maskGenAlgorithm: mgf1 with sha512
223/// - saltLength: 64
224///
225/// This is:
226///
227/// ```text
228/// # rsassa-pss
229/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 }
230/// SEQUENCE {
231/// # hashAlgorithm:
232/// [0] {
233/// SEQUENCE {
234/// # sha512
235/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.3 }
236/// NULL {}
237/// }
238/// }
239/// # maskGenAlgorithm:
240/// [1] {
241/// SEQUENCE {
242/// # mgf1
243/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 }
244/// SEQUENCE {
245/// # sha512
246/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.3 }
247/// NULL {}
248/// }
249/// }
250/// }
251/// # saltLength:
252/// [2] {
253/// INTEGER { 64 }
254/// }
255/// }
256/// ```
257///
258/// See <https://datatracker.ietf.org/doc/html/rfc4055#section-3.1> for
259/// the meaning of the context-specific tags.
260pub const RSA_PSS_SHA512: AlgorithmIdentifier =
261 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pss-sha512.der"));
262
263/// AlgorithmIdentifier for `ED25519`.
264///
265/// This is:
266///
267/// ```text
268/// # ed25519
269/// OBJECT_IDENTIFIER { 1.3.101.112 }
270/// ```
271pub const ED25519: AlgorithmIdentifier =
272 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ed25519.der"));
273
274/// A DER encoding of the PKIX AlgorithmIdentifier type:
275///
276/// ```ASN.1
277/// AlgorithmIdentifier ::= SEQUENCE {
278/// algorithm OBJECT IDENTIFIER,
279/// parameters ANY DEFINED BY algorithm OPTIONAL }
280/// -- contains a value of the type
281/// -- registered for use with the
282/// -- algorithm object identifier value
283/// ```
284/// (from <https://www.rfc-editor.org/rfc/rfc5280#section-4.1.1.2>)
285///
286/// The outer sequence encoding is *not included*, so this is the DER encoding
287/// of an OID for `algorithm` plus the `parameters` value.
288///
289/// For example, this is the `rsaEncryption` algorithm (but prefer to use the constant
290/// [`RSA_ENCRYPTION`] instead):
291///
292/// ```
293/// let rsa_encryption = rustls_pki_types::AlgorithmIdentifier::from_slice(
294/// &[
295/// // algorithm: 1.2.840.113549.1.1.1
296/// 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
297/// // parameters: NULL
298/// 0x05, 0x00
299/// ]
300/// );
301/// assert_eq!(rustls_pki_types::alg_id::RSA_ENCRYPTION, rsa_encryption);
302/// ```
303///
304/// Common values for this type are provided in this module.
305#[derive(Clone, Copy, PartialEq, Eq)]
306pub struct AlgorithmIdentifier(&'static [u8]);
307
308impl AlgorithmIdentifier {
309 /// Makes a new `AlgorithmIdentifier` from a static octet slice.
310 ///
311 /// This does not validate the contents of the slice.
312 pub const fn from_slice(bytes: &'static [u8]) -> Self {
313 Self(bytes)
314 }
315}
316
317impl AsRef<[u8]> for AlgorithmIdentifier {
318 fn as_ref(&self) -> &[u8] {
319 self.0
320 }
321}
322
323impl fmt::Debug for AlgorithmIdentifier {
324 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
325 super::hex(f, self.0)
326 }
327}
328
329impl Deref for AlgorithmIdentifier {
330 type Target = [u8];
331
332 fn deref(&self) -> &Self::Target {
333 self.as_ref()
334 }
335}