/rust/registry/src/index.crates.io-1949cf8c6b5b557f/rustls-webpki-0.103.5/src/rpk_entity.rs

Source
use crate::error::Error;
use crate::signed_data::SubjectPublicKeyInfo;
use crate::{DerTypeId, der, signed_data};
use pki_types::{SignatureVerificationAlgorithm, SubjectPublicKeyInfoDer};

/// A Raw Public Key, used for connections using raw public keys as specified
/// in [RFC 7250](https://www.rfc-editor.org/rfc/rfc7250).
#[derive(Debug)]
pub struct RawPublicKeyEntity<'a> {
    inner: untrusted::Input<'a>,
}

impl<'a> TryFrom<&'a SubjectPublicKeyInfoDer<'a>> for RawPublicKeyEntity<'a> {
    type Error = Error;

    /// Parse the ASN.1 DER-encoded SPKI encoding of the raw public key `spki`.
    /// Since we are parsing a raw public key, we first strip the outer sequence tag.
    fn try_from(spki: &'a SubjectPublicKeyInfoDer<'a>) -> Result<Self, Self::Error> {
        let input = untrusted::Input::from(spki.as_ref());
        let spki = input.read_all(
            Error::TrailingData(DerTypeId::SubjectPublicKeyInfo),
            |reader| {
                let untagged_spki = der::expect_tag(reader, der::Tag::Sequence)?;
                der::read_all::<SubjectPublicKeyInfo<'_>>(untagged_spki)?;
                Ok(untagged_spki)
            },
        )?;
        Ok(Self { inner: spki })
    }
}

impl RawPublicKeyEntity<'_> {
    /// Verifies the signature `signature` of message `msg` using a raw public key,
    /// supporting RFC 7250.
    ///
    /// For more information on `signature_alg` and `signature` see the documentation for [`crate::end_entity::EndEntityCert::verify_signature`].
    pub fn verify_signature(
        &self,
        signature_alg: &dyn SignatureVerificationAlgorithm,
        msg: &[u8],
        signature: &[u8],
    ) -> Result<(), Error> {
        signed_data::verify_signature(
            signature_alg,
            self.inner,
            untrusted::Input::from(msg),
            untrusted::Input::from(signature),
        )
    }
}

#[cfg(feature = "alloc")]
#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_ee_read_for_rpk() {
        // Try to read an end entity certificate into a RawPublicKeyEntity.
        // It will fail to parse the key value since we expect no unused bits.
        let ee = include_bytes!("../tests/ed25519/ee.der");
        let ee_der = SubjectPublicKeyInfoDer::from(ee.as_slice());
        assert_eq!(
            RawPublicKeyEntity::try_from(&ee_der).expect_err("unexpectedly parsed certificate"),
            Error::TrailingData(DerTypeId::BitString)
        );
    }

    #[test]
    fn test_spki_read_for_rpk() {
        let pubkey = include_bytes!("../tests/ed25519/ee-pubkey.der");
        let spki_der = SubjectPublicKeyInfoDer::from(pubkey.as_slice());
        let rpk = RawPublicKeyEntity::try_from(&spki_der).expect("failed to parse rpk");

        // Retrieved the SPKI from the pubkey.der using the following commands (as in [`cert::test_spki_read`]):
        // xxd -plain -cols 1 tests/ed255519/ee-pubkey.der
        let expected_spki = [
            0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 0xfe, 0x5a, 0x1e, 0x36,
            0x6c, 0x17, 0x27, 0x5b, 0xf1, 0x58, 0x1e, 0x3a, 0x0e, 0xe6, 0x56, 0x29, 0x8d, 0x9e,
            0x1b, 0x3f, 0xd3, 0x3f, 0x96, 0x46, 0xef, 0xbf, 0x04, 0x6b, 0xc7, 0x3d, 0x47, 0x5c,
        ];
        assert_eq!(expected_spki, rpk.inner.as_slice_less_safe())
    }
}

Coverage Report

Created: 2025-09-27 06:56

Line	Count	Source
1		use crate::error::Error;
2		use crate::signed_data::SubjectPublicKeyInfo;
3		use crate::{DerTypeId, der, signed_data};
4		use pki_types::{SignatureVerificationAlgorithm, SubjectPublicKeyInfoDer};
5
6		/// A Raw Public Key, used for connections using raw public keys as specified
7		/// in [RFC 7250](https://www.rfc-editor.org/rfc/rfc7250).
8		#[derive(Debug)]
9		pub struct RawPublicKeyEntity<'a> {
10		inner: untrusted::Input<'a>,
11		}
12
13		impl<'a> TryFrom<&'a SubjectPublicKeyInfoDer<'a>> for RawPublicKeyEntity<'a> {
14		type Error = Error;
15
16		/// Parse the ASN.1 DER-encoded SPKI encoding of the raw public key `spki`.
17		/// Since we are parsing a raw public key, we first strip the outer sequence tag.
18	0	fn try_from(spki: &'a SubjectPublicKeyInfoDer<'a>) -> Result<Self, Self::Error> {
19	0	let input = untrusted::Input::from(spki.as_ref());
20	0	let spki = input.read_all(
21	0	Error::TrailingData(DerTypeId::SubjectPublicKeyInfo),
22	0	\|reader\| {
23	0	let untagged_spki = der::expect_tag(reader, der::Tag::Sequence)?;
24	0	der::read_all::<SubjectPublicKeyInfo<'_>>(untagged_spki)?;
25	0	Ok(untagged_spki)
26	0	},
27	0	)?;
28	0	Ok(Self { inner: spki })
29	0	}
30		}
31
32		impl RawPublicKeyEntity<'_> {
33		/// Verifies the signature `signature` of message `msg` using a raw public key,
34		/// supporting RFC 7250.
35		///
36		/// For more information on `signature_alg` and `signature` see the documentation for [`crate::end_entity::EndEntityCert::verify_signature`].
37	0	pub fn verify_signature(
38	0	&self,
39	0	signature_alg: &dyn SignatureVerificationAlgorithm,
40	0	msg: &[u8],
41	0	signature: &[u8],
42	0	) -> Result<(), Error> {
43	0	signed_data::verify_signature(
44	0	signature_alg,
45	0	self.inner,
46	0	untrusted::Input::from(msg),
47	0	untrusted::Input::from(signature),
48		)
49	0	}
50		}
51
52		#[cfg(feature = "alloc")]
53		#[cfg(test)]
54		mod tests {
55		use super::*;
56
57		#[test]
58		fn test_ee_read_for_rpk() {
59		// Try to read an end entity certificate into a RawPublicKeyEntity.
60		// It will fail to parse the key value since we expect no unused bits.
61		let ee = include_bytes!("../tests/ed25519/ee.der");
62		let ee_der = SubjectPublicKeyInfoDer::from(ee.as_slice());
63		assert_eq!(
64		RawPublicKeyEntity::try_from(&ee_der).expect_err("unexpectedly parsed certificate"),
65		Error::TrailingData(DerTypeId::BitString)
66		);
67		}
68
69		#[test]
70		fn test_spki_read_for_rpk() {
71		let pubkey = include_bytes!("../tests/ed25519/ee-pubkey.der");
72		let spki_der = SubjectPublicKeyInfoDer::from(pubkey.as_slice());
73		let rpk = RawPublicKeyEntity::try_from(&spki_der).expect("failed to parse rpk");
74
75		// Retrieved the SPKI from the pubkey.der using the following commands (as in [`cert::test_spki_read`]):
76		// xxd -plain -cols 1 tests/ed255519/ee-pubkey.der
77		let expected_spki = [
78		0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 0xfe, 0x5a, 0x1e, 0x36,
79		0x6c, 0x17, 0x27, 0x5b, 0xf1, 0x58, 0x1e, 0x3a, 0x0e, 0xe6, 0x56, 0x29, 0x8d, 0x9e,
80		0x1b, 0x3f, 0xd3, 0x3f, 0x96, 0x46, 0xef, 0xbf, 0x04, 0x6b, 0xc7, 0x3d, 0x47, 0x5c,
81		];
82		assert_eq!(expected_spki, rpk.inner.as_slice_less_safe())
83		}
84		}