webpki/
rpk_entity.rs

1use crate::error::Error;
2use crate::signed_data::SubjectPublicKeyInfo;
3use crate::{DerTypeId, der, signed_data};
4use pki_types::{SignatureVerificationAlgorithm, SubjectPublicKeyInfoDer};
5
6/// A Raw Public Key, used for connections using raw public keys as specified
7/// in [RFC 7250](https://www.rfc-editor.org/rfc/rfc7250).
8#[derive(Debug)]
9pub struct RawPublicKeyEntity<'a> {
10    inner: untrusted::Input<'a>,
11}
12
13impl<'a> TryFrom<&'a SubjectPublicKeyInfoDer<'a>> for RawPublicKeyEntity<'a> {
14    type Error = Error;
15
16    /// Parse the ASN.1 DER-encoded SPKI encoding of the raw public key `spki`.
17    /// Since we are parsing a raw public key, we first strip the outer sequence tag.
18    fn try_from(spki: &'a SubjectPublicKeyInfoDer<'a>) -> Result<Self, Self::Error> {
19        let input = untrusted::Input::from(spki.as_ref());
20        let spki = input.read_all(
21            Error::TrailingData(DerTypeId::SubjectPublicKeyInfo),
22            |reader| {
23                let untagged_spki = der::expect_tag(reader, der::Tag::Sequence)?;
24                der::read_all::<SubjectPublicKeyInfo<'_>>(untagged_spki)?;
25                Ok(untagged_spki)
26            },
27        )?;
28        Ok(Self { inner: spki })
29    }
30}
31
32impl RawPublicKeyEntity<'_> {
33    /// Verifies the signature `signature` of message `msg` using a raw public key,
34    /// supporting RFC 7250.
35    ///
36    /// For more information on `signature_alg` and `signature` see the documentation for [`crate::end_entity::EndEntityCert::verify_signature`].
37    pub fn verify_signature(
38        &self,
39        signature_alg: &dyn SignatureVerificationAlgorithm,
40        msg: &[u8],
41        signature: &[u8],
42    ) -> Result<(), Error> {
43        signed_data::verify_signature(
44            signature_alg,
45            self.inner,
46            untrusted::Input::from(msg),
47            untrusted::Input::from(signature),
48        )
49    }
50}
51
52#[cfg(feature = "alloc")]
53#[cfg(test)]
54mod tests {
55    use super::*;
56
57    #[test]
58    fn test_ee_read_for_rpk() {
59        // Try to read an end entity certificate into a RawPublicKeyEntity.
60        // It will fail to parse the key value since we expect no unused bits.
61        let ee = include_bytes!("../tests/ed25519/ee.der");
62        let ee_der = SubjectPublicKeyInfoDer::from(ee.as_slice());
63        assert_eq!(
64            RawPublicKeyEntity::try_from(&ee_der).expect_err("unexpectedly parsed certificate"),
65            Error::TrailingData(DerTypeId::BitString)
66        );
67    }
68
69    #[test]
70    fn test_spki_read_for_rpk() {
71        let pubkey = include_bytes!("../tests/ed25519/ee-pubkey.der");
72        let spki_der = SubjectPublicKeyInfoDer::from(pubkey.as_slice());
73        let rpk = RawPublicKeyEntity::try_from(&spki_der).expect("failed to parse rpk");
74
75        // Retrieved the SPKI from the pubkey.der using the following commands (as in [`cert::test_spki_read`]):
76        // xxd -plain -cols 1 tests/ed255519/ee-pubkey.der
77        let expected_spki = [
78            0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 0xfe, 0x5a, 0x1e, 0x36,
79            0x6c, 0x17, 0x27, 0x5b, 0xf1, 0x58, 0x1e, 0x3a, 0x0e, 0xe6, 0x56, 0x29, 0x8d, 0x9e,
80            0x1b, 0x3f, 0xd3, 0x3f, 0x96, 0x46, 0xef, 0xbf, 0x04, 0x6b, 0xc7, 0x3d, 0x47, 0x5c,
81        ];
82        assert_eq!(expected_spki, rpk.inner.as_slice_less_safe())
83    }
84}
webpki/rpk_entity.rs

webpki/
rpk_entity.rs
