1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

use crate::{
    hash::HashAlgorithm,
    key::{KeyError, PublicKey},
};
use picky_asn1::wrapper::BitStringAsn1Container;
use picky_asn1_der::Asn1DerError;
use thiserror::Error;

#[derive(Debug, Error)]
pub enum KeyIdGenError {
    /// asn1 serialization error
    #[error("(asn1) couldn't serialize {element}: {source}")]
    Asn1Serialization {
        element: &'static str,
        source: Asn1DerError,
    },

    /// invalid key
    #[error("invalid key: {source}")]
    InvalidKey { source: KeyError },
}

/// Describes which method to use to generate key identifiers.
///
/// See [RFC5280 #4](https://tools.ietf.org/html/rfc5280#section-4.2.1.2) and
/// [RFC7093 #2](https://tools.ietf.org/html/rfc7093#section-2).
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
pub enum KeyIdGenMethod {
    /// Hash the leftmost 160-bits of the
    /// SHA-256 hash of the value of the BIT STRING subjectPublicKey
    /// (excluding the tag, length, and number of unused bits).
    SPKValueHashedLeftmost160(HashAlgorithm),
    /// Hash the DER encoding of the SubjectPublicKeyInfo value.
    SPKFullDER(HashAlgorithm),
}

impl KeyIdGenMethod {
    pub fn generate_from(self, public_key: &PublicKey) -> Result<Vec<u8>, KeyIdGenError> {
        use picky_asn1_x509::PublicKey as InnerPublicKey;

        match self {
            KeyIdGenMethod::SPKValueHashedLeftmost160(hash_algo) => match &public_key.as_inner().subject_public_key {
                InnerPublicKey::RSA(BitStringAsn1Container(rsa_pk)) => {
                    let der = picky_asn1_der::to_vec(rsa_pk).map_err(|e| KeyIdGenError::Asn1Serialization {
                        source: e,
                        element: "RSA private key",
                    })?;
                    Ok(hash_algo.digest(&der)[..20].to_vec())
                }
                InnerPublicKey::EC(bitstring) => {
                    let der = bitstring.0.payload_view();
                    Ok(hash_algo.digest(&der)[..20].to_vec())
                }
                InnerPublicKey::Ed(bitstring) => {
                    let der = bitstring.0.payload_view();
                    Ok(hash_algo.digest(&der)[..20].to_vec())
                }
            },
            KeyIdGenMethod::SPKFullDER(hash_algo) => {
                let der = public_key
                    .to_der()
                    .map_err(|e| KeyIdGenError::InvalidKey { source: e })?;
                Ok(hash_algo.digest(&der))
            }
        }
    }
}