#![no_std]
#![cfg_attr(docsrs, feature(doc_cfg))]
#![doc = include_str!("../README.md")]
#![doc(
html_logo_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg",
html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg",
html_root_url = "https://docs.rs/pkcs5/0.5.0-pre"
)]
#![forbid(unsafe_code, clippy::unwrap_used)]
#![warn(missing_docs, rust_2018_idioms, unused_qualifications)]
#[cfg(all(feature = "alloc", feature = "pbes2"))]
extern crate alloc;
mod error;
pub mod pbes1;
pub mod pbes2;
pub use crate::error::{Error, Result};
pub use der::{self, asn1::ObjectIdentifier};
pub use spki::AlgorithmIdentifier;
use der::{Decode, DecodeValue, Encode, Header, Reader, Sequence, Tag};
#[cfg(all(feature = "alloc", feature = "pbes2"))]
use alloc::vec::Vec;
#[derive(Clone, Debug, Eq, PartialEq)]
#[non_exhaustive]
#[allow(clippy::large_enum_variant)]
pub enum EncryptionScheme<'a> {
Pbes1(pbes1::Algorithm),
Pbes2(pbes2::Parameters<'a>),
}
impl<'a> EncryptionScheme<'a> {
#[cfg(all(feature = "alloc", feature = "pbes2"))]
#[cfg_attr(docsrs, doc(cfg(feature = "alloc")))]
#[cfg_attr(docsrs, doc(cfg(feature = "pbes2")))]
pub fn decrypt(&self, password: impl AsRef<[u8]>, ciphertext: &[u8]) -> Result<Vec<u8>> {
match self {
Self::Pbes2(params) => params.decrypt(password, ciphertext),
Self::Pbes1(_) => Err(Error::NoPbes1CryptSupport),
}
}
#[cfg(feature = "pbes2")]
#[cfg_attr(docsrs, doc(cfg(feature = "pbes2")))]
pub fn decrypt_in_place<'b>(
&self,
password: impl AsRef<[u8]>,
buffer: &'b mut [u8],
) -> Result<&'b [u8]> {
match self {
Self::Pbes2(params) => params.decrypt_in_place(password, buffer),
Self::Pbes1(_) => Err(Error::NoPbes1CryptSupport),
}
}
#[cfg(all(feature = "alloc", feature = "pbes2"))]
#[cfg_attr(docsrs, doc(cfg(feature = "alloc")))]
#[cfg_attr(docsrs, doc(cfg(feature = "pbes2")))]
pub fn encrypt(&self, password: impl AsRef<[u8]>, plaintext: &[u8]) -> Result<Vec<u8>> {
match self {
Self::Pbes2(params) => params.encrypt(password, plaintext),
Self::Pbes1(_) => Err(Error::NoPbes1CryptSupport),
}
}
#[cfg(feature = "pbes2")]
#[cfg_attr(docsrs, doc(cfg(feature = "pbes2")))]
pub fn encrypt_in_place<'b>(
&self,
password: impl AsRef<[u8]>,
buffer: &'b mut [u8],
pos: usize,
) -> Result<&'b [u8]> {
match self {
Self::Pbes2(params) => params.encrypt_in_place(password, buffer, pos),
Self::Pbes1(_) => Err(Error::NoPbes1CryptSupport),
}
}
pub fn oid(&self) -> ObjectIdentifier {
match self {
Self::Pbes1(params) => params.oid(),
Self::Pbes2(_) => pbes2::PBES2_OID,
}
}
pub fn pbes1(&self) -> Option<&pbes1::Algorithm> {
match self {
Self::Pbes1(alg) => Some(alg),
_ => None,
}
}
pub fn pbes2(&self) -> Option<&pbes2::Parameters<'a>> {
match self {
Self::Pbes2(params) => Some(params),
_ => None,
}
}
}
impl<'a> DecodeValue<'a> for EncryptionScheme<'a> {
fn decode_value<R: Reader<'a>>(decoder: &mut R, header: Header) -> der::Result<Self> {
AlgorithmIdentifier::decode_value(decoder, header)?.try_into()
}
}
impl<'a> Sequence<'a> for EncryptionScheme<'a> {
fn fields<F, T>(&self, f: F) -> der::Result<T>
where
F: FnOnce(&[&dyn Encode]) -> der::Result<T>,
{
match self {
Self::Pbes1(pbes1) => f(&[&pbes1.oid(), &pbes1.parameters]),
Self::Pbes2(pbes2) => f(&[&pbes2::PBES2_OID, pbes2]),
}
}
}
impl<'a> From<pbes1::Algorithm> for EncryptionScheme<'a> {
fn from(alg: pbes1::Algorithm) -> EncryptionScheme<'a> {
Self::Pbes1(alg)
}
}
impl<'a> From<pbes2::Parameters<'a>> for EncryptionScheme<'a> {
fn from(params: pbes2::Parameters<'a>) -> EncryptionScheme<'a> {
Self::Pbes2(params)
}
}
impl<'a> TryFrom<AlgorithmIdentifier<'a>> for EncryptionScheme<'a> {
type Error = der::Error;
fn try_from(alg: AlgorithmIdentifier<'a>) -> der::Result<EncryptionScheme<'_>> {
if alg.oid == pbes2::PBES2_OID {
match alg.parameters {
Some(params) => pbes2::Parameters::try_from(params).map(Into::into),
None => Err(Tag::OctetString.value_error()),
}
} else {
pbes1::Algorithm::try_from(alg).map(Into::into)
}
}
}
impl<'a> TryFrom<&'a [u8]> for EncryptionScheme<'a> {
type Error = der::Error;
fn try_from(bytes: &'a [u8]) -> der::Result<EncryptionScheme<'a>> {
AlgorithmIdentifier::from_der(bytes)?.try_into()
}
}