synta-certificate 0.2.6

X.509 certificate structures for synta ASN.1 library
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355

//! CMS encryption/decryption, PKCS#12, and key-transport traits.

use super::errors::{NoCryptoError, NoEncryptorError, NoEnvelopedDataDecryptorError};

// ── CmsDecryptor ──────────────────────────────────────────────────────────────

/// Trait for decrypting CMS `EncryptedData` content.
///
/// The key is a raw symmetric key (not a password).  Algorithm parameters
/// such as IV or GCM nonce are read from `algorithm_der`.
///
/// # Contract
///
/// - `algorithm_der`: complete DER encoding of the `AlgorithmIdentifier` from
///   `EncryptedContentInfo.contentEncryptionAlgorithm`.
/// - `ciphertext`: raw ciphertext bytes extracted from the
///   `encryptedContent [0] IMPLICIT OCTET STRING` field.
/// - `key`: raw symmetric key bytes.
///
/// Returns the decrypted plaintext on success.
pub trait CmsDecryptor {
    type Error: std::error::Error + Send + Sync + 'static;

    fn decrypt(
        &self,
        algorithm_der: &[u8],
        ciphertext: &[u8],
        key: &[u8],
    ) -> Result<Vec<u8>, Self::Error>;
}

/// Sentinel decryptor for `CmsDecryptor` that always returns an error.
///
/// Use when no crypto backend is available.
pub struct NoCmsDecryptor;

impl CmsDecryptor for NoCmsDecryptor {
    type Error = NoCryptoError;

    fn decrypt(
        &self,
        _algorithm_der: &[u8],
        _ciphertext: &[u8],
        _key: &[u8],
    ) -> Result<Vec<u8>, NoCryptoError> {
        Err(NoCryptoError)
    }
}

// ── Encryptor ─────────────────────────────────────────────────────────────────

/// Low-level symmetric encryption primitive.
///
/// Implementations select and configure the cipher, generate a fresh random
/// IV/nonce, perform the encryption, and encode the result.
///
/// # Contract
///
/// - `alg_oid`: OID component slice identifying the cipher
///   (e.g. `&ID_AES128_CBC`).
/// - `plaintext`: raw plaintext bytes.
/// - `key`: raw symmetric key bytes (length must match the cipher's
///   key size).
///
/// Returns `(algorithm_identifier_der, ciphertext)` where
/// `algorithm_identifier_der` is the complete DER-encoded `AlgorithmIdentifier`
/// (OID + generated IV as OCTET STRING parameter) ready to embed in
/// `EncryptedContentInfo.contentEncryptionAlgorithm`.
pub trait Encryptor {
    type Error: std::error::Error + Send + Sync + 'static;

    /// Encrypt `plaintext` under `key` using the cipher identified by `alg_oid`.
    ///
    /// Generates a fresh random IV/nonce internally.  Returns
    /// `(algorithm_identifier_der, ciphertext)` — the caller must embed
    /// `algorithm_identifier_der` in `EncryptedContentInfo.contentEncryptionAlgorithm`
    /// so that the receiver can recover the IV for decryption.
    fn encrypt(
        &self,
        alg_oid: &[u32],
        plaintext: &[u8],
        key: &[u8],
    ) -> Result<(Vec<u8>, Vec<u8>), Self::Error>;
}

/// Sentinel [`Encryptor`] that always returns an error.
///
/// Use when no crypto backend is available and you want to surface a clear
/// error rather than panicking or silently succeeding.
pub struct NoEncryptor;

impl Encryptor for NoEncryptor {
    type Error = NoEncryptorError;

    fn encrypt(
        &self,
        _alg_oid: &[u32],
        _plaintext: &[u8],
        _key: &[u8],
    ) -> Result<(Vec<u8>, Vec<u8>), NoEncryptorError> {
        Err(NoEncryptorError)
    }
}

// ── CmsEncryptor ──────────────────────────────────────────────────────────────

/// CMS `EncryptedData` builder.
///
/// Extends [`Encryptor`] with the ability to assemble a complete RFC 5652 §8
/// `EncryptedData` SEQUENCE from plaintext and a symmetric key.
///
/// # Contract
///
/// - `content_type_oid`: OID components for `EncryptedContentInfo.contentType`
///   (typically `&ID_DATA` = `id-data`, 1.2.840.113549.1.7.1).
/// - `enc_alg_oid`: OID components for the content-encryption algorithm
///   (e.g. `&ID_AES128_CBC`).
/// - `plaintext` / `key`: as for [`Encryptor::encrypt`].
///
/// Returns the DER-encoded `EncryptedData` SEQUENCE.
pub trait CmsEncryptor: Encryptor {
    /// Encrypt `plaintext` and return a complete DER-encoded `EncryptedData`
    /// SEQUENCE (RFC 5652 §8).
    ///
    /// The returned bytes contain `version`, `encryptedContentInfo` (with OID,
    /// fresh random IV, and ciphertext), and are ready to be wrapped in a
    /// `ContentInfo` SEQUENCE or stored directly.
    fn create_encrypted_data(
        &self,
        content_type_oid: &[u32],
        enc_alg_oid: &[u32],
        plaintext: &[u8],
        key: &[u8],
    ) -> Result<Vec<u8>, Self::Error>;
}

// ── Pkcs12Encryptor ───────────────────────────────────────────────────────────

/// Password-based encryptor and MAC generator for PKCS#12 archives.
///
/// Implementations provide two operations used by [`crate::Pkcs12Builder`]:
///
/// 1. **`encrypt`** — encrypt a private-key DER blob for storage in a
///    `pkcs8ShroudedKeyBag` `EncryptedPrivateKeyInfo`.
/// 2. **`compute_mac`** — produce a `MacData` DER for the `PFX` integrity
///    check (RFC 7292 §4).
///
/// # Contract
///
/// - `encrypt(plaintext, password)` returns
///   `(algorithm_identifier_der, ciphertext)` where `algorithm_identifier_der`
///   is a complete DER-encoded `AlgorithmIdentifier` SEQUENCE (e.g.
///   PBES2 + PBKDF2-SHA256 + AES-256-CBC) suitable for embedding directly in
///   `EncryptedPrivateKeyInfo.encryptionAlgorithm`.
///
/// - `compute_mac(auth_safe_content, password)` returns the DER-encoded
///   `MacData` SEQUENCE ready to embed as the third field of a `PFX`.
///   `auth_safe_content` is the raw DER bytes of the `AuthenticatedSafe`
///   SEQUENCE (i.e. the value inside the outer `id-data` ContentInfo's
///   `[0] EXPLICIT OCTET STRING`).
pub trait Pkcs12Encryptor {
    type Error: std::error::Error + Send + Sync + 'static;

    /// Encrypt `plaintext` under `password` using a password-based scheme.
    ///
    /// Returns `(algorithm_identifier_der, ciphertext)`.
    fn encrypt(&self, plaintext: &[u8], password: &[u8])
        -> Result<(Vec<u8>, Vec<u8>), Self::Error>;

    /// Compute a `MacData` DER for the given `AuthenticatedSafe` content.
    ///
    /// Returns the DER-encoded `MacData` SEQUENCE.
    fn compute_mac(
        &self,
        auth_safe_content: &[u8],
        password: &[u8],
    ) -> Result<Vec<u8>, Self::Error>;
}

/// Sentinel [`Pkcs12Encryptor`] that always returns an error.
///
/// Use when no crypto backend is available and you want a clear error
/// rather than panicking.
pub struct NoPkcs12Encryptor;

impl Pkcs12Encryptor for NoPkcs12Encryptor {
    type Error = NoEncryptorError;

    fn encrypt(
        &self,
        _plaintext: &[u8],
        _password: &[u8],
    ) -> Result<(Vec<u8>, Vec<u8>), NoEncryptorError> {
        Err(NoEncryptorError)
    }

    fn compute_mac(
        &self,
        _auth_safe_content: &[u8],
        _password: &[u8],
    ) -> Result<Vec<u8>, NoEncryptorError> {
        Err(NoEncryptorError)
    }
}

// ── Pkcs12Decryptor ───────────────────────────────────────────────────────────

/// Trait for decrypting PKCS#12 encrypted safe-contents bags.
///
/// Callers provide an implementation to `certs_from_pkcs12`; the parser
/// itself does not link against any crypto library.  A concrete
/// implementation using rust-openssl is available as `crate::OpensslDecryptor`
/// when the `openssl` feature is enabled.
///
/// # Contract
///
/// - `algorithm_der`: complete DER encoding of the `AlgorithmIdentifier` from
///   `EncryptedContentInfo.contentEncryptionAlgorithm`.
/// - `ciphertext`: raw ciphertext bytes extracted from the
///   `encryptedContent [0] IMPLICIT OCTET STRING` field.
/// - `password`: UTF-8 bytes, no NUL terminator.  For PBKDF2/PBES2 the bytes
///   are used as-is (RFC 8018).  For the legacy PKCS12-KDF the OpenSSL
///   implementation converts to BMPString internally via `PKCS12_key_gen_utf8`.
///
/// Returns the decrypted plaintext (a SafeContents DER SEQUENCE) on success.
pub trait Pkcs12Decryptor {
    type Error: std::error::Error + Send + Sync + 'static;

    fn decrypt(
        &self,
        algorithm_der: &[u8],
        ciphertext: &[u8],
        password: &[u8],
    ) -> Result<Vec<u8>, Self::Error>;
}

/// Sentinel decryptor that always fails.
///
/// Use this as the `decryptor` argument to `certs_from_pkcs12` when you only
/// expect unencrypted PKCS#12 files (plain `id-data` authSafe bags) and want
/// a clear error instead of silently skipping encrypted bags.
pub struct NoCrypto;

impl Pkcs12Decryptor for NoCrypto {
    type Error = NoCryptoError;

    fn decrypt(
        &self,
        _algorithm_der: &[u8],
        _ciphertext: &[u8],
        _password: &[u8],
    ) -> Result<Vec<u8>, NoCryptoError> {
        Err(NoCryptoError)
    }
}

// ── KeyWrapAlgorithm ──────────────────────────────────────────────────────────

/// Key-transport wrapping algorithm for CMS `EnvelopedData` (RFC 5652 §6).
///
/// Selects how the content-encryption key (CEK) is encrypted for the
/// recipient's public key.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum KeyWrapAlgorithm {
    /// RSA-OAEP with SHA-256 hash and MGF1-SHA-256 mask generation (RFC 8017
    /// §7.1).  Recommended for new protocols.
    RsaOaepSha256,
    /// RSA PKCS#1 v1.5 padding (RFC 8017 §7.2).  Provided for interoperability
    /// with legacy systems; prefer [`KeyWrapAlgorithm::RsaOaepSha256`] for new
    /// deployments.
    RsaPkcs1v15,
}

// ── KeyEncryptor / KeyDecryptor ───────────────────────────────────────────────

/// Encrypts data under an asymmetric public key.
///
/// The primary use case is CMS `EnvelopedData` key transport (RFC 5652 §6.2.1):
/// the sender encrypts the content-encryption key (CEK) under the recipient's
/// public key from their X.509 certificate.  The same interface covers both
/// RSA-OAEP (RFC 8017) and legacy RSA PKCS#1 v1.5 padding.
///
/// # Contract
///
/// - `plaintext`: the raw bytes to encrypt (typically a symmetric CEK, but any
///   data within the key's capacity is accepted).
/// - Returns the ciphertext as an owned `Vec<u8>`.
pub trait KeyEncryptor {
    /// Error type returned by this encryptor.
    type Error: std::error::Error + Send + Sync + 'static;

    /// Encrypt `plaintext` under the public key held by this encryptor.
    fn encrypt_key(&self, plaintext: &[u8]) -> Result<Vec<u8>, Self::Error>;
}

/// Decrypts data using an asymmetric private key.
///
/// The primary use case is CMS `EnvelopedData` key transport (RFC 5652 §6.2.1):
/// the recipient decrypts the encrypted CEK using their private key.  The same
/// interface covers both RSA-OAEP (RFC 8017) and legacy RSA PKCS#1 v1.5.
///
/// # Contract
///
/// - `ciphertext`: the raw encrypted bytes to decrypt.
/// - Returns the plaintext as an owned `Vec<u8>`.
pub trait KeyDecryptor {
    /// Error type returned by this decryptor.
    type Error: std::error::Error + Send + Sync + 'static;

    /// Decrypt `ciphertext` using the private key held by this decryptor.
    fn decrypt_key(&self, ciphertext: &[u8]) -> Result<Vec<u8>, Self::Error>;
}

// ── EnvelopedDataDecryptor ────────────────────────────────────────────────────

/// Decrypts a CMS `EnvelopedData` structure using key transport (RFC 5652 §6).
///
/// Implementations iterate the `RecipientInfos` SET looking for a
/// `KeyTransRecipientInfo` entry whose encrypted content-encryption key (CEK)
/// can be unwrapped with the held private key.  On success the recovered CEK
/// is used to decrypt the `encryptedContent` field and the plaintext is
/// returned.
///
/// # Contract
///
/// - `ed`: the fully parsed `EnvelopedData` SEQUENCE (use `synta::Decoder` to
///   obtain it from raw DER bytes).
/// - Returns the decrypted plaintext as an owned `Vec<u8>` on success, or an
///   error if no matching recipient info is found or any crypto operation fails.
pub trait EnvelopedDataDecryptor {
    /// Error type returned by this decryptor.
    type Error: std::error::Error + Send + Sync + 'static;

    /// Decrypt the given `EnvelopedData`.
    fn decrypt_enveloped(
        &self,
        ed: &crate::cms_rfc5652_types::EnvelopedData<'_>,
    ) -> Result<Vec<u8>, Self::Error>;
}

/// Sentinel [`EnvelopedDataDecryptor`] that always returns an error.
///
/// Use when no crypto backend is available.
pub struct NoEnvelopedDataDecryptor;

impl EnvelopedDataDecryptor for NoEnvelopedDataDecryptor {
    type Error = NoEnvelopedDataDecryptorError;

    fn decrypt_enveloped(
        &self,
        _ed: &crate::cms_rfc5652_types::EnvelopedData<'_>,
    ) -> Result<Vec<u8>, NoEnvelopedDataDecryptorError> {
        Err(NoEnvelopedDataDecryptorError)
    }
}