synta-certificate 0.2.6

X.509 certificate structures for synta ASN.1 library
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

//! OpenSSL-backed [`crate::Pkcs12Decryptor`] and [`crate::SignatureVerifier`]
//! implementations.
//!
//! ## PKCS#12 decryption ([`OpensslDecryptor`])
//!
//! Supports:
//! - `id-PBES2` with `id-PBKDF2` KDF and AES-128/192/256-CBC or 3DES-EDE-CBC ciphers.
//! - Legacy `pbeWithSHAAnd3-KeyTripleDES-CBC` (requires feature `deprecated-pkcs12-algorithms`).
//!
//! Unsupported algorithms return an error rather than panic.
//!
//! ## Signature verification ([`OpensslSignatureVerifier`])
//!
//! Verifies X.509 certificate signatures using OpenSSL.  Supports:
//! - RSA PKCS#1 v1.5: SHA-1, SHA-256, SHA-384, SHA-512
//! - RSA-PSS: SHA-256, SHA-384, SHA-512 (hash and salt length from parameters)
//! - ECDSA: SHA-256, SHA-384, SHA-512
//! - EdDSA: Ed25519, Ed448

pub(super) mod alg_cache;
pub mod cms;
pub mod composite;
pub mod key_transport;
pub mod pkcs12;
pub mod private_key;
pub mod signature;
pub mod store;
pub mod symmetric;

// ── Shared error used by multiple sub-modules ─────────────────────────────────

/// Shared error type for all OpenSSL key and store operations in this module.
#[derive(Debug)]
pub struct OpensslKeyError(pub(crate) String);

impl std::fmt::Display for OpensslKeyError {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        f.write_str(&self.0)
    }
}

impl std::error::Error for OpensslKeyError {}

impl From<native_ossl::error::ErrorStack> for OpensslKeyError {
    fn from(e: native_ossl::error::ErrorStack) -> Self {
        OpensslKeyError(e.to_string())
    }
}

// ── Re-exports: everything that was pub in the original file ──────────────────

pub use cms::{OpensslDecryptor, OpensslDecryptorError, OpensslEncryptor, OpensslEncryptorError};
pub use key_transport::{
    create_enveloped_data, prepare_enveloped_data, OpensslEnvelopedDataDecryptor,
    OpensslRsaOaepDecryptor, OpensslRsaOaepEncryptor, OpensslRsaPkcs1Decryptor,
    OpensslRsaPkcs1Encryptor,
};
pub use pkcs12::{OpensslPkcs12Encryptor, Pkcs12Cipher, Pkcs12Config, Pkcs12HmacAlgorithm};
pub use private_key::{OpensslKeyIdHasher, OpensslKeyIdHasherError, OpensslPrivateKey};
pub(crate) use signature::verify_with_cached_pkey;
pub use signature::{
    OpensslCertificateSigner, OpensslCertificateSignerError, OpensslSignatureVerifier,
    OpensslVerifierError,
};
pub use symmetric::{OpensslSymmetricCrypto, OpensslSymmetricError};

// ── pub(crate) items called from crypto.rs and lib.rs ────────────────────────

pub(crate) use composite::{composite_mldsa_signer_from_pkcs8, priv_generate_composite_mldsa};
pub(crate) use private_key::{
    generate_private_key, openssl_key_id_hasher, openssl_signature_verifier,
};
pub(crate) use store::priv_load_from_pkcs11_uri;
pub(crate) use symmetric::{
    openssl_data_hasher, openssl_hmac_provider, openssl_streaming_hasher,
    openssl_streaming_hmac_provider, openssl_symmetric_crypto, parse_private_key, parse_public_key,
    parse_public_key_from_pem, priv_ec_from_components, priv_from_pkcs8_encrypted_to_pkey_and_der,
    priv_generate_ec, priv_generate_ed25519, priv_generate_ed448, priv_generate_ml_dsa,
    priv_generate_ml_kem, priv_generate_rsa, priv_key_bit_size, priv_key_type,
    priv_ml_kem_decapsulate, priv_pem_to_pkey_and_pkcs8, priv_pkcs8_der_to_pem,
    priv_public_key_spki_der, priv_rsa_from_components, priv_rsa_oaep_decrypt,
    priv_rsa_pkcs1v15_decrypt, priv_sign_ml_dsa_with_context, priv_to_pkcs8_encrypted,
    pub_ec_affine_coordinates, pub_ec_curve_name, pub_ec_from_components, pub_key_bit_size,
    pub_key_type, pub_ml_kem_encapsulate, pub_rsa_from_components, pub_rsa_modulus,
    pub_rsa_oaep_encrypt, pub_rsa_pkcs1v15_encrypt, pub_rsa_public_exponent, pub_verify_message,
    pub_verify_ml_dsa_with_context, EcAffineCoords,
};