rasn_smime/
skd.rs

1//! # Symmetric Key Distribution
2use rasn::prelude::*;
3use rasn_cms::{CertificateSet, KekIdentifier, RecipientInfos, algorithms::AES128_WRAP};
4use rasn_pkix::{
5    AlgorithmIdentifier, Certificate, GeneralName, attribute_certificate::AttributeCertificate,
6};
7
8pub type GlkCompromise = GeneralName;
9pub type SkdAlgRequest = ();
10
11pub const ADD_MEMBER: &Oid = Oid::ISO_MEMBER_BODY_US_RSADSI_PKCS9_SMIME_SKD_ADD_MEMBER;
12pub const ADD_OWNER: &Oid = Oid::ISO_MEMBER_BODY_US_RSADSI_PKCS9_SMIME_SKD_ADD_OWNER;
13pub const DELETE_MEMBER: &Oid = Oid::ISO_MEMBER_BODY_US_RSADSI_PKCS9_SMIME_SKD_DELETE_MEMBER;
14pub const GLARR: &Oid =
15    Oid::ISO_IDENTIFIED_ORGANISATION_DOD_INTERNET_SECURITY_MECHANISMS_PKIX_CMC_GLARR;
16pub const GLKEY: &Oid = Oid::ISO_MEMBER_BODY_US_RSADSI_PKCS9_SMIME_SKD_GLKEY;
17pub const GL_DELETE: &Oid = Oid::ISO_MEMBER_BODY_US_RSADSI_PKCS9_SMIME_SKD_GL_DELETE;
18pub const MANAGE_CERT: &Oid = Oid::ISO_MEMBER_BODY_US_RSADSI_PKCS9_SMIME_SKD_MANAGE_CERT;
19pub const PROVIDE_CERT: &Oid = Oid::ISO_MEMBER_BODY_US_RSADSI_PKCS9_SMIME_SKD_PROVIDE_CERT;
20pub const QUERY_REQUEST: &Oid = Oid::ISO_MEMBER_BODY_US_RSADSI_PKCS9_SMIME_SKD_QUERY_REQUEST;
21pub const QUERY_RESPONSE: &Oid = Oid::ISO_MEMBER_BODY_US_RSADSI_PKCS9_SMIME_SKD_QUERY_RESPONSE;
22pub const REKEY: &Oid = Oid::ISO_MEMBER_BODY_US_RSADSI_PKCS9_SMIME_SKD_REKEY;
23pub const REMOVE_OWNER: &Oid = Oid::ISO_MEMBER_BODY_US_RSADSI_PKCS9_SMIME_SKD_REMOVE_OWNER;
24pub const SKD_FAIL_INFO: &Oid =
25    Oid::ISO_IDENTIFIED_ORGANISATION_DOD_INTERNET_SECURITY_MECHANISMS_PKIX_CET_SKD_FAIL_INFO;
26pub const USE_KEK: &Oid = Oid::ISO_MEMBER_BODY_US_RSADSI_PKCS9_SMIME_SKD_USE_KEK;
27pub const GLKEY_COMPROMISE: &Oid = Oid::ISO_MEMBER_BODY_US_RSADSI_PKCS9_SMIME_SKD_GLKEY_COMPROMISE;
28pub const GLKEY_REFRESH: &Oid = Oid::ISO_MEMBER_BODY_US_RSADSI_PKCS9_SMIME_SKD_GLKEY_REFRESH;
29pub const SKD_ALG_REQUEST: &Oid = Oid::ISO_IDENTIFIED_ORGANISATION_DOD_INTERNET_SECURITY_MECHANISMS_PKIX_CMC_GLARR_SKD_ALG_REQUEST;
30pub const SKD_ALG_RESPONSE: &Oid = Oid::ISO_IDENTIFIED_ORGANISATION_DOD_INTERNET_SECURITY_MECHANISMS_PKIX_CMC_GLARR_SKD_ALG_RESPONSE;
31
32#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, Hash)]
33pub struct GlUseKek {
34    pub info: GlInfo,
35    pub owner_info: SequenceOf<GlOwnerInfo>,
36    #[rasn(default = "GlAdministration::managed")]
37    pub administration: GlAdministration,
38    key_attributes: Option<GlKeyAttributes>,
39}
40
41#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, Hash)]
42pub struct GlInfo {
43    pub name: GeneralName,
44    pub address: GeneralName,
45}
46
47#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, Hash)]
48pub struct GlOwnerInfo {
49    pub owner_name: GeneralName,
50    pub owner_address: GeneralName,
51    pub certificates: Option<Certificates>,
52}
53
54#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
55#[rasn(delegate)]
56pub struct GlAdministration(pub Integer);
57
58impl GlAdministration {
59    pub fn unmanaged() -> Self {
60        Self(Integer::from(0))
61    }
62
63    pub fn managed() -> Self {
64        Self(Integer::from(1))
65    }
66
67    pub fn closed() -> Self {
68        Self(Integer::from(2))
69    }
70}
71
72#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
73pub struct GlKeyAttributes {
74    #[rasn(tag(0), default)]
75    pub rekey_controlled_by_glo: bool,
76    #[rasn(tag(1), default = "true_bool")]
77    pub recipients_not_mutually_aware: bool,
78    #[rasn(tag(2), default)]
79    pub duration: Integer,
80    #[rasn(tag(3), default = "integer_two")]
81    pub generation_counter: Integer,
82    #[rasn(tag(4), default = "aes128_wrap_algorithm")]
83    pub requested_algorithm: AlgorithmIdentifier,
84}
85
86fn true_bool() -> bool {
87    true
88}
89
90fn integer_two() -> Integer {
91    Integer::from(2)
92}
93
94fn aes128_wrap_algorithm() -> AlgorithmIdentifier {
95    AlgorithmIdentifier {
96        algorithm: AES128_WRAP.into(),
97        parameters: None,
98    }
99}
100
101impl Default for GlKeyAttributes {
102    fn default() -> Self {
103        Self {
104            rekey_controlled_by_glo: false,
105            recipients_not_mutually_aware: true_bool(),
106            duration: Integer::default(),
107            generation_counter: integer_two(),
108            requested_algorithm: aes128_wrap_algorithm(),
109        }
110    }
111}
112
113impl From<GlNewKeyAttributes> for GlKeyAttributes {
114    fn from(new_attributes: GlNewKeyAttributes) -> Self {
115        let defaults = Self::default();
116
117        Self {
118            rekey_controlled_by_glo: new_attributes
119                .rekey_controlled_by_glo
120                .unwrap_or(defaults.rekey_controlled_by_glo),
121            recipients_not_mutually_aware: new_attributes
122                .recipients_not_mutually_aware
123                .unwrap_or(defaults.recipients_not_mutually_aware),
124            duration: new_attributes.duration.unwrap_or(defaults.duration),
125            generation_counter: new_attributes
126                .generation_counter
127                .unwrap_or(defaults.generation_counter),
128            requested_algorithm: new_attributes
129                .requested_algorithm
130                .unwrap_or(defaults.requested_algorithm),
131        }
132    }
133}
134
135pub type DeleteGl = GeneralName;
136
137#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, Hash)]
138pub struct GlAddMember {
139    pub name: GeneralName,
140    member: GlMember,
141}
142
143#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, Hash)]
144pub struct GlMember {
145    pub member_name: GeneralName,
146    pub member_address: Option<GeneralName>,
147    pub certificates: Option<Certificates>,
148}
149
150#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, Hash)]
151pub struct Certificates {
152    #[rasn(tag(0))]
153    pub pkc: Option<Certificate>,
154    #[rasn(tag(1))]
155    pub ac: Option<SequenceOf<AttributeCertificate>>,
156    #[rasn(tag(2))]
157    cert_path: Option<CertificateSet>,
158}
159
160#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, Hash)]
161pub struct GlDeleteMember {
162    pub name: GeneralName,
163    pub member_to_delete: GeneralName,
164}
165
166#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, Hash)]
167pub struct GlRekey {
168    pub name: GeneralName,
169    pub administration: Option<GlAdministration>,
170    pub new_key_attributes: Option<GlNewKeyAttributes>,
171    pub rekey_all_gl_keys: Option<bool>,
172}
173
174#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
175pub struct GlNewKeyAttributes {
176    #[rasn(tag(0))]
177    pub rekey_controlled_by_glo: Option<bool>,
178    #[rasn(tag(1))]
179    pub recipients_not_mutually_aware: Option<bool>,
180    #[rasn(tag(2))]
181    pub duration: Option<Integer>,
182    #[rasn(tag(3))]
183    pub generation_counter: Option<Integer>,
184    #[rasn(tag(4))]
185    pub requested_algorithm: Option<AlgorithmIdentifier>,
186}
187
188#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, Hash)]
189pub struct GlOwnerAdministration {
190    pub name: GeneralName,
191    pub owner_info: GlOwnerInfo,
192}
193
194#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, Hash)]
195pub struct GlkRefresh {
196    pub name: GeneralName,
197    pub dates: SequenceOf<Date>,
198}
199
200#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
201pub struct Date {
202    pub start: GeneralizedTime,
203    pub end: Option<GeneralizedTime>,
204}
205
206#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
207pub struct GlaQueryRequest {
208    r#type: ObjectIdentifier,
209    pub value: Any,
210}
211
212#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
213pub struct GlaQueryResponse {
214    r#type: ObjectIdentifier,
215    value: Any,
216}
217
218#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, Hash)]
219pub struct GlManageCert {
220    pub name: GeneralName,
221    pub member: GlMember,
222}
223
224#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, Hash)]
225pub struct GlKey {
226    pub name: GeneralName,
227    pub identifier: KekIdentifier,
228    pub wrapped: RecipientInfos,
229    pub algorithm: AlgorithmIdentifier,
230    pub not_before: GeneralizedTime,
231    pub not_after: GeneralizedTime,
232}
233
234#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
235#[rasn(delegate)]
236pub struct SkdFailInfo(pub Integer);
237
238impl SkdFailInfo {
239    pub fn unspecified() -> Self {
240        Self(0.into())
241    }
242
243    pub fn closed_gl() -> Self {
244        Self(1.into())
245    }
246
247    pub fn unsupported_duration() -> Self {
248        Self(2.into())
249    }
250
251    pub fn no_gla_certificate() -> Self {
252        Self(3.into())
253    }
254
255    pub fn invalid_cert() -> Self {
256        Self(4.into())
257    }
258
259    pub fn unsupported_algorithm() -> Self {
260        Self(5.into())
261    }
262
263    pub fn no_glo_name_match() -> Self {
264        Self(6.into())
265    }
266
267    pub fn invalid_gl_name() -> Self {
268        Self(7.into())
269    }
270
271    pub fn name_already_in_use() -> Self {
272        Self(8.into())
273    }
274
275    pub fn no_spam() -> Self {
276        Self(9.into())
277    }
278
279    pub fn already_a_member() -> Self {
280        Self(11.into())
281    }
282
283    pub fn not_a_member() -> Self {
284        Self(12.into())
285    }
286
287    pub fn already_an_owner() -> Self {
288        Self(13.into())
289    }
290}
rasn_smime/skd.rs

rasn_smime/
skd.rs
