rustls_pki_types/alg_id.rs
1//! The PKIX [`AlgorithmIdentifier`] type, and common values.
2//!
3//! If you need to use an [`AlgorithmIdentifier`] not defined here,
4//! you can define it locally.
5
6use core::fmt;
7use core::ops::Deref;
8
9// See src/data/README.md.
10
11/// AlgorithmIdentifier for `id-ml-dsa-44`.
12///
13/// This is:
14///
15/// ```text
16/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.17 }
17/// ```
18///
19/// <https://www.ietf.org/archive/id/draft-ietf-lamps-dilithium-certificates-07.html#name-identifiers>
20pub const ML_DSA_44: AlgorithmIdentifier =
21 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ml-dsa-44.der"));
22
23/// AlgorithmIdentifier for `id-ml-dsa-65`.
24///
25/// This is:
26///
27/// ```text
28/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.18 }
29/// ```
30///
31/// <https://www.ietf.org/archive/id/draft-ietf-lamps-dilithium-certificates-07.html#name-identifiers>
32pub const ML_DSA_65: AlgorithmIdentifier =
33 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ml-dsa-65.der"));
34
35/// AlgorithmIdentifier for `id-ml-dsa-87`.
36///
37/// This is:
38///
39/// ```text
40/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.19 }
41/// ```
42///
43/// <https://www.ietf.org/archive/id/draft-ietf-lamps-dilithium-certificates-07.html#name-identifiers>
44pub const ML_DSA_87: AlgorithmIdentifier =
45 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ml-dsa-87.der"));
46
47/// AlgorithmIdentifier for `id-ecPublicKey` with named curve `secp256k1`.
48///
49/// This is:
50///
51/// ```text
52/// # ecPublicKey
53/// OBJECT_IDENTIFIER { 1.2.840.10045.2.1 }
54/// # secp256k1
55/// OBJECT_IDENTIFIER { 1.3.132.0.10 }
56/// ```
57pub const ECDSA_P256K1: AlgorithmIdentifier =
58 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-p256k1.der"));
59
60/// AlgorithmIdentifier for `id-ecPublicKey` with named curve `secp256r1`.
61///
62/// This is:
63///
64/// ```text
65/// # ecPublicKey
66/// OBJECT_IDENTIFIER { 1.2.840.10045.2.1 }
67/// # secp256r1
68/// OBJECT_IDENTIFIER { 1.2.840.10045.3.1.7 }
69/// ```
70pub const ECDSA_P256: AlgorithmIdentifier =
71 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-p256.der"));
72
73/// AlgorithmIdentifier for `id-ecPublicKey` with named curve `secp384r1`.
74///
75/// This is:
76///
77/// ```text
78/// # ecPublicKey
79/// OBJECT_IDENTIFIER { 1.2.840.10045.2.1 }
80/// # secp384r1
81/// OBJECT_IDENTIFIER { 1.3.132.0.34 }
82/// ```
83pub const ECDSA_P384: AlgorithmIdentifier =
84 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-p384.der"));
85
86/// AlgorithmIdentifier for `id-ecPublicKey` with named curve `secp521r1`.
87///
88/// This is:
89///
90/// ```text
91/// # ecPublicKey
92/// OBJECT_IDENTIFIER { 1.2.840.10045.2.1 }
93/// # secp521r1
94/// OBJECT_IDENTIFIER { 1.3.132.0.35 }
95/// ```
96pub const ECDSA_P521: AlgorithmIdentifier =
97 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-p521.der"));
98
99/// AlgorithmIdentifier for `ecdsa-with-SHA256`.
100///
101/// This is:
102///
103/// ```text
104/// # ecdsa-with-SHA256
105/// OBJECT_IDENTIFIER { 1.2.840.10045.4.3.2 }
106/// ```
107pub const ECDSA_SHA256: AlgorithmIdentifier =
108 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-sha256.der"));
109
110/// AlgorithmIdentifier for `ecdsa-with-SHA384`.
111///
112/// This is:
113///
114/// ```text
115/// # ecdsa-with-SHA384
116/// OBJECT_IDENTIFIER { 1.2.840.10045.4.3.3 }
117/// ```
118pub const ECDSA_SHA384: AlgorithmIdentifier =
119 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-sha384.der"));
120
121/// AlgorithmIdentifier for `ecdsa-with-SHA512`.
122///
123/// This is:
124///
125/// ```text
126/// # ecdsa-with-SHA512
127/// OBJECT_IDENTIFIER { 1.2.840.10045.4.3.4 }
128/// ```
129pub const ECDSA_SHA512: AlgorithmIdentifier =
130 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-sha512.der"));
131
132/// AlgorithmIdentifier for `rsaEncryption`.
133///
134/// This is:
135///
136/// ```text
137/// # rsaEncryption
138/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.1 }
139/// NULL {}
140/// ```
141pub const RSA_ENCRYPTION: AlgorithmIdentifier =
142 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-encryption.der"));
143
144/// AlgorithmIdentifier for `sha256WithRSAEncryption`.
145///
146/// This is:
147///
148/// ```text
149/// # sha256WithRSAEncryption
150/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.11 }
151/// NULL {}
152/// ```
153pub const RSA_PKCS1_SHA256: AlgorithmIdentifier =
154 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pkcs1-sha256.der"));
155
156/// AlgorithmIdentifier for `sha384WithRSAEncryption`.
157///
158/// This is:
159///
160/// ```text
161/// # sha384WithRSAEncryption
162/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.12 }
163/// NULL {}
164/// ```
165pub const RSA_PKCS1_SHA384: AlgorithmIdentifier =
166 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pkcs1-sha384.der"));
167
168/// AlgorithmIdentifier for `sha512WithRSAEncryption`.
169///
170/// This is:
171///
172/// ```text
173/// # sha512WithRSAEncryption
174/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.13 }
175/// NULL {}
176/// ```
177pub const RSA_PKCS1_SHA512: AlgorithmIdentifier =
178 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pkcs1-sha512.der"));
179
180/// AlgorithmIdentifier for `rsassaPss` with:
181///
182/// - hashAlgorithm: sha256
183/// - maskGenAlgorithm: mgf1 with sha256
184/// - saltLength: 32
185///
186/// This is:
187///
188/// ```text
189/// # rsassa-pss
190/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 }
191/// SEQUENCE {
192/// # hashAlgorithm:
193/// [0] {
194/// SEQUENCE {
195/// # sha256
196/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.1 }
197/// NULL {}
198/// }
199/// }
200/// # maskGenAlgorithm:
201/// [1] {
202/// SEQUENCE {
203/// # mgf1
204/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 }
205/// SEQUENCE {
206/// # sha256
207/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.1 }
208/// NULL {}
209/// }
210/// }
211/// }
212/// # saltLength:
213/// [2] {
214/// INTEGER { 32 }
215/// }
216/// }
217/// ```
218///
219/// See <https://datatracker.ietf.org/doc/html/rfc4055#section-3.1> for
220/// the meaning of the context-specific tags.
221pub const RSA_PSS_SHA256: AlgorithmIdentifier =
222 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pss-sha256.der"));
223
224/// AlgorithmIdentifier for `rsassaPss` with:
225///
226/// - hashAlgorithm: sha384
227/// - maskGenAlgorithm: mgf1 with sha384
228/// - saltLength: 48
229///
230/// This is:
231///
232/// ```text
233/// # rsassa-pss
234/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 }
235/// SEQUENCE {
236/// # hashAlgorithm:
237/// [0] {
238/// SEQUENCE {
239/// # sha384
240/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.2 }
241/// NULL {}
242/// }
243/// }
244/// # maskGenAlgorithm:
245/// [1] {
246/// SEQUENCE {
247/// # mgf1
248/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 }
249/// SEQUENCE {
250/// # sha384
251/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.2 }
252/// NULL {}
253/// }
254/// }
255/// }
256/// # saltLength:
257/// [2] {
258/// INTEGER { 48 }
259/// }
260/// }
261/// ```
262///
263/// See <https://datatracker.ietf.org/doc/html/rfc4055#section-3.1> for
264/// the meaning of the context-specific tags.
265pub const RSA_PSS_SHA384: AlgorithmIdentifier =
266 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pss-sha384.der"));
267
268/// AlgorithmIdentifier for `rsassaPss` with:
269///
270/// - hashAlgorithm: sha512
271/// - maskGenAlgorithm: mgf1 with sha512
272/// - saltLength: 64
273///
274/// This is:
275///
276/// ```text
277/// # rsassa-pss
278/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 }
279/// SEQUENCE {
280/// # hashAlgorithm:
281/// [0] {
282/// SEQUENCE {
283/// # sha512
284/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.3 }
285/// NULL {}
286/// }
287/// }
288/// # maskGenAlgorithm:
289/// [1] {
290/// SEQUENCE {
291/// # mgf1
292/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 }
293/// SEQUENCE {
294/// # sha512
295/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.3 }
296/// NULL {}
297/// }
298/// }
299/// }
300/// # saltLength:
301/// [2] {
302/// INTEGER { 64 }
303/// }
304/// }
305/// ```
306///
307/// See <https://datatracker.ietf.org/doc/html/rfc4055#section-3.1> for
308/// the meaning of the context-specific tags.
309pub const RSA_PSS_SHA512: AlgorithmIdentifier =
310 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pss-sha512.der"));
311
312/// AlgorithmIdentifier for `ED25519`.
313///
314/// This is:
315///
316/// ```text
317/// # ed25519
318/// OBJECT_IDENTIFIER { 1.3.101.112 }
319/// ```
320pub const ED25519: AlgorithmIdentifier =
321 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ed25519.der"));
322
323/// AlgorithmIdentifier for `ED448`.
324///
325/// This is:
326///
327/// ```text
328/// # ed448
329/// OBJECT_IDENTIFIER { 1.3.101.113 }
330/// ```
331pub const ED448: AlgorithmIdentifier =
332 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ed448.der"));
333
334/// A DER encoding of the PKIX AlgorithmIdentifier type:
335///
336/// ```ASN.1
337/// AlgorithmIdentifier ::= SEQUENCE {
338/// algorithm OBJECT IDENTIFIER,
339/// parameters ANY DEFINED BY algorithm OPTIONAL }
340/// -- contains a value of the type
341/// -- registered for use with the
342/// -- algorithm object identifier value
343/// ```
344/// (from <https://www.rfc-editor.org/rfc/rfc5280#section-4.1.1.2>)
345///
346/// The outer sequence encoding is *not included*, so this is the DER encoding
347/// of an OID for `algorithm` plus the `parameters` value.
348///
349/// For example, this is the `rsaEncryption` algorithm (but prefer to use the constant
350/// [`RSA_ENCRYPTION`] instead):
351///
352/// ```
353/// let rsa_encryption = rustls_pki_types::AlgorithmIdentifier::from_slice(
354/// &[
355/// // algorithm: 1.2.840.113549.1.1.1
356/// 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
357/// // parameters: NULL
358/// 0x05, 0x00
359/// ]
360/// );
361/// assert_eq!(rustls_pki_types::alg_id::RSA_ENCRYPTION, rsa_encryption);
362/// ```
363///
364/// Common values for this type are provided in this module.
365#[derive(Clone, Copy, PartialEq, Eq)]
366pub struct AlgorithmIdentifier(&'static [u8]);
367
368impl AlgorithmIdentifier {
369 /// Makes a new `AlgorithmIdentifier` from a static octet slice.
370 ///
371 /// This does not validate the contents of the slice.
372 pub const fn from_slice(bytes: &'static [u8]) -> Self {
373 Self(bytes)
374 }
375}
376
377impl AsRef<[u8]> for AlgorithmIdentifier {
378 fn as_ref(&self) -> &[u8] {
379 self.0
380 }
381}
382
383impl fmt::Debug for AlgorithmIdentifier {
384 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
385 super::hex(f, self.0)
386 }
387}
388
389impl Deref for AlgorithmIdentifier {
390 type Target = [u8];
391
392 fn deref(&self) -> &Self::Target {
393 self.as_ref()
394 }
395}