-
Notifications
You must be signed in to change notification settings - Fork 116
/
encrypted_private_key_info.rs
111 lines (98 loc) · 3.57 KB
/
encrypted_private_key_info.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
//! PKCS#8 `EncryptedPrivateKeyInfo`
use crate::{Error, Result};
use core::fmt;
use der::{asn1::OctetString, Decodable, Decoder, Encodable, Sequence};
use pkcs5::EncryptionScheme;
#[cfg(feature = "alloc")]
use crate::{EncryptedPrivateKeyDocument, PrivateKeyDocument};
#[cfg(feature = "pem")]
use {crate::LineEnding, alloc::string::String, der::Document, zeroize::Zeroizing};
/// PKCS#8 `EncryptedPrivateKeyInfo`.
///
/// ASN.1 structure containing a PKCS#5 [`EncryptionScheme`] identifier for a
/// password-based symmetric encryption scheme and encrypted private key data.
///
/// ## Schema
/// Structure described in [RFC 5208 Section 6]:
///
/// ```text
/// EncryptedPrivateKeyInfo ::= SEQUENCE {
/// encryptionAlgorithm EncryptionAlgorithmIdentifier,
/// encryptedData EncryptedData }
///
/// EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
///
/// EncryptedData ::= OCTET STRING
/// ```
///
/// [RFC 5208 Section 6]: https://tools.ietf.org/html/rfc5208#section-6
#[cfg_attr(docsrs, doc(cfg(feature = "pkcs5")))]
#[derive(Clone, Eq, PartialEq)]
pub struct EncryptedPrivateKeyInfo<'a> {
/// Algorithm identifier describing a password-based symmetric encryption
/// scheme used to encrypt the `encrypted_data` field.
pub encryption_algorithm: EncryptionScheme<'a>,
/// Private key data
pub encrypted_data: &'a [u8],
}
impl<'a> EncryptedPrivateKeyInfo<'a> {
/// Attempt to decrypt this encrypted private key using the provided
/// password to derive an encryption key.
#[cfg(feature = "encryption")]
#[cfg_attr(docsrs, doc(cfg(feature = "encryption")))]
pub fn decrypt(&self, password: impl AsRef<[u8]>) -> Result<PrivateKeyDocument> {
Ok(self
.encryption_algorithm
.decrypt(password, self.encrypted_data)?
.try_into()?)
}
/// Encode this [`EncryptedPrivateKeyInfo`] as ASN.1 DER.
#[cfg(feature = "alloc")]
#[cfg_attr(docsrs, doc(cfg(feature = "alloc")))]
pub fn to_der(&self) -> Result<EncryptedPrivateKeyDocument> {
self.try_into()
}
/// Encode this [`EncryptedPrivateKeyInfo`] as PEM-encoded ASN.1 DER with
/// the given [`LineEnding`].
#[cfg(feature = "pem")]
#[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
pub fn to_pem(&self, line_ending: LineEnding) -> Result<Zeroizing<String>> {
Ok(Zeroizing::new(
EncryptedPrivateKeyDocument::try_from(self)?.to_pem(line_ending)?,
))
}
}
impl<'a> Decodable<'a> for EncryptedPrivateKeyInfo<'a> {
fn decode(decoder: &mut Decoder<'a>) -> der::Result<EncryptedPrivateKeyInfo<'a>> {
decoder.sequence(|decoder| {
Ok(Self {
encryption_algorithm: decoder.decode()?,
encrypted_data: decoder.octet_string()?.as_bytes(),
})
})
}
}
impl<'a> Sequence<'a> for EncryptedPrivateKeyInfo<'a> {
fn fields<F, T>(&self, f: F) -> der::Result<T>
where
F: FnOnce(&[&dyn Encodable]) -> der::Result<T>,
{
f(&[
&self.encryption_algorithm,
&OctetString::new(self.encrypted_data)?,
])
}
}
impl<'a> TryFrom<&'a [u8]> for EncryptedPrivateKeyInfo<'a> {
type Error = Error;
fn try_from(bytes: &'a [u8]) -> Result<Self> {
Ok(Self::from_der(bytes)?)
}
}
impl<'a> fmt::Debug for EncryptedPrivateKeyInfo<'a> {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
f.debug_struct("EncryptedPrivateKeyInfo")
.field("encryption_algorithm", &self.encryption_algorithm)
.finish() // TODO(tarcieri): use `finish_non_exhaustive` when stable
}
}