From d9027111cd28c9bf868383704a69b84c7ddd9771 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sun, 19 Jan 2025 10:42:56 -0500 Subject: [PATCH] Move PKCS#8 type to proper module --- src/rust/cryptography-x509/src/lib.rs | 1 + src/rust/cryptography-x509/src/pkcs12.rs | 12 +++--------- src/rust/cryptography-x509/src/pkcs8.rs | 12 ++++++++++++ src/rust/src/pkcs12.rs | 2 +- 4 files changed, 17 insertions(+), 10 deletions(-) create mode 100644 src/rust/cryptography-x509/src/pkcs8.rs diff --git a/src/rust/cryptography-x509/src/lib.rs b/src/rust/cryptography-x509/src/lib.rs index 54c3b12aa942..b06b0a62afb3 100644 --- a/src/rust/cryptography-x509/src/lib.rs +++ b/src/rust/cryptography-x509/src/lib.rs @@ -17,3 +17,4 @@ pub mod ocsp_resp; pub mod oid; pub mod pkcs12; pub mod pkcs7; +pub mod pkcs8; diff --git a/src/rust/cryptography-x509/src/pkcs12.rs b/src/rust/cryptography-x509/src/pkcs12.rs index f8f518a4b615..9c4b7bd79457 100644 --- a/src/rust/cryptography-x509/src/pkcs12.rs +++ b/src/rust/cryptography-x509/src/pkcs12.rs @@ -2,8 +2,8 @@ // 2.0, and the BSD License. See the LICENSE file in the root of this repository // for complete details. -use crate::common::{AlgorithmIdentifier, Utf8StoredBMPString}; -use crate::pkcs7; +use crate::common::Utf8StoredBMPString; +use crate::{pkcs7, pkcs8}; pub const CERT_BAG_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 12, 10, 1, 3); pub const KEY_BAG_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 12, 10, 1, 1); @@ -61,7 +61,7 @@ pub enum BagValue<'a> { KeyBag(asn1::Tlv<'a>), #[defined_by(SHROUDED_KEY_BAG_OID)] - ShroudedKeyBag(EncryptedPrivateKeyInfo<'a>), + ShroudedKeyBag(pkcs8::EncryptedPrivateKeyInfo<'a>), } #[derive(asn1::Asn1Write)] @@ -76,9 +76,3 @@ pub enum CertType<'a> { #[defined_by(X509_CERTIFICATE_OID)] X509(asn1::OctetStringEncoded>), } - -#[derive(asn1::Asn1Write)] -pub struct EncryptedPrivateKeyInfo<'a> { - pub encryption_algorithm: AlgorithmIdentifier<'a>, - pub encrypted_data: &'a [u8], -} diff --git a/src/rust/cryptography-x509/src/pkcs8.rs b/src/rust/cryptography-x509/src/pkcs8.rs new file mode 100644 index 000000000000..29be546a7572 --- /dev/null +++ b/src/rust/cryptography-x509/src/pkcs8.rs @@ -0,0 +1,12 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +use crate::common::AlgorithmIdentifier; + +// RFC 5208, Section 6 +#[derive(asn1::Asn1Write)] +pub struct EncryptedPrivateKeyInfo<'a> { + pub encryption_algorithm: AlgorithmIdentifier<'a>, + pub encrypted_data: &'a [u8], +} diff --git a/src/rust/src/pkcs12.rs b/src/rust/src/pkcs12.rs index 3de031a22b38..65762b8e4357 100644 --- a/src/rust/src/pkcs12.rs +++ b/src/rust/src/pkcs12.rs @@ -638,7 +638,7 @@ fn serialize_key_and_certificates<'p>( _bag_id: asn1::DefinedByMarker::marker(), bag_value: asn1::Explicit::new( cryptography_x509::pkcs12::BagValue::ShroudedKeyBag( - cryptography_x509::pkcs12::EncryptedPrivateKeyInfo { + cryptography_x509::pkcs8::EncryptedPrivateKeyInfo { encryption_algorithm: e.algorithm_identifier( cipher_kdf_iter, &key_salt,