rustls_pki_types/alg_id.rs
1//! The PKIX [`AlgorithmIdentifier`] type, and common values.
2//!
3//! If you need to use an [`AlgorithmIdentifier`] not defined here,
4//! you can define it locally.
5
6use core::fmt;
7use core::ops::Deref;
8
9// See src/data/README.md.
10
11/// AlgorithmIdentifier for `id-ml-dsa-44`.
12///
13/// This is:
14///
15/// ```text
16/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.17 }
17/// ```
18///
19/// <https://www.ietf.org/archive/id/draft-ietf-lamps-dilithium-certificates-07.html#name-identifiers>
20pub const ML_DSA_44: AlgorithmIdentifier =
21 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ml-dsa-44.der"));
22
23/// AlgorithmIdentifier for `id-ml-dsa-65`.
24///
25/// This is:
26///
27/// ```text
28/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.18 }
29/// ```
30///
31/// <https://www.ietf.org/archive/id/draft-ietf-lamps-dilithium-certificates-07.html#name-identifiers>
32pub const ML_DSA_65: AlgorithmIdentifier =
33 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ml-dsa-65.der"));
34
35/// AlgorithmIdentifier for `id-ml-dsa-87`.
36///
37/// This is:
38///
39/// ```text
40/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.19 }
41/// ```
42///
43/// <https://www.ietf.org/archive/id/draft-ietf-lamps-dilithium-certificates-07.html#name-identifiers>
44pub const ML_DSA_87: AlgorithmIdentifier =
45 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ml-dsa-87.der"));
46
47/// AlgorithmIdentifier for `id-ecPublicKey` with named curve `secp256r1`.
48///
49/// This is:
50///
51/// ```text
52/// # ecPublicKey
53/// OBJECT_IDENTIFIER { 1.2.840.10045.2.1 }
54/// # secp256r1
55/// OBJECT_IDENTIFIER { 1.2.840.10045.3.1.7 }
56/// ```
57pub const ECDSA_P256: AlgorithmIdentifier =
58 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-p256.der"));
59
60/// AlgorithmIdentifier for `id-ecPublicKey` with named curve `secp384r1`.
61///
62/// This is:
63///
64/// ```text
65/// # ecPublicKey
66/// OBJECT_IDENTIFIER { 1.2.840.10045.2.1 }
67/// # secp384r1
68/// OBJECT_IDENTIFIER { 1.3.132.0.34 }
69/// ```
70pub const ECDSA_P384: AlgorithmIdentifier =
71 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-p384.der"));
72
73/// AlgorithmIdentifier for `id-ecPublicKey` with named curve `secp521r1`.
74///
75/// This is:
76///
77/// ```text
78/// # ecPublicKey
79/// OBJECT_IDENTIFIER { 1.2.840.10045.2.1 }
80/// # secp521r1
81/// OBJECT_IDENTIFIER { 1.3.132.0.35 }
82/// ```
83pub const ECDSA_P521: AlgorithmIdentifier =
84 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-p521.der"));
85
86/// AlgorithmIdentifier for `ecdsa-with-SHA256`.
87///
88/// This is:
89///
90/// ```text
91/// # ecdsa-with-SHA256
92/// OBJECT_IDENTIFIER { 1.2.840.10045.4.3.2 }
93/// ```
94pub const ECDSA_SHA256: AlgorithmIdentifier =
95 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-sha256.der"));
96
97/// AlgorithmIdentifier for `ecdsa-with-SHA384`.
98///
99/// This is:
100///
101/// ```text
102/// # ecdsa-with-SHA384
103/// OBJECT_IDENTIFIER { 1.2.840.10045.4.3.3 }
104/// ```
105pub const ECDSA_SHA384: AlgorithmIdentifier =
106 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-sha384.der"));
107
108/// AlgorithmIdentifier for `ecdsa-with-SHA512`.
109///
110/// This is:
111///
112/// ```text
113/// # ecdsa-with-SHA512
114/// OBJECT_IDENTIFIER { 1.2.840.10045.4.3.4 }
115/// ```
116pub const ECDSA_SHA512: AlgorithmIdentifier =
117 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-sha512.der"));
118
119/// AlgorithmIdentifier for `rsaEncryption`.
120///
121/// This is:
122///
123/// ```text
124/// # rsaEncryption
125/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.1 }
126/// NULL {}
127/// ```
128pub const RSA_ENCRYPTION: AlgorithmIdentifier =
129 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-encryption.der"));
130
131/// AlgorithmIdentifier for `sha256WithRSAEncryption`.
132///
133/// This is:
134///
135/// ```text
136/// # sha256WithRSAEncryption
137/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.11 }
138/// NULL {}
139/// ```
140pub const RSA_PKCS1_SHA256: AlgorithmIdentifier =
141 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pkcs1-sha256.der"));
142
143/// AlgorithmIdentifier for `sha384WithRSAEncryption`.
144///
145/// This is:
146///
147/// ```text
148/// # sha384WithRSAEncryption
149/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.12 }
150/// NULL {}
151/// ```
152pub const RSA_PKCS1_SHA384: AlgorithmIdentifier =
153 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pkcs1-sha384.der"));
154
155/// AlgorithmIdentifier for `sha512WithRSAEncryption`.
156///
157/// This is:
158///
159/// ```text
160/// # sha512WithRSAEncryption
161/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.13 }
162/// NULL {}
163/// ```
164pub const RSA_PKCS1_SHA512: AlgorithmIdentifier =
165 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pkcs1-sha512.der"));
166
167/// AlgorithmIdentifier for `rsassaPss` with:
168///
169/// - hashAlgorithm: sha256
170/// - maskGenAlgorithm: mgf1 with sha256
171/// - saltLength: 32
172///
173/// This is:
174///
175/// ```text
176/// # rsassa-pss
177/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 }
178/// SEQUENCE {
179/// # hashAlgorithm:
180/// [0] {
181/// SEQUENCE {
182/// # sha256
183/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.1 }
184/// NULL {}
185/// }
186/// }
187/// # maskGenAlgorithm:
188/// [1] {
189/// SEQUENCE {
190/// # mgf1
191/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 }
192/// SEQUENCE {
193/// # sha256
194/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.1 }
195/// NULL {}
196/// }
197/// }
198/// }
199/// # saltLength:
200/// [2] {
201/// INTEGER { 32 }
202/// }
203/// }
204/// ```
205///
206/// See <https://datatracker.ietf.org/doc/html/rfc4055#section-3.1> for
207/// the meaning of the context-specific tags.
208pub const RSA_PSS_SHA256: AlgorithmIdentifier =
209 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pss-sha256.der"));
210
211/// AlgorithmIdentifier for `rsassaPss` with:
212///
213/// - hashAlgorithm: sha384
214/// - maskGenAlgorithm: mgf1 with sha384
215/// - saltLength: 48
216///
217/// This is:
218///
219/// ```text
220/// # rsassa-pss
221/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 }
222/// SEQUENCE {
223/// # hashAlgorithm:
224/// [0] {
225/// SEQUENCE {
226/// # sha384
227/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.2 }
228/// NULL {}
229/// }
230/// }
231/// # maskGenAlgorithm:
232/// [1] {
233/// SEQUENCE {
234/// # mgf1
235/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 }
236/// SEQUENCE {
237/// # sha384
238/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.2 }
239/// NULL {}
240/// }
241/// }
242/// }
243/// # saltLength:
244/// [2] {
245/// INTEGER { 48 }
246/// }
247/// }
248/// ```
249///
250/// See <https://datatracker.ietf.org/doc/html/rfc4055#section-3.1> for
251/// the meaning of the context-specific tags.
252pub const RSA_PSS_SHA384: AlgorithmIdentifier =
253 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pss-sha384.der"));
254
255/// AlgorithmIdentifier for `rsassaPss` with:
256///
257/// - hashAlgorithm: sha512
258/// - maskGenAlgorithm: mgf1 with sha512
259/// - saltLength: 64
260///
261/// This is:
262///
263/// ```text
264/// # rsassa-pss
265/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 }
266/// SEQUENCE {
267/// # hashAlgorithm:
268/// [0] {
269/// SEQUENCE {
270/// # sha512
271/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.3 }
272/// NULL {}
273/// }
274/// }
275/// # maskGenAlgorithm:
276/// [1] {
277/// SEQUENCE {
278/// # mgf1
279/// OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 }
280/// SEQUENCE {
281/// # sha512
282/// OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.3 }
283/// NULL {}
284/// }
285/// }
286/// }
287/// # saltLength:
288/// [2] {
289/// INTEGER { 64 }
290/// }
291/// }
292/// ```
293///
294/// See <https://datatracker.ietf.org/doc/html/rfc4055#section-3.1> for
295/// the meaning of the context-specific tags.
296pub const RSA_PSS_SHA512: AlgorithmIdentifier =
297 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pss-sha512.der"));
298
299/// AlgorithmIdentifier for `ED25519`.
300///
301/// This is:
302///
303/// ```text
304/// # ed25519
305/// OBJECT_IDENTIFIER { 1.3.101.112 }
306/// ```
307pub const ED25519: AlgorithmIdentifier =
308 AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ed25519.der"));
309
310/// A DER encoding of the PKIX AlgorithmIdentifier type:
311///
312/// ```ASN.1
313/// AlgorithmIdentifier ::= SEQUENCE {
314/// algorithm OBJECT IDENTIFIER,
315/// parameters ANY DEFINED BY algorithm OPTIONAL }
316/// -- contains a value of the type
317/// -- registered for use with the
318/// -- algorithm object identifier value
319/// ```
320/// (from <https://www.rfc-editor.org/rfc/rfc5280#section-4.1.1.2>)
321///
322/// The outer sequence encoding is *not included*, so this is the DER encoding
323/// of an OID for `algorithm` plus the `parameters` value.
324///
325/// For example, this is the `rsaEncryption` algorithm (but prefer to use the constant
326/// [`RSA_ENCRYPTION`] instead):
327///
328/// ```
329/// let rsa_encryption = rustls_pki_types::AlgorithmIdentifier::from_slice(
330/// &[
331/// // algorithm: 1.2.840.113549.1.1.1
332/// 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
333/// // parameters: NULL
334/// 0x05, 0x00
335/// ]
336/// );
337/// assert_eq!(rustls_pki_types::alg_id::RSA_ENCRYPTION, rsa_encryption);
338/// ```
339///
340/// Common values for this type are provided in this module.
341#[derive(Clone, Copy, PartialEq, Eq)]
342pub struct AlgorithmIdentifier(&'static [u8]);
343
344impl AlgorithmIdentifier {
345 /// Makes a new `AlgorithmIdentifier` from a static octet slice.
346 ///
347 /// This does not validate the contents of the slice.
348 pub const fn from_slice(bytes: &'static [u8]) -> Self {
349 Self(bytes)
350 }
351}
352
353impl AsRef<[u8]> for AlgorithmIdentifier {
354 fn as_ref(&self) -> &[u8] {
355 self.0
356 }
357}
358
359impl fmt::Debug for AlgorithmIdentifier {
360 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
361 super::hex(f, self.0)
362 }
363}
364
365impl Deref for AlgorithmIdentifier {
366 type Target = [u8];
367
368 fn deref(&self) -> &Self::Target {
369 self.as_ref()
370 }
371}