Skip to content

Add support for context specific fields with default values #246

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tarcieri merged 7 commits into from
Nov 19, 2021
Merged

Add support for context specific fields with default values #246

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
a57c0a9
support context specific fields with default values
carl-wallace Nov 18, 2021
29b386e
remove defer support
carl-wallace Nov 18, 2021
d61dc70
rustfmt
carl-wallace Nov 19, 2021
c2f848b
refactor optional and default variable checks to is_optional check. u…
carl-wallace Nov 19, 2021
1f039b5
refactor else block per clippy. rustfmt.
carl-wallace Nov 19, 2021
e2867bf
remove spurious return
carl-wallace Nov 19, 2021
fe65b1f
make indentation in test case consistent
carl-wallace Nov 19, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 19 additions & 3 deletions der/derive/src/attributes.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,10 +81,17 @@ pub(crate) struct FieldAttrs {
}

impl FieldAttrs {
/// is_optional return true when either an optional or default ASN.1 attribute is associated
/// with a field. Default signifies optionality due to omission of default values in DER encodings.
fn is_optional(&self) -> bool {
self.optional || self.default.is_some()
}

/// Parse attributes from a struct field or enum variant.
pub fn parse(attrs: &[Attribute], type_attrs: &TypeAttrs) -> Self {
let mut asn1_type = None;
let mut context_specific = None;

let mut default = None;
let mut extensible = None;
let mut optional = None;
Expand Down Expand Up @@ -184,7 +191,7 @@ impl FieldAttrs {

let context_specific = match self.tag_mode {
TagMode::Explicit => {
if self.extensible || self.optional {
if self.extensible || self.is_optional() {
quote! {
::der::asn1::ContextSpecific::<#type_params>::decode_explicit(
decoder,
Expand All @@ -210,8 +217,12 @@ impl FieldAttrs {
}
};

if self.optional {
quote!(#context_specific.map(|cs| cs.value))
if self.is_optional() {
if let Some(default) = &self.default {
quote!(#context_specific.map(|cs| cs.value).unwrap_or_else(#default))
} else {
quote!(#context_specific.map(|cs| cs.value))
}
} else {
// TODO(tarcieri): better error handling?
quote! {
Expand All @@ -223,6 +234,11 @@ impl FieldAttrs {
})?.value
}
}
} else if let Some(default) = &self.default {
let type_params = self.asn1_type.map(|ty| ty.type_path()).unwrap_or_default();
self.asn1_type.map(|ty| ty.decoder()).unwrap_or_else(
|| quote!(decoder.decode::<Option<#type_params>>()?.unwrap_or_else(#default)),
)
} else {
self.asn1_type
.map(|ty| ty.decoder())
Expand Down
3 changes: 2 additions & 1 deletion der/derive/src/sequence.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,8 @@ impl SequenceField {
let #ident = #decoder.try_into()?;
}
}
} else if let Some(default) = &self.attrs.default {
} else if self.attrs.context_specific.is_none() && self.attrs.default.is_some() {
let default = &self.attrs.default;
quote! {
let #ident = decoder.decode::<Option<#ty>>()?.unwrap_or_else(#default);
}
Expand Down
148 changes: 148 additions & 0 deletions der/tests/derive.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -206,6 +206,98 @@ mod sequence {
};
use hex_literal::hex;

pub fn default_false_example() -> bool {
false
}

// Issuing distribution point extension as defined in [RFC 5280 Section 5.2.5] and as identified by the [`PKIX_PE_SUBJECTINFOACCESS`](constant.PKIX_PE_SUBJECTINFOACCESS.html) OID.
//
// ```text
// IssuingDistributionPoint ::= SEQUENCE {
// distributionPoint [0] DistributionPointName OPTIONAL,
// onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
// onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
// onlySomeReasons [3] ReasonFlags OPTIONAL,
// indirectCRL [4] BOOLEAN DEFAULT FALSE,
// onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE }
// -- at most one of onlyContainsUserCerts, onlyContainsCACerts,
// -- and onlyContainsAttributeCerts may be set to TRUE.
// ```
//
// [RFC 5280 Section 5.2.5]: https://datatracker.ietf.org/doc/html/rfc5280#section-5.2.5
#[derive(Sequence)]
pub struct IssuingDistributionPointExample {
// Omit distributionPoint and only_some_reasons because corresponding structs are not
// available here and are not germane to the example
// distributionPoint [0] DistributionPointName OPTIONAL,
//#[asn1(context_specific="0", optional="true", tag_mode="IMPLICIT")]
//pub distribution_point: Option<DistributionPointName<'a>>,
/// onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
#[asn1(
context_specific = "1",
default = "default_false_example",
tag_mode = "IMPLICIT"
)]
pub only_contains_user_certs: bool,

/// onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
#[asn1(
context_specific = "2",
default = "default_false_example",
tag_mode = "IMPLICIT"
)]
pub only_contains_cacerts: bool,

// onlySomeReasons [3] ReasonFlags OPTIONAL,
//#[asn1(context_specific="3", optional="true", tag_mode="IMPLICIT")]
//pub only_some_reasons: Option<ReasonFlags<'a>>,
Comment on lines +251 to +253
Copy link
Member

@tarcieri tarcieri Nov 19, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason why this is commented out?

Copy link
Contributor Author

@carl-wallace carl-wallace Nov 19, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The types for the commented out fields are not in the main x509 repo yet. Replicating those here seemed heavier than the value they would add to the example. The structure without the comments will land as x509 bits are pushed.

Copy link
Member

@tarcieri tarcieri Nov 19, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Aah, ok. Maybe a TODO then?

/// indirectCRL [4] BOOLEAN DEFAULT FALSE,
#[asn1(
context_specific = "4",
default = "default_false_example",
tag_mode = "IMPLICIT"
)]
pub indirect_crl: bool,

/// onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE
#[asn1(
context_specific = "5",
default = "default_false_example",
tag_mode = "IMPLICIT"
)]
pub only_contains_attribute_certs: bool,
}

// Extension as defined in [RFC 5280 Section 4.1.2.9].
//
// The ASN.1 definition for Extension objects is below. The extnValue type may be further parsed using a decoder corresponding to the extnID value.
//
// ```text
// Extension ::= SEQUENCE {
// extnID OBJECT IDENTIFIER,
// critical BOOLEAN DEFAULT FALSE,
// extnValue OCTET STRING
// -- contains the DER encoding of an ASN.1 value
// -- corresponding to the extension type identified
// -- by extnID
// }
// ```
//
// [RFC 5280 Section 4.1.2.9]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.9
#[derive(Clone, Debug, Eq, PartialEq, Sequence)]
pub struct ExtensionExample<'a> {
/// extnID OBJECT IDENTIFIER,
pub extn_id: ObjectIdentifier,

/// critical BOOLEAN DEFAULT FALSE,
#[asn1(default = "default_false_example")]
pub critical: bool,

/// extnValue OCTET STRING
#[asn1(type = "OCTET STRING")]
pub extn_value: &'a [u8],
}

/// X.509 `AlgorithmIdentifier`
#[derive(Copy, Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)]
pub struct AlgorithmIdentifier<'a> {
Expand Down Expand Up @@ -261,6 +353,62 @@ mod sequence {
const ALGORITHM_IDENTIFIER_DER: &[u8] =
&hex!("30 13 06 07 2a 86 48 ce 3d 02 01 06 08 2a 86 48 ce 3d 03 01 07");

#[test]
fn idp_test() {
let idp = IssuingDistributionPointExample::from_der(&hex!("30038101FF")).unwrap();
assert_eq!(idp.only_contains_user_certs, true);
assert_eq!(idp.only_contains_cacerts, false);
assert_eq!(idp.indirect_crl, false);
assert_eq!(idp.only_contains_attribute_certs, false);

let idp = IssuingDistributionPointExample::from_der(&hex!("30038201FF")).unwrap();
assert_eq!(idp.only_contains_user_certs, false);
assert_eq!(idp.only_contains_cacerts, true);
assert_eq!(idp.indirect_crl, false);
assert_eq!(idp.only_contains_attribute_certs, false);

let idp = IssuingDistributionPointExample::from_der(&hex!("30038401FF")).unwrap();
assert_eq!(idp.only_contains_user_certs, false);
assert_eq!(idp.only_contains_cacerts, false);
assert_eq!(idp.indirect_crl, true);
assert_eq!(idp.only_contains_attribute_certs, false);

let idp = IssuingDistributionPointExample::from_der(&hex!("30038501FF")).unwrap();
assert_eq!(idp.only_contains_user_certs, false);
assert_eq!(idp.only_contains_cacerts, false);
assert_eq!(idp.indirect_crl, false);
assert_eq!(idp.only_contains_attribute_certs, true);
}

// demonstrates default field that is not context specific
#[test]
fn extension_test() {
let ext1 = ExtensionExample::from_der(&hex!(
"
300F // 0 15: SEQUENCE {
0603551D13 // 2 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19)
0101FF // 7 1: BOOLEAN TRUE
0405 // 10 5: OCTET STRING, encapsulates {
3003 // 12 3: SEQUENCE {
0101FF // 14 1: BOOLEAN TRUE
"
))
.unwrap();
assert_eq!(ext1.critical, true);

let ext2 = ExtensionExample::from_der(&hex!(
"
301F // 0 31: SEQUENCE {
0603551D23 // 2 3: OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35)
0418 // 7 24: OCTET STRING, encapsulates {
3016 // 9 22: SEQUENCE {
8014E47D5FD15C9586082C05AEBE75B665A7D95DA866 // 11 20: [0] E4 7D 5F D1 5C 95 86 08 2C 05 AE BE 75 B6 65 A7 D9 5D A8 66
"
))
.unwrap();
assert_eq!(ext2.critical, false);
}

#[test]
fn decode() {
let algorithm_identifier =
Expand Down