[WIP] Add x509-ext crate

.github/workflows/x509-ext.yml

@@ -0,0 +1,58 @@
+name: x509-ext
+
+on:
+  pull_request:
+    paths:
+      - "const-oid/**"
+      - "der/**"
+      - "x509-ext/**"
+      - "Cargo.*"
+  push:
+    branches: master
+
+defaults:
+  run:
+    working-directory: x509-ext
+
+env:
+  CARGO_INCREMENTAL: 0
+  RUSTFLAGS: "-Dwarnings"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rust:
+          - 1.57.0 # MSRV
+          - stable
+        target:
+          - thumbv7em-none-eabi
+          - wasm32-unknown-unknown
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: ${{ matrix.rust }}
+          target: ${{ matrix.target }}
+          override: true
+      - run: cargo install cargo-hack
+      - run: cargo hack build --release --target ${{ matrix.target }} --feature-powerset --exclude-features std
+
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rust:
+          - 1.57.0 # MSRV
+          - stable
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: ${{ matrix.rust }}
+          override: true
+      - run: cargo install cargo-hack
+      - run: cargo hack test --release --feature-powerset

Cargo.toml

@@ -20,5 +20,6 @@ members = [
     "tls_codec",
     "tls_codec/derive",
     "x501",
-    "x509"
+    "x509",
+    "x509-ext"
 ]

const-oid/src/lib.rs

@@ -241,3 +241,9 @@ impl fmt::Display for ObjectIdentifier {
         Ok(())
     }
 }
+
+/// A trait expressing the association of a type with an OID.
+pub trait Typed {
+    /// The OID which identifies an encoded type.
+    const OID: ObjectIdentifier;
+}

der/Cargo.toml

@@ -16,6 +16,7 @@ edition = "2021"
 rust-version = "1.57"
 
 [dependencies]
+flagset = { version = "^0.4.2", optional = true }
 const-oid = { version = "0.8", optional = true, path = "../const-oid" }
 der_derive = { version = "=0.6.0-pre.1", optional = true, path = "derive" }
 pem-rfc7468 = { version = "=0.4.0-pre.0", optional = true, path = "../pem-rfc7468" }

der/src/asn1/bit_string.rs

@@ -225,6 +225,74 @@ impl<'a> ExactSizeIterator for BitStringIter<'a> {
 
 impl<'a> FusedIterator for BitStringIter<'a> {}
 
+#[cfg(feature = "flagset")]
+impl<T: flagset::Flags> FixedTag for flagset::FlagSet<T> {
+    const TAG: Tag = BitString::TAG;
+}
+
+#[cfg(feature = "flagset")]
+impl<'a, T> DecodeValue<'a> for flagset::FlagSet<T>
+where
+    T: flagset::Flags,
+    T::Type: From<bool>,
+    T::Type: core::ops::Shl<usize, Output = T::Type>,
+{
+    fn decode_value(decoder: &mut Decoder<'a>, header: Header) -> Result<Self> {
+        let position = decoder.position();
+
+        let bits = BitString::decode_value(decoder, header)?;
+
+        let mut flags = T::none().bits();
+        if bits.bit_len() > core::mem::size_of_val(&flags) * 8 {
+            return Err(Error::new(ErrorKind::Overlength, position));
+        }
+
+        for (i, bit) in bits.bits().enumerate() {
+            flags |= T::Type::from(bit) << i;
+        }
+
+        Ok(Self::new_truncated(flags))
+    }
+}
+
+#[cfg(feature = "flagset")]
+#[inline(always)]
+fn encode<T>(set: &flagset::FlagSet<T>) -> (usize, [u8; 16])
+where
+    T: flagset::Flags,
+    u128: From<T::Type>,
+{
+    let bits: u128 = set.bits().into();
+    let mut swap = 0u128;
+
+    for i in 0..128 {
+        let on = bits & (1 << i);
+        swap |= on >> i << (128 - i - 1);
+    }
+
+    (bits.leading_zeros() as usize, swap.to_be_bytes())
+}
+
+#[cfg(feature = "flagset")]
+impl<T: flagset::Flags> EncodeValue for flagset::FlagSet<T>
+where
+    T::Type: From<bool>,
+    T::Type: core::ops::Shl<usize, Output = T::Type>,
+    u128: From<T::Type>,
+{
+    fn value_len(&self) -> Result<Length> {
+        let (lead, buff) = encode(self);
+        let buff = &buff[..buff.len() - lead / 8];
+        BitString::new((lead % 8) as u8, buff)?.value_len()
+    }
+
+    fn encode_value(&self, encoder: &mut Encoder<'_>) -> Result<()> {
+        let (lead, buff) = encode(self);
+        let buff = &buff[..buff.len() - lead / 8];
+        BitString::new((lead % 8) as u8, buff)?.encode_value(encoder)
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use super::{BitString, Result, Tag};

pkcs10/Cargo.toml

@@ -15,7 +15,7 @@ edition = "2021"
 rust-version = "1.56"
 
 [dev-dependencies]
-x509 = { version = "0.0.1", path = "../x509" }
+x509-ext = { version = "0.1.0", path = "../x509-ext" }
 hex-literal = "0.3"
 
 [dependencies]

pkcs10/tests/certreq.rs

@@ -9,6 +9,7 @@ use der::Document;
 
 #[cfg(feature = "pem")]
 use pkcs10::CertReqDocument;
+use x509_ext::Extensions;
 
 const RSA_KEY: &[u8] = &hex!("3082010A0282010100BF59F7FE716DDE47C73579CA846EFA8D30AB3612E0D6A524204A72CA8E50C9F459513DF0D73331BED3D7A2DA7A362719E471EE6A9D87827D1024ED44605AB9B48F3B808C5E173B9F3EC4003D57F1718489F5C7A0421C46FBD527A40AB4BA6B9DB16A545D1ECF6E2A5633BD80594EBA4AFEE71F63E1D357C64E9A3FF6B83746A885C373F3527987E4C2B4AF7FE4D4EA16405E5E15285DD938823AA18E2634BAFE847A761CAFABB0401D3FA03A07A9D097CBB0C77156CCFE36131DADF1C109C2823972F0AF21A35F358E788304C0C78B951739D91FABFFD07AA8CD4F69746B3D0EB4587469F9D39F4FBDC761200DFB27DAF69562311D8B191B7EEFAAE2F8D6F8EB0203010001");
 const RSA_SIG: &[u8] = &hex!("2B053CFE81C6542176BD70B373A5FC8DC1F1806A5AB10D25E36690EED1DF57AD5F18EC0CCF165F000245B14157141224B431EC6715EFE937F66B892D11EDF8858EDF67ACCAE9701A2244BECA80705D7CC292BAD9B02001E4572EE492B08473D5AF59CC83DDA1DE5C2BF470FD784495070A9C5AF8EA9A4060C1DBC5C4690CC8DF6D528C55D82EC9C0DF3046BBCAE7542025D7EE170788C9C234132703290A31AC2700E55339590226D5E582EC61869862769FD85B45F287FFDD6DB530995D31F94D7D2C26EF3F48A182C3026CC698F382A72F1A11E3C689953055DAC0DFEBE9CDB163CA3AF33FFC4DA0F6B84B9D7CDD4321CCECD4BAC528DEFF9715FFD9D4731E");
@@ -71,7 +72,7 @@ fn decode_rsa_2048_der() {
     assert_eq!(attribute.values.len(), 1);
 
     // Check the extensions.
-    let extensions: x509::Extensions = attribute.values.get(0).unwrap().decode_into().unwrap();
+    let extensions: Extensions = attribute.values.get(0).unwrap().decode_into().unwrap();
     for (ext, (oid, val)) in extensions.iter().zip(EXTENSIONS) {
         assert_eq!(ext.extn_id, oid.parse().unwrap());
         assert_eq!(ext.extn_value, *val);

x509-ext/CHANGELOG.md

@@ -0,0 +1,5 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

x509-ext/Cargo.toml

@@ -0,0 +1,29 @@
+[package]
+name = "x509-ext"
+version = "0.1.0" # Also update html_root_url in lib.rs when bumping this
+edition = "2021"
+description = "Pure Rust implementation X.509 Extensions"
+authors = ["RustCrypto Developers"]
+license = "Apache-2.0 OR MIT"
+repository = "https://github.com/RustCrypto/formats/tree/master/x509-ext"
+categories = ["cryptography", "data-structures", "encoding", "no-std"]
+keywords = ["crypto", "X.509", "extensions"]
+readme = "README.md"
+rust-version = "1.56"
+
+[dev-dependencies]
+hex-literal = "^0.3.4"
+rstest = "^0.12.0"
+
+[dependencies]
+der = { version = "=0.6.0-pre.1", features = ["derive", "alloc", "oid", "flagset"], path = "../der" }
+const-oid = { version = "=0.8.0", path = "../const-oid" }
+x501 = { version = "=0.1.0-pre.0", path = "../x501" }
+flagset = "^0.4.2"
+
+[features]
+std = ["der/std"]
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs"]