[WIP] spki: make AlgorithmIdentifier generic around Params

NOTE: breaking change.

Previously `AlgorithmIdentifier::parameters` were always `AnyRef`.
This commit changes them to a generic parameter `Params`.

An alias `AlgorithmIdentifierRef` provides a type identical to the
original with `AnyRef` as its `parameters`, which is used in all of the
other crates in this repo.

Author: tarcieri

pkcs1/src/lib.rs

@@ -52,7 +52,7 @@ pub const ALGORITHM_OID: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.84
 /// `AlgorithmIdentifier` for RSA.
 #[cfg(feature = "pkcs8")]
 #[cfg_attr(docsrs, doc(cfg(feature = "pkcs8")))]
-pub const ALGORITHM_ID: pkcs8::AlgorithmIdentifier<'static> = pkcs8::AlgorithmIdentifier {
+pub const ALGORITHM_ID: pkcs8::AlgorithmIdentifierRef<'static> = pkcs8::AlgorithmIdentifierRef {
     oid: ALGORITHM_OID,
     parameters: Some(der::asn1::AnyRef::NULL),
 };

pkcs1/src/params.rs

@@ -6,7 +6,7 @@ use der::{
     asn1::ContextSpecificRef, Decode, DecodeValue, Encode, EncodeValue, FixedTag, Reader, Sequence,
     Tag, TagMode, TagNumber, Writer,
 };
-use spki::AlgorithmIdentifier;
+use spki::AlgorithmIdentifierRef;
 
 const OID_SHA_1: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.3.14.3.2.26");
 const OID_MGF_1: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.8");
@@ -15,7 +15,7 @@ const OID_PSPECIFIED: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.1
 // TODO(tarcieri): make `AlgorithmIdentifier` generic around params; use `OID_SHA_1`
 const SEQ_OID_SHA_1_DER: &[u8] = &[0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a];
 
-const SHA_1_AI: AlgorithmIdentifier<'_> = AlgorithmIdentifier {
+const SHA_1_AI: AlgorithmIdentifierRef<'_> = AlgorithmIdentifierRef {
     oid: OID_SHA_1,
     parameters: None,
 };
@@ -81,10 +81,10 @@ impl FixedTag for TrailerField {
 #[derive(Clone, Debug, Eq, PartialEq)]
 pub struct RsaPssParams<'a> {
     /// Hash Algorithm
-    pub hash: AlgorithmIdentifier<'a>,
+    pub hash: AlgorithmIdentifierRef<'a>,
 
     /// Mask Generation Function (MGF)
-    pub mask_gen: AlgorithmIdentifier<'a>,
+    pub mask_gen: AlgorithmIdentifierRef<'a>,
 
     /// Salt length
     pub salt_len: u8,
@@ -180,8 +180,8 @@ impl<'a> TryFrom<&'a [u8]> for RsaPssParams<'a> {
 }
 
 /// Default Mask Generation Function (MGF): SHA-1.
-fn default_mgf1_sha1<'a>() -> AlgorithmIdentifier<'a> {
-    AlgorithmIdentifier {
+fn default_mgf1_sha1<'a>() -> AlgorithmIdentifierRef<'a> {
+    AlgorithmIdentifierRef {
         oid: OID_MGF_1,
         parameters: Some(
             AnyRef::new(Tag::Sequence, SEQ_OID_SHA_1_DER)
@@ -208,13 +208,13 @@ fn default_mgf1_sha1<'a>() -> AlgorithmIdentifier<'a> {
 #[derive(Clone, Debug, Eq, PartialEq)]
 pub struct RsaOaepParams<'a> {
     /// Hash Algorithm
-    pub hash: AlgorithmIdentifier<'a>,
+    pub hash: AlgorithmIdentifierRef<'a>,
 
     /// Mask Generation Function (MGF)
-    pub mask_gen: AlgorithmIdentifier<'a>,
+    pub mask_gen: AlgorithmIdentifierRef<'a>,
 
     /// The source (and possibly the value) of the label L
-    pub p_source: AlgorithmIdentifier<'a>,
+    pub p_source: AlgorithmIdentifierRef<'a>,
 }
 
 impl<'a> Default for RsaOaepParams<'a> {
@@ -291,8 +291,8 @@ impl<'a> TryFrom<&'a [u8]> for RsaOaepParams<'a> {
 }
 
 /// Default Source Algorithm, empty string
-fn default_pempty_string<'a>() -> AlgorithmIdentifier<'a> {
-    AlgorithmIdentifier {
+fn default_pempty_string<'a>() -> AlgorithmIdentifierRef<'a> {
+    AlgorithmIdentifierRef {
         oid: OID_PSPECIFIED,
         parameters: Some(
             AnyRef::new(Tag::OctetString, &[]).expect("error creating default OAEP params"),

pkcs5/src/lib.rs

@@ -12,7 +12,7 @@
 //!
 //! The main API for this crate is the [`EncryptionScheme`] enum, which impls
 //! the [`Decode`] and [`Encode`] traits from the [`der`] crate, and can be
-//! used for decoding/encoding PKCS#5 [`AlgorithmIdentifier`] fields.
+//! used for decoding/encoding PKCS#5 `AlgorithmIdentifier` fields.
 //!
 //! [RFC 8018]: https://tools.ietf.org/html/rfc8018
 
@@ -26,7 +26,7 @@ pub mod pbes2;
 
 pub use crate::error::{Error, Result};
 pub use der::{self, asn1::ObjectIdentifier};
-pub use spki::AlgorithmIdentifier;
+pub use spki::AlgorithmIdentifierRef;
 
 use der::{Decode, DecodeValue, Encode, Header, Reader, Sequence, Tag};
 
@@ -136,7 +136,7 @@ impl<'a> EncryptionScheme<'a> {
 
 impl<'a> DecodeValue<'a> for EncryptionScheme<'a> {
     fn decode_value<R: Reader<'a>>(decoder: &mut R, header: Header) -> der::Result<Self> {
-        AlgorithmIdentifier::decode_value(decoder, header)?.try_into()
+        AlgorithmIdentifierRef::decode_value(decoder, header)?.try_into()
     }
 }
 
@@ -164,10 +164,10 @@ impl<'a> From<pbes2::Parameters<'a>> for EncryptionScheme<'a> {
     }
 }
 
-impl<'a> TryFrom<AlgorithmIdentifier<'a>> for EncryptionScheme<'a> {
+impl<'a> TryFrom<AlgorithmIdentifierRef<'a>> for EncryptionScheme<'a> {
     type Error = der::Error;
 
-    fn try_from(alg: AlgorithmIdentifier<'a>) -> der::Result<EncryptionScheme<'_>> {
+    fn try_from(alg: AlgorithmIdentifierRef<'a>) -> der::Result<EncryptionScheme<'_>> {
         if alg.oid == pbes2::PBES2_OID {
             match alg.parameters {
                 Some(params) => pbes2::Parameters::try_from(params).map(Into::into),
@@ -183,6 +183,6 @@ impl<'a> TryFrom<&'a [u8]> for EncryptionScheme<'a> {
     type Error = der::Error;
 
     fn try_from(bytes: &'a [u8]) -> der::Result<EncryptionScheme<'a>> {
-        AlgorithmIdentifier::from_der(bytes)?.try_into()
+        AlgorithmIdentifierRef::from_der(bytes)?.try_into()
     }
 }

pkcs5/src/pbes1.rs

@@ -2,7 +2,7 @@
 //!
 //! [RFC 8018 Section 6.1]: https://tools.ietf.org/html/rfc8018#section-6.1
 
-use crate::AlgorithmIdentifier;
+use crate::AlgorithmIdentifierRef;
 use der::{
     asn1::{AnyRef, ObjectIdentifier, OctetStringRef},
     Decode, Encode, ErrorKind, Length, Reader, Sequence, Tag, Writer,
@@ -68,7 +68,7 @@ impl Algorithm {
 
 impl<'a> Decode<'a> for Algorithm {
     fn decode<R: Reader<'a>>(decoder: &mut R) -> der::Result<Self> {
-        AlgorithmIdentifier::decode(decoder)?.try_into()
+        AlgorithmIdentifierRef::decode(decoder)?.try_into()
     }
 }
 
@@ -81,10 +81,10 @@ impl Sequence<'_> for Algorithm {
     }
 }
 
-impl<'a> TryFrom<AlgorithmIdentifier<'a>> for Algorithm {
+impl<'a> TryFrom<AlgorithmIdentifierRef<'a>> for Algorithm {
     type Error = der::Error;
 
-    fn try_from(alg: AlgorithmIdentifier<'a>) -> der::Result<Self> {
+    fn try_from(alg: AlgorithmIdentifierRef<'a>) -> der::Result<Self> {
         // Ensure that we have a supported PBES1 algorithm identifier
         let encryption = EncryptionScheme::try_from(alg.oid)
             .map_err(|_| der::Tag::ObjectIdentifier.value_error())?;

pkcs5/src/pbes2.rs

@@ -12,7 +12,7 @@ pub use self::kdf::{
     PBKDF2_OID, SCRYPT_OID,
 };
 
-use crate::{AlgorithmIdentifier, Error, Result};
+use crate::{AlgorithmIdentifierRef, Error, Result};
 use der::{
     asn1::{AnyRef, ObjectIdentifier, OctetStringRef},
     Decode, Encode, ErrorKind, Length, Reader, Sequence, Tag, Writer,
@@ -220,8 +220,8 @@ impl<'a> TryFrom<AnyRef<'a>> for Parameters<'a> {
 
     fn try_from(any: AnyRef<'a>) -> der::Result<Self> {
         any.sequence(|params| {
-            let kdf = AlgorithmIdentifier::decode(params)?;
-            let encryption = AlgorithmIdentifier::decode(params)?;
+            let kdf = AlgorithmIdentifierRef::decode(params)?;
+            let encryption = AlgorithmIdentifierRef::decode(params)?;
 
             Ok(Self {
                 kdf: kdf.try_into()?,
@@ -305,14 +305,14 @@ impl<'a> EncryptionScheme<'a> {
 
 impl<'a> Decode<'a> for EncryptionScheme<'a> {
     fn decode<R: Reader<'a>>(reader: &mut R) -> der::Result<Self> {
-        AlgorithmIdentifier::decode(reader).and_then(TryInto::try_into)
+        AlgorithmIdentifierRef::decode(reader).and_then(TryInto::try_into)
     }
 }
 
-impl<'a> TryFrom<AlgorithmIdentifier<'a>> for EncryptionScheme<'a> {
+impl<'a> TryFrom<AlgorithmIdentifierRef<'a>> for EncryptionScheme<'a> {
     type Error = der::Error;
 
-    fn try_from(alg: AlgorithmIdentifier<'a>) -> der::Result<Self> {
+    fn try_from(alg: AlgorithmIdentifierRef<'a>) -> der::Result<Self> {
         // TODO(tarcieri): support for non-AES algorithms?
         let iv = match alg.parameters {
             Some(params) => params.octet_string()?.as_bytes(),
@@ -352,7 +352,7 @@ impl<'a> TryFrom<AlgorithmIdentifier<'a>> for EncryptionScheme<'a> {
     }
 }
 
-impl<'a> TryFrom<EncryptionScheme<'a>> for AlgorithmIdentifier<'a> {
+impl<'a> TryFrom<EncryptionScheme<'a>> for AlgorithmIdentifierRef<'a> {
     type Error = der::Error;
 
     fn try_from(scheme: EncryptionScheme<'a>) -> der::Result<Self> {
@@ -366,7 +366,7 @@ impl<'a> TryFrom<EncryptionScheme<'a>> for AlgorithmIdentifier<'a> {
             EncryptionScheme::DesEde3Cbc { iv } => iv,
         })?;
 
-        Ok(AlgorithmIdentifier {
+        Ok(AlgorithmIdentifierRef {
             oid: scheme.oid(),
             parameters: Some(parameters.into()),
         })
@@ -375,10 +375,10 @@ impl<'a> TryFrom<EncryptionScheme<'a>> for AlgorithmIdentifier<'a> {
 
 impl<'a> Encode for EncryptionScheme<'a> {
     fn encoded_len(&self) -> der::Result<Length> {
-        AlgorithmIdentifier::try_from(*self)?.encoded_len()
+        AlgorithmIdentifierRef::try_from(*self)?.encoded_len()
     }
 
     fn encode(&self, writer: &mut dyn Writer) -> der::Result<()> {
-        AlgorithmIdentifier::try_from(*self)?.encode(writer)
+        AlgorithmIdentifierRef::try_from(*self)?.encode(writer)
     }
 }

pkcs5/src/pbes2/kdf.rs

@@ -1,6 +1,6 @@
 //! Key derivation functions.
 
-use crate::{AlgorithmIdentifier, Error, Result};
+use crate::{AlgorithmIdentifierRef, Error, Result};
 use der::{
     asn1::{AnyRef, ObjectIdentifier, OctetStringRef},
     Decode, Encode, ErrorKind, Length, Reader, Sequence, Tag, Tagged, Writer,
@@ -100,7 +100,7 @@ impl<'a> Kdf<'a> {
 
 impl<'a> Decode<'a> for Kdf<'a> {
     fn decode<R: Reader<'a>>(reader: &mut R) -> der::Result<Self> {
-        AlgorithmIdentifier::decode(reader)?.try_into()
+        AlgorithmIdentifierRef::decode(reader)?.try_into()
     }
 }
 
@@ -128,10 +128,10 @@ impl<'a> From<ScryptParams<'a>> for Kdf<'a> {
     }
 }
 
-impl<'a> TryFrom<AlgorithmIdentifier<'a>> for Kdf<'a> {
+impl<'a> TryFrom<AlgorithmIdentifierRef<'a>> for Kdf<'a> {
     type Error = der::Error;
 
-    fn try_from(alg: AlgorithmIdentifier<'a>) -> der::Result<Self> {
+    fn try_from(alg: AlgorithmIdentifierRef<'a>) -> der::Result<Self> {
         if let Some(params) = alg.parameters {
             match alg.oid {
                 PBKDF2_OID => params.try_into().map(Self::Pbkdf2),
@@ -242,7 +242,7 @@ impl<'a> TryFrom<AnyRef<'a>> for Pbkdf2Params<'a> {
                 salt: OctetStringRef::decode(reader)?.as_bytes(),
                 iteration_count: reader.decode()?,
                 key_length: reader.decode()?,
-                prf: Option::<AlgorithmIdentifier<'_>>::decode(reader)?
+                prf: Option::<AlgorithmIdentifierRef<'_>>::decode(reader)?
                     .map(TryInto::try_into)
                     .transpose()?
                     .unwrap_or_default(),
@@ -298,10 +298,10 @@ impl Default for Pbkdf2Prf {
     }
 }
 
-impl<'a> TryFrom<AlgorithmIdentifier<'a>> for Pbkdf2Prf {
+impl<'a> TryFrom<AlgorithmIdentifierRef<'a>> for Pbkdf2Prf {
     type Error = der::Error;
 
-    fn try_from(alg: AlgorithmIdentifier<'a>) -> der::Result<Self> {
+    fn try_from(alg: AlgorithmIdentifierRef<'a>) -> der::Result<Self> {
         if let Some(params) = alg.parameters {
             // TODO(tarcieri): support non-NULL parameters?
             if !params.is_null() {
@@ -323,12 +323,12 @@ impl<'a> TryFrom<AlgorithmIdentifier<'a>> for Pbkdf2Prf {
     }
 }
 
-impl<'a> From<Pbkdf2Prf> for AlgorithmIdentifier<'a> {
+impl<'a> From<Pbkdf2Prf> for AlgorithmIdentifierRef<'a> {
     fn from(prf: Pbkdf2Prf) -> Self {
         // TODO(tarcieri): support non-NULL parameters?
         let parameters = der::asn1::Null;
 
-        AlgorithmIdentifier {
+        AlgorithmIdentifierRef {
             oid: prf.oid(),
             parameters: Some(parameters.into()),
         }
@@ -337,11 +337,11 @@ impl<'a> From<Pbkdf2Prf> for AlgorithmIdentifier<'a> {
 
 impl Encode for Pbkdf2Prf {
     fn encoded_len(&self) -> der::Result<Length> {
-        AlgorithmIdentifier::try_from(*self)?.encoded_len()
+        AlgorithmIdentifierRef::try_from(*self)?.encoded_len()
     }
 
     fn encode(&self, writer: &mut dyn Writer) -> der::Result<()> {
-        AlgorithmIdentifier::try_from(*self)?.encode(writer)
+        AlgorithmIdentifierRef::try_from(*self)?.encode(writer)
     }
 }
 

pkcs7/src/enveloped_data_content.rs

@@ -6,9 +6,9 @@ use der::{
     asn1::{ContextSpecific, OctetStringRef},
     DecodeValue, Encode, Header, Reader, Sequence, TagMode, TagNumber,
 };
-use spki::AlgorithmIdentifier;
+use spki::AlgorithmIdentifierRef;
 
-type ContentEncryptionAlgorithmIdentifier<'a> = AlgorithmIdentifier<'a>;
+type ContentEncryptionAlgorithmIdentifier<'a> = AlgorithmIdentifierRef<'a>;
 
 const ENCRYPTED_CONTENT_TAG: TagNumber = TagNumber::new(0);
 

pkcs7/tests/content_tests.rs

@@ -9,7 +9,7 @@ use pkcs7::{
     encrypted_data_content::EncryptedDataContent, enveloped_data_content::EncryptedContentInfo,
     ContentInfo, ContentType,
 };
-use spki::AlgorithmIdentifier;
+use spki::AlgorithmIdentifierRef;
 use std::fs;
 
 fn encode_content_info<'a>(content_info: &ContentInfo<'a>, buf: &'a mut [u8]) -> &'a [u8] {
@@ -52,7 +52,7 @@ fn decode_encrypted_key_example() {
                 EncryptedContentInfo {
                     content_type: ContentType::Data,
                     content_encryption_algorithm:
-                        AlgorithmIdentifier {
+                        AlgorithmIdentifierRef {
                             oid,
                             parameters: Some(any),
                         },

pkcs8/src/lib.rs

@@ -83,7 +83,7 @@ pub use crate::{
     version::Version,
 };
 pub use der::{self, asn1::ObjectIdentifier, oid::AssociatedOid};
-pub use spki::{self, AlgorithmIdentifier, DecodePublicKey, SubjectPublicKeyInfo};
+pub use spki::{self, AlgorithmIdentifierRef, DecodePublicKey, SubjectPublicKeyInfo};
 
 #[cfg(feature = "alloc")]
 #[cfg_attr(docsrs, doc(cfg(feature = "alloc")))]

pkcs8/src/private_key_info.rs

@@ -1,6 +1,6 @@
 //! PKCS#8 `PrivateKeyInfo`.
 
-use crate::{AlgorithmIdentifier, Error, Result, Version};
+use crate::{AlgorithmIdentifierRef, Error, Result, Version};
 use core::fmt;
 use der::{
     asn1::{AnyRef, BitStringRef, ContextSpecific, OctetStringRef},
@@ -91,7 +91,7 @@ const PUBLIC_KEY_TAG: TagNumber = TagNumber::N1;
 #[derive(Clone)]
 pub struct PrivateKeyInfo<'a> {
     /// X.509 [`AlgorithmIdentifier`] for the private key type.
-    pub algorithm: AlgorithmIdentifier<'a>,
+    pub algorithm: AlgorithmIdentifierRef<'a>,
 
     /// Private key data.
     pub private_key: &'a [u8],
@@ -105,7 +105,7 @@ impl<'a> PrivateKeyInfo<'a> {
     ///
     /// This is a helper method which initializes `attributes` and `public_key`
     /// to `None`, helpful if you aren't using those.
-    pub fn new(algorithm: AlgorithmIdentifier<'a>, private_key: &'a [u8]) -> Self {
+    pub fn new(algorithm: AlgorithmIdentifierRef<'a>, private_key: &'a [u8]) -> Self {
         Self {
             algorithm,
             private_key,

sec1/src/traits.rs

@@ -103,7 +103,7 @@ impl<T: pkcs8::DecodePrivateKey> DecodeEcPrivateKey for T {
             .parameters
             .and_then(|params| params.named_curve());
 
-        let algorithm = pkcs8::AlgorithmIdentifier {
+        let algorithm = pkcs8::AlgorithmIdentifierRef {
             oid: ALGORITHM_OID,
             parameters: params_oid.as_ref().map(Into::into),
         };