Support PEM decoding for EchConfigListBytes

ctz · ctz · commit 4bc703b65518 · 2024-09-27T13:18:07.000+01:00
diff --git a/src/lib.rs b/src/lib.rs
@@ -762,6 +762,11 @@ impl EchConfigListBytes<'_> {
     }
 }
 
+#[cfg(feature = "alloc")]
+impl PemObjectFilter for EchConfigListBytes<'static> {
+    const KIND: SectionKind = SectionKind::EchConfigList;
+}
+
 impl fmt::Debug for EchConfigListBytes<'_> {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         hex(f, self.as_ref())
diff --git a/src/pem.rs b/src/pem.rs
@@ -357,13 +357,21 @@ pub enum SectionKind {
     ///
     /// Appears as "CERTIFICATE REQUEST" in PEM files.
     Csr,
+
+    /// An EchConfigList structure, as specified in
+    /// <https://www.ietf.org/archive/id/draft-farrell-tls-pemesni-05.html>.
+    ///
+    /// Appears as "ECHCONFIG" in PEM files.
+    EchConfigList,
 }
 
 impl SectionKind {
     fn secret(&self) -> bool {
         match self {
             Self::RsaPrivateKey | Self::PrivateKey | Self::EcPrivateKey => true,
-            Self::Certificate | Self::PublicKey | Self::Crl | Self::Csr => false,
+            Self::Certificate | Self::PublicKey | Self::Crl | Self::Csr | Self::EchConfigList => {
+                false
+            }
         }
     }
 }
@@ -380,6 +388,7 @@ impl TryFrom<&[u8]> for SectionKind {
             b"EC PRIVATE KEY" => Self::EcPrivateKey,
             b"X509 CRL" => Self::Crl,
             b"CERTIFICATE REQUEST" => Self::Csr,
+            b"ECHCONFIG" => Self::EchConfigList,
             _ => return Err(()),
         })
     }
diff --git a/tests/data/ech.pem b/tests/data/ech.pem
@@ -0,0 +1,7 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VuBCIEICjd4yGRdsoP9gU7YT7My8DHx1Tjme8GYDXrOMCi8v1V
+-----END PRIVATE KEY-----
+-----BEGIN ECHCONFIG-----
+AD7+DQA65wAgACA8wVN2BtscOl3vQheUzHeIkVmKIiydUhDCliA4iyQRCwAEAAEA
+AQALZXhhbXBsZS5jb20AAA==
+-----END ECHCONFIG-----
diff --git a/tests/data/zen.pem b/tests/data/zen.pem
@@ -162,4 +162,8 @@ gdiZyLcf1VDCCUGaskEi2CsggCQQJNyGi+8BSQ8MPKm/m0KrSchGQ157eWCCjopz
 f5GQe2UGOg5T7g8+S4GdECMwkMlTGUwlAM6LuOG/NZqP528PCAYQv0eOYdSwALQT
 GwTyU4AZ9y1uBFuaFxABew9GbDEtNY/XHTF8308edUwGBk6jfD+UuTeEwRZGs9E=
 -----END CERTIFICATE REQUEST-----
+-----BEGIN ECHCONFIG-----
+AD7+DQA65wAgACA8wVN2BtscOl3vQheUzHeIkVmKIiydUhDCliA4iyQRCwAEAAEA
+AQALZXhhbXBsZS5jb20AAA==
+-----END ECHCONFIG-----
 ... that's all folks!
diff --git a/tests/pem.rs b/tests/pem.rs
@@ -4,8 +4,9 @@ use std::io::Cursor;
 
 use rustls_pki_types::pem::PemObject;
 use rustls_pki_types::{
-    pem, CertificateDer, CertificateRevocationListDer, CertificateSigningRequestDer, PrivateKeyDer,
-    PrivatePkcs1KeyDer, PrivatePkcs8KeyDer, PrivateSec1KeyDer, SubjectPublicKeyInfoDer,
+    pem, CertificateDer, CertificateRevocationListDer, CertificateSigningRequestDer,
+    EchConfigListBytes, PrivateKeyDer, PrivatePkcs1KeyDer, PrivatePkcs8KeyDer, PrivateSec1KeyDer,
+    SubjectPublicKeyInfoDer,
 };
 
 #[test]
@@ -180,6 +181,20 @@ fn crls() {
     );
 }
 
+#[test]
+fn ech_config() {
+    let data = include_bytes!("data/zen.pem");
+
+    EchConfigListBytes::from_pem_slice(data).unwrap();
+    EchConfigListBytes::from_pem_reader(&mut Cursor::new(&data[..])).unwrap();
+    EchConfigListBytes::from_pem_file("tests/data/zen.pem").unwrap();
+
+    assert!(matches!(
+        EchConfigListBytes::from_pem_file("tests/data/certificate.chain.pem").unwrap_err(),
+        pem::Error::NoItemsFound
+    ));
+}
+
 #[test]
 fn certificates_with_binary() {
     let data = include_bytes!("data/gunk.pem");
@@ -212,7 +227,7 @@ fn parse_in_order() {
     let items = <(pem::SectionKind, Vec<u8>) as PemObject>::pem_slice_iter(data)
         .collect::<Result<Vec<_>, _>>()
         .unwrap();
-    assert_eq!(items.len(), 11);
+    assert_eq!(items.len(), 12);
     assert!(matches!(items[0], (pem::SectionKind::Certificate, _)));
     assert!(matches!(items[1], (pem::SectionKind::Certificate, _)));
     assert!(matches!(items[2], (pem::SectionKind::Certificate, _)));
@@ -224,6 +239,7 @@ fn parse_in_order() {
     assert!(matches!(items[8], (pem::SectionKind::PrivateKey, _)));
     assert!(matches!(items[9], (pem::SectionKind::Crl, _)));
     assert!(matches!(items[10], (pem::SectionKind::Csr, _)));
+    assert!(matches!(items[11], (pem::SectionKind::EchConfigList, _)));
 }
 
 #[test]

Original file line number	Diff line number	Diff line change
`@@ -762,6 +762,11 @@ impl EchConfigListBytes<'_> {`
`762`	`762`	`}`
`763`	`763`	`}`
`764`	`764`
	`765`	`+#[cfg(feature = "alloc")]`
	`766`	`+impl PemObjectFilter for EchConfigListBytes<'static> {`
	`767`	`+ const KIND: SectionKind = SectionKind::EchConfigList;`
	`768`	`+}`
	`769`	`+`
`765`	`770`	`impl fmt::Debug for EchConfigListBytes<'_> {`
`766`	`771`	`fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {`
`767`	`772`	`hex(f, self.as_ref())`
Original file line number	Diff line number	Diff line change
`@@ -357,13 +357,21 @@ pub enum SectionKind {`
`357`	`357`	`///`
`358`	`358`	`/// Appears as "CERTIFICATE REQUEST" in PEM files.`
`359`	`359`	`Csr,`
	`360`	`+`
	`361`	`+ /// An EchConfigList structure, as specified in`
	`362`	`+ /// <https://www.ietf.org/archive/id/draft-farrell-tls-pemesni-05.html>.`
	`363`	`+ ///`
	`364`	`+ /// Appears as "ECHCONFIG" in PEM files.`
	`365`	`+ EchConfigList,`
`360`	`366`	`}`
`361`	`367`
`362`	`368`	`impl SectionKind {`
`363`	`369`	`fn secret(&self) -> bool {`
`364`	`370`	`match self {`
`365`	`371`	`Self::RsaPrivateKey \| Self::PrivateKey \| Self::EcPrivateKey => true,`
`366`		`- Self::Certificate \| Self::PublicKey \| Self::Crl \| Self::Csr => false,`
	`372`	`+ Self::Certificate \| Self::PublicKey \| Self::Crl \| Self::Csr \| Self::EchConfigList => {`
	`373`	`+ false`
	`374`	`+ }`
`367`	`375`	`}`
`368`	`376`	`}`
`369`	`377`	`}`
`@@ -380,6 +388,7 @@ impl TryFrom<&[u8]> for SectionKind {`
`380`	`388`	`b"EC PRIVATE KEY" => Self::EcPrivateKey,`
`381`	`389`	`b"X509 CRL" => Self::Crl,`
`382`	`390`	`b"CERTIFICATE REQUEST" => Self::Csr,`
	`391`	`+ b"ECHCONFIG" => Self::EchConfigList,`
`383`	`392`	`_ => return Err(()),`
`384`	`393`	`})`
`385`	`394`	`}`