cmpv2: build OobCertHash from a certificate

baloo · baloo · commit d9afb471bd46 · 2025-04-18T11:18:44.000Z
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/cmpv2/Cargo.toml b/cmpv2/Cargo.toml
@@ -21,6 +21,8 @@ der = { version = "0.8.0-rc.0", features = ["alloc", "derive", "flagset", "oid"]
 spki = { version = "0.8.0-rc.0" }
 x509-cert = { version = "=0.3.0-pre.0", default-features = false }
 
+digest = { version = "0.11.0-pre.10", optional = true, default-features = false }
+
 [dev-dependencies]
 const-oid = { version = "0.10.0-rc.0", features = ["db"] }
 hex-literal = "0.4"
@@ -30,6 +32,7 @@ alloc = ["der/alloc"]
 std = ["der/std", "spki/std"]
 
 pem = ["alloc", "der/pem"]
+digest = ["dep:digest", "der/digest"]
 
 [package.metadata.docs.rs]
 all-features = true
diff --git a/cmpv2/src/oob.rs b/cmpv2/src/oob.rs
@@ -6,6 +6,12 @@ use der::asn1::BitString;
 use crmf::controls::CertId;
 use spki::AlgorithmIdentifierOwned;
 
+#[cfg(feature = "digest")]
+use {
+    der::{DigestWriter, Encode, asn1::Null, oid::AssociatedOid},
+    x509_cert::{Certificate, ext::pkix::name::GeneralName},
+};
+
 use crate::header::CmpCertificate;
 
 /// The `OOBCert` type is defined in [RFC 4210 Section 5.2.5].
@@ -48,3 +54,29 @@ pub struct OobCertHash {
     pub cert_id: Option<CertId>,
     pub hash_val: BitString,
 }
+
+#[cfg(feature = "digest")]
+impl OobCertHash {
+    /// Create an [`OobCertHash`] from a given certificate
+    pub fn from_certificate<D>(cert: &Certificate) -> der::Result<Self>
+    where
+        D: digest::Digest + AssociatedOid,
+    {
+        let mut digest = D::new();
+
+        cert.encode(&mut DigestWriter(&mut digest))?;
+
+        Ok(Self {
+            hash_alg: Some(AlgorithmIdentifierOwned {
+                oid: D::OID,
+                parameters: Some(Null.into()),
+            }),
+            // TODO
+            cert_id: Some(CertId {
+                issuer: GeneralName::DirectoryName(cert.tbs_certificate().issuer().clone()),
+                serial_number: cert.tbs_certificate().serial_number().clone(),
+            }),
+            hash_val: BitString::from_bytes(&digest.finalize())?,
+        })
+    }
+}
diff --git a/der/Cargo.toml b/der/Cargo.toml
@@ -21,6 +21,7 @@ arbitrary = { version = "1.4", features = ["derive"], optional = true }
 bytes = { version = "1", optional = true, default-features = false }
 const-oid = { version = "0.10", optional = true }
 der_derive = { version = "0.8.0-rc.0", optional = true }
+digest = { version = "0.11.0-pre.10", optional = true, default-features = false }
 flagset = { version = "0.4.7", optional = true }
 pem-rfc7468 = { version = "1.0.0-rc.1", optional = true, features = ["alloc"] }
 time = { version = "0.3.4", optional = true, default-features = false }
diff --git a/der/src/lib.rs b/der/src/lib.rs
@@ -399,6 +399,9 @@ pub use {
     pem_rfc7468 as pem,
 };
 
+#[cfg(feature = "digest")]
+pub use crate::writer::digest::DigestWriter;
+
 #[cfg(feature = "time")]
 pub use time;
 
diff --git a/der/src/writer.rs b/der/src/writer.rs
@@ -1,5 +1,7 @@
 //! Writer trait.
 
+#[cfg(feature = "digest")]
+pub(crate) mod digest;
 #[cfg(feature = "pem")]
 pub(crate) mod pem;
 pub(crate) mod slice;
diff --git a/der/src/writer/digest.rs b/der/src/writer/digest.rs
@@ -0,0 +1,19 @@
+//! Adapter for Digest objects to write bytes to
+
+use digest::Digest;
+
+use super::Writer;
+use crate::Result;
+
+/// Adapter object to write to a digest backend
+pub struct DigestWriter<'d, D>(pub &'d mut D);
+
+impl<D> Writer for DigestWriter<'_, D>
+where
+    D: Digest,
+{
+    fn write(&mut self, slice: &[u8]) -> Result<()> {
+        self.0.update(slice);
+        Ok(())
+    }
+}
