Use the DEFINED BY functionality from rust-asn1 in pkcs7.rs (#7848)

Author: alex

src/rust/Cargo.toml

@@ -10,7 +10,7 @@ rust-version = "1.56.0"
 [dependencies]
 once_cell = "1"
 pyo3 = { version = "0.15.2" }
-asn1 = { version = "0.13.0", default-features = false }
+asn1 = { version = "0.13.0", default-features = false, features = ["const-generics"] }
 pem = "1.1"
 chrono = { version = "0.4.24", default-features = false, features = ["alloc", "clock"] }
 ouroboros = "0.15"

src/rust/src/pkcs7.rs

@@ -25,13 +25,6 @@ const AES_256_CBC_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 840, 1, 101, 3
 const AES_192_CBC_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 840, 1, 101, 3, 4, 1, 22);
 const AES_128_CBC_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 840, 1, 101, 3, 4, 1, 2);
 
-static EMPTY_STRING_DER: Lazy<Vec<u8>> = Lazy::new(|| {
-    // TODO: kind of verbose way to say "\x04\x00".
-    asn1::write_single(&(&[] as &[u8])).unwrap()
-});
-static EMPTY_STRING_TLV: Lazy<asn1::Tlv<'static>> =
-    Lazy::new(|| asn1::parse_single(&EMPTY_STRING_DER).unwrap());
-
 static OIDS_TO_MIC_NAME: Lazy<HashMap<&asn1::ObjectIdentifier, &str>> = Lazy::new(|| {
     let mut h = HashMap::new();
     h.insert(&x509::oid::SHA224_OID, "sha-224");
@@ -43,9 +36,18 @@ static OIDS_TO_MIC_NAME: Lazy<HashMap<&asn1::ObjectIdentifier, &str>> = Lazy::ne
 
 #[derive(asn1::Asn1Write)]
 struct ContentInfo<'a> {
-    content_type: asn1::ObjectIdentifier,
-    #[explicit(0)]
-    content: Option<asn1::Tlv<'a>>,
+    _content_type: asn1::DefinedByMarker<asn1::ObjectIdentifier>,
+
+    #[defined_by(_content_type)]
+    content: Content<'a>,
+}
+
+#[derive(asn1::Asn1DefinedByWrite)]
+enum Content<'a> {
+    #[defined_by(PKCS7_SIGNED_DATA_OID)]
+    SignedData(asn1::Explicit<'a, Box<SignedData<'a>>, 0>),
+    #[defined_by(PKCS7_DATA_OID)]
+    Data(Option<asn1::Explicit<'a, &'a [u8], 0>>),
 }
 
 #[derive(asn1::Asn1Write)]
@@ -106,19 +108,17 @@ fn serialize_certificates<'p>(
         version: 1,
         digest_algorithms: asn1::SetOfWriter::new(&[]),
         content_info: ContentInfo {
-            content_type: PKCS7_DATA_OID,
-            content: Some(*EMPTY_STRING_TLV),
+            _content_type: asn1::DefinedByMarker::marker(),
+            content: Content::Data(Some(asn1::Explicit::new(b""))),
         },
         certificates: Some(asn1::SetOfWriter::new(&raw_certs)),
         crls: None,
         signer_infos: asn1::SetOfWriter::new(&[]),
     };
 
-    let signed_data_bytes = asn1::write_single(&signed_data)?;
-
     let content_info = ContentInfo {
-        content_type: PKCS7_SIGNED_DATA_OID,
-        content: Some(asn1::parse_single(&signed_data_bytes).unwrap()),
+        _content_type: asn1::DefinedByMarker::marker(),
+        content: Content::SignedData(asn1::Explicit::new(Box::new(signed_data))),
     };
     let content_info_bytes = asn1::write_single(&content_info)?;
 
@@ -276,8 +276,8 @@ fn sign_and_serialize<'p>(
         version: 1,
         digest_algorithms: asn1::SetOfWriter::new(&digest_algs),
         content_info: ContentInfo {
-            content_type: PKCS7_DATA_OID,
-            content,
+            _content_type: asn1::DefinedByMarker::marker(),
+            content: Content::Data(content.map(asn1::Explicit::new)),
         },
         certificates: if options.contains(pkcs7_options.getattr(crate::intern!(py, "NoCerts"))?)? {
             None
@@ -288,11 +288,9 @@ fn sign_and_serialize<'p>(
         signer_infos: asn1::SetOfWriter::new(&signer_infos),
     };
 
-    let signed_data_bytes = asn1::write_single(&signed_data)?;
-
     let content_info = ContentInfo {
-        content_type: PKCS7_SIGNED_DATA_OID,
-        content: Some(asn1::parse_single(&signed_data_bytes).unwrap()),
+        _content_type: asn1::DefinedByMarker::marker(),
+        content: Content::SignedData(asn1::Explicit::new(Box::new(signed_data))),
     };
     let ci_bytes = asn1::write_single(&content_info)?;