refactor: Split SafeBag serialization into its own function for PKCS#12 structures. #12452
Conversation
…pping multiple return values
…lled by pkcs12.serialize_key_and_certificates
…ption for coverage
src/rust/src/pkcs12.rs
Outdated
| @@ -297,29 +297,31 @@ fn cert_to_bag<'a>( | |||
| }) | |||
| } | |||
|
|
|||
| struct KeySerializationEncryption<'a> { | |||
| password: String, | |||
There was a problem hiding this comment.
What's the motivation to switch from PyBackedBytes to a String?
There was a problem hiding this comment.
My thought here was that decode_encryption_algorithm's goal was to pull details about the requested encryption from Python into a more Rust friendly format. That way by the time we get to internal calls like serialize_bags we're no longer working with unprocessed Python input (with the exception of mac_alogrithm which would have involved greater refactoring).
The other advantage is that since we use the password for both serialize_key_and_certificates (encrypting ShroudedKeyBag) and serialize_bags (encrypting the ContentInfo), we can rely on the same KeySerializationEncryption object without pulling the string out of Python twice or passing an extra argument.
There was a problem hiding this comment.
PyBackedBytes has teh advantage that it avoids an allocation+copy, so it'd be preferrable to stick to it.
There was a problem hiding this comment.
Ah, I was under the impression the extra allocation was occurring regardless. But looking closer, I think you're right. I've corrected it.
src/rust/src/pkcs12.rs
Outdated
| cryptography_x509::pkcs12::BagValue::ShroudedKeyBag(_) => &mut shrouded_safebags, | ||
| _ => &mut plain_safebags, | ||
| } | ||
| .push(safebag); |
There was a problem hiding this comment.
This would be easier to read as => shrouded_safebags.push(safebag) (and the same for the other path)
There was a problem hiding this comment.
Completely agree. I've updated it. Not sure why I did it this way to begin with.
This PR covers the refactoring required for #12393, which mostly involves splitting the safebag serialization out of
serialize_key_and_certificates.Summary
The PKCS#12 format contains an
AuthenticatedSafewhich holds a collection ofContentInfoobjects. Each of theseContentInfoobjects may or maynot be encrypted, and will (typically) hold one or moreSafeBags. TheseSafeBagsare where the actual content of the PKCS#12 file is held, and in the context of this library will either be a certificate (CertBag) or private key (KeyBagorShroudedKeyBag).As it stands,
serialize_key_and_certificates(inpkcs12.rs) performs the majority of roles in the serialization process.If encryption is enabled, the process looks like this:
serialize_key_and_certificatestakes in collections of keys and certificates.If encryption is not enabled, the process is similar:
serialize_key_and_certificatestakes in collections of keys and certificates.The goal of this PR is to let
serialize_key_and_certificatesfocus on just the SafeBag aspect of the process. Once it gathers all of its SafeBags, it will hand them off to a new function (serialize_bags) which will determine the appropriate structuring and serialization process. By making this change, new functions may be added which create more specialized collections of SafeBags, without duplicating the logic ofserialize_key_and_certificatesmore than necessary.Implementation
As noted above, the main change here is a new
serialize_bagsmethod. While the overall logic is very similar to what it was before the refactoring, I did want to touch on how this method actually functions, given that it accepts a single slice of bags.Previously, SafeBags were separated by keys and certificates. This was useful as, with encryption enabled, the keys would be placed into ShroudedKeyBags which were not to be re-encrypted. However, this separation was occurring regardless of whether encryption was enabled. With the new, more generic
serialize_bags, I found it made more sense to instead accept a single list of bags and only split apart ShroudedKeyBags if encryption was enabled. This way the function arguments stay simple and caller wouldn't need to worry about how the bags were being handled- simply that they needed to be provided.Under the refactoring, the process looks like this:
serialize_key_and_certificatestakes in collections of keys and certificates.serialize_bagsfor final serialization.5a. If encryption is disabled,
serialize_bagsgroups all SafeBags together and serializes them under a single ContentInfo.5b. If encryption is enabled,
serialize_bagsgroups ShroudedKeyBags into their own unencrypted ContentInfo, and the remaining bags into an encrypted ContentInfo.