Port a tiny tiny bit of the ASN.1 parsing to Rust

pyca · Dec 22, 2020 · 6213bad · 6213bad
1 parent bd0d0fd
commit 6213bad
Show file tree

Hide file tree

Showing 4 changed files with 125 additions and 20 deletions.
diff --git a/src/cryptography/hazmat/backends/openssl/decode_asn1.py b/src/cryptography/hazmat/backends/openssl/decode_asn1.py
@@ -7,8 +7,7 @@
 import ipaddress
 
 from cryptography import x509
-from cryptography.hazmat._der import DERReader, INTEGER, NULL, SEQUENCE
-from cryptography.x509.extensions import _TLS_FEATURE_TYPE_TO_ENUM
+from cryptography.hazmat.bindings import _rust
 from cryptography.x509.name import _ASN1_TYPE_TO_ENUM
 from cryptography.x509.oid import (
     CRLEntryExtensionOID,
@@ -208,27 +207,19 @@ def parse(self, x509_obj):
             # ourselves.
             if oid == ExtensionOID.TLS_FEATURE:
                 # The extension contents are a SEQUENCE OF INTEGERs.
-                data = self._backend._lib.X509_EXTENSION_get_data(ext)
-                data_bytes = _asn1_string_to_bytes(self._backend, data)
-                features = DERReader(data_bytes).read_single_element(SEQUENCE)
-                parsed = []
-                while not features.is_empty():
-                    parsed.append(features.read_element(INTEGER).as_integer())
-                # Map the features to their enum value.
-                value = x509.TLSFeature(
-                    [_TLS_FEATURE_TYPE_TO_ENUM[x] for x in parsed]
-                )
+                data = backend._lib.X509_EXTENSION_get_data(ext)
+                data_bytes = _asn1_string_to_bytes(backend, data)
+                value = _rust.parse_tls_feature(data_bytes)
+
                 extensions.append(x509.Extension(oid, critical, value))
                 seen_oids.add(oid)
                 continue
             elif oid == ExtensionOID.PRECERT_POISON:
-                data = self._backend._lib.X509_EXTENSION_get_data(ext)
-                # The contents of the extension must be an ASN.1 NULL.
-                reader = DERReader(_asn1_string_to_bytes(self._backend, data))
-                reader.read_single_element(NULL).check_empty()
-                extensions.append(
-                    x509.Extension(oid, critical, x509.PrecertPoison())
-                )
+                data = backend._lib.X509_EXTENSION_get_data(ext)
+                data_bytes = _asn1_string_to_bytes(backend, data)
+                value = _rust.parse_precert_poison(data_bytes)
+
+                extensions.append(x509.Extension(oid, critical, value))
                 seen_oids.add(oid)
                 continue
 

diff --git a/src/rust/Cargo.lock b/src/rust/Cargo.lock
diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml
@@ -7,6 +7,7 @@ publish = false
 
 [dependencies]
 pyo3 = { version = "0.13.0", features = ["extension-module"] }
+asn1 = { git = "https://github.com/alex/rust-asn1" }
 
 [lib]
 name = "cryptography_rust"

diff --git a/src/rust/src/lib.rs b/src/rust/src/lib.rs
@@ -2,7 +2,76 @@
 // 2.0, and the BSD License. See the LICENSE file in the root of this repository
 // for complete details.
 
+use pyo3::conversion::ToPyObject;
+
+enum PyAsn1Error {
+    Asn1(asn1::ParseError),
+    Py(pyo3::PyErr),
+}
+
+impl From<asn1::ParseError> for PyAsn1Error {
+    fn from(e: asn1::ParseError) -> PyAsn1Error {
+        PyAsn1Error::Asn1(e)
+    }
+}
+
+impl From<pyo3::PyErr> for PyAsn1Error {
+    fn from(e: pyo3::PyErr) -> PyAsn1Error {
+        PyAsn1Error::Py(e)
+    }
+}
+
+impl From<PyAsn1Error> for pyo3::PyErr {
+    fn from(e: PyAsn1Error) -> pyo3::PyErr {
+        match e {
+            PyAsn1Error::Asn1(asn1_error) => pyo3::exceptions::ValueError::py_err(format!(
+                "error parsing asn1 value: {:?}",
+                asn1_error
+            )),
+            PyAsn1Error::Py(py_error) => py_error,
+        }
+    }
+}
+
+#[pyo3::prelude::pyfunction]
+fn parse_tls_feature(py: pyo3::Python<'_>, data: &[u8]) -> pyo3::PyResult<pyo3::PyObject> {
+    let tls_feature_type_to_enum = py
+        .import("cryptography.x509.extensions")?
+        .getattr("_TLS_FEATURE_TYPE_TO_ENUM")?;
+
+    let features = asn1::parse::<_, PyAsn1Error, _>(data, |p| {
+        p.read_element::<asn1::Sequence>()?.parse(|p| {
+            let features = pyo3::types::PyList::empty(py);
+            while !p.is_empty() {
+                let feature = p.read_element::<u64>()?;
+                let py_feature = tls_feature_type_to_enum.get_item(feature.to_object(py))?;
+                features.append(py_feature)?
+            }
+            Ok(features)
+        })
+    })?;
+
+    let x509_module = py.import("cryptography.x509")?;
+    x509_module
+        .call1("TLSFeature", (features,))
+        .map(|o| o.to_object(py))
+}
+
+#[pyo3::prelude::pyfunction]
+fn parse_precert_poison(py: pyo3::Python<'_>, data: &[u8]) -> pyo3::PyResult<pyo3::PyObject> {
+    asn1::parse::<_, PyAsn1Error, _>(data, |p| {
+        p.read_element::<()>()?;
+        Ok(())
+    })?;
+
+    let x509_module = py.import("cryptography.x509")?;
+    x509_module.call0("PrecertPoison").map(|o| o.to_object(py))
+}
+
 #[pyo3::prelude::pymodule]
-fn _rust(_py: pyo3::Python<'_>, _m: &pyo3::types::PyModule) -> pyo3::PyResult<()> {
+fn _rust(_py: pyo3::Python<'_>, m: &pyo3::types::PyModule) -> pyo3::PyResult<()> {
+    m.add_wrapped(pyo3::wrap_pyfunction!(parse_tls_feature))?;
+    m.add_wrapped(pyo3::wrap_pyfunction!(parse_precert_poison))?;
+
     Ok(())
 }