RFC 5544 Implementation

[enri1196]

I've included all the structures for the RFC, there are still some problems with mixed encodings.

For reference: https://www.rfc-editor.org/rfc/rfc5544

[leotaku]

Thanks for pinging me! Could you maybe describe to me/give a code example of the "problems with mixed encoding"? Without the full context, it is quite hard for me to figure out the issue.

Also, unrelated, but I assume that if this format gets accepted it should be a new crate rather than part of cms?

[baloo]

I don't think I've seen it used except for CMS. I think it's fine there.

[baloo]

@enri1196 you wouldn't happen to be working on PE signatures by any chance? (if so, nixos folks are bringing up their own tooling to do it and this should be one of the pieces we were missing)

[enri1196]

@baloo No, I did not know about the project from nixos folks. I’m happy to know that this PR can help them, can you show me something about it?

@leotaku I’m still investigating this problem ‘cause I’m still not sure if I’m the one doing things wrong or there’s a problem with the way some of the documents at my current job are generated. Let me know if for your use case everything is alright. Thanks in advance.

[baloo]

Most of it happens on matrix: https://matrix.to/#/#secure-boot:nixos.org but otherwise:

• https://github.com/m4b/goblin - the library used for parsing and writing of PE
• https://github.com/RaitoBezarius/goblin-signing - where most of the logic for signing is intended to go.

[baloo]

This looks good to me, but I'd like to run this against goblin before merging that (I think it will require a couple of AssociatedOid)

[enri1196]

any news?

[baloo]

I didn't have time to integrate that with a builder quite yet. But I don't see much of an issue with merging this. I will want to revisit at a later date to add the builder side though.