asn1rs icon indicating copy to clipboard operation
asn1rs copied to clipboard

Published 20 hours ago verified publisher icon kellerkindt

Port asn1c X.509 and LDAPv3 examples

Open awakecoding opened this issue 6 years ago • 6 comments

asn1c (https://github.com/vlm/asn1c) is arguably one of the most known and complete ASN.1 compilers. It has a few examples for common ASN.1 modules, such as X.509 and LDAPv3. If you compile asn1c from source with the examples, there's a script that generates the .asn1 files from the RFCs directly.

I pre-generated those for X.509 and LDAP3 and added them here for reference: https://github.com/Devolutions/asn1rs/tree/examples/examples

For X.509, both the explicit and implicit modules are generated, I don't know which one is better.

I know the current readme says asn1rs won't work with most elaborate ASN.1 modules, but if there are complex ones it should support first, it should be X.509 and LDAPv3 :) I tried and both fail at this point, but I don't know enough of ASN.1 and asn1rs to see which part of the file is not handled correctly.

In all cases, it should be a good thing to include "clean" .asn1 files for useful specifications, known to work with asn1rs. With no_std support, imagine being able to a complete X.509 certificate parser and writer that works in WebAssembly, that would be amazing :)

awakecoding avatar May 31 '19 20:05 awakecoding

I have a small list of features that are needed for my project. I'm sure that most of them should be implemented for X.509 but I'll write them anyway:

  • [x] Tags
  • [x] SET and SET OF
  • [x] OPTIONAL for tags
  • [x] INTEGER without range (Can be treated like INTEGER(0,MAX))

masihyeganeh avatar Apr 12 '20 10:04 masihyeganeh

For LDAP, at least the following features are missing:

For X.509 Implicit, at least these features are missing:

For X.509 Explicit, at least these features are missing:

(found by manually reading through the file)

kellerkindt avatar Oct 14 '20 12:10 kellerkindt

Hello @kellerkindt I see that you are still actively developing. Can I request implementation of these two? These were stopper last time I wanted to implement DER encoding. They are so straightforward and easy to implement but I couldn't find the right place for them in your architecture. Thanks

masihyeganeh avatar Jun 11 '21 14:06 masihyeganeh

@masihyeganeh I haven't followed up on this ticket specifically, but since you're here, we've built our own ASN.1 framework in Rust called picky-rs since then. It is not an ASN.1 compiler, but it lets you define structures with serde that will automatically map to ASN.1 DER. I don't know what your use case it, but maybe it can fit your needs.

awakecoding avatar Jun 11 '21 15:06 awakecoding

Thanks @awakecoding for your suggestion but actually asn1rs is better fit for my project. I already have many complex asn1 files that needs to be converted to readable rust structs to parse der encoded traffic. asn1rs can almost do all I need but lack of support for DER (that is really easy to implement) prevents me from using it.

masihyeganeh avatar Jun 11 '21 15:06 masihyeganeh

@masihyeganeh sure, I totally understand. I haven't really given up on the ASN.1 compiler idea, but in order to get things working the serde_asn1_der approach worked very well for us. It's always difficult to find a compiler that handles all the types you need. I wonder if we couldn't attempt modifying asn1rs to generate code that picky-rs can consume, but that would be a project for another time :) is your project open source? I'm curious to see which ASN.1 data structures you have to deal with

awakecoding avatar Jun 11 '21 15:06 awakecoding