zig icon indicating copy to clipboard operation
zig copied to clipboard
verified publisher icon ziglang

std.crypto: Add ASN1 module with OIDs and DER

Open clickingbuttons opened this issue 1 year ago • 3 comments

Add module for mapping ASN1 types to Zig types. See asn1.Tag.fromZig for the mapping. Add DER encoder and decoder.

See asn1/test.zig for example usage of every ASN1 type.

This implementation allows ASN1 tags to be overriden with asn1_tag and asn1_tags:

const MyContainer = (enum | union | struct) {
    field: u32,

    pub const asn1_tag = asn1.Tag.init(...);

    // This specifies a tag's class, and if explicit, additional encoding
    // rules.
    pub const asn1_tags = .{
        .field = asn1.FieldTag.explicit(0, .context_specific),
    };
};

Despite having an enum tag type, ASN1 frequently uses OIDs as enum values. This is supported via an pub const oids field.

const MyEnum = enum {
    a,

    pub const oids = asn1.Oid.StaticMap(MyEnum).initComptime(.{
        .a = "1.2.3.4",
    });
};

Futhermore, a container may choose to implement encoding and decoding however it deems fit. This allows for derived fields since Zig has a far more powerful type system than ASN1.

// ASN1 has no standard way of tagging unions.
const MyContainer = union(enum) {
    derived: PowerfulZigType,

    const WeakAsn1Type = ...;

    pub fn encodeDer(self: MyContainer, encoder: *der.Encoder) !void {
        try encoder.any(WeakAsn1Type{...});
    }

    pub fn decodeDer(decoder: *der.Decoder) !MyContainer {
        const weak_asn1_type = try decoder.any(WeakAsn1Type);
        return .{ .derived = PowerfulZigType{...} };
    }
};

An unfortunate side-effect is that decoding and encoding cannot have complete complete error sets unless we limit what errors users may return. Luckily, PKI ASN1 types are NOT recursive so the inferred error set should be sufficient.

Finally, other encodings are possible, but this patch only implements a buffered DER encoder and decoder.

In an effort to keep the changeset minimal this PR does not actually use the DER parser for stdlib PKI, but a tested example of how it may be used for Certificate is available here.

Closes #19775.

clickingbuttons avatar May 15 '24 19:05 clickingbuttons

Looks very nice.

Proper documentation and exemples for all public function would be very useful to understand how to use this.

jedisct1 avatar May 15 '24 23:05 jedisct1

I'd love to use this to get rid of that horror :)

jedisct1 avatar May 15 '24 23:05 jedisct1

asn1/test.zig is the user's manual.

I've added a few comments and a der.encode and der.decode test.

Let me know where you believe the documentation to be insufficient and I can write some.

Edit: I've also added some lapo.it URLs for two example tests. This web tool is useful for interactively inspecting DER.

clickingbuttons avatar May 16 '24 17:05 clickingbuttons

@jedisct1 Ping.

clickingbuttons avatar May 30 '24 14:05 clickingbuttons

@clickingbuttons Has there been a discussion about the maximum-supported OID arc size?

The OID FAQ explains how arbitrarily large OIDs are handled in reference implementations. OpenSSL, for instance, automatically switches to a BigNumber library when an OID arc exceeds 2^32 - 1 [1]. This seems extreme for the zig std library, but a compromise should be decided.

You defined Arc as u32, which may be a fair implementation.

alexgdiaz98 avatar Jan 16 '25 03:01 alexgdiaz98

No discussion yet. I chose u32 based off of this paragraph:

At the moment, the longest OID described in the OID repository has 171 chars and 34 arcs

thesmartwon avatar Feb 23 '25 01:02 thesmartwon

Thank you

andrewrk avatar Feb 23 '25 01:02 andrewrk