std.crypto: Add ASN1 module with OIDs and DER - zig - General-purpose programming language and toolchain for maintaining robust, optimal, and reusable software. https://ziglang.org

diff options

author	clickingbuttons <clickingbuttons@pm.me>	2024-05-15 13:54:20 -0400
committer	clickingbuttons <clickingbuttons@pm.me>	2024-05-15 15:59:24 -0400
commit	330d353d6e09ac1d48dedd1bfc127f81021b4b1f (patch)
tree	16b6287690c4084d3a3a23433c10289a5a6e7f85 /lib/std/Build/Step
parent	6a65561e3e5f82f126ec4795e5cd9c07392b457b (diff)
download	zig-330d353d6e09ac1d48dedd1bfc127f81021b4b1f.tar.gz zig-330d353d6e09ac1d48dedd1bfc127f81021b4b1f.zip

std.crypto: Add ASN1 module with OIDs and DER

Add module for mapping ASN1 types to Zig types. See `asn1.Tag.fromZig` for the mapping. Add DER encoder and decoder. See `asn1/test.zig` for example usage of every ASN1 type. This implementation allows ASN1 tags to be overriden with `asn1_tag` and `asn1_tags`: ```zig const MyContainer = (enum | union | struct) { field: u32, pub const asn1_tag = asn1.Tag.init(...); // This specifies a tag's class, and if explicit, additional encoding // rules. pub const asn1_tags = .{ .field = asn1.FieldTag.explicit(0, .context_specific), }; }; ``` Despite having an enum tag type, ASN1 frequently uses OIDs as enum values. This is supported via an `pub const oids` field. ```zig const MyEnum = enum { a, pub const oids = asn1.Oid.StaticMap(MyEnum).initComptime(.{ .a = "1.2.3.4", }); }; ``` Futhermore, a container may choose to implement encoding and decoding however it deems fit. This allows for derived fields since Zig has a far more powerful type system than ASN1. ```zig // ASN1 has no standard way of tagging unions. const MyContainer = union(enum) { derived: PowerfulZigType, const WeakAsn1Type = ...; pub fn encodeDer(self: MyContainer, encoder: *der.Encoder) !void { try encoder.any(WeakAsn1Type{...}); } pub fn decodeDer(decoder: *der.Decoder) !MyContainer { const weak_asn1_type = try decoder.any(WeakAsn1Type); return .{ .derived = PowerfulZigType{...} }; } }; ``` An unfortunate side-effect is that decoding and encoding cannot have complete complete error sets unless we limit what errors users may return. Luckily, PKI ASN1 types are NOT recursive so the inferred error set should be sufficient. Finally, other encodings are possible, but this patch only implements a buffered DER encoder and decoder. In an effort to keep the changeset minimal this PR does not actually use the DER parser for stdlib PKI, but a tested example of how it may be used for Certificate is available [here.](https://github.com/clickingbuttons/asn1/blob/69c5709d/src/Certificate.zig) Closes #19775.

Diffstat (limited to 'lib/std/Build/Step')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: