librasn
Replies: 3 comments 4 replies
-
|
Thank you for question! Zero-copy is something I've considered, but right now it's been on the back burner over other work, for a couple of reasons. One is that zero-copy is usually not as fast as copying parsers (the reason being that, you have to hold both the parsed structure and the original source which may be much larger in memory.) The second reason is that zero-copy makes things a lot more complicated on the trait boundary and in the implementations. With zero-copy there would need to a lot of changes to the traits, because currently the
This is not true, DER is canonical, which means that it must always produce the same encoded data for the same value, so there should be no concern for re-encoding the value. |
Beta Was this translation helpful? Give feedback.
-
|
Ah, I see that the Decoder trait builds owned values. I personally wouldn't need zero-copy to be used everywhere possible, just to make sure that a custom Decode impl can keep a reference to the input. Re re-encoding values and canonicity, I have doubts in practice. Which means that either the decoder enforces canonicity and rejects certain certs that appear in the wild, or some DER data won't actually round trip. |
Beta Was this translation helpful? Give feedback.
-
I don't think that's correct, what's happening here, is that you have two different values that could be considered equal, but to ASN.1 they are different values, and thus have different encodings. There needs to be an additional check to see if the algortihms are semantically equivalent but they are still different values and will have a different encoding. Canonicity in ASN.1 is different from normalised in X.509. |
Beta Was this translation helpful? Give feedback.
-
|
@XAMPPRocky I have been wondering if there has been any work in this regard to support getting the parsed byte array value without using encode() again. Currently, similar to @g2p, I use encode to get the parsed data but I am wondering if it would be possible to get the start index and end index of the parsed data from |
Beta Was this translation helpful? Give feedback.
-
|
You can get that by getting the remaining data from the decoder and getting |
Beta Was this translation helpful? Give feedback.
-
|
I meant that, say I have the following: pub mod csca_master_list {
extern crate alloc;
use rasn::prelude::*;
use rasn_pkix::Certificate;
pub type CscaMasterListCertList = SetOf<Certificate>;
pub type CscaMasterListVersion = Integer;
#[derive(AsnType, Debug, Clone, Decode, Encode, PartialEq, Eq)]
pub struct CscaMasterList {
pub version: CscaMasterListVersion,
pub cert_list: CscaMasterListCertList,
}and I want to get only the (I also realized after asking this question that I created a similar issue many months ago #245) |
Beta Was this translation helpful? Give feedback.
-
|
That's not currently possible, and not currently planned because it would require a lot of changes to be possible and couldn't be supported in every codec. |
Beta Was this translation helpful? Give feedback.
-
I'm considering the rasn crates because many protocols are already implemented in a fairly readable way. For the specific case of OCSP, and I suppose PKIX is similar, I'd like to extract views over parsed data so that I can verify that signatures over the tbs parts are valid.
(I could reserialize to get bytes again but that would be a dubious hack, especially for something security relevant).
Zero-copy parsers would make this possible, and I don't think the trait would need much tweaking. But some things would still need to be fairly manual, using the concrete
der::de::Decoderstruct, with some decode/encode asymmetry (so that encoding doesn't require providing the extra view).While on the topic of zero copy, other bits of data would benefit from these kinds of encoded data views, like certids which are better compared in binary.
I haven't explored this much more, is this a use case you would give consideration?
Beta Was this translation helpful? Give feedback.
All reactions