synta 0.2.1

ASN.1 parser, decoder, and encoder library with DER/BER support and C FFI
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163

//! Example: Parsing X.509 certificate structure
//!
//! This example demonstrates how to parse the basic structure of an
//! X.509 certificate using Synta. It shows how to navigate through
//! the certificate's ASN.1 structure.
//!
//! Note: This is a basic structural parser, not a full X.509 validator.
//! For production use, consider using a dedicated X.509 library.
//!
//! Run with: cargo run --example parse_certificate

use std::str::FromStr;
use synta::{BitStringRef, Decoder, Element, Encoding, ObjectIdentifier, Sequence};

fn main() {
    println!("=== X.509 Certificate Structure Parser ===\n");

    // A minimal self-signed certificate (DER-encoded)
    // This is a simplified example certificate
    let cert_data = create_example_certificate();

    println!("Certificate size: {} bytes", cert_data.len());
    println!(
        "First 32 bytes: {:02X?}...\n",
        &cert_data[..32.min(cert_data.len())]
    );

    // Parse the certificate
    match parse_certificate(&cert_data) {
        Ok(()) => println!("\nCertificate parsed successfully!"),
        Err(e) => println!("\nError parsing certificate: {:?}", e),
    }
}

fn parse_certificate(data: &[u8]) -> synta::Result<()> {
    // X.509 Certificate structure:
    // Certificate ::= SEQUENCE {
    //     tbsCertificate       TBSCertificate,
    //     signatureAlgorithm   AlgorithmIdentifier,
    //     signatureValue       BIT STRING
    // }

    let mut decoder = Decoder::new(data, Encoding::Der);
    let cert: Sequence = decoder.decode()?;
    let cert_elements = cert.into_elements()?;

    println!(
        "Certificate is a SEQUENCE with {} elements",
        cert_elements.len()
    );

    if cert_elements.len() < 3 {
        println!("Warning: Expected at least 3 elements (tbsCertificate, signatureAlgorithm, signatureValue)");
        return Ok(());
    }

    // Parse TBSCertificate
    if let Element::Sequence(tbs) = &cert_elements[0] {
        println!("\n1. TBSCertificate (To-Be-Signed Certificate):");
        let tbs_els = tbs.clone().into_elements()?;
        println!("   {} elements", tbs_els.len());
        parse_tbs_certificate(&tbs_els);
    }

    // Parse SignatureAlgorithm
    if let Element::Sequence(sig_alg) = &cert_elements[1] {
        println!("\n2. Signature Algorithm:");
        parse_algorithm_identifier(sig_alg);
    }

    // Parse SignatureValue
    match &cert_elements[2] {
        Element::BitString(sig) => {
            println!("\n3. Signature Value:");
            println!(
                "   {} bytes (unused bits: {})",
                sig.as_bytes().len(),
                sig.unused_bits()
            );
        }
        _ => println!("\n3. Signature Value: Unexpected type"),
    }

    Ok(())
}

fn parse_tbs_certificate(tbs_elements: &[Element<'_>]) {
    // TBSCertificate has many fields, we'll show a few
    for (i, element) in tbs_elements.iter().enumerate() {
        match element {
            Element::Integer(version) if i == 0 => {
                // Version is usually [0] EXPLICIT
                println!("   - Version/Field {}: {:?} bytes", i, version.as_bytes());
            }
            Element::Integer(serial) => {
                println!("   - Serial Number: {} bytes", serial.as_bytes().len());
            }
            Element::Sequence(seq) => {
                let len = seq.iter().count();
                println!("   - SEQUENCE at position {}: {} elements", i, len);
            }
            _ => {}
        }
    }
}

fn parse_algorithm_identifier(alg: &Sequence<'_>) {
    // AlgorithmIdentifier ::= SEQUENCE {
    //     algorithm    OBJECT IDENTIFIER,
    //     parameters   ANY DEFINED BY algorithm OPTIONAL
    // }

    if let Some(Ok(Element::ObjectIdentifier(oid))) = alg.iter().next() {
        println!("   Algorithm OID: {}", oid);

        // Try to identify common algorithms
        let oid_str = oid.to_string();
        let name = match oid_str.as_str() {
            "1.2.840.113549.1.1.1" => "RSA Encryption",
            "1.2.840.113549.1.1.5" => "SHA-1 with RSA",
            "1.2.840.113549.1.1.11" => "SHA-256 with RSA",
            "1.2.840.10045.4.3.2" => "ECDSA with SHA-256",
            _ => "Unknown",
        };
        println!("   Algorithm: {}", name);
    }

    if alg.iter().count() > 1 {
        println!("   Has parameters: yes");
    }
}

fn create_example_certificate() -> Vec<u8> {
    // Create a minimal certificate-like structure for demonstration
    // This is NOT a valid certificate, just shows the structure

    use synta::Integer;
    use synta::ToDer;

    // TBSCertificate (simplified)
    let mut tbs = Sequence::new();
    tbs.push(Element::Integer(Integer::from(2))); // Version
    tbs.push(Element::Integer(Integer::from(123456))); // Serial number

    // Signature Algorithm
    let mut sig_alg = Sequence::new();
    sig_alg.push(Element::ObjectIdentifier(
        ObjectIdentifier::from_str("1.2.840.113549.1.1.11").unwrap(),
    )); // SHA-256 with RSA

    // Signature Value
    let signature_data = vec![0xDE, 0xAD, 0xBE, 0xEF];
    let signature = BitStringRef::new(&signature_data, 0).unwrap();

    // Certificate
    let mut cert = Sequence::new();
    cert.push(Element::Sequence(tbs));
    cert.push(Element::Sequence(sig_alg));
    cert.push(Element::BitString(signature));

    // Encode
    cert.to_der().unwrap()
}