X-Git-Url: http://www.git.cypherpunks.ru/?p=pyderasn.git;a=blobdiff_plain;f=doc%2Ffeatures.rst;h=fd7bb7d71df35a275abdf52c5e8d904fa6fd62dd;hp=c18c83d9720c56ad8cd66d774ee3d61adc4ceda1;hb=HEAD;hpb=28b62f6a6edff52262d6488ebf09ce8b5a45961c diff --git a/doc/features.rst b/doc/features.rst index c18c83d..5cfabee 100644 --- a/doc/features.rst +++ b/doc/features.rst @@ -1,48 +1,78 @@ +.. _features: + Features ======== -* BER/CER/DER decoding, DER encoding +* BER/CER/DER decoding, strict DER validation, DER/CER encoding * Basic ASN.1 data types (X.208): BOOLEAN, INTEGER, BIT STRING, OCTET STRING, NULL, OBJECT IDENTIFIER, ENUMERATED, all strings, UTCTime, GeneralizedTime, CHOICE, ANY, SEQUENCE (OF), SET (OF) * Size :ref:`constraints ` checking * Working with sequences as high level data objects with ability to (un)marshall them -* Python 2.7/3.5/3.6 compatibility +* Python 3.5+ compatibility (2.7 dropped in version 9.0) * Aimed to be complaint with `X.690-201508 `__ +* Streaming decoding and encoding capabilities, allowing working with + very small memory footprint Why yet another library? `pyasn1 `__ had all of this a long time ago. PyDERASN resembles it in many ways. In practice it should be relatively easy to convert ``pyasn1``'s code to -``pyderasn``'s one. But additionally it offers: +``pyderasn``'s one. +Also there is `asn1crypto `__. * Small, simple and trying to be reviewable code. Just a single file -* Automatic decoding of :ref:`DEFINED BY ` fields * Ability to know :ref:`exact decoded ` objects offsets and lengths inside the binary -* :ref:`Pretty printer ` and command-line decoder, that could - conveniently replace utilities like either ``dumpasn1`` or - ``openssl asn1parse`` +* Automatic decoding of :ref:`DEFINED BY ` fields +* Ability to know exact decoded field presence, emptiness: for example + ``SEQUENCE`` can lack ``OPTIONAL SEQUENCE OF`` field, but also can + have it with no elements inside +* **Strict** DER-encoding checks. If whole input binary is parsed, then + it must be completely valid DER-encoded structure +* Ability to allow BER-encoded data with knowing if any of specified + field has either DER or BER encoding (or possibly indefinite-length + encoding). For example + `CMS `__ + structures allow BER encoding for the whole message, except for + ``SignedAttributes`` -- you can easily verify your CMS satisfies that + requirement +* Ability to use mmap-ed files, memoryviews, iterators, 2-pass DER + encoding mode and CER encoder dealing with the writer, giving ability + to create huge ASN.1 encoded files with very little memory footprint +* Ability to decode files in event generation mode, without the need to + keep all the data and decoded structures (that takes huge quantity of + memory in all known ASN.1 libraries) in the memory +* ``__slots__``, ``copy.copy()`` friendliness +* Workability with ``pickle`` +* `Cython `__ compatibility +* Extensive and comprehensive + `hypothesis `__ + driven tests coverage. It also has been fuzzed with + `python-afl `__ * Some kind of strong typing: SEQUENCEs require the exact **type** of - settable values, even when they are inherited -* However they do not require tags matching: IMPLICIT/EXPLICIT tags will - be set automatically in the given sequence + settable values, even when they are inherited (assigning ``Integer`` + to the field with the type ``CMSVersion(Integer)`` is not allowed) +* However they do not require exact tags matching: IMPLICIT/EXPLICIT + tags will be set automatically in the given sequence (assigning of + ``CMSVersion()`` object to the field ``CMSVersion(expl=...)`` will + automatically set required tags) * Descriptive errors, like ``pyderasn.DecodeError: UTCTime (tbsCertificate:validity:notAfter:utcTime) (at 328) invalid UTCTime format`` -* ``__slots__`` friendliness -* Could be significantly faster. For example parsing of CACert.org's CRL - under Python 3.5.2: - - :``python -m pyderasn revoke.crl``: - ~2 min (``pyderasn == 1.0``) - :``python -m pyderasn --schema path.to.CertificateList revoke.crl``: - ~38 sec (``pyderasn == 1.0``) - :``pyasn1.decode(asn1Spec=pyasn1.CertificateList())``: - ~22 min (``pyasn1 == 0.2.3``) - -There are drawbacks: - -* No old Python versions support -* Strings are not validated in any way, except just trying to be decoded - in ``ascii``, ``iso-8859-1``, ``utf-8/16/32`` correspondingly -* No REAL, RELATIVE OID, EXTERNAL, INSTANCE OF, EMBEDDED PDV, CHARACTER STRING +* Could be significantly :ref:`faster ` and have lower memory usage +* :ref:`Pretty printer ` and + :ref:`command-line decoder `, that could + conveniently replace utilities like either ``dumpasn1`` or + ``openssl asn1parse`` + + .. figure:: pprinting.webp + :alt: Pretty printing example output + + An example of pretty printed X.509 certificate with automatically + parsed DEFINED BY fields. +* :ref:`ASN.1 browser ` + + .. figure:: browser.webp + :alt: ASN.1 browser example + + An example of browser running.