Comments (3)
geitda
commented on June 11, 2024
You're conflating the ASN.1 types NULL and VOID with each other.
The Python None type corresponds to ASN.1 type VOID and produces no output when dumped.
The Python Null type (unsurprisingly) corresponds to ASN.1 type NULL and has some logic built into it so that it DOES dump an actual NULL some of the time. Classes that inherit _ForceNullParameters (see algos.py) will be handled correctly.
Imagine that you really do want to force the generation of the PublicKeyAlgorithm to omit the parameters. You MUST pass Python None to get that behavior.
# Defaults to Null when omitted
>>> PublicKeyAlgorithm({'algorithm': 'rsa'})['parameters']
<asn1crypto.core.Null 3026224464848 b'\x05\x00'>
# Explicitly providing None forces generating Void
>>> PublicKeyAlgorithm({'algorithm': 'rsa', 'parameters': None})['parameters']
<asn1crypto.core.Void 3026223057680 b''>
# Your last example explicitly passing Null() works the same as when omitted
>>> PublicKeyAlgorithm({'algorithm': 'rsa', 'parameters': Null()})['parameters']
<asn1crypto.core.Null 3026224466576 b'\x05\x00'>
from asn1crypto.
geitda
commented on June 11, 2024
So I found where this behavior can be non-intuitive: round-tripping or copying from one object to another with native OrderedDict representation.
Although the three examples above are all correct, you can elicit some breakage if you "serialize" the object to native, and reconstruct.
>>> omitted = PublicKeyAlgorithm({'algorithm': 'rsa'})
>>> round_tripped = PublicKeyAlgorithm(omitted.native) # This should be identical, right?
>>> omitted.dump() == round_tripped.dump()
False
>>> omitted.native # Here's why
OrderedDict([('algorithm', 'rsa'), ('parameters', None)])
The native representation has to use a None to describe the lack of 'parameters' (as the ASN.1 schema says it's optional).
But if you reconstruct a PublicKeyAlgorithm object with the explicit None it will instantiate with a Void, leaving it out entirely. If you need to use the constructor, be mindful.
I'm not sure if there's anything to be fixed within asn1crypto as the three situations (omitted, None, or Null()) are behaving the way I'd expect them to, it's just a quirk that round-tripping won't be identical.
# If you rely on native representation, it WILL be lossy
>>> type(PublicKeyAlgorithm({'algorithm': 'rsa'})['parameters'].native)
<class 'NoneType'>
>>> type(PublicKeyAlgorithm({'algorithm': 'rsa', 'parameters': None})['parameters'].native)
<class 'NoneType'>
>>> type(PublicKeyAlgorithm({'algorithm': 'rsa', 'parameters': Null()})['parameters'].native)
<class 'NoneType'>
from asn1crypto.
joernheissler
commented on June 11, 2024
The "native" representation isn't intended to retain all information:
>>> GraphicString("Hello").dump() == VisibleString("Hello").dump()
False
>>> GraphicString("Hello").native == VisibleString("Hello").native
TrueIf you're writing code that needs to emit different algorithms, either leave out the parameters when not needed, or always specify them with the correct value.
>>> PublicKeyAlgorithm({"algorithm": "rsa"}).dump().hex()
'300d 0609 2a864886f70d010101 0500'
>>> PublicKeyAlgorithm({"algorithm": "ed25519"}).dump().hex()
'3005 0603 2b6570'ASN.1 and its encodings are confusing and error-prone, the standards (like X.509) building upon it even more so.
Perhaps documentation could be improved, e.g. a "common pitfalls" page.
from asn1crypto.
Related Issues (20)
- ERROR: No matching distribution found for ans1crypto HOT 1
- Bug in commit 'Handle BER-encoded indefinite length values better' HOT 7
- How to parse certificate_policies_value HOT 4
- CI Test throw error due to expired certificate HOT 1
- Error parsing Microsoft Root Agency Certificate HOT 2
- What is the difference between x509.Certificate.contents and x509.Certificate.dump() HOT 2
- Calling dump on a SignedData object took 30 seconds HOT 12
- How to add support for custom OIDs in the x509 module HOT 1
- Issue report: x509.Name fails to process the TCG OIDs (2.23.133.2.*) HOT 8
- Crash with UTF8String in Subject (akash provider certificates) HOT 2
- OCSP response extension parsing fails HOT 1
- ValueError: Hash algorithm not known for rsassa_pkcs1v15 HOT 3
- Error parsing valid EncryptedContentInfo HOT 6
- Support Python 3.12 HOT 1
- NameTypeAndValue of type "unique_indentifier" cannot be prepared
- Please make a new release HOT 2
- pem.unarmor very poor performance
- v1.5.1 CMSAttributes does not return a DER from dump() making message digest from a CMS confusing HOT 3
- How to sign the signed_attrs? How was the test file cms-signed.der created? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from asn1crypto.