[API Proposal]: Content-validating AsnDecoder.ReadEncodedValue

[vcsjones]

Background and motivation

Currently, the System.Formats.Asn1 package does not have a straightforward way to say, “Given some ReadOnlySpan<byte>, do all of the contents conform to a set of encoding rules?”, such as DER.

There is useful where we want to build APIs that accept ASN.1 and follows the encoding rules, but also don’t have context as to what the contents are actually supposed to be.

Developers that wish for this functionality on their own would need to use AsnDecoder (or AsnReader) and peek each tag, read, and advance the reader.

We’ve loosely built this ourselves, though not complete:

runtime/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/Helpers.cs

Line 271 in c6829b9

internal static void ValidateDer(ReadOnlySpan<byte> encodedValue)

Another example where this would be useful was the AddEncoded API that was proposed in #44738.

API Proposal

A new overload to ReadEncodedValue that accepts a bool validateInnerContents.

namespace System.Formats.Asn1
{
    public static class AsnDecoder
    {
        public static Asn1Tag ReadEncodedValue(
            ReadOnlySpan<byte> source,
            AsnEncodingRules ruleSet,
            bool validateInnerContents,
            out int contentOffset,
            out int contentLength,
            out int bytesConsumed);
    }
}

API Usage

The API usage is similar to ReadEncodedValue, with a new parameter that indicates if inner-content validation is performed. When false, it behaves exactly as ReadEncodedValue. When true, it performs document validation according to the encoding rules.

Alternative Designs

We could make this an entirely separate API:

namespace System.Formats.Asn1
{
    public static class AsnDecoder
    {
        public static bool ContentsAreValid(
            ReadOnlySpan<byte> source,
            AsnEncodingRules ruleSet);
    }
}

After thinking about it, I decided not to make this my initial proposal because I would envision still using ReadEncodedValue followed by an immediate call to ValidateContents. Rather than have something that does some work twice (reading the initial tag and such), I went with the overload.

Risks

No response

[dotnet-issue-labeler]

I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label.

[ghost]

Tagging subscribers to this area: @dotnet/area-system-formats-asn1
See info in area-owners.md if you want to be subscribed.

Issue Details

---

Background and motivation

Currently, the System.Formats.Asn1 package does not have a straightforward way to say, “Given some ReadOnlySpan<byte>, do all of the contents conform to a set of encoding rules?”, such as DER.

There is useful where we want to build APIs that accept ASN.1 and follows the encoding rules, but also don’t have context as to what the contents are actually supposed to be.

Developers that wish for this functionality on their own would need to use AsnDecoder (or AsnReader) and peek each tag, read, and advance the reader.

We’ve loosely built this ourselves, though not complete:

runtime/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/Helpers.cs

Line 27 in c6829b9

Another example where this would be useful was the AddEncoded API that was proposed in #44738.

API Proposal

A new overload to ReadEncodedValue that accepts a bool validateInnerContents.

namespace System.Formats.Asn1
{
    public static class AsnDecoder
    {
        public static Asn1Tag ReadEncodedValue(
            ReadOnlySpan<byte> source,
            AsnEncodingRules ruleSet,
            bool validateInnerContents,
            out int contentOffset,
            out int contentLength,
            out int bytesConsumed);
    }
}

API Usage

The API usage is similar to ReadEncodedValue, with a new parameter that indicates if inner-content validation is performed. When false, it behaves exactly as ReadEncodedValue. When true, it performs document validation according to the encoding rules.

Alternative Designs

We could make this an entirely separate API:

namespace System.Formats.Asn1
{
    public static class AsnDecoder
    {
        public static bool ValidateContents(
            ReadOnlySpan<byte> source,
            AsnEncodingRules ruleSet);
    }
}

After thinking about it, I decided not to make this my initial proposal because I would envision still using ReadEncodedValue followed by an immediate call to ValidateContents. Rather than have something that does some work twice (reading the initial tag and such), I went with the overload.

Risks

No response

Author:	vcsjones
Assignees:	-
Labels:	api-suggestion, untriaged, area-System.Formats.Asn1
Milestone:	-