2
0
Fork
You've already forked synta
1
Synta is a high-performance Rust library for ASN.1 (Abstract Syntax Notation One) parsing, decoding, and encoding. The name "Synta" is derived from "Syntax" (the "S" in ASN.1), emphasizing the library's focus on clean, well-structured syntax handling.
  • Rust 82.7%
  • Python 10.7%
  • C 4.1%
  • Shell 1.8%
  • Makefile 0.6%
Alexander Bokovoy 3d649b8012
All checks were successful
CI / Rustfmt (pull_request) Successful in 2m19s
CI / Ruff (pull_request) Successful in 11m3s
CI / Markdown TOC (pull_request) Successful in 11m5s
CI / Python Doc Samples (pull_request) Successful in 11m12s
CI / Build (pull_request) Successful in 17m28s
CI / C FFI Tests (pull_request) Successful in 7m13s
CI / C/C++ Doc Samples (pull_request) Successful in 7m36s
CI / synta-codegen Tests (pull_request) Successful in 11m53s
CI / synta-krb5 Tests (pull_request) Successful in 12m39s
CI / Rust Doc Samples (pull_request) Successful in 15m26s
CI / Documentation (pull_request) Successful in 19m1s
CI / Serde Tests and Examples (pull_request) Successful in 20m41s
CI / synta-mtc Tests (pull_request) Successful in 21m9s
CI / Clippy (pull_request) Successful in 22m12s
CI / synta-certificate Tests (pull_request) Successful in 22m25s
CI / Simulate benchmarks (pull_request) Successful in 32m20s
CI / Python Bindings Tests (pull_request) Successful in 34m7s
CI / Test Suite on Rust (pull_request) Successful in 35m31s
CI / Rustfmt (push) Successful in 2m21s
CI / Ruff (push) Successful in 11m3s
CI / Python Doc Samples (push) Successful in 11m2s
CI / Markdown TOC (push) Successful in 11m28s
CI / Build (push) Successful in 17m33s
CI / C FFI Tests (push) Successful in 8m28s
CI / C/C++ Doc Samples (push) Successful in 8m55s
CI / synta-codegen Tests (push) Successful in 11m44s
CI / Rust Doc Samples (push) Successful in 12m26s
CI / synta-krb5 Tests (push) Successful in 13m20s
CI / Serde Tests and Examples (push) Successful in 20m52s
CI / synta-mtc Tests (push) Successful in 21m14s
CI / Documentation (push) Successful in 21m36s
CI / synta-certificate Tests (push) Successful in 22m33s
CI / Clippy (push) Successful in 23m1s
CI / Simulate benchmarks (push) Successful in 32m36s
CI / Python Bindings Tests (push) Successful in 34m29s
CI / Test Suite on Rust (push) Successful in 35m47s
chore(changelog): add CHANGELOG.md for synta-python-common/krb5/mtc sub-crates
These three crates were missing changelogs entirely; release.py warned
14/14 → 11/14 because they weren't found. Add initial changelog files
covering 0.2.3–0.2.6 so future releases update them automatically.
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2026年06月10日 13:56:48 +03:00
.claude/agents docs: update cross-references to point to new docs/python/ mdBook 2026年04月06日 23:16:29 +03:00
.github/workflows workflow(ci): switch to hummingbird-rawhide images 2026年05月09日 15:18:28 +03:00
asn1 feat(mtc): change CosignerID to OBJECT IDENTIFIER (TrustAnchorID) 2026年05月27日 19:31:16 +03:00
cmake cmake: update FindSynta for libcsynta rename 2026年02月25日 22:56:18 +02:00
contrib release: v0.2.6 2026年06月10日 13:32:54 +03:00
docs docs(mtc): document new builder, validator, and utility types in synta.mtc 2026年06月10日 12:37:19 +03:00
examples example(python-mtc): demonstrate builder and validator APIs 2026年06月10日 13:06:57 +03:00
include feat(ffi/cms): add ContentInfo parser API and EncryptedData encrypt/decrypt 2026年03月13日 16:05:49 +02:00
python docs(mtc): document new builder, validator, and utility types in synta.mtc 2026年06月10日 12:37:19 +03:00
src feat(integer): encode certificate serial numbers correctly 2026年05月02日 08:31:28 +03:00
synta-bench release: v0.2.6 2026年06月10日 13:32:54 +03:00
synta-cbor release: v0.2.6 2026年06月10日 13:32:54 +03:00
synta-certificate release: v0.2.6 2026年06月10日 13:32:54 +03:00
synta-codegen release: v0.2.6 2026年06月10日 13:32:54 +03:00
synta-derive release: v0.2.6 2026年06月10日 13:32:54 +03:00
synta-ffi release: v0.2.6 2026年06月10日 13:32:54 +03:00
synta-fuzz release: v0.2.6 2026年06月10日 13:32:54 +03:00
synta-krb5 release: v0.2.6 2026年06月10日 13:32:54 +03:00
synta-mtc release: v0.2.6 2026年06月10日 13:32:54 +03:00
synta-python release: v0.2.6 2026年06月10日 13:32:54 +03:00
synta-python-common chore(changelog): add CHANGELOG.md for synta-python-common/krb5/mtc sub-crates 2026年06月10日 13:56:48 +03:00
synta-python-krb5 chore(changelog): add CHANGELOG.md for synta-python-common/krb5/mtc sub-crates 2026年06月10日 13:56:48 +03:00
synta-python-mtc chore(changelog): add CHANGELOG.md for synta-python-common/krb5/mtc sub-crates 2026年06月10日 13:56:48 +03:00
synta-tools release: v0.2.6 2026年06月10日 13:32:54 +03:00
synta-x509-verification release: v0.2.6 2026年06月10日 13:32:54 +03:00
tests feat(integer): encode certificate serial numbers correctly 2026年05月02日 08:31:28 +03:00
.gitignore chore: bump version to 0.2.0 2026年05月01日 12:22:07 +03:00
.gitmessage docs(contribution): add commit template and document Fixes: trailer 2026年03月01日 17:19:52 +02:00
build.rs synta: move C FFI to dedicated synta-ffi crate 2026年02月25日 22:56:18 +02:00
Cargo.lock release: v0.2.6 2026年06月10日 13:32:54 +03:00
Cargo.toml release: v0.2.6 2026年06月10日 13:32:54 +03:00
cbindgen.toml Configure cbindgen for C header generation 2026年02月24日 00:49:20 +02:00
CHANGELOG.md release: v0.2.6 2026年06月10日 13:32:54 +03:00
deny.toml deny: add cargo-deny configuration 2026年03月13日 14:58:30 +02:00
LICENSE-APACHE Add license files 2026年03月11日 14:15:12 +02:00
LICENSE-MIT Add license files 2026年03月11日 14:15:12 +02:00
pyproject.toml release: v0.2.6 2026年06月10日 13:32:54 +03:00
README.md docs: document composite ML-DSA support (draft-ietf-lamps-pq-composite-sigs-19) 2026年05月23日 21:57:17 +03:00
rust-synta.spec chore(release): bump version to 0.2.5 2026年06月09日 13:59:21 +03:00
rust2rpm.toml contrib: convert individual crate specs to rust2rpm 2026年04月16日 16:58:54 +03:00
synta.pc.in synta-ffi: update pkg-config template 2026年02月26日 11:23:58 +02:00

Synta

Table of Contents generated with DocToc

High-performance Rust library for ASN.1 parsing, encoding, and decoding.

~0.48 μs per X.509 certificate parse-only — ×ばつ faster than the next-best pure-Rust implementation, ×ばつ faster than NSS. See docs/performance.md.

Installation

[dependencies]
synta = "0.1"
# With serde Serialize/Deserialize support
synta = { version = "0.1", features = ["serde"] }
# no_std with alloc
synta = { version = "0.1", default-features = false, features = ["alloc"] }

Quick Start

Decode and encode a primitive type:

usesynta::{Decoder,Encoder,Encoding,Integer};letdata=&[0x02,0x01,0x2A];// DER INTEGER 42
letmutdecoder=Decoder::new(data,Encoding::Der);letvalue: Integer=decoder.decode().unwrap();assert_eq!(value.as_i64().unwrap(),42);letmutencoder=Encoder::new(Encoding::Der);encoder.encode(&value).unwrap();assert_eq!(encoder.finish().unwrap(),data);

Typed parsing with derive macros — the recommended approach for production use:

use synta::{Decoder, Encoding, Integer, ObjectIdentifier};
use synta_derive::Asn1Sequence;
#[derive(Asn1Sequence)]
struct AlgorithmIdentifier {
 pub algorithm: ObjectIdentifier,
 #[asn1(optional)]
 pub parameters: Option<Integer>,
}
let mut decoder = Decoder::new(der_bytes, Encoding::Der);
let alg: AlgorithmIdentifier = decoder.decode()?;

Typed decoding generates compile-time-specialised, inlined decode paths and is×ばつ faster than equivalent generic Element traversal.

See docs/tutorial.md for a step-by-step introduction and docs/usage.md for the full API guide.

Features

Core ASN.1 codec

  • Typed parsingAsn1Sequence, Asn1Choice, Asn1Set derive macros generate compile-time-specialised decoders; ×ばつ faster than generic Element traversal
  • Zero-copyRawDer<'a>, OctetStringRef<'a>, BitStringRef<'a> borrow from the input buffer with no allocation for large fields
  • Encoding rules — DER, BER, and CER all supported
  • no_std — core functionality works in embedded environments with the alloc feature; see docs/no_std.md
  • Serde — optional Serialize/Deserialize via features = ["serde"]

Code generation (synta-codegen)

  • Compiles ASN.1 schema files to ready-to-use Rust or C structs
  • Supports ASN.1 Information Object Class parsing, configurable derive-macro gating (DeriveMode), and RawDer output for ANY fields

X.509 PKI (synta-certificate)

  • Parsing — X.509 v3 certificates, CRLs (RFC 5280), CSRs (RFC 2986), OCSP responses (RFC 6960)
  • BuildersCertificateBuilder, CsrBuilder, Pkcs12Builder, CertificateListBuilder, OCSPResponseBuilder, AttributeCertificateBuilder, CertReqMsgBuilder, CMPMessageBuilder with pluggable signer and encryptor traits; OpensslCertificateSigner and OpensslPkcs12Encryptor backends
  • Bundle formats — PKCS#7 SignedData certificate extraction; PKCS#12 certificate/private-key extraction and creation
  • CMS full suiteSignedData, EnvelopedData (one-call create_enveloped_data or two-step prepare_enveloped_data + builder for originator info), EncryptedData (AES-CBC encrypt/decrypt), DigestedData, KEM recipient info; requires openssl feature for crypto
  • Post-quantum — standalone ML-DSA-44/65/87 (FIPS 204) and 18 composite ML-DSA algorithms (draft-ietf-lamps-pq-composite-sigs-19, OID sub-arcs 37–54) combining ML-DSA with RSA/ECDSA/EdDSA; PrivateKeyBuilder::composite_ml_dsa(sub_arc) for backend-agnostic key generation; requires openssl + pqc (OpenSSL 3.3+) or nss feature
  • Schema types — RFC 3279 algorithm parameters, Attribute Certificates (RFC 5755), CRMF (RFC 4211), CMP v3 (RFC 9810)
  • Helpers — DN formatting and attribute parsing, SAN parsing, zero-alloc algorithm identification, PEM encode/decode

CBOR codec (synta-cbor)

  • CborEncode / CborDecode traits — CBOR-specific codec API, separate from the DER/BER Encode/Decode traits
  • CborEncoder / CborDecoder — streaming wrappers over ciborium_ll for writing and reading CBOR headers and bodies
  • ToCbor / FromCbor — blanket convenience traits (like ToDer / FromDer) that serialise to / from Vec<u8>
  • Full type coverage: all ASN.1 primitives, string types, time types, constructed types, ObjectIdentifier (RFC 9090 tag 111), tagged types
  • Optional certificate feature: unwrap_cms_cbor CMS helper requires synta-certificate

Protocol schemas

  • Kerberos V5 — RFC 4120/4121/4178/6113 types; typed flag wrappers for KDCOptions, TicketFlags, APOptions; principal, time, address, and GSS token helpers (synta-krb5)
  • Merkle Tree Certificates — draft-ietf-plants-merkle-tree-certs issuance log builder, inclusion proof generation and verification, trust anchor management with cosignature support (synta-mtc)

X.509 path validation (synta-x509-verification)

  • RFC 5280 §6 + CABF Baseline Requirements chain verification
  • Crypto-agnostic via SignatureVerifier plug-in trait; OpenSSL backend available
  • Name constraint enforcement (DNS, IP, RFC 822 email)
  • Configurable extension policy and trust store
  • OCSP revocation checking via OcspStore
  • Python bindings in synta.x509 (TrustStore, VerificationPolicy, verify_server_certificate, verify_client_certificate)

Language bindings

C/C++ FFI (synta-ffi) — 100+ exported functions covering:

  • ASN.1 primitives, string types, time types, constructed types, OIDs
  • X.509 certificates, CRLs (RFC 5280), PKCS#10 CSRs, OCSP responses (RFC 6960)
  • PEM encode/decode; PKCS#7 and PKCS#12 certificate extraction
  • Full CMS: ContentInfo, SignedData, EnvelopedData, EncryptedData (AES-CBC, openssl feature), DigestedData
  • Header auto-generated at include/synta.h by cbindgen

Python (synta-python) — PyO3-based, Python 3.8+ stable ABI:

  • Certificate, CertificationRequest, CertificateList, OCSPResponse, PublicKey, PrivateKey (with ML-DSA/ML-KEM key generation, sign, verify, KEM encapsulate/decapsulate; composite ML-DSA OIDs recognized for parsing/verification)
  • Builders: CertificateBuilder, CsrBuilder, CertificateListBuilder, OCSPResponseBuilder, AttributeCertificateBuilder, CertReqMsgBuilder/CertReqMessagesBuilder, CMPMessageBuilder; PKCS#12: load_pkcs12_*, create_pkcs12
  • synta.cms — full CMS suite: ContentInfo, SignedData, EnvelopedData, EnvelopedDataBuilder, EncryptedData, DigestedData, KEM recipient info
  • synta.kem — KEM recipient info types (KEMRecipientInfo, CMSORIforKEMOtherInfo) and ML-KEM OID constants (RFC 9629)
  • synta.pkcs8 — PKCS #8 / RFC 5958 private key parsing (OneAsymmetricKey / PrivateKeyInfo)
  • synta.pkcs9 — PKCS #9 attribute OID constants (13 OIDs from RFC 2985 / RFC 5652)
  • synta.x509 — RFC 5280 / CABF chain verification; synta.krb5 — Kerberos V5 / PKINIT types
  • synta.oids — well-known OID constants and algorithm identification helpers

Documentation

Topic Location
Tutorial (step-by-step) docs/tutorial.md
Usage guide — typing, sequences, serde, config docs/usage.md
Codegen CLI and library API reference docs/api-reference.md
Rust code generation from ASN.1 schemas docs/rust-generation.md, synta-codegen/README.md
C code generation from ASN.1 schemas docs/c-generation.md
Supported ASN.1 syntax docs/asn1-support.md
C/C++ FFI reference docs/C_API.md, docs/C_MEMORY.md
Python bindings documentation docs/python/src/introduction.md
Kerberos V5 types synta-krb5/README.md
X.509 path validation synta-x509-verification/README.md
Performance benchmarks docs/performance.md
Best practices docs/best-practices.md
no_std environments docs/no_std.md
Migration from OpenSSL docs/MIGRATION_OPENSSL.md
Migration from libtasn1 docs/MIGRATION_LIBTASN1.md
Contributing docs/contribution.md
CI reference contrib/ci/README.md

Testing

cargo test # core library
cargo test --workspace --all-features # full workspace
# Full CI pipeline: fmt, clippy, doc, C tests, Python tests, benchmarks
./contrib/ci/local-ci.sh all
./contrib/ci/local-ci.sh clippy # individual job
./contrib/ci/local-ci.sh --valgrind c-test test

See contrib/ci/README.md for all available jobs and flags.

Performance

X.509 certificate parsing (traditional RSA/ECDSA, avg of 5 certs):

Library Parse-only Parse + all fields
synta 0.48 μs 1.38 μs
cryptography-x509 1.51 μs 1.51 μs
x509-parser 2.13 μs 2.11 μs
x509-cert 3.33 μs 3.36 μs
NSS 8.46 μs 8.50 μs

Parse time is size-independent: 7 KB post-quantum ML-DSA certificates parse as fast as 900 B traditional ones. Full data including post-quantum, CA store throughput, and methodology: docs/performance.md.

License

Apache-2.0 or MIT, at your option. See LICENSE-APACHE and LICENSE-MIT.