[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Specification languages
- To: spki@c2.org
- Subject: Specification languages
- From: "marcus (m.d.) leech" <mleech@bnr.ca>
- Date: Wed, 28 Feb 1996 16:25:44 -0500
- Organization: Nortel Technologies, System Security Services
- Sender: owner-spki@c2.org
- X400-Content-Type: P2-1984 (2)
- X400-Mts-Identifier: [/PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/;<199602282125.AA061362745@bcarh6]
- X400-Originator: mleech@bcarh6dc.ott.bnr.ca
- X400-Received: by mta bnr.ca in /PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; Relayed; Wed, 28 Feb 1996 16:26:52 -0500
- X400-Received: by /PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; Relayed; Wed, 28 Feb 1996 16:26:27 -0500
- X400-Received: by /PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; Relayed; Wed, 28 Feb 1996 16:25:45 -0500
- X400-Received: by /PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; Relayed; Wed, 28 Feb 1996 16:25:44 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Assuming that a specification language is required (and I'm not implying that
it would be), I percieve that it would need to encode the following "Types".
simple integers - uint8, uint16, uint32, and uint64
Represented in IETF network byte order directly--no length byte
needed
variable length integers - uintv
A single 16[32?] bit length field, representing the appropriate
number of significant bits in the octets that follow. The octets
represent the integer in IETF network byte order.
strings - octets
A single 16[32?] bit length field (in network byte order)
followed by the specified number of octets. Comments in the
array - A single 16[32?] bit field indicating that an array of compound
objects of the specified type follow.
The simple integer types could be followed by a qualifier indicating that
they have some special purpose in relation to another object:
selects - used to indicate a "branch" in the encoding/decoding based on the
value of the integer. Could be used to select among codings for
different public key types, for example (RSA, DSS, ElGamal, D-H etc).
So-called compound objects could be defined that are composed of lists of
elements of the fundamental types. Note that this isn't full-bore type
synthesis, but a syntactic convenience.
Here is a simple certificate specification in this hypothetical language.
#
# Object description for a simple certificate
#
typedef RSAKeyInfo
{
rsaExponent uintv
rsaModulus uintv
}
typedef DSSKeyInfo
{
dssP uintv
dssQ uintv
dssG uintv
dssY uintv
}
typedef RSASignature
{
sig uintv
}
typedef DSSSignature
{
sig_a uintv
sig_b uintv
}
typedef Signature
{
KeyId uint64
OtherIdent octets
OthIdType uint8
SigType uint8 selects(SigBytes)
SigBytes[0] RSASignature
SigBytes[1] DSSSignature
}
object simple-certificate
{
Version uint8
# 0x01 for this version
KeyId uint64
OtherIdent octets
OthIdType uint8
# 0x00 - 7 BIT ASCII
# 0x01 - UNICODE
Created uint64
Expires uint64
KeyType uint8 selects(Key)
Key[0] RSAKeyInfo
Key[1] DSSKeyInfo
Signatures array(Signature)
}
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQBVAwUBMTTIV6p9EtiCAjydAQHZDwIAkKzLdRUldhnAloQvwRco+uWeaiRwcKyQ
YkxEVX2YGxr562vOeZc2OLnv0ihvBt7YatBSMGu/LhNJjFLF6qr3Hw==
=K1f4
-----END PGP SIGNATURE-----
--
----------------------------------------------------------------------
Marcus Leech Mail: Dept 4C16, MS 238, CAR
Systems Security Architect Phone : (ESN) 395-4901 (613) 763-9145
Systems Security Services Fax : (ESN) 393-7679 (613) 763-7679
Nortel Technologies mleech@bnr.ca
-----------------Expressed opinions are my own, not my employers------