10

Are there are any (properly specified) meta-formats / schema formats for describing cryptographic message structures?

I'm looking for a way to describe the format (where some channels might want symmetric/asymmetric encoding or signatures) that's not just "This uses scheme #5 - see the docs for more".

Having it computer-readable would let me do some fun tinkering - things like programmatically deducing what information has to be pre-shared for the scheme to work, deducing which parts of the message have integrity, producing a report of the scheme's properties (including errors due to insufficient padding etc.) - but it also just feels neater to me to have a language to express things in.

As illustrative (not actual syntax!) examples, something like:

  • random-iv[128] + CTR[AES](shared-secret[256], iv, message) - IV, followed by AES-256-CTR encoded message (shared secret unspecified)

  • message + your-key[2048].public + RSA[DECODE](your-key[2048], random-padding[256] + SHA256(message)) - message followed by public key and RSA signature of SHA-256 hash

  • HMAC[SHA256]({0x123456...}, message) + message - HMAC first (secret as literal), concatenated with message

  • RSA[ENCODE]({0x...my-key-literal}, random-iv[128] + random-key[256]) + CTR[AES](random-key[256], random-iv[128], message) - specify my encryption key, and use AES-256 for message with random key

If there weren't any hard-coded values (e.g. the HMAC secret wasn't a literal), then it would describe the generic scheme.

With hard-coded values you could describe the data expected on a particular channel, and even verify that it's a subset of the generic scheme.

This is slightly analogous to things like ASN.1 for structured data (which lets you describe the internal structure of a binary stream, and even the bitwise layout when combined with something like PER), but possibly more like an equation/functional-expression, with cryptographic primitives and unknowns etc..

It seems like it should be possible, but I couldn't find anything. Are there existing meta-formats for this for crypto?

cloudfeet
  • 2,528
  • 17
  • 22
  • I was completely wrong footed by the mention of PER. PER is an encoding, you would just use ASN.1 syntax to describe the messages at a META level. – Maarten Bodewes Jun 02 '15 at 21:03
  • 3
    There is of course mathematical notation, often found at [crypto](http://crypto.stackexchange.com). Although there is some kind of ad-hoc standard for those, I would not call it well-defined. Furthermore there are several languages that can be used to validate security proofs that you could look at. – Maarten Bodewes Jun 02 '15 at 21:37
  • TLS has the ability to negotiate various protocols and encryption. Perhaps that can be used as a basis for what you're asking – makerofthings7 Jun 05 '15 at 12:43
  • I have been pointed to the TLS spec before, as the spec itself defines a syntax that is "almost but not quite" machine-parseable. – cloudfeet Jun 05 '15 at 13:32
  • Is't xkms extended to broader crypto? – dmaij Jun 10 '15 at 19:35
  • Does XKMS describe a protocol for exchanging messages, or does is it used to describe *other* protocols? – cloudfeet Jun 11 '15 at 12:51

2 Answers2

2

It's not exactly what you requested but at least these two are worth a look in my opinion.

  • There's a general and abstract notation for describing security protocols, which is being used to describe quite complicated stuff such as Kerberos. The Needham-Schröder protocol can also be expressed this way. Again, not really what you were looking for, but made me think of it.
  • On a more fundamental level, I suggest you take a look at the Cryptol language which attempts to make implementation of crypto closer to what one would see in a textbook. However, the point of Cryptol is more in decribing functions than messages.

Anyway, first post here after years of lurking and feeding on others. Hope this helps a bit.

Téo Lohrer
  • 36
  • 1
0

It sounds like you're somewhat describing the Cryptographic Message Syntax (CMS). It loosely grew out of PKCS#7.

Community
  • 1
John Downey
  • 1,915
  • 13
  • 12
  • 1
    The OP dismissed CMS in another answer. Also, this answer is very light on content. You might need to flesh this out. – schroeder Jun 08 '15 at 21:32
  • Yeah, there was another answer that seems to have now disappeared. I'm not looking for a self-describing message syntax, or a message syntax at all - I'm looking for a language in which to *describe* an abstract message format. – cloudfeet Jun 09 '15 at 15:00
  • 1
    @cloudfeet so something more like https://hackage.haskell.org/package/cpsa and http://web.cs.wpi.edu/~guttman/cs564/cpsauser.html ? – John Downey Jun 09 '15 at 15:23
  • That's more like it, yeah! Haven't read the spec fully yet, but that's the best lead posted so far. Feel like adding it as an answer? – cloudfeet Jun 09 '15 at 16:57