docs: write CertificateV2 and SafeBag syntax in ABNF
refs #4928
Change-Id: I80d8a37f609bfbccb5f73f7e1f442c1b35061123
diff --git a/docs/specs/certificate-format.rst b/docs/specs/certificate-format.rst
index d009985..f1ec424 100644
--- a/docs/specs/certificate-format.rst
+++ b/docs/specs/certificate-format.rst
@@ -47,22 +47,18 @@
+--------------------------+
- CertificateV2 ::= DATA-TLV TLV-LENGTH
- Name (= /<NameSpace>/KEY/[KeyId]/[IssuerId]/[Version])
- MetaInfo (.ContentType = KEY,
- .FreshnessPeriod >~ 1h))
- Content (= X509PublicKeyContent)
- SignatureInfo (= CertificateV2SignatureInfo)
- SignatureValue
+ CertificateV2 = DATA-TYPE TLV-LENGTH
+ Name ; /<NameSpace>/KEY/[KeyId]/[IssuerId]/[Version]
+ MetaInfo ; ContentType = KEY, FreshnessPeriod required
+ Content ; X509PublicKey
+ CertificateV2SignatureInfo
+ SignatureValue
- X509PublicKeyContent ::= CONTENT-TLV TLV-LENGTH
- BYTE+ (= public key bits in PKCS#8 format)
-
- CertificateV2SignatureInfo ::= SIGNATURE-INFO-TYPE TLV-LENGTH
- SignatureType
- KeyLocator
- ValidityPeriod
- ... optional critical or non-critical extension blocks ...
+ CertificateV2SignatureInfo = SIGNATURE-INFO-TYPE TLV-LENGTH
+ SignatureType
+ KeyLocator
+ ValidityPeriod
+ *CertificateV2Extension
Name
@@ -126,15 +122,13 @@
::
- ValidityPeriod ::= VALIDITY-PERIOD-TYPE TLV-LENGTH
- NotBefore
- NotAfter
+ ValidityPeriod = VALIDITY-PERIOD-TYPE TLV-LENGTH
+ NotBefore
+ NotAfter
- NotBefore ::= NOT-BEFORE-TYPE TLV-LENGTH
- BYTE{15}
+ NotBefore = NOT-BEFORE-TYPE TLV-LENGTH 8DIGIT "T" 6DIGIT
- NotAfter ::= NOT-AFTER-TYPE TLV-LENGTH
- BYTE{15}
+ NotAfter = NOT-AFTER-TYPE TLV-LENGTH 8DIGIT "T" 6DIGIT
For each TLV, the TLV-TYPE codes are assigned as below:
@@ -171,7 +165,7 @@
We list currently defined extensions:
+---------------------------------------------+-------------------+----------------+
-| TLV-TYPE | Assigned code | Assigned code |
+| TLV-TYPE | Assigned number | Assigned number|
| | (decimal) | (hexadecimal) |
+=============================================+===================+================+
| AdditionalDescription (non-critical) | 258 | 0x0102 |
@@ -188,21 +182,21 @@
::
- AdditionalDescription ::= ADDITIONAL-DESCRIPTION-TYPE TLV-LENGTH
- DescriptionEntry+
+ CertificateV2Extension = AdditionalDescription
- DescriptionEntry ::= DESCRIPTION-ENTRY-TYPE TLV-LENGTH
- DescriptionKey
- DescriptionValue
+ AdditionalDescription = ADDITIONAL-DESCRIPTION-TYPE TLV-LENGTH
+ 1*DescriptionEntry
- DescriptionKey ::= DESCRIPTION-KEY-TYPE TLV-LENGTH
- BYTE+
+ DescriptionEntry = DESCRIPTION-ENTRY-TYPE TLV-LENGTH
+ DescriptionKey
+ DescriptionValue
- DescriptionValue ::= DESCRIPTION-VALUE-TYPE TLV-LENGTH
- BYTE+
+ DescriptionKey = DESCRIPTION-KEY-TYPE TLV-LENGTH 1*OCTET
+
+ DescriptionValue = DESCRIPTION-VALUE-TYPE TLV-LENGTH 1*OCTET
+---------------------------------------------+-------------------+----------------+
-| TLV-TYPE | Assigned code | Assigned code |
+| TLV-TYPE | Assigned number | Assigned number|
| | (decimal) | (hexadecimal) |
+=============================================+===================+================+
| DescriptionEntry | 512 | 0x0200 |
diff --git a/docs/specs/safe-bag.rst b/docs/specs/safe-bag.rst
index 2542f8d..fcb6211 100644
--- a/docs/specs/safe-bag.rst
+++ b/docs/specs/safe-bag.rst
@@ -11,14 +11,17 @@
::
- SafeBag ::= SAFE-BAG-TYPE TLV-LENGTH
- Certificate ; a data packet following certificate format spec
- EncryptedKeyBag ; private key encrypted in PKCS#8 format
+ SafeBag = SAFE-BAG-TYPE TLV-LENGTH
+ CertificateV2 ; a data packet following certificate format spec
+ EncryptedKeyBag
+
+ EncryptedKeyBag = ENCRYPTED-KEY-BAG-TYPE TLV-LENGTH
+ *OCTET ; private key encrypted in PKCS#8 format
All TLV-TYPE codes are application specific:
+---------------------------------------------+-------------------+----------------+
-| TLV-TYPE | Assigned code | Assigned code |
+| TLV-TYPE | Assigned number | Assigned number|
| | (decimal) | (hexadecimal) |
+=============================================+===================+================+
| SafeBag | 128 | 0x80 |