Mailing List Archive

I'll second your sentiment! I did some work on an X.509 library
written entirely in Python. Like you friend's SNMP code, it will
probably never be released; I don't have time to finish it nor did I
expect that I'd want to release it given the export control hassles.
However, it seemed clear to me that an ASN.1 compiler could be written
to generate the encode/decode routines. If someone is interested in
that, I've got some design notes and rough code on how to do the
encode/decode and on how to build a backend for SNACC. (A free-ish
ASN.1 compiler; the only one?)

Jeremy

In article <14089.11820.416453.80124@bitdiddle.cnri.reston.va.us>,
Jeremy Hylton <jeremy@cnri.reston.va.us> wrote:
.
.
.
>encode/decode and on how to build a backend for SNACC. (A free-ish
>ASN.1 compiler; the only one?)

Hardly. There are several ASN.1 compilers. MAVROS <URL:http://
www-sop.inria.fr/rodeo/personnel/huitema/mavros-home.html> is
another. I know of none that's achieved SNACC's portability.
--

Cameron Laird http://starbase.neosoft.com/~claird/home.html
claird@NeoSoft.com +1 281 996 8546 FAX

Jeremy Hylton wrote:
>
> I'll second your sentiment! I did some work on an X.509 library
> written entirely in Python. Like you friend's SNMP code, it will
> probably never be released; I don't have time to finish it nor did I
> expect that I'd want to release it given the export control hassles.
> However, it seemed clear to me that an ASN.1 compiler could be written
> to generate the encode/decode routines. If someone is interested in
> that, I've got some design notes and rough code on how to do the
> encode/decode and on how to build a backend for SNACC. (A free-ish
> ASN.1 compiler; the only one?)
>
> Jeremy

I had planned to write an SNMP MIB compiler in Python (actually also an
ASN.1(88) and ASN.1(9?) compiler). Worked out how to do macros, but I just
joined a startup, so I haven't found time to make any progress. The MIB
compiler would have output Python modules.

I have an outstanding contract to supply said compiler, but they haven't
complained about it being delivered (of course, I only get paid for
deliverables <wink>).

Cameron Laird wrote:
>
> In article <14089.11820.416453.80124@bitdiddle.cnri.reston.va.us>,
> Jeremy Hylton <jeremy@cnri.reston.va.us> wrote:
> .
> .
> .
> >encode/decode and on how to build a backend for SNACC. (A free-ish
> >ASN.1 compiler; the only one?)
>
> Hardly. There are several ASN.1 compilers. MAVROS <URL:http://
> www-sop.inria.fr/rodeo/personnel/huitema/mavros-home.html> is
> another. I know of none that's achieved SNACC's portability.

MAVROS is free?

In article <3709868A.CFCCE63@Lugoj.Com>,
James Logajan <JamesL@Lugoj.Com> wrote:
>Cameron Laird wrote:
.
.
.
>> Hardly. There are several ASN.1 compilers. MAVROS <URL:http://
>> www-sop.inria.fr/rodeo/personnel/huitema/mavros-home.html> is
>> another. I know of none that's achieved SNACC's portability.
>
>MAVROS is free?

Jeremy asked about "free-ish" compilers. The referenced
page says
You can get a free licence for the MAVROS executable
and/or source code for teaching and research use only.

For commercial use please contact Alain Zahm.
Is it important to someone to find a compiler that's other-
than-SNACC and has a different license that MAVROS'? I'm
confident that, too, is possible.
--

Cameron Laird http://starbase.neosoft.com/~claird/home.html
claird@NeoSoft.com +1 281 996 8546 FAX

* Jeremy Hylton
|
| expect that I'd want to release it given the export control hassles.
| However, it seemed clear to me that an ASN.1 compiler could be
| written to generate the encode/decode routines. If someone is
| interested in that, I've got some design notes and rough code on how
| to do the encode/decode and on how to build a backend for SNACC.

I'd be interested in that. I've been thinking of doing a pure-Python
LDAP client.

--Lars M.

Jeremy Hylton wrote:
>
> I'll second your sentiment! I did some work on an X.509 library
> written entirely in Python. Like you friend's SNMP code, it will
> probably never be released; I don't have time to finish it nor did I
> expect that I'd want to release it given the export control hassles.

Just want to note that SSLeay/OpenSSL includes a pretty complete
X.509 lib and also routines to do ASN.1 encoding an decoding.
The main argument for using OpenSSL in this context is, of course,
that no export control restrictions apply.

> However, it seemed clear to me that an ASN.1 compiler could be written
> to generate the encode/decode routines. If someone is interested in
> that, I've got some design notes and rough code on how to do the
> encode/decode and on how to build a backend for SNACC. (A free-ish
> ASN.1 compiler; the only one?)

Not sure what you mean with "ASN.1" compiler. If you want a compiler
that does ASN.1 description -> Python function calling de/encoding
routines kind of thing, then I guess the ASN.1 stuff in OpenSSL
could help you getting started quite fast.

Note that I have a project running with the intention to wrap OpenSSL
in an OO manner called mxCrypto (see the link below).

--
Marc-Andre Lemburg Y2000: 269 days left
---------------------------------------------------------------------
: Python Pages >>> http://starship.skyport.net/~lemburg/ :
---------------------------------------------------------

HI,

I cannot tell the context of the orginal question. But yet again,
to write an SNMP agent or manager, do not fall for the belief that
you need an ASN.1 compiler. Also, do not fall for the believe that
you need an ASN.1 compiler for processing MIB modules.

Whether one or not a asn.1 compiler is free does not matter, because
you really donot need one!

On 5 Apr 1999, Cameron Laird wrote:

> In article <14089.11820.416453.80124@bitdiddle.cnri.reston.va.us>,
> Jeremy Hylton <jeremy@cnri.reston.va.us> wrote:
> .
> .
> .
> >encode/decode and on how to build a backend for SNACC. (A free-ish
> >ASN.1 compiler; the only one?)
>
> Hardly. There are several ASN.1 compilers. MAVROS <URL:http://
> www-sop.inria.fr/rodeo/personnel/huitema/mavros-home.html> is
> another. I know of none that's achieved SNACC's portability.
> --
>
> Cameron Laird http://starbase.neosoft.com/~claird/home.html
> claird@NeoSoft.com +1 281 996 8546 FAX
>


Regards,
/david t. perkins

>>>>> "MAL" == M -A Lemburg <mal@lemburg.com> writes:

MAL> Jeremy Hylton wrote:
>> I'll second your sentiment! I did some work on an X.509 library
>> written entirely in Python. Like you friend's SNMP code, it will
>> probably never be released; I don't have time to finish it nor
>> did I expect that I'd want to release it given the export control
>> hassles.

MAL> Just want to note that SSLeay/OpenSSL includes a pretty
MAL> complete X.509 lib and also routines to do ASN.1 encoding an
MAL> decoding. The main argument for using OpenSSL in this context
MAL> is, of course, that no export control restrictions apply.

Absolutely! There are a number of good reasons for using OpenSSL
other than export control as well. OpenSSL buys you all of SSL as
well as a lot of X.509 (and more of that every day). A Python
application built on a SWIGed OpenSSL, however, has a *lot* of C code
underneath it -- with all the problems a large C program has. A pure
Python implementation of X.509 could be easier to understand, debug,
and maintain.

>> However, it seemed clear to me that an ASN.1 compiler could be
>> written to generate the encode/decode routines. If someone is
>> interested in that, I've got some design notes and rough code on
>> how to do the encode/decode and on how to build a backend for
>> SNACC. (A free-ish ASN.1 compiler; the only one?)

MAL> Not sure what you mean with "ASN.1" compiler. If you want a
MAL> compiler that does ASN.1 description -> Python function calling
MAL> de/encoding routines kind of thing, then I guess the ASN.1
MAL> stuff in OpenSSL could help you getting started quite fast.

It seems awfully hard to separate the ASN.1 specific stuff out of
OpenSSL. It uses it owns I/O abstractions and some moderately hair C
data structures to manage the results. It's a lot simpler to just
write the encode/decode routines in pure Python.

MAL> Note that I have a project running with the intention to wrap
MAL> OpenSSL in an OO manner called mxCrypto (see the link below).

Looking forward to seeing it. When do you think you might have an
alpha release ready?

Jeremy

Jeremy Hylton wrote:
>
> >>>>> "MAL" == M -A Lemburg <mal@lemburg.com> writes:

[SNIP]

> MAL> Note that I have a project running with the intention to wrap
> MAL> OpenSSL in an OO manner called mxCrypto (see the link below).
>
> Looking forward to seeing it. When do you think you might have an
> alpha release ready?
>
> Jeremy

I have a fairly complete SWIGing of OpenSSL/SSleay working. I made it on
company time, so I have to get company permission to release it. If there is
real interest, I'll push for us to release it. It does all the X.509 stuff, is
very OO, and builds on win32 and unices.
Interested?
Mordy

--
o Mordy Ovits
o Cryptographic Engineer
o LockStar Inc.
---------------------------------------------------------------------------
#!/usr/local/bin/python
from sys import*;from string import*;a=argv;[s,p,q]=filter(lambda x:x[:1]!=
'-',a);d='-d'in a;e,n=atol(p,16),atol(q,16);l=(len(q)+1)/2;o,inb=l-d,l-1+d
while s:s=stdin.read(inb);s and map(stdout.write,map(lambda i,b=pow(reduce(
lambda x,y:(x<<8L)+y,map(ord,s)),e,n):chr(b>>8*i&255),range(o-1,-1,-1)))

Jeremy Hylton wrote:
>
> >>>>> "MAL" == M -A Lemburg <mal@lemburg.com> writes:
>
> MAL> Jeremy Hylton wrote:
> >> I'll second your sentiment! I did some work on an X.509 library
> >> written entirely in Python. Like you friend's SNMP code, it will
> >> probably never be released; I don't have time to finish it nor
> >> did I expect that I'd want to release it given the export control
> >> hassles.
>
> MAL> Just want to note that SSLeay/OpenSSL includes a pretty
> MAL> complete X.509 lib and also routines to do ASN.1 encoding an
> MAL> decoding. The main argument for using OpenSSL in this context
> MAL> is, of course, that no export control restrictions apply.
>
> Absolutely! There are a number of good reasons for using OpenSSL
> other than export control as well. OpenSSL buys you all of SSL as
> well as a lot of X.509 (and more of that every day). A Python
> application built on a SWIGed OpenSSL, however, has a *lot* of C code
> underneath it -- with all the problems a large C program has. A pure
> Python implementation of X.509 could be easier to understand, debug,
> and maintain.

Luckily, there's a whole team of people looking into this and
it is already pretty well debugged, so this may not be a
serious issue. The size is a problem though: you wouldn't want
OpenSSL sitting around in your memory on e.g. Windows CE :-)

> >> However, it seemed clear to me that an ASN.1 compiler could be
> >> written to generate the encode/decode routines. If someone is
> >> interested in that, I've got some design notes and rough code on
> >> how to do the encode/decode and on how to build a backend for
> >> SNACC. (A free-ish ASN.1 compiler; the only one?)
>
> MAL> Not sure what you mean with "ASN.1" compiler. If you want a
> MAL> compiler that does ASN.1 description -> Python function calling
> MAL> de/encoding routines kind of thing, then I guess the ASN.1
> MAL> stuff in OpenSSL could help you getting started quite fast.
>
> It seems awfully hard to separate the ASN.1 specific stuff out of
> OpenSSL. It uses it owns I/O abstractions and some moderately hair C
> data structures to manage the results. It's a lot simpler to just
> write the encode/decode routines in pure Python.

True. Using the struct module should get you the same results
on all supported platforms.

> MAL> Note that I have a project running with the intention to wrap
> MAL> OpenSSL in an OO manner called mxCrypto (see the link below).
>
> Looking forward to seeing it. When do you think you might have an
> alpha release ready?

I'm planning to wrap the ASN.1 stuff in the near future, since
it comes in handy when en/decoding keys used by the public key
algorithms.

Not sure when an alpha will be ready though. Right now I have
all the ciphers and hash functions wrapped, as well as RSA
and Diffie-Hellman. All takes a little longer, since I want to
do the wrapping in nice OO and not just simply tear out the
functions and use them on the raw data.

Maybe you could write the ASN.1 compiler stuff with an OO
structure in mind ?! That would make it possible to use it
for the stuff in mxCrypto too (with a speed gain I suppose).

--
Marc-Andre Lemburg Y2000: 269 days left
---------------------------------------------------------------------
: Python Pages >>> http://starship.skyport.net/~lemburg/ :
---------------------------------------------------------

Mordy Ovits wrote in message <370A78B6.2C18D10F@lockstar.com>...

>I have a fairly complete SWIGing of OpenSSL/SSleay working. I made it on

>company time, so I have to get company permission to release it. If there
is
>real interest, I'll push for us to release it. It does all the X.509
stuff, is
>very OO, and builds on win32 and unices.
>Interested?
>Mordy

>


Definately interested!

Jeremy Hylton <jeremy@cnri.reston.va.us> writes:
>I'll second your sentiment! I did some work on an X.509 library
>written entirely in Python. Like you friend's SNMP code, it will
>probably never be released; I don't have time to finish it nor did I
>expect that I'd want to release it given the export control hassles.

>However, it seemed clear to me that an ASN.1 compiler could be written
>to generate the encode/decode routines. If someone is interested in
>that, I've got some design notes and rough code on how to do the
>encode/decode and on how to build a backend for SNACC. (A free-ish
>ASN.1 compiler; the only one?)

There certainly are other free ASN.1 compilers; however, they tend
to be a bit incomplete.

I have written BER, CER, DER, and a bit incomplete PER
decoding/encoding classes in pure Python. Based on them, I've
written LDAP client and server libraries in Python. However, as they
are developed on the company time, I'd have to talk with my boss in
order to release them.

I'd certainly be interested in a SNACC backend generating Python.

--
Pekka.Pessi@hut.fi