cddl 0.6.2 → 0.6.3

data/test-data/dcaf.cddl

@@ -0,0 +1,58 @@
+dcaf-msg = sam-information-msg
+         / access-request-msg
+         / ticket-transfer-msg
+         / ticket-grant-msg
+
+sam-information-msg = { sam, ? full-timestamp, ? accepted-formats,
+                        ? piggybacked }
+
+access-request-msg = { sam, sam-ai, full-timestamp }
+
+ticket-transfer-msg = { face-or-encrypted, verifier }
+face-or-encrypted = ( face // encrypted-face )
+face = ( F => { sam-ai, limited-timestamp, lifetime, psk-gen } )
+verifier = ( V => shared-secret )
+shared-secret = bstr
+F   = 8
+V   = 9
+
+encrypted-face = ( E => bstr, K => tstr )
+E   = 3
+K   = 4
+
+ticket-grant-msg    = { face-or-encrypted, verifier, ? client-info }
+client-info = ( cam-ai, full-timestamp, lifetime)
+
+sam = (SAM => abs-uri)
+SAM = 0
+abs-uri = tstr ; .regexp "______"
+
+sam-ai = ( SAI => [* auth-info])
+SAI = 1
+auth-info = ( uri : tstr, mask : 0..15 )
+
+cam-ai = ( CAI => [* auth-info])
+CAI = 2
+
+full-timestamp = ( TS => date)
+TS  = 5
+date = tdate / localdate
+localdate = uint
+limited-timestamp = ( TS => localdate)
+
+accepted-formats = ( A => [+ content-format] )
+content-format = uint ; valid entry from CoAP content format registry
+A=10
+
+piggybacked = ( data, lifetime, nonce )
+data = ( D => bstr )
+nonce = ( N => bstr )
+lifetime = ( L => period)
+period = uint ; in seconds
+L   = 6
+D   = 11
+N   = 12
+
+psk-gen = ( G => mac-algorithm)
+G   = 7
+mac-algorithm = &( hmac-sha256: 0, hmac-sha384: 1, hmac-sha512: 2 )

data/test-data/grasp-v1.cddl

@@ -0,0 +1,97 @@
+grasp-message = message
+
+session-id = 0..16777215
+; that is still 24 bits; we could pick any size we want
+
+message /= discovery-message
+discovery-message = [M_DISCOVERY, session-id, objective]
+
+message /= response-message
+response-message = [M_RESPONSE, session-id, *locator-option / divert-option / objective]
+
+message /= request-message
+request-message = [M_REQUEST, session-id, objective]
+
+message /= negotiation-message
+negotiation-message = [M_NEGOTIATE, session-id, objective]
+
+message /= end-message
+end-message = [M_END, session-id, accept-option / decline option]
+
+message /= wait-message
+wait-message = [M_WAIT, session-id, waiting-time-option]
+
+
+M_DISCOVERY =  1
+M_RESPONSE = 2
+M_REQUEST = 3
+M_NEGOTIATE = 4
+M_END = 5
+M_WAIT = 6
+
+option /= divert-option
+divert-option = [OPTION_DIVERT, *locator-option]
+OPTION_DIVERT = 372             ; use section numbers for now
+
+option /= accept-option
+accept-option = [OPTION_ACCEPT]
+OPTION_ACCEPT = 373
+
+option /= decline-option
+decline-option = [OPTION_DECLINE]
+OPTION_DECLINE = 374
+
+option /= waiting-time-option
+waiting-time-option = [OPTION_WAITING, option-waiting-time]
+OPTION_WAITING = 375
+option-waiting-time = 0..4294967295 ; in milliseconds
+
+option /= option-device-id
+option-device-id = [OPTION_DEVICE_ID, bytes]
+OPTION_DEVICE_ID = 376
+
+locator-option /= ipv4-locator-option
+ipv4-locator-option = bytes .size 4
+; this is simpler than [OPTION_IPv4_LOCATOR, bytes .size 4] -- do we want regularity or simplicity?
+
+locator-option /= ipv6-locator-option
+ipv6-locator-option = bytes .size 16
+
+locator-option /= fqdn-locator-option
+OPTION_FQDN_LOCATOR = 3773
+fqdn-locator-option = [OPTION_FQDN_LOCATOR, text]
+
+locator-option /= url-locator-option
+OPTION_URL_LOCATOR = 3774
+url-locator-option = [OPTION_URL_LOCATOR, text]
+
+objective-flags = uint .bits objective-flag
+
+objective-flag = &(
+D: 0
+N: 1
+S: 2
+)
+
+; D means valid for discovery only
+; N means valid for discovery and negotiation
+; S means valid for discovery and synchronization
+
+option /= objective
+
+objective /= generic-obj
+generic-obj = [objective-name, objective-flags, loop-count, any]
+
+objective /= vendor-obj
+vendor-obj = [{"PEN":pen}, objective-name, objective-flags, loop-count, any]
+
+; Objectives have names rather than numbers here. But the names need
+; to be unique. Registry needed, it seems.
+
+; A PEN is used to distinguish vendor-specific options. Or we could
+; decide to use a domain name. Anything unique will do.
+
+pen = 0..4294967295
+objective-name = tstr
+loop-count = 0..255
+

data/test-data/grasp-v2X.cddl

@@ -0,0 +1,89 @@
+grasp-message = message
+
+session-id = 0..16777215
+; that is up to 24 bits
+
+message /= discovery-message
+discovery-message = [M_DISCOVERY, session-id, objective]
+
+message /= response-message
+response-message = [M_RESPONSE, session-id, +locator-option / divert-option / objective] 
+; must split to satisfy CDDL tool
+
+message /= request-message
+request-message = [M_REQUEST, session-id, objective]
+
+message /= negotiation-message
+negotiation-message = [M_NEGOTIATE, session-id, objective]
+
+message /= end-message
+end-message = [M_END, session-id, (accept-option / decline-option)]
+
+message /= wait-message
+wait-message = [M_WAIT, session-id, waiting-time-option]
+
+divert-option = [O_DIVERT, +locator-option]
+
+accept-option = [O_ACCEPT]
+
+decline-option = [O_DECLINE]
+
+waiting-time-option = [O_WAITING, option-waiting-time]
+option-waiting-time = 0..4294967295 ; in milliseconds
+
+option-device-id = [O_DEVICE_ID, bytes]
+
+locator-option /= ipv4-locator-option
+ipv4-locator-option = bytes .size 4
+; this is simpler than [O_IPv4_LOCATOR, bytes .size 4]
+
+locator-option /= ipv6-locator-option
+ipv6-locator-option = bytes .size 16
+
+locator-option /= fqdn-locator-option
+fqdn-locator-option = [O_FQDN_LOCATOR, text]
+
+locator-option /= url-locator-option
+url-locator-option = [O_URL_LOCATOR, text]
+
+objective-flags = uint .bits objective-flag
+
+objective-flag = &(
+D: 0
+N: 1
+S: 2
+)
+
+; D means valid for discovery only
+; N means valid for discovery and negotiation
+; S means valid for discovery and synchronization
+
+objective /= generic-obj
+generic-obj = [objective-name, objective-flags, loop-count, ?any]
+
+objective /= vendor-obj
+vendor-obj = [{"PEN":pen}, objective-name, objective-flags, 
+              loop-count, ?any]
+
+; A PEN is used to distinguish vendor-specific options.
+
+pen = 0..4294967295
+objective-name = tstr
+loop-count = 0..255
+
+; Constants
+
+M_DISCOVERY = 1
+M_RESPONSE = 2
+M_REQUEST = 3
+M_NEGOTIATE = 4
+M_END = 5
+M_WAIT = 6
+
+O_DIVERT = 100
+O_ACCEPT = 101
+O_DECLINE = 102
+O_WAITING = 103
+O_DEVICE_ID = 104
+O_FQDN_LOCATOR = 105
+O_URL_LOCATOR = 106

data/test-data/ifmap-base-2.2v9_fh-cabo.cddl

@@ -0,0 +1,149 @@
+messages = request / response
+
+request = new-session-request / end-session / renew-session / publish-request / search-request / subscribe-request / poll-request
+        / purge-publisher-request / $ExtendedRequestTypes
+
+error-code = "AccessDenied" / "Failure" / "InvalidIdentifier" / "InvalidIdentifierType" /
+             "IdentifierTooLong" / "InvalidMetadata" / "InvalidSchemaVersion" / "InvalidSessionID" /
+             "MetadataTooLong" / "SearchResultsTooBig" / "PollResultsTooBig" / "SystemError" / $ExtendedErrorCodeTypes
+
+error-result =
+  ("ifmap", "error-result",
+  [ ],
+  [ ? "name", ? tstr,
+    "error-code", error-code,
+    "error-string", tstr
+  ])
+
+poll-result = ("", "poll-result", [], [ *(search-result // error-result)])
+
+response-choice = (error-result // poll-result // search-result // subscribe-received //
+                  publish-received // purge-publisher-received // new-session-result //
+                  renew-session-result // end-session-result // $ExtendedResponses )
+
+purge-publisher-received =
+  ("", "purge-publisher-received", [], [])
+
+purge-publisher-request =
+  ["ifmap", "purge-publisher",
+    [ "ifmap-publisher-id", tstr,
+      session-attributes
+    ],
+    []]
+
+; needs to be constructed according to IF-MAP Filter syntax
+filter-type = tstr
+
+poll-request =
+  ["ifmap", "poll",
+    [ session-attributes,
+      validation-attributes
+    ],
+    []]
+
+subscribe-received =
+  ("", "subscribe-received", [], [])
+
+subscribe-request =
+  ["ifmap", "subscribe",
+    [ session-attributes,
+      validation-attributes
+    ],
+    [ 1*(subscribe-update // subscribe-delete)
+    ]]
+
+subscribe-delete =
+  ("", "delete",
+    [ "name", tstr,
+    ],
+    [])
+
+subscribe-update =
+  ("", "update",
+    [ "match-links", filter-type,
+      "max-depth", uint,
+      "terminal-identifier-type", tstr,
+      "max-size", uint,
+      "result-filter", filter-type,
+      "name", tstr,
+    ],
+    [ $$identifier ])
+search-request =
+  ["ifmap", "search",
+    [ session-attributes,
+      validation-attributes,
+      "match-links", filter-type,
+      "max-depth", uint,
+      "terminal-identifier-type", tstr,
+      "max-size", uint,
+      "result-filter", filter-type
+    ],
+    [ $$identifier
+    ]]
+
+search-result =
+  ("", "search-result",
+    ["name", tstr],
+    [ *result-item])
+
+result-item =
+  ("", "result-item",
+    [],
+    [ 1*2 $$identifier,
+      "metadata", metadata-list-type
+    ])
+
+publish-request =
+  ["ifmap", "publish",
+    [ session-attributes,
+    ? validation-attributes
+    ],
+    [+ (update-request // notify-request // delete-request) ]]
+
+update-request =
+  ("", "update", [ ? lifetime-attributes],
+                 [ 1*2 $$identifier, metadata-list-type ])
+notify-request = ("", "notify", [ ? lifetime-attributes], [ 1*2 $$identifier])
+delete-request = ("", "delete", [ "filter", tstr], [])
+
+publish-received =
+  ("", "publish-received", [], [])
+
+renew-session = ["ifmap", "renew-session", [ ? session-attributes ], []]
+renew-session-result = ("", "renew-session-result", [], [])
+
+end-session = ["ifmap", "end-session", [], []]
+end-session-result =
+  ("", "end-session-result", [], [])
+
+new-session-request =
+  ["ifmap", "new-session",
+    [ ? ("max-poll-result-size", uint)],
+    []]
+
+new-session-result =
+  ("", "new-session-result",
+    [ session-attributes,
+      "ifmap-publisher-id", tstr,
+      "max-poll-result-size", uint,
+    ],
+    [])
+
+session-attributes = (
+  "session-id", tstr
+)
+
+validation-attributes = (
+  "validation", ("None" / "BaseOnly" / "MetadataOnly" / "All")
+)
+
+lifetime-attributes = (
+  "lifetime", ("session" / "forever")
+  )
+
+response = 
+  ["ifmap", "response",
+    [ ? validation-attributes ],
+    [ response-choice ]]
+
+metadata-list-type = ["", "metadata", [], [ *$$metadata ]]

data/test-data/ifmap-metadata-2.2v9_fh-cabo.cddl

@@ -0,0 +1,239 @@
+
+
+$$metadata //= (access-request-device // access-request-ip // access-request-mac //
+    authenticated-as // authenticated-by // capability // device-attribute //
+    device-characteristic // device-ip // discovered-by // enforcement-report //
+    event // ip-mac // layer2-information // location // request-for-investigation //
+    role // unexpected-behavior // wlan-information)
+
+
+client-time = ("opmeta", "client-time",
+    [ single-value-metadata-attributes,
+      "current-time", tdate
+    ], [])
+
+; list every capability explicitly?
+server-capability = ("opmeta", "server-capability",
+    [ single-value-metadata-attributes,
+    ],
+    [
+    ["", "capability", [], tstr],
+    ]
+)
+$$metadata //= (client-time // server-capability)
+
+adm-dom = (
+  "administrative-domain", tstr,
+)
+
+access-request =
+  ("ifmap", "access-request",
+    [ ? adm-dom,
+     "name", tstr
+    ],
+    [])
+
+device = ("ifmap", "device", [], [device-type])
+device-type =( ("ifmap","aik-name", [], tstr) //
+  ("ifmap","name", [], tstr))
+
+identity = ("ifmap", "identity",
+    [ ? adm-dom,
+     "name", tstr,
+     "type", ("aik-name" / "distinguished-name" / "dns-name" / "email-address" /
+                "hip-hit" / "kerberos-principal" / "trusted-platform-module" /
+                "username" / "other"),
+     "other-type-definition", tstr
+    ],
+    [])
+
+ip-address = ("ifmap", "ip-address",
+    [ ? adm-dom,
+      "value", tstr,
+      "type", &("IPv4" / "IPv6")
+    ],
+    [])
+
+mac-address = ("ifmap", "mac-address",
+    [ ? adm-dom,
+      "value", tstr,
+    ],
+    [])
+
+$$identifier //= ( access-request // device // identity // ip-address // mac-address )
+
+metadata-attributes = (
+    "ifmap-publisher-id", tstr,
+    "ifmap-timestamp", tdate,
+    "ifmap-timestamp-fraction", tstr
+    )
+
+single-value-metadata-attributes = (
+    ? metadata-attributes,
+    "ifmap-cardinality", "singleValue"
+    )
+
+multi-value-metadata-attributes = (
+    ? metadata-attributes,
+    "ifmap-cardinality", "multiValue"
+    )
+
+access-request-device = ("meta", "access-request-device",
+    [ single-value-metadata-attributes ], [])
+
+access-request-ip = ("meta", "access-request-ip",
+    [ single-value-metadata-attributes ], [])
+
+access-request-mac = ("meta", "access-request-mac",
+    [ single-value-metadata-attributes ], [])
+
+authenticated-as = ("meta", "authenticated-as",
+    [ single-value-metadata-attributes ], [])
+
+authenticated-by = ("meta", "authenticated-by",
+    [ single-value-metadata-attributes ], [])
+
+capability = ("meta", "capability",
+    [ multi-value-metadata-attributes ],
+    [ ? adm-dom,
+      "name", tstr
+    ])
+
+device-attribute = ("meta", "device-attribute",
+    [ multi-value-metadata-attributes ], 
+    [ "name", tstr
+    ])
+
+administrative-domain = ("ifmap", "administrative-domain", [], tstr)
+manufacturer = ("", "manufacturer", [], tstr)
+model = ("", "model", [], tstr)
+os = ("", "os", [], tstr)
+os-version = ("", "os-version", [], tstr)
+type = ("", "type", [],
+     ("p2p" / "cve" / "botnet infection" / "worm infection" / "excessive flows" /
+      "behavioral change" / "policy violation" / "other"))
+discovered-time = ("", "discovered-time", [], tdate)
+discoverer-id = ("", "discoverer-id", [], tstr)
+discovery-method = ("", "discovery-method", [], tstr)
+name = ("", "name", [], tstr)
+magnitude = ("", "magnitude", [], 0..100)
+confidence = ("", "confidence", [], 0..100)
+significance = ("", "significance", [], ("critical" / "important" / "informational"))
+information = ("", "information", [], tstr)
+vulnerability-uri = ("", "vulnerability-uri", [], uri)
+enforcement-action = ("", "enforcement-action", [], tstr)
+other-type-definition = ("", "other-type-definition", [], tstr)
+enforcement-reason = ("", "enforcement-reason", [], tstr)
+start-time = ("", "start-time", [], tdate)
+end-time = ("", "end-time", [], tdate)
+dhcp-server = ("", "dhcp-server", [], tstr)
+vlan = ("", "vlan", [], uint)
+vlan-name = ("", "vlan-name", [], uint)
+port = ("", "port", [], uint)
+location-information = ("", "location-information",
+    ( "type", tstr,
+      "value", tstr), [])
+qualifier = ("", "qualifier", [], tstr)
+
+device-characteristic = ("meta", "device-characteristic",
+    [ multi-value-metadata-attributes ],
+    [ ? manufacturer,
+      ? model,
+      ? os,
+      ? os-version,
+      * type,
+      discovered-time,
+      discoverer-id,
+      + discovery-method
+    ])
+
+device-ip = ("meta", "device-ip",
+    [ single-value-metadata-attributes ], [ device, ip-address])
+
+discovered-by = ("meta", "discovered-by",
+    [ single-value-metadata-attributes ], [])
+
+enforcement-report = ("meta", "enforcement-report",
+    [ multi-value-metadata-attributes ],
+    [ enforcement-action,
+      other-type-definition,
+      enforcement-reason
+    ])
+
+event = ("meta", "event",
+    [ multi-value-metadata-attributes ],
+    [ name,
+      discovered-time,
+      discoverer-id,
+      magnitude,
+      confidence,
+      significance,
+      ? type,
+      ? other-type-definition,
+      ? information,
+      ? vulnerability-uri
+    ])
+
+ip-mac = ("meta", "ip-mac",
+    [ multi-value-metadata-attributes ],
+    [ ? start-time,
+      ? end-time,
+      ? dhcp-server
+    ])
+
+layer2-information = ("meta", "layer2-information",
+    [ multi-value-metadata-attributes ],
+    [ ? vlan,
+      ? vlan-name,
+      ? port,
+      ? adm-dom
+    ])
+
+location = ("meta", "location",
+    [ multi-value-metadata-attributes ],
+    [ discovered-time,
+      discoverer-id,
+      + location-information
+    ])
+
+request-for-investigation = ("meta", "request-for-investigation",
+    [ multi-value-metadata-attributes ],
+    [ ? qualifier ])
+
+role = ("meta", "role",
+    [ multi-value-metadata-attributes ],
+    [ ? administrative-domain,
+      name
+    ])
+
+unexpected-behavior = ("meta", "unexpected-behavior",
+    [ multi-value-metadata-attributes ],
+    [ discovered-time,
+      discoverer-id,
+      ? information,
+      magnitude,
+      ? confidence,
+      significance,
+      ? type
+    ])
+
+wlan-security-type = "open" / "wep" / "tkip" / "ccmp" / "bip" / "other"
+
+ssid = ("", "ssid", [], tstr)
+ssid-unicast-security = ("", "ssid-unicast-security",
+    [ ? other-type-definition ],
+    [ wlan-security-type ])
+ssid-group-security = ("", "ssid-group-security",
+    [ ? other-type-definition ],
+    [ wlan-security-type ])
+ssid-management-security = ("", "ssid-management-security",
+    [ ? other-type-definition ],
+    [ wlan-security-type ])
+
+wlan-information = ("meta", "wlan-information",
+    [ single-value-metadata-attributes ],
+    [ ? ssid,
+      + ssid-unicast-security,
+      ssid-group-security,
+      + ssid-management-security
+    ])