cddl 0.8.18 → 0.8.23

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ea0383306d236be5fef58afc284e8129b9cd125bb0b8548e6bf76f3bd7b45ab9
-  data.tar.gz: 3e439913ec68a51c044a4215a72789a2e4f25dd05b5f9e864349ce7dc9f83113
+  metadata.gz: 900cef2acf86b7e14cd7c6b534b590862452c75b79c8244126dab0a2a91dc809
+  data.tar.gz: 6107b03e4c7ac8f7cdedde604a1ae84198d0709b3147674775998d17d3ead00e
 SHA512:
-  metadata.gz: a2d7a09bbeedfb2a1d9884deb69e55c8ed889eec727d67fed6c74223981c6cea5aac9fc07a37dd9bd2e253f5942afdc3ac35effe7a9a8baab47baf375f88222e
-  data.tar.gz: dd32c4869a4d708863ba8ed1188ae1f98b784c6fc6d33ffab54d2db4a6254cbf2ea0490706d31ae2f4c53f21e64ce7a87b9bb0d81ec495765ffe19a2471c6470
+  metadata.gz: 4daecf273c14c8f3be89fbbe0a02522c7d53509adc25aeca23b2466387b10506503e8d8b7d23647d9eecaacc4fac154a8ca859bc54294599fc775e581bfa7eb2
+  data.tar.gz: 8d7cf1307dcad944255ef2c83bfda804c88b250145b3ae949954fb865412bf61edd3e0e24e76729a554e92da93a86406c1b6a7e275c99b81bdd06743dca823a9

data/cddl.gemspec

@@ -1,6 +1,6 @@
 spec = Gem::Specification.new do |s|
   s.name = 'cddl'
-  s.version = '0.8.18'
+  s.version = '0.8.23'
   s.summary = "CDDL generator and validator."
   s.description = %{A parser, generator, and validator for CDDL}
   s.add_dependency('cbor-diag')

data/lib/cddl.rb

@@ -56,6 +56,8 @@ module CDDL
       @ast = @abnf.ast?
       # our little argument stack for rule processing
       @insides = []
+      # collect error information
+      @last_message = ""
     end
 
     def apr                     # for debugging
@@ -244,6 +246,12 @@ module CDDL
       [rule[0], *rule[1]]
     end
 
+    def remove_indentation(s)
+      l = s.lines
+      indent = l.grep(/\S/).map {|l| l[/^\s*/].size}.min
+      l.map {|l| l.sub(/^ {0,#{indent}}/, "")}.join
+    end
+
     # Memoize a bit here
 
     REGEXP_FOR_STRING = Hash.new {|h, k|
@@ -255,6 +263,11 @@ module CDDL
       h[k] = ABNF.from_abnf(grammar)
     }
 
+    ABNF_ENCODING_FOR_CONOP = {
+      abnf: Encoding::UTF_8,
+      abnfb: Encoding::BINARY
+    }
+
     def generate
       @recursion = 0
       generate1(rules)
@@ -399,7 +412,7 @@ module CDDL
       when :anno
         target = where[2]
         control = where[3]
-        case where[1]
+        case conop = where[1]
         when :size
           should_be_int = generate1(control)
           unless (Array === target && target[0] == :prim && [0, 2, 3].include?(target[1])) && Integer === should_be_int && should_be_int >= 0
@@ -447,9 +460,10 @@ module CDDL
           generate1(target, inmap)
         when :feature
           generate1(target, inmap)
-        when :cat
+        when :cat, :det
           lhs = generate1(target, inmap)
           rhs = generate1(control)
+          rhs = remove_indentation(rhs) if conop == :det
           begin
             lhs + rhs
           rescue Exception => e
@@ -483,7 +497,7 @@ module CDDL
                     content = Integer(content)
                     case target[1]
                     when 0
-                      case where[1]
+                      case conop
                       when :lt
                         rand(0...content)
                       when :le
@@ -510,18 +524,25 @@ module CDDL
             fail "Don't know yet how to generate #{where}"
           end
           REGEXP_FOR_STRING[regexp].random_example(max_repeater_variance: 5)
-        when :abnf
+        when :abnf, :abnfb
           grammar = generate1(control)
-          unless target == [:prim, 3] && String === grammar
+          bytes = true if target == [:prim, 2]
+          bytes = false if target == [:prim, 3]
+          unless !bytes.nil? && String === grammar
             fail "Don't know yet how to generate #{where}"
           end
-          ABNF_PARSER_FOR_STRING[grammar].generate
+          out = ABNF_PARSER_FOR_STRING[grammar].generate
+          if conop == :abnfb
+            out = out.codepoints.pack("C*")
+          end
+          enc = bytes ? Encoding::BINARY : Encoding::UTF_8
+          out.force_encoding(enc)
         when :cbor, :cborseq
           unless target == [:prim, 2]
             fail "Don't know yet how to generate #{where}"
           end
           content = CBOR::encode(generate1(control))
-          if where[1] == :cborseq
+          if conop == :cborseq
             # remove the first head
             n = case content.getbyte(0) - (4 << 5)
                 when 0..23; 1
@@ -539,7 +560,7 @@ module CDDL
             content = generate1(target)
             if validate1(content, control)
               return content
-            elsif where[1] == :within
+            elsif conop == :within
               warn "*** #{content.inspect} meets #{target.inspect} but not #{control.inspect}"
             end
           end
@@ -580,7 +601,7 @@ module CDDL
       elsif t[0] == :anno
         _, conop, target, control = t
         # warn ["EXV0", conop, target, control].inspect
-        if conop == :cat || conop == :plus
+        if conop == :cat || conop == :plus || conop == :det
           ok1, v1, vt1 = extract_value(target)
           ok2, v2, vt2 = extract_value(control)
           # warn ["EXV", ok1, v1, vt1, ok2, v2, vt2].inspect
@@ -590,6 +611,7 @@ module CDDL
             elsif vt1 == Float
               [true, v1 + v2, vt1] if vt2 == Integer || vt2 == Float
             else
+              v2 = remove_indentation(v2) if conop == :det
               [true, v1 + v2, vt1] if vt1 == vt2
             end
           end rescue nil
@@ -634,7 +656,7 @@ module CDDL
 
     def validate_result(check)
       check || (
-        @last_message = yield
+        @last_message << yield
         false
       )
     end
@@ -667,7 +689,9 @@ module CDDL
             ann.concat(ann2)
           end
           if occ < s
-            @last_message = "occur not reached in array #{d} for #{where}"
+            # warn "*** lme #{@last_message.encoding} #{@last_message}"
+            # warn "*** #{"\noccur #{occ} < #{s}, not reached at #{i} in array #{d} for #{where}".encoding}"
+            @last_message << "\noccur #{occ} < #{s}, not reached at #{i} in array #{d} for #{where}"
             return [false, ann]
           end
         end
@@ -756,13 +780,17 @@ module CDDL
                           puts "COMPLEX: #{k.inspect} #{simple.inspect} #{simpleval.inspect}"         if ENV["CDDL_TRACE"]
             keys = d_check.keys
             ta, keys = keys.partition{ |key| validate1(key, k)}
-            # XXX check ta.size against s/e
-            ta.all? { |val|
-              if (ann2 = validate1a(d[val], v)) && 
-                 d_check.delete(val) {:not_found} != :not_found
-                anno.concat(ann2)
-              end
-            }
+            count = 0
+            catch :enough do
+              ta.all? { |val|
+                if (ann2 = validate1a(d[val], v)) && # XXX check cut or not!
+                   d_check.delete(val) {:not_found} != :not_found
+                  anno.concat(ann2)
+                  throw :enough, true if (count += 1) == e
+                  true
+                end
+              }
+            end and count >= s  # XXX save error indication
           end
           end
         else
@@ -832,6 +860,7 @@ module CDDL
           # warn ["ANNO0", ok1, v1, vt1, ok2, v2, vt2, d].inspect
           if ok1 && ok2
             v2 = Integer(v2) if vt1 == Integer
+            v2 = remove_indentation(v2) if conop == :det
             # warn ["ANNO", ok1, v1, vt1, ok2, v2, vt2, d].inspect
             [] if d == v1 + v2  # XXX Focus ArgumentError
           end
@@ -908,17 +937,19 @@ module CDDL
               end
             end
             )
-          when :abnf            # XXX .abnf vs. .abnfb
+          when :abnf, :abnfb
             ann if (
             if String === d
               ok, v, vt = extract_value(control)
               if ok && vt == String
                 begin
-                  ABNF_PARSER_FOR_STRING[v].validate(d)
+                  ABNF_PARSER_FOR_STRING[v].validate(
+                    d.dup.force_encoding(ABNF_ENCODING_FOR_CONOP[conop]).codepoints.pack("U*")
+                  )
                   true
                 rescue => e
                   # warn "*** #{e}" # XXX
-                  @last_message = e
+                  @last_message = e.to_s.force_encoding(Encoding::UTF_8)
                   nil
                 end
               end
@@ -1278,7 +1309,8 @@ module CDDL
     BRACE = {"{" => :map, "[" => :array}
     RANGE_EXCLUDE_END = {".." => false, "..." => true}
     SUPPORTED_ANNOTATIONS = [:bits, :size, :regexp, :cbor, :cborseq, :within, :and,
-                             :default, :lt, :le, :gt, :ge, :eq, :ne, :feature, :abnf, :cat, :plus]
+                             :default, :lt, :le, :gt, :ge, :eq, :ne,
+                             :feature, :abnf, :abnfb, :det, :cat, :plus]
 
     def type1(n, canbegroup = false)
 #      puts "NVALUE #{n.value.inspect}"

data/test-data/abnf3.cddl

@@ -0,0 +1,32 @@
+start = [tt, tb, bt, bb]
+
+
+tt = text .abnf '4DIGIT 1FOO
+DIGIT          =  %x30-39 ; 0-9
+FOO = %xc0-cf
+'
+tb = text .abnfb '4DIGIT 1FOO
+DIGIT          =  %x30-39 ; 0-9
+FOO = %xc0-cf
+'
+bt = bytes .abnf '4DIGIT 1FOO
+DIGIT          =  %x30-39 ; 0-9
+FOO = %xc0-cf
+'
+bb = bytes .abnfb '4DIGIT 1FOO
+DIGIT          =  %x30-39 ; 0-9
+FOO = %xc0-cf
+'
+
+; ["7408\xC6", "7073\xC3", h'30383131CD', h'32363738CD']
+; ["5892\u00ca", "2145\u00c6", h'33333338C38B', h'31343033C388']
+
+
+; ** ENCOED UTF-8
+; ** ENCOED UTF-8
+; ** ENCOED UTF-8
+; ** ENCOED UTF-8
+; ["5845\u00c6", "9329\u00cb", h'38393538C389', h'33343230C386']
+
+
+; ["1066\u00cc", "9253\xC9", h'38333533C38A', h'32373337C4']

data/test-data/bat.cddl

@@ -0,0 +1,16 @@
+start = [v1, v2, v3, v4]
+
+v1 = "a" .bat "b"
+
+v2 = "a" .bat " b"
+
+v3 = "a" .bat '
+  oid = 1*arc
+  roid = *arc
+  arc = [nlsb] %x00-7f
+  nlsb = %x81-ff *%x80-ff
+'
+
+bbat<v1, v2> = ("" .bat v1) .bat v2
+
+v4 = bbat<" a", "   b">

data/test-data/homenet-de.cddl

@@ -0,0 +1,12 @@
+   hna-configuration = {
+     "registred_domain" : tstr,
+     "dm"               : tstr,
+     ? "dm_transport" : "53" // "DoT" // "DoH" // "DoQ"
+     ? "dm_port"        : uint,
+     ? "dm_acl"         : hna-acl // [ +hna-acl ]
+     ? "hna_auth_method": hna-auth-method
+     ? "hna_certificate": tstr
+   }
+
+   hna-acl          = tstr
+   hna-auth-method  /= "certificate"

data/test-data/homenet-fe.cddl

@@ -0,0 +1,12 @@
+hna-configuration = {
+  "registered_domain" : tstr,
+  "dm"                : tstr,
+  ? "dm_transport" : "53" / "DoT" / "DoH" / "DoQ"
+  ? "dm_port"        : uint,
+  ? "dm_acl"         : hna-acl / [ +hna-acl ]
+  ? "hna_auth_method": hna-auth-method
+  ? "hna_certificate": tstr
+}
+
+hna-acl          = tstr
+hna-auth-method  /= "certificate"

data/test-data/lint1.cddl

@@ -0,0 +1,9 @@
+$instance-value-choice = (
+  comid.mac-addr => mac-addr-type //
+  comid.ip-addr => ip-addr-type //
+  comid.serial-number => serial-number-type //
+  comid.ueid => ueid //
+  comid.uuid => uuid
+)
+
+; this populates a type socket with a group choice

data/test-data/non-empty.cddl

@@ -0,0 +1,5 @@
+distinguishedName = non-empty<{
+   ? country: text
+ }>
+
+ non-empty<M> = (M) .and ({ + any => any })

data/test-data/oid.cddl

@@ -0,0 +1,8 @@
+oid = bytes .abnfb ("oid" .cat cbor-tags-oid)
+
+cbor-tags-oid = '
+oid = 1*arc
+roid = *arc
+arc = [nlsb] %x00-7f
+nlsb = %x81-ff *%x80-ff
+'

data/test-data/oidbat.cddl

@@ -0,0 +1,8 @@
+oid = bytes .abnfb ("oid" .bat cbor-tags-oid)
+
+cbor-tags-oid = '
+  oid = 1*arc
+  roid = *arc
+  arc = [nlsb] %x00-7f
+  nlsb = %x81-ff *%x80-ff
+'

data/test-data/plus.cddl

@@ -0,0 +1,3 @@
+a = {
++ any => any
+}

data/test-data/sasl.cddl

@@ -0,0 +1,24 @@
+message = text .abnfb ("message" .cat rfc4505)
+
+rfc4505 = '
+message     = [ email / token ]
+              ;; to be prepared in accordance with Section 3
+
+UTF1        = %x00-3F / %x41-7F ;; less "@" (U+0040)
+UTF2        = %xC2-DF UTF0
+UTF3        = %xE0 %xA0-BF UTF0 / %xE1-EC 2(UTF0) /
+              %xED %x80-9F UTF0 / %xEE-EF 2(UTF0)
+UTF4        = %xF0 %x90-BF 2(UTF0) / %xF1-F3 3(UTF0) /
+              %xF4 %x80-8F 2(UTF0)
+UTF0        = %x80-BF
+
+TCHAR       = UTF1 / UTF2 / UTF3 / UTF4
+              ;; any UTF-8 encoded Unicode character
+              ;; except "@" (U+0040)
+
+email        = "too@much.work"; for this example
+;email       = addr-spec
+              ;; as defined in [IMAIL]
+
+token       = 1*255TCHAR
+'

data/test-data/sipos.cddl

@@ -0,0 +1,8 @@
+; start = {*$$socket}
+; $$socket //= (4: bstr)
+; $ cddl works.cddl generate 
+; {4: h'6F7267616E69736D'}
+; $ cat fails.cddl
+start = {*$$socket}
+$$socket //= (some,)
+some = (4: bstr)

data/test-data/star-edited.cddl

@@ -0,0 +1,98 @@
+csr-template-schema = {
+  keyTypes: [ 1* $keyType ]
+  ? subject: distinguishedName
+  extensions: extensions
+}
+
+mandatory-wildcard = "**"
+optional-wildcard = "*"
+wildcard = mandatory-wildcard / optional-wildcard
+
+; non-empty = { + any => any }
+non-empty<M> = (M) .and ({ + any => any })
+
+; regtext matches all text strings but "*" and "**"
+regtext = text .regexp "([^\*].*)|([\*][^\*].*)|([\*][\*].+)"
+
+regtext-or-wildcard = regtext / wildcard
+
+distinguishedName = non-empty<{
+  ? country: regtext-or-wildcard
+  ? stateOrProvince: regtext-or-wildcard
+  ? locality: regtext-or-wildcard
+  ? organization: regtext-or-wildcard
+  ? organizationalUnit: regtext-or-wildcard
+  ? emailAddress: regtext-or-wildcard
+  ? commonName: regtext-or-wildcard
+}>
+
+$keyType /= rsaKeyType
+$keyType /= ecdsaKeyType
+
+rsaKeyType = {
+  PublicKeyType: "rsaEncryption" ; OID: 1.2.840.113549.1.1.1
+  PublicKeyLength: rsaKeySize
+  SignatureType: $rsaSignatureType
+}
+
+rsaKeySize = int .ge 2048
+
+; RSASSA-PKCS1-v1_5 with SHA-256
+$rsaSignatureType /= "sha256WithRSAEncryption"
+; RSASSA-PCKS1-v1_5 with SHA-384
+$rsaSignatureType /= "sha384WithRSAEncryption"
+; RSASSA-PCKS1-v1_5 with SHA-512
+$rsaSignatureType /= "sha512WithRSAEncryption"
+; RSASSA-PSS with SHA-256, MGF-1 with SHA-256, and a 32 byte salt
+$rsaSignatureType /= "sha256WithRSAandMGF1"
+; RSASSA-PSS with SHA-384, MGF-1 with SHA-384, and a 48 byte salt
+$rsaSignatureType /= "sha384WithRSAandMGF1"
+; RSASSA-PSS with SHA-512, MGF-1 with SHA-512, and a 64 byte salt
+$rsaSignatureType /= "sha512WithRSAandMGF1"
+
+ecdsaKeyType = {
+  PublicKeyType: "id-ecPublicKey" ; OID: 1.2.840.10045.2.1
+  namedCurve: $ecdsaCurve
+  SignatureType: $ecdsaSignatureType
+}
+
+$ecdsaCurve /= "secp256r1" ; OID: 1.2.840.10045.3.1.7
+$ecdsaCurve /= "secp384r1" ; OID: 1.3.132.0.34
+$ecdsaCurve /= "secp521r1" ; OID: 1.3.132.0.3
+
+$ecdsaSignatureType /= "ecdsa-with-SHA256" ; paired with secp256r1
+$ecdsaSignatureType /= "ecdsa-with-SHA384" ; paired with secp384r1
+$ecdsaSignatureType /= "ecdsa-with-SHA512" ; paired with secp521r1
+
+subjectaltname = {
+  ? DNS: [ 1* regtext-or-wildcard ]
+  ? Email: [ 1* regtext ]
+  ? URI: [ 1* regtext ]
+  * $$subjectaltname-extension
+}
+
+extensions = {
+  ? keyUsage: [ 1* keyUsageType ]
+  ? extendedKeyUsage: [ 1* extendedKeyUsageType ]
+  subjectAltName: subjectaltname
+}
+
+keyUsageType /= "digitalSignature"
+keyUsageType /= "nonRepudiation"
+keyUsageType /= "keyEncipherment"
+keyUsageType /= "dataEncipherment"
+keyUsageType /= "keyAgreement"
+keyUsageType /= "keyCertSign"
+keyUsageType /= "cRLSign"
+keyUsageType /= "encipherOnly"
+keyUsageType /= "decipherOnly"
+
+extendedKeyUsageType /= "serverAuth"
+extendedKeyUsageType /= "clientAuth"
+extendedKeyUsageType /= "codeSigning"
+extendedKeyUsageType /= "emailProtection"
+extendedKeyUsageType /= "timeStamping"
+extendedKeyUsageType /= "OCSPSigning"
+extendedKeyUsageType /= oid
+
+oid = text .regexp "[0-9]+(\\.[0-9]+)*"

data/test-data/star.cddl

@@ -0,0 +1,95 @@
+csr-template-schema = {
+  keyTypes: [ 1* $keyType ]
+  ? subject: distinguishedName
+  extensions: extensions
+}
+
+mandatory-wildcard = "**"
+optional-wildcard = "*"
+wildcard = mandatory-wildcard / optional-wildcard
+
+; regtext matches all text strings but "*" and "**"
+regtext = text .regexp "([^\*].*)|([\*][^\*].*)|([\*][\*].+)"
+
+regtext-or-wildcard = regtext / wildcard
+
+distinguishedName = {
+  ? country: regtext-or-wildcard
+  ? stateOrProvince: regtext-or-wildcard
+  ? locality: regtext-or-wildcard
+  ? organization: regtext-or-wildcard
+  ? organizationalUnit: regtext-or-wildcard
+  ? emailAddress: regtext-or-wildcard
+  ? commonName: regtext-or-wildcard
+}
+
+$keyType /= rsaKeyType
+$keyType /= ecdsaKeyType
+
+rsaKeyType = {
+  PublicKeyType: "rsaEncryption" ; OID: 1.2.840.113549.1.1.1
+  PublicKeyLength: rsaKeySize
+  SignatureType: $rsaSignatureType
+}
+
+rsaKeySize = int .ge 2048
+
+; RSASSA-PKCS1-v1_5 with SHA-256
+$rsaSignatureType /= "sha256WithRSAEncryption"
+; RSASSA-PCKS1-v1_5 with SHA-384
+$rsaSignatureType /= "sha384WithRSAEncryption"
+; RSASSA-PCKS1-v1_5 with SHA-512
+$rsaSignatureType /= "sha512WithRSAEncryption"
+; RSASSA-PSS with SHA-256, MGF-1 with SHA-256, and a 32 byte salt
+$rsaSignatureType /= "sha256WithRSAandMGF1"
+; RSASSA-PSS with SHA-384, MGF-1 with SHA-384, and a 48 byte salt
+$rsaSignatureType /= "sha384WithRSAandMGF1"
+; RSASSA-PSS with SHA-512, MGF-1 with SHA-512, and a 64 byte salt
+$rsaSignatureType /= "sha512WithRSAandMGF1"
+
+ecdsaKeyType = {
+  PublicKeyType: "id-ecPublicKey" ; OID: 1.2.840.10045.2.1
+  namedCurve: $ecdsaCurve
+  SignatureType: $ecdsaSignatureType
+}
+
+$ecdsaCurve /= "secp256r1" ; OID: 1.2.840.10045.3.1.7
+$ecdsaCurve /= "secp384r1" ; OID: 1.3.132.0.34
+$ecdsaCurve /= "secp521r1" ; OID: 1.3.132.0.3
+
+$ecdsaSignatureType /= "ecdsa-with-SHA256" ; paired with secp256r1
+$ecdsaSignatureType /= "ecdsa-with-SHA384" ; paired with secp384r1
+$ecdsaSignatureType /= "ecdsa-with-SHA512" ; paired with secp521r1
+
+subjectaltname = {
+  ? DNS: [ 1* regtext-or-wildcard ]
+  ? Email: [ 1* regtext ]
+  ? URI: [ 1* regtext ]
+  * $$subjectaltname-extension
+}
+
+extensions = {
+  ? keyUsage: [ 1* keyUsageType ]
+  ? extendedKeyUsage: [ 1* extendedKeyUsageType ]
+  subjectAltName: subjectaltname
+}
+
+keyUsageType /= "digitalSignature"
+keyUsageType /= "nonRepudiation"
+keyUsageType /= "keyEncipherment"
+keyUsageType /= "dataEncipherment"
+keyUsageType /= "keyAgreement"
+keyUsageType /= "keyCertSign"
+keyUsageType /= "cRLSign"
+keyUsageType /= "encipherOnly"
+keyUsageType /= "decipherOnly"
+
+extendedKeyUsageType /= "serverAuth"
+extendedKeyUsageType /= "clientAuth"
+extendedKeyUsageType /= "codeSigning"
+extendedKeyUsageType /= "emailProtection"
+extendedKeyUsageType /= "timeStamping"
+extendedKeyUsageType /= "OCSPSigning"
+extendedKeyUsageType /= oid
+
+oid = text .regexp "[0-9]+(\\.[0-9]+)*"

data/test-data/time.cddl

@@ -0,0 +1,11 @@
+etime = #6.1001({
+  1: int,
+  ? (
+    -3: uint .lt 1000 //
+    -6: uint .lt 1000000 //
+    -9: uint .lt 1000000000 //
+    -12: uint .lt 1000000000000 //
+    -15: uint .lt 1000000000000000 //
+    -18: uint .lt 1000000000000000000
+  )
+})

data/test-data/yaron1.cddl

@@ -0,0 +1,95 @@
+csr-template-schema = {
+  keyTypes: [ 1* $keyType ]
+  ? subject: distinguishedName
+  extensions: extensions
+}
+
+mandatory-wildcard = "**"
+optional-wildcard = "*"
+wildcard = mandatory-wildcard / optional-wildcard
+
+; regtext matches all text strings but "*" and "**"
+regtext = text .regexp "([^\*].*)|([\*][^\*].*)|([\*][\*].+)"
+
+regtext-or-wildcard = regtext / wildcard
+
+distinguishedName = {
+  ? country: regtext-or-wildcard
+  ? stateOrProvince: regtext-or-wildcard
+  ? locality: regtext-or-wildcard
+  ? organization: regtext-or-wildcard
+  ? organizationalUnit: regtext-or-wildcard
+  ? emailAddress: regtext-or-wildcard
+  ? commonName: regtext-or-wildcard
+}
+
+$keyType /= rsaKeyType
+$keyType /= ecdsaKeyType
+
+rsaKeyType = {
+  PublicKeyType: "rsaEncryption" ; OID: 1.2.840.113549.1.1.1
+  PublicKeyLength: rsaKeySize
+  SignatureType: $rsaSignatureType
+}
+
+rsaKeySize = int .ge 2048
+
+; RSASSA-PKCS1-v1_5 with SHA-256
+$rsaSignatureType /= "sha256WithRSAEncryption"
+; RSASSA-PCKS1-v1_5 with SHA-384
+$rsaSignatureType /= "sha384WithRSAEncryption"
+; RSASSA-PCKS1-v1_5 with SHA-512
+$rsaSignatureType /= "sha512WithRSAEncryption"
+; RSASSA-PSS with SHA-256, MGF-1 with SHA-256, and a 32 byte salt
+$rsaSignatureType /= "sha256WithRSAandMGF1"
+; RSASSA-PSS with SHA-384, MGF-1 with SHA-384, and a 48 byte salt
+$rsaSignatureType /= "sha384WithRSAandMGF1"
+; RSASSA-PSS with SHA-512, MGF-1 with SHA-512, and a 64 byte salt
+$rsaSignatureType /= "sha512WithRSAandMGF1"
+
+ecdsaKeyType = {
+  PublicKeyType: "id-ecPublicKey" ; OID: 1.2.840.10045.2.1
+  namedCurve: $ecdsaCurve
+  SignatureType: $ecdsaSignatureType
+}
+
+$ecdsaCurve /= "secp256r1" ; OID: 1.2.840.10045.3.1.7
+$ecdsaCurve /= "secp384r1" ; OID: 1.3.132.0.34
+$ecdsaCurve /= "secp521r1" ; OID: 1.3.132.0.3
+
+$ecdsaSignatureType /= "ecdsa-with-SHA256" ; paired with secp256r1
+$ecdsaSignatureType /= "ecdsa-with-SHA384" ; paired with secp384r1
+$ecdsaSignatureType /= "ecdsa-with-SHA512" ; paired with secp521r1
+
+subjectaltname = {
+  ? DNS: [ 1* regtext-or-wildcard ]
+  ? Email: [ 1* regtext ]
+  ? URI: [ 1* regtext ]
+  * $$subjectaltname-extension
+}
+
+extensions = {
+  ? keyUsage: [ 1* keyUsageType ]
+  ? extendedKeyUsage: [ 1* extendedKeyUsageType ]
+  subjectAltName: subjectaltname
+}
+
+keyUsageType /= "digitalSignature"
+keyUsageType /= "nonRepudiation"
+keyUsageType /= "keyEncipherment"
+keyUsageType /= "dataEncipherment"
+keyUsageType /= "keyAgreement"
+keyUsageType /= "keyCertSign"
+keyUsageType /= "cRLSign"
+keyUsageType /= "encipherOnly"
+keyUsageType /= "decipherOnly"
+
+extendedKeyUsageType /= "serverAuth"
+extendedKeyUsageType /= "clientAuth"
+extendedKeyUsageType /= "codeSigning"
+extendedKeyUsageType /= "emailProtection"
+extendedKeyUsageType /= "timeStamping"
+extendedKeyUsageType /= "OCSPSigning"
+extendedKeyUsageType /= oid
+
+oid = text .regexp "[0-9]+(\\.[0-9]+)*"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cddl
 version: !ruby/object:Gem::Version
-  version: 0.8.18
+  version: 0.8.23
 platform: ruby
 authors:
 - Carsten Bormann
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-02-25 00:00:00.000000000 Z
+date: 2021-04-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cbor-diag
@@ -116,10 +116,12 @@ files:
 - test-data/abignum.cddl
 - test-data/abnf1.cddl
 - test-data/abnf2.cddl
+- test-data/abnf3.cddl
 - test-data/ambig.cddl
 - test-data/b.cddl
 - test-data/badaddr.cddl
 - test-data/basic_syntax_example.cddl
+- test-data/bat.cddl
 - test-data/bpv7.cddl
 - test-data/bpv7a.cddl
 - test-data/bpv7b.cddl
@@ -143,6 +145,8 @@ files:
 - test-data/grasp-09.cddl
 - test-data/grasp-v1.cddl
 - test-data/grasp-v2X.cddl
+- test-data/homenet-de.cddl
+- test-data/homenet-fe.cddl
 - test-data/ifmap-base-2.0v17.cddl
 - test-data/ifmap-base-2.2v9_fh-cabo.cddl
 - test-data/ifmap-metadata-2.2v9_fh-cabo.cddl
@@ -152,6 +156,7 @@ files:
 - test-data/jim-cut.cddl
 - test-data/jsoniodef.cddl
 - test-data/kevin5.cddl
+- test-data/lint1.cddl
 - test-data/map-group.cddl
 - test-data/mapkey.cddl
 - test-data/mdl-ble.cddl
@@ -165,11 +170,20 @@ files:
 - test-data/mon-val.cddl
 - test-data/multipart-ct.cddl
 - test-data/named-group.cddl
+- test-data/non-empty.cddl
+- test-data/oid.cddl
+- test-data/oidbat.cddl
 - test-data/patch1.cddl
+- test-data/plus.cddl
 - test-data/reused_named_group.cddl
+- test-data/sasl.cddl
 - test-data/sequence.cddl
+- test-data/sipos.cddl
+- test-data/star-edited.cddl
+- test-data/star.cddl
 - test-data/structure.cddl
 - test-data/test-gen.cddl
+- test-data/time.cddl
 - test-data/toerless0.cddl
 - test-data/toerless1.cddl
 - test-data/two_anonymous_groups.cddl
@@ -178,6 +192,7 @@ files:
 - test-data/wrong2.cddl
 - test-data/wrong2a.cddl
 - test-data/xmlmig.cddl
+- test-data/yaron1.cddl
 - test/test-cddl.rb
 homepage: http://github.com/cabo/cddl
 licenses: