cddl 0.8.19 → 0.8.24
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/cddl.gemspec +1 -1
- data/lib/cddl.rb +30 -15
- data/test-data/bat.cddl +16 -0
- data/test-data/complex-occ.cddl +11 -0
- data/test-data/homenet-de.cddl +12 -0
- data/test-data/homenet-fe.cddl +12 -0
- data/test-data/lint1.cddl +9 -0
- data/test-data/non-empty.cddl +5 -0
- data/test-data/oid.cddl +8 -0
- data/test-data/oidbat.cddl +8 -0
- data/test-data/plus.cddl +3 -0
- data/test-data/sasl.cddl +24 -0
- data/test-data/sipos.cddl +8 -0
- data/test-data/star-edited.cddl +98 -0
- data/test-data/star.cddl +95 -0
- data/test-data/time.cddl +11 -0
- data/test-data/yaron1.cddl +95 -0
- metadata +17 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a2c1f0547764e58450c649bbea75add7bdced3de13d209e2889245f9f93ccc32
|
4
|
+
data.tar.gz: '053925690f1ff8bd8511aaf7879fb0c6ff012357e2b5cb2f66d268e7c8ee6e3d'
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 340381df7522af59ae8bdf637dd7a0731e623f0d36645592c6d1488d2a247d88e612850884f20a27940b9aa66e5174a931ef7d0575ba04bb412070a635706083
|
7
|
+
data.tar.gz: 64ef37b0a90f0b569fc24dfecf3c968296ac3a07602638ee48cf62273d7eecad801d28a1a83efe3b4db1a2ae9234cf97d703a02292ffafdaf480320440a5840a
|
data/cddl.gemspec
CHANGED
data/lib/cddl.rb
CHANGED
@@ -56,6 +56,8 @@ module CDDL
|
|
56
56
|
@ast = @abnf.ast?
|
57
57
|
# our little argument stack for rule processing
|
58
58
|
@insides = []
|
59
|
+
# collect error information
|
60
|
+
@last_message = ""
|
59
61
|
end
|
60
62
|
|
61
63
|
def apr # for debugging
|
@@ -244,6 +246,12 @@ module CDDL
|
|
244
246
|
[rule[0], *rule[1]]
|
245
247
|
end
|
246
248
|
|
249
|
+
def remove_indentation(s)
|
250
|
+
l = s.lines
|
251
|
+
indent = l.grep(/\S/).map {|l| l[/^\s*/].size}.min
|
252
|
+
l.map {|l| l.sub(/^ {0,#{indent}}/, "")}.join
|
253
|
+
end
|
254
|
+
|
247
255
|
# Memoize a bit here
|
248
256
|
|
249
257
|
REGEXP_FOR_STRING = Hash.new {|h, k|
|
@@ -404,7 +412,7 @@ module CDDL
|
|
404
412
|
when :anno
|
405
413
|
target = where[2]
|
406
414
|
control = where[3]
|
407
|
-
case where[1]
|
415
|
+
case conop = where[1]
|
408
416
|
when :size
|
409
417
|
should_be_int = generate1(control)
|
410
418
|
unless (Array === target && target[0] == :prim && [0, 2, 3].include?(target[1])) && Integer === should_be_int && should_be_int >= 0
|
@@ -452,9 +460,10 @@ module CDDL
|
|
452
460
|
generate1(target, inmap)
|
453
461
|
when :feature
|
454
462
|
generate1(target, inmap)
|
455
|
-
when :cat
|
463
|
+
when :cat, :det
|
456
464
|
lhs = generate1(target, inmap)
|
457
465
|
rhs = generate1(control)
|
466
|
+
rhs = remove_indentation(rhs) if conop == :det
|
458
467
|
begin
|
459
468
|
lhs + rhs
|
460
469
|
rescue Exception => e
|
@@ -488,7 +497,7 @@ module CDDL
|
|
488
497
|
content = Integer(content)
|
489
498
|
case target[1]
|
490
499
|
when 0
|
491
|
-
case
|
500
|
+
case conop
|
492
501
|
when :lt
|
493
502
|
rand(0...content)
|
494
503
|
when :le
|
@@ -523,7 +532,7 @@ module CDDL
|
|
523
532
|
fail "Don't know yet how to generate #{where}"
|
524
533
|
end
|
525
534
|
out = ABNF_PARSER_FOR_STRING[grammar].generate
|
526
|
-
if
|
535
|
+
if conop == :abnfb
|
527
536
|
out = out.codepoints.pack("C*")
|
528
537
|
end
|
529
538
|
enc = bytes ? Encoding::BINARY : Encoding::UTF_8
|
@@ -533,7 +542,7 @@ module CDDL
|
|
533
542
|
fail "Don't know yet how to generate #{where}"
|
534
543
|
end
|
535
544
|
content = CBOR::encode(generate1(control))
|
536
|
-
if
|
545
|
+
if conop == :cborseq
|
537
546
|
# remove the first head
|
538
547
|
n = case content.getbyte(0) - (4 << 5)
|
539
548
|
when 0..23; 1
|
@@ -551,7 +560,7 @@ module CDDL
|
|
551
560
|
content = generate1(target)
|
552
561
|
if validate1(content, control)
|
553
562
|
return content
|
554
|
-
elsif
|
563
|
+
elsif conop == :within
|
555
564
|
warn "*** #{content.inspect} meets #{target.inspect} but not #{control.inspect}"
|
556
565
|
end
|
557
566
|
end
|
@@ -592,7 +601,7 @@ module CDDL
|
|
592
601
|
elsif t[0] == :anno
|
593
602
|
_, conop, target, control = t
|
594
603
|
# warn ["EXV0", conop, target, control].inspect
|
595
|
-
if conop == :cat || conop == :plus
|
604
|
+
if conop == :cat || conop == :plus || conop == :det
|
596
605
|
ok1, v1, vt1 = extract_value(target)
|
597
606
|
ok2, v2, vt2 = extract_value(control)
|
598
607
|
# warn ["EXV", ok1, v1, vt1, ok2, v2, vt2].inspect
|
@@ -602,6 +611,7 @@ module CDDL
|
|
602
611
|
elsif vt1 == Float
|
603
612
|
[true, v1 + v2, vt1] if vt2 == Integer || vt2 == Float
|
604
613
|
else
|
614
|
+
v2 = remove_indentation(v2) if conop == :det
|
605
615
|
[true, v1 + v2, vt1] if vt1 == vt2
|
606
616
|
end
|
607
617
|
end rescue nil
|
@@ -770,13 +780,17 @@ module CDDL
|
|
770
780
|
puts "COMPLEX: #{k.inspect} #{simple.inspect} #{simpleval.inspect}" if ENV["CDDL_TRACE"]
|
771
781
|
keys = d_check.keys
|
772
782
|
ta, keys = keys.partition{ |key| validate1(key, k)}
|
773
|
-
|
774
|
-
|
775
|
-
|
776
|
-
|
777
|
-
|
778
|
-
|
779
|
-
|
783
|
+
count = 0
|
784
|
+
catch :enough do
|
785
|
+
ta.all? { |val|
|
786
|
+
if (ann2 = validate1a(d[val], v)) && # XXX check cut or not!
|
787
|
+
d_check.delete(val) {:not_found} != :not_found
|
788
|
+
anno.concat(ann2)
|
789
|
+
throw :enough, true if (count += 1) == e
|
790
|
+
true
|
791
|
+
end
|
792
|
+
}
|
793
|
+
end and validate_result(count >= s) { "not enough #{ta.inspect} for #{r.inspect}" }
|
780
794
|
end
|
781
795
|
end
|
782
796
|
else
|
@@ -846,6 +860,7 @@ module CDDL
|
|
846
860
|
# warn ["ANNO0", ok1, v1, vt1, ok2, v2, vt2, d].inspect
|
847
861
|
if ok1 && ok2
|
848
862
|
v2 = Integer(v2) if vt1 == Integer
|
863
|
+
v2 = remove_indentation(v2) if conop == :det
|
849
864
|
# warn ["ANNO", ok1, v1, vt1, ok2, v2, vt2, d].inspect
|
850
865
|
[] if d == v1 + v2 # XXX Focus ArgumentError
|
851
866
|
end
|
@@ -1295,7 +1310,7 @@ module CDDL
|
|
1295
1310
|
RANGE_EXCLUDE_END = {".." => false, "..." => true}
|
1296
1311
|
SUPPORTED_ANNOTATIONS = [:bits, :size, :regexp, :cbor, :cborseq, :within, :and,
|
1297
1312
|
:default, :lt, :le, :gt, :ge, :eq, :ne,
|
1298
|
-
:feature, :abnf, :abnfb, :cat, :plus]
|
1313
|
+
:feature, :abnf, :abnfb, :det, :cat, :plus]
|
1299
1314
|
|
1300
1315
|
def type1(n, canbegroup = false)
|
1301
1316
|
# puts "NVALUE #{n.value.inspect}"
|
data/test-data/bat.cddl
ADDED
@@ -0,0 +1,11 @@
|
|
1
|
+
foo = {
|
2
|
+
2*4 any => any
|
3
|
+
}
|
4
|
+
|
5
|
+
;;sed -n 's/^; //p' complex-occ.cddl | sh
|
6
|
+
; echo '{}' | cddl complex-occ.cddl v -
|
7
|
+
; echo '{"1": 2}' | cddl complex-occ.cddl v -
|
8
|
+
; echo '{"1": 2, "2": 3}' | cddl complex-occ.cddl v -
|
9
|
+
; echo '{"1": 2, "2": 3, "3": 4}' | cddl complex-occ.cddl v -
|
10
|
+
; echo '{"1": 2, "2": 3, "3": 4, "4": 5}' | cddl complex-occ.cddl v -
|
11
|
+
; echo '{"1": 2, "2": 3, "3": 4, "4": 5, "5": 6}' | cddl complex-occ.cddl v -
|
@@ -0,0 +1,12 @@
|
|
1
|
+
hna-configuration = {
|
2
|
+
"registred_domain" : tstr,
|
3
|
+
"dm" : tstr,
|
4
|
+
? "dm_transport" : "53" // "DoT" // "DoH" // "DoQ"
|
5
|
+
? "dm_port" : uint,
|
6
|
+
? "dm_acl" : hna-acl // [ +hna-acl ]
|
7
|
+
? "hna_auth_method": hna-auth-method
|
8
|
+
? "hna_certificate": tstr
|
9
|
+
}
|
10
|
+
|
11
|
+
hna-acl = tstr
|
12
|
+
hna-auth-method /= "certificate"
|
@@ -0,0 +1,12 @@
|
|
1
|
+
hna-configuration = {
|
2
|
+
"registered_domain" : tstr,
|
3
|
+
"dm" : tstr,
|
4
|
+
? "dm_transport" : "53" / "DoT" / "DoH" / "DoQ"
|
5
|
+
? "dm_port" : uint,
|
6
|
+
? "dm_acl" : hna-acl / [ +hna-acl ]
|
7
|
+
? "hna_auth_method": hna-auth-method
|
8
|
+
? "hna_certificate": tstr
|
9
|
+
}
|
10
|
+
|
11
|
+
hna-acl = tstr
|
12
|
+
hna-auth-method /= "certificate"
|
data/test-data/oid.cddl
ADDED
data/test-data/plus.cddl
ADDED
data/test-data/sasl.cddl
ADDED
@@ -0,0 +1,24 @@
|
|
1
|
+
message = text .abnfb ("message" .cat rfc4505)
|
2
|
+
|
3
|
+
rfc4505 = '
|
4
|
+
message = [ email / token ]
|
5
|
+
;; to be prepared in accordance with Section 3
|
6
|
+
|
7
|
+
UTF1 = %x00-3F / %x41-7F ;; less "@" (U+0040)
|
8
|
+
UTF2 = %xC2-DF UTF0
|
9
|
+
UTF3 = %xE0 %xA0-BF UTF0 / %xE1-EC 2(UTF0) /
|
10
|
+
%xED %x80-9F UTF0 / %xEE-EF 2(UTF0)
|
11
|
+
UTF4 = %xF0 %x90-BF 2(UTF0) / %xF1-F3 3(UTF0) /
|
12
|
+
%xF4 %x80-8F 2(UTF0)
|
13
|
+
UTF0 = %x80-BF
|
14
|
+
|
15
|
+
TCHAR = UTF1 / UTF2 / UTF3 / UTF4
|
16
|
+
;; any UTF-8 encoded Unicode character
|
17
|
+
;; except "@" (U+0040)
|
18
|
+
|
19
|
+
email = "too@much.work"; for this example
|
20
|
+
;email = addr-spec
|
21
|
+
;; as defined in [IMAIL]
|
22
|
+
|
23
|
+
token = 1*255TCHAR
|
24
|
+
'
|
@@ -0,0 +1,98 @@
|
|
1
|
+
csr-template-schema = {
|
2
|
+
keyTypes: [ 1* $keyType ]
|
3
|
+
? subject: distinguishedName
|
4
|
+
extensions: extensions
|
5
|
+
}
|
6
|
+
|
7
|
+
mandatory-wildcard = "**"
|
8
|
+
optional-wildcard = "*"
|
9
|
+
wildcard = mandatory-wildcard / optional-wildcard
|
10
|
+
|
11
|
+
; non-empty = { + any => any }
|
12
|
+
non-empty<M> = (M) .and ({ + any => any })
|
13
|
+
|
14
|
+
; regtext matches all text strings but "*" and "**"
|
15
|
+
regtext = text .regexp "([^\*].*)|([\*][^\*].*)|([\*][\*].+)"
|
16
|
+
|
17
|
+
regtext-or-wildcard = regtext / wildcard
|
18
|
+
|
19
|
+
distinguishedName = non-empty<{
|
20
|
+
? country: regtext-or-wildcard
|
21
|
+
? stateOrProvince: regtext-or-wildcard
|
22
|
+
? locality: regtext-or-wildcard
|
23
|
+
? organization: regtext-or-wildcard
|
24
|
+
? organizationalUnit: regtext-or-wildcard
|
25
|
+
? emailAddress: regtext-or-wildcard
|
26
|
+
? commonName: regtext-or-wildcard
|
27
|
+
}>
|
28
|
+
|
29
|
+
$keyType /= rsaKeyType
|
30
|
+
$keyType /= ecdsaKeyType
|
31
|
+
|
32
|
+
rsaKeyType = {
|
33
|
+
PublicKeyType: "rsaEncryption" ; OID: 1.2.840.113549.1.1.1
|
34
|
+
PublicKeyLength: rsaKeySize
|
35
|
+
SignatureType: $rsaSignatureType
|
36
|
+
}
|
37
|
+
|
38
|
+
rsaKeySize = int .ge 2048
|
39
|
+
|
40
|
+
; RSASSA-PKCS1-v1_5 with SHA-256
|
41
|
+
$rsaSignatureType /= "sha256WithRSAEncryption"
|
42
|
+
; RSASSA-PCKS1-v1_5 with SHA-384
|
43
|
+
$rsaSignatureType /= "sha384WithRSAEncryption"
|
44
|
+
; RSASSA-PCKS1-v1_5 with SHA-512
|
45
|
+
$rsaSignatureType /= "sha512WithRSAEncryption"
|
46
|
+
; RSASSA-PSS with SHA-256, MGF-1 with SHA-256, and a 32 byte salt
|
47
|
+
$rsaSignatureType /= "sha256WithRSAandMGF1"
|
48
|
+
; RSASSA-PSS with SHA-384, MGF-1 with SHA-384, and a 48 byte salt
|
49
|
+
$rsaSignatureType /= "sha384WithRSAandMGF1"
|
50
|
+
; RSASSA-PSS with SHA-512, MGF-1 with SHA-512, and a 64 byte salt
|
51
|
+
$rsaSignatureType /= "sha512WithRSAandMGF1"
|
52
|
+
|
53
|
+
ecdsaKeyType = {
|
54
|
+
PublicKeyType: "id-ecPublicKey" ; OID: 1.2.840.10045.2.1
|
55
|
+
namedCurve: $ecdsaCurve
|
56
|
+
SignatureType: $ecdsaSignatureType
|
57
|
+
}
|
58
|
+
|
59
|
+
$ecdsaCurve /= "secp256r1" ; OID: 1.2.840.10045.3.1.7
|
60
|
+
$ecdsaCurve /= "secp384r1" ; OID: 1.3.132.0.34
|
61
|
+
$ecdsaCurve /= "secp521r1" ; OID: 1.3.132.0.3
|
62
|
+
|
63
|
+
$ecdsaSignatureType /= "ecdsa-with-SHA256" ; paired with secp256r1
|
64
|
+
$ecdsaSignatureType /= "ecdsa-with-SHA384" ; paired with secp384r1
|
65
|
+
$ecdsaSignatureType /= "ecdsa-with-SHA512" ; paired with secp521r1
|
66
|
+
|
67
|
+
subjectaltname = {
|
68
|
+
? DNS: [ 1* regtext-or-wildcard ]
|
69
|
+
? Email: [ 1* regtext ]
|
70
|
+
? URI: [ 1* regtext ]
|
71
|
+
* $$subjectaltname-extension
|
72
|
+
}
|
73
|
+
|
74
|
+
extensions = {
|
75
|
+
? keyUsage: [ 1* keyUsageType ]
|
76
|
+
? extendedKeyUsage: [ 1* extendedKeyUsageType ]
|
77
|
+
subjectAltName: subjectaltname
|
78
|
+
}
|
79
|
+
|
80
|
+
keyUsageType /= "digitalSignature"
|
81
|
+
keyUsageType /= "nonRepudiation"
|
82
|
+
keyUsageType /= "keyEncipherment"
|
83
|
+
keyUsageType /= "dataEncipherment"
|
84
|
+
keyUsageType /= "keyAgreement"
|
85
|
+
keyUsageType /= "keyCertSign"
|
86
|
+
keyUsageType /= "cRLSign"
|
87
|
+
keyUsageType /= "encipherOnly"
|
88
|
+
keyUsageType /= "decipherOnly"
|
89
|
+
|
90
|
+
extendedKeyUsageType /= "serverAuth"
|
91
|
+
extendedKeyUsageType /= "clientAuth"
|
92
|
+
extendedKeyUsageType /= "codeSigning"
|
93
|
+
extendedKeyUsageType /= "emailProtection"
|
94
|
+
extendedKeyUsageType /= "timeStamping"
|
95
|
+
extendedKeyUsageType /= "OCSPSigning"
|
96
|
+
extendedKeyUsageType /= oid
|
97
|
+
|
98
|
+
oid = text .regexp "[0-9]+(\\.[0-9]+)*"
|
data/test-data/star.cddl
ADDED
@@ -0,0 +1,95 @@
|
|
1
|
+
csr-template-schema = {
|
2
|
+
keyTypes: [ 1* $keyType ]
|
3
|
+
? subject: distinguishedName
|
4
|
+
extensions: extensions
|
5
|
+
}
|
6
|
+
|
7
|
+
mandatory-wildcard = "**"
|
8
|
+
optional-wildcard = "*"
|
9
|
+
wildcard = mandatory-wildcard / optional-wildcard
|
10
|
+
|
11
|
+
; regtext matches all text strings but "*" and "**"
|
12
|
+
regtext = text .regexp "([^\*].*)|([\*][^\*].*)|([\*][\*].+)"
|
13
|
+
|
14
|
+
regtext-or-wildcard = regtext / wildcard
|
15
|
+
|
16
|
+
distinguishedName = {
|
17
|
+
? country: regtext-or-wildcard
|
18
|
+
? stateOrProvince: regtext-or-wildcard
|
19
|
+
? locality: regtext-or-wildcard
|
20
|
+
? organization: regtext-or-wildcard
|
21
|
+
? organizationalUnit: regtext-or-wildcard
|
22
|
+
? emailAddress: regtext-or-wildcard
|
23
|
+
? commonName: regtext-or-wildcard
|
24
|
+
}
|
25
|
+
|
26
|
+
$keyType /= rsaKeyType
|
27
|
+
$keyType /= ecdsaKeyType
|
28
|
+
|
29
|
+
rsaKeyType = {
|
30
|
+
PublicKeyType: "rsaEncryption" ; OID: 1.2.840.113549.1.1.1
|
31
|
+
PublicKeyLength: rsaKeySize
|
32
|
+
SignatureType: $rsaSignatureType
|
33
|
+
}
|
34
|
+
|
35
|
+
rsaKeySize = int .ge 2048
|
36
|
+
|
37
|
+
; RSASSA-PKCS1-v1_5 with SHA-256
|
38
|
+
$rsaSignatureType /= "sha256WithRSAEncryption"
|
39
|
+
; RSASSA-PCKS1-v1_5 with SHA-384
|
40
|
+
$rsaSignatureType /= "sha384WithRSAEncryption"
|
41
|
+
; RSASSA-PCKS1-v1_5 with SHA-512
|
42
|
+
$rsaSignatureType /= "sha512WithRSAEncryption"
|
43
|
+
; RSASSA-PSS with SHA-256, MGF-1 with SHA-256, and a 32 byte salt
|
44
|
+
$rsaSignatureType /= "sha256WithRSAandMGF1"
|
45
|
+
; RSASSA-PSS with SHA-384, MGF-1 with SHA-384, and a 48 byte salt
|
46
|
+
$rsaSignatureType /= "sha384WithRSAandMGF1"
|
47
|
+
; RSASSA-PSS with SHA-512, MGF-1 with SHA-512, and a 64 byte salt
|
48
|
+
$rsaSignatureType /= "sha512WithRSAandMGF1"
|
49
|
+
|
50
|
+
ecdsaKeyType = {
|
51
|
+
PublicKeyType: "id-ecPublicKey" ; OID: 1.2.840.10045.2.1
|
52
|
+
namedCurve: $ecdsaCurve
|
53
|
+
SignatureType: $ecdsaSignatureType
|
54
|
+
}
|
55
|
+
|
56
|
+
$ecdsaCurve /= "secp256r1" ; OID: 1.2.840.10045.3.1.7
|
57
|
+
$ecdsaCurve /= "secp384r1" ; OID: 1.3.132.0.34
|
58
|
+
$ecdsaCurve /= "secp521r1" ; OID: 1.3.132.0.3
|
59
|
+
|
60
|
+
$ecdsaSignatureType /= "ecdsa-with-SHA256" ; paired with secp256r1
|
61
|
+
$ecdsaSignatureType /= "ecdsa-with-SHA384" ; paired with secp384r1
|
62
|
+
$ecdsaSignatureType /= "ecdsa-with-SHA512" ; paired with secp521r1
|
63
|
+
|
64
|
+
subjectaltname = {
|
65
|
+
? DNS: [ 1* regtext-or-wildcard ]
|
66
|
+
? Email: [ 1* regtext ]
|
67
|
+
? URI: [ 1* regtext ]
|
68
|
+
* $$subjectaltname-extension
|
69
|
+
}
|
70
|
+
|
71
|
+
extensions = {
|
72
|
+
? keyUsage: [ 1* keyUsageType ]
|
73
|
+
? extendedKeyUsage: [ 1* extendedKeyUsageType ]
|
74
|
+
subjectAltName: subjectaltname
|
75
|
+
}
|
76
|
+
|
77
|
+
keyUsageType /= "digitalSignature"
|
78
|
+
keyUsageType /= "nonRepudiation"
|
79
|
+
keyUsageType /= "keyEncipherment"
|
80
|
+
keyUsageType /= "dataEncipherment"
|
81
|
+
keyUsageType /= "keyAgreement"
|
82
|
+
keyUsageType /= "keyCertSign"
|
83
|
+
keyUsageType /= "cRLSign"
|
84
|
+
keyUsageType /= "encipherOnly"
|
85
|
+
keyUsageType /= "decipherOnly"
|
86
|
+
|
87
|
+
extendedKeyUsageType /= "serverAuth"
|
88
|
+
extendedKeyUsageType /= "clientAuth"
|
89
|
+
extendedKeyUsageType /= "codeSigning"
|
90
|
+
extendedKeyUsageType /= "emailProtection"
|
91
|
+
extendedKeyUsageType /= "timeStamping"
|
92
|
+
extendedKeyUsageType /= "OCSPSigning"
|
93
|
+
extendedKeyUsageType /= oid
|
94
|
+
|
95
|
+
oid = text .regexp "[0-9]+(\\.[0-9]+)*"
|
data/test-data/time.cddl
ADDED
@@ -0,0 +1,95 @@
|
|
1
|
+
csr-template-schema = {
|
2
|
+
keyTypes: [ 1* $keyType ]
|
3
|
+
? subject: distinguishedName
|
4
|
+
extensions: extensions
|
5
|
+
}
|
6
|
+
|
7
|
+
mandatory-wildcard = "**"
|
8
|
+
optional-wildcard = "*"
|
9
|
+
wildcard = mandatory-wildcard / optional-wildcard
|
10
|
+
|
11
|
+
; regtext matches all text strings but "*" and "**"
|
12
|
+
regtext = text .regexp "([^\*].*)|([\*][^\*].*)|([\*][\*].+)"
|
13
|
+
|
14
|
+
regtext-or-wildcard = regtext / wildcard
|
15
|
+
|
16
|
+
distinguishedName = {
|
17
|
+
? country: regtext-or-wildcard
|
18
|
+
? stateOrProvince: regtext-or-wildcard
|
19
|
+
? locality: regtext-or-wildcard
|
20
|
+
? organization: regtext-or-wildcard
|
21
|
+
? organizationalUnit: regtext-or-wildcard
|
22
|
+
? emailAddress: regtext-or-wildcard
|
23
|
+
? commonName: regtext-or-wildcard
|
24
|
+
}
|
25
|
+
|
26
|
+
$keyType /= rsaKeyType
|
27
|
+
$keyType /= ecdsaKeyType
|
28
|
+
|
29
|
+
rsaKeyType = {
|
30
|
+
PublicKeyType: "rsaEncryption" ; OID: 1.2.840.113549.1.1.1
|
31
|
+
PublicKeyLength: rsaKeySize
|
32
|
+
SignatureType: $rsaSignatureType
|
33
|
+
}
|
34
|
+
|
35
|
+
rsaKeySize = int .ge 2048
|
36
|
+
|
37
|
+
; RSASSA-PKCS1-v1_5 with SHA-256
|
38
|
+
$rsaSignatureType /= "sha256WithRSAEncryption"
|
39
|
+
; RSASSA-PCKS1-v1_5 with SHA-384
|
40
|
+
$rsaSignatureType /= "sha384WithRSAEncryption"
|
41
|
+
; RSASSA-PCKS1-v1_5 with SHA-512
|
42
|
+
$rsaSignatureType /= "sha512WithRSAEncryption"
|
43
|
+
; RSASSA-PSS with SHA-256, MGF-1 with SHA-256, and a 32 byte salt
|
44
|
+
$rsaSignatureType /= "sha256WithRSAandMGF1"
|
45
|
+
; RSASSA-PSS with SHA-384, MGF-1 with SHA-384, and a 48 byte salt
|
46
|
+
$rsaSignatureType /= "sha384WithRSAandMGF1"
|
47
|
+
; RSASSA-PSS with SHA-512, MGF-1 with SHA-512, and a 64 byte salt
|
48
|
+
$rsaSignatureType /= "sha512WithRSAandMGF1"
|
49
|
+
|
50
|
+
ecdsaKeyType = {
|
51
|
+
PublicKeyType: "id-ecPublicKey" ; OID: 1.2.840.10045.2.1
|
52
|
+
namedCurve: $ecdsaCurve
|
53
|
+
SignatureType: $ecdsaSignatureType
|
54
|
+
}
|
55
|
+
|
56
|
+
$ecdsaCurve /= "secp256r1" ; OID: 1.2.840.10045.3.1.7
|
57
|
+
$ecdsaCurve /= "secp384r1" ; OID: 1.3.132.0.34
|
58
|
+
$ecdsaCurve /= "secp521r1" ; OID: 1.3.132.0.3
|
59
|
+
|
60
|
+
$ecdsaSignatureType /= "ecdsa-with-SHA256" ; paired with secp256r1
|
61
|
+
$ecdsaSignatureType /= "ecdsa-with-SHA384" ; paired with secp384r1
|
62
|
+
$ecdsaSignatureType /= "ecdsa-with-SHA512" ; paired with secp521r1
|
63
|
+
|
64
|
+
subjectaltname = {
|
65
|
+
? DNS: [ 1* regtext-or-wildcard ]
|
66
|
+
? Email: [ 1* regtext ]
|
67
|
+
? URI: [ 1* regtext ]
|
68
|
+
* $$subjectaltname-extension
|
69
|
+
}
|
70
|
+
|
71
|
+
extensions = {
|
72
|
+
? keyUsage: [ 1* keyUsageType ]
|
73
|
+
? extendedKeyUsage: [ 1* extendedKeyUsageType ]
|
74
|
+
subjectAltName: subjectaltname
|
75
|
+
}
|
76
|
+
|
77
|
+
keyUsageType /= "digitalSignature"
|
78
|
+
keyUsageType /= "nonRepudiation"
|
79
|
+
keyUsageType /= "keyEncipherment"
|
80
|
+
keyUsageType /= "dataEncipherment"
|
81
|
+
keyUsageType /= "keyAgreement"
|
82
|
+
keyUsageType /= "keyCertSign"
|
83
|
+
keyUsageType /= "cRLSign"
|
84
|
+
keyUsageType /= "encipherOnly"
|
85
|
+
keyUsageType /= "decipherOnly"
|
86
|
+
|
87
|
+
extendedKeyUsageType /= "serverAuth"
|
88
|
+
extendedKeyUsageType /= "clientAuth"
|
89
|
+
extendedKeyUsageType /= "codeSigning"
|
90
|
+
extendedKeyUsageType /= "emailProtection"
|
91
|
+
extendedKeyUsageType /= "timeStamping"
|
92
|
+
extendedKeyUsageType /= "OCSPSigning"
|
93
|
+
extendedKeyUsageType /= oid
|
94
|
+
|
95
|
+
oid = text .regexp "[0-9]+(\\.[0-9]+)*"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cddl
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.8.
|
4
|
+
version: 0.8.24
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Carsten Bormann
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-04-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: cbor-diag
|
@@ -121,11 +121,13 @@ files:
|
|
121
121
|
- test-data/b.cddl
|
122
122
|
- test-data/badaddr.cddl
|
123
123
|
- test-data/basic_syntax_example.cddl
|
124
|
+
- test-data/bat.cddl
|
124
125
|
- test-data/bpv7.cddl
|
125
126
|
- test-data/bpv7a.cddl
|
126
127
|
- test-data/bpv7b.cddl
|
127
128
|
- test-data/cat-re.cddl
|
128
129
|
- test-data/cdni-ct.cddl
|
130
|
+
- test-data/complex-occ.cddl
|
129
131
|
- test-data/coral.cddl
|
130
132
|
- test-data/coral1.cddl
|
131
133
|
- test-data/coral2.cddl
|
@@ -144,6 +146,8 @@ files:
|
|
144
146
|
- test-data/grasp-09.cddl
|
145
147
|
- test-data/grasp-v1.cddl
|
146
148
|
- test-data/grasp-v2X.cddl
|
149
|
+
- test-data/homenet-de.cddl
|
150
|
+
- test-data/homenet-fe.cddl
|
147
151
|
- test-data/ifmap-base-2.0v17.cddl
|
148
152
|
- test-data/ifmap-base-2.2v9_fh-cabo.cddl
|
149
153
|
- test-data/ifmap-metadata-2.2v9_fh-cabo.cddl
|
@@ -153,6 +157,7 @@ files:
|
|
153
157
|
- test-data/jim-cut.cddl
|
154
158
|
- test-data/jsoniodef.cddl
|
155
159
|
- test-data/kevin5.cddl
|
160
|
+
- test-data/lint1.cddl
|
156
161
|
- test-data/map-group.cddl
|
157
162
|
- test-data/mapkey.cddl
|
158
163
|
- test-data/mdl-ble.cddl
|
@@ -166,11 +171,20 @@ files:
|
|
166
171
|
- test-data/mon-val.cddl
|
167
172
|
- test-data/multipart-ct.cddl
|
168
173
|
- test-data/named-group.cddl
|
174
|
+
- test-data/non-empty.cddl
|
175
|
+
- test-data/oid.cddl
|
176
|
+
- test-data/oidbat.cddl
|
169
177
|
- test-data/patch1.cddl
|
178
|
+
- test-data/plus.cddl
|
170
179
|
- test-data/reused_named_group.cddl
|
180
|
+
- test-data/sasl.cddl
|
171
181
|
- test-data/sequence.cddl
|
182
|
+
- test-data/sipos.cddl
|
183
|
+
- test-data/star-edited.cddl
|
184
|
+
- test-data/star.cddl
|
172
185
|
- test-data/structure.cddl
|
173
186
|
- test-data/test-gen.cddl
|
187
|
+
- test-data/time.cddl
|
174
188
|
- test-data/toerless0.cddl
|
175
189
|
- test-data/toerless1.cddl
|
176
190
|
- test-data/two_anonymous_groups.cddl
|
@@ -179,6 +193,7 @@ files:
|
|
179
193
|
- test-data/wrong2.cddl
|
180
194
|
- test-data/wrong2a.cddl
|
181
195
|
- test-data/xmlmig.cddl
|
196
|
+
- test-data/yaron1.cddl
|
182
197
|
- test/test-cddl.rb
|
183
198
|
homepage: http://github.com/cabo/cddl
|
184
199
|
licenses:
|