cddlc 0.1.1 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/data/rfc8927.cddl ADDED
@@ -0,0 +1,96 @@
1
+
2
+ ; root-schema is identical to schema, but additionally allows for
3
+ ; definitions.
4
+ ;
5
+ ; definitions are prohibited from appearing on non-root schemas.
6
+ root-schema = {
7
+ ? definitions: { * tstr => { schema}},
8
+ schema,
9
+ }
10
+ ; schema is the main CDDL rule defining a JTD schema.
11
+ ;
12
+ ; All JTD schemas are JSON objects taking on one of eight forms
13
+ ; listed here.
14
+ schema = (
15
+ ref //
16
+ type //
17
+ enum //
18
+ elements //
19
+ properties //
20
+ values //
21
+ discriminator //
22
+ empty //
23
+ )
24
+ ; shared is a CDDL rule containing properties that all eight schema
25
+ ; forms share.
26
+ shared = (
27
+ ? metadata: { * tstr => any },
28
+ ? nullable: bool,
29
+ )
30
+ ; empty describes the "empty" schema form.
31
+ empty = shared
32
+ ; ref describes the "ref" schema form.
33
+ ;
34
+ ; There are additional constraints on this form that cannot be
35
+ ; expressed in CDDL. Section 2.2.2 describes these additional
36
+ ; constraints in detail.
37
+ ref = ( ref: tstr, shared )
38
+ ; type describes the "type" schema form.
39
+ type = (
40
+ type: "boolean"
41
+ / "float32"
42
+ / "float64"
43
+ / "int8"
44
+ / "uint8"
45
+ / "int16"
46
+ / "uint16"
47
+ / "int32"
48
+ / "uint32"
49
+ / "string"
50
+ / "timestamp",
51
+ shared,
52
+ )
53
+ ; enum describes the "enum" schema form.
54
+ ;
55
+ ; There are additional constraints on this form that cannot be
56
+ ; expressed in CDDL. Section 2.2.4 describes these additional
57
+ ; constraints in detail.
58
+ enum = ( enum: [+ tstr], shared )
59
+ ; elements describes the "elements" schema form.
60
+ elements = ( elements: { schema }, shared )
61
+ ; properties describes the "properties" schema form.
62
+ ;
63
+ ; This CDDL rule is defined so that a schema of the "properties" form
64
+ ; may omit a member named "properties" or a member named
65
+ ; "optionalProperties", but not both.
66
+ ;
67
+ ; There are additional constraints on this form that cannot be
68
+ ; expressed in CDDL. Section 2.2.6 describes these additional
69
+ ; constraints in detail.
70
+ properties = (with-properties // with-optional-properties)
71
+ with-properties = (
72
+ properties: { * tstr => { schema }},
73
+ ? optionalProperties: { * tstr => { schema }},
74
+ ? additionalProperties: bool,
75
+ shared,
76
+ )
77
+ with-optional-properties = (
78
+ ? properties: { * tstr => { schema }},
79
+ optionalProperties: { * tstr => { schema }},
80
+ ? additionalProperties: bool,
81
+ shared,
82
+ )
83
+ ; values describes the "values" schema form.
84
+ values = ( values: { schema }, shared )
85
+ ; discriminator describes the "discriminator" schema form.
86
+ ;
87
+ ; There are additional constraints on this form that cannot be
88
+ ; expressed in CDDL. Section 2.2.8 describes these additional
89
+ ; constraints in detail.
90
+ discriminator = (
91
+ discriminator: tstr,
92
+ ; Note well: this rule is defined in terms of the "properties"
93
+ ; CDDL rule, not the "schema" CDDL rule.
94
+ mapping: { * tstr => { properties } }
95
+ shared,
96
+ )
data/data/rfc8990.cddl ADDED
@@ -0,0 +1,213 @@
1
+
2
+ grasp-message = (message .within message-structure) / noop-message
3
+
4
+ message-structure = [MESSAGE_TYPE, session-id, ?initiator,
5
+ *grasp-option]
6
+
7
+ MESSAGE_TYPE = 0..255
8
+ session-id = 0..4294967295 ; up to 32 bits
9
+ grasp-option = any
10
+
11
+
12
+ discovery-message = [M_DISCOVERY, session-id, initiator, objective]
13
+
14
+
15
+ response-message = [M_RESPONSE, session-id, initiator, ttl,
16
+ (+locator-option // divert-option), ?objective]
17
+
18
+ ttl = 0..4294967295 ; in milliseconds
19
+
20
+
21
+ request-negotiation-message = [M_REQ_NEG, session-id, objective]
22
+
23
+ request-synchronization-message = [M_REQ_SYN, session-id, objective]
24
+
25
+
26
+ negotiation-message = [M_NEGOTIATE, session-id, objective]
27
+
28
+
29
+ end-message = [M_END, session-id, accept-option / decline-option]
30
+
31
+
32
+ wait-message = [M_WAIT, session-id, waiting-time]
33
+ waiting-time = 0..4294967295 ; in milliseconds
34
+
35
+
36
+ synch-message = [M_SYNCH, session-id, objective]
37
+
38
+
39
+ flood-message = [M_FLOOD, session-id, initiator, ttl,
40
+ +[objective, (locator-option / [])]]
41
+
42
+ ttl = 0..4294967295 ; in milliseconds
43
+
44
+
45
+ invalid-message = [M_INVALID, session-id, ?any]
46
+
47
+
48
+ noop-message = [M_NOOP]
49
+
50
+
51
+ divert-option = [O_DIVERT, +locator-option]
52
+
53
+
54
+ accept-option = [O_ACCEPT]
55
+
56
+
57
+ decline-option = [O_DECLINE, ?reason]
58
+ reason = text ; optional UTF-8 error message
59
+
60
+
61
+ ipv6-locator-option = [O_IPv6_LOCATOR, ipv6-address,
62
+ transport-proto, port-number]
63
+ ipv6-address = bytes .size 16
64
+
65
+ transport-proto = IPPROTO_TCP / IPPROTO_UDP
66
+ IPPROTO_TCP = 6
67
+ IPPROTO_UDP = 17
68
+ port-number = 0..65535
69
+
70
+
71
+ ipv4-locator-option = [O_IPv4_LOCATOR, ipv4-address,
72
+ transport-proto, port-number]
73
+ ipv4-address = bytes .size 4
74
+
75
+
76
+ fqdn-locator-option = [O_FQDN_LOCATOR, text,
77
+ transport-proto, port-number]
78
+
79
+
80
+ uri-locator-option = [O_URI_LOCATOR, text,
81
+ transport-proto / null, port-number / null]
82
+
83
+
84
+ objective = [objective-name, objective-flags,
85
+ loop-count, ?objective-value]
86
+
87
+ objective-name = text
88
+ objective-value = any
89
+ loop-count = 0..255
90
+
91
+
92
+ objective-flags = uint .bits objective-flag
93
+ objective-flag = &(
94
+ F_DISC: 0 ; valid for discovery
95
+ F_NEG: 1 ; valid for negotiation
96
+ F_SYNCH: 2 ; valid for synchronization
97
+ F_NEG_DRY: 3 ; negotiation is a dry run
98
+ )
99
+
100
+
101
+ grasp-message = (message .within message-structure) / noop-message
102
+
103
+ message-structure = [MESSAGE_TYPE, session-id, ?initiator,
104
+ *grasp-option]
105
+
106
+ MESSAGE_TYPE = 0..255
107
+ session-id = 0..4294967295 ; up to 32 bits
108
+ grasp-option = any
109
+
110
+ message /= discovery-message
111
+ discovery-message = [M_DISCOVERY, session-id, initiator, objective]
112
+
113
+ message /= response-message ; response to Discovery
114
+ response-message = [M_RESPONSE, session-id, initiator, ttl,
115
+ (+locator-option // divert-option), ?objective]
116
+
117
+ message /= synch-message ; response to Synchronization request
118
+ synch-message = [M_SYNCH, session-id, objective]
119
+
120
+ message /= flood-message
121
+ flood-message = [M_FLOOD, session-id, initiator, ttl,
122
+ +[objective, (locator-option / [])]]
123
+
124
+ message /= request-negotiation-message
125
+ request-negotiation-message = [M_REQ_NEG, session-id, objective]
126
+
127
+ message /= request-synchronization-message
128
+ request-synchronization-message = [M_REQ_SYN, session-id, objective]
129
+
130
+ message /= negotiation-message
131
+ negotiation-message = [M_NEGOTIATE, session-id, objective]
132
+
133
+ message /= end-message
134
+ end-message = [M_END, session-id, accept-option / decline-option]
135
+
136
+ message /= wait-message
137
+ wait-message = [M_WAIT, session-id, waiting-time]
138
+
139
+ message /= invalid-message
140
+ invalid-message = [M_INVALID, session-id, ?any]
141
+
142
+ noop-message = [M_NOOP]
143
+
144
+ divert-option = [O_DIVERT, +locator-option]
145
+
146
+ accept-option = [O_ACCEPT]
147
+
148
+ decline-option = [O_DECLINE, ?reason]
149
+ reason = text ; optional UTF-8 error message
150
+
151
+ waiting-time = 0..4294967295 ; in milliseconds
152
+ ttl = 0..4294967295 ; in milliseconds
153
+
154
+ locator-option /= [O_IPv4_LOCATOR, ipv4-address,
155
+ transport-proto, port-number]
156
+ ipv4-address = bytes .size 4
157
+
158
+ locator-option /= [O_IPv6_LOCATOR, ipv6-address,
159
+ transport-proto, port-number]
160
+ ipv6-address = bytes .size 16
161
+
162
+ locator-option /= [O_FQDN_LOCATOR, text, transport-proto,
163
+ port-number]
164
+
165
+ locator-option /= [O_URI_LOCATOR, text,
166
+ transport-proto / null, port-number / null]
167
+
168
+ transport-proto = IPPROTO_TCP / IPPROTO_UDP
169
+ IPPROTO_TCP = 6
170
+ IPPROTO_UDP = 17
171
+ port-number = 0..65535
172
+
173
+ initiator = ipv4-address / ipv6-address
174
+
175
+ objective-flags = uint .bits objective-flag
176
+
177
+ objective-flag = &(
178
+ F_DISC: 0 ; valid for discovery
179
+ F_NEG: 1 ; valid for negotiation
180
+ F_SYNCH: 2 ; valid for synchronization
181
+ F_NEG_DRY: 3 ; negotiation is a dry run
182
+ )
183
+
184
+ objective = [objective-name, objective-flags,
185
+ loop-count, ?objective-value]
186
+
187
+ objective-name = text ; see section "Format of Objective Options"
188
+
189
+ objective-value = any
190
+
191
+ loop-count = 0..255
192
+
193
+ ; Constants for message types and option types
194
+
195
+ M_NOOP = 0
196
+ M_DISCOVERY = 1
197
+ M_RESPONSE = 2
198
+ M_REQ_NEG = 3
199
+ M_REQ_SYN = 4
200
+ M_NEGOTIATE = 5
201
+ M_END = 6
202
+ M_WAIT = 7
203
+ M_SYNCH = 8
204
+ M_FLOOD = 9
205
+ M_INVALID = 99
206
+
207
+ O_DIVERT = 100
208
+ O_ACCEPT = 101
209
+ O_DECLINE = 102
210
+ O_IPv6_LOCATOR = 103
211
+ O_IPv4_LOCATOR = 104
212
+ O_FQDN_LOCATOR = 105
213
+ O_URI_LOCATOR = 106
data/data/rfc9053.cddl ADDED
@@ -0,0 +1,21 @@
1
+
2
+ COSE_KDF_Context = [
3
+ AlgorithmID : int / tstr,
4
+ PartyUInfo : [ PartyInfo ],
5
+ PartyVInfo : [ PartyInfo ],
6
+ SuppPubInfo : [
7
+ keyDataLength : uint,
8
+ protected : empty_or_serialized_map,
9
+ ? other : bstr
10
+ ],
11
+ ? SuppPrivInfo : bstr
12
+ ]
13
+
14
+
15
+ PartyInfo = (
16
+ identity : bstr / nil,
17
+ nonce : bstr / int / nil,
18
+ other : bstr / nil
19
+ )
20
+
21
+ ;# import rfc9052
data/data/rfc9054.cddl ADDED
@@ -0,0 +1,13 @@
1
+
2
+ COSE_Hash_V = (
3
+ 1 : int / tstr, ; Algorithm identifier
4
+ 2 : bstr, ; Hash value
5
+ ? 3 : tstr, ; Location of object that was hashed
6
+ ? 4 : any ; object containing other details and things
7
+ )
8
+
9
+
10
+ COSE_Hash_Find = [
11
+ hashAlg : int / tstr,
12
+ hashValue : bstr
13
+ ]
data/data/rfc9090.cddl ADDED
@@ -0,0 +1,14 @@
1
+
2
+ ; country-rdn = {country-oid => country-value}
3
+ ; country-oid = bytes .sdnvseq [85, 4, 6]
4
+ ; country-value = text .size 2
5
+
6
+
7
+ ; country-rdn = {country-oid => country-value}
8
+ ; country-oid = bytes .oid [2, 5, 4, 6]
9
+ ; country-value = text .size 2
10
+
11
+
12
+ oid = #6.111(bstr)
13
+ roid = #6.110(bstr)
14
+ pen = #6.112(bstr)
data/data/rfc9115.cddl ADDED
@@ -0,0 +1,99 @@
1
+
2
+ csr-template-schema = {
3
+ keyTypes: [ + $keyType ]
4
+ ? subject: non-empty<distinguishedName>
5
+ extensions: extensions
6
+ }
7
+
8
+ non-empty<M> = (M) .and ({ + any => any })
9
+
10
+ mandatory-wildcard = "**"
11
+ optional-wildcard = "*"
12
+ wildcard = mandatory-wildcard / optional-wildcard
13
+
14
+ ; regtext matches all text strings but "*" and "**"
15
+ regtext = text .regexp "([^\\*].*)|([\\*][^\\*].*)|([\\*][\\*].+)"
16
+
17
+ regtext-or-wildcard = regtext / wildcard
18
+
19
+ distinguishedName = {
20
+ ? country: regtext-or-wildcard
21
+ ? stateOrProvince: regtext-or-wildcard
22
+ ? locality: regtext-or-wildcard
23
+ ? organization: regtext-or-wildcard
24
+ ? organizationalUnit: regtext-or-wildcard
25
+ ? emailAddress: regtext-or-wildcard
26
+ ? commonName: regtext-or-wildcard
27
+ }
28
+
29
+ $keyType /= rsaKeyType
30
+ $keyType /= ecdsaKeyType
31
+
32
+ rsaKeyType = {
33
+ PublicKeyType: "rsaEncryption" ; OID: 1.2.840.113549.1.1.1
34
+ PublicKeyLength: rsaKeySize
35
+ SignatureType: $rsaSignatureType
36
+ }
37
+
38
+ rsaKeySize = uint
39
+
40
+ ; RSASSA-PKCS1-v1_5 with SHA-256
41
+ $rsaSignatureType /= "sha256WithRSAEncryption"
42
+ ; RSASSA-PCKS1-v1_5 with SHA-384
43
+ $rsaSignatureType /= "sha384WithRSAEncryption"
44
+ ; RSASSA-PCKS1-v1_5 with SHA-512
45
+ $rsaSignatureType /= "sha512WithRSAEncryption"
46
+ ; RSASSA-PSS with SHA-256, MGF-1 with SHA-256, and a 32 byte salt
47
+ $rsaSignatureType /= "sha256WithRSAandMGF1"
48
+ ; RSASSA-PSS with SHA-384, MGF-1 with SHA-384, and a 48 byte salt
49
+ $rsaSignatureType /= "sha384WithRSAandMGF1"
50
+ ; RSASSA-PSS with SHA-512, MGF-1 with SHA-512, and a 64 byte salt
51
+ $rsaSignatureType /= "sha512WithRSAandMGF1"
52
+
53
+ ecdsaKeyType = {
54
+ PublicKeyType: "id-ecPublicKey" ; OID: 1.2.840.10045.2.1
55
+ namedCurve: $ecdsaCurve
56
+ SignatureType: $ecdsaSignatureType
57
+ }
58
+
59
+ $ecdsaCurve /= "secp256r1" ; OID: 1.2.840.10045.3.1.7
60
+ $ecdsaCurve /= "secp384r1" ; OID: 1.3.132.0.34
61
+ $ecdsaCurve /= "secp521r1" ; OID: 1.3.132.0.3
62
+
63
+ $ecdsaSignatureType /= "ecdsa-with-SHA256" ; paired with secp256r1
64
+ $ecdsaSignatureType /= "ecdsa-with-SHA384" ; paired with secp384r1
65
+ $ecdsaSignatureType /= "ecdsa-with-SHA512" ; paired with secp521r1
66
+
67
+ subjectaltname = {
68
+ ? DNS: [ + regtext-or-wildcard ]
69
+ ? Email: [ + regtext ]
70
+ ? URI: [ + regtext ]
71
+ * $$subjectaltname-extension
72
+ }
73
+
74
+ extensions = {
75
+ ? keyUsage: [ + keyUsageType ]
76
+ ? extendedKeyUsage: [ + extendedKeyUsageType ]
77
+ subjectAltName: non-empty<subjectaltname>
78
+ }
79
+
80
+ keyUsageType /= "digitalSignature"
81
+ keyUsageType /= "nonRepudiation"
82
+ keyUsageType /= "keyEncipherment"
83
+ keyUsageType /= "dataEncipherment"
84
+ keyUsageType /= "keyAgreement"
85
+ keyUsageType /= "keyCertSign"
86
+ keyUsageType /= "cRLSign"
87
+ keyUsageType /= "encipherOnly"
88
+ keyUsageType /= "decipherOnly"
89
+
90
+ extendedKeyUsageType /= "serverAuth"
91
+ extendedKeyUsageType /= "clientAuth"
92
+ extendedKeyUsageType /= "codeSigning"
93
+ extendedKeyUsageType /= "emailProtection"
94
+ extendedKeyUsageType /= "timeStamping"
95
+ extendedKeyUsageType /= "OCSPSigning"
96
+ extendedKeyUsageType /= oid
97
+
98
+ oid = text .regexp "([0-2])((\\.0)|(\\.[1-9][0-9]*))*"
99
+
data/data/rfc9164.cddl ADDED
@@ -0,0 +1,32 @@
1
+
2
+ ip-address-or-prefix = ipv6-address-or-prefix /
3
+ ipv4-address-or-prefix
4
+
5
+ ipv6-address-or-prefix = #6.54(ipv6-address /
6
+ ipv6-address-with-prefix /
7
+ ipv6-prefix)
8
+ ipv4-address-or-prefix = #6.52(ipv4-address /
9
+ ipv4-address-with-prefix /
10
+ ipv4-prefix)
11
+
12
+ ipv6-address = bytes .size 16
13
+ ipv4-address = bytes .size 4
14
+
15
+ ipv6-address-with-prefix = [ipv6-address,
16
+ ipv6-prefix-length / null,
17
+ ?ip-zone-identifier]
18
+ ipv4-address-with-prefix = [ipv4-address,
19
+ ipv4-prefix-length / null,
20
+ ?ip-zone-identifier]
21
+
22
+ ipv6-prefix-length = 0..128
23
+ ipv4-prefix-length = 0..32
24
+
25
+ ipv6-prefix = [ipv6-prefix-length, ipv6-prefix-bytes]
26
+ ipv4-prefix = [ipv4-prefix-length, ipv4-prefix-bytes]
27
+
28
+ ipv6-prefix-bytes = bytes .size (uint .le 16)
29
+ ipv4-prefix-bytes = bytes .size (uint .le 4)
30
+
31
+ ip-zone-identifier = uint / text
32
+
data/data/rfc9165.cddl ADDED
@@ -0,0 +1,35 @@
1
+ ; for RFC 8943
2
+ Tag1004 = #6.1004(text .abnf full-date)
3
+ ; for RFC 8949
4
+ Tag0 = #6.0(text .abnf date-time)
5
+
6
+ full-date = "full-date" .cat rfc3339
7
+ date-time = "date-time" .cat rfc3339
8
+
9
+ ; Note the trick of idiomatically starting with a newline, separating
10
+ ; off the element in the concatenations above from the rule-list
11
+ rfc3339 = '
12
+ date-fullyear = 4DIGIT
13
+ date-month = 2DIGIT ; 01-12
14
+ date-mday = 2DIGIT ; 01-28, 01-29, 01-30, 01-31 based on
15
+ ; month/year
16
+ time-hour = 2DIGIT ; 00-23
17
+ time-minute = 2DIGIT ; 00-59
18
+ time-second = 2DIGIT ; 00-58, 00-59, 00-60 based on leap sec
19
+ ; rules
20
+ time-secfrac = "." 1*DIGIT
21
+ time-numoffset = ("+" / "-") time-hour ":" time-minute
22
+ time-offset = "Z" / time-numoffset
23
+
24
+ partial-time = time-hour ":" time-minute ":" time-second
25
+ [time-secfrac]
26
+ full-date = date-fullyear "-" date-month "-" date-mday
27
+ full-time = partial-time time-offset
28
+
29
+ date-time = full-date "T" full-time
30
+ ' .det rfc5234-core
31
+
32
+ rfc5234-core = '
33
+ DIGIT = %x30-39 ; 0-9
34
+ ; abbreviated here
35
+ '