Re: [Cbor] Using cddl-control to dissect byte strings

Carsten Bormann <> Fri, 30 July 2021 11:55 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D582B3A27B9; Fri, 30 Jul 2021 04:55:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6hSO1HesBtLm; Fri, 30 Jul 2021 04:55:39 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3EB753A27B7; Fri, 30 Jul 2021 04:55:39 -0700 (PDT)
Received: from [] ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 4Gbm7F1t8Xz2xM8; Fri, 30 Jul 2021 13:55:37 +0200 (CEST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.\))
From: Carsten Bormann <>
In-Reply-To: <>
Date: Fri, 30 Jul 2021 13:55:36 +0200
X-Mao-Original-Outgoing-Id: 649338936.863789-d7146c7e2082085fec6e0c5408fb23c9
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <>
To: =?utf-8?Q?Christian_Ams=C3=BCss?= <>
X-Mailer: Apple Mail (2.3608.
Archived-At: <>
Subject: Re: [Cbor] Using cddl-control to dissect byte strings
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 30 Jul 2021 11:55:44 -0000

I think the subject of this message should be 

## Using cddl-control to make CBOR even less schema-less

But indeed, what you propose is one way to compose your byte strings, if you *have* to do it.

I’d probably use .abnfb for many of these; at least if (like in this example) you don't need to go back to CDDL names (which is a shortcoming I have a plan for, but that will happen later this year).

You mentioned the cddl tool generator — does the validator choke on this?

(I don’t want to think about .det here.)

(BTW: I would like to fix one bug in the generics implementation before we aggressively market the use of generics to the CDDL user crowd.)

(BTW^2: Why the [()]?  It does look very important, but maybe not necessary?)

Grüße, Carsten

> On 2021-07-30, at 13:36, Christian Amsüss <> wrote:
> Signed PGP part
> Hi,
> continuing my theme of creatively abusing CDDL constructs, I may have
> found a practical use case for .cat that is not just about constants
> handling.
> (The usual caveats for these tricks apply: While CDDL has the
> expressitivity to do it, common tools WILL PROBABLY NOT implement the
> full genericness).
> In EDHOC, a byte shaving step may require moving two semantically
> separate byte strings, one of which has known length, into a single byte
> string; in a minimal similar example:
>    message = [(number: uint, key: bstr, data: bstr)]
> becomes
>    message = [(number: uint, key_and_data: bstr)]
> Unfortunately, this means parsers built from the CDDL will need an
> additional manual step in which the implementer writes down the prose
> description of key_and_hash into code that splits key from hash.
> With cat, this can be expressed in a way that the CDDL parser generator
> has a chance to do the right thing again:
>    message = [(number: uint, key .cat data)]
>    key = bstr .size 16
>    data = bstr
> As the length depends on earlier exchanged messages, one might use
> generics to pull out the constant of 16 -- probably breaking the tool's
> neck in the process: (Carsten's Ruby generator tool is still with me on
> this)
>    message_alg42 = message<4>
>    message<L> = [(number: uint, key<L> .cat data)]
>    key<L> = bstr .size L
>    data = bstr
> I don't know at this point whether any form of this should be suggested
> for use with EDHOC if and when the byte shaving change is performed.
> Opinions from CBOR?
> Thanks
> Christian
> -- 
> To use raw power is to make yourself infinitely vulnerable to greater powers.
>  -- Bene Gesserit axiom