[Cbor] Re: CDDL: Can .within apply to groups?
Carsten Bormann <cabo@tzi.org> Wed, 04 December 2024 11:00 UTC
Return-Path: <cabo@tzi.org>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C09FBC151097 for <cbor@ietfa.amsl.com>; Wed, 4 Dec 2024 03:00:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lRADf-QIeIjc for <cbor@ietfa.amsl.com>; Wed, 4 Dec 2024 03:00:19 -0800 (PST)
Received: from smtp.zfn.uni-bremen.de (smtp.zfn.uni-bremen.de [IPv6:2001:638:708:32::21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26F3FC151080 for <cbor@ietf.org>; Wed, 4 Dec 2024 02:59:22 -0800 (PST)
Received: from [192.168.217.112] (p5dc5d074.dip0.t-ipconnect.de [93.197.208.116]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4Y3Dzr0QYLzDCf3; Wed, 4 Dec 2024 11:59:20 +0100 (CET)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <CANMnvkxtfAZKJF6iKG_Bx6YrHBy1MLn03sKsuNaAS5VOM-U60g@mail.gmail.com>
Date: Wed, 04 Dec 2024 11:59:19 +0100
X-Mao-Original-Outgoing-Id: 755002759.0722409-e120b341a27651601c8ec6a1efbfd140
Content-Transfer-Encoding: quoted-printable
Message-Id: <15B12F76-0E4E-4014-A2F7-DC2EC360309B@tzi.org>
References: <CANMnvkxtfAZKJF6iKG_Bx6YrHBy1MLn03sKsuNaAS5VOM-U60g@mail.gmail.com>
To: Emil Lundberg <emil=40yubico.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Message-ID-Hash: XIAMNKGDOJ6WOWI4NSFXP6ZSG6OHMV7M
X-Message-ID-Hash: XIAMNKGDOJ6WOWI4NSFXP6ZSG6OHMV7M
X-MailFrom: cabo@tzi.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cbor.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: cbor@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Cbor] Re: CDDL: Can .within apply to groups?
List-Id: "Concise Binary Object Representation (CBOR)" <cbor.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/lz2snfZHg0oGie8n04fcbCzkNFo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Owner: <mailto:cbor-owner@ietf.org>
List-Post: <mailto:cbor@ietf.org>
List-Subscribe: <mailto:cbor-join@ietf.org>
List-Unsubscribe: <mailto:cbor-leave@ietf.org>
Hi Emil,
TLDR: No.
> This question is prompted by a couple of discussion threads in WebAuthn (issue 2210, PR 2219): can the CDDL .within control operator apply to groups?
No, as Section 3.9 of RFC 8610 says:
3.8. Controls
A _control_ allows relating a _target_ type with a _controller_ type
via a _control operator_.
The two occurrences of the word “type” may be inconspicuous, but they are really part of the definition of the “control” construct.
> The current WebAuthn L3 editor's draft (and previous versions of it) includes the following CDDL declarations:
>
> Section 5.7.3:
> AuthenticationExtensionsAuthenticatorInputs = {
> * $$extensionInput .within ( tstr => any )
> }
As you found, that doesn’t even work syntactically, for the reason given above:
Expected one of " ", ";", "\n", "\r\n", "...", "..", ".", "/", ")" at line 2, column 37 (byte 85):
* $$extensionInput .within ( tstr => any )
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
You could cheat the grammar like this:
AuthenticationExtensionsAuthenticatorInputs = {
* $$extensionInput .within within
}
within = ( tstr => any )
but then you’ll get a semantic error (abbreviated):
> > $$extensionInput not a type [:grpchoice]
We could start a discussion about whether CDDL should be extended with group controls, but maybe what you need right now is a short-term solution.
A start for a good change proposal is right within https://github.com/w3c/webauthn/issues/2210:
> 1. Inline the .within control operator into the attObj definition:
> attObj = {
> authData: bytes,
> $$attStmtType
> } .within attStmtTemplate ; Every attestation statement format must have the fields below
I don’t quite understand the item 2 in this proposal; if the objective is to check all map entries to be within `( tstr => any )` , you can write (note the added `*`, because we don’t want exactly one extension, but any number of them, including zero):
attObj = {
authData: bytes,
* $$attStmtType
} .within { * tstr => any }
$$attStmtType //= (foo: bar)
$$attStmtType //= (baz: bat)
This creates the following examples (using
cddlc -tcddl fragment.cddl | CDDL_INVENT=a cddl - gp 10
...to work around a parser limitation in the original cddl tool and to “INVENT” any rules that are defined outside this snippet):
/attObj/ {"authData": /bytes/ h'726F64656E74', "foo": /bar/ "a-bar",
"baz": /bat/ "a-bat"}
/attObj/ {"authData": /bytes/ h'686973746F72696F6C6F676963616C',
"foo": /bar/ "a-bar", "baz": /bat/ "a-bat"}
/attObj/ {"authData": /bytes/ h'7265666F63696C6C6174696F6E',
"foo": /bar/ "a-bar"}
/attObj/ {"authData": /bytes/ h'737465636B6C696E67', "baz": /bat/ "a-bat"}
/attObj/ {"authData": /bytes/ h'6F646F6E7461677261', "foo": /bar/ "a-bar",
"baz": /bat/ "a-bat"}
/attObj/ {"authData": /bytes/ h'636F6C6C696E656172697479'}
/attObj/ {"authData": /bytes/ h'6F7A6F7068656E65', "baz": /bat/ "a-bat",
"foo": /bar/ "a-bar"}
/attObj/ {"authData": /bytes/ h'70726F6D696E656E746C79', "baz": /bat/ "a-bat",
"foo": /bar/ "a-bar"}
/attObj/ {"authData": /bytes/ h'73746F6B65686F6C65', "baz": /bat/ "a-bat",
"foo": /bar/ "a-bar"}
/attObj/ {"authData": /bytes/ h'6175746F746F6D6963', "baz": /bat/ "a-bat",
"foo": /bar/ "a-bar"}
If you add
$$attStmtType //= (1: bat)
… to the CDDL fragment, you get some error indications from the examples generated by the above.
> Therefore my question: can .within apply to groups?
See above.
I hope that my suggestion is useful.
> Or am I missing something, is there some other way to express what we want?
Given that in your specific case the mandatory entries of the map also conform to the structure that is to be checked by the .within, this is easy to convert to checking a type.
This doesn’t answer the general question on whether a future revision of CDDL should have group controls. I haven’t had much time yet to think about the semantic implications; it seems to be easy to generate example models for this that might hurt, but maybe we just don’t need to write specs that hurt.
Thank you for bringing this use case to the attention of the WG; this is very useful input.
Grüße, Carsten
- [Cbor] CDDL: Can .within apply to groups? Emil Lundberg
- [Cbor] Re: CDDL: Can .within apply to groups? Carsten Bormann
- [Cbor] Re: CDDL: Can .within apply to groups? Carsten Bormann
- [Cbor] Re: CDDL: Can .within apply to groups? Carsten Bormann
- [Cbor] Re: CDDL: Can .within apply to groups? Emil Lundberg
- [Cbor] Re: CDDL: Can .within apply to groups? Emil Lundberg