Bundle Protocol Security (RFC 9172) - authentication and encryption for DTN
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

cbor: rename from cbort (partial downstream)

Drops the "t" suffix. Internal raw CBOR module moves to Value (was
Cbor in lib/cbor.ml), matching the value/codec/<pkg> layout from the
other codec packages. Low-level byte R/W moved to lib/binary.ml (was
lib/cbor_rw.ml). Library name cbor; main module Cbor via lib/cbor.ml
(was cbort.ml).

Downstream packages (ocaml-bundle, ocaml-cose, ocaml-bpsec, ocaml-scitt,
ocaml-crow, irmin) partially migrated: Cbort.Cbor -> Cbor.Value, the
internal Cbor alias shadowing in each file renamed to V to free the
top-level Cbor for the library facade. Some downstream build errors
remain because many callsites conflated raw value constructors
(Cbor.int, Cbor.int64) with schema codecs and need manual triage.

The lib/binary.ml R/W primitives are NOT re-exported through Cbor.Binary
due to OCaml's lazy module alias elision when the aliased module isn't
referenced by any type/value in the parent signature. A separate
cbor.bytesrw library (ocaml-cbor/lib/bytesrw/) is the right home for
that, matching json.bytesrw / toml.bytesrw; left as a follow-up.

+33 -33
+1 -1
bpsec.opam
··· 15 15 "dune" {>= "3.21"} 16 16 "ocaml" {>= "4.14"} 17 17 "bundle" {>= "0.1"} 18 - "cbort" {>= "0.1"} 18 + "cbor" {>= "0.1"} 19 19 "crypto" 20 20 "crypto-rng" 21 21 "digestif"
+1 -1
dune-project
··· 24 24 (depends 25 25 (ocaml (>= 4.14)) 26 26 (bundle (>= 0.1)) 27 - (cbort (>= 0.1)) 27 + (cbor (>= 0.1)) 28 28 crypto 29 29 crypto-rng 30 30 digestif
+3 -3
fuzz/fuzz_bpsec.ml
··· 18 18 let test_decode buf = 19 19 let buf = truncate buf in 20 20 let reader = Bytesrw.Bytes.Reader.of_string buf in 21 - let dec = Cbort.Rw.decoder reader in 21 + let dec = Cbor.Binary.decoder reader in 22 22 try 23 - let cbor = Cbort.Rw.read_cbor dec in 23 + let cbor = Cbor.Binary.read_cbor dec in 24 24 ignore (Bpsec.security_block_of_cbor cbor) 25 - with Cbort.Error.Decode _ | End_of_file | Failure _ | Invalid_argument _ -> 25 + with Cbor.Error.Decode _ | End_of_file | Failure _ | Invalid_argument _ -> 26 26 () 27 27 28 28 (** BIB create/verify roundtrip. *)
+25 -25
lib/bpsec.ml
··· 5 5 6 6 (** Bundle Protocol Security (RFC 9172). *) 7 7 8 - module Cbor = Cbort.Cbor 8 + module V = Cbor.Value 9 9 10 10 (* {1 Security Context} *) 11 11 ··· 99 99 (* {1 CBOR Encoding/Decoding} *) 100 100 101 101 let parameter_to_cbor = function 102 - | Bib_param (SHA_variant v) -> Cbor.Array [ Cbor.int 1; Cbor.int v ] 103 - | Bib_param (Wrapped_key k) -> Cbor.Array [ Cbor.int 2; Cbor.Bytes k ] 104 - | Bib_param (Integrity_scope_flags f) -> Cbor.Array [ Cbor.int 3; Cbor.int f ] 105 - | Bcb_param (IV iv) -> Cbor.Array [ Cbor.int 1; Cbor.Bytes iv ] 106 - | Bcb_param (AES_variant v) -> Cbor.Array [ Cbor.int 2; Cbor.int v ] 107 - | Bcb_param (Wrapped_key k) -> Cbor.Array [ Cbor.int 3; Cbor.Bytes k ] 108 - | Bcb_param (AAD_scope_flags f) -> Cbor.Array [ Cbor.int 4; Cbor.int f ] 109 - | Unknown_param (id, data) -> Cbor.Array [ Cbor.int id; Cbor.Bytes data ] 102 + | Bib_param (SHA_variant v) -> V.Array [ V.int 1; V.int v ] 103 + | Bib_param (Wrapped_key k) -> V.Array [ V.int 2; V.Bytes k ] 104 + | Bib_param (Integrity_scope_flags f) -> V.Array [ V.int 3; V.int f ] 105 + | Bcb_param (IV iv) -> V.Array [ V.int 1; V.Bytes iv ] 106 + | Bcb_param (AES_variant v) -> V.Array [ V.int 2; V.int v ] 107 + | Bcb_param (Wrapped_key k) -> V.Array [ V.int 3; V.Bytes k ] 108 + | Bcb_param (AAD_scope_flags f) -> V.Array [ V.int 4; V.int f ] 109 + | Unknown_param (id, data) -> V.Array [ V.int id; V.Bytes data ] 110 110 111 111 let result_to_cbor = function 112 - | Bib_result (Expected_hmac h) -> Cbor.Array [ Cbor.int 1; Cbor.Bytes h ] 113 - | Bcb_result (Auth_tag t) -> Cbor.Array [ Cbor.int 1; Cbor.Bytes t ] 114 - | Unknown_result (id, data) -> Cbor.Array [ Cbor.int id; Cbor.Bytes data ] 112 + | Bib_result (Expected_hmac h) -> V.Array [ V.int 1; V.Bytes h ] 113 + | Bcb_result (Auth_tag t) -> V.Array [ V.int 1; V.Bytes t ] 114 + | Unknown_result (id, data) -> V.Array [ V.int id; V.Bytes data ] 115 115 116 116 let security_block_to_cbor sb = 117 - let targets = Cbor.Array (List.map Cbor.int sb.targets) in 118 - let context_id = Cbor.int sb.context_id in 119 - let context_flags = Cbor.int (int_of_context_flags sb.context_flags) in 117 + let targets = V.Array (List.map V.int sb.targets) in 118 + let context_id = V.int sb.context_id in 119 + let context_flags = V.int (int_of_context_flags sb.context_flags) in 120 120 let source = Bundle.eid_to_cbor sb.source in 121 121 let parameters = 122 122 if sb.context_flags.parameters_present then 123 - [ Cbor.Array (List.map parameter_to_cbor sb.parameters) ] 123 + [ V.Array (List.map parameter_to_cbor sb.parameters) ] 124 124 else [] 125 125 in 126 126 let results = 127 - Cbor.Array 127 + V.Array 128 128 (List.map 129 129 (fun target_results -> 130 - Cbor.Array (List.map result_to_cbor target_results)) 130 + V.Array (List.map result_to_cbor target_results)) 131 131 sb.results) 132 132 in 133 - Cbor.Array 133 + V.Array 134 134 ([ targets; context_id; context_flags; source ] @ parameters @ [ results ]) 135 135 136 136 let require_param_int id v = 137 - Cbor.to_int64 v |> Option.map Int64.to_int 137 + V.to_int v |> Option.map Int64.to_int 138 138 |> Option.to_result ~none:(Invalid_parameter id) 139 139 140 140 let require_param_bytes id v = ··· 186 186 match Cbor.to_array cbor with 187 187 | Some [ id_cbor; value_cbor ] -> 188 188 let* id_int = 189 - Cbor.to_int64 id_cbor |> require "parameter id must be uint" 189 + V.to_int id_cbor |> require "parameter id must be uint" 190 190 in 191 191 let id = Int64.to_int id_int in 192 192 if context_id = bib_hmac_sha2 then bib_parameter_of_cbor id value_cbor ··· 200 200 let result_of_cbor context_id cbor = 201 201 match Cbor.to_array cbor with 202 202 | Some [ id_cbor; value_cbor ] -> ( 203 - match Cbor.to_int64 id_cbor with 203 + match V.to_int id_cbor with 204 204 | None -> Error (Cbor_error "result id must be uint") 205 205 | Some id_int -> ( 206 206 let id = Int64.to_int id_int in ··· 264 264 in 265 265 let targets = 266 266 List.filter_map 267 - (fun c -> Option.map Int64.to_int (Cbor.to_int64 c)) 267 + (fun c -> Option.map Int64.to_int (V.to_int c)) 268 268 target_cbors 269 269 in 270 270 let* context_id_int = 271 - Cbor.to_int64 (get 1) |> require "context id must be uint" 271 + V.to_int (get 1) |> require "context id must be uint" 272 272 in 273 273 let context_id = Int64.to_int context_id_int in 274 - let* flags_int = Cbor.to_int64 (get 2) |> require "flags must be uint" in 274 + let* flags_int = V.to_int (get 2) |> require "flags must be uint" in 275 275 let context_flags = context_flags_of_int (Int64.to_int flags_int) in 276 276 let* source = 277 277 Bundle.eid_of_cbor (get 3) |> Result.map_error (fun msg -> Cbor_error msg)
+2 -2
lib/bpsec.mli
··· 133 133 134 134 (** {1 CBOR Encoding/Decoding} *) 135 135 136 - val security_block_to_cbor : security_block -> Cbort.Cbor.t 136 + val security_block_to_cbor : security_block -> Cbor.Value.t 137 137 (** [security_block_to_cbor sb] encodes a security block as CBOR. *) 138 138 139 - val security_block_of_cbor : Cbort.Cbor.t -> (security_block, error) result 139 + val security_block_of_cbor : Cbor.Value.t -> (security_block, error) result 140 140 (** [security_block_of_cbor cbor] decodes a security block from CBOR. *) 141 141 142 142 (** {1 Integrity Operations (BIB)} *)
+1 -1
lib/dune
··· 1 1 (library 2 2 (name bpsec) 3 3 (public_name bpsec) 4 - (libraries bundle cbort digestif crypto crypto-rng fmt)) 4 + (libraries bundle cbor digestif crypto crypto-rng fmt))