1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
|
# $Id$
#
# RelaxNG (Compact Syntax) Schema for RPKI left-right protocol.
#
# libxml2 (including xmllint) only groks the XML syntax of RelaxNG, so
# run the compact syntax through trang to get XML syntax.
default namespace = "http://www.hactrn.net/uris/rpki/left-right-spec/"
# Top level PDU
start = element msg {
attribute version { xsd:positiveInteger { maxInclusive="1" } },
( self_elt | bsc_elt | parent_elt | child_elt | repository_elt | ro_elt |
list_resources_elt | report_error_elt )*
}
# Combinations of action and type attributes used in later definitions.
# The same patterns repeat in most of the elements in this protocol.
ctl_cq = attribute action { "create" }, attribute type { "query" }
ctl_sq = attribute action { "set" }, attribute type { "query" }
ctl_gq = attribute action { "get" }, attribute type { "query" }
ctl_lq = attribute action { "list" }, attribute type { "query" }
ctl_dq = attribute action { "destroy" }, attribute type { "query" }
ctl_cr = attribute action { "create" }, attribute type { "reply" }
ctl_sr = attribute action { "set" }, attribute type { "reply" }
ctl_gr = attribute action { "get" }, attribute type { "reply" }
ctl_lr = attribute action { "list" }, attribute type { "reply" }
ctl_dr = attribute action { "destroy" }, attribute type { "reply" }
# Base64 encoded DER stuff
base64 = xsd:base64Binary { maxLength="512000" }
# How we wrap trust anchor elements
cms_ta = element cms_ta { base64 }
https_ta = element https_ta { base64 }
# Base definition for all fields that are really just SQL primary indices
sql_id = xsd:token { maxLength="1024" }
# <self/> element
self_bool = (attribute rekey { "yes" }?,
attribute reissue { "yes" }?,
attribute revoke { "yes" }?,
attribute run_now { "yes" }?,
attribute publish_world_now { "yes" }?,
attribute clear_extension_preferences { "yes" }?)
self_payload = (attribute use_hsm { "yes" | "no" }?,
attribute crl_interval { xsd:token { maxLength="1024" } }?,
element extension_preference {
attribute name { xsd:token { maxLength="1024" } },
xsd:string { maxLength="512000" }
}*)
self_id = attribute self_id { sql_id }
self_elt |= element self { ctl_cq, self_bool, self_payload }
self_elt |= element self { ctl_cr, self_id }
self_elt |= element self { ctl_sq, self_id, self_bool, self_payload }
self_elt |= element self { ctl_sr, self_id }
self_elt |= element self { ctl_gq, self_id }
self_elt |= element self { ctl_gr, self_id, self_payload }
self_elt |= element self { ctl_lq }
self_elt |= element self { ctl_lr, self_id, self_payload }
self_elt |= element self { ctl_dq, self_id }
self_elt |= element self { ctl_dr, self_id }
# <bsc/> element. Key parameters hardwired for now.
bsc_bool = ((attribute generate_keypair { "yes" },
attribute key_type { "rsa" }?,
attribute hash_alg { "sha256" }?,
attribute key_length { "2048" }?)?,
attribute clear_signing_certs { "yes" }?)
bsc_id = attribute bsc_id { sql_id }
bsc_payload = (element signing_cert { base64 }*,
element public_key { base64 }?)
bsc_pkcs10 = element pkcs10_cert_request { base64 }?
bsc_elt |= element bsc { ctl_cq, self_id, bsc_bool, bsc_payload }
bsc_elt |= element bsc { ctl_cr, self_id, bsc_id, bsc_pkcs10 }
bsc_elt |= element bsc { ctl_sq, self_id, bsc_id, bsc_bool, bsc_payload }
bsc_elt |= element bsc { ctl_sr, self_id, bsc_id, bsc_pkcs10 }
bsc_elt |= element bsc { ctl_gq, self_id, bsc_id }
bsc_elt |= element bsc { ctl_gr, self_id, bsc_id, bsc_payload }
bsc_elt |= element bsc { ctl_lq, self_id }
bsc_elt |= element bsc { ctl_lr, self_id, bsc_id, bsc_payload }
bsc_elt |= element bsc { ctl_dq, self_id, bsc_id }
bsc_elt |= element bsc { ctl_dr, self_id, bsc_id }
# <parent/> element
parent_id = attribute parent_id { sql_id }
parent_bool = (attribute rekey { "yes" }?,
attribute reissue { "yes" }?,
attribute revoke { "yes" }?)
parent_payload = (attribute peer_contact_uri { xsd:anyURI { maxLength="1024" } }?,
attribute sia_base { xsd:anyURI { maxLength="1024" } }?,
attribute bsc_id { xsd:token { maxLength="1024" } }?,
attribute repository_id { xsd:token { maxLength="1024" } }?,
cms_ta?,
https_ta?)
parent_elt |= element parent { ctl_cq, self_id, parent_bool, parent_payload }
parent_elt |= element parent { ctl_cr, self_id, parent_id }
parent_elt |= element parent { ctl_sq, self_id, parent_id, parent_bool, parent_payload }
parent_elt |= element parent { ctl_sr, self_id, parent_id }
parent_elt |= element parent { ctl_gq, self_id, parent_id }
parent_elt |= element parent { ctl_gr, self_id, parent_id, parent_payload }
parent_elt |= element parent { ctl_lq, self_id }
parent_elt |= element parent { ctl_lr, self_id, parent_id, parent_payload }
parent_elt |= element parent { ctl_dq, self_id, parent_id }
parent_elt |= element parent { ctl_dr, self_id, parent_id }
# <child/> element
child_id = attribute child_id { sql_id }
child_bool = attribute reissue { "yes" }?
child_payload = (attribute bsc_id { xsd:token { maxLength="1024" } }?,
cms_ta?)
child_elt |= element child { ctl_cq, self_id, child_bool, child_payload }
child_elt |= element child { ctl_cr, self_id, child_id }
child_elt |= element child { ctl_sq, self_id, child_id, child_bool, child_payload }
child_elt |= element child { ctl_sr, self_id, child_id }
child_elt |= element child { ctl_gq, self_id, child_id }
child_elt |= element child { ctl_gr, self_id, child_id, child_payload }
child_elt |= element child { ctl_lq, self_id }
child_elt |= element child { ctl_lr, self_id, child_id, child_payload }
child_elt |= element child { ctl_dq, self_id, child_id }
child_elt |= element child { ctl_dr, self_id, child_id }
# <repository/> element
repository_id = attribute repository_id { sql_id }
repository_payload = (attribute peer_contact_uri { xsd:anyURI { maxLength="1024" } }?,
attribute bsc_id { xsd:token { maxLength="1024" } }?,
cms_ta?,
https_ta?)
repository_elt |= element repository { ctl_cq, self_id, repository_payload }
repository_elt |= element repository { ctl_cr, self_id, repository_id }
repository_elt |= element repository { ctl_sq, self_id, repository_id, repository_payload }
repository_elt |= element repository { ctl_sr, self_id, repository_id }
repository_elt |= element repository { ctl_gq, self_id, repository_id }
repository_elt |= element repository { ctl_gr, self_id, repository_id, repository_payload }
repository_elt |= element repository { ctl_lq, self_id }
repository_elt |= element repository { ctl_lr, self_id, repository_id, repository_payload }
repository_elt |= element repository { ctl_dq, self_id, repository_id }
repository_elt |= element repository { ctl_dr, self_id, repository_id }
# <route_origin/> element
ro_id = attribute route_origin_id { sql_id }
ro_bool = attribute suppress_publication { "yes" }?
ro_payload = (attribute as_number { xsd:token { maxLength="1024" } }?,
attribute ipv4 { xsd:token { maxLength="1024" } }?,
attribute ipv6 { xsd:token { maxLength="1024" } }?)
ro_elt |= element route_origin { ctl_cq, self_id, ro_bool, ro_payload }
ro_elt |= element route_origin { ctl_cr, self_id, ro_id }
ro_elt |= element route_origin { ctl_sq, self_id, ro_id, ro_bool, ro_payload }
ro_elt |= element route_origin { ctl_sr, self_id, ro_id }
ro_elt |= element route_origin { ctl_gq, self_id, ro_id }
ro_elt |= element route_origin { ctl_gr, self_id, ro_id, ro_payload }
ro_elt |= element route_origin { ctl_lq, self_id }
ro_elt |= element route_origin { ctl_lr, self_id, ro_id, ro_payload }
ro_elt |= element route_origin { ctl_dq, self_id, ro_id }
ro_elt |= element route_origin { ctl_dr, self_id, ro_id }
# <list_resources/> element
list_resources_elt = element list_resources {
( attribute type { "query" }, self_id, child_id ) |
( attribute type { "reply" }, self_id, child_id,
attribute valid_until { xsd:token { maxLength="1024" } },
attribute subject_name { xsd:token { maxLength="1024" } }?,
attribute as { xsd:token { maxLength="1024" } }?,
attribute ipv4 { xsd:token { maxLength="1024" } }?,
attribute ipv6 { xsd:token { maxLength="1024" } }?
)
}
# <report_error/> element
report_error_elt = element report_error {
self_id,
attribute error_code { xsd:token { maxLength="1024" } },
xsd:string { maxLength="512000" }?
}
|
