Merge pull request #20 from ietf-rats-wg/json-ex

JSON examples

cddl/Makefile

@@ -6,6 +6,7 @@ SHELL := /bin/bash
 CDDL := measured-component.cddl
 DIAG_EXAMPLES := $(wildcard ex*.diag)
 CBOR_EXAMPLES := $(DIAG_EXAMPLES:.diag=.cbor)
+JSON_EXAMPLES := $(wildcard ex*.json)
 
 all: check-schema check-examples mceat-check-examples
 
@@ -21,22 +22,33 @@ CLEANFILES += $(MCEAT_CBOR_EXAMPLES)
 clean:: ; -rm -f $(CLEANFILES)
 .PHONY: clean
 
-check-examples: $(CBOR_EXAMPLES) $(CDDL)
+check-examples: $(JSON_EXAMPLES) $(CBOR_EXAMPLES) $(CDDL)
 	@for f in $(CBOR_EXAMPLES); do \
 		echo ">> validating $$f against $(CDDL)" ; \
 		cddl $(CDDL) validate $$f &>/dev/null || exit 1 ; \
 		echo ">> saving prettified CBOR to $${f%.cbor}.pretty" ; \
 		cbor2pretty.rb $$f > $${f%.cbor}.pretty ; \
 	done
+	@for f in $(JSON_EXAMPLES); do \
+		echo ">> validating $$f against $(CDDL)" ; \
+		cddl $(CDDL) validate $$f &>/dev/null || exit 1 ; \
+	done
 .PHONY: check-examples
 
 MCEAT_CDDL := mc+eat.cddl
 MCEAT_DIAG_EXAMPLES := eat-ex1.diag
+MCEAT_DIAG_EXAMPLES += eat-ex1-json.diag
 MCEAT_CBOR_EXAMPLES := $(MCEAT_DIAG_EXAMPLES:.diag=.cbor)
 
 $(MCEAT_CDDL): minimal-eat.cddlc eat-plug.cddl $(CDDL)
 	cddlc -2 -sClaims-Set -tcddl -Imeasured-component $< > $@
 
+eat-ex1.diag: eat-ex1.diag.in ; sed -e 's/TBD1/65000/' $< > $@
+eat-ex1-json.diag: eat-ex1-json.diag.in ; sed -e 's/TBD2/65001/' $< > $@
+
+CLEANFILES += eat-ex1.diag
+CLEANFILES += eat-ex1-json.diag
+
 mceat-check-examples: $(MCEAT_CBOR_EXAMPLES) $(MCEAT_CDDL) 
 	@for f in $(MCEAT_CBOR_EXAMPLES); do \
 		echo ">> validating $$f against $(MCEAT_CDDL)" ; \

cddl/common-types.cddl

@@ -0,0 +1,3 @@
+bytes-b64u = text .b64u bytes
+bytes4 = bytes .size 4
+bytes4-b64u = text .b64u bytes4

cddl/component-id.cddl

@@ -1,6 +1,11 @@
-;# import sw-version-type from RFCXXXX as eat
-
 component-id = [
   name:      text
-  ? version: eat.sw-version-type
+  ? version: version
+]
+
+;# import coswid.$version-scheme from rfc9393 as coswid
+
+version = [
+  val:      text
+  ? scheme: coswid.$version-scheme
 ]

cddl/eat-ex1-json.diag.in

@@ -0,0 +1,8 @@
+{
+  "measurements": [
+    [
+      TBD2, / mc+json /
+      "{ \"id\": [ \"boot loader X\", [ \"1.2.3rc2\", 16384 ] ], \"measurement\": [ \"sha-256\", \"OZYAPUhvuR_7BW99A_KymSshWzHb569LNzQx_H0xnaM\" ], \"signers\": [ \"SS6bZ2wh9gErHO65Ay_rQUGogHlzVfZnUBXsWcUcoew\", \"Qne7l7p7UVd6DTgVHT4ItAvflGdT9bW964FNb_V6il4\" ] }"
+    ]
+  ]
+}

cddl/eat-ex1.diag → cddl/eat-ex1.diag.in

@@ -1,7 +1,7 @@
 {
   273: [
     [
-      65000, / using a CoAP C-F from the experimental range /
+      TBD1, / mc+cbor /
       <<
         {
           / id / 1: [

cddl/ex1.json

@@ -0,0 +1,18 @@
+{
+ "id": [
+    "boot loader X",
+    [
+      "1.2.3rc2",
+      16384
+    ]
+  ],
+  "measurement": [
+    "sha-256",
+    "OZYAPUhvuR_7BW99A_KymSshWzHb569LNzQx_H0xnaM"
+  ],
+  "signers": [
+    "SS6bZ2wh9gErHO65Ay_rQUGogHlzVfZnUBXsWcUcoew",
+    "Qne7l7p7UVd6DTgVHT4ItAvflGdT9bW964FNb_V6il4"
+  ],
+  "flags": "AAABAQ"
+}

cddl/ex2.json

@@ -0,0 +1,14 @@
+{
+ "id": [
+    "boot loader X",
+    [
+      "1.2.3rc2",
+      16384
+    ]
+  ],
+  "measurement": [
+    "sha-256",
+    "OZYAPUhvuR_7BW99A_KymSshWzHb569LNzQx_H0xnaM"
+  ],
+  "flags": "AAABAQ"
+}

cddl/labels.cddl

@@ -1,3 +1,4 @@
-id-label = JC<"id", 1>
-measurement-label = JC<"measurements", 2>
-signers-label = JC<"signers", 3>
+id-label = eat.JC<"id", 1>
+measurement-label = eat.JC<"measurement", 2>
+signers-label = eat.JC<"signers", 3>
+flags-label = eat.JC<"flags", 4>

cddl/mc.cddl

@@ -1,8 +1,12 @@
-;# import corim.digest from RFCYYYY as corim
+;# import corim.digest from rfcYYYY as corim
+;# import eat.JC from rfc9711 as eat
 
 measured-component = {
   id-label => component-id
   measurement-label => corim.digest
   ? signers-label => [ + signer-type ]
-  ? flags-label => profile-flags
+  ? flags-label => flags-type
 }
+
+signer-type = eat.JC<bytes-b64u, bytes>
+flags-type = eat.JC<bytes4-b64u, bytes4>

cddl/measured-component.cddlc

@@ -2,11 +2,9 @@ measured-component = {
   id-label => component-id
   measurement-label => corim.digest
   ? signers-label => [ + signer-type ]
-  ? flags-label => profile-flags
+  ? flags-label => flags-type
 }
 
-signer-type = bytes
-
 component-id = [
   name:      text
   ? version: version
@@ -15,26 +13,30 @@ component-id = [
 ;# import coswid.$version-scheme from rfc9393 as coswid
 
 version = [
-  val:      text 
+  val:      text
   ? scheme: coswid.$version-scheme
 ]
 
-; eventually: ";#import digest from rfcxxxx as corim"
-
 corim.digest = [
   alg: (int / text)
-  val: bytes
+  val: digest-value-type
 ]
 
-profile-flags = bytes .size 4
+signer-type = eat.JC<bytes-b64u, bytes>
+flags-type = eat.JC<bytes4-b64u, bytes4>
+digest-value-type = eat.JC<bytes-b64u, bytes>
+
+bytes-b64u = text .b64u bytes
+bytes4 = bytes .size 4
+bytes4-b64u = text .b64u bytes4
 
-id-label = JC<"id", 1>
-measurement-label = JC<"measurements", 2>
-signers-label = JC<"signers", 3>
-flags-label = JC<"flags", 4>
+id-label = eat.JC<"id", 1>
+measurement-label = eat.JC<"measurement", 2>
+signers-label = eat.JC<"signers", 3>
+flags-label = eat.JC<"flags", 4>
 
 ; TODO import from rfc9711
 
-JSON-ONLY<J> = J .feature "json"
-CBOR-ONLY<C> = C .feature "cbor"
-JC<J,C> = JSON-ONLY<J> / CBOR-ONLY<C>
+eat.JSON-ONLY<J> = J .feature "json"
+eat.CBOR-ONLY<C> = C .feature "cbor"
+eat.JC<J,C> = eat.JSON-ONLY<J> / eat.CBOR-ONLY<C>

cddl/profile-flags.cddl

@@ -1 +1 @@
-profile-flags = bytes .size 4
+flags-type = eat.JC<bytes4-b64u, bytes4>

cddl/signer.cddl

@@ -1 +1 @@
-signer-type = bytes
+signer-type = eat.JC<bytes-b64u, bytes>

draft-ietf-rats-eat-measured-component.md

@@ -113,6 +113,12 @@ The format SHOULD also allow a limited amount of extensibility to accommodate pr
 
 The data model is inspired by the "PSA software component" claim ({{Section 4.4.1 of -psa-token}}), which has been refactored to take into account the recommendations about new EAT claims design in {{Appendix E of -rats-eat}}.
 
+### Common Types
+
+~~~ cddl
+{::include cddl/common-types.cddl}
+~~~
+
 ## The `measured-component` Data Item
 
 ~~~ cddl
@@ -214,12 +220,6 @@ Note the use of the "native" and "tunnel" formats from {{fig-eat-plug}}, and how
 
 # Examples
 
-> **NOTE:**
-> The examples are CBOR only.
-> JSON examples will be added in a future version of this document.
->
-> Tracking issue: https://github.com/ietf-rats-wg/draft-ietf-rats-eat-measured-component/issues/18
-
 The example in {{ex-1}} is a measured component with all the fields populated.
 
 ~~~ cbor-edn
@@ -229,14 +229,25 @@ The example in {{ex-1}} is a measured component with all the fields populated.
 
 The example in {{ex-eat-1}} is the same measured component as above but used as the format of a `measurements` claim in a EAT claims-set.
 
-Note that the example uses a CoAP Content-Format value from the experimental range (65000), which will change to the value assigned by IANA for the `application/measured-component+cbor` Content-Format.
+The example uses TBD1 as the `content-type` value of the `measurements-format` entry.
+(This will change to the value assigned by IANA to the `mc+cbor` Content-Format.)
+
+Note that the array contains only one measured component, but additional entries could be added if the measured TCB is made of multiple, individually measured components.
+
+~~~ cbor-edn
+{::include cddl/eat-ex1.diag.in}
+~~~
+{: #ex-eat-1 title="EAT Measurements Claim using a Measured Component (CBOR)"}
+
+The example in {{ex-eat-2}} illustrates the inclusion of a JSON measured component inside a JSON EAT.
 
-Note also that the array contains only one measured component, but additional entries could be added if the measured TCB is made of multiple, individually measured components.
+The example uses TBD2 as the `content-type` value of the `measurements-format` entry.
+(This will change to the value assigned by IANA to the `mc+json` Content-Format.)
 
 ~~~ cbor-edn
-{::include cddl/eat-ex1.diag}
+{::include-fold cddl/eat-ex1-json.diag.in}
 ~~~
-{: #ex-eat-1 title="EAT Measurements Claim using a Measured Component"}
+{: #ex-eat-2 title="EAT Measurements Claim using a Measured Component (JSON)"}
 
 # Security and Privacy Considerations {#seccons}