From 42d07210ba2606324bdf38fa7da02da959584389 Mon Sep 17 00:00:00 2001 From: Thomas Fossati Date: Wed, 29 Jan 2025 19:12:47 +0100 Subject: [PATCH 1/5] top-level MC as map Fix #14 Signed-off-by: Thomas Fossati --- cddl/eat-ex1.diag | 10 +++++----- cddl/ex1.diag | 10 +++++----- cddl/mc.cddl | 10 +++++----- cddl/measured-component.cddlc | 10 +++++----- draft-ietf-rats-eat-measured-component.md | 6 +++--- 5 files changed, 23 insertions(+), 23 deletions(-) diff --git a/cddl/eat-ex1.diag b/cddl/eat-ex1.diag index f8c4392..b15c977 100644 --- a/cddl/eat-ex1.diag +++ b/cddl/eat-ex1.diag @@ -3,26 +3,26 @@ [ 65000, / using a CoAP C-F from the experimental range / << - [ - / id / [ + { + / id / 1: [ / name / "boot loader X", / version / [ "1.2.3rc2", 16384 / semver / ] ], - / measurement / [ + / measurement / 2: [ / alg / "sha-256", / val / h'3996003d486fb91ffb056f7d03f2b2992b215b31db e7af4b373431fc7d319da3' ], - / signers / [ + / signers / 3: [ h'492e9b676c21f6012b1ceeb9032feb4141a880797355f66750 15ec59c51ca1ec', h'4277bb97ba7b51577a0d38151d3e08b40bdf946753f5b5bdeb 814d6ff57a8a5e' ] - ] + } >> ] ] diff --git a/cddl/ex1.diag b/cddl/ex1.diag index 113d909..ece11b5 100644 --- a/cddl/ex1.diag +++ b/cddl/ex1.diag @@ -1,20 +1,20 @@ -[ - / id / [ +{ + / id / 1: [ / name / "boot loader X", / version / [ "1.2.3rc2", 16384 / semver / ] ], - / measurement / [ + / measurement / 2: [ / alg / "sha-256", / val / h'3996003d486fb91ffb056f7d03f2b2992b215b31dbe7af4b37 3431fc7d319da3' ], - / signers / [ + / signers / 3: [ h'492e9b676c21f6012b1ceeb9032feb4141a880797355f6675015ec59c5 1ca1ec', h'4277bb97ba7b51577a0d38151d3e08b40bdf946753f5b5bdeb814d6ff5 7a8a5e' ] -] +} diff --git a/cddl/mc.cddl b/cddl/mc.cddl index d2b931c..979fdee 100644 --- a/cddl/mc.cddl +++ b/cddl/mc.cddl @@ -1,7 +1,7 @@ ;# import digest from RFCYYYY as corim -measured-component = [ - id: component-id - measurement: corim.digest - ? signers: [ + signer-type ] -] +measured-component = { + &(id: 1) => component-id + &(measurement: 2) => corim.digest + ? &(signers: 3) => [ + signer-type ] +} diff --git a/cddl/measured-component.cddlc b/cddl/measured-component.cddlc index 3938e05..f6ec5e2 100644 --- a/cddl/measured-component.cddlc +++ b/cddl/measured-component.cddlc @@ -1,8 +1,8 @@ -measured-component = [ - id: component-id - measurement: corim.digest - ? signers: [ + signer-type ] -] +measured-component = { + &(id: 1) => component-id + &(measurement: 2) => corim.digest + ? &(signers: 3) => [ + signer-type ] +} signer-type = bytes diff --git a/draft-ietf-rats-eat-measured-component.md b/draft-ietf-rats-eat-measured-component.md index 86478d0..914d872 100644 --- a/draft-ietf-rats-eat-measured-component.md +++ b/draft-ietf-rats-eat-measured-component.md @@ -116,13 +116,13 @@ The data model is inspired by the "PSA software component" claim ({{Section 4.4. ~~~ {:vspace} -`id` +`id (index 1)` : The measured component identifier encoded according to the format described in {{component-id}}. -`measurement` +`measurement (index 2)` : Digest value and algorithm, encoded using CoRIM digest format ({{Section 1.3.8 of -corim}}). -`signers` +`signers (index 3)` : One or more signing entities, see {{signer}}. ### Component Identifier {#component-id} From 0c6d4e63f6d40220cedd601176dd0c4666b6cc82 Mon Sep 17 00:00:00 2001 From: Thomas Fossati Date: Wed, 29 Jan 2025 23:28:16 +0100 Subject: [PATCH 2/5] JSON labels Signed-off-by: Thomas Fossati --- cddl/jc.cddl | 3 +++ cddl/labels.cddl | 3 +++ cddl/mc.cddl | 8 ++++---- cddl/measured-component.cddlc | 18 ++++++++++++++---- draft-ietf-rats-eat-measured-component.md | 8 +++++--- 5 files changed, 29 insertions(+), 11 deletions(-) create mode 100644 cddl/jc.cddl create mode 100644 cddl/labels.cddl diff --git a/cddl/jc.cddl b/cddl/jc.cddl new file mode 100644 index 0000000..8a65aaf --- /dev/null +++ b/cddl/jc.cddl @@ -0,0 +1,3 @@ +JSON-ONLY = J .feature "json" +CBOR-ONLY = C .feature "cbor" +JC = JSON-ONLY / CBOR-ONLY diff --git a/cddl/labels.cddl b/cddl/labels.cddl new file mode 100644 index 0000000..061e39b --- /dev/null +++ b/cddl/labels.cddl @@ -0,0 +1,3 @@ +id-label = JC<"id", 1> +measurement-label = JC<"measurements", 2> +signers-label = JC<"signers", 3> diff --git a/cddl/mc.cddl b/cddl/mc.cddl index 979fdee..dae6021 100644 --- a/cddl/mc.cddl +++ b/cddl/mc.cddl @@ -1,7 +1,7 @@ -;# import digest from RFCYYYY as corim +;# import corim.digest from RFCYYYY as corim measured-component = { - &(id: 1) => component-id - &(measurement: 2) => corim.digest - ? &(signers: 3) => [ + signer-type ] + id-label => component-id + measurement-label => corim.digest + ? signers-label => [ + signer-type ] } diff --git a/cddl/measured-component.cddlc b/cddl/measured-component.cddlc index f6ec5e2..5c593bd 100644 --- a/cddl/measured-component.cddlc +++ b/cddl/measured-component.cddlc @@ -1,7 +1,7 @@ measured-component = { - &(id: 1) => component-id - &(measurement: 2) => corim.digest - ? &(signers: 3) => [ + signer-type ] + id-label => component-id + measurement-label => corim.digest + ? signers-label => [ + signer-type ] } signer-type = bytes @@ -11,7 +11,7 @@ component-id = [ ? version: version ] -;# import $version-scheme from rfc9393 as coswid +;# import coswid.$version-scheme from rfc9393 as coswid version = [ val: text @@ -24,3 +24,13 @@ corim.digest = [ alg: (int / text) val: bytes ] + +id-label = JC<"id", 1> +measurement-label = JC<"measurements", 2> +signers-label = JC<"signers", 3> + +; TODO import from rfc9711 + +JSON-ONLY = J .feature "json" +CBOR-ONLY = C .feature "cbor" +JC = JSON-ONLY / CBOR-ONLY diff --git a/draft-ietf-rats-eat-measured-component.md b/draft-ietf-rats-eat-measured-component.md index 914d872..1ddea29 100644 --- a/draft-ietf-rats-eat-measured-component.md +++ b/draft-ietf-rats-eat-measured-component.md @@ -113,16 +113,18 @@ The data model is inspired by the "PSA software component" claim ({{Section 4.4. ~~~ cddl {::include cddl/mc.cddl} + +{::include cddl/labels.cddl} ~~~ {:vspace} -`id (index 1)` +"id" (index 1) : The measured component identifier encoded according to the format described in {{component-id}}. -`measurement (index 2)` +"measurement" (index 2) : Digest value and algorithm, encoded using CoRIM digest format ({{Section 1.3.8 of -corim}}). -`signers (index 3)` +"signers" (index 3) : One or more signing entities, see {{signer}}. ### Component Identifier {#component-id} From dc21798791a47b5b73fccb95790c108355e2dedc Mon Sep 17 00:00:00 2001 From: Thomas Fossati Date: Wed, 29 Jan 2025 19:03:28 +0100 Subject: [PATCH 3/5] add a profile flags field Signed-off-by: Thomas Fossati --- cddl/ex1.diag | 3 ++- cddl/ex2.diag | 15 +++++++++++++++ cddl/mc.cddl | 1 + cddl/measured-component.cddlc | 4 ++++ draft-ietf-rats-eat-measured-component.md | 16 ++++++++++++++++ 5 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 cddl/ex2.diag diff --git a/cddl/ex1.diag b/cddl/ex1.diag index ece11b5..f733af7 100644 --- a/cddl/ex1.diag +++ b/cddl/ex1.diag @@ -16,5 +16,6 @@ 1ca1ec', h'4277bb97ba7b51577a0d38151d3e08b40bdf946753f5b5bdeb814d6ff5 7a8a5e' - ] + ], + / profile-flags / 4: h'00000101' } diff --git a/cddl/ex2.diag b/cddl/ex2.diag new file mode 100644 index 0000000..b6534bc --- /dev/null +++ b/cddl/ex2.diag @@ -0,0 +1,15 @@ +{ + / id / 1: [ + / name / "boot loader X", + / version / [ + "1.2.3rc2", + 16384 / semver / + ] + ], + / measurement / 2: [ + / alg / "sha-256", + / val / h'3996003d486fb91ffb056f7d03f2b2992b215b31dbe7af4b37 + 3431fc7d319da3' + ], + / profile-flags / 4: h'00000101' +} diff --git a/cddl/mc.cddl b/cddl/mc.cddl index dae6021..27ebd80 100644 --- a/cddl/mc.cddl +++ b/cddl/mc.cddl @@ -4,4 +4,5 @@ measured-component = { id-label => component-id measurement-label => corim.digest ? signers-label => [ + signer-type ] + ? flags-label => profile-flags } diff --git a/cddl/measured-component.cddlc b/cddl/measured-component.cddlc index 5c593bd..d15adf0 100644 --- a/cddl/measured-component.cddlc +++ b/cddl/measured-component.cddlc @@ -2,6 +2,7 @@ measured-component = { id-label => component-id measurement-label => corim.digest ? signers-label => [ + signer-type ] + ? flags-label => profile-flags } signer-type = bytes @@ -25,9 +26,12 @@ corim.digest = [ val: bytes ] +profile-flags = bytes .size 4 + id-label = JC<"id", 1> measurement-label = JC<"measurements", 2> signers-label = JC<"signers", 3> +flags-label = JC<"flags", 4> ; TODO import from rfc9711 diff --git a/draft-ietf-rats-eat-measured-component.md b/draft-ietf-rats-eat-measured-component.md index 1ddea29..6d18d8f 100644 --- a/draft-ietf-rats-eat-measured-component.md +++ b/draft-ietf-rats-eat-measured-component.md @@ -105,6 +105,8 @@ The information model of a "measured component" is described in {{tab-mc-info-el | Signers | One or more unique identifiers of entities signing the measured component. | OPTIONAL | {: #tab-mc-info-elems title="Measured Component Information Elements"} +The format SHOULD also allow a limited amount of extensibility to accommodate profile-specific semantics. + # Data Model The data model is inspired by the "PSA software component" claim ({{Section 4.4.1 of -psa-token}}), which has been refactored to take into account the recommendations about new EAT claims design in {{Appendix E of -rats-eat}}. @@ -127,6 +129,9 @@ The data model is inspired by the "PSA software component" claim ({{Section 4.4. "signers" (index 3) : One or more signing entities, see {{signer}}. +`profile-flags` +: a 64-bit field with profile-defined semantics, see {{profile-flags}}. + ### Component Identifier {#component-id} ~~~ cddl @@ -161,6 +166,17 @@ If it is used, the profile MUST also specify what each of the entries in the `si {::include cddl/signer.cddl} ~~~ +### Profile Flags {#profile-flags} + +This field contains at most 64-bit of profile-defined semantics. + +~~~ cddl +{::include cddl/profile-flags.cddl} +~~~ + +If an EAT profile ({{Section 6 of -rats-eat}}) uses measured components, it MUST specify whether the `profile-flags` field is used. +If it is used, the profile MUST also specify how to interpret the 64 bits. + ## EAT `measurements-format` Extensions The CDDL in {{fig-eat-plug}} extends the `$measurements-body-cbor` and `$measurements-body-json` EAT sockets to add support for `measured-component`s to the `Measurements` claim. From 1b5ef57067a0bb09b6215d6fca307f9df6fb745a Mon Sep 17 00:00:00 2001 From: Thomas Fossati Date: Wed, 29 Jan 2025 23:33:40 +0100 Subject: [PATCH 4/5] add colon Signed-off-by: Thomas Fossati --- draft-ietf-rats-eat-measured-component.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/draft-ietf-rats-eat-measured-component.md b/draft-ietf-rats-eat-measured-component.md index 6d18d8f..8cf37d0 100644 --- a/draft-ietf-rats-eat-measured-component.md +++ b/draft-ietf-rats-eat-measured-component.md @@ -120,16 +120,16 @@ The data model is inspired by the "PSA software component" claim ({{Section 4.4. ~~~ {:vspace} -"id" (index 1) +"id" (index 1): : The measured component identifier encoded according to the format described in {{component-id}}. -"measurement" (index 2) +"measurement" (index 2): : Digest value and algorithm, encoded using CoRIM digest format ({{Section 1.3.8 of -corim}}). -"signers" (index 3) +"signers" (index 3): : One or more signing entities, see {{signer}}. -`profile-flags` +"profile-flags" (index 4): : a 64-bit field with profile-defined semantics, see {{profile-flags}}. ### Component Identifier {#component-id} From cb619ca715328df59595613ce761350afdb985fb Mon Sep 17 00:00:00 2001 From: Thomas Fossati Date: Mon, 3 Feb 2025 16:26:03 +0100 Subject: [PATCH 5/5] missing file Signed-off-by: Thomas Fossati --- cddl/profile-flags.cddl | 1 + 1 file changed, 1 insertion(+) create mode 100644 cddl/profile-flags.cddl diff --git a/cddl/profile-flags.cddl b/cddl/profile-flags.cddl new file mode 100644 index 0000000..5858801 --- /dev/null +++ b/cddl/profile-flags.cddl @@ -0,0 +1 @@ +profile-flags = bytes .size 4