Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Drop top level tagging requirement #337

Open
wants to merge 12 commits into
base: main
Choose a base branch
from
Open

Drop top level tagging requirement #337

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
df8efb2
Drop top level tagging requirement
deeglaze Oct 23, 2024
630b205
Update corim.cddl
nedmsmith Oct 23, 2024
fc033f8
Change tags and content type to match errata1
deeglaze Dec 18, 2024
d401fbf
Fix CoRIM examples with CDDL changes.
deeglaze Dec 18, 2024
ae65445
Create signed example in Makefile.
deeglaze Dec 18, 2024
e11242b
Remove signing from Makefile
deeglaze Dec 18, 2024
cfba300
Merge branch 'topleveltag' of https://github.com/deeglaze/draft-ietf-…
nedmsmith Jan 7, 2025
89e5419
Update cbor-tags.txt
deeglaze Jan 8, 2025
6e77393
Update corim-4.diag
deeglaze Jan 8, 2025
a4c2f02
Update payload-corim-4.diag
deeglaze Jan 8, 2025
9dc0fa8
Update draft-ietf-rats-corim.md
deeglaze Jan 8, 2025
67aaaa4
Update draft-ietf-rats-corim.md
deeglaze Jan 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions cddl/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,24 @@ CLEANFILES += $(3:.diag=.pretty)

endef # cddl_check_template

# Commented since CI doesn't have openssl
#examples/sig-structure.diag: examples/sig-structure.diag.tmpl examples/payload-corim-4.diag examples/protected-header-map.diag
# payload="$$(cat examples/payload-corim-4.diag)" \
# protected="$$(cat examples/protected-header-map.diag)" \
# envsubst < examples/sig-structure.diag.tmpl > examples/sig-structure.diag

#examples/testkey.pem:
# openssl ecparam -name secp384r1 -genkey -noout -out examples/testkey.pem

#examples/corim-4.sig: examples/sig-structure.cbor examples/testkey.pem
# openssl dgst -sha384 -sign examples/testkey.pem -out examples/corim-4.sig examples/sig-structure.cbor

#examples/corim-4.diag: examples/corim-4.sig examples/corim-4.diag.tmpl examples/payload-corim-4.diag examples/protected-header-map.diag
# payload="$$(cat examples/payload-corim-4.diag)" \
# protected="$$(cat examples/protected-header-map.diag)" \
# signature="h'$$(cat examples/corim-4.sig | xxd -p -c 128)'" \
# envsubst < examples/corim-4.diag.tmpl > examples/corim-4.diag

Comment on lines +45 to +62
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This bit is important: we need complete, signed examples too.

Please make this conditional instead.

I suggest adding a check for the openssl CLI in cddl/tools.mk and then a corresponding ifeq ($(strip $(openssl)),) here.

(You probably need a check for envsubst too.)

Besides, add the autogenerated files to the CLEANFILES variable.

PS: maybe this is worth a separate PR.

include corim-frags.mk

$(eval $(call cddl_check_template,comid,$(COMID_FRAGS),$(COMID_EXAMPLES)))
Expand Down
3 changes: 1 addition & 2 deletions cddl/cbor-tags.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,4 @@
tagged-concise-rim-type-choice = #6.500($concise-rim-type-choice)
tagged-corim-map = #6.501(corim-map)
tagged-signed-corim = #6.502(signed-corim)
tagged-concise-swid-tag = #6.505(bytes .cbor concise-swid-tag)
tagged-concise-mid-tag = #6.506(bytes .cbor concise-mid-tag)
tagged-concise-bom-tag = #6.508(bytes .cbor concise-bom-tag)
Expand All @@ -16,3 +14,4 @@ tagged-cert-thumbprint-type = #6.559(digest)
tagged-bytes = #6.560(bytes)
tagged-cert-path-thumbprint-type = #6.561(digest)
tagged-pkix-asn1der-cert-type = #6.562(bstr)
tagged-integral-predicate= #6.563(integral-predicate)
2 changes: 0 additions & 2 deletions cddl/corim-frags.mk
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,8 +65,6 @@ CORIM_FRAGS += profile-type-choice.cddl
CORIM_FRAGS += protected-corim-header-map.cddl
CORIM_FRAGS += signed-corim.cddl
CORIM_FRAGS += tagged-corim-map.cddl
CORIM_FRAGS += tagged-concise-rim-type-choice.cddl
CORIM_FRAGS += tagged-signed-corim.cddl
CORIM_FRAGS += tagged-concise-swid-tag.cddl
CORIM_FRAGS += tagged-concise-mid-tag.cddl
CORIM_FRAGS += tagged-concise-bom-tag.cddl
Expand Down
6 changes: 3 additions & 3 deletions cddl/corim.cddl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
corim = tagged-concise-rim-type-choice
corim = concise-rim-type-choice

$concise-rim-type-choice /= tagged-corim-map
$concise-rim-type-choice /= tagged-signed-corim
concise-rim-type-choice /= tagged-corim-map
concise-rim-type-choice /= signed-corim
2 changes: 1 addition & 1 deletion cddl/cose-sign1-corim.cddl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
COSE-Sign1-corim = [
protected: bstr .cbor protected-corim-header-map
unprotected: unprotected-corim-header-map
payload: bstr .cbor (tagged-corim-map / corim-map)
payload: bstr .cbor tagged-corim-map
signature: bstr
]
90 changes: 44 additions & 46 deletions cddl/examples/corim-1.diag
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,49 +1,47 @@
/ corim / 500(
/ corim-map / 501({
/ corim.id / 0 : h'284e6c3e5d9f4f6b851f5a4247f243a7',
/ corim.tags / 1 : [
/ concise-mid-tag / 506( <<
/ concise-mid-tag / {
/ comid.tag-identity / 1 : {
/ comid.tag-id / 0 : h'3f06af63a93c11e4979700505690773f'
},
/ comid.entity / 2 : [ {
/ comid.entity-name / 0 : "ACME Inc.",
/ comid.reg-id / 1 : 32("https://acme.example"),
/ comid.role / 2 : [ 0 ] / tag-creator /
} ],
/ comid.triples / 4 : {
/ comid.reference-triples / 0 : [ [
/ environment-map / {
/ comid.class / 0 : {
/ comid.class-id / 0 :
/ tagged-uuid-type / 37(
h'67b28b6c34cc40a19117ab5b05911e37'
),
/ comid.vendor / 1 : "ACME Inc.",
/ comid.model / 2 : "ACME RoadRunner",
/ comid.layer / 3 : 1
/ tagged-corim-map / 501({
/ corim.id / 0 : h'284e6c3e5d9f4f6b851f5a4247f243a7',
/ corim.tags / 1 : [
/ concise-mid-tag / 506( <<
/ concise-mid-tag / {
/ comid.tag-identity / 1 : {
/ comid.tag-id / 0 : h'3f06af63a93c11e4979700505690773f'
},
/ comid.entity / 2 : [ {
/ comid.entity-name / 0 : "ACME Inc.",
/ comid.reg-id / 1 : 32("https://acme.example"),
/ comid.role / 2 : [ 0 ] / tag-creator /
} ],
/ comid.triples / 4 : {
/ comid.reference-triples / 0 : [ [
/ environment-map / {
/ comid.class / 0 : {
/ comid.class-id / 0 :
/ tagged-uuid-type / 37(
h'67b28b6c34cc40a19117ab5b05911e37'
),
/ comid.vendor / 1 : "ACME Inc.",
/ comid.model / 2 : "ACME RoadRunner",
/ comid.layer / 3 : 1
}
},
[
/ measurement-map / {
/ comid.mval / 1 : {
/ comid.ver / 0 : {
/ comid.version / 0 : "1.0.0",
/ comid.version-scheme / 1 : 16384 / semver /
},
/ comid.digests / 2 : [ [
/ hash-alg-id / 1, / sha256 /
/ hash-value / h'44aa336af4cb14a879432e53dd6571c7fa9bccafb75f488259262d6ea3a4d91b'
] ]
}
},
[
/ measurement-map / {
/ comid.mval / 1 : {
/ comid.ver / 0 : {
/ comid.version / 0 : "1.0.0",
/ comid.version-scheme / 1 : 16384 / semver /
},
/ comid.digests / 2 : [ [
/ hash-alg-id / 1, / sha256 /
/ hash-value / h'44aa336af4cb14a879432e53dd6571c7fa9bccafb75f488259262d6ea3a4d91b'
] ]
}
}
]
] ]
}
}
]
] ]
}
>> )
]
}
)
}
>> )
]
}
)
187 changes: 93 additions & 94 deletions cddl/examples/corim-2.diag
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,115 +1,114 @@
/ corim / 500(
/ corim-map / 501({
/ corim.id / 0 : h'284e6c3e5d9f4f6b851f5a4247f243a7',
/ corim.tags / 1 : [
/ concise-mid-tag / 506( <<
/ concise-mid-tag / {
/ comid.tag-identity / 1 : {
/ comid.tag-id / 0 : h'3f06af63a93c11e4979700505690773f'
},
/ comid.entity / 2 : [ {
/ comid.entity-name / 0 : "ACME Inc.",
/ comid.reg-id / 1 : 32("https://acme.example"),
/ comid.role / 2 : [ 0 ] / tag-creator /
} ],
/ comid.triples / 4 : {
/ comid.reference-triples / 0 : [
[
/ environment-map / {
/ comid.class / 0 : {
/ comid.class-id / 0 :
/ tagged-uuid-type / 37(
h'67b28b6c34cc40a19117ab5b05911e37'
),
/ comid.vendor / 1 : "ACME Inc.",
/ comid.model / 2 : "ACME RoadRunner Firmware",
/ comid.layer / 3 : 1
}
},
[
/ measurement-map / {
/ comid.mval / 1 : {
/ comid.digests / 2 : [ [
/ hash-alg-id / 1, / sha256 /
/ hash-value / h'44aa336af4cb14a879432e53dd6571c7fa9bccafb75f488259262d6ea3a4d91b'
] ]
}
}
]
],
/ tagged-corim-map / 501({
/ corim.id / 0 : h'284e6c3e5d9f4f6b851f5a4247f243a7',
/ corim.tags / 1 : [
/ concise-mid-tag / 506( <<
/ concise-mid-tag / {
/ comid.tag-identity / 1 : {
/ comid.tag-id / 0 : h'3f06af63a93c11e4979700505690773f'
},
/ comid.entity / 2 : [ {
/ comid.entity-name / 0 : "ACME Inc.",
/ comid.reg-id / 1 : 32("https://acme.example"),
/ comid.role / 2 : [ 0 ] / tag-creator /
} ],
/ comid.triples / 4 : {
/ comid.reference-triples / 0 : [
[
/ environment-map / {
/ comid.class / 0 : {
/ comid.class-id / 0 :
/ tagged-uuid-type / 37(
h'67b28b6c34cc40a19117ab5b05911e37'
),
/ comid.vendor / 1 : "ACME Inc.",
/ comid.model / 2 : "ACME RoadRunner Firmware",
/ comid.layer / 3 : 1
}
},
[
/ environment-map / {
/ comid.class / 0 : {
/ comid.class-id / 0 :
/ tagged-uuid-type / 37(
h'a71b3e388d454a0581f352e58c832c5c'
),
/ comid.vendor / 1 : "WYLIE Inc.",
/ comid.model / 2 : "WYLIE Coyote Trusted OS",
/ comid.layer / 3 : 2,
/ comid.index / 4 : 0
}
},
[
/ measurement-map / {
/ comid.mval / 1 : {
/ comid.digests / 2 : [ [
/ hash-alg-id / 1, / sha256 /
/ hash-value / h'bb71198ed60a95dc3c619e555c2c0b8d7564a38031b034a195892591c65365b0'
] ]
}
/ measurement-map / {
/ comid.mval / 1 : {
/ comid.digests / 2 : [ [
/ hash-alg-id / 1, / sha256 /
/ hash-value / h'44aa336af4cb14a879432e53dd6571c7fa9bccafb75f488259262d6ea3a4d91b'
] ]
}
]
],
}
]
],
[
/ environment-map / {
/ comid.class / 0 : {
/ comid.class-id / 0 :
/ tagged-uuid-type / 37(
h'a71b3e388d454a0581f352e58c832c5c'
),
/ comid.vendor / 1 : "WYLIE Inc.",
/ comid.model / 2 : "WYLIE Coyote Trusted OS",
/ comid.layer / 3 : 2,
/ comid.index / 4 : 0
}
},
[
/ environment-map / {
/ comid.class / 0 : {
/ comid.class-id / 0 :
/ tagged-uuid-type / 37(
h'a71b3e388d454a0581f352e58c832c5c'
),
/ comid.vendor / 1 : "WYLIE Inc.",
/ comid.model / 2 : "WYLIE Coyote Trusted OS",
/ comid.layer / 3 : 2,
/ comid.index / 4 : 1
}
},
[
/ measurement-map / {
/ comid.mval / 1 : {
/ comid.digests / 2 : [ [
/ hash-alg-id / 1, / sha256 /
/ hash-value / h'bb71198ed60a95dc3c619e555c2c0b8d7564a38031b034a195892591c65365b0'
] ]
}
/ measurement-map / {
/ comid.mval / 1 : {
/ comid.digests / 2 : [ [
/ hash-alg-id / 1, / sha256 /
/ hash-value / h'bb71198ed60a95dc3c619e555c2c0b8d7564a38031b034a195892591c65365b0'
] ]
}
]
}
]
],
/ comid.endorsed-triples / 1 : [ [
[
/ environment-map / {
/ comid.class / 0 : {
/ comid.class-id / 0 :
/ tagged-uuid-type / 37(
h'67b28b6c34cc40a19117ab5b05911e37'
h'a71b3e388d454a0581f352e58c832c5c'
),
/ comid.vendor / 1 : "ACME Inc.",
/ comid.model / 2 : "ACME RoadRunner Root of Trust",
/ comid.layer / 3 : 0
/ comid.vendor / 1 : "WYLIE Inc.",
/ comid.model / 2 : "WYLIE Coyote Trusted OS",
/ comid.layer / 3 : 2,
/ comid.index / 4 : 1
}
},
[
/ measurement-map / {
/ comid.mval / 1 : {
/ comid.svn / 1 : 552(1)
/ comid.digests / 2 : [ [
/ hash-alg-id / 1, / sha256 /
/ hash-value / h'bb71198ed60a95dc3c619e555c2c0b8d7564a38031b034a195892591c65365b0'
] ]
}
}
]
] ]
}
]
],
/ comid.endorsed-triples / 1 : [ [
/ environment-map / {
/ comid.class / 0 : {
/ comid.class-id / 0 :
/ tagged-uuid-type / 37(
h'67b28b6c34cc40a19117ab5b05911e37'
),
/ comid.vendor / 1 : "ACME Inc.",
/ comid.model / 2 : "ACME RoadRunner Root of Trust",
/ comid.layer / 3 : 0
}
},
[
/ measurement-map / {
/ comid.mval / 1 : {
/ comid.svn / 1 : 552(1)
}
}
]
] ]
}
>> )
]
}
)
}
>> )
]
}
)

Loading
Loading