ietf-rats-wg · yogeshbdeshpande · Dec 11, 2024 · Oct 26, 2024 · Oct 26, 2024 · Oct 26, 2024
diff --git a/Gemfile b/Gemfile
@@ -1,5 +1,5 @@
 source 'https://rubygems.org'
 
 gem 'json_pure'
-gem 'cddl', '>=0.12.5'
+gem 'cddl', '>=0.12.6'
 gem 'cbor-diag', '>=0.8.7'
diff --git a/Makefile b/Makefile
@@ -14,7 +14,7 @@ include cddl/corim-frags.mk
 
 define cddl_targets
 
-$(drafts_xml):: cddl/$(1)-autogen.cddl
+$(drafts_xml): cddl/$(1)-autogen.cddl
 
 cddl/$(1)-autogen.cddl: $(addprefix cddl/,$(2))
 	$(MAKE) -C cddl check-$(1)
@@ -24,6 +24,7 @@ endef # cddl_targets
 
 $(eval $(call cddl_targets,corim,$(CORIM_FRAGS)))
 $(eval $(call cddl_targets,comid,$(COMID_FRAGS)))
+$(eval $(call cddl_targets,intrep,$(INTREP_FRAGS)))
 
 cddl/concise-swid-tag.cddl: ; $(MAKE) -C cddl $(notdir $@)
 

diff --git a/cddl/attest-key-triple-record.cddl b/cddl/attest-key-triple-record.cddl
@@ -1,4 +1,8 @@
 attest-key-triple-record = [
-  environment-map
-  [ + $crypto-key-type-choice ]
+  environment: environment-map
+  key-list: [ + $crypto-key-type-choice ]
+  ? conditions: non-empty< {
+    ? &(mkey: 0) => $measured-element-type-choice,
+    ? &(authorized-by: 1) => [ + $crypto-key-type-choice ]
+  }>
 ]
diff --git a/cddl/corim-frags.mk b/cddl/corim-frags.mk
@@ -77,7 +77,8 @@ CORIM_FRAGS += $(COMID_FRAGS)
 
 CORIM_EXAMPLES := $(wildcard examples/corim-*.diag)
 
-INTREP_FRAGS := intrep-acs.cddl
+INTREP_FRAGS := intrep-start.cddl
+INTREP_FRAGS += intrep-acs.cddl
 INTREP_FRAGS += intrep-ae.cddl
 INTREP_FRAGS += intrep-ar.cddl
 INTREP_FRAGS += intrep-ars.cddl
@@ -86,6 +87,7 @@ INTREP_FRAGS += intrep-ev.cddl
 INTREP_FRAGS += intrep-policy.cddl
 INTREP_FRAGS += intrep-rv.cddl
 INTREP_FRAGS += intrep-claims-map.cddl
+INTREP_FRAGS += intrep-key.cddl
 # deps
 INTREP_FRAGS += non-empty.cddl
 INTREP_FRAGS += environment-map.cddl
@@ -102,5 +104,11 @@ INTREP_FRAGS += ip-addr-type-choice.cddl
 INTREP_FRAGS += ueid.cddl
 INTREP_FRAGS += uuid.cddl
 INTREP_FRAGS += integrity-registers.cddl
+INTREP_FRAGS += crypto-key-type-choice.cddl
+INTREP_FRAGS += profile-type-choice.cddl
+INTREP_FRAGS += cose-key.cddl
+INTREP_FRAGS += cose-label-and-value.cddl
+INTREP_FRAGS += class-id-type-choice.cddl
+INTREP_FRAGS += oid.cddl
 
 INTREP_EXAMPLES := $(wildcard examples/intrep-*.diag)
diff --git a/cddl/examples/comid-5.diag b/cddl/examples/comid-5.diag
@@ -3,6 +3,27 @@
     / comid.tag-id / 0 : h'3f06af63a93c11e4979700505690773f'
   },
   / comid.triples / 4 : {
+    / reference-triples / 0 : [
+      [
+        / environment-map / {
+          / class / 0 : {
+            / class-id / 0 :
+              / tagged-uuid-type / 37( h'67b28b6c34cc40a19117ab5b05911e39' )
+          }
+        },
+        [
+          / measurement-map / {
+            / mkey / 0 : "thing 2",
+            / mval / 1 : {
+              / cryptokeys / 13 : [
+                / tagged-pkix-base64-cert-path-type / 556("base64_cert_path_X"),
+                / tagged-pkix-base64-cert-path-type / 556("base64_cert_path_Y")
+              ]
+            }
+          }
+        ]
+      ]
+    ],
     / identity-triples / 2 : [ 
       [
         / environment-map / {
@@ -16,10 +37,10 @@
             / layer / 3 : 1
           }
         },
-        [
+        / key-list / [
           / tagged-pkix-base64-key-type / 554("base64_key_X"),
-          / tagged-pkix-base64-cert-type / 555("base64_cert"),
-          / tagged-pkix-base64-cert-path-type / 556("base64_cert_path"),
+          / tagged-pkix-base64-cert-type / 555("base64_cert_Y"),
+          / tagged-pkix-base64-cert-path-type / 556("base64_cert_path_Z"),
           / tagged-thumbprint-type / 557([
             / alg / 1, / sha256 /
             / value / h'44aa336af4cb14a879432e53dd6571c7fa9bccafb75f488259262d6ea3a4d91b'
@@ -38,6 +59,130 @@
             / value / h'66aa336af4cb14a879432e53dd6571c7fa9bccafb75f488259262d6ea3a4d91b'
           ])
         ]
+      ],
+      [
+        / environment-map / {
+          / class / 0 : {
+            / class-id / 0 :
+              / tagged-uuid-type / 37( h'67b28b6c34cc40a19117ab5b05911e38' )
+          }
+        },
+        / key-list / [
+          / tagged-pkix-base64-cert-path-type / 556("base64_cert_path_X"),
+          / tagged-pkix-base64-cert-path-type / 556("base64_cert_path_Y")
+        ],
+        / conditions / {
+          / mkey / 0 : "thing 1"
+        }
+      ],
+      [
+        / environment-map / {
+          / class / 0 : {
+            / class-id / 0 :
+              / tagged-uuid-type / 37( h'67b28b6c34cc40a19117ab5b05911e39' )
+          }
+        },
+        / key-list / [
+          / tagged-pkix-base64-cert-path-type / 556("base64_cert_path_X"),
+          / tagged-pkix-base64-cert-path-type / 556("base64_cert_path_Y")
+        ],
+        / conditions / {
+          / mkey / 0 : "thing 2",
+          / authorized-by / 1: [
+            / tagged-pkix-base64-cert-path-type / 556("base64_cert_path_A"),
+            / tagged-pkix-base64-cert-path-type / 556("base64_cert_path_B")
+          ]
+        }
+      ],
+      [
+        / environment-map / {
+          / class / 0 : {
+            / class-id / 0 :
+              / tagged-uuid-type / 37( h'67b28b6c34cc40a19117ab5b05911e40' )
+          }
+        },
+        / key-list / [
+          / tagged-pkix-base64-cert-path-type / 556("base64_cert_path_X"),
+          / tagged-pkix-base64-cert-path-type / 556("base64_cert_path_Y")
+        ],
+        / conditions / {
+          / authorized-by / 1: [
+            / tagged-pkix-base64-cert-path-type / 556("base64_cert_path_A"),
+            / tagged-pkix-base64-cert-path-type / 556("base64_cert_path_B")
+          ]
+        }
+      ]
+    ],
+    / attest-key-triples / 3 : [ 
+      [
+        / environment-map / {
+          / class / 0 : {
+            / class-id / 0 :
+              / tagged-uuid-type / 37(
+                h'67b28b6c34cc40a19117ab5b05911e37'
+              ),
+            / vendor / 1 : "ACME Inc.",
+            / model / 2 : "ACME RoadRunner",
+            / layer / 3 : 1
+          }
+        },
+        / key-list / [
+          / tagged-pkix-base64-key-type / 554("base64_key_X"),
+          / tagged-pkix-base64-cert-type / 555("base64_cert_Y"),
+          / tagged-pkix-base64-cert-path-type / 556("base64_cert_path_Z")
+        ]
+      ],
+      [
+        / environment-map / {
+          / class / 0 : {
+            / class-id / 0 :
+              / tagged-uuid-type / 37( h'67b28b6c34cc40a19117ab5b05911e30' )
+          }
+        },
+        / key-list / [
+          / tagged-pkix-base64-cert-path-type / 556("base64_cert_path_X"),
+          / tagged-pkix-base64-cert-path-type / 556("base64_cert_path_Y")
+        ],
+        / conditions / {
+          / mkey / 0 : "thing 1"
+        }
+      ],
+      [
+        / environment-map / {
+          / class / 0 : {
+            / class-id / 0 :
+              / tagged-uuid-type / 37( h'67b28b6c34cc40a19117ab5b05911e31' )
+          }
+        },
+        / key-list / [
+          / tagged-pkix-base64-cert-path-type / 556("base64_cert_path_X"),
+          / tagged-pkix-base64-cert-path-type / 556("base64_cert_path_Y")
+        ],
+        / conditions / {
+          / mkey / 0 : "thing 2",
+          / authorized-by / 1: [
+            / tagged-pkix-base64-cert-path-type / 556("base64_cert_path_A"),
+            / tagged-pkix-base64-cert-path-type / 556("base64_cert_path_B")
+          ]
+        }
+      ],
+      [
+        / environment-map / {
+          / class / 0 : {
+            / class-id / 0 :
+              / tagged-uuid-type / 37( h'67b28b6c34cc40a19117ab5b05911e32' )
+          }
+        },
+        / key-list / [
+          / tagged-pkix-base64-cert-path-type / 556("base64_cert_path_X"),
+          / tagged-pkix-base64-cert-path-type / 556("base64_cert_path_Y")
+        ],
+        / conditions / {
+          / authorized-by / 1: [
+            / tagged-pkix-base64-cert-path-type / 556("base64_cert_path_A"),
+            / tagged-pkix-base64-cert-path-type / 556("base64_cert_path_B")
+          ]
+        }
       ]
     ]
   }

diff --git a/cddl/examples/intrep-1.diag b/cddl/examples/intrep-1.diag
@@ -0,0 +1,4 @@
+/ ECT / {
+  "cmtype" : 2
+}
+
diff --git a/cddl/examples/intrep-2.diag b/cddl/examples/intrep-2.diag
@@ -0,0 +1,9 @@
+/ ECT / {
+  "environment" : {
+    / class / 0 : {
+      / class-id / 0 :
+        / tagged-uuid-type / 37( h'67b28b6c34cc40a19117ab5b05911e37' )
+    }
+  },
+  "cmtype" : 1
+}
diff --git a/cddl/examples/intrep-3.diag b/cddl/examples/intrep-3.diag
@@ -0,0 +1,32 @@
+/ ECT / {
+  "environment" : {
+    / class / 0 : {
+      / class-id / 0 :
+        / tagged-uuid-type / 37( h'67b28b6c34cc40a19117ab5b05911e37' )
+    }
+  },
+  "element-list" : [
+    / element-map / {
+      "element-claims" : {
+        / ver / 0 : {
+          / version / 0 : "1.0.0"
+        },
+        / digests / 2 : [ [
+          / hash-alg-id / 1, / sha256 /
+          / hash-value / h'44aa336af4cb14a879432e53dd6571c7fa9bccafb75f488259262d6ea3a4d91b'
+        ] ],
+        / intrep-key / 65534 : [
+          / typed-crypto-key / {
+            "key": 556("base64_cert_path_X"),
+            "key-type": 1
+          },
+          / typed-crypto-key / {
+            "key": 554("base64_key_Y"),
+            "key-type": 2
+          }
+        ]
+      }
+    }
+  ],
+  "cmtype" : 2
+}
diff --git a/cddl/identity-triple-record.cddl b/cddl/identity-triple-record.cddl
@@ -1,4 +1,8 @@
 identity-triple-record = [
-  environment-map
-  [ + $crypto-key-type-choice ]
-]
+  environment: environment-map
+  key-list: [ + $crypto-key-type-choice ]
+  ? conditions: non-empty<{
+    ? &(mkey: 0) => $measured-element-type-choice,
+    ? &(authorized-by: 1) => [ + $crypto-key-type-choice ] 
+  }>
+]
diff --git a/cddl/intrep-key.cddl b/cddl/intrep-key.cddl
@@ -0,0 +1,14 @@
+$$measurement-values-map-extension //= (
+  &(intrep-keys: 65534) => [ + typed-crypto-key ]
+)
+
+typed-crypto-key = {
+  key: $crypto-key-type-choice
+  ? key-type: uint .bits key-type
+}
+
+key-type = &(
+  attest-key: 0
+  identity-key: 1
+)
+
diff --git a/cddl/intrep-start.cddl b/cddl/intrep-start.cddl
@@ -0,0 +1 @@
+start = ECT