rework based on Hannes suggestion to extend EAT measurements

Signed-off-by: Thomas Fossati <[email protected]>

cddl/Makefile

@@ -1,16 +1,24 @@
+SHELL := /bin/bash
+
 %.cbor: %.diag ; diag2cbor.rb $< > $@
 %.cddl: %.cddlc ; cddlc -2tcddl $< > $@
 
 CDDL := measured-component.cddl
-DIAG_EXAMPLES := $(wildcard *.diag)
+DIAG_EXAMPLES := $(wildcard ex*.diag)
 CBOR_EXAMPLES := $(DIAG_EXAMPLES:.diag=.cbor)
 
-all: check-schema check-examples
+all: check-schema check-examples mceat-check-examples
 
 check-schema: $(CDDL) ; cddl $< g 10
 .PHONY: check-schema
 
-clean: ; -rm -f $(CDDL) $(wildcard *.pretty) $(CBOR_EXAMPLES)
+CLEANFILES += $(CDDL)
+CLEANFILES += $(CBOR_EXAMPLES)
+CLEANFILES += $(wildcard *.pretty)
+CLEANFILES += $(MCEAT_CDDL)
+CLEANFILES += $(MCEAT_CBOR_EXAMPLES)
+
+clean: ; -rm -f $(CLEANFILES)
 .PHONY: clean
 
 check-examples: $(CBOR_EXAMPLES) $(CDDL)
@@ -21,3 +29,19 @@ check-examples: $(CBOR_EXAMPLES) $(CDDL)
 		cbor2pretty.rb $$f > $${f%.cbor}.pretty ; \
 	done
 .PHONY: check-examples
+
+MCEAT_CDDL := mc+eat.cddl
+MCEAT_DIAG_EXAMPLES := eat-ex1.diag
+MCEAT_CBOR_EXAMPLES := $(MCEAT_DIAG_EXAMPLES:.diag=.cbor)
+
+$(MCEAT_CDDL): minimal-eat.cddlc eat-plug.cddl $(CDDL)
+	cddlc -2 -sClaims-Set -tcddl -Imeasured-component $< > $@
+
+mceat-check-examples: $(MCEAT_CBOR_EXAMPLES) $(MCEAT_CDDL) 
+	@for f in $(MCEAT_CBOR_EXAMPLES); do \
+		echo ">> validating $$f against $(MCEAT_CDDL)" ; \
+		cddl $(MCEAT_CDDL) validate $$f &>/dev/null || exit 1 ; \
+		echo ">> saving prettified CBOR to $${f%.cbor}.pretty" ; \
+		cbor2pretty.rb $$f > $${f%.cbor}.pretty ; \
+	done
+.PHONY: mceat-check-examples

cddl/eat-ex1.diag

@@ -0,0 +1,29 @@
+{
+  273: [
+    [
+      65000, / using a CoAP C-F from the experimental range /
+      <<
+        [
+          / id / [
+            / name / "boot loader X",
+            / version / [
+              "1.2.3rc2",
+              16384 / semver /
+            ]
+          ],
+          / measurement / [
+            / alg / "sha-256",
+            / val / h'3996003d486fb91ffb056f7d03f2b2992b215b31db
+                      e7af4b373431fc7d319da3'
+          ],
+          / signer / h'492e9b676c21f6012b1ceeb9032feb4141a880797
+                      355f6675015ec59c51ca1ec',
+          / countersigners / [
+            h'4277bb97ba7b51577a0d38151d3e08b40bdf946753f5b5bdeb
+              814d6ff57a8a5e'
+          ]
+        ]
+      >>
+    ]
+  ]
+}

cddl/eat-plug.cddl

@@ -0,0 +1 @@
+$measurements-body-cbor /= bytes .cbor measured-component

cddl/ex1.diag

@@ -1,6 +1,6 @@
 [
   / id / [
-    / name /    "boot loader X",
+    / name / "boot loader X",
     / version / [
       "1.2.3rc2",
       16384 / semver /
@@ -9,12 +9,12 @@
   / measurement / [
     / alg / "sha-256",
     / val / h'3996003d486fb91ffb056f7d03f2b2992b215b31dbe7af4b37
-3431fc7d319da3'
+              3431fc7d319da3'
   ],
   / signer / h'492e9b676c21f6012b1ceeb9032feb4141a880797355f6675
-015ec59c51ca1ec',
+              015ec59c51ca1ec',
   / countersigners / [
     h'4277bb97ba7b51577a0d38151d3e08b40bdf946753f5b5bdeb814d6ff5
-7a8a5e'  
+      7a8a5e'
   ]
 ]

cddl/minimal-eat.cddlc

@@ -0,0 +1,39 @@
+$$Claims-Set-Claims //= (
+  measurements-label => measurements-type
+)
+
+measurements-label = JC< "measurements", 273 >
+
+measurements-type = [+ measurements-format]
+
+measurements-format = [
+  content-type:   coap-content-format,
+  content-format: JC< $measurements-body-json, $measurements-body-cbor >
+]
+
+; $measurements-body-cbor /= bytes .cbor untagged-coswid
+$measurements-body-cbor /= bytes .cbor measured-component
+$measurements-body-json /= base64-url-text
+
+Claims-Set = {
+  $$Claims-Set-Claims
+}
+
+untagged-coswid = ~coswid.concise-swid-tag
+
+; common data types §7.2.1
+
+base64-url-text = tstr .regexp "[A-Za-z0-9_-]+"
+
+coap-content-format = uint .le 65535
+
+JSON-ONLY<J> = J .feature "json"
+CBOR-ONLY<C> = C .feature "cbor"
+
+JC<J,C> = JSON-ONLY<J> / CBOR-ONLY<C>
+
+; import
+
+;# import rfc9393 as coswid
+
+coswid.one-or-more<T> = T / [ 2* T ]

draft-fft-rats-eat-measured-component.md

@@ -1,7 +1,7 @@
 ---
 v: 3
 
-title: A Measured Component Claim for EAT
+title: EAT Measured Component
 abbrev: "EAT Measured Component"
 docname: draft-fft-rats-eat-measured-component-latest
 category: std
@@ -11,7 +11,7 @@ submissionType: IETF
 ipr: trust200902
 area: "Security"
 workgroup: "Remote ATtestation ProcedureS"
-keyword: [ EAT, claim, measured, component ]
+keyword: [ EAT, measurements, claim, measured, component ]
 
 stand_alone: yes
 smart_quotes: no
@@ -29,12 +29,11 @@ author:
    email: [email protected]
 
 normative:
+  RFC7252: coap
   RFC8610: cddl
   RFC9165: cddlplus
   I-D.ietf-cbor-cddl-modules: cddlmod
   RFC9393: coswid
-  IANA.cwt:
-  IANA.jwt:
   I-D.ietf-rats-eat: rats-eat
   I-D.ietf-cose-key-thumbprint: cose-key-thumbprint
   I-D.ietf-rats-corim: corim
@@ -48,13 +47,20 @@ entity:
 
 --- abstract
 
-This document defines a EAT claim to carry information about measured components.
+This document defines a "measured components" format that can be used with the EAT Measurements claim.
 
 --- middle
 
 # Introduction
 
-This document defines a EAT {{-rats-eat}} claim to carry information about measured components.
+{{Section 4.2.6 of -rats-eat}} defines a Measurements claim that:
+
+> "[c]ontains descriptions, lists, evidence or measurements of the software that exists on the entity or any other measurable subsystem of the entity."
+
+This claim allows for different measurement formats, each identified by a different CoAP Content-Format ({{Section 12.3 of -coap}}).
+Initially, the only specified format is CoSWID of type "evidence", as per {{Section 2.9.4 of -coswid}}.
+
+This document introduces the "measured components" format that can be used with the EAT Measurements claim in addition or as an alternative to CoSWID.
 
 # Conventions and Definitions
 
@@ -92,42 +98,162 @@ The following types and semantics have been reused:
 
 ## CDDL
 
+The `measured-component` data item:
+
 ~~~ cddl
 {::include cddl/measured-component.cddlc}
 ~~~
 
+The CDDL extending the EAT Measurements format:
+
+~~~ cddl
+{::include cddl/eat-plug.cddl}
+~~~
+
+The associated `content-type` MUST contain the CoAP Content-Format assigned by IANA for the `application/measured-component+cbor`.
+When the `content-type` is instead the Content-Format for `application/measured-component+json`, the `content-format` contains the base64url-encoded value of TBD.
+
 # Examples
 
+The examples are CBOR only.
+JSON examples will be added in a future version of this document.
+
+The example in {{ex-1}} is a measured component with all the fields populated.
+
 ~~~ cbor-edn
 {::include cddl/ex1.diag}
 ~~~
+{: #ex-1 title="Complete Measured Component"}
+
+The example in {{ex-eat-1}} is the same measured component as above but used as the format of a `measurements` claim in a EAT claims-set.
+Note that the example uses a CoAP Content-Format value from the experimental range (65000), which will change to the value assigned by IANA for the `application/measured-component+cbor` Content-Format.
+
+~~~ cbor-edn
+{::include cddl/eat-ex1.diag}
+~~~
+{: #ex-eat-1 title="EAT Measurements Claim using a Measured Component"}
+
+# Security Considerations {#seccons}
+
+TODO
 
 # IANA Considerations
 
 [^rfced] replace "{{&SELF}}" with the RFC number assigned to this document.
 
-## CWT `measured-component` Claim Registration
+## Media Types Registrations
+
+IANA is requested to add the following media types to the "Media Types" registry {{!IANA.media-types}}.
+
+| Name | Template | Reference |
+|-----------------|-------------------------|-----------|
+| `mc+cbor` | `application/measured-component+cbor` | {{&SELF}} |
+| `mc+json` | `application/measured-component+json` | {{&SELF}} |
+{: #tab-mc-regs title="Measured Component Media Types"}
+
+### `application/measured-component+cbor`
+
+{:compact}
+Type name:
+: application
+
+Subtype name:
+: measured-component+cbor
+
+Required parameters:
+: n/a
+
+Optional parameters:
+: n/a
+
+Encoding considerations:
+: binary (CBOR)
+
+Security considerations:
+: {{seccons}} of {{&SELF}}
+
+Interoperability considerations:
+: n/a
+
+Published specification:
+: {{&SELF}}
+
+Applications that use this media type:
+: Attesters, Verifiers and Relying Parties
+
+Fragment identifier considerations:
+: The syntax and semantics of fragment identifiers are as specified for "application/cbor". (No fragment identification syntax is currently defined for "application/cbor".)
+
+Person & email address to contact for further information:
+: RATS WG mailing list ([email protected])
+
+Intended usage:
+: COMMON
+
+Restrictions on usage:
+: none
+
+Author/Change controller:
+: IETF
+
+Provisional registration:
+: no
+
+### `application/measured-component+json`
+
+{:compact}
+Type name:
+: application
+
+Subtype name:
+: measured-component+json
+
+Required parameters:
+: n/a
+
+Optional parameters:
+: n/a
+
+Encoding considerations:
+: binary (JSON is UTF-8-encoded text)
+
+Security considerations:
+: {{seccons}} of {{&SELF}}
+
+Interoperability considerations:
+: n/a
+
+Published specification:
+: {{&SELF}}
+
+Applications that use this media type:
+: Attesters, Verifiers and Relying Parties
+
+Fragment identifier considerations:
+: The syntax and semantics of fragment identifiers are as specified for "application/json". (No fragment identification syntax is currently defined for "application/json".)
+
+Person & email address to contact for further information:
+: RATS WG mailing list ([email protected])
+
+Intended usage:
+: COMMON
 
-IANA is requested to add a new `measured-component` claim to the "CBOR Web Token (CWT) Claims" registry {{IANA.cwt}} as follows:
+Restrictions on usage:
+: none
 
-* Claim Name: measured-component
-* Claim Description: Measured Component
-* Claim Key: TBD
-* Claim Value Type(s): CBOR Map
-* Change Controller: IETF
-* Specification Document(s): {{measured-component}} of {{&SELF}}
+Author/Change controller:
+: IETF
 
-The suggested value for the Claim Key is TBD
+Provisional registration:
+: no
 
-## JWT `measured-component` Claim Registration
+## Measured Component Content-Format Registrations
 
-IANA is requested to add a new `measured-component` claim to the "JSON Web Token Claims" sub-registry of the "JSON Web Token (JWT)" registry {{IANA.jwt}} as follows:
+IANA is requested to register two Content-Format numbers in the "CoAP Content-Formats" sub-registry, within the "Constrained RESTful Environments (CoRE) Parameters" Registry {{!IANA.core-parameters}}, as follows:
 
-* Claim Name: measured-component
-* Claim Description: Measured Component
-* Claim Value Type(s): JSON object
-* Change Controller: IETF
-* Specification Document(s): {{measured-component}} of {{&SELF}}
+| Content-Type | Content Coding | ID | Reference |
+| application/measured-component+cbor | - | TBD1 | {{&SELF}} |
+| application/measured-component+json | - | TBD2 | {{&SELF}} |
 
 --- back