Merge branch 'main' into compare-raw-value

ietf-rats-wg · Jan 22, 2025 · 1d6a99c · 1d6a99c
2 parents 0902afd + 8fced54
commit 1d6a99c
Show file tree

Hide file tree

Showing 19 changed files with 358 additions and 207 deletions.
diff --git a/cddl/Makefile b/cddl/Makefile
@@ -42,6 +42,24 @@ CLEANFILES += $(3:.diag=.pretty)
 
 endef # cddl_check_template
 
+# Commented since CI doesn't have openssl
+#examples/sig-structure.diag: examples/sig-structure.diag.tmpl examples/payload-corim-4.diag examples/protected-header-map.diag
+#	payload="$$(cat examples/payload-corim-4.diag)" \
+#	protected="$$(cat examples/protected-header-map.diag)" \
+#	envsubst < examples/sig-structure.diag.tmpl > examples/sig-structure.diag
+
+#examples/testkey.pem:
+#	openssl ecparam -name secp384r1 -genkey -noout -out examples/testkey.pem
+
+#examples/corim-4.sig: examples/sig-structure.cbor examples/testkey.pem
+#	openssl dgst -sha384 -sign examples/testkey.pem -out examples/corim-4.sig examples/sig-structure.cbor
+
+#examples/corim-4.diag: examples/corim-4.sig examples/corim-4.diag.tmpl examples/payload-corim-4.diag examples/protected-header-map.diag
+#	payload="$$(cat examples/payload-corim-4.diag)" \
+#	protected="$$(cat examples/protected-header-map.diag)" \
+#	signature="h'$$(cat examples/corim-4.sig | xxd -p -c 128)'" \
+#	envsubst < examples/corim-4.diag.tmpl > examples/corim-4.diag
+
 include corim-frags.mk
 
 $(eval $(call cddl_check_template,comid,$(COMID_FRAGS),$(COMID_EXAMPLES)))

diff --git a/cddl/cbor-tags.txt b/cddl/cbor-tags.txt
@@ -1,6 +1,4 @@
-tagged-concise-rim-type-choice = #6.500($concise-rim-type-choice)
 tagged-corim-map = #6.501(corim-map)
-tagged-signed-corim = #6.502(signed-corim)
 tagged-concise-swid-tag = #6.505(bytes .cbor concise-swid-tag)
 tagged-concise-mid-tag = #6.506(bytes .cbor concise-mid-tag)
 tagged-concise-bom-tag = #6.508(bytes .cbor concise-bom-tag)
@@ -17,3 +15,4 @@ tagged-bytes = #6.560(bytes)
 tagged-cert-path-thumbprint-type = #6.561(digest)
 tagged-pkix-asn1der-cert-type = #6.562(bstr)
 tagged-masked-raw-value = #6.563([
+
diff --git a/cddl/corim-frags.mk b/cddl/corim-frags.mk
@@ -66,8 +66,6 @@ CORIM_FRAGS += profile-type-choice.cddl
 CORIM_FRAGS += protected-corim-header-map.cddl
 CORIM_FRAGS += signed-corim.cddl
 CORIM_FRAGS += tagged-corim-map.cddl
-CORIM_FRAGS += tagged-concise-rim-type-choice.cddl
-CORIM_FRAGS += tagged-signed-corim.cddl
 CORIM_FRAGS += tagged-concise-swid-tag.cddl
 CORIM_FRAGS += tagged-concise-mid-tag.cddl
 CORIM_FRAGS += tagged-concise-bom-tag.cddl

diff --git a/cddl/corim.cddl b/cddl/corim.cddl
@@ -1,4 +1,4 @@
-corim = tagged-concise-rim-type-choice
+corim = concise-rim-type-choice
 
-$concise-rim-type-choice /= tagged-corim-map
-$concise-rim-type-choice /= tagged-signed-corim
+concise-rim-type-choice /= tagged-corim-map
+concise-rim-type-choice /= signed-corim
diff --git a/cddl/cose-sign1-corim.cddl b/cddl/cose-sign1-corim.cddl
@@ -1,6 +1,6 @@
 COSE-Sign1-corim = [
   protected: bstr .cbor protected-corim-header-map
   unprotected: unprotected-corim-header-map
-  payload: bstr .cbor (tagged-corim-map / corim-map)
+  payload: bstr .cbor tagged-corim-map
   signature: bstr
 ]
diff --git a/cddl/examples/comid-series.diag b/cddl/examples/comid-series.diag
@@ -24,13 +24,12 @@
           [         
             { / *** measurement-map *** /
               / mval / 1 : / measurement-values-map / {
-                / ver / 0 : {
-                  / version / 0 : "1.0.0",
-                  / version-scheme / 1 : 16384 / semver /
+                / comid.flags / 3 : { 
+                  / configured / 0 : true
                 }
               },
               / authorized-by / 2 : [
-                / tagged-pkix-base64-key-type / 554("base64_key_X")
+                / tagged-pkix-base64-key-type / 554("base64_key_ACME_signer")
               ]
             } 
           ]
@@ -40,16 +39,17 @@
             [
               { / *** ref-val measurement-map *** /
                 / mval / 1 : / measurement-values-map / {
-			      / digests / 2 : [[
-                  / hash-alg-id / 6, / sha-256-32 /
-                  / hash-value /  h'ABCDEF01' ]]
+                  / ver / 0 : {
+                    / version / 0 : "2.0.0"
+                  },
+                  / comid.svn / 1 : 552(3)
                 }
               }
             ],
             [
               { / *** endv-measurement-map *** /
                 / mval / 1 : / measurement-values-map / {
-				        / name / 11: "CVE_ACME_777"
+                  / name / 11: "-NO_CVE-"
                 }
               }
             ]
@@ -58,17 +58,36 @@
             [
               { / *** ref-val measurement-map *** /
                 / mval / 1 : / measurement-values-map / {
-			      / digests / 2 : [[
-                  / hash-alg-id / 6, / sha-256-32 /
-                  / hash-value /  h'BCDEF01A' ]]
-
+                  / ver / 0 : {
+                    / version / 0 : "1.0.0"
+                  },
+                  / comid.svn / 1 : 552(2)
                 }
               }
             ],
             [
               { / *** endv-measurement-map *** /
                 / mval / 1 : / measurement-values-map / {
-				        / name / 11: "CVE_ACME_555"
+                  / name / 11: "CVE_WARNING"
+                }
+              }
+            ]
+          ],
+          [ / conditional-series-record #3 /
+            [
+              { / *** ref-val measurement-map *** /
+                / mval / 1 : / measurement-values-map / {
+                  / ver / 0 : {
+                    / version / 0 : "1.0.0"
+                  },
+                  / comid.svn / 1 : 552(1)
+                }
+              }
+            ],
+            [
+              { / *** endv-measurement-map *** /
+                / mval / 1 : / measurement-values-map / {
+                  / name / 11: "CVE_VULNERABLE"
                 }
               }
             ]

diff --git a/cddl/examples/corim-1.diag b/cddl/examples/corim-1.diag
@@ -1,49 +1,47 @@
-/ corim / 500(
-  / corim-map / 501({
-    / corim.id / 0 : h'284e6c3e5d9f4f6b851f5a4247f243a7',
-    / corim.tags / 1 : [
-      / concise-mid-tag / 506( <<
-        / concise-mid-tag / {
-          / comid.tag-identity / 1 : {
-            / comid.tag-id / 0 : h'3f06af63a93c11e4979700505690773f'
-          },
-          / comid.entity / 2 : [ {
-            / comid.entity-name / 0 : "ACME Inc.",
-            / comid.reg-id / 1 : 32("https://acme.example"),
-            / comid.role / 2 : [ 0 ] / tag-creator /
-          } ],
-          / comid.triples / 4 : {
-            / comid.reference-triples / 0 : [ [
-              / environment-map / {
-                / comid.class / 0 : {
-                  / comid.class-id / 0 :
-                    / tagged-uuid-type / 37(
-                      h'67b28b6c34cc40a19117ab5b05911e37'
-                    ),
-                  / comid.vendor / 1 : "ACME Inc.",
-                  / comid.model / 2 : "ACME RoadRunner",
-                  / comid.layer / 3 : 1
+/ tagged-corim-map / 501({
+  / corim.id / 0 : h'284e6c3e5d9f4f6b851f5a4247f243a7',
+  / corim.tags / 1 : [
+    / concise-mid-tag / 506( <<
+      / concise-mid-tag / {
+        / comid.tag-identity / 1 : {
+          / comid.tag-id / 0 : h'3f06af63a93c11e4979700505690773f'
+        },
+        / comid.entity / 2 : [ {
+          / comid.entity-name / 0 : "ACME Inc.",
+          / comid.reg-id / 1 : 32("https://acme.example"),
+          / comid.role / 2 : [ 0 ] / tag-creator /
+        } ],
+        / comid.triples / 4 : {
+          / comid.reference-triples / 0 : [ [
+            / environment-map / {
+              / comid.class / 0 : {
+                / comid.class-id / 0 :
+                  / tagged-uuid-type / 37(
+                    h'67b28b6c34cc40a19117ab5b05911e37'
+                  ),
+                / comid.vendor / 1 : "ACME Inc.",
+                / comid.model / 2 : "ACME RoadRunner",
+                / comid.layer / 3 : 1
+              }
+            },
+            [
+              / measurement-map / {
+                / comid.mval / 1 : {
+                  / comid.ver / 0 : {
+                    / comid.version / 0 : "1.0.0",
+                    / comid.version-scheme / 1 : 16384 / semver /
+                  },
+                  / comid.digests / 2 : [ [
+                    / hash-alg-id / 1, / sha256 /
+                    / hash-value / h'44aa336af4cb14a879432e53dd6571c7fa9bccafb75f488259262d6ea3a4d91b'
+                  ] ]
                 }
-              },
-              [
-                / measurement-map / {
-                  / comid.mval / 1 : {
-                    / comid.ver / 0 : {
-                      / comid.version / 0 : "1.0.0",
-                      / comid.version-scheme / 1 : 16384 / semver /
-                    },
-                    / comid.digests / 2 : [ [
-                      / hash-alg-id / 1, / sha256 /
-                      / hash-value / h'44aa336af4cb14a879432e53dd6571c7fa9bccafb75f488259262d6ea3a4d91b'
-                    ] ]
-                  }
-                }
-              ]
-            ] ]
-          }
+              }
+            ]
+          ] ]
         }
-      >> )
-      ]
-    }
-  )
+      }
+    >> )
+    ]
+  }
 )