1; Copied from draft-ietf-suit-manifest-14 (https://datatracker.ietf.org/doc/html/draft-ietf-suit-manifest-14)
2
3SUIT_Envelope_Tagged = #6.107(SUIT_Envelope)
4SUIT_Envelope = {
5  ? suit-delegation => bstr .cbor SUIT_Delegation,
6  suit-authentication-wrapper => bstr .cbor SUIT_Authentication,
7  suit-manifest  => bstr .cbor SUIT_Manifest,
8  SUIT_Severable_Manifest_Members,
9  * SUIT_Integrated_Payload,
10  * SUIT_Integrated_Dependency,
11  * $$SUIT_Envelope_Extensions,
12
13  ; Comment out the following entry that interferes with testing SUIT_Integrated_Payload.
14  ; The entry is unnecessary together with $$SUIT_Envelope_Extensions.
15  ; It is optional, so removing it is still conformant.
16  ;* (int => bstr)
17}
18
19SUIT_Delegation = [ + [ + bstr .cbor CWT ] ]
20
21CWT = SUIT_Authentication_Block
22
23SUIT_Authentication = [
24    bstr .cbor SUIT_Digest,
25    * bstr .cbor SUIT_Authentication_Block
26]
27
28SUIT_Digest = [
29  suit-digest-algorithm-id : suit-cose-hash-algs,
30  suit-digest-bytes : bstr,
31  * $$SUIT_Digest-extensions
32]
33
34SUIT_Authentication_Block /= COSE_Mac_Tagged
35SUIT_Authentication_Block /= COSE_Sign_Tagged
36SUIT_Authentication_Block /= COSE_Mac0_Tagged
37SUIT_Authentication_Block /= COSE_Sign1_Tagged
38
39SUIT_Severable_Manifest_Members = (
40  ? suit-dependency-resolution => bstr .cbor SUIT_Command_Sequence,
41  ? suit-payload-fetch => bstr .cbor SUIT_Command_Sequence,
42  ? suit-install => bstr .cbor SUIT_Command_Sequence,
43  ? suit-text => bstr .cbor SUIT_Text_Map,
44  ? suit-coswid => bstr .cbor concise-software-identity,
45  * $$SUIT_severable-members-extensions,
46)
47
48SUIT_Integrated_Payload = (suit-integrated-payload-key => bstr)
49SUIT_Integrated_Dependency = (
50    suit-integrated-dependency-key => bstr .cbor SUIT_Envelope
51)
52suit-integrated-payload-key = nint / uint .ge 24
53suit-integrated-dependency-key = suit-integrated-payload-key
54
55SUIT_Manifest_Tagged = #6.1070(SUIT_Manifest)
56
57SUIT_Manifest = {
58    suit-manifest-version         => 1,
59    suit-manifest-sequence-number => uint,
60    suit-common                   => bstr .cbor SUIT_Common,
61    ? suit-reference-uri          => tstr,
62    SUIT_Severable_Members_Choice,
63    SUIT_Unseverable_Members,
64    * $$SUIT_Manifest_Extensions,
65}
66
67SUIT_Unseverable_Members = (
68  ? suit-validate => bstr .cbor SUIT_Command_Sequence,
69  ? suit-load => bstr .cbor SUIT_Command_Sequence,
70  ? suit-run => bstr .cbor SUIT_Command_Sequence,
71  * $$unseverable-manifest-member-extensions,
72)
73
74SUIT_Severable_Members_Choice = (
75  ? suit-dependency-resolution => \
76    bstr .cbor SUIT_Command_Sequence / SUIT_Digest,
77  ? suit-payload-fetch => \
78    bstr .cbor SUIT_Command_Sequence / SUIT_Digest,
79  ? suit-install => bstr .cbor SUIT_Command_Sequence / SUIT_Digest,
80  ? suit-text => bstr .cbor SUIT_Command_Sequence / SUIT_Digest,
81  ? suit-coswid => bstr .cbor SUIT_Command_Sequence / SUIT_Digest,
82  * $$severable-manifest-members-choice-extensions
83)
84
85SUIT_Common = {
86    ? suit-dependencies           => SUIT_Dependencies,
87    ? suit-components             => SUIT_Components,
88    ? suit-common-sequence        => bstr .cbor SUIT_Common_Sequence,
89    * $$SUIT_Common-extensions,
90}
91
92SUIT_Dependencies         = [ + SUIT_Dependency ]
93
94SUIT_Components           = [ + SUIT_Component_Identifier ]
95
96concise-software-identity = any
97
98SUIT_Dependency = {
99    suit-dependency-digest => SUIT_Digest,
100    ? suit-dependency-prefix => SUIT_Component_Identifier,
101    * $$SUIT_Dependency-extensions,
102}
103
104;REQUIRED to implement:
105suit-cose-hash-algs /= cose-alg-sha-256
106
107;OPTIONAL to implement:
108suit-cose-hash-algs /= cose-alg-shake128
109suit-cose-hash-algs /= cose-alg-sha-384
110suit-cose-hash-algs /= cose-alg-sha-512
111suit-cose-hash-algs /= cose-alg-shake256
112
113SUIT_Component_Identifier =  [* bstr]
114
115SUIT_Common_Sequence = [
116    + ( SUIT_Condition // SUIT_Common_Commands )
117]
118
119SUIT_Common_Commands //= (suit-directive-set-component-index,  IndexArg)
120SUIT_Common_Commands //= (suit-directive-set-dependency-index, IndexArg)
121SUIT_Common_Commands //= (suit-directive-run-sequence,
122    bstr .cbor SUIT_Command_Sequence)
123SUIT_Common_Commands //= (suit-directive-try-each,
124    SUIT_Directive_Try_Each_Argument)
125SUIT_Common_Commands //= (suit-directive-set-parameters,
126    {+ SUIT_Parameters})
127SUIT_Common_Commands //= (suit-directive-override-parameters,
128    {+ SUIT_Parameters})
129
130IndexArg /= uint
131IndexArg /= bool
132IndexArg /= [+uint]
133
134SUIT_Command_Sequence = [ + (
135    SUIT_Condition // SUIT_Directive // SUIT_Command_Custom
136) ]
137
138SUIT_Command_Custom = (suit-command-custom, bstr/tstr/int/nil)
139SUIT_Condition //= (suit-condition-vendor-identifier, SUIT_Rep_Policy)
140SUIT_Condition //= (suit-condition-class-identifier,  SUIT_Rep_Policy)
141SUIT_Condition //= (suit-condition-device-identifier, SUIT_Rep_Policy)
142SUIT_Condition //= (suit-condition-image-match,       SUIT_Rep_Policy)
143SUIT_Condition //= (suit-condition-image-not-match,   SUIT_Rep_Policy)
144SUIT_Condition //= (suit-condition-use-before,        SUIT_Rep_Policy)
145SUIT_Condition //= (suit-condition-minimum-battery,   SUIT_Rep_Policy)
146SUIT_Condition //= (suit-condition-update-authorized, SUIT_Rep_Policy)
147SUIT_Condition //= (suit-condition-version,           SUIT_Rep_Policy)
148SUIT_Condition //= (suit-condition-component-slot,    SUIT_Rep_Policy)
149SUIT_Condition //= (suit-condition-abort,             SUIT_Rep_Policy)
150
151SUIT_Directive //= (suit-directive-set-component-index,  IndexArg)
152SUIT_Directive //= (suit-directive-set-dependency-index, IndexArg)
153SUIT_Directive //= (suit-directive-run-sequence,
154    bstr .cbor SUIT_Command_Sequence)
155SUIT_Directive //= (suit-directive-try-each,
156    SUIT_Directive_Try_Each_Argument)
157SUIT_Directive //= (suit-directive-process-dependency, SUIT_Rep_Policy)
158SUIT_Directive //= (suit-directive-set-parameters,
159    {+ SUIT_Parameters})
160SUIT_Directive //= (suit-directive-override-parameters,
161    {+ SUIT_Parameters})
162SUIT_Directive //= (suit-directive-fetch,             SUIT_Rep_Policy)
163SUIT_Directive //= (suit-directive-copy,              SUIT_Rep_Policy)
164SUIT_Directive //= (suit-directive-swap,              SUIT_Rep_Policy)
165SUIT_Directive //= (suit-directive-run,               SUIT_Rep_Policy)
166SUIT_Directive //= (suit-directive-wait,              SUIT_Rep_Policy)
167SUIT_Directive //= (suit-directive-fetch-uri-list,    SUIT_Rep_Policy)
168SUIT_Directive //= (suit-directive-unlink,            SUIT_Rep_Policy)
169
170SUIT_Directive_Try_Each_Argument = [
171    2* bstr .cbor SUIT_Command_Sequence,
172    ?nil
173]
174
175SUIT_Rep_Policy = uint .bits suit-reporting-bits
176
177suit-reporting-bits = &(
178    suit-send-record-success : 0,
179    suit-send-record-failure : 1,
180    suit-send-sysinfo-success : 2,
181    suit-send-sysinfo-failure : 3
182)
183
184SUIT_Wait_Event = { + SUIT_Wait_Events }
185
186SUIT_Wait_Events //= (suit-wait-event-authorization => int)
187SUIT_Wait_Events //= (suit-wait-event-power => int)
188SUIT_Wait_Events //= (suit-wait-event-network => int)
189SUIT_Wait_Events //= (suit-wait-event-other-device-version
190    => SUIT_Wait_Event_Argument_Other_Device_Version)
191SUIT_Wait_Events //= (suit-wait-event-time => uint); Timestamp
192SUIT_Wait_Events //= (suit-wait-event-time-of-day
193    => uint); Time of Day (seconds since 00:00:00)
194SUIT_Wait_Events //= (suit-wait-event-day-of-week
195    => uint); Days since Sunday
196
197SUIT_Wait_Event_Argument_Other_Device_Version = [
198    other-device: bstr,
199    other-device-version: [ + SUIT_Parameter_Version_Match ]
200]
201
202SUIT_Parameters //= (suit-parameter-vendor-identifier =>
203    (RFC4122_UUID / cbor-pen))
204cbor-pen = #6.112(bstr)
205
206SUIT_Parameters //= (suit-parameter-class-identifier => RFC4122_UUID)
207SUIT_Parameters //= (suit-parameter-image-digest
208    => bstr .cbor SUIT_Digest)
209SUIT_Parameters //= (suit-parameter-image-size => uint)
210SUIT_Parameters //= (suit-parameter-use-before => uint)
211SUIT_Parameters //= (suit-parameter-component-slot => uint)
212
213SUIT_Parameters //= (suit-parameter-encryption-info
214    => bstr .cbor SUIT_Encryption_Info)
215SUIT_Parameters //= (suit-parameter-compression-info
216    => bstr .cbor SUIT_Compression_Info)
217SUIT_Parameters //= (suit-parameter-unpack-info
218    => bstr .cbor SUIT_Unpack_Info)
219
220SUIT_Parameters //= (suit-parameter-uri => tstr)
221SUIT_Parameters //= (suit-parameter-source-component => uint)
222SUIT_Parameters //= (suit-parameter-run-args => bstr)
223
224SUIT_Parameters //= (suit-parameter-device-identifier => RFC4122_UUID)
225SUIT_Parameters //= (suit-parameter-minimum-battery => uint)
226SUIT_Parameters //= (suit-parameter-update-priority => uint)
227SUIT_Parameters //= (suit-parameter-version =>
228    SUIT_Parameter_Version_Match)
229SUIT_Parameters //= (suit-parameter-wait-info =>
230    bstr .cbor SUIT_Wait_Event)
231
232SUIT_Parameters //= (suit-parameter-custom => int/bool/tstr/bstr)
233
234SUIT_Parameters //= (suit-parameter-strict-order => bool)
235SUIT_Parameters //= (suit-parameter-soft-failure => bool)
236
237SUIT_Parameters //= (suit-parameter-uri-list =>
238    bstr .cbor SUIT_URI_List)
239
240RFC4122_UUID = bstr .size 16
241
242SUIT_Parameter_Version_Match = [
243    suit-condition-version-comparison-type:
244        SUIT_Condition_Version_Comparison_Types,
245    suit-condition-version-comparison-value:
246        SUIT_Condition_Version_Comparison_Value
247]
248SUIT_Condition_Version_Comparison_Types /=
249    suit-condition-version-comparison-greater
250SUIT_Condition_Version_Comparison_Types /=
251    suit-condition-version-comparison-greater-equal
252SUIT_Condition_Version_Comparison_Types /=
253    suit-condition-version-comparison-equal
254SUIT_Condition_Version_Comparison_Types /=
255    suit-condition-version-comparison-lesser-equal
256SUIT_Condition_Version_Comparison_Types /=
257    suit-condition-version-comparison-lesser
258
259suit-condition-version-comparison-greater = 1
260suit-condition-version-comparison-greater-equal = 2
261suit-condition-version-comparison-equal = 3
262suit-condition-version-comparison-lesser-equal = 4
263suit-condition-version-comparison-lesser = 5
264
265SUIT_Condition_Version_Comparison_Value = [+int]
266
267SUIT_Encryption_Info = COSE_Encrypt_Tagged/COSE_Encrypt0_Tagged
268SUIT_Compression_Info = {
269    suit-compression-algorithm => SUIT_Compression_Algorithms,
270    * $$SUIT_Compression_Info-extensions,
271}
272
273SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_zlib
274SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_brotli
275SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_zstd
276
277SUIT_Compression_Algorithm_zlib = 1
278SUIT_Compression_Algorithm_brotli = 2
279SUIT_Compression_Algorithm_zstd = 3
280
281SUIT_Unpack_Info = {
282    suit-unpack-algorithm => SUIT_Unpack_Algorithms,
283    * $$SUIT_Unpack_Info-extensions,
284
285}
286
287SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Hex
288SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Elf
289SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Coff
290SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Srec
291
292SUIT_Unpack_Algorithm_Hex = 1
293SUIT_Unpack_Algorithm_Elf = 2
294SUIT_Unpack_Algorithm_Coff = 3
295SUIT_Unpack_Algorithm_Srec = 4
296
297SUIT_URI_List = [+ tstr ]
298
299SUIT_Text_Map = {
300    SUIT_Text_Keys,
301    * SUIT_Component_Identifier => {
302        SUIT_Text_Component_Keys
303    }
304}
305
306SUIT_Text_Component_Keys = (
307    ? suit-text-vendor-name           => tstr,
308    ? suit-text-model-name            => tstr,
309    ? suit-text-vendor-domain         => tstr,
310    ? suit-text-model-info            => tstr,
311    ? suit-text-component-description => tstr,
312    ? suit-text-component-version     => tstr,
313    ? suit-text-version-required      => tstr,
314    * $$suit-text-component-key-extensions
315)
316
317SUIT_Text_Keys = (
318    ? suit-text-manifest-description => tstr,
319    ? suit-text-update-description   => tstr,
320    ? suit-text-manifest-json-source => tstr,
321    ? suit-text-manifest-yaml-source => tstr,
322    * $$suit-text-key-extensions
323)
324
325suit-delegation = 1
326suit-authentication-wrapper = 2
327suit-manifest = 3
328
329;REQUIRED to implement:
330cose-alg-sha-256 = -16
331
332;OPTIONAL to implement:
333cose-alg-shake128 = -18
334cose-alg-sha-384 = -43
335cose-alg-sha-512 = -44
336cose-alg-shake256 = -45
337
338suit-manifest-version = 1
339suit-manifest-sequence-number = 2
340suit-common = 3
341suit-reference-uri = 4
342suit-dependency-resolution = 7
343suit-payload-fetch = 8
344suit-install = 9
345suit-validate = 10
346suit-load = 11
347suit-run = 12
348suit-text = 13
349suit-coswid = 14
350
351suit-dependencies = 1
352suit-components = 2
353suit-common-sequence = 4
354
355suit-dependency-digest = 1
356suit-dependency-prefix = 2
357
358suit-command-custom = nint
359
360suit-condition-vendor-identifier = 1
361suit-condition-class-identifier  = 2
362suit-condition-image-match       = 3
363suit-condition-use-before        = 4
364suit-condition-component-slot    = 5
365
366suit-condition-abort                    = 14
367suit-condition-device-identifier        = 24
368suit-condition-image-not-match          = 25
369suit-condition-minimum-battery          = 26
370suit-condition-update-authorized        = 27
371suit-condition-version                  = 28
372
373suit-directive-set-component-index      = 12
374suit-directive-set-dependency-index     = 13
375suit-directive-try-each                 = 15
376suit-directive-process-dependency       = 18
377suit-directive-set-parameters           = 19
378suit-directive-override-parameters      = 20
379suit-directive-fetch                    = 21
380suit-directive-copy                     = 22
381suit-directive-run                      = 23
382
383suit-directive-wait                     = 29
384suit-directive-fetch-uri-list           = 30
385suit-directive-swap                     = 31
386suit-directive-run-sequence             = 32
387suit-directive-unlink                   = 33
388
389suit-wait-event-authorization        = 1
390suit-wait-event-power                = 2
391suit-wait-event-network              = 3
392suit-wait-event-other-device-version = 4
393suit-wait-event-time                 = 5
394suit-wait-event-time-of-day          = 6
395suit-wait-event-day-of-week          = 7
396
397suit-parameter-vendor-identifier = 1
398suit-parameter-class-identifier  = 2
399suit-parameter-image-digest      = 3
400suit-parameter-use-before        = 4
401suit-parameter-component-slot    = 5
402
403suit-parameter-strict-order      = 12
404suit-parameter-soft-failure      = 13
405suit-parameter-image-size        = 14
406
407suit-parameter-encryption-info   = 18
408suit-parameter-compression-info  = 19
409suit-parameter-unpack-info       = 20
410suit-parameter-uri               = 21
411suit-parameter-source-component  = 22
412suit-parameter-run-args          = 23
413
414suit-parameter-device-identifier = 24
415suit-parameter-minimum-battery   = 26
416suit-parameter-update-priority   = 27
417suit-parameter-version           = 28
418suit-parameter-wait-info         = 29
419suit-parameter-uri-list          = 30
420
421suit-parameter-custom = nint
422
423suit-compression-algorithm = 1
424
425suit-unpack-algorithm  = 1
426
427suit-text-manifest-description  = 1
428suit-text-update-description    = 2
429suit-text-manifest-json-source  = 3
430suit-text-manifest-yaml-source  = 4
431
432suit-text-vendor-name           = 1
433suit-text-model-name            = 2
434suit-text-vendor-domain         = 3
435suit-text-model-info            = 4
436suit-text-component-description = 5
437suit-text-component-version     = 6
438suit-text-version-required      = 7