1;
2; From https://datatracker.ietf.org/doc/draft-ietf-suit-manifest/09/
3;
4; Copyright (c) 2020 IETF Trust and the persons identified as the
5; document authors.  All rights reserved.
6; Copyright (c) 2020 Nordic Semiconductor ASA
7;
8; Redistribution and use in source and binary forms, with or without
9; modification, is permitted pursuant to, and subject to the license terms
10; contained in, the Simplified BSD License set forth in Section 4.c of the
11; IETF Trust’s Legal Provisions Relating to IETF Documents
12; (http://trustee.ietf.org/license-info).
13;
14
15SUIT_Envelope = {
16  ? suit-authentication-wrapper => bstr .cbor SUIT_Authentication,
17  suit-manifest  => bstr .cbor SUIT_Manifest,
18}
19
20SUIT_Authentication = [ + bstr .cbor SUIT_Authentication_Block ]
21
22SUIT_Authentication_Block /= COSE_Sign1_Tagged
23
24COSE_Sign1_Tagged = #6.18(COSE_Sign1)
25COSE_Sign1 = [
26    protected: bstr .cbor header_map,
27    unprotected: {},
28    payload : bstr .cbor SUIT_Digest,
29    signature : bstr
30]
31
32header_map = {
33    1 => sign_ES256,  ; algorithm identifier
34}
35
36sign_ES256 = -7 ; ECDSA, SHA256
37
38SUIT_Digest = [
39  suit-digest-algorithm-id : suit-digest-algorithm-ids,
40  suit-digest-bytes : bstr,
41]
42
43; Named Information Hash Algorithm Identifiers
44suit-digest-algorithm-ids /= algorithm-id-sha256
45
46algorithm-id-sha256 = 2
47
48SUIT_Manifest = {
49    suit-manifest-version         => 1,
50    suit-manifest-sequence-number => uint,
51    suit-common                   => bstr .cbor SUIT_Common,
52    ? suit-reference-uri          => tstr,
53    ? suit-payload-fetch          => bstr .cbor SUIT_Command_Sequence,
54    ? suit-install                => bstr .cbor SUIT_Command_Sequence,
55    ? suit-validate               => bstr .cbor SUIT_Command_Sequence,
56    ? suit-load                   => bstr .cbor SUIT_Command_Sequence,
57    ? suit-run                    => bstr .cbor SUIT_Command_Sequence,
58}
59
60SUIT_Common = {
61    ? suit-components             => SUIT_Components,
62    ? suit-common-sequence        => bstr .cbor SUIT_Common_Sequence,
63}
64
65SUIT_Components           = [ + SUIT_Component_Identifier ]
66
67SUIT_Component_Identifier =  [* bstr]
68
69SUIT_Common_Sequence = [
70    1*10 ( SUIT_Condition // SUIT_Common_Commands )
71]
72
73SUIT_Common_Commands //= (suit-directive-set-component-index,  uint/bool)
74SUIT_Common_Commands //= (suit-directive-set-parameters,
75    SUIT_Parameters)
76SUIT_Common_Commands //= (suit-directive-override-parameters,
77    SUIT_Parameters)
78SUIT_Common_Commands //= (suit-condition-vendor-identifier, SUIT_Reporting_Policy)
79SUIT_Common_Commands //= (suit-condition-class-identifier,  SUIT_Reporting_Policy)
80
81
82SUIT_Command_Sequence = [ 1*10 (
83    SUIT_Condition // SUIT_Directive
84) ]
85
86SUIT_Condition //= (suit-condition-vendor-identifier, SUIT_Reporting_Policy)
87SUIT_Condition //= (suit-condition-class-identifier,  SUIT_Reporting_Policy)
88SUIT_Condition //= (suit-condition-device-identifier, SUIT_Reporting_Policy)
89SUIT_Condition //= (suit-condition-image-match,       SUIT_Reporting_Policy)
90SUIT_Condition //= (suit-condition-component-offset,  SUIT_Reporting_Policy)
91
92SUIT_Directive //= (suit-directive-set-component-index,  uint/bool)
93SUIT_Directive //= (suit-directive-set-parameters,
94    SUIT_Parameters)
95SUIT_Directive //= (suit-directive-override-parameters,
96    SUIT_Parameters)
97SUIT_Directive //= (suit-directive-fetch,                SUIT_Reporting_Policy)
98SUIT_Directive //= (suit-directive-copy,                 SUIT_Reporting_Policy)
99SUIT_Directive //= (suit-directive-run,                  SUIT_Reporting_Policy)
100SUIT_Directive //= (suit-directive-abort,                SUIT_Reporting_Policy)
101SUIT_Directive //= (suit-directive-fetch-uri-list,       SUIT_Reporting_Policy)
102
103SUIT_Reporting_Policy = uint
104
105SUIT_Parameters = {1*10 SUIT_Parameter}
106
107SUIT_Parameter //= (suit-parameter-vendor-identifier => RFC4122_UUID)
108SUIT_Parameter //= (suit-parameter-class-identifier => RFC4122_UUID)
109SUIT_Parameter //= (suit-parameter-image-digest
110    => bstr .cbor SUIT_Digest)
111SUIT_Parameter //= (suit-parameter-image-size => uint)
112SUIT_Parameter //= (suit-parameter-component-offset => uint)
113
114SUIT_Parameter //= (suit-parameter-uri => tstr)
115SUIT_Parameter //= (suit-parameter-source-component => uint)
116
117SUIT_Parameter //= (suit-parameter-device-identifier => RFC4122_UUID)
118
119SUIT_Parameter //= (suit-parameter-uri-list =>
120    bstr .cbor SUIT_URI_List)
121
122RFC4122_UUID = bstr .size 16
123SUIT_URI_List = [+ tstr ]
124
125suit-authentication-wrapper = 2
126suit-manifest = 3
127
128suit-manifest-version = 1
129suit-manifest-sequence-number = 2
130suit-common = 3
131suit-reference-uri = 4
132
133suit-payload-fetch = 8
134suit-install = 9
135suit-validate = 10
136suit-load = 11
137suit-run = 12
138
139suit-components = 2
140suit-common-sequence = 4
141
142suit-component-identifier = 1
143
144suit-condition-vendor-identifier = 1
145suit-condition-class-identifier  = 2
146suit-condition-image-match       = 3
147suit-condition-component-offset  = 5
148suit-condition-device-identifier = 24
149
150suit-directive-set-component-index      = 12
151suit-directive-abort                    = 14
152suit-directive-set-parameters           = 19
153suit-directive-override-parameters      = 20
154suit-directive-fetch                    = 21
155suit-directive-copy                     = 22
156suit-directive-run                      = 23
157suit-directive-fetch-uri-list           = 30
158
159suit-parameter-vendor-identifier = 1
160suit-parameter-class-identifier  = 2
161suit-parameter-image-digest      = 3
162suit-parameter-component-offset  = 5
163suit-parameter-image-size        = 14
164
165suit-parameter-uri               = 21
166suit-parameter-source-component  = 22
167
168suit-parameter-device-identifier = 24
169suit-parameter-uri-list          = 30
170