1;
2; From https://datatracker.ietf.org/doc/draft-moran-suit-manifest/04/
3;
4; Copyright (c) 2019 IETF Trust and the persons identified as the
5; document authors.  All rights reserved.
6;
7; Redistribution and use in source and binary forms, with or without
8; modification, is permitted pursuant to, and subject to the license terms
9; contained in, the Simplified BSD License set forth in Section 4.c of the
10; IETF Trust’s Legal Provisions Relating to IETF Documents
11; (http://trustee.ietf.org/license-info).
12;
13
14SUIT_Outer_Wrapper = {
15    suit-authentication-wrapper => bstr .cbor SUIT_Authentication_Wrapper / nil,
16    suit-manifest               => bstr .cbor SUIT_Manifest,
17    ?suit-dependency-resolution  => bstr .cbor SUIT_Command_Sequence,
18    ?suit-payload-fetch          => bstr .cbor SUIT_Command_Sequence,
19    ?suit-install                => bstr .cbor SUIT_Command_Sequence,
20    ?suit-text                   => bstr .cbor SUIT_Text_Map,
21    ?suit-coswid                 => bstr .cbor concise-software-identity
22}
23suit-authentication-wrapper = 1
24suit-manifest = 2
25suit-text = 13
26
27SUIT_Authentication_Wrapper = [ * COSE_Auth ]
28COSE_Auth = COSE_Mac_Tagged /
29            COSE_Sign_Tagged /
30            COSE_Mac0_Tagged /
31            COSE_Sign1_Tagged
32
33COSE_Mac_Tagged = any
34COSE_Sign_Tagged = any
35COSE_Mac0_Tagged = any
36COSE_Sign1_Tagged = any
37COSE_Encrypt_Tagged = any
38COSE_Encrypt0_Tagged = any
39
40SUIT_Digest = [
41  suit-digest-algorithm-id : $suit-digest-algorithm-ids,
42  suit-digest-bytes : bstr,
43  ? suit-digest-parameters : any
44]
45
46; Named Information Hash Algorithm Identifiers
47suit-digest-algorithm-ids /= algorithm-id-sha256
48suit-digest-algorithm-ids /= algorithm-id-sha256-128
49suit-digest-algorithm-ids /= algorithm-id-sha256-120
50suit-digest-algorithm-ids /= algorithm-id-sha256-96
51suit-digest-algorithm-ids /= algorithm-id-sha256-64
52suit-digest-algorithm-ids /= algorithm-id-sha256-32
53suit-digest-algorithm-ids /= algorithm-id-sha384
54suit-digest-algorithm-ids /= algorithm-id-sha512
55suit-digest-algorithm-ids /= algorithm-id-sha3-224
56suit-digest-algorithm-ids /= algorithm-id-sha3-256
57suit-digest-algorithm-ids /= algorithm-id-sha3-384
58suit-digest-algorithm-ids /= algorithm-id-sha3-512
59
60algorithm-id-sha256 = 1
61algorithm-id-sha256-128 = 2
62algorithm-id-sha256-120 = 3
63algorithm-id-sha256-96 = 4
64algorithm-id-sha256-64 = 5
65algorithm-id-sha256-32 = 6
66algorithm-id-sha384 = 7
67algorithm-id-sha512 = 8
68algorithm-id-sha3-224 = 9
69algorithm-id-sha3-256 = 10
70algorithm-id-sha3-384 = 11
71algorithm-id-sha3-512 = 12
72
73SUIT_Severable_Command_Sequence1 = SUIT_Digest / bstr .cbor SUIT_Command_Sequence
74SUIT_Severable_Command_Sequence2 = SUIT_Digest / bstr .cbor SUIT_Command_Sequence
75SUIT_Severable_Command_Sequence3 = SUIT_Digest / bstr .cbor SUIT_Command_Sequence
76SUIT_Severable_Text_Map = SUIT_Digest / bstr .cbor SUIT_Text_Map
77SUIT_Severable_concise-software-identity = SUIT_Digest / bstr .cbor concise-software-identity
78
79SUIT_Manifest = {
80    suit-manifest-version         => 1,
81    suit-manifest-sequence-number => uint,
82    ? suit-dependencies           => [ + SUIT_Dependency ],
83    ? suit-components             => [ + SUIT_Component ],
84    ? suit-dependency-components  => [ + SUIT_Component_Reference ],
85    ? suit-common                 => bstr .cbor SUIT_Command_Sequence,
86    ? suit-dependency-resolution  => SUIT_Severable_Command_Sequence1,
87    ? suit-payload-fetch          => SUIT_Severable_Command_Sequence2,
88    ? suit-install                => SUIT_Severable_Command_Sequence3,
89    ? suit-validate               => bstr .cbor SUIT_Command_Sequence,
90    ? suit-load                   => bstr .cbor SUIT_Command_Sequence,
91    ? suit-run                    => bstr .cbor SUIT_Command_Sequence,
92    ? suit-text-info              => SUIT_Severable_Text_Map,
93    ? suit-coswid                 => SUIT_Severable_concise-software-identity
94}
95
96suit-manifest-version = 1
97suit-manifest-sequence-number = 2
98suit-dependencies = 3
99suit-components = 4
100suit-dependency-components = 5
101suit-common = 6
102suit-dependency-resolution = 7
103suit-payload-fetch = 8
104suit-install = 9
105suit-validate = 10
106suit-load = 11
107suit-run = 12
108suit-text-info = 13
109suit-coswid = 14
110
111concise-software-identity = any
112
113SUIT_Dependency = {
114    suit-dependency-digest => SUIT_Digest,
115    suit-dependency-prefix => SUIT_Component_Identifier,
116}
117
118suit-dependency-digest = 1
119suit-dependency-prefix = 2
120
121SUIT_Component_Identifier =  [* bstr]
122
123SUIT_Component = {
124    suit-component-identifier => SUIT_Component_Identifier,
125    ? suit-component-size => uint,
126    ? suit-component-digest => SUIT_Digest,
127}
128
129suit-component-identifier = 1
130suit-component-size = 2
131suit-component-digest = 3
132
133SUIT_Component_Reference = {
134    suit-component-identifier => SUIT_Component_Identifier,
135    suit-component-dependency-index => uint
136}
137
138suit-component-dependency-index = 2
139
140SUIT_Command_Sequence = [ + SUIT_Command ]
141SUIT_Command = { SUIT_Condition / SUIT_Directive / SUIT_Command_Custom}
142
143SUIT_Command_Custom = (nint => bstr)
144
145SUIT_Condition //= SUIT_Condition_Vendor_Identifier: (1 => RFC4122_UUID)
146SUIT_Condition //= SUIT_Condition_Class_Identifier: (2 => RFC4122_UUID)
147SUIT_Condition //= SUIT_Condition_Device_Identifier: (3 => RFC4122_UUID)
148SUIT_Condition //= SUIT_Condition_Image_Match: (4 => SUIT_Digest)
149SUIT_Condition //= SUIT_Condition_Image_Not_Match: (5 => SUIT_Digest)
150SUIT_Condition //= SUIT_Condition_Use_Before: (6 => uint)
151SUIT_Condition //= SUIT_Condition_Minimum_Battery: (7 => uint)
152SUIT_Condition //= SUIT_Condition_Update_Authorised: (8 => int)
153SUIT_Condition //= SUIT_Condition_Version: (9 => SUIT_Condition_Version_Argument)
154SUIT_Condition //= SUIT_Condition_Component_Offset: (10 => uint)
155SUIT_Condition //= SUIT_Condition_Custom: (nint => bstr)
156
157RFC4122_UUID = bstr .size 16
158
159SUIT_Condition_Version_Argument = [
160    suit-condition-version-comparison-types: SUIT_Condition_Version_Comparison_Types,
161    suit-condition-version-comparison-value: SUIT_Condition_Version_Comparison_Value
162]
163SUIT_Condition_Version_Comparison_Types /= SUIT_Condition_Version_Comparison_Greater
164SUIT_Condition_Version_Comparison_Types /= SUIT_Condition_Version_Comparison_Greater_Equal
165SUIT_Condition_Version_Comparison_Types /= SUIT_Condition_Version_Comparison_Equal
166SUIT_Condition_Version_Comparison_Types /= SUIT_Condition_Version_Comparison_Lesser_Equal
167SUIT_Condition_Version_Comparison_Types /= SUIT_Condition_Version_Comparison_Lesser
168
169SUIT_Condition_Version_Comparison_Greater = 1
170SUIT_Condition_Version_Comparison_Greater_Equal = 2
171SUIT_Condition_Version_Comparison_Equal = 3
172SUIT_Condition_Version_Comparison_Lesser_Equal = 4
173SUIT_Condition_Version_Comparison_Lesser = 5
174
175SUIT_Condition_Version_Comparison_Value = [+int]
176
177SUIT_Directive //= SUIT_Directive_Set_Component_Index: (11 => uint/bool)
178SUIT_Directive //= SUIT_Directive_Set_Manifest_Index: (12 => uint/bool)
179SUIT_Directive //= SUIT_Directive_Run_Sequence: (13 => bstr)
180SUIT_Directive //= SUIT_Directive_Run_Sequence_Conditional: (14 => bstr)
181SUIT_Directive //= SUIT_Directive_Process_Dependency: (15 => nil)
182SUIT_Directive //= SUIT_Directive_Set_Parameters: (16 => {+ SUIT_Parameters})
183SUIT_Directive //= SUIT_Directive_Override_Parameters: (19 => {+ SUIT_Parameters})
184SUIT_Directive //= SUIT_Directive_Fetch: (20 => nil/bstr)
185SUIT_Directive //= SUIT_Directive_Copy: (21 => nil/bstr)
186SUIT_Directive //= SUIT_Directive_Run: (22 => nil/bstr)
187SUIT_Directive //= SUIT_Directive_Wait: (23 => { + SUIT_Wait_Events })
188
189SUIT_Wait_Events //= (1 => SUIT_Wait_Event_Argument_Authorisation)
190SUIT_Wait_Events //= (2 => SUIT_Wait_Event_Argument_Power)
191SUIT_Wait_Events //= (3 => SUIT_Wait_Event_Argument_Network)
192SUIT_Wait_Events //= (4 => SUIT_Wait_Event_Argument_Other_Device_Version)
193SUIT_Wait_Events //= (5 => SUIT_Wait_Event_Argument_Time)
194SUIT_Wait_Events //= (6 => SUIT_Wait_Event_Argument_Time_Of_Day)
195SUIT_Wait_Events //= (7 => SUIT_Wait_Event_Argument_Day_Of_Week)
196
197SUIT_Wait_Event_Argument_Authorisation = int ; priority
198SUIT_Wait_Event_Argument_Power = int ; Power Level
199SUIT_Wait_Event_Argument_Network = int ; Network State
200SUIT_Wait_Event_Argument_Other_Device_Version = [
201    other-device: bstr,
202    other-device-version: [+int]
203]
204SUIT_Wait_Event_Argument_Time = uint ; Timestamp
205SUIT_Wait_Event_Argument_Time_Of_Day = uint ; Time of Day (seconds since 00:00:00)
206SUIT_Wait_Event_Argument_Day_Of_Week = uint ; Days since Sunday
207
208SUIT_Parameters //= SUIT_Parameter_Strict_Order: (1 => bool)
209SUIT_Parameters //= SUIT_Parameter_Coerce_Condition_Failure: (2 => bool)
210SUIT_Parameters //= SUIT_Parameter_Vendor_ID: (3 => bstr)
211SUIT_Parameters //= SUIT_Parameter_Class_ID: (4 => bstr)
212SUIT_Parameters //= SUIT_Parameter_Device_ID: (5 => bstr)
213SUIT_Parameters //= SUIT_Parameter_URI_List: (6 => bstr .cbor SUIT_URI_List)
214SUIT_Parameters //= SUIT_Parameter_Encryption_Info: (7 => bstr .cbor SUIT_Encryption_Info)
215SUIT_Parameters //= SUIT_Parameter_Compression_Info: (8 => bstr .cbor SUIT_Compression_Info)
216SUIT_Parameters //= SUIT_Parameter_Unpack_Info: (9 => bstr .cbor SUIT_Unpack_Info)
217SUIT_Parameters //= SUIT_Parameter_Source_Component: (10 => bstr .cbor SUIT_Component_Identifier)
218SUIT_Parameters //= SUIT_Parameter_Image_Digest: (11 => bstr .cbor SUIT_Digest)
219SUIT_Parameters //= SUIT_Parameter_Image_Size: (12 => uint)
220SUIT_Parameters //= SUIT_Parameter_Custom: (nint => int/bool/bstr)
221
222SUIT_URI_List = [ + SUIT_Prioritized_URI ]
223SUIT_Prioritized_URI = [priority: int, uri: tstr]
224
225SUIT_Encryption_Info = COSE_Encrypt_Tagged/COSE_Encrypt0_Tagged
226SUIT_Compression_Info = {
227    suit-compression-algorithm => SUIT_Compression_Algorithms,
228    ? suit-compression-parameters => bstr
229}
230suit-compression-algorithm = 1
231suit-compression-parameters = 2
232
233SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_gzip
234SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_bzip2
235SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_lz4
236SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_lzma
237
238SUIT_Compression_Algorithm_gzip = 1
239SUIT_Compression_Algorithm_bzip2 = 2
240SUIT_Compression_Algorithm_deflate = 3
241SUIT_Compression_Algorithm_lz4 = 4
242SUIT_Compression_Algorithm_lzma = 7
243
244SUIT_Unpack_Info = {
245    suit-unpack-algorithm => SUIT_Unpack_Algorithms,
246    ? suit-unpack-parameters => bstr
247}
248suit-unpack-algorithm  = 1
249suit-unpack-parameters = 2
250
251SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Delta
252SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Hex
253SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Elf
254
255SUIT_Unpack_Algorithm_Delta = 1
256SUIT_Unpack_Algorithm_Hex = 2
257SUIT_Unpack_Algorithm_Elf = 3
258
259SUIT_Text_Map = {int => tstr}
260