1; 2; From https://datatracker.ietf.org/doc/draft-ietf-suit-manifest/12/ 3; 4; Copyright (c) 2021 IETF Trust and the persons identified as the 5; document authors. All rights reserved. 6; Copyright (c) 2021 Nordic Semiconductor ASA 7; 8; Redistribution and use in source and binary forms, with or without 9; modification, is permitted pursuant to, and subject to the license terms 10; contained in, the Simplified BSD License set forth in Section 4.c of the 11; IETF Trust’s Legal Provisions Relating to IETF Documents 12; (http://trustee.ietf.org/license-info). 13; 14 15SUIT_Envelope_Tagged = #6.48(SUIT_Envelope) 16SUIT_Envelope = { 17 ? suit-delegation => bstr .cbor SUIT_Delegation, 18 suit-authentication-wrapper => bstr .cbor SUIT_Authentication, 19 suit-manifest => bstr .cbor SUIT_Manifest, 20 SUIT_Severable_Manifest_Members, 21 *(suit-integrated-payload-key => bstr), 22 *(suit-integrated-dependency-key => bstr .cbor SUIT_Envelope), 23 * $$SUIT_Envelope_Extensions, 24 * (int => bstr) 25} 26 27SUIT_Delegation = [ + [ + bstr .cbor CWT ] ] 28 29CWT = SUIT_Authentication_Block 30 31SUIT_Authentication = [ 32 bstr .cbor SUIT_Digest, 33 * bstr .cbor SUIT_Authentication_Block 34] 35 36SUIT_Digest = [ 37 suit-digest-algorithm-id : suit-digest-algorithm-ids, 38 suit-digest-bytes : bstr, 39 * $$SUIT_Digest-extensions 40] 41 42; Named Information Hash Algorithm Identifiers 43suit-digest-algorithm-ids /= algorithm-id-sha224 44suit-digest-algorithm-ids /= algorithm-id-sha256 45suit-digest-algorithm-ids /= algorithm-id-sha384 46suit-digest-algorithm-ids /= algorithm-id-sha512 47suit-digest-algorithm-ids /= algorithm-id-sha3-224 48suit-digest-algorithm-ids /= algorithm-id-sha3-256 49suit-digest-algorithm-ids /= algorithm-id-sha3-384 50suit-digest-algorithm-ids /= algorithm-id-sha3-512 51 52SUIT_Authentication_Block /= COSE_Sign1_Tagged 53SUIT_Authentication_Block /= COSE_Mac_Tagged 54SUIT_Authentication_Block /= COSE_Sign_Tagged 55SUIT_Authentication_Block /= COSE_Mac0_Tagged 56 57 58COSE_Mac_Tagged = any 59COSE_Sign_Tagged = any 60COSE_Mac0_Tagged = any 61COSE_Sign1_Tagged = #6.18(COSE_Sign1) 62COSE_Encrypt_Tagged = any 63COSE_Encrypt0_Tagged = any 64 65 66COSE_Sign1 = [ 67 protected: bstr .cbor header_map, 68 unprotected: {}, 69 payload : bstr / nil, 70 signature : bstr 71] 72 73header_map = { 74 *(uint => int) 75} 76 77SUIT_Severable_Manifest_Members = ( 78 ? suit-dependency-resolution => bstr .cbor SUIT_Command_Sequence, 79 ? suit-payload-fetch => bstr .cbor SUIT_Command_Sequence, 80 ? suit-install => bstr .cbor SUIT_Command_Sequence, 81 ? suit-text => bstr .cbor SUIT_Text_Map, 82 ? suit-coswid => bstr .cbor concise-software-identity, 83 * $$SUIT_severable-members-extensions, 84) 85 86suit-integrated-payload-key = nint / uint .ge 24 87suit-integrated-dependency-key = nint / uint .ge 24 88 89SUIT_Manifest_Tagged = #6.480(SUIT_Manifest) 90 91SUIT_Manifest = { 92 suit-manifest-version => 1, 93 suit-manifest-sequence-number => uint, 94 suit-common => bstr .cbor SUIT_Common, 95 ? suit-reference-uri => tstr, 96 SUIT_Severable_Manifest_Members, 97 SUIT_Severable_Members_Digests, 98 SUIT_Unseverable_Members, 99 ; * $$SUIT_Manifest_Extensions, 100} 101 102SUIT_Unseverable_Members = ( 103 ? suit-validate => bstr .cbor SUIT_Command_Sequence, 104 ? suit-load => bstr .cbor SUIT_Command_Sequence, 105 ? suit-run => bstr .cbor SUIT_Command_Sequence, 106 * $$unserverble-manifest-member-extensions, 107) 108 109SUIT_Severable_Members_Digests = ( 110 ? suit-dependency-resolution => SUIT_Digest, 111 ? suit-payload-fetch => SUIT_Digest, 112 ? suit-install => SUIT_Digest, 113 ? suit-text => SUIT_Digest, 114 ? suit-coswid => SUIT_Digest, 115 116 * $$severable-manifest-members-digests-extensions 117) 118 119SUIT_Common = { 120 ? suit-dependencies => SUIT_Dependencies, 121 ? suit-components => SUIT_Components, 122 ? suit-common-sequence => bstr .cbor SUIT_Common_Sequence, 123 * $$SUIT_Common-extensions, 124} 125 126SUIT_Dependencies = [ + SUIT_Dependency ] 127SUIT_Components = [ + SUIT_Component_Identifier ] 128 129concise-software-identity = any 130 131SUIT_Dependency = { 132 suit-dependency-digest => SUIT_Digest, 133 ? suit-dependency-prefix => SUIT_Component_Identifier, 134 ; * $$SUIT_Dependency-extensions, 135} 136 137SUIT_Component_Identifier = [* bstr] 138 139SUIT_Common_Sequence = [ 140 + ( SUIT_Condition // SUIT_Common_Commands ) 141] 142 143SUIT_Common_Commands //= (suit-directive-set-component-index, IndexArg) 144SUIT_Common_Commands //= (suit-directive-set-dependency-index, IndexArg) 145SUIT_Common_Commands //= (suit-directive-run-sequence, 146 bstr .cbor SUIT_Command_Sequence) 147SUIT_Common_Commands //= (suit-directive-try-each, 148 SUIT_Directive_Try_Each_Argument) 149SUIT_Common_Commands //= (suit-directive-set-parameters, 150 {+ SUIT_Parameters}) 151SUIT_Common_Commands //= (suit-directive-override-parameters, 152 {+ SUIT_Parameters}) 153 154IndexArg /= uint 155IndexArg /= bool 156IndexArg /= [+uint] 157 158SUIT_Command_Sequence = [ + ( 159 SUIT_Condition // SUIT_Directive // SUIT_Command_Custom 160) ] 161 162SUIT_Command_Custom = (suit-command-custom, bstr/tstr/int/nil) 163SUIT_Condition //= (suit-condition-vendor-identifier, SUIT_Rep_Policy) 164 165SUIT_Condition //= (suit-condition-class-identifier, SUIT_Rep_Policy) 166SUIT_Condition //= (suit-condition-device-identifier, SUIT_Rep_Policy) 167SUIT_Condition //= (suit-condition-image-match, SUIT_Rep_Policy) 168SUIT_Condition //= (suit-condition-image-not-match, SUIT_Rep_Policy) 169SUIT_Condition //= (suit-condition-use-before, SUIT_Rep_Policy) 170SUIT_Condition //= (suit-condition-minimum-battery, SUIT_Rep_Policy) 171SUIT_Condition //= (suit-condition-update-authorized, SUIT_Rep_Policy) 172SUIT_Condition //= (suit-condition-version, SUIT_Rep_Policy) 173SUIT_Condition //= (suit-condition-component-offset, SUIT_Rep_Policy) 174SUIT_Condition //= (suit-condition-abort, SUIT_Rep_Policy) 175 176SUIT_Directive //= (suit-directive-set-component-index, IndexArg) 177SUIT_Directive //= (suit-directive-set-dependency-index, IndexArg) 178SUIT_Directive //= (suit-directive-run-sequence, 179 bstr .cbor SUIT_Command_Sequence) 180SUIT_Directive //= (suit-directive-try-each, 181 SUIT_Directive_Try_Each_Argument) 182SUIT_Directive //= (suit-directive-process-dependency, SUIT_Rep_Policy) 183SUIT_Directive //= (suit-directive-set-parameters, 184 {+ SUIT_Parameters}) 185SUIT_Directive //= (suit-directive-override-parameters, 186 {+ SUIT_Parameters}) 187SUIT_Directive //= (suit-directive-fetch, SUIT_Rep_Policy) 188SUIT_Directive //= (suit-directive-copy, SUIT_Rep_Policy) 189SUIT_Directive //= (suit-directive-swap, SUIT_Rep_Policy) 190SUIT_Directive //= (suit-directive-run, SUIT_Rep_Policy) 191SUIT_Directive //= (suit-directive-wait, SUIT_Rep_Policy) 192SUIT_Directive //= (suit-directive-fetch-uri-list, SUIT_Rep_Policy) 193SUIT_Directive //= (suit-directive-garbage-collect, SUIT_Rep_Policy) 194 195SUIT_Directive_Try_Each_Argument = [ 196 + bstr .cbor SUIT_Command_Sequence, 197 ?nil 198] 199 200SUIT_Rep_Policy = uint ;.bits suit-reporting-bits 201 202;suit-reporting-bits = &( 203; suit-send-record-success : 0, 204; suit-send-record-failure : 1, 205; suit-send-sysinfo-success : 2, 206; suit-send-sysinfo-failure : 3 207;) 208 209SUIT_Wait_Event = { + SUIT_Wait_Events } 210 211SUIT_Wait_Events //= (suit-wait-event-authorization => int) 212SUIT_Wait_Events //= (suit-wait-event-power => int) 213 214SUIT_Wait_Events //= (suit-wait-event-network => int) 215SUIT_Wait_Events //= (suit-wait-event-other-device-version 216 => SUIT_Wait_Event_Argument_Other_Device_Version) 217SUIT_Wait_Events //= (suit-wait-event-time => uint); Timestamp 218SUIT_Wait_Events //= (suit-wait-event-time-of-day 219 => uint); Time of Day (seconds since 00:00:00) 220SUIT_Wait_Events //= (suit-wait-event-day-of-week 221 => uint); Days since Sunday 222 223SUIT_Wait_Event_Argument_Other_Device_Version = [ 224 other-device: bstr, 225 other-device-version: [ + SUIT_Parameter_Version_Match ] 226] 227 228SUIT_Parameters //= (suit-parameter-vendor-identifier => 229 (RFC4122_UUID / cbor-pen)) 230cbor-pen = #6.112(bstr) 231 232SUIT_Parameters //= (suit-parameter-class-identifier => RFC4122_UUID) 233SUIT_Parameters //= (suit-parameter-image-digest 234 => bstr .cbor SUIT_Digest) 235SUIT_Parameters //= (suit-parameter-image-size => uint) 236SUIT_Parameters //= (suit-parameter-use-before => uint) 237SUIT_Parameters //= (suit-parameter-component-offset => uint) 238 239SUIT_Parameters //= (suit-parameter-encryption-info 240 => bstr .cbor SUIT_Encryption_Info) 241SUIT_Parameters //= (suit-parameter-compression-info 242 => bstr .cbor SUIT_Compression_Info) 243SUIT_Parameters //= (suit-parameter-unpack-info 244 => bstr .cbor SUIT_Unpack_Info) 245 246SUIT_Parameters //= (suit-parameter-uri => tstr) 247SUIT_Parameters //= (suit-parameter-source-component => uint) 248SUIT_Parameters //= (suit-parameter-run-args => bstr) 249 250SUIT_Parameters //= (suit-parameter-device-identifier => RFC4122_UUID) 251SUIT_Parameters //= (suit-parameter-minimum-battery => uint) 252SUIT_Parameters //= (suit-parameter-update-priority => uint) 253SUIT_Parameters //= (suit-parameter-version => 254 SUIT_Parameter_Version_Match) 255SUIT_Parameters //= (suit-parameter-wait-info => 256 bstr .cbor SUIT_Wait_Event) 257 258SUIT_Parameters //= (suit-parameter-custom => int/bool/tstr/bstr) 259 260SUIT_Parameters //= (suit-parameter-strict-order => bool) 261SUIT_Parameters //= (suit-parameter-soft-failure => bool) 262 263SUIT_Parameters //= (suit-parameter-uri-list => 264 bstr .cbor SUIT_URI_List) 265 266RFC4122_UUID = bstr .size 16 267 268SUIT_Parameter_Version_Match = [ 269 suit-condition-version-comparison-type: 270 SUIT_Condition_Version_Comparison_Types, 271 suit-condition-version-comparison-value: 272 SUIT_Condition_Version_Comparison_Value 273] 274SUIT_Condition_Version_Comparison_Types /= 275 suit-condition-version-comparison-greater 276SUIT_Condition_Version_Comparison_Types /= 277 suit-condition-version-comparison-greater-equal 278SUIT_Condition_Version_Comparison_Types /= 279 suit-condition-version-comparison-equal 280SUIT_Condition_Version_Comparison_Types /= 281 suit-condition-version-comparison-lesser-equal 282SUIT_Condition_Version_Comparison_Types /= 283 suit-condition-version-comparison-lesser 284 285suit-condition-version-comparison-greater = 1 286suit-condition-version-comparison-greater-equal = 2 287suit-condition-version-comparison-equal = 3 288suit-condition-version-comparison-lesser-equal = 4 289suit-condition-version-comparison-lesser = 5 290 291SUIT_Condition_Version_Comparison_Value = [+int] 292 293SUIT_Encryption_Info = COSE_Encrypt_Tagged/COSE_Encrypt0_Tagged 294SUIT_Compression_Info = { 295 suit-compression-algorithm => SUIT_Compression_Algorithms, 296 * $$SUIT_Compression_Info-extensions, 297} 298 299SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_zlib 300SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_brotli 301SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_zstd 302 303SUIT_Compression_Algorithm_zlib = 1 304SUIT_Compression_Algorithm_brotli = 2 305SUIT_Compression_Algorithm_zstd = 3 306 307SUIT_Unpack_Info = { 308 suit-unpack-algorithm => SUIT_Unpack_Algorithms, 309 * $$SUIT_Unpack_Info-extensions, 310} 311 312SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Hex 313SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Elf 314SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Coff 315SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Srec 316 317SUIT_Unpack_Algorithm_Hex = 1 318SUIT_Unpack_Algorithm_Elf = 2 319SUIT_Unpack_Algorithm_Coff = 3 320SUIT_Unpack_Algorithm_Srec = 4 321 322SUIT_URI_List = [+ tstr ] 323 324SUIT_Text_Map = { 325 SUIT_Text_Keys, 326 * SUIT_Component_Identifier => { 327 SUIT_Text_Component_Keys 328 } 329} 330 331SUIT_Text_Component_Keys = ( 332 ? suit-text-vendor-name => tstr, 333 ? suit-text-model-name => tstr, 334 ? suit-text-vendor-domain => tstr, 335 ? suit-text-model-info => tstr, 336 ? suit-text-component-description => tstr, 337 ? suit-text-component-version => tstr, 338 ? suit-text-version-required => tstr, 339 * $$suit-text-component-key-extensions 340) 341 342SUIT_Text_Keys = ( 343 ? suit-text-manifest-description => tstr, 344 ? suit-text-update-description => tstr, 345 ? suit-text-manifest-json-source => tstr, 346 ? suit-text-manifest-yaml-source => tstr, 347 * $$suit-text-key-extensions 348) 349 350suit-delegation = 1 351suit-authentication-wrapper = 2 352suit-manifest = 3 353 354algorithm-id-sha224 = 1 355algorithm-id-sha256 = 2 356algorithm-id-sha384 = 3 357algorithm-id-sha512 = 4 358 359algorithm-id-sha3-224 = 5 360algorithm-id-sha3-256 = 6 361algorithm-id-sha3-384 = 7 362algorithm-id-sha3-512 = 8 363 364suit-manifest-version = 1 365suit-manifest-sequence-number = 2 366suit-common = 3 367suit-reference-uri = 4 368suit-dependency-resolution = 7 369suit-payload-fetch = 8 370suit-install = 9 371suit-validate = 10 372suit-load = 11 373suit-run = 12 374suit-text = 13 375suit-coswid = 14 376 377suit-dependencies = 1 378suit-components = 2 379suit-common-sequence = 4 380 381suit-dependency-digest = 1 382suit-dependency-prefix = 2 383 384suit-command-custom = nint 385 386suit-condition-vendor-identifier = 1 387suit-condition-class-identifier = 2 388suit-condition-image-match = 3 389suit-condition-use-before = 4 390suit-condition-component-offset = 5 391 392suit-condition-abort = 14 393suit-condition-device-identifier = 24 394suit-condition-image-not-match = 25 395suit-condition-minimum-battery = 26 396suit-condition-update-authorized = 27 397suit-condition-version = 28 398 399suit-directive-set-component-index = 12 400suit-directive-set-dependency-index = 13 401suit-directive-try-each = 15 402suit-directive-process-dependency = 18 403suit-directive-set-parameters = 19 404suit-directive-override-parameters = 20 405suit-directive-fetch = 21 406suit-directive-copy = 22 407 408suit-directive-run = 23 409 410suit-directive-wait = 29 411suit-directive-fetch-uri-list = 30 412suit-directive-swap = 31 413suit-directive-run-sequence = 32 414suit-directive-garbage-collect = 33 415 416suit-wait-event-authorization = 1 417suit-wait-event-power = 2 418suit-wait-event-network = 3 419suit-wait-event-other-device-version = 4 420suit-wait-event-time = 5 421suit-wait-event-time-of-day = 6 422suit-wait-event-day-of-week = 7 423 424suit-parameter-vendor-identifier = 1 425suit-parameter-class-identifier = 2 426suit-parameter-image-digest = 3 427suit-parameter-use-before = 4 428suit-parameter-component-offset = 5 429 430suit-parameter-strict-order = 12 431suit-parameter-soft-failure = 13 432suit-parameter-image-size = 14 433 434suit-parameter-encryption-info = 18 435suit-parameter-compression-info = 19 436suit-parameter-unpack-info = 20 437suit-parameter-uri = 21 438suit-parameter-source-component = 22 439suit-parameter-run-args = 23 440 441suit-parameter-device-identifier = 24 442suit-parameter-minimum-battery = 26 443suit-parameter-update-priority = 27 444suit-parameter-version = 28 445suit-parameter-wait-info = 29 446suit-parameter-uri-list = 30 447 448suit-parameter-custom = nint 449 450suit-compression-algorithm = 1 451 452suit-unpack-algorithm = 1 453 454suit-text-manifest-description = 1 455suit-text-update-description = 2 456 457suit-text-manifest-json-source = 3 458suit-text-manifest-yaml-source = 4 459 460suit-text-vendor-name = 1 461suit-text-model-name = 2 462suit-text-vendor-domain = 3 463suit-text-model-info = 4 464suit-text-component-description = 5 465suit-text-component-version = 6 466suit-text-version-required = 7
