1; Copied from draft-ietf-suit-manifest-16 (https://datatracker.ietf.org/doc/html/draft-ietf-suit-manifest-16)
2
3SUIT_Envelope_Tagged = #6.107(SUIT_Envelope)
4SUIT_Envelope = {
5  ; Comment out since it depends on deleted types (was probably meant to be deleted)
6  ;? suit-delegation => bstr .cbor SUIT_Delegation,
7  suit-authentication-wrapper => bstr .cbor SUIT_Authentication,
8  suit-manifest  => bstr .cbor SUIT_Manifest,
9  SUIT_Severable_Manifest_Members,
10  * SUIT_Integrated_Payload,
11  * $$SUIT_Envelope_Extensions,
12
13  ; Comment out the following entry that interferes with testing SUIT_Integrated_Payload.
14  ; The entry is unnecessary together with $$SUIT_Envelope_Extensions.
15  ; It is optional, so removing it is still conformant.
16  ;* (int => bstr)
17  }
18
19SUIT_Authentication = [
20  bstr .cbor SUIT_Digest,
21  * bstr .cbor SUIT_Authentication_Block
22]
23
24SUIT_Digest = [
25  suit-digest-algorithm-id : suit-cose-hash-algs,
26  suit-digest-bytes : bstr,
27  * $$SUIT_Digest-extensions
28]
29
30SUIT_Authentication_Block /= COSE_Mac_Tagged
31SUIT_Authentication_Block /= COSE_Sign_Tagged
32SUIT_Authentication_Block /= COSE_Mac0_Tagged
33SUIT_Authentication_Block /= COSE_Sign1_Tagged
34
35SUIT_Severable_Manifest_Members = (
36  ? suit-payload-fetch => bstr .cbor SUIT_Command_Sequence,
37  ? suit-install => bstr .cbor SUIT_Command_Sequence,
38  ? suit-text => bstr .cbor SUIT_Text_Map,
39  * $$SUIT_severable-members-extensions,
40)
41
42SUIT_Integrated_Payload = (suit-integrated-payload-key => bstr)
43suit-integrated-payload-key = tstr
44
45SUIT_Manifest_Tagged = #6.1070(SUIT_Manifest)
46
47SUIT_Manifest = {
48  suit-manifest-version         => 1,
49  suit-manifest-sequence-number => uint,
50  suit-common                   => bstr .cbor SUIT_Common,
51  ? suit-reference-uri          => tstr,
52  SUIT_Severable_Members_Choice,
53  SUIT_Unseverable_Members,
54  * $$SUIT_Manifest_Extensions,
55}
56
57SUIT_Unseverable_Members = (
58  ? suit-validate => bstr .cbor SUIT_Command_Sequence,
59  ? suit-load => bstr .cbor SUIT_Command_Sequence,
60  ? suit-run => bstr .cbor SUIT_Command_Sequence,
61  * $$unseverable-manifest-member-extensions,
62)
63
64SUIT_Severable_Members_Choice = (
65  ? suit-payload-fetch => \
66  bstr .cbor SUIT_Command_Sequence / SUIT_Digest,
67  ? suit-install => bstr .cbor SUIT_Command_Sequence / SUIT_Digest,
68  ? suit-text => bstr .cbor SUIT_Command_Sequence / SUIT_Digest,
69  * $$severable-manifest-members-choice-extensions
70)
71
72SUIT_Common = {
73  ? suit-components             => SUIT_Components,
74  ? suit-common-sequence        => bstr .cbor SUIT_Common_Sequence,
75  * $$SUIT_Common-extensions,
76}
77
78SUIT_Components           = [ + SUIT_Component_Identifier ]
79
80; Comment out since it depends on deleted types (was probably meant to be deleted)
81;SUIT_Dependency = {
82;  suit-dependency-digest => SUIT_Digest,
83;  ? suit-dependency-prefix => SUIT_Component_Identifier,
84;  * $$SUIT_Dependency-extensions,
85;}
86
87;REQUIRED to implement:
88suit-cose-hash-algs /= cose-alg-sha-256
89
90;OPTIONAL to implement:
91suit-cose-hash-algs /= cose-alg-shake128
92suit-cose-hash-algs /= cose-alg-sha-384
93suit-cose-hash-algs /= cose-alg-sha-512
94suit-cose-hash-algs /= cose-alg-shake256
95
96SUIT_Component_Identifier =  [* bstr]
97
98SUIT_Common_Sequence = [
99  + ( SUIT_Condition // SUIT_Common_Commands )
100]
101
102SUIT_Common_Commands //= (suit-directive-set-component-index,  IndexArg)
103SUIT_Common_Commands //= (suit-directive-run-sequence,
104  bstr .cbor SUIT_Command_Sequence)
105SUIT_Common_Commands //= (suit-directive-try-each,
106  SUIT_Directive_Try_Each_Argument)
107SUIT_Common_Commands //= (suit-directive-override-parameters,
108  {+ SUIT_Parameters})
109
110IndexArg /= uint
111IndexArg /= bool
112IndexArg /= [+uint]
113
114SUIT_Command_Sequence = [ + (
115  SUIT_Condition // SUIT_Directive // SUIT_Command_Custom
116) ]
117
118SUIT_Command_Custom = (suit-command-custom, bstr/tstr/int/nil)
119SUIT_Condition //= (suit-condition-vendor-identifier, SUIT_Rep_Policy)
120SUIT_Condition //= (suit-condition-class-identifier,  SUIT_Rep_Policy)
121SUIT_Condition //= (suit-condition-device-identifier, SUIT_Rep_Policy)
122SUIT_Condition //= (suit-condition-image-match,       SUIT_Rep_Policy)
123SUIT_Condition //= (suit-condition-component-slot,    SUIT_Rep_Policy)
124SUIT_Condition //= (suit-condition-abort,             SUIT_Rep_Policy)
125
126SUIT_Directive //= (suit-directive-set-component-index,  IndexArg)
127SUIT_Directive //= (suit-directive-run-sequence,
128    bstr .cbor SUIT_Command_Sequence)
129SUIT_Directive //= (suit-directive-try-each,
130    SUIT_Directive_Try_Each_Argument)
131
132; Comment out since it depends on deleted types (was probably meant to be deleted)
133;SUIT_Directive //= (suit-directive-process-dependency, SUIT_Rep_Policy)
134SUIT_Directive //= (suit-directive-override-parameters,
135    {+ SUIT_Parameters})
136SUIT_Directive //= (suit-directive-fetch,             SUIT_Rep_Policy)
137SUIT_Directive //= (suit-directive-copy,              SUIT_Rep_Policy)
138SUIT_Directive //= (suit-directive-swap,              SUIT_Rep_Policy)
139SUIT_Directive //= (suit-directive-run,               SUIT_Rep_Policy)
140
141SUIT_Directive_Try_Each_Argument = [
142  2* bstr .cbor SUIT_Command_Sequence,
143  ?nil
144]
145
146SUIT_Rep_Policy = uint .bits suit-reporting-bits
147
148suit-reporting-bits = &(
149  suit-send-record-success : 0,
150  suit-send-record-failure : 1,
151  suit-send-sysinfo-success : 2,
152  suit-send-sysinfo-failure : 3
153)
154
155SUIT_Parameters //= (suit-parameter-vendor-identifier =>
156    (RFC4122_UUID / cbor-pen))
157cbor-pen = #6.112(bstr)
158
159SUIT_Parameters //= (suit-parameter-class-identifier => RFC4122_UUID)
160SUIT_Parameters //= (suit-parameter-image-digest
161    => bstr .cbor SUIT_Digest)
162SUIT_Parameters //= (suit-parameter-image-size => uint)
163SUIT_Parameters //= (suit-parameter-component-slot => uint)
164
165SUIT_Parameters //= (suit-parameter-uri => tstr)
166SUIT_Parameters //= (suit-parameter-source-component => uint)
167SUIT_Parameters //= (suit-parameter-run-args => bstr)
168
169SUIT_Parameters //= (suit-parameter-device-identifier => RFC4122_UUID)
170
171SUIT_Parameters //= (suit-parameter-custom => int/bool/tstr/bstr)
172
173SUIT_Parameters //= (suit-parameter-strict-order => bool)
174SUIT_Parameters //= (suit-parameter-soft-failure => bool)
175
176RFC4122_UUID = bstr .size 16
177
178SUIT_Text_Map = {
179  SUIT_Text_Keys,
180  * SUIT_Component_Identifier => {
181          SUIT_Text_Component_Keys
182  }
183}
184
185SUIT_Text_Component_Keys = (
186  ? suit-text-vendor-name           => tstr,
187  ? suit-text-model-name            => tstr,
188  ? suit-text-vendor-domain         => tstr,
189  ? suit-text-model-info            => tstr,
190  ? suit-text-component-description => tstr,
191  ? suit-text-component-version     => tstr,
192  * $$suit-text-component-key-extensions
193)
194
195SUIT_Text_Keys = (
196  ? suit-text-manifest-description => tstr,
197  ? suit-text-update-description   => tstr,
198  ? suit-text-manifest-json-source => tstr,
199  ? suit-text-manifest-yaml-source => tstr,
200  * $$suit-text-key-extensions
201)
202
203suit-authentication-wrapper = 2
204suit-manifest = 3
205
206;REQUIRED to implement:
207cose-alg-sha-256 = -16
208
209;OPTIONAL to implement:
210cose-alg-shake128 = -18
211cose-alg-sha-384 = -43
212cose-alg-sha-512 = -44
213cose-alg-shake256 = -45
214
215suit-manifest-version = 1
216suit-manifest-sequence-number = 2
217suit-common = 3
218suit-reference-uri = 4
219suit-payload-fetch = 8
220suit-install = 9
221suit-validate = 10
222suit-load = 11
223suit-run = 12
224suit-text = 13
225
226suit-components = 2
227suit-common-sequence = 4
228
229suit-command-custom = nint
230
231suit-condition-vendor-identifier = 1
232suit-condition-class-identifier  = 2
233suit-condition-image-match       = 3
234suit-condition-component-slot    = 5
235
236suit-condition-abort                    = 14
237suit-condition-device-identifier        = 24
238
239suit-directive-set-component-index      = 12
240suit-directive-try-each                 = 15
241suit-directive-override-parameters      = 20
242suit-directive-fetch                    = 21
243suit-directive-copy                     = 22
244suit-directive-run                      = 23
245
246suit-directive-swap                     = 31
247suit-directive-run-sequence             = 32
248
249suit-parameter-vendor-identifier = 1
250suit-parameter-class-identifier  = 2
251suit-parameter-image-digest      = 3
252suit-parameter-component-slot    = 5
253
254suit-parameter-strict-order      = 12
255suit-parameter-soft-failure      = 13
256suit-parameter-image-size        = 14
257
258suit-parameter-uri               = 21
259suit-parameter-source-component  = 22
260suit-parameter-run-args          = 23
261
262suit-parameter-device-identifier = 24
263
264suit-parameter-custom = nint
265
266suit-text-manifest-description  = 1
267suit-text-update-description    = 2
268suit-text-manifest-json-source  = 3
269suit-text-manifest-yaml-source  = 4
270
271suit-text-vendor-name           = 1
272suit-text-model-name            = 2
273suit-text-vendor-domain         = 3
274suit-text-model-info            = 4
275suit-text-component-description = 5
276suit-text-component-version     = 6
277