1;
2; From https://datatracker.ietf.org/doc/draft-ietf-suit-manifest/02/
3;
4; Copyright (c) 2019 IETF Trust and the persons identified as the
5; document authors.  All rights reserved.
6;
7; Redistribution and use in source and binary forms, with or without
8; modification, is permitted pursuant to, and subject to the license terms
9; contained in, the Simplified BSD License set forth in Section 4.c of the
10; IETF Trust’s Legal Provisions Relating to IETF Documents
11; (http://trustee.ietf.org/license-info).
12;
13
14SUIT_Outer_Wrapper = {
15    suit-authentication-wrapper => bstr .cbor SUIT_Authentication_Wrapper / nil,
16    $$SUIT_Manifest_Wrapped,
17    ?suit-dependency-resolution  => bstr .cbor SUIT_Command_Sequence,
18    ?suit-payload-fetch          => bstr .cbor SUIT_Command_Sequence,
19    ?suit-install                => bstr .cbor SUIT_Command_Sequence,
20    ?suit-text                   => bstr .cbor SUIT_Text_Map,
21    ?suit-coswid                 => bstr .cbor concise-software-identity
22}
23
24SUIT_Authentication_Wrapper = (
25    COSE_Mac_Tagged /
26    COSE_Sign_Tagged /
27    COSE_Mac0_Tagged /
28    COSE_Sign1_Tagged)
29
30SUIT_Authentication_Wrapper_List = [ + SUIT_Authentication_Wrapper ]
31
32SUIT_Encryption_Wrapper = COSE_Encrypt_Tagged / COSE_Encrypt0_Tagged
33
34$$SUIT_Manifest_Wrapped //= (suit-manifest  => bstr .cbor SUIT_Manifest)
35$$SUIT_Manifest_Wrapped //= (
36    suit-manifest-encryption-info => bstr .cbor SUIT_Encryption_Wrapper,
37    suit-manifest-encrypted       => bstr
38)
39
40COSE_Mac_Tagged = any
41COSE_Sign_Tagged = any
42COSE_Mac0_Tagged = any
43COSE_Sign1_Tagged = any
44COSE_Encrypt_Tagged = any
45COSE_Encrypt0_Tagged = any
46
47SUIT_Digest = [
48  suit-digest-algorithm-id : $suit-digest-algorithm-ids,
49  suit-digest-bytes : bstr,
50  ? suit-digest-parameters : any
51]
52
53; Named Information Hash Algorithm Identifiers
54suit-digest-algorithm-ids /= algorithm-id-sha224
55suit-digest-algorithm-ids /= algorithm-id-sha256
56suit-digest-algorithm-ids /= algorithm-id-sha384
57suit-digest-algorithm-ids /= algorithm-id-sha512
58suit-digest-algorithm-ids /= algorithm-id-sha3-224
59suit-digest-algorithm-ids /= algorithm-id-sha3-256
60suit-digest-algorithm-ids /= algorithm-id-sha3-384
61suit-digest-algorithm-ids /= algorithm-id-sha3-512
62
63algorithm-id-sha224 = 1
64algorithm-id-sha256 = 2
65algorithm-id-sha384 = 3
66algorithm-id-sha512 = 4
67algorithm-id-sha3-224 = 5
68algorithm-id-sha3-256 = 6
69algorithm-id-sha3-384 = 7
70algorithm-id-sha3-512 = 8
71
72SUIT_Manifest = {
73    suit-manifest-version         => 1,
74    suit-manifest-sequence-number => uint,
75    ? suit-common                 => bstr .cbor SUIT_Common,
76    ? suit-dependency-resolution  => SUIT_Digest / bstr .cbor SUIT_Command_Sequence,
77    ? suit-payload-fetch          => SUIT_Digest / bstr .cbor SUIT_Command_Sequence,
78    ? suit-install                => SUIT_Digest / bstr .cbor SUIT_Command_Sequence,
79    ? suit-validate               => bstr .cbor SUIT_Command_Sequence,
80    ? suit-load                   => bstr .cbor SUIT_Command_Sequence,
81    ? suit-run                    => bstr .cbor SUIT_Command_Sequence,
82    ? suit-text                   => SUIT_Digest,
83    ? suit-coswid                 => SUIT_Digest / bstr .cbor concise-software-identity,
84}
85
86SUIT_Common = {
87    ? suit-dependencies           => bstr .cbor SUIT_Dependencies,
88    ? suit-components             => bstr .cbor SUIT_Components,
89    ? suit-dependency-components  => bstr .cbor SUIT_Component_References,
90    ? suit-common-sequence        => bstr .cbor SUIT_Command_Sequence,
91}
92
93SUIT_Dependencies         = [ + SUIT_Dependency ]
94SUIT_Components           = [ + SUIT_Component_Identifier ]
95SUIT_Component_References = [ + SUIT_Component_Reference ]
96
97concise-software-identity = any
98
99SUIT_Dependency = {
100    suit-dependency-digest => SUIT_Digest,
101    suit-dependency-prefix => SUIT_Component_Identifier,
102}
103
104SUIT_Component_Identifier =  [* bstr]
105
106
107SUIT_Component_Reference = {
108    suit-component-identifier => SUIT_Component_Identifier,
109    suit-component-dependency-index => uint
110}
111
112SUIT_Command = (SUIT_Condition / SUIT_Directive / SUIT_Command_Custom)
113SUIT_Command_Sequence = [ 1*20 SUIT_Command ]
114
115SUIT_Command_Custom = (nint, bstr)
116SUIT_Condition //= (suit-condition-vendor-identifier, nil)
117SUIT_Condition //= (suit-condition-class-identifier,  nil)
118SUIT_Condition //= (suit-condition-device-identifier, nil)
119SUIT_Condition //= (suit-condition-image-match,       nil)
120SUIT_Condition //= (suit-condition-image-not-match,   nil)
121SUIT_Condition //= (suit-condition-use-before,        uint)
122SUIT_Condition //= (suit-condition-minimum-battery,   uint)
123SUIT_Condition //= (suit-condition-update-authorised, int)
124SUIT_Condition //= (suit-condition-version,           SUIT_Condition_Version_Argument)
125SUIT_Condition //= (suit-condition-component-offset,  uint)
126SUIT_Condition //= (suit-condition-custom,            bstr)
127
128RFC4122_UUID = bstr .size 16
129
130SUIT_Condition_Version_Argument = [
131    suit-condition-version-comparison-type: SUIT_Condition_Version_Comparison_Types,
132    suit-condition-version-comparison-value: SUIT_Condition_Version_Comparison_Value
133]
134SUIT_Condition_Version_Comparison_Types /= suit-condition-version-comparison-greater
135SUIT_Condition_Version_Comparison_Types /= suit-condition-version-comparison-greater-equal
136SUIT_Condition_Version_Comparison_Types /= suit-condition-version-comparison-equal
137SUIT_Condition_Version_Comparison_Types /= suit-condition-version-comparison-lesser-equal
138SUIT_Condition_Version_Comparison_Types /= suit-condition-version-comparison-lesser
139
140suit-condition-version-comparison-greater = 1
141suit-condition-version-comparison-greater-equal = 2
142suit-condition-version-comparison-equal = 3
143suit-condition-version-comparison-lesser-equal = 4
144suit-condition-version-comparison-lesser = 5
145
146SUIT_Condition_Version_Comparison_Value = [+int]
147
148SUIT_Directive //= (suit-directive-set-component-index,      uint/bool)
149SUIT_Directive //= (suit-directive-set-dependency-index,     uint/bool)
150SUIT_Directive //= (suit-directive-run-sequence,             bstr .cbor SUIT_Command_Sequence)
151SUIT_Directive //= (suit-directive-try-each,                 SUIT_Directive_Try_Each_Argument)
152SUIT_Directive //= (suit-directive-process-dependency,       nil)
153SUIT_Directive //= (suit-directive-set-parameters,           {+ SUIT_Parameters})
154SUIT_Directive //= (suit-directive-override-parameters,      {+ SUIT_Parameters})
155SUIT_Directive //= (suit-directive-fetch,                    nil)
156SUIT_Directive //= (suit-directive-copy,                     nil)
157SUIT_Directive //= (suit-directive-swap,                     nil)
158SUIT_Directive //= (suit-directive-run,                      nil)
159SUIT_Directive //= (suit-directive-wait,                     { + SUIT_Wait_Events })
160SUIT_Directive //= (suit-directive-run-with-arguments,       bstr)
161
162SUIT_Directive_Try_Each_Argument = [
163    + bstr .cbor SUIT_Command_Sequence,
164    nil / bstr .cbor SUIT_Command_Sequence
165]
166
167SUIT_Wait_Events //= (suit-wait-event-authorisation => int)
168SUIT_Wait_Events //= (suit-wait-event-power => int)
169SUIT_Wait_Events //= (suit-wait-event-network => int)
170SUIT_Wait_Events //= (suit-wait-event-other-device-version
171    => SUIT_Wait_Event_Argument_Other_Device_Version)
172SUIT_Wait_Events //= (suit-wait-event-time => uint); Timestamp
173SUIT_Wait_Events //= (suit-wait-event-time-of-day
174    => uint); Time of Day (seconds since 00:00:00)
175SUIT_Wait_Events //= (suit-wait-event-day-of-week
176    => uint); Days since Sunday
177
178
179SUIT_Wait_Event_Argument_Authorisation = int ; priority
180SUIT_Wait_Event_Argument_Power = int ; Power Level
181SUIT_Wait_Event_Argument_Network = int ; Network State
182SUIT_Wait_Event_Argument_Other_Device_Version = [
183    other-device: bstr,
184    other-device-version: [+int]
185]
186SUIT_Wait_Event_Argument_Time = uint ; Timestamp
187SUIT_Wait_Event_Argument_Time_Of_Day = uint ; Time of Day (seconds since 00:00:00)
188SUIT_Wait_Event_Argument_Day_Of_Week = uint ; Days since Sunday
189
190SUIT_Parameters //= (suit-parameter-strict-order => bool)
191SUIT_Parameters //= (suit-parameter-soft-failure => bool)
192SUIT_Parameters //= (suit-parameter-vendor-id => bstr)
193SUIT_Parameters //= (suit-parameter-class-id => bstr)
194SUIT_Parameters //= (suit-parameter-device-id => bstr)
195SUIT_Parameters //= (suit-parameter-uri => tstr)
196SUIT_Parameters //= (suit-parameter-encryption-info => bstr .cbor SUIT_Encryption_Info)
197SUIT_Parameters //= (suit-parameter-compression-info => bstr .cbor SUIT_Compression_Info)
198SUIT_Parameters //= (suit-parameter-unpack-info => bstr .cbor SUIT_Unpack_Info)
199SUIT_Parameters //= (suit-parameter-source-component => uint)
200SUIT_Parameters //= (suit-parameter-image-digest => bstr .cbor SUIT_Digest)
201SUIT_Parameters //= (suit-parameter-image-size => uint)
202SUIT_Parameters //= (suit-parameter-uri-list => bstr .cbor SUIT_Component_URI_List)
203SUIT_Parameters //= (suit-parameter-custom => int/bool/tstr/bstr)
204
205SUIT_Component_URI = [priority: int, URI: tstr]
206SUIT_Component_URI_List = [ + SUIT_Component_URI ]
207SUIT_Priority_Parameter = [priority: int, parameters: { + SUIT_Parameters }]
208SUIT_Priority_Parameter_List = [ + SUIT_Priority_Parameter ]
209
210SUIT_Encryption_Info = COSE_Encrypt_Tagged/COSE_Encrypt0_Tagged
211SUIT_Compression_Info = {
212    suit-compression-algorithm => SUIT_Compression_Algorithms,
213    ? suit-compression-parameters => bstr
214}
215
216SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_gzip
217SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_bzip2
218SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_lz4
219SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_lzma
220
221SUIT_Compression_Algorithm_gzip = 1
222SUIT_Compression_Algorithm_bzip2 = 2
223SUIT_Compression_Algorithm_deflate = 3
224SUIT_Compression_Algorithm_lz4 = 4
225SUIT_Compression_Algorithm_lzma = 7
226
227SUIT_Unpack_Info = {
228    suit-unpack-algorithm => SUIT_Unpack_Algorithms,
229    ? suit-unpack-parameters => bstr
230}
231
232SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Delta
233SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Hex
234SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Elf
235
236SUIT_Unpack_Algorithm_Delta = 1
237SUIT_Unpack_Algorithm_Hex = 2
238SUIT_Unpack_Algorithm_Elf = 3
239
240SUIT_Text_Map = {int => tstr}
241
242suit-authentication-wrapper = 1
243suit-manifest = 2
244
245suit-manifest-encryption-info = 3
246suit-manifest-encrypted       = 4
247
248suit-manifest-version = 1
249suit-manifest-sequence-number = 2
250suit-common = 3
251suit-dependency-resolution = 7
252suit-payload-fetch = 8
253suit-install = 9
254suit-validate = 10
255suit-load = 11
256suit-run = 12
257suit-text = 13
258suit-coswid = 14
259
260suit-dependencies = 1
261suit-components = 2
262suit-dependency-components = 3
263suit-common-sequence = 4
264
265suit-dependency-digest = 1
266suit-dependency-prefix = 2
267
268suit-component-identifier = 1
269suit-component-dependency-index = 2
270
271suit-command-custom = nint
272
273suit-condition-vendor-identifier = 1
274suit-condition-class-identifier  = 2
275suit-condition-image-match       = 3
276suit-condition-use-before        = 4
277suit-condition-component-offset  = 5
278suit-condition-custom = 6
279
280suit-condition-device-identifier        = 24
281suit-condition-image-not-match          = 25
282suit-condition-minimum-battery          = 26
283suit-condition-update-authorised        = 27
284suit-condition-version                  = 28
285
286suit-directive-set-component-index      = 12
287suit-directive-set-dependency-index     = 13
288suit-directive-abort                    = 14
289suit-directive-try-each                 = 15
290suit-directive-do-each                  = 16 ; TBD
291suit-directive-map-filter               = 17 ; TBD
292suit-directive-process-dependency       = 18
293suit-directive-set-parameters           = 19
294suit-directive-override-parameters      = 20
295suit-directive-fetch                    = 21
296suit-directive-copy                     = 22
297suit-directive-run                      = 23
298
299suit-directive-wait                     = 29
300suit-directive-run-sequence             = 30
301suit-directive-run-with-arguments       = 31
302suit-directive-swap                     = 32
303
304suit-wait-event-argument-authorisation = 1
305suit-wait-event-power = 2
306suit-wait-event-network = 3
307suit-wait-event-other-device-version = 4
308suit-wait-event-time = 5
309suit-wait-event-time-of-day = 6
310suit-wait-event-day-of-week = 7
311suit-wait-event-authorisation = 8
312
313suit-parameter-strict-order = 1
314suit-parameter-soft-failure = 2
315suit-parameter-vendor-id = 3
316suit-parameter-class-id = 4
317suit-parameter-device-id = 5
318suit-parameter-uri = 6
319suit-parameter-encryption-info = 7
320suit-parameter-compression-info = 8
321suit-parameter-unpack-info = 9
322suit-parameter-source-component = 10
323suit-parameter-image-digest = 11
324suit-parameter-image-size = 12
325
326suit-parameter-uri-list = 24
327suit-parameter-uri-list-append = 25
328suit-parameter-prioritised-parameters = 26
329
330suit-parameter-custom = nint
331
332suit-compression-algorithm = 1
333suit-compression-parameters = 2
334
335suit-unpack-algorithm  = 1
336suit-unpack-parameters = 2
337
338suit-text-manifest-description  = 1
339suit-text-update-description    = 2
340suit-text-vendor-name           = 3
341suit-text-model-name            = 4
342suit-text-vendor-domain         = 5
343suit-text-model-info            = 6
344suit-text-component-description = 7
345suit-text-manifest-json-source  = 8
346suit-text-manifest-yaml-source  = 9
347suit-text-version-dependencies  = 10
348