1SUIT_Envelope_Tagged = #6.107(SUIT_Envelope)
2SUIT_Envelope = {
3  suit-authentication-wrapper => bstr .cbor SUIT_Authentication,
4  suit-manifest  => bstr .cbor SUIT_Manifest,
5  SUIT_Severable_Manifest_Members,
6  * SUIT_Integrated_Payload,
7  * $$SUIT_Envelope_Extensions,
8}
9
10SUIT_Authentication = [
11    bstr .cbor SUIT_Digest,
12    * bstr .cbor SUIT_Authentication_Block
13]
14
15SUIT_Digest = [
16  suit-digest-algorithm-id : suit-cose-hash-algs,
17  suit-digest-bytes : bstr,
18  * $$SUIT_Digest-extensions
19]
20
21SUIT_Authentication_Block /= COSE_Mac_Tagged
22SUIT_Authentication_Block /= COSE_Sign_Tagged
23SUIT_Authentication_Block /= COSE_Mac0_Tagged
24SUIT_Authentication_Block /= COSE_Sign1_Tagged
25
26SUIT_Severable_Manifest_Members = (
27  ? suit-payload-fetch => bstr .cbor SUIT_Command_Sequence,
28  ? suit-install => bstr .cbor SUIT_Command_Sequence,
29  ? suit-text => bstr .cbor SUIT_Text_Map,
30  * $$SUIT_severable-members-extensions,
31)
32
33SUIT_Integrated_Payload = (suit-integrated-payload-key => bstr)
34suit-integrated-payload-key = tstr
35
36SUIT_Manifest_Tagged = #6.1070(SUIT_Manifest)
37
38SUIT_Manifest = {
39    suit-manifest-version         => 1,
40    suit-manifest-sequence-number => uint,
41    suit-common                   => bstr .cbor SUIT_Common,
42    ? suit-reference-uri          => tstr,
43    SUIT_Unseverable_Members,
44    SUIT_Severable_Members_Choice,
45    * $$SUIT_Manifest_Extensions,
46}
47
48SUIT_Unseverable_Members = (
49  ? suit-validate => bstr .cbor SUIT_Command_Sequence,
50  ? suit-load => bstr .cbor SUIT_Command_Sequence,
51  ? suit-invoke => bstr .cbor SUIT_Command_Sequence,
52  * $$unseverable-manifest-member-extensions,
53)
54
55SUIT_Severable_Members_Choice = (
56  ? suit-payload-fetch => SUIT_Digest /
57      bstr .cbor SUIT_Command_Sequence,
58  ? suit-install => SUIT_Digest / bstr .cbor SUIT_Command_Sequence,
59  ? suit-text => SUIT_Digest / bstr .cbor SUIT_Text_Map,
60  * $$severable-manifest-members-choice-extensions
61)
62
63SUIT_Common = {
64    ? suit-components             => SUIT_Components,
65    ? suit-shared-sequence        => bstr .cbor SUIT_Shared_Sequence,
66    * $$SUIT_Common-extensions,
67}
68
69SUIT_Components           = [ + SUIT_Component_Identifier ]
70
71;REQUIRED to implement:
72suit-cose-hash-algs /= cose-alg-sha-256
73
74;OPTIONAL to implement:
75suit-cose-hash-algs /= cose-alg-shake128
76suit-cose-hash-algs /= cose-alg-sha-384
77suit-cose-hash-algs /= cose-alg-sha-512
78suit-cose-hash-algs /= cose-alg-shake256
79
80SUIT_Component_Identifier =  [* bstr]
81
82SUIT_Shared_Sequence = [
83    + ( SUIT_Condition // SUIT_Shared_Commands )
84]
85
86SUIT_Shared_Commands //= (suit-directive-set-component-index,  IndexArg)
87SUIT_Shared_Commands //= (suit-directive-run-sequence,
88    bstr .cbor SUIT_Shared_Sequence)
89SUIT_Shared_Commands //= (suit-directive-try-each,
90    SUIT_Directive_Try_Each_Argument_Shared)
91SUIT_Shared_Commands //= (suit-directive-override-parameters,
92    {+ $$SUIT_Parameters})
93
94IndexArg /= uint
95IndexArg /= true
96IndexArg /= [+uint]
97
98
99SUIT_Directive_Try_Each_Argument_Shared = [
100    2* bstr .cbor SUIT_Shared_Sequence,
101    ?nil
102]
103
104SUIT_Command_Sequence = [ + (
105    SUIT_Condition // SUIT_Directive // SUIT_Command_Custom
106) ]
107
108SUIT_Command_Custom = (suit-command-custom, bstr/tstr/int/nil)
109SUIT_Condition //= (suit-condition-vendor-identifier, SUIT_Rep_Policy)
110SUIT_Condition //= (suit-condition-class-identifier,  SUIT_Rep_Policy)
111SUIT_Condition //= (suit-condition-device-identifier, SUIT_Rep_Policy)
112SUIT_Condition //= (suit-condition-image-match,       SUIT_Rep_Policy)
113SUIT_Condition //= (suit-condition-component-slot,    SUIT_Rep_Policy)
114SUIT_Condition //= (suit-condition-check-content,     SUIT_Rep_Policy)
115SUIT_Condition //= (suit-condition-abort,             SUIT_Rep_Policy)
116
117SUIT_Directive //= (suit-directive-write,             SUIT_Rep_Policy)
118SUIT_Directive //= (suit-directive-set-component-index,  IndexArg)
119SUIT_Directive //= (suit-directive-run-sequence,
120    bstr .cbor SUIT_Command_Sequence)
121SUIT_Directive //= (suit-directive-try-each,
122    SUIT_Directive_Try_Each_Argument)
123SUIT_Directive //= (suit-directive-override-parameters,
124    {+ $$SUIT_Parameters})
125SUIT_Directive //= (suit-directive-fetch,             SUIT_Rep_Policy)
126SUIT_Directive //= (suit-directive-copy,              SUIT_Rep_Policy)
127SUIT_Directive //= (suit-directive-swap,              SUIT_Rep_Policy)
128SUIT_Directive //= (suit-directive-invoke,            SUIT_Rep_Policy)
129
130SUIT_Directive_Try_Each_Argument = [
131    2* bstr .cbor SUIT_Command_Sequence,
132    ?nil
133]
134
135SUIT_Rep_Policy = uint .bits suit-reporting-bits
136
137suit-reporting-bits = &(
138    suit-send-record-success : 0,
139    suit-send-record-failure : 1,
140    suit-send-sysinfo-success : 2,
141    suit-send-sysinfo-failure : 3
142)
143
144$$SUIT_Parameters //= (suit-parameter-vendor-identifier =>
145    (RFC4122_UUID / cbor-pen))
146
147cbor-pen = #6.112(bstr)
148
149$$SUIT_Parameters //= (suit-parameter-class-identifier => RFC4122_UUID)
150$$SUIT_Parameters //= (suit-parameter-image-digest
151    => bstr .cbor SUIT_Digest)
152$$SUIT_Parameters //= (suit-parameter-image-size => uint)
153$$SUIT_Parameters //= (suit-parameter-component-slot => uint)
154
155$$SUIT_Parameters //= (suit-parameter-uri => tstr)
156$$SUIT_Parameters //= (suit-parameter-source-component => uint)
157$$SUIT_Parameters //= (suit-parameter-invoke-args => bstr)
158
159$$SUIT_Parameters //= (suit-parameter-device-identifier => RFC4122_UUID)
160
161$$SUIT_Parameters //= (suit-parameter-custom => int/bool/tstr/bstr)
162
163$$SUIT_Parameters //= (suit-parameter-content => bstr)
164$$SUIT_Parameters //= (suit-parameter-strict-order => bool)
165$$SUIT_Parameters //= (suit-parameter-soft-failure => bool)
166
167RFC4122_UUID = bstr .size 16
168
169SUIT_Text_Map = {
170    SUIT_Text_Keys,
171    * SUIT_Component_Identifier => {
172        SUIT_Text_Component_Keys
173    }
174}
175
176SUIT_Text_Component_Keys = (
177    ? suit-text-vendor-name           => tstr,
178    ? suit-text-model-name            => tstr,
179    ? suit-text-vendor-domain         => tstr,
180    ? suit-text-model-info            => tstr,
181    ? suit-text-component-description => tstr,
182    ? suit-text-component-version     => tstr,
183    * $$suit-text-component-key-extensions
184)
185
186SUIT_Text_Keys = (
187    ? suit-text-manifest-description => tstr,
188    ? suit-text-update-description   => tstr,
189    ? suit-text-manifest-json-source => tstr,
190    ? suit-text-manifest-yaml-source => tstr,
191    * $$suit-text-key-extensions
192)
193
194suit-authentication-wrapper = 2
195suit-manifest = 3
196
197;REQUIRED to implement:
198cose-alg-sha-256 = -16
199
200;OPTIONAL to implement:
201cose-alg-shake128 = -18
202cose-alg-sha-384 = -43
203cose-alg-sha-512 = -44
204cose-alg-shake256 = -45
205
206;Unseverable, recipient-necessary
207suit-manifest-version = 1
208suit-manifest-sequence-number = 2
209suit-common = 3
210suit-reference-uri = 4
211suit-validate = 7
212suit-load = 8
213suit-invoke = 9
214;Severable, recipient-necessary
215suit-payload-fetch = 16
216suit-install = 17
217;Severable, recipient-unnecessary
218suit-text = 23
219
220suit-components = 2
221suit-shared-sequence = 4
222
223suit-command-custom = nint
224
225suit-condition-vendor-identifier = 1
226suit-condition-class-identifier  = 2
227suit-condition-image-match       = 3
228suit-condition-component-slot    = 5
229suit-condition-check-content     = 6
230
231suit-condition-abort                    = 14
232suit-condition-device-identifier        = 24
233
234suit-directive-set-component-index      = 12
235suit-directive-try-each                 = 15
236suit-directive-write                    = 18
237suit-directive-override-parameters      = 20
238suit-directive-fetch                    = 21
239suit-directive-copy                     = 22
240suit-directive-invoke                   = 23
241
242suit-directive-swap                     = 31
243suit-directive-run-sequence             = 32
244
245suit-parameter-vendor-identifier = 1
246suit-parameter-class-identifier  = 2
247suit-parameter-image-digest      = 3
248suit-parameter-component-slot    = 5
249
250suit-parameter-strict-order      = 12
251suit-parameter-soft-failure      = 13
252suit-parameter-image-size        = 14
253suit-parameter-content           = 18
254
255suit-parameter-uri               = 21
256suit-parameter-source-component  = 22
257suit-parameter-invoke-args       = 23
258
259suit-parameter-device-identifier = 24
260
261suit-parameter-custom = nint
262
263suit-text-manifest-description  = 1
264suit-text-update-description    = 2
265suit-text-manifest-json-source  = 3
266suit-text-manifest-yaml-source  = 4
267
268suit-text-vendor-name           = 1
269suit-text-model-name            = 2
270suit-text-vendor-domain         = 3
271suit-text-model-info            = 4
272suit-text-component-description = 5
273suit-text-component-version     = 6
274