1;
2; From https://datatracker.ietf.org/doc/draft-ietf-suit-manifest/09/
3;
4; Copyright (c) 2020 IETF Trust and the persons identified as the
5; document authors.  All rights reserved.
6;
7; Redistribution and use in source and binary forms, with or without
8; modification, is permitted pursuant to, and subject to the license terms
9; contained in, the Simplified BSD License set forth in Section 4.c of the
10; IETF Trust’s Legal Provisions Relating to IETF Documents
11; (http://trustee.ietf.org/license-info).
12;
13
14SUIT_Envelope = {
15  ? suit-delegation => bstr .cbor SUIT_Delegation,
16  ? suit-authentication-wrapper => bstr .cbor SUIT_Authentication,
17  suit-manifest  => bstr .cbor SUIT_Manifest,
18  SUIT_Severable_Manifest_Members,
19  * $$SUIT_Envelope_Extensions,
20  (int => bstr)
21}
22
23SUIT_Delegation = [ + [ + bstr .cbor CWT ] ]
24
25CWT = SUIT_Authentication_Block
26
27SUIT_Authentication = [ + bstr .cbor SUIT_Authentication_Block ]
28
29SUIT_Authentication_Block /= COSE_Mac_Tagged
30SUIT_Authentication_Block /= COSE_Sign_Tagged
31SUIT_Authentication_Block /= COSE_Mac0_Tagged
32SUIT_Authentication_Block /= COSE_Sign1_Tagged
33
34SUIT_Severable_Manifest_Members = (
35  ? suit-dependency-resolution => bstr .cbor SUIT_Command_Sequence,
36  ? suit-payload-fetch => bstr .cbor SUIT_Command_Sequence,
37  ? suit-install => bstr .cbor SUIT_Command_Sequence,
38  ? suit-text => bstr .cbor SUIT_Text_Map,
39  ? suit-coswid => bstr .cbor concise-software-identity,
40  * $$SUIT_severable-members-extensions,
41)
42
43COSE_Mac_Tagged = any
44COSE_Sign_Tagged = any
45COSE_Mac0_Tagged = any
46COSE_Sign1_Tagged = any
47COSE_Encrypt_Tagged = any
48COSE_Encrypt0_Tagged = any
49
50SUIT_Digest = [
51  suit-digest-algorithm-id : suit-digest-algorithm-ids,
52  suit-digest-bytes : bstr,
53  * $$SUIT_Digest-extensions
54]
55
56; Named Information Hash Algorithm Identifiers
57suit-digest-algorithm-ids /= algorithm-id-sha224
58suit-digest-algorithm-ids /= algorithm-id-sha256
59suit-digest-algorithm-ids /= algorithm-id-sha384
60suit-digest-algorithm-ids /= algorithm-id-sha512
61suit-digest-algorithm-ids /= algorithm-id-sha3-224
62suit-digest-algorithm-ids /= algorithm-id-sha3-256
63suit-digest-algorithm-ids /= algorithm-id-sha3-384
64suit-digest-algorithm-ids /= algorithm-id-sha3-512
65
66algorithm-id-sha224 = 1
67algorithm-id-sha256 = 2
68algorithm-id-sha384 = 3
69algorithm-id-sha512 = 4
70algorithm-id-sha3-224 = 5
71algorithm-id-sha3-256 = 6
72algorithm-id-sha3-384 = 7
73algorithm-id-sha3-512 = 8
74
75SUIT_Manifest = {
76    suit-manifest-version         => 1,
77    suit-manifest-sequence-number => uint,
78    suit-common                   => bstr .cbor SUIT_Common,
79    ? suit-reference-uri          => tstr,
80    SUIT_Severable_Members,
81    SUIT_Severable_Members_Digests,
82    SUIT_Unseverable_Members,
83    * $$SUIT_Manifest_Extensions,
84}
85
86SUIT_Unseverable_Members = (
87  ? suit-validate => bstr .cbor SUIT_Command_Sequence,
88  ? suit-load => bstr .cbor SUIT_Command_Sequence,
89  ? suit-run => bstr .cbor SUIT_Command_Sequence,
90  * $$unserverble-manifest-member-extensions,
91)
92
93SUIT_Severable_Members_Digests = (
94  ? suit-dependency-resolution-digest => SUIT_Digest,
95  ? suit-payload-fetch-digest => SUIT_Digest,
96  ? suit-install-digest => SUIT_Digest,
97  ? suit-text-digest => SUIT_Digest,
98  ? suit-coswid-digest => SUIT_Digest,
99  * $$severable-manifest-members-digests-extensions
100)
101
102SUIT_Common = {
103    ? suit-dependencies           => SUIT_Dependencies,
104    ? suit-components             => SUIT_Components,
105    ? suit-common-sequence        => bstr .cbor SUIT_Common_Sequence,
106    * $$SUIT_Common-extensions,
107}
108
109SUIT_Dependencies         = [ + SUIT_Dependency ]
110SUIT_Components           = [ + SUIT_Component_Identifier ]
111
112concise-software-identity = any
113
114SUIT_Dependency = {
115    suit-dependency-digest => SUIT_Digest,
116    ? suit-dependency-prefix => SUIT_Component_Identifier,
117    * $$SUIT_Dependency-extensions,
118}
119
120SUIT_Component_Identifier =  [* bstr]
121
122
123SUIT_Component_Reference = {
124    suit-component-identifier => SUIT_Component_Identifier,
125    suit-component-dependency-index => uint
126}
127
128SUIT_Common_Sequence = [
129    + ( SUIT_Condition // SUIT_Common_Commands )
130]
131
132SUIT_Common_Commands //= (suit-directive-set-component-index,  uint/bool)
133SUIT_Common_Commands //= (suit-directive-set-dependency-index, uint/bool)
134SUIT_Common_Commands //= (suit-directive-run-sequence,
135    bstr .cbor SUIT_Command_Sequence)
136SUIT_Common_Commands //= (suit-directive-try-each,
137    SUIT_Directive_Try_Each_Argument)
138SUIT_Common_Commands //= (suit-directive-set-parameters,
139    {+ SUIT_Parameters})
140SUIT_Common_Commands //= (suit-directive-override-parameters,
141    {+ SUIT_Parameters})
142
143
144SUIT_Command_Sequence = [ + (
145    SUIT_Condition // SUIT_Directive // SUIT_Command_Custom
146) ]
147
148SUIT_Command_Custom = (suit-command-custom, bstr/tstr/int/nil)
149SUIT_Condition //= (suit-condition-vendor-identifier, SUIT_Reporting_Policy)
150SUIT_Condition //= (suit-condition-class-identifier,  SUIT_Reporting_Policy)
151SUIT_Condition //= (suit-condition-device-identifier, SUIT_Reporting_Policy)
152SUIT_Condition //= (suit-condition-image-match,       SUIT_Reporting_Policy)
153SUIT_Condition //= (suit-condition-image-not-match,   SUIT_Reporting_Policy)
154SUIT_Condition //= (suit-condition-use-before,        SUIT_Reporting_Policy)
155SUIT_Condition //= (suit-condition-minimum-battery,   SUIT_Reporting_Policy)
156SUIT_Condition //= (suit-condition-update-authorized, SUIT_Reporting_Policy)
157SUIT_Condition //= (suit-condition-version,           SUIT_Reporting_Policy)
158SUIT_Condition //= (suit-condition-component-offset,  SUIT_Reporting_Policy)
159
160SUIT_Directive //= (suit-directive-set-component-index,  uint/bool)
161SUIT_Directive //= (suit-directive-set-dependency-index, uint/bool)
162SUIT_Directive //= (suit-directive-run-sequence,
163    bstr .cbor SUIT_Command_Sequence)
164SUIT_Directive //= (suit-directive-try-each,
165    SUIT_Directive_Try_Each_Argument)
166SUIT_Directive //= (suit-directive-process-dependency,   SUIT_Reporting_Policy)
167SUIT_Directive //= (suit-directive-set-parameters,
168    {+ SUIT_Parameters})
169SUIT_Directive //= (suit-directive-override-parameters,
170    {+ SUIT_Parameters})
171SUIT_Directive //= (suit-directive-fetch,                SUIT_Reporting_Policy)
172SUIT_Directive //= (suit-directive-copy,                 SUIT_Reporting_Policy)
173SUIT_Directive //= (suit-directive-swap,                 SUIT_Reporting_Policy)
174SUIT_Directive //= (suit-directive-run,                  SUIT_Reporting_Policy)
175SUIT_Directive //= (suit-directive-wait,                 SUIT_Reporting_Policy)
176SUIT_Directive //= (suit-directive-abort,                SUIT_Reporting_Policy)
177SUIT_Directive //= (suit-directive-fetch-uri-list,       SUIT_Reporting_Policy)
178
179SUIT_Directive_Try_Each_Argument = [
180    + bstr .cbor SUIT_Command_Sequence,
181    nil / bstr .cbor SUIT_Command_Sequence
182]
183
184SUIT_Reporting_Policy = uint .bits suit-reporting-bits
185
186suit-reporting-bits = &(
187    suit-send-record-success : 0,
188    suit-send-record-failure : 1,
189    suit-send-sysinfo-success : 2,
190    suit-send-sysinfo-failure : 3
191)
192
193SUIT_Command_ID /= suit-command-custom
194SUIT_Command_ID /= suit-condition-vendor-identifier
195SUIT_Command_ID /= suit-condition-class-identifier
196SUIT_Command_ID /= suit-condition-image-match
197SUIT_Command_ID /= suit-condition-use-before
198SUIT_Command_ID /= suit-condition-component-offset
199SUIT_Command_ID /= suit-condition-device-identifier
200SUIT_Command_ID /= suit-condition-image-not-match
201SUIT_Command_ID /= suit-condition-minimum-battery
202SUIT_Command_ID /= suit-condition-update-authorized
203SUIT_Command_ID /= suit-condition-version
204SUIT_Command_ID /= suit-directive-set-component-index
205SUIT_Command_ID /= suit-directive-set-dependency-index
206SUIT_Command_ID /= suit-directive-abort
207SUIT_Command_ID /= suit-directive-try-each
208;SUIT_Command_ID /= suit-directive-do-each
209;SUIT_Command_ID /= suit-directive-map-filter
210SUIT_Command_ID /= suit-directive-process-dependency
211SUIT_Command_ID /= suit-directive-set-parameters
212SUIT_Command_ID /= suit-directive-override-parameters
213SUIT_Command_ID /= suit-directive-fetch
214SUIT_Command_ID /= suit-directive-copy
215SUIT_Command_ID /= suit-directive-run
216SUIT_Command_ID /= suit-directive-wait
217SUIT_Command_ID /= suit-directive-run-sequence
218SUIT_Command_ID /= suit-directive-swap
219SUIT_Command_ID /= suit-directive-fetch-uri-list
220
221suit-record = {
222  suit-record-success             => bool/int,
223  ? suit-record-component-id      => SUIT_Component_ID,
224  ? suit-record-dependency-id     => SUIT_Digest,
225  ? suit-record-command-sequence-id => (
226      suit-common-sequence /
227      suit-dependency-resolution /
228      suit-payload-fetch /
229      suit-install /
230      suit-validate /
231      suit-load /
232      suit-run /
233      * $$suit-command-sequence-list-extensions
234  ),
235  ? suit-record-interpeter-offset => uint,
236  ? suit-record-command-id        => SUIT_Command_ID,
237  ? suit-record-params            => SUIT_Parameters,
238  ? suit-record-actual            => SUIT_Parameters,
239  * $$suit-record-extensions
240}
241
242SUIT_Wait_Event = { + SUIT_Wait_Events }
243
244SUIT_Wait_Events //= (suit-wait-event-authorization => int)
245SUIT_Wait_Events //= (suit-wait-event-power => int)
246SUIT_Wait_Events //= (suit-wait-event-network => int)
247SUIT_Wait_Events //= (suit-wait-event-other-device-version
248
249    => SUIT_Wait_Event_Argument_Other_Device_Version)
250SUIT_Wait_Events //= (suit-wait-event-time => uint); Timestamp
251SUIT_Wait_Events //= (suit-wait-event-time-of-day
252    => uint); Time of Day (seconds since 00:00:00)
253SUIT_Wait_Events //= (suit-wait-event-day-of-week
254    => uint); Days since Sunday
255
256SUIT_Wait_Event_Argument_Other_Device_Version = [
257    other-device: bstr,
258    other-device-version: [ + SUIT_Parameter_Version_Match ]
259]
260
261SUIT_Parameters //= (suit-parameter-vendor-identifier => RFC4122_UUID)
262SUIT_Parameters //= (suit-parameter-class-identifier => RFC4122_UUID)
263SUIT_Parameters //= (suit-parameter-image-digest
264    => bstr .cbor SUIT_Digest)
265SUIT_Parameters //= (suit-parameter-image-size => uint)
266SUIT_Parameters //= (suit-parameter-use-before => uint)
267SUIT_Parameters //= (suit-parameter-component-offset => uint)
268
269SUIT_Parameters //= (suit-parameter-encryption-info
270    => bstr .cbor SUIT_Encryption_Info)
271SUIT_Parameters //= (suit-parameter-compression-info
272    => bstr .cbor SUIT_Compression_Info)
273SUIT_Parameters //= (suit-parameter-unpack-info
274    => bstr .cbor SUIT_Unpack_Info)
275
276SUIT_Parameters //= (suit-parameter-uri => tstr)
277SUIT_Parameters //= (suit-parameter-source-component => uint)
278SUIT_Parameters //= (suit-parameter-run-args => bstr)
279
280SUIT_Parameters //= (suit-parameter-device-identifier => RFC4122_UUID)
281SUIT_Parameters //= (suit-parameter-minimum-battery => uint)
282SUIT_Parameters //= (suit-parameter-update-priority => uint)
283SUIT_Parameters //= (suit-parameter-version =>
284    SUIT_Parameter_Version_Match)
285SUIT_Parameters //= (suit-parameter-wait-info =>
286    bstr .cbor SUIT_Wait_Event)
287
288SUIT_Parameters //= (suit-parameter-custom => int/bool/tstr/bstr)
289
290SUIT_Parameters //= (suit-parameter-strict-order => bool)
291SUIT_Parameters //= (suit-parameter-soft-failure => bool)
292
293SUIT_Parameters //= (suit-parameter-uri-list =>
294    bstr .cbor SUIT_URI_List)
295
296RFC4122_UUID = bstr .size 16
297
298SUIT_Parameter_Version_Match = [
299    suit-condition-version-comparison-type:
300        SUIT_Condition_Version_Comparison_Types,
301    suit-condition-version-comparison-value:
302        SUIT_Condition_Version_Comparison_Value
303]
304SUIT_Condition_Version_Comparison_Types /=
305    suit-condition-version-comparison-greater
306SUIT_Condition_Version_Comparison_Types /=
307    suit-condition-version-comparison-greater-equal
308SUIT_Condition_Version_Comparison_Types /=
309    suit-condition-version-comparison-equal
310SUIT_Condition_Version_Comparison_Types /=
311    suit-condition-version-comparison-lesser-equal
312SUIT_Condition_Version_Comparison_Types /=
313    suit-condition-version-comparison-lesser
314
315suit-condition-version-comparison-greater = 1
316suit-condition-version-comparison-greater-equal = 2
317suit-condition-version-comparison-equal = 3
318suit-condition-version-comparison-lesser-equal = 4
319suit-condition-version-comparison-lesser = 5
320
321SUIT_Condition_Version_Comparison_Value = [+int]
322
323SUIT_Encryption_Info = COSE_Encrypt_Tagged/COSE_Encrypt0_Tagged
324SUIT_Compression_Info = {
325    suit-compression-algorithm => SUIT_Compression_Algorithms,
326    * $$SUIT_Compression_Info-extensions,
327}
328
329SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_zlib
330SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_brotli
331SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_zstd
332
333SUIT_Compression_Algorithm_zlib = 1
334SUIT_Compression_Algorithm_brotli = 2
335SUIT_Compression_Algorithm_zstd = 3
336
337SUIT_Unpack_Info = {
338    suit-unpack-algorithm => SUIT_Unpack_Algorithms,
339    * $$SUIT_Unpack_Info-extensions,
340
341}
342
343SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Hex
344SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Elf
345SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Coff
346SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Srec
347
348SUIT_Unpack_Algorithm_Hex = 1
349SUIT_Unpack_Algorithm_Elf = 2
350SUIT_Unpack_Algorithm_Coff = 3
351SUIT_Unpack_Algorithm_Srec = 4
352
353SUIT_URI_List = [+ tstr ]
354
355SUIT_Text_Map = {
356    ? suit-text-components =>
357    [
358        + {
359            1 => SUIT_Component_Identifier
360            SUIT_Text_Component_Keys
361        }
362    ],
363    SUIT_Text_Keys
364}
365
366SUIT_Text_Component_Keys = (
367    ? suit-text-vendor-name           => tstr,
368    ? suit-text-model-name            => tstr,
369    ? suit-text-vendor-domain         => tstr,
370    ? suit-text-model-info            => tstr,
371    ? suit-text-component-description => tstr,
372    ? suit-text-component-version     => tstr,
373    ? suit-text-version-required      => tstr,
374    * $$suit-text-component-key-extensions
375)
376
377SUIT_Text_Keys = (
378    ? suit-text-manifest-description => tstr,
379    ? suit-text-update-description   => tstr,
380    ? suit-text-manifest-json-source => tstr,
381    ? suit-text-manifest-yaml-source => tstr,
382    * $$suit-text-key-extensions
383)
384
385suit-delegation = 1
386suit-authentication-wrapper = 2
387suit-manifest = 3
388
389suit-manifest-version = 1
390suit-manifest-sequence-number = 2
391suit-common = 3
392suit-reference-uri = 4
393suit-dependency-resolution = 7
394
395suit-payload-fetch = 8
396suit-install = 9
397suit-validate = 10
398suit-load = 11
399suit-run = 12
400suit-text = 13
401suit-coswid = 14
402
403suit-dependencies = 1
404suit-components = 2
405suit-dependency-components = 3
406suit-common-sequence = 4
407
408suit-dependency-digest = 1
409suit-dependency-prefix = 2
410
411suit-component-identifier = 1
412suit-component-dependency-index = 2
413
414suit-command-custom = nint
415
416suit-condition-vendor-identifier = 1
417suit-condition-class-identifier  = 2
418suit-condition-image-match       = 3
419suit-condition-use-before        = 4
420suit-condition-component-offset  = 5
421
422suit-condition-device-identifier        = 24
423suit-condition-image-not-match          = 25
424suit-condition-minimum-battery          = 26
425suit-condition-update-authorized        = 27
426suit-condition-version                  = 28
427
428suit-directive-set-component-index      = 12
429suit-directive-set-dependency-index     = 13
430suit-directive-abort                    = 14
431suit-directive-try-each                 = 15
432;suit-directive-do-each                  = 16 ; TBD
433;suit-directive-map-filter               = 17 ; TBD
434suit-directive-process-dependency       = 18
435suit-directive-set-parameters           = 19
436suit-directive-override-parameters      = 20
437suit-directive-fetch                    = 21
438suit-directive-copy                     = 22
439suit-directive-run                      = 23
440
441suit-directive-wait                     = 29
442suit-directive-fetch-uri-list           = 30
443
444suit-directive-swap                     = 31
445suit-directive-run-sequence             = 32
446
447suit-wait-event-authorization = 1
448suit-wait-event-power = 2
449suit-wait-event-network = 3
450suit-wait-event-other-device-version = 4
451suit-wait-event-time = 5
452suit-wait-event-time-of-day = 6
453suit-wait-event-day-of-week = 7
454
455suit-parameter-vendor-identifier = 1
456suit-parameter-class-identifier  = 2
457suit-parameter-image-digest      = 3
458suit-parameter-use-before        = 4
459suit-parameter-component-offset  = 5
460
461suit-parameter-strict-order      = 12
462suit-parameter-soft-failure      = 13
463suit-parameter-image-size        = 14
464
465suit-parameter-encryption-info   = 18
466suit-parameter-compression-info  = 19
467suit-parameter-unpack-info       = 20
468suit-parameter-uri               = 21
469suit-parameter-source-component  = 22
470suit-parameter-run-args          = 23
471
472suit-parameter-device-identifier = 24
473suit-parameter-minimum-battery   = 26
474suit-parameter-update-priority   = 27
475suit-parameter-version           = 28
476suit-parameter-wait-info         = 29
477suit-parameter-uri-list          = 30
478
479suit-parameter-custom = nint
480
481suit-compression-algorithm = 1
482suit-compression-parameters = 2
483
484suit-unpack-algorithm  = 1
485suit-unpack-parameters = 2
486
487suit-text-manifest-description  = 1
488suit-text-update-description    = 2
489suit-text-manifest-json-source  = 3
490suit-text-manifest-yaml-source  = 4
491
492suit-text-vendor-name           = 1
493suit-text-model-name            = 2
494suit-text-vendor-domain         = 3
495suit-text-model-info            = 4
496suit-text-component-description = 5
497suit-text-component-version     = 6
498suit-text-version-required      = 7