diff --git a/.gitignore b/.gitignore index 827a0d4..6941bee 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ *-autogen.cddl draft-ietf-rats-corim +exports/ce.cddl diff --git a/Makefile b/Makefile index 9f0cf78..a01e57e 100644 --- a/Makefile +++ b/Makefile @@ -4,6 +4,7 @@ SHELL := /bin/bash CORIM_DIR := draft-ietf-rats-corim/cddl/ IMPORTS_DIR := imports/ +export EXPORTS_DIR := exports/ CE_DIR := ./ include $(CORIM_DIR)corim-frags.mk @@ -20,7 +21,7 @@ CORIM_IMPORT := $(addprefix $(IMPORTS_DIR), corim-import.cddl ) check:: check-comidx check-comidx-examples check:: check-spdm check-spdm-examples -check:: check-ce check-ce-examples +check:: check-ce check-ce-examples exp-ce include $(CE_DIR)ce-frags.mk CE_DEPS := $(addprefix $(CE_DIR), $(CE_FRAGS)) @@ -33,13 +34,14 @@ SPDM_EXAMPLES := $(wildcard examples/spdm-*.diag) # spdm toc example filenames h $(eval $(call cddl_check_template,spdm,$(SPDM_FRAGS),$(SPDM_EXAMPLES))) -CE_FRAGS := ce-start.cddl -CE_FRAGS += $(CE_DEPS) -CE_FRAGS += $(CORIM_IMPORT) +EV_FRAGS := ce-start.cddl +EV_FRAGS += $(CE_DEPS) +EV_FRAGS += $(CORIM_IMPORT) -CE_EXAMPLES := $(wildcard examples/ce-*.diag) # concise-evidence example filenames have 'ce-' prefix +EV_EXAMPLES := $(wildcard examples/ce-*.diag) # concise-evidence example filenames have 'ce-' prefix -$(eval $(call cddl_check_template,ce,$(CE_FRAGS),$(CE_EXAMPLES))) +$(eval $(call cddl_check_template,ce,$(EV_FRAGS),$(EV_EXAMPLES))) +$(eval $(call cddl_exp_template,ce,$(CE_DEPS))) COMID_X_FRAGS := comid-x-start.cddl COMID_X_FRAGS += $(CE_DEPS) @@ -53,6 +55,7 @@ clean: ; rm -f $(CLEANFILES) clean-extra: clean ; $(MAKE) -C $(CORIM_DIR) clean -export-ce: ce-autogen.cddl +exce: ce-autogen.cddl @echo -n "copying ce.cddl to exports" - @cp $(CE_DIR)/ce-autogen.cddl exports/ce.cddl \ No newline at end of file + # @cp $(CE_DIR)/ce-autogen.cddl exports/ce.cddl + $(eval $(call cddl_exports_template, exports/ce, $(CE_DEPS))) \ No newline at end of file diff --git a/comid-extensions.cddl b/comid-extensions.cddl index 907e5d2..8c2fcaf 100644 --- a/comid-extensions.cddl +++ b/comid-extensions.cddl @@ -13,7 +13,7 @@ spdm-indirect-map = { ; Flags map extensions ; $$flags-map-extension //= ( - ? &(runtime-meas: 6) => bool - ? &(immutable: 7) => bool - ? &(tcb: 8) => bool + ? &(is-runtime-meas: 6) => bool + ? &(is-immutable: 7) => bool + ? &(is-tcb: 8) => bool ) diff --git a/exports/ce.cddl b/exports/ce.cddl index 8c8c618..8524281 100644 --- a/exports/ce.cddl +++ b/exports/ce.cddl @@ -1,5 +1,3 @@ -start = tagged-concise-evidence - tagged-spdm-toc = #6.570(spdm-toc-map) spdm-toc = spdm-toc-map spdm-toc-map = { @@ -80,654 +78,3 @@ $$flags-map-extension //= ( ? &(tcb: 8) => bool ) -corim = tagged-concise-rim-type-choice - -$concise-rim-type-choice /= tagged-corim-map -$concise-rim-type-choice /= tagged-signed-corim - -concise-bom-tag = { - &(tag-identity: 0) => tag-identity-map - &(tags-list: 1) => [ + tag-identity-map ], - &(bom-validity: 2) => validity-map - * $$concise-bom-tag-extension -} - -$concise-tag-type-choice /= tagged-concise-swid-tag -$concise-tag-type-choice /= tagged-concise-mid-tag -$concise-tag-type-choice /= tagged-concise-bom-tag - -corim-entity-map = - entity-map<$corim-role-type-choice, $$corim-entity-map-extension> - -$corim-id-type-choice /= tstr -$corim-id-type-choice /= uuid-type - -corim-locator-map = { - &(href: 0) => uri - ? &(thumbprint: 1) => digest -} - -corim-map = { - &(id: 0) => $corim-id-type-choice - &(tags: 1) => [ + $concise-tag-type-choice ] - ? &(dependent-rims: 2) => [ + corim-locator-map ] - ? &(profile: 3) => $profile-type-choice - ? &(rim-validity: 4) => validity-map - ? &(entities: 5) => [ + corim-entity-map ] - * $$corim-map-extension -} - -corim-meta-map = { - &(signer: 0) => corim-signer-map - ? &(signature-validity: 1) => validity-map -} - -$corim-role-type-choice /= &(manifest-creator: 1) - -corim-signer-map = { - &(signer-name: 0) => $entity-name-type-choice - ? &(signer-uri: 1) => uri - * $$corim-signer-map-extension -} - -COSE-Sign1-corim = [ - protected: bstr .cbor protected-corim-header-map - unprotected: unprotected-corim-header-map - payload: bstr .cbor tagged-corim-map - signature: bstr -] - -$profile-type-choice /= uri -$profile-type-choice /= tagged-oid-type - -protected-corim-header-map = { - &(alg: 1) => int - &(content-type: 3) => "application/corim-unsigned+cbor" - &(kid: 4) => bstr - &(corim-meta: 8) => bstr .cbor corim-meta-map - * cose-label => cose-value -} - -signed-corim = #6.18(COSE-Sign1-corim) - -tagged-corim-map = #6.501(corim-map) - - -tagged-concise-rim-type-choice = #6.500($concise-rim-type-choice) - -tagged-signed-corim = #6.502(signed-corim) - -tagged-concise-swid-tag = #6.505(bytes .cbor concise-swid-tag) - -tagged-concise-mid-tag = #6.506(bytes .cbor concise-mid-tag) - -tagged-concise-bom-tag = #6.508(bytes .cbor concise-bom-tag) - -unprotected-corim-header-map = { - * cose-label => cose-value -} - -validity-map = { - ? &(not-before: 0) => time - &(not-after: 1) => time -} - -concise-mid-tag = { - ? &(language: 0) => text - &(tag-identity: 1) => tag-identity-map - ? &(entities: 2) => [ + comid-entity-map ] - ? &(linked-tags: 3) => [ + linked-tag-map ] - &(triples: 4) => triples-map - * $$concise-mid-tag-extension -} - -accepted-claims-set = { - &(state-triples: 0) => [ + endorsed-triple-record ] - ? &(identity-triples: 1) => [ + identity-triple-record ] - ? &(coswid-triples: 2) => [ + ev-coswid-triple-record ] - * $$accepted-claims-set-extension -} - -attest-key-triple-record = [ - environment-map - [ + $crypto-key-type-choice ] -] - -$class-id-type-choice /= tagged-oid-type -$class-id-type-choice /= tagged-uuid-type -$class-id-type-choice /= tagged-bytes - -class-map = non-empty<{ - ? &(class-id: 0) => $class-id-type-choice - ? &(vendor: 1) => tstr - ? &(model: 2) => tstr - ? &(layer: 3) => uint - ? &(index: 4) => uint -}> - -comid-entity-map = - entity-map<$comid-role-type-choice, $$comid-entity-map-extension> - -$comid-role-type-choice /= &(tag-creator: 0) -$comid-role-type-choice /= &(creator: 1) -$comid-role-type-choice /= &(maintainer: 2) - -conditional-endorsement-series-triple-record = [ - condition: stateful-environment-record - series: [ + conditional-series-record ] -] - -conditional-series-record = [ - selection: [ + measurement-map] - ; endorsed values that apply in case revf matches - addition: [ + measurement-map ] -] - -COSE_KeySet = [ + COSE_Key ] - -COSE_Key = { - 1 => tstr / int - ? 2 => bstr - ? 3 => tstr / int - ? 4 => [+ (tstr / int) ] - ? 5 => bstr - * cose-label => cose-value -} - -cose-label = int / tstr -cose-value = any - -coswid-triple-record = [ - environment-map - [ + concise-swid-tag-id ] -] - -concise-swid-tag-id = text / bstr .size 16 - -$crypto-key-type-choice /= tagged-pkix-base64-key-type -$crypto-key-type-choice /= tagged-pkix-base64-cert-type -$crypto-key-type-choice /= tagged-pkix-base64-cert-path-type -$crypto-key-type-choice /= tagged-cose-key-type -$crypto-key-type-choice /= tagged-thumbprint-type -$crypto-key-type-choice /= tagged-cert-thumbprint-type -$crypto-key-type-choice /= tagged-cert-path-thumbprint-type - -tagged-pkix-base64-key-type = #6.554(tstr) -tagged-pkix-base64-cert-type = #6.555(tstr) -tagged-pkix-base64-cert-path-type = #6.556(tstr) -tagged-thumbprint-type = #6.557(digest) -tagged-cose-key-type = #6.558(COSE_KeySet / COSE_Key) -tagged-cert-thumbprint-type = #6.559(digest) -tagged-cert-path-thumbprint-type = #6.561(digest) - -domain-dependency-triple-record = [ - $domain-type-choice - [ + $domain-type-choice ] -] - -domain-membership-triple-record = [ - $domain-type-choice - [ + environment-map ] -] - -conditional-endorsement-triple-record = [ - conditions: [ + stateful-environment-record ] - endorsements: [ + endorsed-triple-record ] -] - -$domain-type-choice /= uint -$domain-type-choice /= text -$domain-type-choice /= tagged-uuid-type -$domain-type-choice /= tagged-oid-type - -endorsed-triple-record = [ - environment-map - [ + measurement-map ] -] - -entity-map = { - &(entity-name: 0) => $entity-name-type-choice - ? &(reg-id: 1) => uri - &(role: 2) => [ + role-type-choice ] - * extension-socket -} - -$entity-name-type-choice /= text - -environment-map = non-empty<{ - ? &(class: 0) => class-map - ? &(instance: 1) => $instance-id-type-choice - ? &(group: 2) => $group-id-type-choice -}> - -flags-map = { - ? &(is-configured: 0) => bool - ? &(is-secure: 1) => bool - ? &(is-recovery: 2) => bool - ? &(is-debug: 3) => bool - ? &(is-replay-protected: 4) => bool - ? &(is-integrity-protected: 5) => bool - ? &(is-runtime-meas: 6) => bool - ? &(is-immutable: 7) => bool - ? &(is-tcb: 8) => bool - ? &(is-confidentiality-protected: 9) => bool - * $$flags-map-extension -} - -$group-id-type-choice /= tagged-uuid-type -$group-id-type-choice /= tagged-bytes - -identity-triple-record = [ - environment-map - [ + $crypto-key-type-choice ] -] - -$instance-id-type-choice /= tagged-ueid-type -$instance-id-type-choice /= tagged-uuid-type -$instance-id-type-choice /= $crypto-key-type-choice -$instance-id-type-choice /= tagged-bytes - -ip-addr-type-choice = ip4-addr-type / ip6-addr-type -ip4-addr-type = bytes .size 4 -ip6-addr-type = bytes .size 16 - -linked-tag-map = { - &(linked-tag-id: 0) => $tag-id-type-choice - &(tag-rel: 1) => $tag-rel-type-choice -} - -mac-addr-type-choice = eui48-addr-type / eui64-addr-type -eui48-addr-type = bytes .size 6 -eui64-addr-type = bytes .size 8 - -$measured-element-type-choice /= tagged-oid-type -$measured-element-type-choice /= tagged-uuid-type -$measured-element-type-choice /= uint - -measurement-map = { - ? &(mkey: 0) => $measured-element-type-choice - &(mval: 1) => measurement-values-map - ? &(authorized-by: 2) => [ + $crypto-key-type-choice ] -} - -measurement-values-map = non-empty<{ - ? &(version: 0) => version-map - ? &(svn: 1) => svn-type-choice - ? &(digests: 2) => digests-type - ? &(flags: 3) => flags-map - ? ( - &(raw-value: 4) => $raw-value-type-choice, - ? &(raw-value-mask: 5) => raw-value-mask-type - ) - ? &(mac-addr: 6) => mac-addr-type-choice - ? &(ip-addr: 7) => ip-addr-type-choice - ? &(serial-number: 8) => text - ? &(ueid: 9) => ueid-type - ? &(uuid: 10) => uuid-type - ? &(name: 11) => text - ? &(cryptokeys: 13) => [ + $crypto-key-type-choice ] - ? &(integrity-registers: 14) => integrity-registers - * $$measurement-values-map-extension -}> - -non-empty = (M) .and ({ + any => any }) - -oid-type = bytes -tagged-oid-type = #6.111(oid-type) - -$raw-value-type-choice /= tagged-bytes - -raw-value-mask-type = bytes - -reference-triple-record = [ - environment-map - [ + measurement-map ] -] - -stateful-environment-record = [ - environment-map, - [ + measurement-map ] -] - -svn-type = uint -svn = svn-type -min-svn = svn-type -tagged-svn = #6.552(svn) -tagged-min-svn = #6.553(min-svn) -svn-type-choice = tagged-svn / tagged-min-svn - -$tag-id-type-choice /= tstr -$tag-id-type-choice /= uuid-type - -tag-identity-map = { - &(tag-id: 0) => $tag-id-type-choice - ? &(tag-version: 1) => tag-version-type -} - -$tag-rel-type-choice /= &(supplements: 0) -$tag-rel-type-choice /= &(replaces: 1) - -tag-version-type = uint .default 0 - -tagged-bytes = #6.560(bytes) - -triples-map = non-empty<{ - ? &(reference-triples: 0) => - [ + reference-triple-record ] - ? &(endorsed-triples: 1) => - [ + endorsed-triple-record ] - ? &(identity-triples: 2) => - [ + identity-triple-record ] - ? &(attest-key-triples: 3) => - [ + attest-key-triple-record ] - ? &(dependency-triples: 4) => - [ + domain-dependency-triple-record ] - ? &(membership-triples: 5) => - [ + domain-membership-triple-record ] - ? &(coswid-triples: 6) => - [ + coswid-triple-record ] - ? &(conditional-endorsement-series-triples: 8) => - [ + conditional-endorsement-series-triple-record ] - ? &(conditional-endorsement-triples: 10) => - [ + conditional-endorsement-triple-record ] - * $$triples-map-extension -}> - -ueid-type = bytes .size 33 -tagged-ueid-type = #6.550(ueid-type) - -uuid-type = bytes .size 16 -tagged-uuid-type = #6.37(uuid-type) - -version-map = { - &(version: 0) => text - ? &(version-scheme: 1) => $version-scheme -} - -digest = [ - alg: (int / text), - val: bytes -] - -digests-type = [ + digest ] - -integrity-register-id-type-choice = uint / text - -integrity-registers = { - + integrity-register-id-type-choice => digests-type -} - -concise-swid-tag = { - tag-id => text / bstr .size 16, - tag-version => integer, - ? corpus => bool, - ? patch => bool, - ? supplemental => bool, - software-name => text, - ? software-version => text, - ? version-scheme => $version-scheme, - ? media => text, - ? software-meta => one-or-more, - entity => one-or-more, - ? link => one-or-more, - ? payload-or-evidence, - * $$coswid-extension, - global-attributes, -} - -payload-or-evidence //= ( payload => payload-entry ) -payload-or-evidence //= ( evidence => evidence-entry ) - -any-uri = uri -label = text / int - -$version-scheme /= multipartnumeric -$version-scheme /= multipartnumeric-suffix -$version-scheme /= alphanumeric -$version-scheme /= decimal -$version-scheme /= semver -$version-scheme /= int / text - -any-attribute = ( - label => one-or-more / one-or-more -) - -one-or-more = T / [ 2* T ] - -global-attributes = ( - ? lang => text, - * any-attribute, -) - -hash-entry = [ - hash-alg-id: int, - hash-value: bytes, -] - -entity-entry = { - entity-name => text, - ? reg-id => any-uri, - role => one-or-more<$role>, - ? thumbprint => hash-entry, - * $$entity-extension, - global-attributes, -} - -$role /= tag-creator -$role /= software-creator -$role /= aggregator -$role /= distributor -$role /= licensor -$role /= maintainer -$role /= int / text - -link-entry = { - ? artifact => text, - href => any-uri, - ? media => text, - ? ownership => $ownership, - rel => $rel, - ? media-type => text, - ? use => $use, - * $$link-extension, - global-attributes, -} - -$ownership /= shared -$ownership /= private -$ownership /= abandon -$ownership /= int / text - -$rel /= ancestor -$rel /= component -$rel /= feature -$rel /= installationmedia -$rel /= packageinstaller -$rel /= parent -$rel /= patches -$rel /= requires -$rel /= see-also -$rel /= supersedes -$rel /= supplemental -$rel /= -256..64436 / text - -$use /= optional -$use /= required -$use /= recommended -$use /= int / text - -software-meta-entry = { - ? activation-status => text, - ? channel-type => text, - ? colloquial-version => text, - ? description => text, - ? edition => text, - ? entitlement-data-required => bool, - ? entitlement-key => text, - ? generator => text / bstr .size 16, - ? persistent-id => text, - ? product => text, - ? product-family => text, - ? revision => text, - ? summary => text, - ? unspsc-code => text, - ? unspsc-version => text, - * $$software-meta-extension, - global-attributes, -} - -path-elements-group = ( ? directory => one-or-more, - ? file => one-or-more, - ) - -resource-collection = ( - path-elements-group, - ? process => one-or-more, - ? resource => one-or-more, - * $$resource-collection-extension, -) - -file-entry = { - filesystem-item, - ? size => uint, - ? file-version => text, - ? hash => hash-entry, - * $$file-extension, - global-attributes, -} - -directory-entry = { - filesystem-item, - ? path-elements => { path-elements-group }, - * $$directory-extension, - global-attributes, -} - -process-entry = { - process-name => text, - ? pid => integer, - * $$process-extension, - global-attributes, -} - -resource-entry = { - type => text, - * $$resource-extension, - global-attributes, -} - -filesystem-item = ( - ? key => bool, - ? location => text, - fs-name => text, - ? root => text, -) - -payload-entry = { - resource-collection, - * $$payload-extension, - global-attributes, -} - -evidence-entry = { - resource-collection, - ? date => integer-time, - ? device-id => text, - ? location => text, - * $$evidence-extension, - global-attributes, -} - -integer-time = #6.1(int) - -tag-id = 0 -software-name = 1 -entity = 2 -evidence = 3 -link = 4 -software-meta = 5 -payload = 6 -hash = 7 -corpus = 8 -patch = 9 -media = 10 -supplemental = 11 -tag-version = 12 -software-version = 13 -version-scheme = 14 -lang = 15 -directory = 16 -file = 17 -process = 18 -resource = 19 -size = 20 -file-version = 21 -key = 22 -location = 23 -fs-name = 24 -root = 25 -path-elements = 26 -process-name = 27 -pid = 28 -type = 29 -entity-name = 31 -reg-id = 32 -role = 33 -thumbprint = 34 -date = 35 -device-id = 36 -artifact = 37 -href = 38 -ownership = 39 -rel = 40 -media-type = 41 -use = 42 -activation-status = 43 -channel-type = 44 -colloquial-version = 45 -description = 46 -edition = 47 -entitlement-data-required = 48 -entitlement-key = 49 -generator = 50 -persistent-id = 51 -product = 52 -product-family = 53 -revision = 54 -summary = 55 -unspsc-code = 56 -unspsc-version = 57 - -multipartnumeric = 1 -multipartnumeric-suffix = 2 -alphanumeric = 3 -decimal = 4 -semver = 16384 - -tag-creator=1 -software-creator=2 -aggregator=3 -distributor=4 -licensor=5 -maintainer=6 - -abandon=1 -private=2 -shared=3 - -ancestor=1 -component=2 -feature=3 -installationmedia=4 -packageinstaller=5 -parent=6 -patches=7 -requires=8 -see-also=9 -supersedes=10 - -optional=1 -required=2 -recommended=3 - - diff --git a/funcs.mk b/funcs.mk index 551c719..64d41aa 100644 --- a/funcs.mk +++ b/funcs.mk @@ -29,3 +29,20 @@ CLEANFILES += $(3:.diag=.cbor) CLEANFILES += $(3:.diag=.pretty) endef # cddl_check_template + +define cddl_exp_template + +exp-$(1): $(EXPORTS_DIR)$(1).cddl + echo ">>> Creating exportable cddl file" ; + +.PHONY: exp-$(1) + +$(EXPORTS_DIR)$(1).cddl: $(2) + + @for f in $$^ ; do \ + ( grep -v '^;' $$$$f ; echo ) ; \ + done > $$@ + +CLEANFILES += $(EXPORTS_DIR)$(1).cddl + +endef # cddl_exp_template \ No newline at end of file