Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add complete example #25

Merged
merged 7 commits into from
Feb 3, 2025
Merged

Add complete example #25

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
ad869e3
Add complete example
thomas-fossati Jan 23, 2025
30a0653
fix CI
thomas-fossati Jan 23, 2025
ff9858e
add example of delegated mode
thomas-fossati Jan 23, 2025
79484d7
fix most "line too long" warnings in the CDDL
thomas-fossati Jan 23, 2025
c7b6465
add CDDL for EAT UEID RAND (aka ImplID)
thomas-fossati Jan 24, 2025
dbc50be
small cleanups
thomas-fossati Jan 24, 2025
8c2acf7
remove mec-policy for now
thomas-fossati Jan 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/archive.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,6 @@ jobs:
token: ${{ github.token }}

- name: "Save Archive"
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
path: archive.json
2 changes: 1 addition & 1 deletion .github/workflows/ghpages.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ jobs:
token: ${{ github.token }}

- name: "Archive Built Drafts"
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
path: |
draft-*.html
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,6 @@ jobs:
make: upload "UPLOAD_EMAIL=${{ inputs.email }}"

- name: "Archive Submitted Drafts"
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
path: "versioned/draft-*-[0-9][0-9].*"
2 changes: 1 addition & 1 deletion cddl/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
.DEFAULT_GOAL := all
.DEFAULT_GOAL := check
MAKECMDGOALS ?= $(.DEFAULT_GOAL)

SUBDIRS := platform
Expand Down
3 changes: 3 additions & 0 deletions cddl/check.mk
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,14 @@ check-$(1)-examples: $(1)-autogen.cddl $(3:.diag=.cbor)
$$(cddl) $$< validate $$$$f &>/dev/null || exit 1 ; \
echo ">> saving prettified CBOR to $$$${f%.cbor}.pretty" ; \
$$(cbor2pretty) $$$$f > $$$${f%.cbor}.pretty ; \
echo ">> saving hexified CBOR to $$$${f%.cbor}.hex" ; \
$$(xxd) -p $$$$f > $$$${f%.cbor}.hex ; \
done

.PHONY: check-$(1)-examples

CLEANFILES += $(3:.diag=.cbor)
CLEANFILES += $(3:.diag=.pretty)
CLEANFILES += $(3:.diag=.hex)

endef # cddl_check_template
7 changes: 7 additions & 0 deletions cddl/misc/pak.diag
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
{
/ kty / 1: 2, / EC2 /
/ crv / -1: 2, / P-384 /
/ x-coordinate / -2: h'212867C52E2B9508B0A420A90560F394D2DFAA21BDD7514FF1A901AFE7E1F78BB11D4E66F8A8A38AFA76AF6A31C4DE8C',
/ y-coordinate / -3: h'84CE2DAFC9964258B53FAD718774F45620D111B176E8318E1187DB0235A318D37BA597FEE80E0E4C762A12BCB3EA6ED4',
/ private key / -4: h'8AC090C995869F61AC1358F02B021A26AB6EB386203AC735D7CE9855538B91F74C44B0D580243EFB799A293DCBAA0899'
}
7 changes: 7 additions & 0 deletions cddl/misc/rak.diag
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
{
/ kty / 1: 2, / EC2 /
/ crv / -1: 2, / P-384 /
/ x-coordinate / -2: h'76F988091BE585ED41801AECFAB858548C63057E16B0E676120BBD0D2F9C29E056C5D41A0130EB9C21517899DC23146B',
/ y-coordinate / -3: h'28E1B062BD3EA4B315FD219F1CBB528CB6E74CA49BE16773734F61A1CA61031B2BBF3D918F2F94FFC4228E50919544AE',
/ private key / -4: h'2011C7F03CEE4325176E524F033C0CE1E21A76E6C1A4F0B839AA1DF61E0E8A5C8A05740F9B69EFA7EB1A4185BD117F68'
}
5 changes: 3 additions & 2 deletions cddl/platform/arm-platform-hash-types.cddl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
arm-platform-hash-type = bytes .size 32 / bytes .size 48 / bytes .size 64

arm-platform-hash-type = bytes .size 32 /
bytes .size 48 /
bytes .size 64
3 changes: 2 additions & 1 deletion cddl/platform/arm-platform-implementation-id.cddl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ arm-platform-implementation-id-label = 2396 ; PSA implementation ID
arm-platform-implementation-id-type = bytes .size 32

arm-platform-implementation-id = (
arm-platform-implementation-id-label => arm-platform-implementation-id-type
arm-platform-implementation-id-label =>
arm-platform-implementation-id-type
)

4 changes: 1 addition & 3 deletions cddl/platform/arm-platform-instance-id.cddl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
arm-platform-instance-id-label = 256 ; EAT ueid

; TODO: require that the first byte of arm-platform-instance-id-type is 0x01
; EAT UEIDs need to be 7 - 33 bytes
arm-platform-instance-id-type = bytes .size 33
arm-platform-instance-id-type = eat-ueid-rand-type

arm-platform-instance-id = (
arm-platform-instance-id-label => arm-platform-instance-id-type
Expand Down
3 changes: 2 additions & 1 deletion cddl/platform/arm-platform-verification-service-indicator.cddl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
arm-platform-verification-service-label = 2400 ; PSA verification service
; PSA verification service
arm-platform-verification-service-label = 2400
arm-platform-verification-service-type = text

arm-platform-verification-service = (
Expand Down
9 changes: 9 additions & 0 deletions cddl/platform/eat-ueid-rand.cddl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
eat-ueid-rand-type = bytes .join eat-ueid-rand-fmt

eat-ueid-rand-fmt = [
; the type byte is 0x01
ueid-rand-typ
bytes .size 32
]

ueid-rand-typ = h'01'
111 changes: 88 additions & 23 deletions cddl/platform/examples/3.diag
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,25 +1,90 @@
{
265: "tag:arm.com,2023:cca_platform#1.0.0",
10: h'0D22E08A98469058486318283489BDB36F09DBEFEB1864DF433FA6E54EA2D711',
2396: h'7F454C4602010100000000000000000003003E00010000005058000000000000',
256: h'0107060504030201000F0E0D0C0B0A090817161514131211101F1E1D1C1B1A1918',
2401: h'CFCFCFCF',
2395: 12291,
2402: "sha-256",
2400: "https://veraison.example/.well-known/veraison/verification",
2399: [
{ 1: "RSE_BL1_2", 5: h'5378796307535DF3EC8D8B15A2E2DC5641419C3D3060CFE32238C0FA973F7AA3', 2: h'9A271F2A916B0B6EE6CECB2426F0B3206EF074578BE55D9BC94F6F3FE3AB86AA', 6: "sha-256" },
{ 1: "RSE_BL2", 5: h'5378796307535DF3EC8D8B15A2E2DC5641419C3D3060CFE32238C0FA973F7AA3', 2: h'53C234E5E8472B6AC51C1AE1CAB3FE06FAD053BEB8EBFD8977B010655BFDD3C3', 6: "sha-256" },
{ 1: "RSE_S", 5: h'5378796307535DF3EC8D8B15A2E2DC5641419C3D3060CFE32238C0FA973F7AA3', 2: h'1121CFCCD5913F0A63FEC40A6FFD44EA64F9DC135C66634BA001D10BCF4302A2', 6: "sha-256" },
{ 1: "AP_BL1", 5: h'5378796307535DF3EC8D8B15A2E2DC5641419C3D3060CFE32238C0FA973F7AA3', 2: h'1571B5EC78BD68512BF7830BB6A2A44B2047C7DF57BCE79EB8A1C0E5BEA0A501', 6: "sha-256" },
{ 1: "AP_BL2", 5: h'5378796307535DF3EC8D8B15A2E2DC5641419C3D3060CFE32238C0FA973F7AA3', 2: h'10159BAF262B43A92D95DB59DAE1F72C645127301661E0A3CE4E38B295A97C58', 6: "sha-256" },
{ 1: "SCP_BL1", 5: h'5378796307535DF3EC8D8B15A2E2DC5641419C3D3060CFE32238C0FA973F7AA3', 2: h'10122E856B3FCD49F063636317476149CB730A1AA1CFAAD818552B72F56D6F68', 6: "sha-256" },
{ 1: "SCP_BL2", 5: h'F14B4987904BCB5814E4459A057ED4D20F58A633152288A761214DCD28780B56', 2: h'AA67A169B0BBA217AA0AA88A65346920C84C42447C36BA5F7EA65F422C1FE5D8', 6: "sha-256" },
{ 1: "AP_BL31", 5: h'5378796307535DF3EC8D8B15A2E2DC5641419C3D3060CFE32238C0FA973F7AA3', 2: h'2E6D31A5983A91251BFAE5AEFA1C0A19D8BA3CF601D0E8A706B4CFA9661A6B8A', 6: "sha-256" },
{ 1: "RMM", 5: h'5378796307535DF3EC8D8B15A2E2DC5641419C3D3060CFE32238C0FA973F7AA3', 2: h'A1FB50E6C86FAE1679EF3351296FD6713411A08CF8DD1790A4FD05FAE8688164', 6: "sha-256" },
{ 1: "HW_CONFIG", 5: h'5378796307535DF3EC8D8B15A2E2DC5641419C3D3060CFE32238C0FA973F7AA3', 2: h'1A252402972F6057FA53CC172B52B9FFCA698E18311FACD0F3B06ECAAEF79E17', 6: "sha-256" },
{ 1: "FW_CONFIG", 5: h'5378796307535DF3EC8D8B15A2E2DC5641419C3D3060CFE32238C0FA973F7AA3', 2: h'9A92ADBC0CEE38EF658C71CE1B1BF8C65668F166BFB213644C895CCB1AD07A25', 6: "sha-256" },
{ 1: "TB_FW_CONFIG", 5: h'5378796307535DF3EC8D8B15A2E2DC5641419C3D3060CFE32238C0FA973F7AA3', 2: h'238903180CC104EC2C5D8B3F20C5BC61B389EC0A967DF8CC208CDC7CD454174F', 6: "sha-256" },
{ 1: "SOC_FW_CONFIG", 5: h'5378796307535DF3EC8D8B15A2E2DC5641419C3D3060CFE32238C0FA973F7AA3', 2: h'E6C21E8D260FE71882DEBDB339D2402A2CA7648529BC2303F48649BCE0380017', 6: "sha-256" }
]
265:"tag:arm.com,2023:cca_platform#1.0.0",
10:h'0D22E08A98469058486318283489BDB36F09DBEFEB1864DF433FA6E54EA2D711',
2396:h'7F454C4602010100000000000000000003003E00010000005058000000000000',
256:h'0107060504030201000F0E0D0C0B0A090817161514131211101F1E1D1C1B1A1918',
2401:h'CFCFCFCF',
2395:12291,
2402:"sha-256",
2400:"https://veraison.example/.well-known/veraison/verification",
2399:[
{
1:"RSE_BL1_2",
5:h'5378796307535DF3EC8D8B15A2E2DC5641419C3D3060CFE32238C0FA973F7AA3',
2:h'9A271F2A916B0B6EE6CECB2426F0B3206EF074578BE55D9BC94F6F3FE3AB86AA',
6:"sha-256"
},
{
1:"RSE_BL2",
5:h'5378796307535DF3EC8D8B15A2E2DC5641419C3D3060CFE32238C0FA973F7AA3',
2:h'53C234E5E8472B6AC51C1AE1CAB3FE06FAD053BEB8EBFD8977B010655BFDD3C3',
6:"sha-256"
},
{
1:"RSE_S",
5:h'5378796307535DF3EC8D8B15A2E2DC5641419C3D3060CFE32238C0FA973F7AA3',
2:h'1121CFCCD5913F0A63FEC40A6FFD44EA64F9DC135C66634BA001D10BCF4302A2',
6:"sha-256"
},
{
1:"AP_BL1",
5:h'5378796307535DF3EC8D8B15A2E2DC5641419C3D3060CFE32238C0FA973F7AA3',
2:h'1571B5EC78BD68512BF7830BB6A2A44B2047C7DF57BCE79EB8A1C0E5BEA0A501',
6:"sha-256"
},
{
1:"AP_BL2",
5:h'5378796307535DF3EC8D8B15A2E2DC5641419C3D3060CFE32238C0FA973F7AA3',
2:h'10159BAF262B43A92D95DB59DAE1F72C645127301661E0A3CE4E38B295A97C58',
6:"sha-256"
},
{
1:"SCP_BL1",
5:h'5378796307535DF3EC8D8B15A2E2DC5641419C3D3060CFE32238C0FA973F7AA3',
2:h'10122E856B3FCD49F063636317476149CB730A1AA1CFAAD818552B72F56D6F68',
6:"sha-256"
},
{
1:"SCP_BL2",
5:h'F14B4987904BCB5814E4459A057ED4D20F58A633152288A761214DCD28780B56',
2:h'AA67A169B0BBA217AA0AA88A65346920C84C42447C36BA5F7EA65F422C1FE5D8',
6:"sha-256"
},
{
1:"AP_BL31",
5:h'5378796307535DF3EC8D8B15A2E2DC5641419C3D3060CFE32238C0FA973F7AA3',
2:h'2E6D31A5983A91251BFAE5AEFA1C0A19D8BA3CF601D0E8A706B4CFA9661A6B8A',
6:"sha-256"
},
{
1:"RMM",
5:h'5378796307535DF3EC8D8B15A2E2DC5641419C3D3060CFE32238C0FA973F7AA3',
2:h'A1FB50E6C86FAE1679EF3351296FD6713411A08CF8DD1790A4FD05FAE8688164',
6:"sha-256"
},
{
1:"HW_CONFIG",
5:h'5378796307535DF3EC8D8B15A2E2DC5641419C3D3060CFE32238C0FA973F7AA3',
2:h'1A252402972F6057FA53CC172B52B9FFCA698E18311FACD0F3B06ECAAEF79E17',
6:"sha-256"
},
{
1:"FW_CONFIG",
5:h'5378796307535DF3EC8D8B15A2E2DC5641419C3D3060CFE32238C0FA973F7AA3',
2:h'9A92ADBC0CEE38EF658C71CE1B1BF8C65668F166BFB213644C895CCB1AD07A25',
6:"sha-256"
},
{
1:"TB_FW_CONFIG",
5:h'5378796307535DF3EC8D8B15A2E2DC5641419C3D3060CFE32238C0FA973F7AA3',
2:h'238903180CC104EC2C5D8B3F20C5BC61B389EC0A967DF8CC208CDC7CD454174F',
6:"sha-256"
},
{
1:"SOC_FW_CONFIG",
5:h'5378796307535DF3EC8D8B15A2E2DC5641419C3D3060CFE32238C0FA973F7AA3',
2:h'E6C21E8D260FE71882DEBDB339D2402A2CA7648529BC2303F48649BCE0380017',
6:"sha-256"
}
]
}
1 change: 1 addition & 0 deletions cddl/platform/frags.mk
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,6 @@ PLATFORM_FRAGS += arm-platform-profile.cddl
PLATFORM_FRAGS += arm-platform-security-lifecycle.cddl
PLATFORM_FRAGS += arm-platform-software-components.cddl
PLATFORM_FRAGS += arm-platform-verification-service-indicator.cddl
PLATFORM_FRAGS += eat-ueid-rand.cddl

PLATFORM_EXAMPLES := $(wildcard examples/*.diag)
1 change: 0 additions & 1 deletion cddl/realm/cca-realm-claims.cddl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,4 @@ cca-realm-claim-map = {
cca-realm-hash-algo-id
cca-realm-public-key
cca-realm-public-key-hash-algo-id
cca-realm-mec-policy
}
3 changes: 2 additions & 1 deletion cddl/realm/cca-realm-extensible-measurements.cddl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
cca-realm-extensible-measurements-label = 44239

cca-realm-extensible-measurements = (
cca-realm-extensible-measurements-label => [ 4*4 cca-realm-measurement-type ]
cca-realm-extensible-measurements-label =>
[ 4*4 cca-realm-measurement-type ]
)
3 changes: 2 additions & 1 deletion cddl/realm/cca-realm-personalization-value.cddl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,6 @@ cca-realm-personalization-value-label = 44235
cca-realm-personalization-value-type = bytes .size 64

cca-realm-personalization-value = (
cca-realm-personalization-value-label => cca-realm-personalization-value-type
cca-realm-personalization-value-label =>
cca-realm-personalization-value-type
)
2 changes: 1 addition & 1 deletion cddl/realm/frags.mk
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ REALM_FRAGS += cca-realm-extensible-measurements.cddl
REALM_FRAGS += cca-realm-hash-algo-id.cddl
REALM_FRAGS += cca-realm-initial-measurement.cddl
REALM_FRAGS += cca-realm-measurement.cddl
REALM_FRAGS += cca-realm-mec-policy.cddl
#REALM_FRAGS += cca-realm-mec-policy.cddl
REALM_FRAGS += cca-realm-personalization-value.cddl
REALM_FRAGS += cca-realm-profile.cddl
REALM_FRAGS += cca-realm-public-key-hash-algo-id.cddl
Expand Down
4 changes: 4 additions & 0 deletions cddl/tools.mk
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,3 +25,7 @@ ifeq ($(strip $(cbor2pretty)),)
$(error cbor2pretty tool not found. To install cbor2pretty, run: 'gem install cbor-diag')
endif

xxd ?= $(shell command -v xxd)
ifeq ($(strip $(xxd)),)
$(error xxd tool not found. Make sure it is installed and in PATH)
endif
2 changes: 2 additions & 0 deletions cddl/top/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,4 +16,6 @@ check: check-top check-top-examples
clean: ; rm -f $(CLEANFILES)
.PHONY: clean

EXAMPLES := $(wildcard examples/*.diag)

$(eval $(call cddl_check_template,top,$(FRAGS),$(EXAMPLES)))
7 changes: 4 additions & 3 deletions cddl/top/cca-top-claims.cddl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
cca-token = #6.399(cca-token-collection) ; CMW (draft-ietf-rats-msg-wrap) Collection
; CMW (draft-ietf-rats-msg-wrap) Collection
cca-token = #6.399(cca-token-collection)

cca-token-collection = {
44234 => COSE_Sign1<arm-platform-claims> ; 44234 = 0xACCA
44241 => COSE_Sign1<cca-realm-claims>
44234 => bytes .cbor COSE_Sign1<arm-platform-claims> ; 44234=0xACCA
44241 => bytes .cbor COSE_Sign1<cca-realm-claims>
}
Loading