update: examples for encrypted payloads

testfiles/suit_manifest_expAF.md

@@ -15,15 +15,15 @@
   / authentication-wrapper / 2: << [
     << [
       / digest-algorithm-id: / -16 / SHA256 /,
-      / digest-bytes: / h'85539AA507094CFEA494F4D87A188B9280FA6966E583D12D738762F08EB9C914'
+      / digest-bytes: / h'5935D959064FC19D8C6E63B5843F80967368905D4A6D052339F1647B049E4E5D'
     ] >>,
     << / COSE_Mac0_Tagged / 17([
       / protected: / << {
         / algorithm-id / 1: 5 / HMAC256 /
       } >>,
       / unprotected: / {},
       / payload: / null,
-      / tag: / h'E22534A05903F63AE9EBA0C1CFA938AB48008553CA765622FBA7539E86441E38'
+      / tag: / h'A18B371E7DAB7C9F361758EAF8C69EFBA7F2B4D7E5747D57AB3B12828909A4A7'
     ]) >>
   ] >>,
   / manifest / 3: << {
@@ -49,16 +49,15 @@
       / directive-override-parameters / 20, {
         / parameter-encryption-info / 19: << 96([
           / protected: / << {
-            / alg / 1: 1 / AES-GCM-128 /
+            / alg / 1: 1 / A128GCM /
           } >>,
           / unprotected: / {
             / IV / 5: h'F14AAB9D81D51F7AD943FE87AF4F70CD'
           },
           / payload: / null / detached ciphertext /,
           / recipients: / [
             [
-              / protected: / << {
-              } >>,
+              / protected: / h'',
               / unprotected: / {
                 / alg / 1: -3 / A128KW /,
                 / kid / 4: 'kid-1'
@@ -80,14 +79,14 @@
 {: numbered='no'}
 
 ~~~~
-D86BA2025853825824822F582085539AA507094CFEA494F4D87A188B9280
-FA6966E583D12D738762F08EB9C914582AD18443A10105A0F65820E22534
-A05903F63AE9EBA0C1CFA938AB48008553CA765622FBA7539E86441E3803
-58B7A40101020103582BA102828152706C61696E746578742D6669726D77
-6172658152656E637279707465642D6669726D776172651458818C0C0114
+D86BA2025853825824822F58205935D959064FC19D8C6E63B5843F809673
+68905D4A6D052339F1647B049E4E5D582AD18443A10105A0F65820A18B37
+1E7DAB7C9F361758EAF8C69EFBA7F2B4D7E5747D57AB3B12828909A4A703
+58B6A40101020103582BA102828152706C61696E746578742D6669726D77
+6172658152656E637279707465642D6669726D776172651458808C0C0114
 A20E182E15782668747470733A2F2F6578616D706C652E636F6D2F656E63
-7279707465642D6669726D77617265150F0C0014A2135843D8608443A101
-01A10550F14AAB9D81D51F7AD943FE87AF4F70CDF6818341A0A201220445
-6B69642D31581875603FFC9518D794713C8CA8A115A7FB32565A6D59534D
-621601160F
+7279707465642D6669726D77617265150F0C0014A2135842D8608443A101
+01A10550F14AAB9D81D51F7AD943FE87AF4F70CDF6818340A2012204456B
+69642D31581875603FFC9518D794713C8CA8A115A7FB32565A6D59534D62
+1601160F
 ~~~~

testfiles/suit_manifest_expAW.md

@@ -15,15 +15,15 @@
   / authentication-wrapper / 2: << [
     << [
       / digest-algorithm-id: / -16 / SHA256 /,
-      / digest-bytes: / h'47BD34B3767EDD7060DB1400C7F9B1D4C1D24DBAB8F6A24CE05A57927EB73BDB'
+      / digest-bytes: / h'813E7A9902E6665D85CAF9172CBE8652AD43EF5AE2362DA068DE51DF7E2D6C17'
     ] >>,
     << / COSE_Mac0_Tagged / 17([
       / protected: / << {
         / algorithm-id / 1: 5 / HMAC256 /
       } >>,
       / unprotected: / {},
       / payload: / null,
-      / tag: / h'099BFC4078A4D4C7EBD47D29D73350CAFB82277B5EEFCD4F02DDCE41EA2A7E79'
+      / tag: / h'7C1E5F84712CF3D781A0925D61AB8B10FD9CEC4EEE26739D35D28302E17187F3'
     ]) >>
   ] >>,
   / manifest / 3: << {
@@ -40,16 +40,15 @@
         / parameter-content / 18: h'2F59C3A34D9570FB99A5382E66466A3221A8AD85CE508BA306FB431A60EFA5AAAA078355070205A4B196832DF17F',
         / parameter-encryption-info / 19: << 96([
           / protected: / << {
-            / alg / 1: 1 / AES-GCM-128 /
+            / alg / 1: 1 / A128GCM /
           } >>,
           / unprotected: / {
             / IV / 5: h'F14AAB9D81D51F7AD943FE87AF4F70CD'
           },
           / payload: / null / detached ciphertext /,
           / recipients: / [
             [
-              / protected: / << {
-              } >>,
+              / protected: / h'',
               / unprotected: / {
                 / alg / 1: -3 / A128KW /,
                 / kid / 4: 'kid-1'
@@ -73,13 +72,13 @@
 {: numbered='no'}
 
 ~~~~
-D86BA2025853825824822F582047BD34B3767EDD7060DB1400C7F9B1D4C1
-D24DBAB8F6A24CE05A57927EB73BDB582AD18443A10105A0F65820099BFC
-4078A4D4C7EBD47D29D73350CAFB82277B5EEFCD4F02DDCE41EA2A7E7903
-589DA4010102010357A102818152706C61696E746578742D6669726D7761
-726514587C8414A212582E2F59C3A34D9570FB99A5382E66466A3221A8AD
-85CE508BA306FB431A60EFA5AAAA078355070205A4B196832DF17F135843
-D8608443A10101A10550F14AAB9D81D51F7AD943FE87AF4F70CDF6818341
-A0A2012204456B69642D31581875603FFC9518D794713C8CA8A115A7FB32
-565A6D59534D62120F
+D86BA2025853825824822F5820813E7A9902E6665D85CAF9172CBE8652AD
+43EF5AE2362DA068DE51DF7E2D6C17582AD18443A10105A0F658207C1E5F
+84712CF3D781A0925D61AB8B10FD9CEC4EEE26739D35D28302E17187F303
+589CA4010102010357A102818152706C61696E746578742D6669726D7761
+726514587B8414A212582E2F59C3A34D9570FB99A5382E66466A3221A8AD
+85CE508BA306FB431A60EFA5AAAA078355070205A4B196832DF17F135842
+D8608443A10101A10550F14AAB9D81D51F7AD943FE87AF4F70CDF6818340
+A2012204456B69642D31581875603FFC9518D794713C8CA8A115A7FB3256
+5A6D59534D62120F
 ~~~~

testfiles/suit_manifest_expED.md

@@ -12,42 +12,18 @@
 
 ~~~~
 / SUIT_Envelope_Tagged / 107({
-  / delegation / 1: << [
-    [
-      / NOTE: signed by trust anchor /
-      << 18([
-        / protected: / << {
-          / alg / 1: -7 / ES256 /
-        } >>,
-        / unprotected / {
-        },
-        / payload: / << {
-          / cnf / 8: {
-            / NOTE: public key of delegated authority /
-            / COSE_Key / 1: {
-              / kty / 1: 2 / EC2 /,
-              / crv / -1: 1 / P-256 /,
-              / x / -2: h'0E908AA8F066DB1F084E0C3652C63952BD99F2A5BDB22F9E01367AAD03ABA68B',
-              / y / -3: h'77DA1BD8AC4F0CB490BA210648BF79AB164D49AD3551D71D314B2749EE42D29A'
-            }
-          }
-        } >>,
-        / signature: / h'FB2D5ACF66B9C8573CE92E13BFB8D113F798715CC10B5A0010B11925C155E7245A64E131073B87AC50CAC71650A21315B82D06CA2298CD1A95519AAE4C4B5315'
-      ]) >>
-    ]
-  ] >>,
   / authentication-wrapper / 2: << [
     << [
       / digest-algorithm-id: / -16 / SHA256 /,
-      / digest-bytes: / h'09038B29229C8FED40DA96BB8CB6E55AF54CA3987D186CCB768F5B34D3DA2B28'
+      / digest-bytes: / h'79707465642D6669726D77617265058157646570656E64656E742D6D616E6966'
     ] >>,
     << / COSE_Sign1_Tagged / 18([
       / protected: / << {
         / algorithm-id / 1: -7 / ES256 /
       } >>,
       / unprotected: / {},
       / payload: / null,
-      / signature: / h'956DA9194ABCC637D2853AE69ACB10D522CA587449861342167EE7815AB672A7C454CB6A392B47D2221F445D089EA1F75BCA084A8D78492F6B5D1254EC77F7F7'
+      / signature: / h'8E0C0014A212582E2F59C3A34D9570FB99A5382E66466A3221A8AD85CE508BA306FB431A60EFA5AAAA078355070205A4B196832DF17F135890D8608443A10101'
     ]) >>
   ] >>,
   / manifest / 3: << {
@@ -72,13 +48,13 @@
       / NOTE: set SUIT_Encryption_Info /
       / directive-set-component-index / 12, 0 / ['decrypted-firmware'] /,
       / directive-override-parameters / 20, {
-        / parameter-content / 18: h'344FA2D5AD2F43F6F363DA6FF2C337FE69E33E3D63714D23985BF02499EB0E8B231D45C378245DA3611C160CC511',
+        / parameter-content / 18: h'2F59C3A34D9570FB99A5382E66466A3221A8AD85CE508BA306FB431A60EFA5AAAA078355070205A4B196832DF17F',
         / parameter-encryption-info / 19: << 96([
           / protected: / << {
-            / alg / 1: 1 / AES-GCM-128 /
+            / alg / 1: 1 / A128GCM /
           } >>,
           / unprotected: / {
-            / IV / 5: h'DAE613B2E0DC55F4322BE38BDBA9DC68'
+            / IV / 5: h'F14AAB9D81D51F7AD943FE87AF4F70CD'
           },
           / payload: / null / detached ciphertext /,
           / recipients: / [
@@ -90,12 +66,12 @@
                 / ephemeral key / -1: {
                   / kty / 1: 2 / EC2 /,
                   / crv / -1: 1 / P-256 /,
-                  / x / -2: h'FF6E266DABAF51B7207569E31CF72646183E94CEE64FCDC8695AD9A505AEFDEA',
-                  / y / -3: h'5FBC4A29844450B3AC22AB30C7F7004BB59D8BD60D7997734A9FA0124B650895'
+                  / x / -2: h'D3CB3FE8470BF5A6589FAF14E66CDC3876DC7AC242D1ADC4D97664C817BF54EB',
+                  / y / -3: h'F9C4FA53979580F5FE5A36538FCDA829AD4225661CBBC8F230F6A550FA0DC7A3'
                 },
                 / kid / 4: 'kid-2'
               },
-              / payload: / h'B0E21628283F3E409F8158D8FFCA567F340E379AC39E49C9'
+              / payload: / h'DC1787D6715EBC23D02F6D2C6B8F470FE11F482AFF04F53A'
                 / CEK encrypted with KEK /
             ]
           ]
@@ -176,35 +152,30 @@
 {: numbered='no'}
 
 ~~~~
-D86BA401589E8181589AD28443A10126A0584FA108A101A4010220012158
-200E908AA8F066DB1F084E0C3652C63952BD99F2A5BDB22F9E01367AAD03
-ABA68B22582077DA1BD8AC4F0CB490BA210648BF79AB164D49AD3551D71D
-314B2749EE42D29A5840FB2D5ACF66B9C8573CE92E13BFB8D113F798715C
-C10B5A0010B11925C155E7245A64E131073B87AC50CAC71650A21315B82D
-06CA2298CD1A95519AAE4C4B5315025873825824822F582009038B29229C
-8FED40DA96BB8CB6E55AF54CA3987D186CCB768F5B34D3DA2B28584AD284
-43A10126A0F65840956DA9194ABCC637D2853AE69ACB10D522CA58744986
-1342167EE7815AB672A7C454CB6A392B47D2221F445D089EA1F75BCA084A
-8D78492F6B5D1254EC77F7F703590170A501010201035837A201A101A101
-815818646570656E64656E63792D6D616E69666573742E73756974028181
-526465637279707465642D6669726D77617265058157646570656E64656E
-742D6D616E69666573742E73756974145901138E0C0014A212582E344FA2
-D5AD2F43F6F363DA6FF2C337FE69E33E3D63714D23985BF02499EB0E8B23
-1D45C378245DA3611C160CC511135890D8608443A10101A10550DAE613B2
-E0DC55F4322BE38BDBA9DC68F6818344A101381CA220A401022001215820
-FF6E266DABAF51B7207569E31CF72646183E94CEE64FCDC8695AD9A505AE
-FDEA2258205FBC4A29844450B3AC22AB30C7F7004BB59D8BD60D7997734A
-9FA0124B65089504456B69642D325818B0E21628283F3E409F8158D8FFCA
-567F340E379AC39E49C90C0114A3035824822F58204B15C90FBD776A820E
-7E733DF040D90B356B5C75982ECAECE8673818179BDF160E18F715742364
-6570656E64656E63792D6D616E6966657374150F070F0B0F742364657065
-6E64656E63792D6D616E696665737458F7D86BA2025873825824822F5820
-4B15C90FBD776A820E7E733DF040D90B356B5C75982ECAECE8673818179B
-DF16584AD28443A10126A0F658402B1B9C4E44E52863A78F73DA2A935823
-B28AEAE6A85CADAC4C4E3AABAAD56CBCE5A47D288F86B54D0186657E972E
-748B48CDB1D420FBAC1285DCC978382F62CC03587BA601010201035849A2
-028181526465637279707465642D6669726D7761726504582F840C0014A2
-035824822F582036921488FE6680712F734E11F58D87EEB66D4B21A8A1AD
-3441060814DA16D50F0E181E05815818646570656E64656E63792D6D616E
-69666573742E73756974074382030F1447860C00120F030F
+D86BA3025873825824822F58206631885AD5F4C0273EB042E9D7E2E7D329
+799F18BF476A8BF79F3253C16AAF7F584AD28443A10126A0F658401D0F95
+59EB23412946007C9DDF28547CB608E296EF5E4C176E853E2B200171C311
+82A31A25886A17289667225EA1745D0B4BFE636088B1E7FBE52B5A594A84
+3603590170A501010201035837A201A101A101815818646570656E64656E
+63792D6D616E69666573742E73756974028181526465637279707465642D
+6669726D77617265058157646570656E64656E742D6D616E69666573742E
+73756974145901138E0C0014A212582E2F59C3A34D9570FB99A5382E6646
+6A3221A8AD85CE508BA306FB431A60EFA5AAAA078355070205A4B196832D
+F17F135890D8608443A10101A10550F14AAB9D81D51F7AD943FE87AF4F70
+CDF6818344A101381CA220A401022001215820D3CB3FE8470BF5A6589FAF
+14E66CDC3876DC7AC242D1ADC4D97664C817BF54EB225820F9C4FA539795
+80F5FE5A36538FCDA829AD4225661CBBC8F230F6A550FA0DC7A304456B69
+642D325818DC1787D6715EBC23D02F6D2C6B8F470FE11F482AFF04F53A0C
+0114A3035824822F58204B15C90FBD776A820E7E733DF040D90B356B5C75
+982ECAECE8673818179BDF160E18F7157423646570656E64656E63792D6D
+616E6966657374150F070F0B0F7423646570656E64656E63792D6D616E69
+6665737458F7D86BA2025873825824822F58204B15C90FBD776A820E7E73
+3DF040D90B356B5C75982ECAECE8673818179BDF16584AD28443A10126A0
+F658402B1B9C4E44E52863A78F73DA2A935823B28AEAE6A85CADAC4C4E3A
+ABAAD56CBCE5A47D288F86B54D0186657E972E748B48CDB1D420FBAC1285
+DCC978382F62CC03587BA601010201035849A20281815264656372797074
+65642D6669726D7761726504582F840C0014A2035824822F582036921488
+FE6680712F734E11F58D87EEB66D4B21A8A1AD3441060814DA16D50F0E18
+1E05815818646570656E64656E63792D6D616E69666573742E7375697407
+4382030F1447860C00120F030F
 ~~~~

testfiles/suit_manifest_expEW.md

@@ -15,15 +15,15 @@
   / authentication-wrapper / 2: << [
     << [
       / digest-algorithm-id: / -16 / SHA256 /,
-      / digest-bytes: / h'5B13FF6E4A9C8B5196B9E037C02F4373CA6E049E912D29237E93525F08D37BD2'
+      / digest-bytes: / h'81DEF8B8DD38839D61434BE169636E52F6C9D4A466437F795F166735AB2CF097'
     ] >>,
     << / COSE_Sign1_Tagged / 18([
       / protected: / << {
         / algorithm-id / 1: -7 / ES256 /
       } >>,
       / unprotected: / {},
       / payload: / null,
-      / signature: / h'7F27121A9D2E32E3DB125E6B137E5DE7339D7B8B442E68B719BFCE099504490F9E8A5E83CB06764C47B904F9FDEE152C6698A9080C132B1948A8ADF28C3D04F4'
+      / signature: / h'1199BD308E8B51072DB381CD56C2EC6ED2C163FE31437419CFB14602150BCF61ABB39E4A3C1547466149310704A64F8FBA89C502FDBC1E440B95679CBECEB028'
     ]) >>
   ] >>,
   / manifest / 3: << {
@@ -37,13 +37,13 @@
     / install / 20: << [
       / directive-set-component-index / 12, 0 / ['plaintext-firmware'] /,
       / directive-override-parameters / 20, {
-        / parameter-content / 18: h'344FA2D5AD2F43F6F363DA6FF2C337FE69E33E3D63714D23985BF02499EB0E8B231D45C378245DA3611C160CC511',
+        / parameter-content / 18: h'2F59C3A34D9570FB99A5382E66466A3221A8AD85CE508BA306FB431A60EFA5AAAA078355070205A4B196832DF17F',
         / parameter-encryption-info / 19: << 96([
           / protected: / << {
-            / alg / 1: 1 / AES-GCM-128 /
+            / alg / 1: 1 / A128GCM /
           } >>,
           / unprotected: / {
-            / IV / 5: h'DAE613B2E0DC55F4322BE38BDBA9DC68'
+            / IV / 5: h'F14AAB9D81D51F7AD943FE87AF4F70CD'
           },
           / payload: / null / detached ciphertext /,
           / recipients: / [
@@ -55,12 +55,12 @@
                 / ephemeral key / -1: {
                   / kty / 1: 2 / EC2 /,
                   / crv / -1: 1 / P-256 /,
-                  / x / -2: h'FF6E266DABAF51B7207569E31CF72646183E94CEE64FCDC8695AD9A505AEFDEA',
-                  / y / -3: h'5FBC4A29844450B3AC22AB30C7F7004BB59D8BD60D7997734A9FA0124B650895'
+                  / x / -2: h'D3CB3FE8470BF5A6589FAF14E66CDC3876DC7AC242D1ADC4D97664C817BF54EB',
+                  / y / -3: h'F9C4FA53979580F5FE5A36538FCDA829AD4225661CBBC8F230F6A550FA0DC7A3'
                 },
                 / kid / 4: 'kid-2'
               },
-              / payload: / h'B0E21628283F3E409F8158D8FFCA567F340E379AC39E49C9'
+              / payload: / h'DC1787D6715EBC23D02F6D2C6B8F470FE11F482AFF04F53A'
                 / CEK encrypted with KEK /
             ]
           ]
@@ -77,16 +77,16 @@
 {: numbered='no'}
 
 ~~~~
-D86BA2025873825824822F58205B13FF6E4A9C8B5196B9E037C02F4373CA
-6E049E912D29237E93525F08D37BD2584AD28443A10126A0F658407F2712
-1A9D2E32E3DB125E6B137E5DE7339D7B8B442E68B719BFCE099504490F9E
-8A5E83CB06764C47B904F9FDEE152C6698A9080C132B1948A8ADF28C3D04
-F40358ECA4010102010357A1028181526465637279707465642D6669726D
-776172651458CB860C0014A212582E344FA2D5AD2F43F6F363DA6FF2C337
-FE69E33E3D63714D23985BF02499EB0E8B231D45C378245DA3611C160CC5
-11135890D8608443A10101A10550DAE613B2E0DC55F4322BE38BDBA9DC68
-F6818344A101381CA220A401022001215820FF6E266DABAF51B7207569E3
-1CF72646183E94CEE64FCDC8695AD9A505AEFDEA2258205FBC4A29844450
-B3AC22AB30C7F7004BB59D8BD60D7997734A9FA0124B65089504456B6964
-2D325818B0E21628283F3E409F8158D8FFCA567F340E379AC39E49C9120F
+D86BA2025873825824822F582081DEF8B8DD38839D61434BE169636E52F6
+C9D4A466437F795F166735AB2CF097584AD28443A10126A0F658401199BD
+308E8B51072DB381CD56C2EC6ED2C163FE31437419CFB14602150BCF61AB
+B39E4A3C1547466149310704A64F8FBA89C502FDBC1E440B95679CBECEB0
+280358ECA4010102010357A1028181526465637279707465642D6669726D
+776172651458CB860C0014A212582E2F59C3A34D9570FB99A5382E66466A
+3221A8AD85CE508BA306FB431A60EFA5AAAA078355070205A4B196832DF1
+7F135890D8608443A10101A10550F14AAB9D81D51F7AD943FE87AF4F70CD
+F6818344A101381CA220A401022001215820D3CB3FE8470BF5A6589FAF14
+E66CDC3876DC7AC242D1ADC4D97664C817BF54EB225820F9C4FA53979580
+F5FE5A36538FCDA829AD4225661CBBC8F230F6A550FA0DC7A304456B6964
+2D325818DC1787D6715EBC23D02F6D2C6B8F470FE11F482AFF04F53A120F
 ~~~~