diff --git a/Makefile.parser b/Makefile.parser index ea9c32e..1cc811b 100644 --- a/Makefile.parser +++ b/Makefile.parser @@ -45,7 +45,7 @@ $(TARGET): $(OBJS) | ./bin ./obj/%.o: %.c | ./obj/src ./obj/examples $(CC) $(CFLAGS) $(INC) -o $@ -c $< -TEST_NUM := 0 1 2A 2B 3 4 5 U I D R S0 S1 S2 S3 S4 U0 U1 +TEST_NUM := 0 1 2A 2B 3 4 5 U I D AF AW EW ED S0 S2 S3 S4 U0 U1 EXPS := $(foreach num,$(TEST_NUM),./testfiles/suit_manifest_exp$(num).cbor) define test-one $(TARGET) $1 2 || exit 1 diff --git a/Makefile.process b/Makefile.process index 3ba0c02..8060eda 100644 --- a/Makefile.process +++ b/Makefile.process @@ -61,7 +61,7 @@ define test-one endef -TEST_NUM := 0 1 2A 2B 3 4 5 U I D R S0 S1 S2 S3 S4 U0 U1 +TEST_NUM := 0 1 2A 2B 3 4 5 U I D AF AW EW ED S0 S2 S3 S4 U0 U1 .PHONY: test test: all $(foreach num,$(TEST_NUM),$(call test-one,$(num))) diff --git a/examples/inc/delegated_authority_cose_key_private.h b/examples/inc/delegated_authority_cose_key_private.h new file mode 100644 index 0000000..034d523 --- /dev/null +++ b/examples/inc/delegated_authority_cose_key_private.h @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2020-2023 SECOM CO., LTD. All Rights reserved. + * + * SPDX-License-Identifier: BSD-2-Clause + * + */ + +#ifndef DELEGATED_AUTHORITY_ES256_COSE_KEY_PRIVATE_H +#define DELEGATED_AUTHORITY_ES256_COSE_KEY_PRIVATE_H +#include "qcbor/UsefulBuf.h" + +const unsigned char delegated_authority_es256_cose_key_private_buf[] = { + 0xA5, //# map(5) + 0x01, //# unsigned(1) / 1 = kty / + 0x02, //# unsigned(2) / 2 = EC2 / + 0x20, //# negative(0) / -1 = crv / + 0x01, //# unsigned(1) / 1 = P-256 / + 0x21, //# negative(1) / -2 = x / + 0x58, 0x20, //# bytes(32) + 0x0E, 0x90, 0x8A, 0xA8, 0xF0, 0x66, 0xDB, 0x1F, + 0x08, 0x4E, 0x0C, 0x36, 0x52, 0xC6, 0x39, 0x52, + 0xBD, 0x99, 0xF2, 0xA5, 0xBD, 0xB2, 0x2F, 0x9E, + 0x01, 0x36, 0x7A, 0xAD, 0x03, 0xAB, 0xA6, 0x8B, + 0x22, //# negative(2) / -3 = y / + 0x58, 0x20, //# bytes(32) + 0x77, 0xDA, 0x1B, 0xD8, 0xAC, 0x4F, 0x0C, 0xB4, + 0x90, 0xBA, 0x21, 0x06, 0x48, 0xBF, 0x79, 0xAB, + 0x16, 0x4D, 0x49, 0xAD, 0x35, 0x51, 0xD7, 0x1D, + 0x31, 0x4B, 0x27, 0x49, 0xEE, 0x42, 0xD2, 0x9A, + 0x23, //# negative(3) / -4 = d / + 0x58, 0x20, //# bytes(32) + 0x84, 0x1A, 0xEB, 0xB7, 0xB9, 0xEA, 0x6F, 0x02, + 0x60, 0xBE, 0x73, 0x55, 0xA2, 0x45, 0x88, 0xB9, + 0x77, 0xD2, 0x3D, 0x2A, 0xC5, 0xBF, 0x2B, 0x6B, + 0x2D, 0x83, 0x79, 0x43, 0x2A, 0x1F, 0xEA, 0x98, +}; +const UsefulBufC delegated_authority_es256_cose_key_private = { + .ptr = delegated_authority_es256_cose_key_private_buf, + .len = sizeof(delegated_authority_es256_cose_key_private_buf) +}; +#endif /* DELEGATED_AUTHORITY_ES256_COSE_KEY_PRIVATE_H */ diff --git a/examples/inc/delegated_authority_cose_key_public.h b/examples/inc/delegated_authority_cose_key_public.h new file mode 100644 index 0000000..71d06f5 --- /dev/null +++ b/examples/inc/delegated_authority_cose_key_public.h @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2020-2023 SECOM CO., LTD. All Rights reserved. + * + * SPDX-License-Identifier: BSD-2-Clause + * + */ + +#ifndef DELEGATED_AUTHORITY_ES256_COSE_KEY_PUBLIC_H +#define DELEGATED_AUTHORITY_ES256_COSE_KEY_PUBLIC_H +#include "qcbor/UsefulBuf.h" + +const unsigned char delegated_authority_es256_cose_key_public_buf[] = { + 0xA4, //# map(4) + 0x01, //# unsigned(1) / 1 = kty / + 0x02, //# unsigned(2) / 2 = EC2 / + 0x20, //# negative(0) / -1 = crv / + 0x01, //# unsigned(1) / 1 = P-256 / + 0x21, //# negative(1) / -2 = x / + 0x58, 0x20, //# bytes(32) + 0x0E, 0x90, 0x8A, 0xA8, 0xF0, 0x66, 0xDB, 0x1F, + 0x08, 0x4E, 0x0C, 0x36, 0x52, 0xC6, 0x39, 0x52, + 0xBD, 0x99, 0xF2, 0xA5, 0xBD, 0xB2, 0x2F, 0x9E, + 0x01, 0x36, 0x7A, 0xAD, 0x03, 0xAB, 0xA6, 0x8B, + 0x22, //# negative(2) / -3 = y / + 0x58, 0x20, //# bytes(32) + 0x77, 0xDA, 0x1B, 0xD8, 0xAC, 0x4F, 0x0C, 0xB4, + 0x90, 0xBA, 0x21, 0x06, 0x48, 0xBF, 0x79, 0xAB, + 0x16, 0x4D, 0x49, 0xAD, 0x35, 0x51, 0xD7, 0x1D, + 0x31, 0x4B, 0x27, 0x49, 0xEE, 0x42, 0xD2, 0x9A, +}; +const UsefulBufC delegated_authority_es256_cose_key_public = { + .ptr = delegated_authority_es256_cose_key_public_buf, + .len = sizeof(delegated_authority_es256_cose_key_public_buf) +}; +#endif /* DELEGATED_AUTHORITY_ES256_COSE_KEY_PUBLIC_H */ diff --git a/examples/inc/device_es256_cose_key_private.h b/examples/inc/device_es256_cose_key_private.h index d9fad1c..a3e542d 100644 --- a/examples/inc/device_es256_cose_key_private.h +++ b/examples/inc/device_es256_cose_key_private.h @@ -7,6 +7,8 @@ #ifndef DEVICE_ES256_COSE_KEY_PRIVATE_H #define DEVICE_ES256_COSE_KEY_PRIVATE_H +#include "qcbor/UsefulBuf.h" + const unsigned char device_es256_cose_key_private_buf[] = { 0xA5, //# map(5) 0x01, //# unsigned(1) / 1 = kty / diff --git a/examples/inc/device_es256_cose_key_public.h b/examples/inc/device_es256_cose_key_public.h index ccc4a41..b3b23ed 100644 --- a/examples/inc/device_es256_cose_key_public.h +++ b/examples/inc/device_es256_cose_key_public.h @@ -7,6 +7,8 @@ #ifndef DEVICE_ES256_COSE_KEY_PUBLIC_H #define DEVICE_ES256_COSE_KEY_PUBLIC_H +#include "qcbor/UsefulBuf.h" + const unsigned char device_es256_cose_key_public_buf[] = { 0xA4, //# map(4) 0x01, //# unsigned(1) / 1 = kty / diff --git a/examples/inc/tam_es256_cose_key_private.h b/examples/inc/tam_es256_cose_key_private.h index 3da01fd..c26e696 100644 --- a/examples/inc/tam_es256_cose_key_private.h +++ b/examples/inc/tam_es256_cose_key_private.h @@ -7,6 +7,8 @@ #ifndef TAM_ES256_COSE_KEY_PRIVATE_H #define TAM_ES256_COSE_KEY_PRIVATE_H +#include "qcbor/UsefulBuf.h" + const unsigned char tam_es256_cose_key_private_buf[] = { 0xA5, //# map(5) 0x01, //# unsigned(1) / 1 = kty / diff --git a/examples/inc/tam_es256_cose_key_public.h b/examples/inc/tam_es256_cose_key_public.h index db8a9aa..b4ad1c7 100644 --- a/examples/inc/tam_es256_cose_key_public.h +++ b/examples/inc/tam_es256_cose_key_public.h @@ -7,6 +7,8 @@ #ifndef TAM_ES256_COSE_KEY_PUBLIC_H #define TAM_ES256_COSE_KEY_PUBLIC_H +#include "qcbor/UsefulBuf.h" + const unsigned char tam_es256_cose_key_public_buf[] = { 0xA4, //# map(4) 0x01, //# unsigned(1) / 1 = kty / diff --git a/examples/inc/trust_anchor_a128_cose_key_secret.h b/examples/inc/trust_anchor_a128_cose_key_secret.h index 9cb3151..c6fe256 100644 --- a/examples/inc/trust_anchor_a128_cose_key_secret.h +++ b/examples/inc/trust_anchor_a128_cose_key_secret.h @@ -7,6 +7,8 @@ #ifndef TRUST_ANCHOR_A128_COSE_KEY_SECRET_H #define TRUST_ANCHOR_A128_COSE_KEY_SECRET_H +#include "qcbor/UsefulBuf.h" + const unsigned char trust_anchor_a128_cose_key_secret_buf[] = { 0xA2, //# map(2) 0x01, //# unsigned(1) / 1 = key / diff --git a/examples/inc/trust_anchor_hmac256_cose_key_secret.h b/examples/inc/trust_anchor_hmac256_cose_key_secret.h index 7b68144..800ef08 100644 --- a/examples/inc/trust_anchor_hmac256_cose_key_secret.h +++ b/examples/inc/trust_anchor_hmac256_cose_key_secret.h @@ -7,6 +7,8 @@ #ifndef TRUST_ANCHOR_HMAC256_COSE_KEY_SECRET_H #define TRUST_ANCHOR_HMAC256_COSE_KEY_SECRET_H +#include "qcbor/UsefulBuf.h" + const unsigned char trust_anchor_hmac256_cose_key_secret_buf[] = { 0xA2, //# map(2) 0x01, //# unsigned(1) / 1 = key / diff --git a/examples/inc/trust_anchor_prime256v1_cose_key_private.h b/examples/inc/trust_anchor_prime256v1_cose_key_private.h index 25d921b..35c3fd3 100644 --- a/examples/inc/trust_anchor_prime256v1_cose_key_private.h +++ b/examples/inc/trust_anchor_prime256v1_cose_key_private.h @@ -7,6 +7,8 @@ #ifndef TRUST_ANCHOR_PRIME256V1_COSE_KEY_PRIVATE_H #define TRUST_ANCHOR_PRIME256V1_COSE_KEY_PRIVATE_H +#include "qcbor/UsefulBuf.h" + const unsigned char trust_anchor_prime256v1_cose_key_private_buf[] = { 0xA5, //# map(5) 0x01, //# unsigned(1) / 1 = kty / diff --git a/examples/inc/trust_anchor_prime256v1_cose_key_public.h b/examples/inc/trust_anchor_prime256v1_cose_key_public.h index d5b057e..84c5586 100644 --- a/examples/inc/trust_anchor_prime256v1_cose_key_public.h +++ b/examples/inc/trust_anchor_prime256v1_cose_key_public.h @@ -7,6 +7,8 @@ #ifndef TRUST_ANCHOR_PRIME256V1_COSE_KEY_PUBLIC_H #define TRUST_ANCHOR_PRIME256V1_COSE_KEY_PUBLIC_H +#include "qcbor/UsefulBuf.h" + const unsigned char trust_anchor_prime256v1_cose_key_public_buf[] = { 0xA4, //# map(4) 0x01, //# unsigned(1) / 1 = kty / diff --git a/examples/suit_manifest_parser_main.c b/examples/suit_manifest_parser_main.c index 5e316b7..79871c1 100644 --- a/examples/suit_manifest_parser_main.c +++ b/examples/suit_manifest_parser_main.c @@ -12,6 +12,7 @@ #include "csuit/suit_cose.h" #include "suit_examples_common.h" #include "trust_anchor_prime256v1_cose_key_private.h" +#include "delegated_authority_cose_key_private.h" #include "trust_anchor_hmac256_cose_key_secret.h" #define MAX_FILE_BUFFER_SIZE (8 * 1024 * 1024) @@ -45,15 +46,24 @@ int main(int argc, mechanisms[0].cose_tag = CBOR_TAG_COSE_SIGN1; mechanisms[0].use = false; - mechanisms[1].key.cose_algorithm_id = T_COSE_ALGORITHM_HMAC256; - result = suit_set_suit_key_from_cose_key(trust_anchor_hmac256_cose_key_secret, &mechanisms[1].key); + mechanisms[1].key.cose_algorithm_id = T_COSE_ALGORITHM_ES256; + result = suit_set_suit_key_from_cose_key(delegated_authority_es256_cose_key_private, &mechanisms[1].key); if (result != SUIT_SUCCESS) { - printf("main : Failed to create secret key. %s(%d)\n", suit_err_to_str(result), result); + printf("main : Failed to create public key. %s(%d)\n", suit_err_to_str(result), result); return EXIT_FAILURE; } - mechanisms[1].cose_tag = CBOR_TAG_COSE_MAC0; + mechanisms[1].cose_tag = CBOR_TAG_COSE_SIGN1; mechanisms[1].use = false; + mechanisms[2].key.cose_algorithm_id = T_COSE_ALGORITHM_HMAC256; + result = suit_set_suit_key_from_cose_key(trust_anchor_hmac256_cose_key_secret, &mechanisms[2].key); + if (result != SUIT_SUCCESS) { + printf("main : Failed to create secret key. %s(%d)\n", suit_err_to_str(result), result); + return EXIT_FAILURE; + } + mechanisms[2].cose_tag = CBOR_TAG_COSE_MAC0; + mechanisms[2].use = false; + // Read manifest file. printf("main : Read Manifest file.\n"); uint8_t *manifest_buf = malloc(SUIT_MAX_DATA_SIZE); diff --git a/examples/suit_manifest_process_main.c b/examples/suit_manifest_process_main.c index 3d91de7..25229df 100644 --- a/examples/suit_manifest_process_main.c +++ b/examples/suit_manifest_process_main.c @@ -22,6 +22,7 @@ #include "csuit/suit_digest.h" #include "suit_examples_common.h" #include "trust_anchor_prime256v1_cose_key_public.h" +#include "delegated_authority_cose_key_public.h" #include "trust_anchor_hmac256_cose_key_secret.h" #include "trust_anchor_a128_cose_key_secret.h" #include "device_es256_cose_key_private.h" @@ -385,9 +386,10 @@ int main(int argc, char *argv[]) suit_err_t result = 0; int num_key = 0; - #define NUM_PUBLIC_KEYS_FOR_ECDH 1 + #define NUM_PUBLIC_KEYS_FOR_ECDH 2 UsefulBufC public_keys_for_ecdh[NUM_PUBLIC_KEYS_FOR_ECDH] = { trust_anchor_prime256v1_cose_key_public, + delegated_authority_es256_cose_key_public, }; #define NUM_SECRET_KEYS_FOR_MAC 1 UsefulBufC secret_keys_for_mac[NUM_SECRET_KEYS_FOR_MAC] = { diff --git a/inc/csuit/suit_common.h b/inc/csuit/suit_common.h index 3c177cf..3d49d89 100644 --- a/inc/csuit/suit_common.h +++ b/inc/csuit/suit_common.h @@ -162,16 +162,21 @@ typedef struct suit_mechanism { typedef enum suit_envelope_key { + SUIT_INTEGRATED_PAYLOAD = -1, SUIT_ENVELOPE_KEY_INVALID = 0, SUIT_DELEGATION = 1, SUIT_AUTHENTICATION = 2, SUIT_MANIFEST = 3, - SUIT_SEVERED_DEPENDENCY_RESOLUTION = 15, SUIT_SEVERED_PAYLOAD_FETCH = 16, - SUIT_SEVERED_INSTALL = 17, + SUIT_SEVERED_INSTALL = 20, SUIT_SEVERED_TEXT = 23, - SUIT_SEVERED_COSWID = 24, - SUIT_INTEGRATED_PAYLOAD = 25, + + /* draft-ietf-update-management */ + SUIT_SEVERED_COSWID = 14, + + /* draft-ietf-suit-trust-domains */ + SUIT_SEVERED_DEPENDENCY_RESOLUTION = 15, + SUIT_SEVERED_CANDIDATE_VERIFICATION = 18, } suit_envelope_key_t; typedef enum suit_algorithm_id { @@ -191,31 +196,31 @@ typedef enum suit_manifest_key { SUIT_MANIFEST_SEQUENCE_NUMBER = 2, SUIT_COMMON = 3, SUIT_REFERENCE_URI = 4, - SUIT_MANIFEST_COMPONENT_ID = 5, SUIT_VALIDATE = 7, SUIT_LOAD = 8, SUIT_INVOKE = 9, + SUIT_PAYLOAD_FETCH = 16, + SUIT_INSTALL = 20, + SUIT_TEXT = 23, /* draft-ietf-suit-update-management */ + SUIT_SET_VERSION = 6, SUIT_COSWID = 14, /* draft-ietf-suit-trust-domains */ + SUIT_MANIFEST_COMPONENT_ID = 5, SUIT_DEPENDENCY_RESOLUTION = 15, - - /* draft-ietf-suit-manifest */ - SUIT_PAYLOAD_FETCH = 16, - SUIT_INSTALL = 17, - SUIT_TEXT = 23, - - /* draft-ietf-suit-trust-domains */ + SUIT_CANDIDATE_VERIFICATION = 18, SUIT_UNINSTALL = 24, } suit_manifest_key_t; typedef enum suit_common_key { SUIT_COMMON_KEY_INVALID = 0, - SUIT_DEPENDENCIES = 1, // $$SUIT_Common-extensions SUIT_COMPONENTS = 2, SUIT_SHARED_SEQUENCE = 4, + + /* draft-ietf-suit-trust-domains */ + SUIT_DEPENDENCIES = 1, // $$SUIT_Common-extensions } suit_common_key_t; typedef enum suit_dependency_key { @@ -231,58 +236,36 @@ typedef enum suit_con_dir_key { SUIT_CONDITION_VENDOR_IDENTIFIER = 1, SUIT_CONDITION_CLASS_IDENTIFIER = 2, SUIT_CONDITION_IMAGE_MATCH = 3, - - /* draft-ietf-suit-update-management */ - SUIT_CONDITION_USE_BEFORE = 4, - - /* draft-ietf-suit-manifest */ SUIT_CONDITION_COMPONENT_SLOT = 5, SUIT_CONDITION_CHECK_CONTENT = 6, - - /* draft-ietf-suit-trust-domains */ - SUIT_CONDITION_DEPENDENCY_INTEGRITY = 7, - SUIT_CONDITION_IS_DEPENDENCY = 8, - SUIT_CONDITION_ABORT = 14, SUIT_CONDITION_DEVICE_IDENTIFIER = 24, - - /* draft-ietf-suit-update-management */ - SUIT_CONDITION_IMAGE_NOT_MATCH = 25, - SUIT_CONDITION_MINIMUM_BATTERY = 26, - SUIT_CONDITION_UPDATE_AUTHORIZED = 27, - SUIT_CONDITION_VERSION = 28, - - - /* draft-ietf-suit-trust-domains */ - SUIT_DIRECTIVE_PROCESS_DEPENDENCY = 11, - - /* draft-ietf-suit-manifest */ SUIT_DIRECTIVE_SET_COMPONENT_INDEX = 12, SUIT_DIRECTIVE_TRY_EACH = 15, SUIT_DIRECTIVE_WRITE = 18, - - /* draft-ietf-suit-trust-domains */ - SUIT_DIRECTIVE_SET_PARAMETERS = 19, - - /* draft-ietf-suit-manifest */ SUIT_DIRECTIVE_OVERRIDE_PARAMETERS = 20, SUIT_DIRECTIVE_FETCH = 21, SUIT_DIRECTIVE_COPY = 22, SUIT_DIRECTIVE_INVOKE = 23, + SUIT_DIRECTIVE_SWAP = 31, + SUIT_DIRECTIVE_RUN_SEQUENCE = 32, /* draft-ietf-suit-update-management */ + SUIT_CONDITION_USE_BEFORE = 4, + SUIT_CONDITION_IMAGE_NOT_MATCH = 25, + SUIT_CONDITION_MINIMUM_BATTERY = 26, + SUIT_CONDITION_UPDATE_AUTHORIZED = 27, + SUIT_CONDITION_VERSION = 28, SUIT_DIRECTIVE_WAIT = 29, - - /* draft-ietf-suit-manifest */ - SUIT_DIRECTIVE_SWAP = 31, - SUIT_DIRECTIVE_RUN_SEQUENCE = 32, + SUIT_DIRECTIVE_OVERRIDE_MULTIPLE = 34, + SUIT_DIRECTIVE_COPY_PARAMS = 35, /* draft-ietf-suit-trust-domains */ + SUIT_CONDITION_DEPENDENCY_INTEGRITY = 7, + SUIT_CONDITION_IS_DEPENDENCY = 8, + SUIT_DIRECTIVE_PROCESS_DEPENDENCY = 11, + SUIT_DIRECTIVE_SET_PARAMETERS = 19, SUIT_DIRECTIVE_UNLINK = 33, - - /* draft-ietf-suit-update-management */ - SUIT_DIRECTIVE_OVERRIDE_MULTIPLE = 34, /* XXX */ - SUIT_DIRECTIVE_COPY_PARAMS = 35, /* XXX */ } suit_con_dir_key_t; #define SUIT_SEVERABLE_INVALID 0 // 0b00000000 @@ -320,33 +303,26 @@ typedef enum suit_parameter_key { SUIT_PARAMETER_VENDOR_IDENTIFIER = 1, SUIT_PARAMETER_CLASS_IDENTIFIER = 2, SUIT_PARAMETER_IMAGE_DIGEST = 3, - - /* draft-ietf-suit-update-management */ - SUIT_PARAMETER_USE_BEFORE = 4, - - /* draft-ietf-suit-manifest */ SUIT_PARAMETER_COMPONENT_SLOT = 5, - SUIT_PARAMETER_STRICT_ORDER = 12, SUIT_PARAMETER_SOFT_FAILURE = 13, SUIT_PARAMETER_IMAGE_SIZE = 14, SUIT_PARAMETER_CONTENT = 18, - - /* draft-ietf-suit-firmware-encryption */ - SUIT_PARAMETER_ENCRYPTION_INFO = 19, - - /* draft-ietf-suit-manifest */ SUIT_PARAMETER_URI = 21, SUIT_PARAMETER_SOURCE_COMPONENT = 22, SUIT_PARAMETER_INVOKE_ARGS = 23, SUIT_PARAMETER_DEVICE_IDENTIFIER = 24, + SUIT_PARAMETER_FETCH_ARGS = 30, /* XXX */ /* draft-ietf-suit-update-management */ + SUIT_PARAMETER_USE_BEFORE = 4, SUIT_PARAMETER_MINIMUM_BATTERY = 26, SUIT_PARAMETER_UPDATE_PRIORITY = 27, SUIT_PARAMETER_VERSION = 28, SUIT_PARAMETER_WAIT_INFO = 29, - SUIT_PARAMETER_FETCH_ARGS = 30, /* XXX */ + + /* draft-ietf-suit-firmware-encryption */ + SUIT_PARAMETER_ENCRYPTION_INFO = 19, } suit_parameter_key_t; /* draft-suit-manifest */ @@ -415,6 +391,7 @@ typedef enum suit_text_component_key { /* draft-ietf-suit-update-management */ SUIT_TEXT_VERSION_REQUIRED = 7, + SUIT_TEXT_CURRENT_VERSION = 8, } suit_text_component_key_t; /* for suit-parameter-strict-order */ @@ -592,9 +569,10 @@ typedef struct suit_text_component_pair { } suit_text_component_pair_t; /* - * SUIT_Text + * SUIT_Text_LMap */ -typedef struct suit_text { +typedef struct suit_text_lmap { + suit_buf_t tag38_ltag; size_t component_len; suit_text_component_pair_t component[SUIT_MAX_ARRAY_LENGTH]; suit_buf_t manifest_description; @@ -602,7 +580,15 @@ typedef struct suit_text { suit_buf_t manifest_json_source; suit_buf_t manifest_yaml_source; // TODO : $$suit-text-key-extensions -} suit_text_t; +} suit_text_lmap_t; + +/* + * SUIT_Text_Map + */ +typedef struct suit_text_map { + size_t text_lmaps_len; + suit_text_lmap_t text_lmaps[SUIT_MAX_ARRAY_LENGTH]; +} suit_text_map_t; /* * SUIT_Authentication_Wrapper @@ -623,7 +609,7 @@ typedef struct suit_severable_manifest_members { uint8_t payload_fetch_status; suit_command_sequence_t install; uint8_t install_status; - suit_text_t text; + suit_text_map_t text; uint8_t text_status; suit_buf_t coswid; uint8_t coswid_status; diff --git a/src/suit_manifest_decode.c b/src/suit_manifest_decode.c index b732cfd..3bb2ee5 100644 --- a/src/suit_manifest_decode.c +++ b/src/suit_manifest_decode.c @@ -1110,11 +1110,11 @@ suit_err_t suit_decode_text_component_from_item(QCBORDecodeContext *context, return result; } -suit_err_t suit_decode_text_from_item(const suit_decode_mode_t mode, - QCBORDecodeContext *context, - QCBORItem *item, - bool next, - suit_text_t *text) +suit_err_t suit_decode_text_lmap_from_item(const suit_decode_mode_t mode, + QCBORDecodeContext *context, + QCBORItem *item, + bool next, + suit_text_lmap_t *text_lmap) { /* NOTE: in QCBOR_DECODE_MODE_MAP_AS_ARRAY */ suit_err_t result = suit_qcbor_get(context, item, next, QCBOR_TYPE_MAP_AS_ARRAY); @@ -1123,7 +1123,7 @@ suit_err_t suit_decode_text_from_item(const suit_decode_mode_t mode, } size_t map_count = item->val.uCount; - text->component_len = 0; + text_lmap->component_len = 0; for (size_t i = 0; i < map_count; i += 2) { result = suit_qcbor_get_next(context, item, QCBOR_TYPE_ANY); if (result != SUIT_SUCCESS) { @@ -1133,18 +1133,18 @@ suit_err_t suit_decode_text_from_item(const suit_decode_mode_t mode, int64_t label = INT64_MIN; switch (item->uDataType) { case QCBOR_TYPE_ARRAY: - if (text->component_len >= SUIT_MAX_ARRAY_LENGTH) { + if (text_lmap->component_len >= SUIT_MAX_ARRAY_LENGTH) { return SUIT_ERR_NO_MEMORY; } - result = suit_decode_component_identifiers_from_item(mode, context, item, false, &text->component[text->component_len].key); + result = suit_decode_component_identifiers_from_item(mode, context, item, false, &text_lmap->component[text_lmap->component_len].key); if (result != SUIT_SUCCESS) { return result; } - result = suit_decode_text_component_from_item(context, item, true, &text->component[text->component_len].text_component); + result = suit_decode_text_component_from_item(context, item, true, &text_lmap->component[text_lmap->component_len].text_component); if (result != SUIT_SUCCESS) { return result; } - text->component_len++; + text_lmap->component_len++; break; case QCBOR_TYPE_INT64: if (label > item->val.int64 && !mode.ALLOW_NOT_CANONICAL_CBOR) { @@ -1159,20 +1159,20 @@ suit_err_t suit_decode_text_from_item(const suit_decode_mode_t mode, } switch (label) { case SUIT_TEXT_MANIFEST_DESCRIPTION: - text->manifest_description.ptr = (uint8_t *)item->val.string.ptr; - text->manifest_description.len = item->val.string.len; + text_lmap->manifest_description.ptr = (uint8_t *)item->val.string.ptr; + text_lmap->manifest_description.len = item->val.string.len; break; case SUIT_TEXT_UPDATE_DESCRIPTION: - text->update_description.ptr = (uint8_t *)item->val.string.ptr; - text->update_description.len = item->val.string.len; + text_lmap->update_description.ptr = (uint8_t *)item->val.string.ptr; + text_lmap->update_description.len = item->val.string.len; break; case SUIT_TEXT_MANIFEST_JSON_SOURCE: - text->manifest_json_source.ptr = (uint8_t *)item->val.string.ptr; - text->manifest_json_source.len = item->val.string.len; + text_lmap->manifest_json_source.ptr = (uint8_t *)item->val.string.ptr; + text_lmap->manifest_json_source.len = item->val.string.len; break; case SUIT_TEXT_MANIFEST_YAML_SOURCE: - text->manifest_yaml_source.ptr = (uint8_t *)item->val.string.ptr; - text->manifest_yaml_source.len = item->val.string.len; + text_lmap->manifest_yaml_source.ptr = (uint8_t *)item->val.string.ptr; + text_lmap->manifest_yaml_source.len = item->val.string.len; break; default: return SUIT_ERR_NOT_IMPLEMENTED; @@ -1188,11 +1188,43 @@ suit_err_t suit_decode_text_from_item(const suit_decode_mode_t mode, return result; } +suit_err_t suit_decode_text_map_from_item(const suit_decode_mode_t mode, + QCBORDecodeContext *context, + QCBORItem *item, + bool next, + suit_text_map_t *text_map) +{ + /* NOTE: in QCBOR_DECODE_MODE_MAP_AS_ARRAY */ + suit_err_t result = suit_qcbor_get(context, item, next, QCBOR_TYPE_MAP_AS_ARRAY); + if (result != SUIT_SUCCESS) { + return result; + } + if (item->val.uCount > SUIT_MAX_ARRAY_LENGTH || item->val.uCount % 2 != 0) { + return SUIT_ERR_NO_MEMORY; + } + + text_map->text_lmaps_len = item->val.uCount / 2; + for (size_t i = 0; i < text_map->text_lmaps_len; i++) { + /* get tag38_ltag */ + result = suit_qcbor_get_next(context, item, QCBOR_TYPE_TEXT_STRING); + if (result != SUIT_SUCCESS) { + return result; + } + text_map->text_lmaps[i].tag38_ltag = (suit_buf_t){.ptr = (uint8_t *)item->val.string.ptr, .len = item->val.string.len}; + + result = suit_decode_text_lmap_from_item(mode, context, item, next, &text_map->text_lmaps[i]); + if (result != SUIT_SUCCESS) { + return result; + } + } + return result; +} + suit_err_t suit_decode_text_from_bstr(const suit_decode_mode_t mode, QCBORDecodeContext *context, QCBORItem *item, bool next, - suit_text_t *text) + suit_text_map_t *text_map) { suit_err_t result = suit_qcbor_get(context, item, next, QCBOR_TYPE_BYTE_STRING); QCBORDecodeContext text_context; @@ -1202,7 +1234,7 @@ suit_err_t suit_decode_text_from_bstr(const suit_decode_mode_t mode, QCBORDecode_Init(&text_context, (UsefulBufC){item->val.string.ptr, item->val.string.len}, QCBOR_DECODE_MODE_MAP_AS_ARRAY); - result = suit_decode_text_from_item(mode, &text_context, item, true, text); + result = suit_decode_text_map_from_item(mode, &text_context, item, true, text_map); QCBORError error = QCBORDecode_Finish(&text_context); if (error != QCBOR_SUCCESS && result == SUIT_SUCCESS) { result = suit_error_from_qcbor_error(error); diff --git a/src/suit_manifest_encode.c b/src/suit_manifest_encode.c index 4855cbe..c25ae9b 100644 --- a/src/suit_manifest_encode.c +++ b/src/suit_manifest_encode.c @@ -668,72 +668,104 @@ suit_err_t suit_encode_common(const suit_common_t *suit_common, } #if !defined(LIBCSUIT_DISABLE_MANIFEST_TEXT) -suit_err_t suit_encode_text(const suit_text_t *text, - suit_encode_t *suit_encode, - UsefulBuf *buf) +suit_err_t suit_encode_text_lmap(const suit_text_lmap_t *text, + UsefulBuf tag38_buf, + QCBOREncodeContext *context) { - suit_err_t result; - UsefulBuf tmp_buf; - result = suit_use_suit_encode_buf(suit_encode, 0, &tmp_buf); - if (result != SUIT_SUCCESS) { - return result; + suit_err_t result = SUIT_SUCCESS; + if (text->tag38_ltag.len + 1 > tag38_buf.len) { + return SUIT_ERR_NO_MEMORY; } - QCBOREncodeContext context; - QCBOREncode_Init(&context, tmp_buf); + memcpy(tag38_buf.ptr, text->tag38_ltag.ptr, text->tag38_ltag.len); + ((char *)tag38_buf.ptr)[text->tag38_ltag.len] = '\0'; + QCBOREncode_OpenMapInMap(context, tag38_buf.ptr); - QCBOREncode_OpenMap(&context); // SUIT_Text_Keys : tstr if (text->manifest_description.len > 0) { - QCBOREncode_AddTextToMapN(&context, SUIT_TEXT_MANIFEST_DESCRIPTION, (UsefulBufC){.ptr = text->manifest_description.ptr, .len = text->manifest_description.len}); + QCBOREncode_AddTextToMapN(context, SUIT_TEXT_MANIFEST_DESCRIPTION, (UsefulBufC){.ptr = text->manifest_description.ptr, .len = text->manifest_description.len}); } if (text->update_description.len > 0) { - QCBOREncode_AddTextToMapN(&context, SUIT_TEXT_MANIFEST_DESCRIPTION, (UsefulBufC){.ptr = text->update_description.ptr, .len = text->manifest_description.len}); + QCBOREncode_AddTextToMapN(context, SUIT_TEXT_MANIFEST_DESCRIPTION, (UsefulBufC){.ptr = text->update_description.ptr, .len = text->manifest_description.len}); } if (text->manifest_json_source.len > 0) { - QCBOREncode_AddTextToMapN(&context, SUIT_TEXT_MANIFEST_DESCRIPTION, (UsefulBufC){.ptr = text->manifest_json_source.ptr, .len = text->manifest_description.len}); + QCBOREncode_AddTextToMapN(context, SUIT_TEXT_MANIFEST_DESCRIPTION, (UsefulBufC){.ptr = text->manifest_json_source.ptr, .len = text->manifest_description.len}); } if (text->manifest_yaml_source.len > 0) { - QCBOREncode_AddTextToMapN(&context, SUIT_TEXT_MANIFEST_DESCRIPTION, (UsefulBufC){.ptr = text->manifest_yaml_source.ptr, .len = text->manifest_description.len}); + QCBOREncode_AddTextToMapN(context, SUIT_TEXT_MANIFEST_DESCRIPTION, (UsefulBufC){.ptr = text->manifest_yaml_source.ptr, .len = text->manifest_description.len}); } // TODO suit-text-key-extensions // SUIT_Component_Identifier : {} for (size_t i = 0; i < text->component_len; i++) { const suit_component_identifier_t *component = &text->component[i].key; - QCBOREncode_OpenArray(&context); + QCBOREncode_OpenArray(context); for (size_t j = 0; j < component->len; j++) { - QCBOREncode_AddBytes(&context, (UsefulBufC){.ptr = component->identifier[j].ptr, .len = component->identifier[j].len}); + QCBOREncode_AddBytes(context, (UsefulBufC){.ptr = component->identifier[j].ptr, .len = component->identifier[j].len}); } - QCBOREncode_CloseArray(&context); - QCBOREncode_OpenMap(&context); + QCBOREncode_CloseArray(context); + QCBOREncode_OpenMap(context); const suit_text_component_t *text_component = &text->component[i].text_component; if (text_component->vendor_name.len > 0) { - QCBOREncode_AddTextToMapN(&context, SUIT_TEXT_VENDOR_NAME, (UsefulBufC){.ptr = text_component->vendor_name.ptr, .len = text_component->vendor_name.len}); + QCBOREncode_AddTextToMapN(context, SUIT_TEXT_VENDOR_NAME, (UsefulBufC){.ptr = text_component->vendor_name.ptr, .len = text_component->vendor_name.len}); } if (text_component->model_name.len > 0) { - QCBOREncode_AddTextToMapN(&context, SUIT_TEXT_MODEL_NAME, (UsefulBufC){.ptr = text_component->model_name.ptr, .len = text_component->model_name.len}); + QCBOREncode_AddTextToMapN(context, SUIT_TEXT_MODEL_NAME, (UsefulBufC){.ptr = text_component->model_name.ptr, .len = text_component->model_name.len}); } if (text_component->vendor_domain.len > 0) { - QCBOREncode_AddTextToMapN(&context, SUIT_TEXT_VENDOR_DOMAIN, (UsefulBufC){.ptr = text_component->vendor_domain.ptr, .len = text_component->vendor_domain.len}); + QCBOREncode_AddTextToMapN(context, SUIT_TEXT_VENDOR_DOMAIN, (UsefulBufC){.ptr = text_component->vendor_domain.ptr, .len = text_component->vendor_domain.len}); } if (text_component->model_info.len > 0) { - QCBOREncode_AddTextToMapN(&context, SUIT_TEXT_MODEL_INFO, (UsefulBufC){.ptr = text_component->model_info.ptr, .len = text_component->model_info.len}); + QCBOREncode_AddTextToMapN(context, SUIT_TEXT_MODEL_INFO, (UsefulBufC){.ptr = text_component->model_info.ptr, .len = text_component->model_info.len}); } if (text_component->component_description.len > 0) { - QCBOREncode_AddTextToMapN(&context, SUIT_TEXT_COMPONENT_DESCRIPTION, (UsefulBufC){.ptr = text_component->component_description.ptr, .len = text_component->component_description.len}); + QCBOREncode_AddTextToMapN(context, SUIT_TEXT_COMPONENT_DESCRIPTION, (UsefulBufC){.ptr = text_component->component_description.ptr, .len = text_component->component_description.len}); } if (text_component->component_version.len > 0) { - QCBOREncode_AddTextToMapN(&context, SUIT_TEXT_COMPONENT_VERSION, (UsefulBufC){.ptr = text_component->component_version.ptr, .len = text_component->component_version.len}); + QCBOREncode_AddTextToMapN(context, SUIT_TEXT_COMPONENT_VERSION, (UsefulBufC){.ptr = text_component->component_version.ptr, .len = text_component->component_version.len}); } /* in draft-ietf-suit-update-management */ if (text_component->version_required.len > 0) { - QCBOREncode_AddTextToMapN(&context, SUIT_TEXT_VERSION_REQUIRED, (UsefulBufC){.ptr = text_component->version_required.ptr, .len = text_component->version_required.len}); + QCBOREncode_AddTextToMapN(context, SUIT_TEXT_VERSION_REQUIRED, (UsefulBufC){.ptr = text_component->version_required.ptr, .len = text_component->version_required.len}); } // TODO suit-text-component-key-extensions - QCBOREncode_CloseMap(&context); + QCBOREncode_CloseMap(context); } - QCBOREncode_CloseMap(&context); + QCBOREncode_CloseMap(context); + + return result; +} + +suit_err_t suit_encode_text(const suit_text_map_t *text, + suit_encode_t *suit_encode, + UsefulBuf *buf) +{ + suit_err_t result = SUIT_SUCCESS; + UsefulBuf tag38_buf; + result = suit_use_suit_encode_buf(suit_encode, SUIT_MAX_NAME_LENGTH, &tag38_buf); + if (result != SUIT_SUCCESS) { + return result; + } + result = suit_fix_suit_encode_buf(suit_encode, SUIT_MAX_NAME_LENGTH); + if (result != SUIT_SUCCESS) { + return result; + } + + UsefulBuf tmp_buf; + result = suit_use_suit_encode_buf(suit_encode, 0, &tmp_buf); + if (result != SUIT_SUCCESS) { + return result; + } + QCBOREncodeContext context; + QCBOREncode_Init(&context, tmp_buf); + QCBOREncode_OpenMap(&context); + for (size_t i = 0; i < text->text_lmaps_len; i++) { + result = suit_encode_text_lmap(&text->text_lmaps[i], tag38_buf, &context); + if (result != SUIT_SUCCESS) { + return result; + } + } + QCBOREncode_CloseMap(&context); UsefulBufC t_buf; QCBORError error = QCBOREncode_Finish(&context, &t_buf); if (error != QCBOR_SUCCESS) { @@ -743,7 +775,7 @@ suit_err_t suit_encode_text(const suit_text_t *text, return suit_fix_suit_encode_buf(suit_encode, t_buf.len); } -suit_err_t suit_encode_text_bstr(const suit_text_t *text, +suit_err_t suit_encode_text_bstr(const suit_text_map_t *text, suit_encode_t *suit_encode, UsefulBuf *buf) { diff --git a/src/suit_manifest_print.c b/src/suit_manifest_print.c index fe3f121..f044624 100644 --- a/src/suit_manifest_print.c +++ b/src/suit_manifest_print.c @@ -794,11 +794,19 @@ suit_err_t suit_print_encryption_info(const suit_buf_t *encryption_info, printf("[\n"); size_t cose_struct_len = item.val.uCount; - printf("%*s/ protected: / << ", indent_space + indent_delta, ""); - QCBORDecode_EnterBstrWrapped(&context, QCBOR_TAG_REQUIREMENT_NOT_A_TAG, NULL); - suit_print_cose_header(&context, indent_space + indent_delta, indent_delta); - QCBORDecode_ExitBstrWrapped(&context); - printf(" >>,\n"); + QCBORDecode_PeekNext(&context, &item); + printf("%*s/ protected: / ", indent_space + indent_delta, ""); + if (item.val.string.len > 0) { + printf("<< "); + QCBORDecode_EnterBstrWrapped(&context, QCBOR_TAG_REQUIREMENT_NOT_A_TAG, NULL); + suit_print_cose_header(&context, indent_space + indent_delta, indent_delta); + QCBORDecode_ExitBstrWrapped(&context); + printf(" >>,\n"); + } + else { + QCBORDecode_GetNext(&context, &item); + printf("h'',\n"); + } printf("%*s/ unprotected: / ", indent_space + indent_delta, ""); suit_print_cose_header(&context, indent_space + indent_delta, indent_delta); @@ -836,12 +844,18 @@ suit_err_t suit_print_encryption_info(const suit_buf_t *encryption_info, return SUIT_ERR_FATAL; } printf("%*s[\n", indent_space + 2 * indent_delta, ""); - printf("%*s/ protected: / << ", indent_space + 3 * indent_delta, ""); - QCBORDecode_EnterBstrWrapped(&context, QCBOR_TAG_REQUIREMENT_NOT_A_TAG, NULL); - suit_print_cose_header(&context, indent_space + 3 * indent_delta, indent_delta); - QCBORDecode_ExitBstrWrapped(&context); - printf(" >>,\n"); - + printf("%*s/ protected: / ", indent_space + 3 * indent_delta, ""); + if (item.val.string.len > 0) { + printf("<< "); + QCBORDecode_EnterBstrWrapped(&context, QCBOR_TAG_REQUIREMENT_NOT_A_TAG, NULL); + suit_print_cose_header(&context, indent_space + 3 * indent_delta, indent_delta); + QCBORDecode_ExitBstrWrapped(&context); + printf(" >>,\n"); + } + else { + QCBORDecode_GetNext(&context, &item); + printf("h'',\n"); + } printf("%*s/ unprotected: / ", indent_space + 3 * indent_delta, ""); suit_print_cose_header(&context, indent_space + 3 * indent_delta, indent_delta); printf(",\n"); @@ -1547,7 +1561,7 @@ char *suit_str_member_is_verified(uint8_t status) return suit_str_verified(suit_is_severable_manifest_member_verified(status)); } -bool suit_text_have_something_to_print(const suit_text_t *text) +bool suit_text_have_something_to_print(const suit_text_lmap_t *text) { return (text->manifest_description.ptr != NULL || text->update_description.ptr != NULL || @@ -1556,9 +1570,9 @@ bool suit_text_have_something_to_print(const suit_text_t *text) text->component_len > 0); } -suit_err_t suit_print_text(const suit_text_t *text, - const uint32_t indent_space, - const uint32_t indent_delta) +suit_err_t suit_print_text_lmap(const suit_text_lmap_t *text, + const uint32_t indent_space, + const uint32_t indent_delta) { if (text == NULL) { return SUIT_ERR_FATAL; @@ -1628,6 +1642,28 @@ suit_err_t suit_print_text(const suit_text_t *text, return SUIT_SUCCESS; } +suit_err_t suit_print_text(const suit_text_map_t *text, + const uint32_t indent_space, + const uint32_t indent_delta) +{ + bool comma = false; + for (size_t i = 0; i < text->text_lmaps_len; i++) { + const suit_text_lmap_t *lmap = &text->text_lmaps[i]; + if (comma) { + printf(",\n"); + } + + printf("%*s\"%.*s\": {\n", indent_space + indent_delta, "", (int)lmap->tag38_ltag.len, lmap->tag38_ltag.ptr); + suit_err_t result = suit_print_text_lmap(lmap, indent_space + indent_delta, indent_delta); + if (result != SUIT_SUCCESS) { + return result; + } + printf("%*s}", indent_space + indent_delta, ""); + } + printf("\n"); + return SUIT_SUCCESS; +} + suit_err_t suit_print_manifest(const suit_decode_mode_t mode, const suit_manifest_t *manifest, const uint32_t indent_space, diff --git a/testfiles/suit_manifest_exp0.cbor b/testfiles/suit_manifest_exp0.cbor index 915ab3d..49de7f7 100644 Binary files a/testfiles/suit_manifest_exp0.cbor and b/testfiles/suit_manifest_exp0.cbor differ diff --git a/testfiles/suit_manifest_exp0.md b/testfiles/suit_manifest_exp0.md index 46e22f6..126a43c 100644 --- a/testfiles/suit_manifest_exp0.md +++ b/testfiles/suit_manifest_exp0.md @@ -4,55 +4,71 @@ SPDX-License-Identifier: BSD-2-Clause --> -# SUIT Manifest - B.1. Example 0: Secure Boot - https://tools.ietf.org/html/draft-ietf-suit-manifest-19#appendix-B.1 - - -## CBOR Diagnostic - / SUIT_Envelope = / - 107({ - / authentication-wrapper / 2: << [ - / digest: / << [ - / algorithm-id: / -16 / SHA-256 /, - / digest-bytes: / h'6658ea560262696dd1f13b782239a064da7c6c5cbaf52fded428a6fc83c7e5af' - ] >>, - / signatures: / << 18([ - / protected: / << { - / alg / 1: -7 / ES256 / - } >>, - / unprotected: / { - }, - / payload: / null, - / signature: / h'68113f1e76731330fea16136cead2be4fa8d4bb3e327e3f9232eb4f13b5d118f2ea6e31d9a09a240f6f5770776916e15a4ebca1b6262cf6e40a44353bd8161d9' - ]) >> - ] >>, - / manifest / 3: << { - / manifest-version / 1: 1, - / manifest-sequence-number / 2: 0, - / common / 3: << { - / components / 2: [ - [h'00'] - ], - / shared-sequence / 4: << [ - / directive-override-parameters / 20, { - / vendor-id / 1: h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-be9d-e663e4d41ffe /, - / class-id / 2: h'1492af1425695e48bf429b2d51f2ab45' / 1492af14-2569-5e48-bf42-9b2d51f2ab45 /, - / image-digest / 3: << [ - / algorithm-id: / -16 / SHA-256 /, - / digest-bytes: / h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210' - ] >>, - / image-size / 14: 34768 - }, - / condition-vendor-identifier / 1, 15, - / condition-class-identifier / 2, 15 - ] >> - } >>, - / validate / 7: << [ - / condition-image-match / 3, 15 - ] >>, - / invoke / 9: << [ - / directive-invoke / 23, 2 - ] >> - } >> - }) +## B.1. Example 0: Secure Boot +https://tools.ietf.org/html/draft-ietf-suit-manifest-27#appendix-B.1 + +{: numbered='no'} + +### CBOR Diagnostic Notation of SUIT Manifest +{: numbered='no'} + +~~~~ +/ SUIT_Envelope = / 107({ + / authentication-wrapper / 2: << [ + << [ + / digest-algorithm-id: / -16 / SHA256 /, + / digest-bytes: / h'6658EA560262696DD1F13B782239A064DA7C6C5CBAF52FDED428A6FC83C7E5AF' + ] >>, + << / COSE_Sign1_Tagged / 18([ + / protected: / << { + / algorithm-id / 1: -7 / ES256 / + } >>, + / unprotected: / {}, + / payload: / null, + / signature: / h'6C56F1463DE7D83C945B88BCEB0797958938942A71B2B4A7DFFE2B4E8F07B91DD4EE3C6C48F869E668F6CE9113C32DE6B2B17DBCABDCAD5588102D486C3884DF' + ]) >> + ] >>, + / manifest / 3: << { + / manifest-version / 1: 1, + / manifest-sequence-number / 2: 0, + / common / 3: << { + / components / 2: [ + [h'00'] + ], + / shared-sequence / 4: << [ + / directive-override-parameters / 20, { + / vendor-id / 1: h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-be9d-e663e4d41ffe /, + / class-id / 2: h'1492af1425695e48bf429b2d51f2ab45' / 1492af14-2569-5e48-bf42-9b2d51f2ab45 /, + / image-digest / 3: << [ + / algorithm-id: / -16 / SHA-256 /, + / digest-bytes: / h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210' + ] >>, + / image-size / 14: 34768 + }, + / condition-vendor-identifier / 1, 15, + / condition-class-identifier / 2, 15 + ] >> + } >>, + / validate / 7: << [ + / condition-image-match / 3, 15 + ] >>, + / invoke / 9: << [ + / directive-invoke / 23, 2 + ] >> + } >> +})~~~~ + + +### CBOR Binary in Hex +{: numbered='no'} + +~~~~ +D86BA2025873825824822F58206658EA560262696DD1F13B782239A064DA +7C6C5CBAF52FDED428A6FC83C7E5AF584AD28443A10126A0F658406C56F1 +463DE7D83C945B88BCEB0797958938942A71B2B4A7DFFE2B4E8F07B91DD4 +EE3C6C48F869E668F6CE9113C32DE6B2B17DBCABDCAD5588102D486C3884 +DF035871A50101020003585FA202818141000458568614A40150FA6B4A53 +D5AD5FDFBE9DE663E4D41FFE02501492AF1425695E48BF429B2D51F2AB45 +035824822F582000112233445566778899AABBCCDDEEFF0123456789ABCD +EFFEDCBA98765432100E1987D0010F020F074382030F0943821702 +~~~~ diff --git a/testfiles/suit_manifest_exp1.cbor b/testfiles/suit_manifest_exp1.cbor index 25104ed..6f618a1 100644 Binary files a/testfiles/suit_manifest_exp1.cbor and b/testfiles/suit_manifest_exp1.cbor differ diff --git a/testfiles/suit_manifest_exp1.md b/testfiles/suit_manifest_exp1.md index f5c3514..2afd943 100644 --- a/testfiles/suit_manifest_exp1.md +++ b/testfiles/suit_manifest_exp1.md @@ -4,59 +4,77 @@ SPDX-License-Identifier: BSD-2-Clause --> -# SUIT Manifest - B.2. Example 1: Simultaneous Download and Installation of Payload - https://tools.ietf.org/html/draft-ietf-suit-manifest-19#appendix-B.2 - - -## CBOR Diagnostic - / SUIT_Envelope = / - 107({ - / authentication-wrapper / 2: << [ - / digest: / << [ - / algorithm-id: / -16 / SHA-256 /, - / digest-bytes: / h'ef14b7091e8adae8aa3bb6fca1d64fb37e19dcf8b35714cfdddc5968c80ff50e' - ] >>, - / signatures: / << 18([ - / protected: / << { - / alg / 1: -7 / ES256 / - } >>, - / unprotected: / { - }, - / payload: / null, - / signature: / h'11b434a425e02f8ca4459c61a85b1407325b6d686ead7ab50c1fcb9501a54520dd07146c733628bbeaa42752fab0cb828d8b41f253813e2132977a6be244c3bf' - ]) >> - ] >>, - / manifest / 3: << { - / manifest-version / 1: 1, - / manifest-sequence-number / 2: 1, - / common / 3: << { - / components / 2: [ - [h'00'] - ], - / shared-sequence / 4: << [ - / directive-override-parameters / 20, { - / vendor-id / 1: h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-be9d-e663e4d41ffe /, - / class-id / 2: h'1492af1425695e48bf429b2d51f2ab45' / 1492af14-2569-5e48-bf42-9b2d51f2ab45 /, - / image-digest / 3: << [ - / algorithm-id: / -16 / SHA-256 /, - / digest-bytes: / h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210' - ] >>, - / image-size / 14: 34768 - }, - / condition-vendor-identifier / 1, 15, - / condition-class-identifier / 2, 15 - ] >> - } >>, - / validate / 7: << [ - / condition-image-match / 3, 15 - ] >>, - / install / 17: << [ - / directive-override-parameters / 20, { - / uri / 21: "http://example.com/file.bin" - }, - / directive-fetch / 21, 2, - / condition-image-match / 3, 15 - ] >> - } >> - }) +## B.2. Example 1: Simultaneous Download and Installation of Payload +https://tools.ietf.org/html/draft-ietf-suit-manifest-27#appendix-B.2 + +{: numbered='no'} + +### CBOR Diagnostic Notation of SUIT Manifest +{: numbered='no'} + +~~~~ +/ SUIT_Envelope = / 107({ + / authentication-wrapper / 2: << [ + << [ + / digest-algorithm-id: / -16 / SHA256 /, + / digest-bytes: / h'1F2E7ACCA0DC2786F2FE4EB947F50873A6A3CFAA98866C5B02E621F42074DAF2' + ] >>, + << / COSE_Sign1_Tagged / 18([ + / protected: / << { + / algorithm-id / 1: -7 / ES256 / + } >>, + / unprotected: / {}, + / payload: / null, + / signature: / h'0D4AFA637ECA6D7B4970DC85926001B42B8E1B96D512CA065E8BD0028B67E04561A2993414C9F2649ED78B37E6F2DD02D147D14BBCBBE25C5982265B5B812062' + ]) >> + ] >>, + / manifest / 3: << { + / manifest-version / 1: 1, + / manifest-sequence-number / 2: 1, + / common / 3: << { + / components / 2: [ + [h'00'] + ], + / shared-sequence / 4: << [ + / directive-override-parameters / 20, { + / vendor-id / 1: h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-be9d-e663e4d41ffe /, + / class-id / 2: h'1492af1425695e48bf429b2d51f2ab45' / 1492af14-2569-5e48-bf42-9b2d51f2ab45 /, + / image-digest / 3: << [ + / algorithm-id: / -16 / SHA-256 /, + / digest-bytes: / h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210' + ] >>, + / image-size / 14: 34768 + }, + / condition-vendor-identifier / 1, 15, + / condition-class-identifier / 2, 15 + ] >> + } >>, + / validate / 7: << [ + / condition-image-match / 3, 15 + ] >>, + / install / 20: << [ + / directive-override-parameters / 20, { + / uri / 21: "http://example.com/file.bin" + }, + / directive-fetch / 21, 2, + / condition-image-match / 3, 15 + ] >> + } >> +})~~~~ + + +### CBOR Binary in Hex +{: numbered='no'} + +~~~~ +D86BA2025873825824822F58201F2E7ACCA0DC2786F2FE4EB947F50873A6 +A3CFAA98866C5B02E621F42074DAF2584AD28443A10126A0F658400D4AFA +637ECA6D7B4970DC85926001B42B8E1B96D512CA065E8BD0028B67E04561 +A2993414C9F2649ED78B37E6F2DD02D147D14BBCBBE25C5982265B5B8120 +62035894A50101020103585FA202818141000458568614A40150FA6B4A53 +D5AD5FDFBE9DE663E4D41FFE02501492AF1425695E48BF429B2D51F2AB45 +035824822F582000112233445566778899AABBCCDDEEFF0123456789ABCD +EFFEDCBA98765432100E1987D0010F020F074382030F1458258614A11578 +1B687474703A2F2F6578616D706C652E636F6D2F66696C652E62696E1502 +030F +~~~~ diff --git a/testfiles/suit_manifest_exp2A.cbor b/testfiles/suit_manifest_exp2A.cbor index 4095ea9..d4ba758 100644 Binary files a/testfiles/suit_manifest_exp2A.cbor and b/testfiles/suit_manifest_exp2A.cbor differ diff --git a/testfiles/suit_manifest_exp2B.cbor b/testfiles/suit_manifest_exp2B.cbor index b3f758d..f9b6a38 100644 Binary files a/testfiles/suit_manifest_exp2B.cbor and b/testfiles/suit_manifest_exp2B.cbor differ diff --git a/testfiles/suit_manifest_exp3.cbor b/testfiles/suit_manifest_exp3.cbor index 048e794..ff5c7eb 100644 Binary files a/testfiles/suit_manifest_exp3.cbor and b/testfiles/suit_manifest_exp3.cbor differ diff --git a/testfiles/suit_manifest_exp3.md b/testfiles/suit_manifest_exp3.md index 4b4fcc7..f1b4cc4 100644 --- a/testfiles/suit_manifest_exp3.md +++ b/testfiles/suit_manifest_exp3.md @@ -4,99 +4,122 @@ SPDX-License-Identifier: BSD-2-Clause --> -# SUIT Manifest - B.4. Example 3: A/B images - https://tools.ietf.org/html/draft-ietf-suit-manifest-19#appendix-B.4 +## B.4. Example 3: A/B images +https://tools.ietf.org/html/draft-ietf-suit-manifest-27#appendix-B.4 +{: numbered='no'} -## CBOR Diagnostic - / SUIT_Envelope = / - 107({ - / authentication-wrapper / 2: << [ - / digest: / << [ +### CBOR Diagnostic Notation of SUIT Manifest +{: numbered='no'} + +~~~~ +/ SUIT_Envelope = / 107({ + / authentication-wrapper / 2: << [ + << [ + / digest-algorithm-id: / -16 / SHA256 /, + / digest-bytes: / h'F6D44A62EC906B392500C242E78E908E9CC5057F3F04104A06A8566200DA2EE0' + ] >>, + << / COSE_Sign1_Tagged / 18([ + / protected: / << { + / algorithm-id / 1: -7 / ES256 / + } >>, + / unprotected: / {}, + / payload: / null, + / signature: / h'1B5E052F3E8B2AAD1330B1B1D9055B1EF2BBB8AEA0841034D3CD7906AABB723A91A218E7E23C96F8973DDC88D0A31C25FC18D52BA1F2712198E618CECDD30718' + ]) >> + ] >>, + / manifest / 3: << { + / manifest-version / 1: 1, + / manifest-sequence-number / 2: 3, + / common / 3: << { + / components / 2: [ + [h'00'] + ], + / shared-sequence / 4: << [ + / directive-override-parameters / 20, { + / vendor-id / 1: h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-be9d-e663e4d41ffe /, + / class-id / 2: h'1492af1425695e48bf429b2d51f2ab45' / 1492af14-2569-5e48-bf42-9b2d51f2ab45 / + }, + / directive-try-each / 15, [ + << [ + / directive-override-parameters / 20, { + / component-slot / 5: 0 + }, + / condition-component-slot / 5, 5, + / directive-override-parameters / 20, { + / image-digest / 3: << [ + / algorithm-id: / -16 / SHA-256 /, + / digest-bytes: / h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210' + ] >>, + / image-size / 14: 34768 + } + ] >>, + << [ + / directive-override-parameters / 20, { + / component-slot / 5: 1 + }, + / condition-component-slot / 5, 5, + / directive-override-parameters / 20, { + / image-digest / 3: << [ / algorithm-id: / -16 / SHA-256 /, - / digest-bytes: / h'b3e6a52776bf3ed218feba031c609c98260e1a52fc1f019683edb6d1c5c4a379' - ] >>, - / signatures: / << 18([ - / protected: / << { - / alg / 1: -7 / ES256 / - } >>, - / unprotected: / { - }, - / payload: / null, - / signature: / h'9ff1d63474897d302f7ec4ab98cb07e22c9853b92a56e3ec9286a4e248d4ac59665de35824c1caad4b056b35e8a40c60086f36eb519e31c7710db4fdc0b99eff' - ]) >> + / digest-bytes: / h'0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff' + ] >>, + / image-size / 14: 76834 + } + ] >> + ], + / condition-vendor-identifier / 1, 15, + / condition-class-identifier / 2, 15 + ] >> + } >>, + / validate / 7: << [ + / condition-image-match / 3, 15 + ] >>, + / install / 20: << [ + / directive-try-each / 15, [ + << [ + / directive-override-parameters / 20, { + / component-slot / 5: 0 + }, + / condition-component-slot / 5, 5, + / directive-override-parameters / 20, { + / uri / 21: "http://example.com/file1.bin" + } ] >>, - / manifest / 3: << { - / manifest-version / 1: 1, - / manifest-sequence-number / 2: 3, - / common / 3: << { - / components / 2: [ - [h'00'] - ], - / shared-sequence / 4: << [ - / directive-override-parameters / 20, { - / vendor-id / 1: h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-be9d-e663e4d41ffe /, - / class-id / 2: h'1492af1425695e48bf429b2d51f2ab45' / 1492af14-2569-5e48-bf42-9b2d51f2ab45 / - }, - / directive-try-each / 15, [ - << [ - / directive-override-parameters / 20, { - / component-slot / 5: 0 - }, - / condition-component-slot / 5, 5, - / directive-override-parameters / 20, { - / image-digest / 3: << [ - / algorithm-id: / -16 / SHA-256 /, - / digest-bytes: / h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210' - ] >>, - / image-size / 14: 34768 - } - ] >>, - << [ - / directive-override-parameters / 20, { - / component-slot / 5: 1 - }, - / condition-component-slot / 5, 5, - / directive-override-parameters / 20, { - / image-digest / 3: << [ - / algorithm-id: / -16 / SHA-256 /, - / digest-bytes: / h'0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff' - ] >>, - / image-size / 14: 76834 - } - ] >> - ], - / condition-vendor-identifier / 1, 15, - / condition-class-identifier / 2, 15 - ] >> - } >>, - / validate / 7: << [ - / condition-image-match / 3, 15 - ] >>, - / install / 17: << [ - / directive-try-each / 15, [ - << [ - / directive-override-parameters / 20, { - / component-slot / 5: 0 - }, - / condition-component-slot / 5, 5, - / directive-override-parameters / 20, { - / uri / 21: "http://example.com/file1.bin" - } - ] >>, - << [ - / directive-override-parameters / 20, { - / component-slot / 5: 1 - }, - / condition-component-slot / 5, 5, - / directive-override-parameters / 20, { - / uri / 21: "http://example.com/file2.bin" - } - ] >> - ], - / directive-fetch / 21, 2, - / condition-image-match / 3, 15 - ] >> - } >> - }) + << [ + / directive-override-parameters / 20, { + / component-slot / 5: 1 + }, + / condition-component-slot / 5, 5, + / directive-override-parameters / 20, { + / uri / 21: "http://example.com/file2.bin" + } + ] >> + ], + / directive-fetch / 21, 2, + / condition-image-match / 3, 15 + ] >> + } >> +}) +~~~~ + + +### CBOR Binary in Hex +{: numbered='no'} + +~~~~ +D86BA2025873825824822F5820F6D44A62EC906B392500C242E78E908E9C +C5057F3F04104A06A8566200DA2EE0584AD28443A10126A0F658401B5E05 +2F3E8B2AAD1330B1B1D9055B1EF2BBB8AEA0841034D3CD7906AABB723A91 +A218E7E23C96F8973DDC88D0A31C25FC18D52BA1F2712198E618CECDD307 +180359010FA5010102030358A4A2028181410004589B8814A20150FA6B4A +53D5AD5FDFBE9DE663E4D41FFE02501492AF1425695E48BF429B2D51F2AB +450F8258348614A10500050514A2035824822F5820001122334455667788 +99AABBCCDDEEFF0123456789ABCDEFFEDCBA98765432100E1987D0583686 +14A10501050514A2035824822F58200123456789ABCDEFFEDCBA98765432 +1000112233445566778899AABBCCDDEEFF0E1A00012C22010F020F074382 +030F14585B860F8258288614A10500050514A115781C687474703A2F2F65 +78616D706C652E636F6D2F66696C65312E62696E58288614A10501050514 +A115781C687474703A2F2F6578616D706C652E636F6D2F66696C65322E62 +696E1502030F +~~~~ diff --git a/testfiles/suit_manifest_exp4.cbor b/testfiles/suit_manifest_exp4.cbor index 34e075a..66f9f16 100644 Binary files a/testfiles/suit_manifest_exp4.cbor and b/testfiles/suit_manifest_exp4.cbor differ diff --git a/testfiles/suit_manifest_exp4.md b/testfiles/suit_manifest_exp4.md index fadc0ae..107ed95 100644 --- a/testfiles/suit_manifest_exp4.md +++ b/testfiles/suit_manifest_exp4.md @@ -4,93 +4,117 @@ SPDX-License-Identifier: BSD-2-Clause --> -# SUIT Manifest - B.5. Example 4: Load and Decompress from External Storage - https://tools.ietf.org/html/draft-ietf-suit-manifest-19#appendix-B.5 +## B.5. Example 4: Load from External Storage +https://tools.ietf.org/html/draft-ietf-suit-manifest-27#appendix-B.5 -## CBOR Diagnostic - / SUIT_Envelope = / - 107({ - / authentication-wrapper / 2: << [ - / digest: / << [ - / algorithm-id: / -16 / SHA-256 /, - / digest-bytes: / h'838eb848698c9d9dd29b5930102ea1f29743857d975f52ed4d19589b821e82cf' - ] >>, - / signatures: / << 18([ - / protected: / << { - / alg / 1: -7 / ES256 / - } >>, - / unprotected: / { - }, - / payload: / null, - / signature: / h'5ee9d2698734cef75582a2c188a328b06d414b20dff7043528045a3fc2bdcb6be36887e2dfdb6ea5ab91d74077a6cc806c4580026bfea22c4f3153e1d9692c5a' - ]) >> +{: numbered='no'} + +### CBOR Diagnostic Notation of SUIT Manifest +{: numbered='no'} + +~~~~ +/ SUIT_Envelope = / 107({ + / authentication-wrapper / 2: << [ + << [ + / digest-algorithm-id: / -16 / SHA256 /, + / digest-bytes: / h'5B5F6586B1E6CDF19EE479A5ADABF206581000BD584B0832A9BDAF4F72CDBDD6' + ] >>, + << / COSE_Sign1_Tagged / 18([ + / protected: / << { + / algorithm-id / 1: -7 / ES256 / + } >>, + / unprotected: / {}, + / payload: / null, + / signature: / h'EE5913F4D6DCF4CA278E363084C02378B6340138C3FB403C9A8A1F4B8C226FD247AE9D7D005BDF193F21DBACD8EDD908E7D80594AE1A657F97E14A02DEFBD5EE' + ]) >> + ] >>, + / manifest / 3: << { + / manifest-version / 1: 1, + / manifest-sequence-number / 2: 4, + / common / 3: << { + / components / 2: [ + [h'00'], + [h'02'], + [h'01'] + ], + / shared-sequence / 4: << [ + / directive-set-component-index / 12, 0, + / directive-override-parameters / 20, { + / vendor-id / 1: h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-be9d-e663e4d41ffe /, + / class-id / 2: h'1492af1425695e48bf429b2d51f2ab45' / 1492af14-2569-5e48-bf42-9b2d51f2ab45 /, + / image-digest / 3: << [ + / algorithm-id: / -16 / SHA-256 /, + / digest-bytes: / h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210' + ] >>, + / image-size / 14: 34768 + }, + / condition-vendor-identifier / 1, 15, + / condition-class-identifier / 2, 15 + ] >> + } >>, + / validate / 7: << [ + / directive-set-component-index / 12, 0, + / condition-image-match / 3, 15 + ] >>, + / load / 8: << [ + / directive-set-component-index / 12, 2, + / directive-override-parameters / 20, { + / image-digest / 3: << [ + / algorithm-id: / -16 / SHA-256 /, + / digest-bytes: / h'0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff' + ] >>, + / image-size / 14: 76834, + / source-component / 22: 0 + }, + / directive-copy / 22, 2, + / condition-image-match / 3, 15 + ] >>, + / invoke / 9: << [ + / directive-set-component-index / 12, 2, + / directive-invoke / 23, 2 + ] >>, + / payload-fetch / 16: << [ + / directive-set-component-index / 12, 1, + / directive-override-parameters / 20, { + / image-digest / 3: << [ + / algorithm-id: / -16 / SHA-256 /, + / digest-bytes: / h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210' ] >>, - / manifest / 3: << { - / manifest-version / 1: 1, - / manifest-sequence-number / 2: 4, - / common / 3: << { - / components / 2: [ - [h'00'], - [h'02'], - [h'01'] - ], - / shared-sequence / 4: << [ - / directive-set-component-index / 12, 0, - / directive-override-parameters / 20, { - / vendor-id / 1: h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-be9d-e663e4d41ffe /, - / class-id / 2: h'1492af1425695e48bf429b2d51f2ab45' / 1492af14-2569-5e48-bf42-9b2d51f2ab45 /, - / image-digest / 3: << [ - / algorithm-id: / -16 / SHA-256 /, - / digest-bytes: / h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210' - ] >>, - / image-size / 14: 34768 - }, - / condition-vendor-identifier / 1, 15, - / condition-class-identifier / 2, 15 - ] >> - } >>, - / validate / 7: << [ - / directive-set-component-index / 12, 0, - / condition-image-match / 3, 15 - ] >>, - / load / 8: << [ - / directive-set-component-index / 12, 2, - / directive-override-parameters / 20, { - / image-digest / 3: << [ - / algorithm-id: / -16 / SHA-256 /, - / digest-bytes: / h'0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff' - ] >>, - / image-size / 14: 76834, - / source-component / 22: 0 - }, - / directive-copy / 22, 2, - / condition-image-match / 3, 15 - ] >>, - / invoke / 9: << [ - / directive-set-component-index / 12, 2, - / directive-invoke / 23, 2 - ] >>, - / payload-fetch / 16: << [ - / directive-set-component-index / 12, 1, - / directive-override-parameters / 20, { - / image-digest / 3: << [ - / algorithm-id: / -16 / SHA-256 /, - / digest-bytes: / h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210' - ] >>, - / uri / 21: "http://example.com/file.bin" - }, - / directive-fetch / 21, 2, - / condition-image-match / 3, 15 - ] >>, - / install / 17: << [ - / directive-set-component-index / 12, 0, - / directive-override-parameters / 20, { - / source-component / 22: 1 - }, - / directive-copy / 22, 2, - / condition-image-match / 3, 15 - ] >> - } >> - }) + / uri / 21: "http://example.com/file.bin" + }, + / directive-fetch / 21, 2, + / condition-image-match / 3, 15 + ] >>, + / install / 20: << [ + / directive-set-component-index / 12, 0, + / directive-override-parameters / 20, { + / source-component / 22: 1 + }, + / directive-copy / 22, 2, + / condition-image-match / 3, 15 + ] >> + } >> +}) +~~~~ + + +### CBOR Binary in Hex +{: numbered='no'} + +~~~~ +D86BA2025873825824822F58205B5F6586B1E6CDF19EE479A5ADABF20658 +1000BD584B0832A9BDAF4F72CDBDD6584AD28443A10126A0F65840EE5913 +F4D6DCF4CA278E363084C02378B6340138C3FB403C9A8A1F4B8C226FD247 +AE9D7D005BDF193F21DBACD8EDD908E7D80594AE1A657F97E14A02DEFBD5 +EE03590116A801010204035867A20283814100814102814101045858880C +0014A40150FA6B4A53D5AD5FDFBE9DE663E4D41FFE02501492AF1425695E +48BF429B2D51F2AB45035824822F582000112233445566778899AABBCCDD +EEFF0123456789ABCDEFFEDCBA98765432100E1987D0010F020F0745840C +00030F085838880C0214A3035824822F58200123456789ABCDEFFEDCBA98 +7654321000112233445566778899AABBCCDDEEFF0E1A00012C2216001602 +030F0945840C02170210584E880C0114A2035824822F5820001122334455 +66778899AABBCCDDEEFF0123456789ABCDEFFEDCBA987654321015781B68 +7474703A2F2F6578616D706C652E636F6D2F66696C652E62696E1502030F +144B880C0014A116011602030F +~~~~ diff --git a/testfiles/suit_manifest_exp5.cbor b/testfiles/suit_manifest_exp5.cbor index aa5ec9a..4d53a00 100644 Binary files a/testfiles/suit_manifest_exp5.cbor and b/testfiles/suit_manifest_exp5.cbor differ diff --git a/testfiles/suit_manifest_exp5.md b/testfiles/suit_manifest_exp5.md index 04a1c7e..2cd672b 100644 --- a/testfiles/suit_manifest_exp5.md +++ b/testfiles/suit_manifest_exp5.md @@ -4,83 +4,106 @@ SPDX-License-Identifier: BSD-2-Clause --> -# SUIT Manifest - B.6. Example 5: Two Images - https://tools.ietf.org/html/draft-ietf-suit-manifest-19#appendix-B.6 +## B.6. Example 5: Two Images +https://tools.ietf.org/html/draft-ietf-suit-manifest-27#appendix-B.6 -## CBOR Diagnostic - / SUIT_Envelope = / - 107({ - / authentication-wrapper / 2: << [ - / digest: / << [ - / algorithm-id: / -16 / SHA-256 /, - / digest-bytes: / h'264dc89eb4a39ae7a8ed05e4d6232153bce4fb9a111a31310b90627d1edfc3bb' - ] >>, - / signatures: / << 18([ - / protected: / << { - / alg / 1: -7 / ES256 / - } >>, - / unprotected: / { - }, - / payload: / null, - / signature: / h'c0bf1b20b847292dc45015a013edbc56915b22fe81a8aec825eac2fb3b084fa6fa08761461987c92189ec6b8b5ab361d2588b05070b3ed03943549bafd355bf0' - ]) >> - ] >>, - / manifest / 3: << { - / manifest-version / 1: 1, - / manifest-sequence-number / 2: 5, - / common / 3: << { - / components / 2: [ - [h'00'], - [h'01'] - ], - / shared-sequence / 4: << [ - / directive-set-component-index / 12, 0, - / directive-override-parameters / 20, { - / vendor-id / 1: h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-be9d-e663e4d41ffe /, - / class-id / 2: h'1492af1425695e48bf429b2d51f2ab45' / 1492af14-2569-5e48-bf42-9b2d51f2ab45 /, - / image-digest / 3: << [ - / algorithm-id: / -16 / SHA-256 /, - / digest-bytes: / h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210' - ] >>, - / image-size / 14: 34768 - }, - / condition-vendor-identifier / 1, 15, - / condition-class-identifier / 2, 15, - / directive-set-component-index / 12, 1, - / directive-override-parameters / 20, { - / image-digest / 3: << [ - / algorithm-id: / -16 / SHA-256 /, - / digest-bytes: / h'0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff' - ] >>, - / image-size / 14: 76834 - } - ] >> - } >>, - / validate / 7: << [ - / directive-set-component-index / 12, 0, - / condition-image-match / 3, 15, - / directive-set-component-index / 12, 1, - / condition-image-match / 3, 15 - ] >>, - / invoke / 9: << [ - / directive-set-component-index / 12, 0, - / directive-invoke / 23, 2 - ] >>, - / install / 17: << [ - / directive-set-component-index / 12, 0, - / directive-override-parameters / 20, { - / uri / 21: "http://example.com/file1.bin" - }, - / directive-fetch / 21, 2, - / condition-image-match / 3, 15, - / directive-set-component-index / 12, 1, - / directive-override-parameters / 20, { - / uri / 21: "http://example.com/file2.bin" - }, - / directive-fetch / 21, 2, - / condition-image-match / 3, 15 - ] >> - } >> - }) +{: numbered='no'} + +### CBOR Diagnostic Notation of SUIT Manifest +{: numbered='no'} + +~~~~ +/ SUIT_Envelope = / 107({ + / authentication-wrapper / 2: << [ + << [ + / digest-algorithm-id: / -16 / SHA256 /, + / digest-bytes: / h'15CE60F77657E4531DC329155F8B0ED78F94BDC6D165B2665473693DCC34F470' + ] >>, + << / COSE_Sign1_Tagged / 18([ + / protected: / << { + / algorithm-id / 1: -7 / ES256 / + } >>, + / unprotected: / {}, + / payload: / null, + / signature: / h'F3B3EFCC47C797508E2316A5FBEBBE3D462C30240CD5349BD781E17C0FEEE58BBC3C8066704C93761A5B5931AAE1BA08632D14880E7FCF6481661045D1399233' + ]) >> + ] >>, + / manifest / 3: << { + / manifest-version / 1: 1, + / manifest-sequence-number / 2: 5, + / common / 3: << { + / components / 2: [ + [h'00'], + [h'01'] + ], + / shared-sequence / 4: << [ + / directive-set-component-index / 12, 0, + / directive-override-parameters / 20, { + / vendor-id / 1: h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-be9d-e663e4d41ffe /, + / class-id / 2: h'1492af1425695e48bf429b2d51f2ab45' / 1492af14-2569-5e48-bf42-9b2d51f2ab45 /, + / image-digest / 3: << [ + / algorithm-id: / -16 / SHA-256 /, + / digest-bytes: / h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210' + ] >>, + / image-size / 14: 34768 + }, + / condition-vendor-identifier / 1, 15, + / condition-class-identifier / 2, 15, + / directive-set-component-index / 12, 1, + / directive-override-parameters / 20, { + / image-digest / 3: << [ + / algorithm-id: / -16 / SHA-256 /, + / digest-bytes: / h'0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff' + ] >>, + / image-size / 14: 76834 + } + ] >> + } >>, + / validate / 7: << [ + / directive-set-component-index / 12, 0, + / condition-image-match / 3, 15, + / directive-set-component-index / 12, 1, + / condition-image-match / 3, 15 + ] >>, + / invoke / 9: << [ + / directive-set-component-index / 12, 0, + / directive-invoke / 23, 2 + ] >>, + / install / 20: << [ + / directive-set-component-index / 12, 0, + / directive-override-parameters / 20, { + / uri / 21: "http://example.com/file1.bin" + }, + / directive-fetch / 21, 2, + / condition-image-match / 3, 15, + / directive-set-component-index / 12, 1, + / directive-override-parameters / 20, { + / uri / 21: "http://example.com/file2.bin" + }, + / directive-fetch / 21, 2, + / condition-image-match / 3, 15 + ] >> + } >> +}) +~~~~ + + +### CBOR Binary in Hex +{: numbered='no'} + +~~~~ +D86BA2025873825824822F582015CE60F77657E4531DC329155F8B0ED78F +94BDC6D165B2665473693DCC34F470584AD28443A10126A0F65840F3B3EF +CC47C797508E2316A5FBEBBE3D462C30240CD5349BD781E17C0FEEE58BBC +3C8066704C93761A5B5931AAE1BA08632D14880E7FCF6481661045D13992 +3303590101A601010205035895A202828141008141010458898C0C0014A4 +0150FA6B4A53D5AD5FDFBE9DE663E4D41FFE02501492AF1425695E48BF42 +9B2D51F2AB45035824822F582000112233445566778899AABBCCDDEEFF01 +23456789ABCDEFFEDCBA98765432100E1987D0010F020F0C0114A2035824 +822F58200123456789ABCDEFFEDCBA987654321000112233445566778899 +AABBCCDDEEFF0E1A00012C220749880C00030F0C01030F0945840C001702 +14584F900C0014A115781C687474703A2F2F6578616D706C652E636F6D2F +66696C65312E62696E1502030F0C0114A115781C687474703A2F2F657861 +6D706C652E636F6D2F66696C65322E62696E1502030F +~~~~ diff --git a/testfiles/suit_manifest_expAF.cbor b/testfiles/suit_manifest_expAF.cbor index dfccdaa..d4d9b68 100644 Binary files a/testfiles/suit_manifest_expAF.cbor and b/testfiles/suit_manifest_expAF.cbor differ diff --git a/testfiles/suit_manifest_expAF.md b/testfiles/suit_manifest_expAF.md index 8a6cf90..3d43f33 100644 --- a/testfiles/suit_manifest_expAF.md +++ b/testfiles/suit_manifest_expAF.md @@ -15,7 +15,7 @@ / authentication-wrapper / 2: << [ << [ / digest-algorithm-id: / -16 / SHA256 /, - / digest-bytes: / h'AAB6A7868C4E43D5983BDE019EF2277921F6F8EF1FCAF9403CA97255BED2CD30' + / digest-bytes: / h'8814BC46089ACA6A863A7BA8393F9747589940EFA40641335EF86155598F06C3' ] >>, << / COSE_Mac0_Tagged / 17([ / protected: / << { @@ -23,7 +23,7 @@ } >>, / unprotected: / {}, / payload: / null, - / tag: / h'93B4B774A5D0421ED6FB5EBF890A284CDAC7816CBC048BF47EE7FA7FF3BC02C3' + / tag: / h'B68572F6F0494FEAF390CE44B462F2A7BDF73EF5DFE9FB8E12585A12F8F641AD' ]) >> ] >>, / manifest / 3: << { @@ -35,7 +35,7 @@ ['encrypted-firmware'] ] } >>, - / install / 17: << [ + / install / 20: << [ / fetch encrypted firmware / / directive-set-component-index / 12, 1 / ['encrypted-firmware'] /, / directive-override-parameters / 20, { @@ -49,16 +49,15 @@ / directive-override-parameters / 20, { / parameter-encryption-info / 19: << 96([ / protected: / << { - / alg / 1: 1 / AES-GCM-128 / + / alg / 1: 1 / A128GCM / } >>, / unprotected: / { - / IV / 5: h'F14AAB9D81D51F7AD943FE87AF4F70CD' + / IV / 5: h'F14AAB9D81D51F7AD943FE87' }, / payload: / null / detached ciphertext /, / recipients: / [ [ - / protected: / << { - } >>, + / protected: / h'', / unprotected: / { / alg / 1: -3 / A128KW /, / kid / 4: 'kid-1' @@ -80,14 +79,13 @@ {: numbered='no'} ~~~~ -D86BA2025853825824822F5820AAB6A7868C4E43D5983BDE019EF2277921 -F6F8EF1FCAF9403CA97255BED2CD30582AD18443A10105A0F6582093B4B7 -74A5D0421ED6FB5EBF890A284CDAC7816CBC048BF47EE7FA7FF3BC02C303 -58B7A40101020103582BA102828152706C61696E746578742D6669726D77 -6172658152656E637279707465642D6669726D776172651158818C0C0114 +D86BA2025853825824822F58208814BC46089ACA6A863A7BA8393F974758 +9940EFA40641335EF86155598F06C3582AD18443A10105A0F65820B68572 +F6F0494FEAF390CE44B462F2A7BDF73EF5DFE9FB8E12585A12F8F641AD03 +58B2A40101020103582BA102828152706C61696E746578742D6669726D77 +6172658152656E637279707465642D6669726D7761726514587C8C0C0114 A20E182E15782668747470733A2F2F6578616D706C652E636F6D2F656E63 -7279707465642D6669726D77617265150F0C0014A2135843D8608443A101 -01A10550F14AAB9D81D51F7AD943FE87AF4F70CDF6818341A0A201220445 -6B69642D31581875603FFC9518D794713C8CA8A115A7FB32565A6D59534D -621601160F +7279707465642D6669726D77617265150F0C0014A213583ED8608443A101 +01A1054CF14AAB9D81D51F7AD943FE87F6818340A2012204456B69642D31 +581875603FFC9518D794713C8CA8A115A7FB32565A6D59534D621601160F ~~~~ diff --git a/testfiles/suit_manifest_expAW.cbor b/testfiles/suit_manifest_expAW.cbor index 4d82cdf..0ab32c9 100644 Binary files a/testfiles/suit_manifest_expAW.cbor and b/testfiles/suit_manifest_expAW.cbor differ diff --git a/testfiles/suit_manifest_expAW.md b/testfiles/suit_manifest_expAW.md index a9bd9bf..fbc8b91 100644 --- a/testfiles/suit_manifest_expAW.md +++ b/testfiles/suit_manifest_expAW.md @@ -15,7 +15,7 @@ / authentication-wrapper / 2: << [ << [ / digest-algorithm-id: / -16 / SHA256 /, - / digest-bytes: / h'536EC695E423342FF57FA89B3E3C12C0F9257992F7D96F017281782D2DF1C50F' + / digest-bytes: / h'037A5C325CE14078A0AADF007428EAC659361AD9402A732410BDA542FAE94E2C' ] >>, << / COSE_Mac0_Tagged / 17([ / protected: / << { @@ -23,7 +23,7 @@ } >>, / unprotected: / {}, / payload: / null, - / tag: / h'3B70571169B0FEE5E6220BF86E5E973F7F32875495908EDAA91EC994BCA44B29' + / tag: / h'8D92599011C451A4C5FB69709FA6CA6C0F846D692BDBB3F624EC91F82F9F620A' ]) >> ] >>, / manifest / 3: << { @@ -34,22 +34,21 @@ ['plaintext-firmware'] ] } >>, - / install / 17: << [ + / install / 20: << [ / fetch encrypted firmware / / directive-override-parameters / 20, { - / parameter-content / 18: h'2F59C3A34D9570FB99A5382E66466A3221A8AD85CE508BA306FB431A60EFA5AAAA078355070205A4B196832DF17F', + / parameter-content / 18: h'758C4B7BBAE2C4C1D462423E0F0DC3164FFA7B85BB94D4BD6D7ED26AB32FEB063385D4D3465927EC82CB5E198A59', / parameter-encryption-info / 19: << 96([ / protected: / << { - / alg / 1: 1 / AES-GCM-128 / + / alg / 1: 1 / A128GCM / } >>, / unprotected: / { - / IV / 5: h'F14AAB9D81D51F7AD943FE87AF4F70CD' + / IV / 5: h'F14AAB9D81D51F7AD943FE87' }, / payload: / null / detached ciphertext /, / recipients: / [ [ - / protected: / << { - } >>, + / protected: / h'', / unprotected: / { / alg / 1: -3 / A128KW /, / kid / 4: 'kid-1' @@ -73,13 +72,13 @@ {: numbered='no'} ~~~~ -D86BA2025853825824822F5820536EC695E423342FF57FA89B3E3C12C0F9 -257992F7D96F017281782D2DF1C50F582AD18443A10105A0F658203B7057 -1169B0FEE5E6220BF86E5E973F7F32875495908EDAA91EC994BCA44B2903 -589DA4010102010357A102818152706C61696E746578742D6669726D7761 -726511587C8414A212582E2F59C3A34D9570FB99A5382E66466A3221A8AD -85CE508BA306FB431A60EFA5AAAA078355070205A4B196832DF17F135843 -D8608443A10101A10550F14AAB9D81D51F7AD943FE87AF4F70CDF6818341 -A0A2012204456B69642D31581875603FFC9518D794713C8CA8A115A7FB32 -565A6D59534D62120F +D86BA2025853825824822F5820037A5C325CE14078A0AADF007428EAC659 +361AD9402A732410BDA542FAE94E2C582AD18443A10105A0F658208D9259 +9011C451A4C5FB69709FA6CA6C0F846D692BDBB3F624EC91F82F9F620A03 +5898A4010102010357A102818152706C61696E746578742D6669726D7761 +72651458778414A212582E758C4B7BBAE2C4C1D462423E0F0DC3164FFA7B +85BB94D4BD6D7ED26AB32FEB063385D4D3465927EC82CB5E198A5913583E +D8608443A10101A1054CF14AAB9D81D51F7AD943FE87F6818340A2012204 +456B69642D31581875603FFC9518D794713C8CA8A115A7FB32565A6D5953 +4D62120F ~~~~ diff --git a/testfiles/suit_manifest_expD.cbor b/testfiles/suit_manifest_expD.cbor index 952fce0..ba2596f 100644 Binary files a/testfiles/suit_manifest_expD.cbor and b/testfiles/suit_manifest_expD.cbor differ diff --git a/testfiles/suit_manifest_expD.md b/testfiles/suit_manifest_expD.md index 44254d5..fcd13ef 100644 --- a/testfiles/suit_manifest_expD.md +++ b/testfiles/suit_manifest_expD.md @@ -11,7 +11,7 @@ / authentication-wrapper / 2: << [ << [ / digest-algorithm-id: / -16 / SHA256 /, - / digest-bytes: / h'FE6CF752367398A8BEBF0EE521242560FF495CBA08883AEDAF8CC4DC5E0DA444' + / digest-bytes: / h'C6E33791C3EA4235D3069E849CCF00390769E0118342161184B293F8893DF010' ] >>, << / COSE_Sign1_Tagged / 18([ / protected: / << { @@ -19,7 +19,7 @@ } >>, / unprotected: / {}, / payload: / null, - / signature: / h'DEA71FE757D211B86796EDB058A82F85F93DD95B5494AEC284E19330E376BFDDCAFA97D336F776890ED37B7B068904AD92E0F1657FE3935D78B4AB083ACFCA09' + / signature: / h'E2F02EB95698DF7D3C9B3B5B0A64AF58B363AD0B3E12AF77C279EBD7B503C9BE4858C36614919C110E5C294FFB1538EE234CAED278939B7260A4BB63E1970146' ]) >> ] >>, / manifest / 3: << { @@ -75,14 +75,14 @@ / directive-override-parameters / 20, { / parameter-image-digest / 3: << [ / algorithm-id / -16 / SHA256 /, - / digest-bytes / h'EF53C7F719CB10041233850AE3211D62CEC9528924E656607688E77BC14886A0' + / digest-bytes / h'B39B52B0B747EA79588C190F567BFC2C8437BA8A73F7EA983182E79F0148D59B' ] >>, / parameter-image-size / 14: 389, / parameter-uri / 21: "https://example.org/8d82573a-926d-4754-9353-32dc29997f74.suit" }, / directive-fetch / 21, 2 ] >>, - / install / 17: << [ + / install / 20: << [ / directive-set-component-index / 12, 1, / directive-process-dependency / 11, 0, @@ -90,12 +90,12 @@ / directive-set-component-index / 12, 0, / directive-override-parameters / 20, { / NOTE: encrypted payload and encryption-info / - / parameter-content / 18: h'6D5BE4F569E98AE01F38B071EF025437B742FF28854AB32C868BC6A76CD33B5CA112FF22BA95EA4672B7199C89A7829183794A21A6BE345C4371DCB0DC', + / parameter-content / 18: h'C43E94F3B51A5DBB76ECFAD44CA7DEFE71D26A36E10054723DDF0A93CD9B68D9F4B61FCC31CD0CBE30D3FFDF6AB7541BFF1980968A836E17D3BBDE7332', / parameter-encryption-info / 19: << 96([ / protected: / h'', / unprotected: / { / alg / 1: -65534 / A128CTR /, - / IV / 5: h'67E3BA7CD42D02BBC39C508B5EA0F1C4' + / IV / 5: h'F8FC5E335366171540C1B416ABFDC9A7' }, / payload: / null / detached ciphertext /, / recipients: / [ @@ -107,11 +107,11 @@ / ephemeral key / -1: { / kty / 1: 2 / EC2 /, / crv / -1: 1 / P-256 /, - / x / -2: h'F2452399667F57993B14C5F1107F667884854C190894FC08531C1E2290A7BA19', - / y / -3: h'275EDDE29FD75C9393AFFA706F8FAD3C49D03D67D47F8B0C027BE5F0BCA884CB' + / x / -2: h'7AAF18EC7FAB5071B267FA3B8D8FF248A78DAAD9D9B8318EAE8925089F3C9431', + / y / -3: h'84BADF92D62F3804E8DE964ABB21EC6A732B46B2B02DCD2908E6A666C6D4871B' } }, - / payload: / h'7D806DA1ACEC6F704D803F0CFE7420525C81E1957699FCCE' + / payload: / h'F003092CB552689003EB0ACDD081595E6499FF028745DADF' ] ] ]) >> @@ -136,10 +136,10 @@ {: numbered='no'} ~~~~ -A2025873825824822F5820FE6CF752367398A8BEBF0EE521242560FF495C -BA08883AEDAF8CC4DC5E0DA444584AD28443A10126A0F65840DEA71FE757 -D211B86796EDB058A82F85F93DD95B5494AEC284E19330E376BFDDCAFA97 -D336F776890ED37B7B068904AD92E0F1657FE3935D78B4AB083ACFCA0903 +A2025873825824822F582037522D96C0F9A6B887A21F4B21CDF02767799C +C3A66EAFD5979250CCE11377E2584AD28443A10126A0F6584084A5B76482 +0B927C580BF128CC2CA21AE2656F27A6BCE6D63228915CCCCC32DB23C93A +8518A7DB565BD0348F17978474ED7473C4FDED4A2752EEA93B90BE1FF103 590242A801010203035886A301A101A101844B544545502D446576696365 485365637572654653508D82573A926D4754935332DC29997F7444737569 740281834B544545502D4465766963654853656375726546534B636F6E66 @@ -148,16 +148,16 @@ A26C2F0250DB42F7093D8C55BAA8C5265FC5820F4E010F020F05834B5445 45502D4465766963654853656375726546534B636F6E6669672E73756974 075831860C0014A2035824822F58208273468FB64BD84BB04825F8371744 D952B751C73A60F455AF681E167726F1160E183D030F0F5872860C0114A3 -035824822F5820EF53C7F719CB10041233850AE3211D62CEC9528924E656 -607688E77BC14886A00E19018515783D68747470733A2F2F6578616D706C +035824822F5820B39B52B0B747EA79588C190F567BFC2C8437BA8A73F7EA +983182E79F0148D59B0E19018515783D68747470733A2F2F6578616D706C 652E6F72672F38643832353733612D393236642D343735342D393335332D -3332646332393939376637342E7375697415021158D88A0C010B000C0014 -A212583D6D5BE4F569E98AE01F38B071EF025437B742FF28854AB32C868B -C6A76CD33B5CA112FF22BA95EA4672B7199C89A7829183794A21A6BE345C -4371DCB0DC13588AD8608440A20139FFFD055067E3BA7CD42D02BBC39C50 -8B5EA0F1C4F6818344A101381CA120A401022001215820F2452399667F57 -993B14C5F1107F667884854C190894FC08531C1E2290A7BA19225820275E -DDE29FD75C9393AFFA706F8FAD3C49D03D67D47F8B0C027BE5F0BCA884CB -58187D806DA1ACEC6F704D803F0CFE7420525C81E1957699FCCE120F1818 +3332646332393939376637342E7375697415021458D88A0C010B000C0014 +A212583DF137C0755EA5642248EC04F3D24BEF771B5CCD72C56F33F254F4 +0A2381DC7C122C5708A99FE87A702A11053EF1BA86CF9A12B7E81AF80147 +5959864E6313588AD8608440A20139FFFD0550A0DB218209E3C43E871A81 +CF1BEBC9F9F6818344A101381CA120A401022001215820A1A58EA321C7E3 +28FE7DE66283DFC3B4081FE5FA7EF90C570FC88693F857EFB6225820AE96 +AC0E18D691D5A8066BF95913252F57566F5A07EEF8643822ADD9510ADBBD +58183C09CFE4A33D69F0ADDB73EA728E942791139BA864A9369E120F1818 4A880C010B000C0018210F ~~~~ diff --git a/testfiles/suit_manifest_expED.cbor b/testfiles/suit_manifest_expED.cbor index e2909c1..2f4129f 100644 Binary files a/testfiles/suit_manifest_expED.cbor and b/testfiles/suit_manifest_expED.cbor differ diff --git a/testfiles/suit_manifest_expED.md b/testfiles/suit_manifest_expED.md index 83f28b7..8e1d5e7 100644 --- a/testfiles/suit_manifest_expED.md +++ b/testfiles/suit_manifest_expED.md @@ -12,34 +12,10 @@ ~~~~ / SUIT_Envelope_Tagged / 107({ - / delegation / 1: << [ - [ - / NOTE: signed by trust anchor / - << 18([ - / protected: / << { - / alg / 1: -7 / ES256 / - } >>, - / unprotected / { - }, - / payload: / << { - / cnf / 8: { - / NOTE: public key of delegated authority / - / COSE_Key / 1: { - / kty / 1: 2 / EC2 /, - / crv / -1: 1 / P-256 /, - / x / -2: h'0E908AA8F066DB1F084E0C3652C63952BD99F2A5BDB22F9E01367AAD03ABA68B', - / y / -3: h'77DA1BD8AC4F0CB490BA210648BF79AB164D49AD3551D71D314B2749EE42D29A' - } - } - } >>, - / signature: / h'FB2D5ACF66B9C8573CE92E13BFB8D113F798715CC10B5A0010B11925C155E7245A64E131073B87AC50CAC71650A21315B82D06CA2298CD1A95519AAE4C4B5315' - ]) >> - ] - ] >>, / authentication-wrapper / 2: << [ << [ / digest-algorithm-id: / -16 / SHA256 /, - / digest-bytes: / h'6A1D9F42E7B4047D2F54046019AE3ED43A8ACC467AC16576B17D6F8E633042D2' + / digest-bytes: / h'A00CB6C85515C1EF471B50B542FACDD88B71B3C7EA2A43DE13D32C4A99056FE9' ] >>, << / COSE_Sign1_Tagged / 18([ / protected: / << { @@ -47,7 +23,7 @@ } >>, / unprotected: / {}, / payload: / null, - / signature: / h'DF493BDBF167EFFB40593C5910D33B66429721467DF05800EA66A88B91729CD51007981F151FC324745FF43E6F75AAF5197DD5EC4AA6BCEFCE43E4B1E35C948E' + / signature: / h'421B30FE76DA848616D72FC1115EA6105578CB95DF9C6BEAD931105C9D555CF8CD38C8FD68ACE43445D8D2CAE6391A995A212487D92F8DAD789F65511AC61778' ]) >> ] >>, / manifest / 3: << { @@ -68,17 +44,17 @@ / manifest-component-id / 5: [ 'dependent-manifest.suit' ], - / install / 17: << [ + / install / 20: << [ / NOTE: set SUIT_Encryption_Info / / directive-set-component-index / 12, 0 / ['decrypted-firmware'] /, / directive-override-parameters / 20, { - / parameter-content / 18: h'344FA2D5AD2F43F6F363DA6FF2C337FE69E33E3D63714D23985BF02499EB0E8B231D45C378245DA3611C160CC511', + / parameter-content / 18: h'758C4B7BBAE2C4C1D462423E0F0DC3164FFA7B85BB94D4BD6D7ED26AB32FEB063385D4D3465927EC82CB5E198A59', / parameter-encryption-info / 19: << 96([ / protected: / << { - / alg / 1: 1 / AES-GCM-128 / + / alg / 1: 1 / A128GCM / } >>, / unprotected: / { - / IV / 5: h'DAE613B2E0DC55F4322BE38BDBA9DC68' + / IV / 5: h'F14AAB9D81D51F7AD943FE87' }, / payload: / null / detached ciphertext /, / recipients: / [ @@ -90,12 +66,12 @@ / ephemeral key / -1: { / kty / 1: 2 / EC2 /, / crv / -1: 1 / P-256 /, - / x / -2: h'FF6E266DABAF51B7207569E31CF72646183E94CEE64FCDC8695AD9A505AEFDEA', - / y / -3: h'5FBC4A29844450B3AC22AB30C7F7004BB59D8BD60D7997734A9FA0124B650895' + / x / -2: h'73024F415AA51529A66CCEFD88F3F62A734492FF45F6AD37FD2888E73EAF19DA', + / y / -3: h'4005B48A6FD091AA6ABFE3CFBEEDE88B347E521D43405FDBD7D2CFF0EBC21B26' }, / kid / 4: 'kid-2' }, - / payload: / h'B0E21628283F3E409F8158D8FFCA567F340E379AC39E49C9' + / payload: / h'A06B8E6550F308712B1DF044B21B7D11D9B22792F1DE0997' / CEK encrypted with KEK / ] ] @@ -107,7 +83,7 @@ / directive-override-parameters / 20, { / parameter-image-digest / 3: << [ / algorithm-id / -16 / SHA256 /, - / digest-bytes / h'1051324059C5193317CAC9A099BBC0B6AFB56184C04277F566A3A4131F4A1C25' + / digest-bytes / h'4B15C90FBD776A820E7E733DF040D90B356B5C75982ECAECE8673818179BDF16' ] >>, / parameter-image-size / 14: 247, / parameter-uri / 21: "#dependency-manifest" @@ -122,7 +98,7 @@ / authentication-wrapper / 2: << [ << [ / digest-algorithm-id: / -16 / SHA256 /, - / digest-bytes: / h'1051324059C5193317CAC9A099BBC0B6AFB56184C04277F566A3A4131F4A1C25' + / digest-bytes: / h'4B15C90FBD776A820E7E733DF040D90B356B5C75982ECAECE8673818179BDF16' ] >>, << / COSE_Sign1_Tagged / 18([ / protected: / << { @@ -130,7 +106,7 @@ } >>, / unprotected: / {}, / payload: / null, - / signature: / h'55990F3745DC4F200FF946643A6DE30DDCE57B080B7D68DE9896D8190B9A63E2D60E7C3D9693B67221AA6D07BBF0AB45314C236827A242C22B5E688DDC467269' + / signature: / h'2B1B9C4E44E52863A78F73DA2A935823B28AEAE6A85CADAC4C4E3AABAAD56CBCE5A47D288F86B54D0186657E972E748B48CDB1D420FBAC1285DCC978382F62CC' ]) >> ] >>, / manifest / 3: << { @@ -157,7 +133,7 @@ / validate / 7: << [ / condition-image-match / 3, 15 ] >>, - / install / 17: << [ + / install / 20: << [ / directive-set-component-index / 12, 0 / ['decrypted-firmware'] /, / directive-write / 18, 15 @@ -176,35 +152,30 @@ {: numbered='no'} ~~~~ -D86BA401589E8181589AD28443A10126A0584FA108A101A4010220012158 -200E908AA8F066DB1F084E0C3652C63952BD99F2A5BDB22F9E01367AAD03 -ABA68B22582077DA1BD8AC4F0CB490BA210648BF79AB164D49AD3551D71D -314B2749EE42D29A5840FB2D5ACF66B9C8573CE92E13BFB8D113F798715C -C10B5A0010B11925C155E7245A64E131073B87AC50CAC71650A21315B82D -06CA2298CD1A95519AAE4C4B5315025873825824822F58206A1D9F42E7B4 -047D2F54046019AE3ED43A8ACC467AC16576B17D6F8E633042D2584AD284 -43A10126A0F65840DF493BDBF167EFFB40593C5910D33B66429721467DF0 -5800EA66A88B91729CD51007981F151FC324745FF43E6F75AAF5197DD5EC -4AA6BCEFCE43E4B1E35C948E03590170A501010201035837A201A101A101 -815818646570656E64656E63792D6D616E69666573742E73756974028181 -526465637279707465642D6669726D77617265058157646570656E64656E -742D6D616E69666573742E73756974115901138E0C0014A212582E344FA2 -D5AD2F43F6F363DA6FF2C337FE69E33E3D63714D23985BF02499EB0E8B23 -1D45C378245DA3611C160CC511135890D8608443A10101A10550DAE613B2 -E0DC55F4322BE38BDBA9DC68F6818344A101381CA220A401022001215820 -FF6E266DABAF51B7207569E31CF72646183E94CEE64FCDC8695AD9A505AE -FDEA2258205FBC4A29844450B3AC22AB30C7F7004BB59D8BD60D7997734A -9FA0124B65089504456B69642D325818B0E21628283F3E409F8158D8FFCA -567F340E379AC39E49C90C0114A3035824822F58201051324059C5193317 -CAC9A099BBC0B6AFB56184C04277F566A3A4131F4A1C250E18F715742364 -6570656E64656E63792D6D616E6966657374150F070F0B0F742364657065 -6E64656E63792D6D616E696665737458F7D86BA2025873825824822F5820 -1051324059C5193317CAC9A099BBC0B6AFB56184C04277F566A3A4131F4A -1C25584AD28443A10126A0F6584055990F3745DC4F200FF946643A6DE30D -DCE57B080B7D68DE9896D8190B9A63E2D60E7C3D9693B67221AA6D07BBF0 -AB45314C236827A242C22B5E688DDC46726903587BA601010201035849A2 -028181526465637279707465642D6669726D7761726504582F840C0014A2 -035824822F582036921488FE6680712F734E11F58D87EEB66D4B21A8A1AD -3441060814DA16D50F0E181E05815818646570656E64656E63792D6D616E -69666573742E73756974074382030F1147860C00120F030F +D86BA3025873825824822F5820A00CB6C85515C1EF471B50B542FACDD88B +71B3C7EA2A43DE13D32C4A99056FE9584AD28443A10126A0F65840421B30 +FE76DA848616D72FC1115EA6105578CB95DF9C6BEAD931105C9D555CF8CD +38C8FD68ACE43445D8D2CAE6391A995A212487D92F8DAD789F65511AC617 +780359016CA501010201035837A201A101A101815818646570656E64656E +63792D6D616E69666573742E73756974028181526465637279707465642D +6669726D77617265058157646570656E64656E742D6D616E69666573742E +737569741459010F8E0C0014A212582E758C4B7BBAE2C4C1D462423E0F0D +C3164FFA7B85BB94D4BD6D7ED26AB32FEB063385D4D3465927EC82CB5E19 +8A5913588CD8608443A10101A1054CF14AAB9D81D51F7AD943FE87F68183 +44A101381CA220A40102200121582073024F415AA51529A66CCEFD88F3F6 +2A734492FF45F6AD37FD2888E73EAF19DA2258204005B48A6FD091AA6ABF +E3CFBEEDE88B347E521D43405FDBD7D2CFF0EBC21B2604456B69642D3258 +18A06B8E6550F308712B1DF044B21B7D11D9B22792F1DE09970C0114A303 +5824822F58204B15C90FBD776A820E7E733DF040D90B356B5C75982ECAEC +E8673818179BDF160E18F7157423646570656E64656E63792D6D616E6966 +657374150F070F0B0F7423646570656E64656E63792D6D616E6966657374 +58F7D86BA2025873825824822F58204B15C90FBD776A820E7E733DF040D9 +0B356B5C75982ECAECE8673818179BDF16584AD28443A10126A0F658402B +1B9C4E44E52863A78F73DA2A935823B28AEAE6A85CADAC4C4E3AABAAD56C +BCE5A47D288F86B54D0186657E972E748B48CDB1D420FBAC1285DCC97838 +2F62CC03587BA601010201035849A2028181526465637279707465642D66 +69726D7761726504582F840C0014A2035824822F582036921488FE668071 +2F734E11F58D87EEB66D4B21A8A1AD3441060814DA16D50F0E181E058158 +18646570656E64656E63792D6D616E69666573742E73756974074382030F +1447860C00120F030F ~~~~ diff --git a/testfiles/suit_manifest_expEF.cbor b/testfiles/suit_manifest_expEF.cbor deleted file mode 100644 index e65b98a..0000000 Binary files a/testfiles/suit_manifest_expEF.cbor and /dev/null differ diff --git a/testfiles/suit_manifest_expEF.md b/testfiles/suit_manifest_expEF.md deleted file mode 100644 index 42b3c48..0000000 --- a/testfiles/suit_manifest_expEF.md +++ /dev/null @@ -1,104 +0,0 @@ - - -## Example 1: Fetch and Decrypt Encrypted Payload -{: numbered='no'} - -### CBOR Diagnostic Notation of SUIT Manifest -{: numbered='no'} - -~~~~ -/ SUIT_Envelope_Tagged / 107({ - / authentication-wrapper / 2: << [ - << [ - / digest-algorithm-id: / -16 / SHA256 /, - / digest-bytes: / h'4F3975683AA91BC2811830C553992FE84FE1EBE7187ECDCF2B5FBF72B1754331' - ] >>, - << / COSE_Sign1_Tagged / 18([ - / protected: / << { - / algorithm-id / 1: -7 / ES256 / - } >>, - / unprotected: / {}, - / payload: / null, - / signature: / h'700E8CC7A8CC9546C44926CAB314CCDB7BD1019AE3676F415E11E384C9A32BF4E439612D1AB28F7841B5847CFBECA36578EF550D0E5DC762018C334798959741' - ]) >> - ] >>, - / manifest / 3: << { - / manifest-version / 1: 1, - / manifest-sequence-number / 2: 1, - / common / 3: << { - / components / 2: [ - [h'00'] / to be decrypted firmware /, - [h'01'] / encrypted firmware / - ] - } >>, - / install / 17: << [ - / fetch encrypted firmware / - / directive-set-component-index / 12, 1 / [h'01'] /, - / directive-override-parameters / 20, { - / parameter-image-size / 14: 47, - / parameter-uri / 21: "https://author.example.com/encrypted-firmware.bin" - }, - / directive-fetch / 21, 15, - - / decrypt encrypted firmware / - / directive-set-component-index / 12, 0 / [h'00'] /, - / directive-override-parameters / 20, { - / parameter-encryption-info / 19: << 96([ - / protected: / << { - / alg / 1: 1 / AES-GCM-128 / - } >>, - / unprotected: / { - / IV / 5: h'1DE460E8B5B68D7222C0D6F20484D8AB' - }, - / payload: / null / detached ciphertext /, - / recipients: / [ - [ - / protected: / << { - } >>, - / unprotected: / { - / alg / 1: -3 / A128KW /, - / kid / 4: 'kid-1' - }, - / payload: / h'A86200E4754733E4C00FC08C6A72CC1996E129922EAB504F' / CEK encrypted with KEK / - ] - ] - ]) >>, - / parameter-source-component / 22: 1 / [h'01'] / - }, - / directive-copy / 22, 15 / consumes the SUIT_Encryption_Info above /, - - / verify decrypted firmware / - / directive-override-parameters / 20, { - / parameter-image-digest / 3: << [ - / digest-algorithm-id: / -16 / SHA-256 /, - / digest-bytes: / h'efe16b6a486ff25e9fb5fabf515e2bfc3f38b405de377477b23275b53049b46b' - ] >>, - / parameter-image-size / 14: 31 - }, - / condition-image-match / 3, 15 - ] >> - } >> -}) -~~~~ - - -### CBOR Binary in Hex -{: numbered='no'} - -~~~~ -D86BA2025873825824822F58204F3975683AA91BC2811830C553992FE84F -E1EBE7187ECDCF2B5FBF72B1754331584AD28443A10126A0F65840700E8C -C7A8CC9546C44926CAB314CCDB7BD1019AE3676F415E11E384C9A32BF4E4 -39612D1AB28F7841B5847CFBECA36578EF550D0E5DC762018C3347989597 -410358CDA4010102010349A102828141008141011158BA900C0114A20E18 -2F15783168747470733A2F2F617574686F722E6578616D706C652E636F6D -2F656E637279707465642D6669726D776172652E62696E150F0C0014A213 -5843D8608443A10101A105501DE460E8B5B68D7222C0D6F20484D8ABF681 -8341A0A2012204456B69642D315818A86200E4754733E4C00FC08C6A72CC -1996E129922EAB504F1601160F14A2035824822F5820EFE16B6A486FF25E -9FB5FABF515E2BFC3F38B405DE377477B23275B53049B46B0E181F030F -~~~~ diff --git a/testfiles/suit_manifest_expEW.cbor b/testfiles/suit_manifest_expEW.cbor index a767d38..861e6c3 100644 Binary files a/testfiles/suit_manifest_expEW.cbor and b/testfiles/suit_manifest_expEW.cbor differ diff --git a/testfiles/suit_manifest_expEW.md b/testfiles/suit_manifest_expEW.md index 6fbeb7c..00243f3 100644 --- a/testfiles/suit_manifest_expEW.md +++ b/testfiles/suit_manifest_expEW.md @@ -15,7 +15,7 @@ / authentication-wrapper / 2: << [ << [ / digest-algorithm-id: / -16 / SHA256 /, - / digest-bytes: / h'CEF034223D7F2C39D676876995B4ED4E8221AC5BF184B6606EE62C41C149C266' + / digest-bytes: / h'1DB69EF1477E9942815F29F78E09957B26B4ADD03902BDB3D1EDF3DA2075F593' ] >>, << / COSE_Sign1_Tagged / 18([ / protected: / << { @@ -23,7 +23,7 @@ } >>, / unprotected: / {}, / payload: / null, - / signature: / h'65E59AAB8A35BDE9547458316D1C769FFB2CEA304C9FB6151E5C8A88A002A292C5B8C63C81B5AC0AE31948B610834E12CBDBB2753EA221544B6733076A92EE20' + / signature: / h'CB4EADA6BEC17EEB22EB836FB2BF9136A6EF733C11DAC955F543BBDCAA373B859321BC77969917E4C70F049527607F4C32752D53E01346E96BFF4880B437DF64' ]) >> ] >>, / manifest / 3: << { @@ -34,16 +34,16 @@ ['decrypted-firmware'] ] } >>, - / install / 17: << [ + / install / 20: << [ / directive-set-component-index / 12, 0 / ['plaintext-firmware'] /, / directive-override-parameters / 20, { - / parameter-content / 18: h'344FA2D5AD2F43F6F363DA6FF2C337FE69E33E3D63714D23985BF02499EB0E8B231D45C378245DA3611C160CC511', + / parameter-content / 18: h'758C4B7BBAE2C4C1D462423E0F0DC3164FFA7B85BB94D4BD6D7ED26AB32FEB063385D4D3465927EC82CB5E198A59', / parameter-encryption-info / 19: << 96([ / protected: / << { - / alg / 1: 1 / AES-GCM-128 / + / alg / 1: 1 / A128GCM / } >>, / unprotected: / { - / IV / 5: h'DAE613B2E0DC55F4322BE38BDBA9DC68' + / IV / 5: h'F14AAB9D81D51F7AD943FE87' }, / payload: / null / detached ciphertext /, / recipients: / [ @@ -55,12 +55,12 @@ / ephemeral key / -1: { / kty / 1: 2 / EC2 /, / crv / -1: 1 / P-256 /, - / x / -2: h'FF6E266DABAF51B7207569E31CF72646183E94CEE64FCDC8695AD9A505AEFDEA', - / y / -3: h'5FBC4A29844450B3AC22AB30C7F7004BB59D8BD60D7997734A9FA0124B650895' + / x / -2: h'73024F415AA51529A66CCEFD88F3F62A734492FF45F6AD37FD2888E73EAF19DA', + / y / -3: h'4005B48A6FD091AA6ABFE3CFBEEDE88B347E521D43405FDBD7D2CFF0EBC21B26' }, / kid / 4: 'kid-2' }, - / payload: / h'B0E21628283F3E409F8158D8FFCA567F340E379AC39E49C9' + / payload: / h'A06B8E6550F308712B1DF044B21B7D11D9B22792F1DE0997' / CEK encrypted with KEK / ] ] @@ -77,16 +77,16 @@ {: numbered='no'} ~~~~ -D86BA2025873825824822F5820CEF034223D7F2C39D676876995B4ED4E82 -21AC5BF184B6606EE62C41C149C266584AD28443A10126A0F6584065E59A -AB8A35BDE9547458316D1C769FFB2CEA304C9FB6151E5C8A88A002A292C5 -B8C63C81B5AC0AE31948B610834E12CBDBB2753EA221544B6733076A92EE -200358ECA4010102010357A1028181526465637279707465642D6669726D -776172651158CB860C0014A212582E344FA2D5AD2F43F6F363DA6FF2C337 -FE69E33E3D63714D23985BF02499EB0E8B231D45C378245DA3611C160CC5 -11135890D8608443A10101A10550DAE613B2E0DC55F4322BE38BDBA9DC68 -F6818344A101381CA220A401022001215820FF6E266DABAF51B7207569E3 -1CF72646183E94CEE64FCDC8695AD9A505AEFDEA2258205FBC4A29844450 -B3AC22AB30C7F7004BB59D8BD60D7997734A9FA0124B65089504456B6964 -2D325818B0E21628283F3E409F8158D8FFCA567F340E379AC39E49C9120F +D86BA2025873825824822F58201DB69EF1477E9942815F29F78E09957B26 +B4ADD03902BDB3D1EDF3DA2075F593584AD28443A10126A0F65840CB4EAD +A6BEC17EEB22EB836FB2BF9136A6EF733C11DAC955F543BBDCAA373B8593 +21BC77969917E4C70F049527607F4C32752D53E01346E96BFF4880B437DF +640358E8A4010102010357A1028181526465637279707465642D6669726D +776172651458C7860C0014A212582E758C4B7BBAE2C4C1D462423E0F0DC3 +164FFA7B85BB94D4BD6D7ED26AB32FEB063385D4D3465927EC82CB5E198A +5913588CD8608443A10101A1054CF14AAB9D81D51F7AD943FE87F6818344 +A101381CA220A40102200121582073024F415AA51529A66CCEFD88F3F62A +734492FF45F6AD37FD2888E73EAF19DA2258204005B48A6FD091AA6ABFE3 +CFBEEDE88B347E521D43405FDBD7D2CFF0EBC21B2604456B69642D325818 +A06B8E6550F308712B1DF044B21B7D11D9B22792F1DE0997120F ~~~~ diff --git a/testfiles/suit_manifest_expI.cbor b/testfiles/suit_manifest_expI.cbor index cff82f0..f4e66b6 100644 Binary files a/testfiles/suit_manifest_expI.cbor and b/testfiles/suit_manifest_expI.cbor differ diff --git a/testfiles/suit_manifest_expI.md b/testfiles/suit_manifest_expI.md index 87cc0eb..86efcaa 100644 --- a/testfiles/suit_manifest_expI.md +++ b/testfiles/suit_manifest_expI.md @@ -11,7 +11,7 @@ / authentication-wrapper / 2: << [ << [ / digest-algorithm-id: / -16 / SHA256 /, - / digest-bytes: / h'526A85341DE35AFA4FAF9EDDDA40164525077DC45DFBE25785B9FF40683EE881' + / digest-bytes: / h'CEDB0457952F7DD0A33FA4692F73BC833A6A6E2300B16F6605993F0192E3F219' ] >>, << / COSE_Sign1_Tagged / 18([ / protected: / << { @@ -19,7 +19,7 @@ } >>, / unprotected: / {}, / payload: / null, - / signature: / h'4B57A8102D0D86B83BA0368E118917D87DBF7815DC31B19DEB7E154F3D191A1434ADFAE27D5AED39C07A2A4B2A0D78031E73B23D679507C4953DD9E00CA7E541' + / signature: / h'71E3869E4E134A78C95D7ED81F5911FEA4F189EC33C0F6474C866569ED3DF7FB4E0D8871367BA3C73612A26C9E3984A4E22CAA4BFBCE84DCAC0539AE87BE9D3D' ]) >> ] >>, / manifest / 3: << { @@ -54,7 +54,7 @@ h'8D82573A926D4754935332DC29997F74', / tc-uuid / 'suit' ], - / install / 17: << [ + / install / 20: << [ / directive-override-parameters / 20, { / uri / 21: "#tc" }, @@ -74,16 +74,16 @@ {: numbered='no'} ~~~~ -A3025873825824822F5820526A85341DE35AFA4FAF9EDDDA40164525077D -C45DFBE25785B9FF40683EE881584AD28443A10126A0F658404B57A8102D -0D86B83BA0368E118917D87DBF7815DC31B19DEB7E154F3D191A1434ADFA -E27D5AED39C07A2A4B2A0D78031E73B23D679507C4953DD9E00CA7E54103 +A3025873825824822F5820CEDB0457952F7DD0A33FA4692F73BC833A6A6E +2300B16F6605993F0192E3F219584AD28443A10126A0F6584071E3869E4E +134A78C95D7ED81F5911FEA4F189EC33C0F6474C866569ED3DF7FB4E0D88 +71367BA3C73612A26C9E3984A4E22CAA4BFBCE84DCAC0539AE87BE9D3D03 58CEA601010203035884A20281844B544545502D44657669636548536563 7572654653508D82573A926D4754935332DC29997F744274610458548614 A40150C0DDD5F15243566087DB4F5B0AA26C2F0250DB42F7093D8C55BAA8 C5265FC5820F4E035824822F58208CF71AC86AF31BE184EC7A05A411A8C3 A14FD9B77A30D046397481469468ECE80E14010F020F05844B544545502D 446576696365485365637572654653508D82573A926D4754935332DC2999 -7F744473756974114C8614A11563237463150F030F1818448218210F6323 +7F744473756974144C8614A11563237463150F030F1818448218210F6323 74635448656C6C6F2C2053656375726520576F726C6421 ~~~~ diff --git a/testfiles/suit_manifest_expR.cbor b/testfiles/suit_manifest_expR.cbor deleted file mode 100644 index b59b1c2..0000000 Binary files a/testfiles/suit_manifest_expR.cbor and /dev/null differ diff --git a/testfiles/suit_manifest_expR.md b/testfiles/suit_manifest_expR.md deleted file mode 100644 index a49f9c2..0000000 --- a/testfiles/suit_manifest_expR.md +++ /dev/null @@ -1,75 +0,0 @@ - - -## E.4. Example 4: Unlink a Trusted Component {#suit-unlink} - -~~~~ -/ SUIT_Envelope / { - / authentication-wrapper / 2: << [ - << [ - / digest-algorithm-id: / -16 / SHA256 /, - / digest-bytes: / h'F9D837B7118A8972360022D51AC5319023D245A76F7504079B9ED01C0B4934F2' - ] >>, - << / COSE_Sign1_Tagged / 18([ - / protected: / << { - / algorithm-id / 1: -7 / ES256 / - } >>, - / unprotected: / {}, - / payload: / null, - / signature: / h'9BAA7D6BD0284C37DF7F85A0E98865F3FC03DE474C69F2A786F0569494DE57B911C245A84105E67F08EB6982358860F48FB31FD95BCB75862713CAF6BA28D198' - ]) >> - ] >>, - / manifest / 3: << { - / manifest-version / 1: 1, - / manifest-sequence-number / 2: 0xFFFFFFFFFFFFFFFF, - / common / 3: << { - / components / 2: [ - [ - 'TEEP-Device', - 'SecureFS', - h'8D82573A926D4754935332DC29997F74', / tc-uuid / - 'ta' - ] - ], - / common-sequence / 4: << [ - / directive-override-parameters / 20, { - / vendor-id / 1: h'C0DDD5F15243566087DB4F5B0AA26C2F' / c0ddd5f1-5243-5660-87db-4f5b0aa26c2f /, - / class-id / 2: h'DB42F7093D8C55BAA8C5265FC5820F4E' / db42f709-3d8c-55ba-a8c5-265fc5820f4e / - }, - / condition-vendor-identifier / 1, 15, - / condition-class-identifier / 2, 15 - ] >> - } >>, - / manifest-component-id / 5: [ - 'TEEP-Device', - 'SecureFS', - h'8D82573A926D4754935332DC29997F74', / tc-uuid / - 'suit' - ], - / install / 17: << [ - / directive-set-component-index / 12, 0, - / directive-unlink / 33, 0 - ] >> - } >> -} -~~~~ - - -### CBOR Binary in Hex -{: numbered='no'} - -~~~~ -A2025873825824822F5820F9D837B7118A8972360022D51AC5319023D245 -A76F7504079B9ED01C0B4934F2584AD28443A10126A0F658409BAA7D6BD0 -284C37DF7F85A0E98865F3FC03DE474C69F2A786F0569494DE57B911C245 -A84105E67F08EB6982358860F48FB31FD95BCB75862713CAF6BA28D19803 -58A0A50101021BFFFFFFFFFFFFFFFF03585BA20281844B544545502D4465 -76696365485365637572654653508D82573A926D4754935332DC29997F74 -42746104582B8614A20150C0DDD5F15243566087DB4F5B0AA26C2F0250DB -42F7093D8C55BAA8C5265FC5820F4E010F020F05844B544545502D446576 -696365485365637572654653508D82573A926D4754935332DC29997F7444 -737569741146840C00182100 -~~~~ diff --git a/testfiles/suit_manifest_expS0.cbor b/testfiles/suit_manifest_expS0.cbor index 5295aca..1d4ac4c 100644 Binary files a/testfiles/suit_manifest_expS0.cbor and b/testfiles/suit_manifest_expS0.cbor differ diff --git a/testfiles/suit_manifest_expS0.md b/testfiles/suit_manifest_expS0.md index 6485c25..5e66e4f 100644 --- a/testfiles/suit_manifest_expS0.md +++ b/testfiles/suit_manifest_expS0.md @@ -15,7 +15,7 @@ / authentication-wrapper / 2: << [ << [ / digest-algorithm-id: / -16 / SHA256 /, - / digest-bytes: / h'6EA128D7BB19B86F77C4227F2A29F22026A41958ACC45CC0A35BA388B13E2F51' + / digest-bytes: / h'0F02CAF6D3E61920D36BF3CEA7F862A13BB8FB1F09C3F4C29B121FEAB78EF3D8' ] >>, << / COSE_Sign1_Tagged / 18([ / protected: / << { @@ -23,7 +23,7 @@ } >>, / unprotected: / {}, / payload: / null, - / signature: / h'56AF23FBF29A0159B911B5FA86C6330CCA1EC0381068AF620BEBC2AC20BBF3B9C85607518E5353B7FC60C8B9F06482BDBED085B4A1E71E0C21516F8680EBC482' + / signature: / h'D0703EA193E12381A66FFADEF2F0949711CFE05ED2322818D73D19F2BBD91BE5C52F1604B45C405E96B0642F3D49B2D7C6E3B2C0B40030BDDFBD27AF930B1F8B' ]) >> ] >>, / manifest / 3: << { @@ -43,7 +43,7 @@ }, / directive-invoke / 23, 15 ] >>, - / install / 17: << [ + / install / 20: << [ / directive-override-parameters / 20, { / parameter-content / 18: 'hello world' }, @@ -58,11 +58,11 @@ {: numbered='no'} ~~~~ -D86BA2025873825824822F58206EA128D7BB19B86F77C4227F2A29F22026 -A41958ACC45CC0A35BA388B13E2F51584AD28443A10126A0F6584056AF23 -FBF29A0159B911B5FA86C6330CCA1EC0381068AF620BEBC2AC20BBF3B9C8 -5607518E5353B7FC60C8B9F06482BDBED085B4A1E71E0C21516F8680EBC4 -82035842A6010102000347A102818142303005814E646570656E64656E74 -2E73756974094D8414A11746636174203030170F11528414A1124B68656C +D86BA2025873825824822F58200F02CAF6D3E61920D36BF3CEA7F862A13B +B8FB1F09C3F4C29B121FEAB78EF3D8584AD28443A10126A0F65840D0703E +A193E12381A66FFADEF2F0949711CFE05ED2322818D73D19F2BBD91BE5C5 +2F1604B45C405E96B0642F3D49B2D7C6E3B2C0B40030BDDFBD27AF930B1F +8B035842A6010102000347A102818142303005814E646570656E64656E74 +2E73756974094D8414A11746636174203030170F14528414A1124B68656C 6C6F20776F726C64120F ~~~~ diff --git a/testfiles/suit_manifest_expS1.cbor b/testfiles/suit_manifest_expS1.cbor deleted file mode 100644 index 46a5f11..0000000 Binary files a/testfiles/suit_manifest_expS1.cbor and /dev/null differ diff --git a/testfiles/suit_manifest_expS1.md b/testfiles/suit_manifest_expS1.md deleted file mode 100644 index b27be76..0000000 --- a/testfiles/suit_manifest_expS1.md +++ /dev/null @@ -1,99 +0,0 @@ - - -## Example 1: SUIT Delegation Example -{: numbered='no'} - -### CBOR Diagnostic Notation of SUIT Manifest -{: numbered='no'} - -~~~~ -/ SUIT_Envelope_Tagged / 107({ - / delegation / 1: << [ - [ - / NOTE: signed by trust anchor / - << 18([ - / protected: / << { - / alg / 1: -7 / ES256 / - } >>, - / unprotected / { - }, - / payload: / << { - / cnf / 8: { - / NOTE: public key of delegated authority / - / COSE_Key / 1: { - / kty / 1: 2 / EC2 /, - / crv / -1: 1 / P-256 /, - / x / -2: h'0E908AA8F066DB1F084E0C3652C63952BD99F2A5BDB22F9E01367AAD03ABA68B', - / y / -3: h'77DA1BD8AC4F0CB490BA210648BF79AB164D49AD3551D71D314B2749EE42D29A' - } - } - } >>, - / signature: / h'FB2D5ACF66B9C8573CE92E13BFB8D113F798715CC10B5A0010B11925C155E7245A64E131073B87AC50CAC71650A21315B82D06CA2298CD1A95519AAE4C4B5315' - ]) >> - ] - ] >>, - - / NOTE: signed by delegated authority / - / authentication-wrapper / 2: << [ - << [ - / digest-algorithm-id: / -16 / SHA256 /, - / digest-bytes: / h'A10126A0584FA108A101A4010220012158200E908AA8F066DB1F084E0C3652C6' - ] >>, - << / COSE_Sign1_Tagged / 18([ - / protected: / << { - / algorithm-id / 1: -7 / ES256 / - } >>, - / unprotected: / {}, - / payload: / null, - / signature: / h'7AAD03ABA68B22582077DA1BD8AC4F0CB490BA210648BF79AB164D49AD3551D71D314B2749EE42D29A5840FB2D5ACF66B9C8573CE92E13BFB8D113F798715CC1' - ]) >> - ] >>, - / manifest / 3: << { - / manifest-version / 1: 1, - / manifest-sequence-number / 2: 0, - / common / 3: << { - / components / 2: [ - ['00'] - ] - } >>, - / manifest-component-id / 5: [ - 'dependent.suit' - ], - / invoke / 9: << [ - / directive-override-parameters / 20, { - / parameter-invoke-args / 23: 'cat 00' - }, - / directive-invoke / 23, 15 - ] >>, - / install / 17: << [ - / directive-override-parameters / 20, { - / parameter-content / 18: 'hello world' - }, - / directive-write / 18, 15 - ] >> - } >> -}) -~~~~ - - -### CBOR Binary in Hex -{: numbered='no'} - -~~~~ -D86BA301589E8181589AD28443A10126A0584FA108A101A4010220012158 -200E908AA8F066DB1F084E0C3652C63952BD99F2A5BDB22F9E01367AAD03 -ABA68B22582077DA1BD8AC4F0CB490BA210648BF79AB164D49AD3551D71D -314B2749EE42D29A5840FB2D5ACF66B9C8573CE92E13BFB8D113F798715C -C10B5A0010B11925C155E7245A64E131073B87AC50CAC71650A21315B82D -06CA2298CD1A95519AAE4C4B5315025874835824822F58206EA128D7BB19 -B86F77C4227F2A29F22026A41958ACC45CC0A35BA388B13E2F51584AD284 -43A10126A0F6584099F949043701D7BDBA38904A0B49F004DED6B64A4900 -DECA5C66AE8A9EBA913576DEF136B74EA89C14FA64624DBD33B4C0BB41C1 -53CA51548C73FF71A2BAF27440035842A6010102000347A1028181423030 -05814E646570656E64656E742E73756974094D8414A11746636174203030 -170F11528414A1124B68656C6C6F20776F726C64120F -~~~~ diff --git a/testfiles/suit_manifest_expS2.cbor b/testfiles/suit_manifest_expS2.cbor index 40dcdec..bdc81fd 100644 Binary files a/testfiles/suit_manifest_expS2.cbor and b/testfiles/suit_manifest_expS2.cbor differ diff --git a/testfiles/suit_manifest_expS2.md b/testfiles/suit_manifest_expS2.md index b573f8f..9efa40e 100644 --- a/testfiles/suit_manifest_expS2.md +++ b/testfiles/suit_manifest_expS2.md @@ -15,7 +15,7 @@ / authentication-wrapper / 2: << [ << [ / digest-algorithm-id: / -16 / SHA256 /, - / digest-bytes: / h'4874ADC80A9128A2B2057F5FE59C45F8ED10A9BF9C5308FCF951B8BBAF434B95' + / digest-bytes: / h'A2FFB59E9F1A29D20BF655BC1DE909CB7EDD972A6C09D50FC42983778670715E' ] >>, << / COSE_Sign1_Tagged / 18([ / protected: / << { @@ -23,7 +23,7 @@ } >>, / unprotected: / {}, / payload: / null, - / signature: / h'C257E23A34960BE215BB9B927A5A3CEEDD675DFD81AE6E55A66FDD22098868891DF42D71ADB962A64CC008AEF9465DA2153CCF383F00B505F079DB540F64B916' + / signature: / h'A506F1647E3A9E0F54A07F303443F33E3CFA28520BE1E93C467CD8B14954E460C604A7623F146D833B6F0A2454095855573C48B18570066FA7472077313E80CE' ]) >> ] >>, / manifest / 3: << { @@ -56,20 +56,20 @@ / directive-override-parameters / 20, { / parameter-image-digest / 3: << [ / digest-algorithm-id: / -16 / SHA256 /, - / digest-bytes: / h'6C86246B90D644F021671F6D42523B2CB5E156F764BE618AA46BFCD0DB23E768' + / digest-bytes: / h'2EEEC4ACEC877EE13D8B52DB16C4390C93E5D84FD9F25AEAE0717B861BE0C4A2' ] >>, - / parameter-image-size / 14: 352, + / parameter-image-size / 14: 190, / parameter-uri / 21: "http://example.com/dependent.suit" }, / directive-fetch / 21, 2, / condition-image-match / 3, 15 ] >>, - / install / 17: << [ + / install / 20: << [ / directive-set-component-index / 12, 1, / directive-override-parameters / 20, { / parameter-image-digest / 3: << [ / digest-algorithm-id: / -16 / SHA256 /, - / digest-bytes: / h'6EA128D7BB19B86F77C4227F2A29F22026A41958ACC45CC0A35BA388B13E2F51' + / digest-bytes: / h'0F02CAF6D3E61920D36BF3CEA7F862A13BB8FB1F09C3F4C29B121FEAB78EF3D8' ] >> }, / condition-dependency-integrity / 7, 15, @@ -90,17 +90,17 @@ {: numbered='no'} ~~~~ -D86BA2025873825824822F58204874ADC80A9128A2B2057F5FE59C45F8ED -10A9BF9C5308FCF951B8BBAF434B95584AD28443A10126A0F65840C257E2 -3A34960BE215BB9B927A5A3CEEDD675DFD81AE6E55A66FDD22098868891D -F42D71ADB962A64CC008AEF9465DA2153CCF383F00B505F079DB540F64B9 -160358FAA70101020003581CA201A101A101814E646570656E64656E742E +D86BA2025873825824822F5820A2FFB59E9F1A29D20BF655BC1DE909CB7E +DD972A6C09D50FC42983778670715E584AD28443A10126A0F65840A506F1 +647E3A9E0F54A07F303443F33E3CFA28520BE1E93C467CD8B14954E460C6 +04A7623F146D833B6F0A2454095855573C48B18570066FA7472077313E80 +CE0358F9A70101020003581CA201A101A101814E646570656E64656E742E 7375697402818142313005814E646570656E64696E672E73756974095286 -0C0014A11749636174203030203130170F0F5858880C0114A3035824822F -58206C86246B90D644F021671F6D42523B2CB5E156F764BE618AA46BFCD0 -DB23E7680E190160157821687474703A2F2F6578616D706C652E636F6D2F -646570656E64656E742E737569741502030F1158538E0C0114A103582482 -2F58206EA128D7BB19B86F77C4227F2A29F22026A41958ACC45CC0A35BA3 -88B13E2F51070F0B000C0014A112581A20696E206D756C7469706C652074 -7275737420646F6D61696E73120F +0C0014A11749636174203030203130170F0F5857880C0114A3035824822F +58202EEEC4ACEC877EE13D8B52DB16C4390C93E5D84FD9F25AEAE0717B86 +1BE0C4A20E18BE157821687474703A2F2F6578616D706C652E636F6D2F64 +6570656E64656E742E737569741502030F1458538E0C0114A1035824822F +58200F02CAF6D3E61920D36BF3CEA7F862A13BB8FB1F09C3F4C29B121FEA +B78EF3D8070F0B000C0014A112581A20696E206D756C7469706C65207472 +75737420646F6D61696E73120F ~~~~ diff --git a/testfiles/suit_manifest_expS3.cbor b/testfiles/suit_manifest_expS3.cbor index 65d45dc..868692e 100644 Binary files a/testfiles/suit_manifest_expS3.cbor and b/testfiles/suit_manifest_expS3.cbor differ diff --git a/testfiles/suit_manifest_expS3.md b/testfiles/suit_manifest_expS3.md index 03c7478..3df3a1d 100644 --- a/testfiles/suit_manifest_expS3.md +++ b/testfiles/suit_manifest_expS3.md @@ -15,7 +15,7 @@ / authentication-wrapper / 2: << [ << [ / digest-algorithm-id: / -16 / SHA256 /, - / digest-bytes: / h'318EAD5F671A6D2593D7ADB7B6CCADC49F72704507004F297A25AF16A48A2111' + / digest-bytes: / h'6391CBC36495B9C87AC3EC841DB124DABD8D3C9FE2DEEFE16569AFC349E7DDB2' ] >>, << / COSE_Sign1_Tagged / 18([ / protected: / << { @@ -23,7 +23,7 @@ } >>, / unprotected: / {}, / payload: / null, - / signature: / h'287D5AAB44D08A34954663942B2732825426893ACD735BF3A79B8B5B38EC3C9950D917D72D5586867C8FF58CF5827B0C2B94952359C3971DBF202B0774627DC3' + / signature: / h'517250281E6567FF9DF519CF9D76A440D86DFEB65B505D180D7D794FEC67823FA0E98EBC526FBC985777EAB4E2FFE813A44F205C015AEB3FA842F33E37B52716' ]) >> ] >>, / manifest / 3: << { @@ -56,15 +56,15 @@ / directive-override-parameters / 20, { / parameter-image-digest / 3: << [ / digest-algorithm-id: / -16 / SHA256 /, - / digest-bytes: / h'6C86246B90D644F021671F6D42523B2CB5E156F764BE618AA46BFCD0DB23E768' + / digest-bytes: / h'2EEEC4ACEC877EE13D8B52DB16C4390C93E5D84FD9F25AEAE0717B861BE0C4A2' ] >>, - / parameter-image-size / 14: 352, + / parameter-image-size / 14: 190, / parameter-uri / 21: "#dependent.suit" }, / directive-fetch / 21, 2, / condition-image-match / 3, 15 ] >>, - / install / 17: << [ + / install / 20: << [ / directive-set-component-index / 12, 1, / directive-process-dependency / 11, 0, @@ -75,7 +75,7 @@ / directive-write / 18, 15 ] >> } >>, - "#dependent.suit": h'D86BA301589E8181589AD28443A10126A0584FA108A101A4010220012158200E908AA8F066DB1F084E0C3652C63952BD99F2A5BDB22F9E01367AAD03ABA68B22582077DA1BD8AC4F0CB490BA210648BF79AB164D49AD3551D71D314B2749EE42D29A5840FB2D5ACF66B9C8573CE92E13BFB8D113F798715CC10B5A0010B11925C155E7245A64E131073B87AC50CAC71650A21315B82D06CA2298CD1A95519AAE4C4B5315025874835824822F58206EA128D7BB19B86F77C4227F2A29F22026A41958ACC45CC0A35BA388B13E2F51584AD28443A10126A0F6584099F949043701D7BDBA38904A0B49F004DED6B64A4900DECA5C66AE8A9EBA913576DEF136B74EA89C14FA64624DBD33B4C0BB41C153CA51548C73FF71A2BAF27440035842A6010102000347A102818142303005814E646570656E64656E742E73756974094D8414A11746636174203030170F11528414A1124B68656C6C6F20776F726C64120F' + "#dependent.suit": h'D86BA2025873825824822F58200F02CAF6D3E61920D36BF3CEA7F862A13BB8FB1F09C3F4C29B121FEAB78EF3D8584AD28443A10126A0F65840D0703EA193E12381A66FFADEF2F0949711CFE05ED2322818D73D19F2BBD91BE5C52F1604B45C405E96B0642F3D49B2D7C6E3B2C0B40030BDDFBD27AF930B1F8B035842A6010102000347A102818142303005814E646570656E64656E742E73756974094D8414A11746636174203030170F14528414A1124B68656C6C6F20776F726C64120F' }) ~~~~ @@ -84,27 +84,22 @@ {: numbered='no'} ~~~~ -D86BA3025873825824822F5820318EAD5F671A6D2593D7ADB7B6CCADC49F -72704507004F297A25AF16A48A2111584AD28443A10126A0F65840287D5A -AB44D08A34954663942B2732825426893ACD735BF3A79B8B5B38EC3C9950 -D917D72D5586867C8FF58CF5827B0C2B94952359C3971DBF202B0774627D -C30358BCA70101020003581CA201A101A101814E646570656E64656E742E +D86BA3025873825824822F58206391CBC36495B9C87AC3EC841DB124DABD +8D3C9FE2DEEFE16569AFC349E7DDB2584AD28443A10126A0F65840517250 +281E6567FF9DF519CF9D76A440D86DFEB65B505D180D7D794FEC67823FA0 +E98EBC526FBC985777EAB4E2FFE813A44F205C015AEB3FA842F33E37B527 +160358BBA70101020003581CA201A101A101814E646570656E64656E742E 7375697402818142313005814E646570656E64696E672E73756974095286 -0C0014A11749636174203030203130170F0F5845880C0114A3035824822F -58206C86246B90D644F021671F6D42523B2CB5E156F764BE618AA46BFCD0 -DB23E7680E190160156F23646570656E64656E742E737569741502030F11 -58288A0C010B000C0014A112581A20696E206D756C7469706C6520747275 -737420646F6D61696E73120F6F23646570656E64656E742E737569745901 -60D86BA301589E8181589AD28443A10126A0584FA108A101A40102200121 -58200E908AA8F066DB1F084E0C3652C63952BD99F2A5BDB22F9E01367AAD -03ABA68B22582077DA1BD8AC4F0CB490BA210648BF79AB164D49AD3551D7 -1D314B2749EE42D29A5840FB2D5ACF66B9C8573CE92E13BFB8D113F79871 -5CC10B5A0010B11925C155E7245A64E131073B87AC50CAC71650A21315B8 -2D06CA2298CD1A95519AAE4C4B5315025874835824822F58206EA128D7BB -19B86F77C4227F2A29F22026A41958ACC45CC0A35BA388B13E2F51584AD2 -8443A10126A0F6584099F949043701D7BDBA38904A0B49F004DED6B64A49 -00DECA5C66AE8A9EBA913576DEF136B74EA89C14FA64624DBD33B4C0BB41 -C153CA51548C73FF71A2BAF27440035842A6010102000347A10281814230 -3005814E646570656E64656E742E73756974094D8414A117466361742030 -30170F11528414A1124B68656C6C6F20776F726C64120F +0C0014A11749636174203030203130170F0F5844880C0114A3035824822F +58202EEEC4ACEC877EE13D8B52DB16C4390C93E5D84FD9F25AEAE0717B86 +1BE0C4A20E18BE156F23646570656E64656E742E737569741502030F1458 +288A0C010B000C0014A112581A20696E206D756C7469706C652074727573 +7420646F6D61696E73120F6F23646570656E64656E742E7375697458BED8 +6BA2025873825824822F58200F02CAF6D3E61920D36BF3CEA7F862A13BB8 +FB1F09C3F4C29B121FEAB78EF3D8584AD28443A10126A0F65840D0703EA1 +93E12381A66FFADEF2F0949711CFE05ED2322818D73D19F2BBD91BE5C52F +1604B45C405E96B0642F3D49B2D7C6E3B2C0B40030BDDFBD27AF930B1F8B +035842A6010102000347A102818142303005814E646570656E64656E742E +73756974094D8414A11746636174203030170F14528414A1124B68656C6C +6F20776F726C64120F ~~~~ diff --git a/testfiles/suit_manifest_expS4.cbor b/testfiles/suit_manifest_expS4.cbor index 820218e..62ba767 100644 Binary files a/testfiles/suit_manifest_expS4.cbor and b/testfiles/suit_manifest_expS4.cbor differ diff --git a/testfiles/suit_manifest_expS4.md b/testfiles/suit_manifest_expS4.md index 4918256..d294e31 100644 --- a/testfiles/suit_manifest_expS4.md +++ b/testfiles/suit_manifest_expS4.md @@ -15,7 +15,7 @@ / authentication-wrapper / 2: << [ << [ / digest-algorithm-id: / -16 / SHA256 /, - / digest-bytes: / h'0D6F9F0B8D5B5F1247F05347CA7832AA3E978693BBDF59A9F3F2DB8D99451CEC' + / digest-bytes: / h'81B960B02D5089B5817DF315CD2AB55D5A2CF2734669E21501A51AB45D8592DB' ] >>, << / COSE_Sign1_Tagged / 18([ / protected: / << { @@ -23,7 +23,7 @@ } >>, / unprotected: / {}, / payload: / null, - / signature: / h'D79A143D2086BDBA170D3E4C7303F0568F7ACC573AFB46A084049E8E15D9E5323C1C840DFF5D736F49AB9C6AD42C1EDAE2BEC62D198D962C9D9F48302D9D1CB0' + / signature: / h'90978451FA7A6E9EC4C2F93956F2D6260C4C9C26E6DB3184D6B0405C0165709F1474D4AB449EEF0F53D49CF3F473AC90EA4058BBF21B8C98E4FFE029E728D06C' ]) >> ] >>, / manifest / 3: << { @@ -64,16 +64,16 @@ / directive-override-parameters / 20, { / parameter-image-digest / 3: << [ / digest-algorithm-id: / -16 / SHA256 /, - / digest-bytes: / h'6C86246B90D644F021671F6D42523B2CB5E156F764BE618AA46BFCD0DB23E768' + / digest-bytes: / h'2EEEC4ACEC877EE13D8B52DB16C4390C93E5D84FD9F25AEAE0717B861BE0C4A2' ] >>, - / parameter-image-size / 14: 352, + / parameter-image-size / 14: 190, / parameter-uri / 21: "#dependent.suit", / parameter-fetch-args / 30: 'Content-Type: application/cbor' }, / directive-fetch / 21, 2, / condition-image-match / 3, 15 ] >>, - / install / 17: << [ + / install / 20: << [ / directive-set-component-index / 12, 1, / directive-process-dependency / 11, 0, @@ -84,7 +84,7 @@ / directive-write / 18, 15 ] >> } >>, - "#dependent.suit": h'D86BA301589E8181589AD28443A10126A0584FA108A101A4010220012158200E908AA8F066DB1F084E0C3652C63952BD99F2A5BDB22F9E01367AAD03ABA68B22582077DA1BD8AC4F0CB490BA210648BF79AB164D49AD3551D71D314B2749EE42D29A5840FB2D5ACF66B9C8573CE92E13BFB8D113F798715CC10B5A0010B11925C155E7245A64E131073B87AC50CAC71650A21315B82D06CA2298CD1A95519AAE4C4B5315025874835824822F58206EA128D7BB19B86F77C4227F2A29F22026A41958ACC45CC0A35BA388B13E2F51584AD28443A10126A0F6584099F949043701D7BDBA38904A0B49F004DED6B64A4900DECA5C66AE8A9EBA913576DEF136B74EA89C14FA64624DBD33B4C0BB41C153CA51548C73FF71A2BAF27440035842A6010102000347A102818142303005814E646570656E64656E742E73756974094D8414A11746636174203030170F11528414A1124B68656C6C6F20776F726C64120F' + "#dependent.suit": h'D86BA2025873825824822F58200F02CAF6D3E61920D36BF3CEA7F862A13BB8FB1F09C3F4C29B121FEAB78EF3D8584AD28443A10126A0F65840D0703EA193E12381A66FFADEF2F0949711CFE05ED2322818D73D19F2BBD91BE5C52F1604B45C405E96B0642F3D49B2D7C6E3B2C0B40030BDDFBD27AF930B1F8B035842A6010102000347A102818142303005814E646570656E64656E742E73756974094D8414A11746636174203030170F14528414A1124B68656C6C6F20776F726C64120F' }) ~~~~ @@ -93,29 +93,23 @@ {: numbered='no'} ~~~~ -D86BA3025873825824822F58200D6F9F0B8D5B5F1247F05347CA7832AA3E -978693BBDF59A9F3F2DB8D99451CEC584AD28443A10126A0F65840D79A14 -3D2086BDBA170D3E4C7303F0568F7ACC573AFB46A084049E8E15D9E5323C -1C840DFF5D736F49AB9C6AD42C1EDAE2BEC62D198D962C9D9F48302D9D1C -B00358E9A70101020003581CA201A101A101814E646570656E64656E742E +D86BA3025873825824822F582081B960B02D5089B5817DF315CD2AB55D5A +2CF2734669E21501A51AB45D8592DB584AD28443A10126A0F65840909784 +51FA7A6E9EC4C2F93956F2D6260C4C9C26E6DB3184D6B0405C0165709F14 +74D4AB449EEF0F53D49CF3F473AC90EA4058BBF21B8C98E4FFE029E728D0 +6C0358E8A70101020003581CA201A101A101814E646570656E64656E742E 7375697402818142313005814E646570656E64696E672E7375697409581C 840CF50F82458408000B00508414A11749636174203030203130170F0F58 -67880C0114A4035824822F58206C86246B90D644F021671F6D42523B2CB5 -E156F764BE618AA46BFCD0DB23E7680E190160156F23646570656E64656E -742E73756974181E581E436F6E74656E742D547970653A206170706C6963 -6174696F6E2F63626F721502030F1158288A0C010B000C0014A112581A20 -696E206D756C7469706C6520747275737420646F6D61696E73120F6F2364 -6570656E64656E742E73756974590160D86BA301589E8181589AD28443A1 -0126A0584FA108A101A4010220012158200E908AA8F066DB1F084E0C3652 -C63952BD99F2A5BDB22F9E01367AAD03ABA68B22582077DA1BD8AC4F0CB4 -90BA210648BF79AB164D49AD3551D71D314B2749EE42D29A5840FB2D5ACF -66B9C8573CE92E13BFB8D113F798715CC10B5A0010B11925C155E7245A64 -E131073B87AC50CAC71650A21315B82D06CA2298CD1A95519AAE4C4B5315 -025874835824822F58206EA128D7BB19B86F77C4227F2A29F22026A41958 -ACC45CC0A35BA388B13E2F51584AD28443A10126A0F6584099F949043701 -D7BDBA38904A0B49F004DED6B64A4900DECA5C66AE8A9EBA913576DEF136 -B74EA89C14FA64624DBD33B4C0BB41C153CA51548C73FF71A2BAF2744003 -5842A6010102000347A102818142303005814E646570656E64656E742E73 -756974094D8414A11746636174203030170F11528414A1124B68656C6C6F -20776F726C64120F +66880C0114A4035824822F58202EEEC4ACEC877EE13D8B52DB16C4390C93 +E5D84FD9F25AEAE0717B861BE0C4A20E18BE156F23646570656E64656E74 +2E73756974181E581E436F6E74656E742D547970653A206170706C696361 +74696F6E2F63626F721502030F1458288A0C010B000C0014A112581A2069 +6E206D756C7469706C6520747275737420646F6D61696E73120F6F236465 +70656E64656E742E7375697458BED86BA2025873825824822F58200F02CA +F6D3E61920D36BF3CEA7F862A13BB8FB1F09C3F4C29B121FEAB78EF3D858 +4AD28443A10126A0F65840D0703EA193E12381A66FFADEF2F0949711CFE0 +5ED2322818D73D19F2BBD91BE5C52F1604B45C405E96B0642F3D49B2D7C6 +E3B2C0B40030BDDFBD27AF930B1F8B035842A6010102000347A102818142 +303005814E646570656E64656E742E73756974094D8414A1174663617420 +3030170F14528414A1124B68656C6C6F20776F726C64120F ~~~~ diff --git a/testfiles/suit_manifest_expU.cbor b/testfiles/suit_manifest_expU.cbor index 6eebfaa..e87ec09 100644 --- a/testfiles/suit_manifest_expU.cbor +++ b/testfiles/suit_manifest_expU.cbor @@ -1,4 +1,2 @@ -XsX$/X S3 -!bR$V`v{HXJ҄C&X@~6HYG?1*6x/wrRB=r.xz5]aonU -eYXKTEEP-DeviceHSecureFSPW:mGTS2)tBtaXTPRCV`O[ -l/PB =U&_łNX$/X jzáOٷz0F9tFhKTEEP-DeviceHSecureFSPW:mGTS2)tDsuitXEx;https://example.org/8d82573a-926d-4754-9353-32dc29997f74.taD! \ No newline at end of file +XsX$/X RGyXV{,7s1H՛XJ҄C&X@J Tfcb꪿{ej6~K(6Ƀ. 4~%tYXKTEEP-DeviceHSecureFSPW:mGTS2)tBtaXTPRCV`O[ +l/PB =U&_łNX$/X jzáOٷz0F9tFhKTEEP-DeviceHSecureFSPW:mGTS2)tDsuitXEx;https://example.org/8d82573a-926d-4754-9353-32dc29997f74.taD! \ No newline at end of file diff --git a/testfiles/suit_manifest_expU.md b/testfiles/suit_manifest_expU.md index 9b7713c..24efa82 100644 --- a/testfiles/suit_manifest_expU.md +++ b/testfiles/suit_manifest_expU.md @@ -15,7 +15,7 @@ / authentication-wrapper / 2: << [ << [ / digest-algorithm-id: / -16 / SHA256 /, - / digest-bytes: / h'EF53C7F719CB10041233850AE3211D62CEC9528924E656607688E77BC14886A0' + / digest-bytes: / h'B39B52B0B747EA79588C190F567BFC2C8437BA8A73F7EA983182E79F0148D59B' ] >>, << / COSE_Sign1_Tagged / 18([ / protected: / << { @@ -23,7 +23,7 @@ } >>, / unprotected: / {}, / payload: / null, - / signature: / h'7E367F9E124859473FBDF3D6312AA8943617B41AE4782FCA0E77A492C51F8A7252EA42C23D722E787AA235B5175DBE61DDF8F16F956E0317B9550A04BF9165DD' + / signature: / h'80E54AB485B320A61654666362928B15EAAABFE6957B1BCB65F16A367E4B19888BFFDBD6F7EA2892FA36FA18A2FCB5DBFEC9832E09B91ED9CD348AB77E25FA74' ]) >> ] >>, / manifest / 3: << { @@ -58,7 +58,7 @@ h'8D82573A926D4754935332DC29997F74', / tc-uuid / 'suit' ], - / install / 17: << [ + / install / 20: << [ / directive-override-parameters / 20, { / parameter-uri / 21: "https://example.org/8d82573a-926d-4754-9353-32dc29997f74.ta" }, @@ -77,17 +77,17 @@ {: numbered='no'} ~~~~ -A2025873825824822F5820EF53C7F719CB10041233850AE3211D62CEC952 -8924E656607688E77BC14886A0584AD28443A10126A0F658407E367F9E12 -4859473FBDF3D6312AA8943617B41AE4782FCA0E77A492C51F8A7252EA42 -C23D722E787AA235B5175DBE61DDF8F16F956E0317B9550A04BF9165DD03 +A2025873825824822F5820B39B52B0B747EA79588C190F567BFC2C8437BA +8A73F7EA983182E79F0148D59B584AD28443A10126A0F6584080E54AB485 +B320A61654666362928B15EAAABFE6957B1BCB65F16A367E4B19888BFFDB +D6F7EA2892FA36FA18A2FCB5DBFEC9832E09B91ED9CD348AB77E25FA7403 590108A601010203035884A20281844B544545502D446576696365485365 637572654653508D82573A926D4754935332DC29997F7442746104585486 14A40150C0DDD5F15243566087DB4F5B0AA26C2F0250DB42F7093D8C55BA A8C5265FC5820F4E035824822F58208CF71AC86AF31BE184EC7A05A411A8 C3A14FD9B77A30D046397481469468ECE80E14010F020F05844B54454550 2D446576696365485365637572654653508D82573A926D4754935332DC29 -997F7444737569741158458614A115783B68747470733A2F2F6578616D70 +997F7444737569741458458614A115783B68747470733A2F2F6578616D70 6C652E6F72672F38643832353733612D393236642D343735342D39333533 2D3332646332393939376637342E7461150F030F1818448218210F ~~~~ diff --git a/testfiles/suit_manifest_expU0.cbor b/testfiles/suit_manifest_expU0.cbor index 22f2dce..99ceafa 100644 Binary files a/testfiles/suit_manifest_expU0.cbor and b/testfiles/suit_manifest_expU0.cbor differ diff --git a/testfiles/suit_manifest_expU0.md b/testfiles/suit_manifest_expU0.md index 19cfb90..45773bb 100644 --- a/testfiles/suit_manifest_expU0.md +++ b/testfiles/suit_manifest_expU0.md @@ -15,7 +15,7 @@ / authentication-wrapper / 2: << [ << [ / digest-algorithm-id: / -16 / SHA256 /, - / digest-bytes: / h'717687D957837552411B8805281F5C3AF5DC0A72252ED7FFEBCD1BA7DAE7917C' + / digest-bytes: / h'3E4334BE58525756989101480CA8642B13536E4E5BEBB488527744475B41F5FD' ] >>, << / COSE_Sign1_Tagged / 18([ / protected: / << { @@ -23,7 +23,7 @@ } >>, / unprotected: / {}, / payload: / null, - / signature: / h'932A62878B5D8104E1E5EDF8DB89B983899F349D55EC708CBFE12E289027FD7B28854058971DBFBDE55F228F381FBC494AE99BCF4172580446E71173EE07FA5B' + / signature: / h'E3D6E28AADDB5E84EF5B55A0B95AD3ACB90BE4C9E3DCBE9026C2586243BA806053C9369B52D8308AED9447A2EB12E47C0646FD8DFA3C24934C20D53785983885' ]) >> ] >>, / manifest / 3: << { @@ -35,7 +35,7 @@ [h'01'] ] } >>, - / install / 17: << [ + / install / 20: << [ / directive-set-component-index / 12, 0, / directive-override-parameters / 20, { / parameter-use-before / 4: 1696291200 / Tue 03 Oct 2023 12:00:00AM /, @@ -75,11 +75,11 @@ {: numbered='no'} ~~~~ -D86BA2025873825824822F5820717687D957837552411B8805281F5C3AF5 -DC0A72252ED7FFEBCD1BA7DAE7917C584AD28443A10126A0F65840932A62 -878B5D8104E1E5EDF8DB89B983899F349D55EC708CBFE12E289027FD7B28 -854058971DBFBDE55F228F381FBC494AE99BCF4172580446E71173EE07FA -5B035852A4010102000349A1028281410081410111583F8E0C0014A4041A +D86BA2025873825824822F58203E4334BE58525756989101480CA8642B13 +536E4E5BEBB488527744475B41F5FD584AD28443A10126A0F65840E3D6E2 +8AADDB5E84EF5B55A0B95AD3ACB90BE4C9E3DCBE9026C2586243BA806053 +C9369B52D8308AED9447A2EB12E47C0646FD8DFA3C24934C20D537859838 +85035852A4010102000349A1028281410081410114583F8E0C0014A4041A 651B5980181A0A181B20181C82048201000C011823A1008304181A181B14 A1181C8205830100020CF518204C88040F181A0F181C0F181B0F ~~~~ diff --git a/testfiles/suit_manifest_expU1.cbor b/testfiles/suit_manifest_expU1.cbor index 59ece52..bfae354 100644 Binary files a/testfiles/suit_manifest_expU1.cbor and b/testfiles/suit_manifest_expU1.cbor differ diff --git a/testfiles/suit_manifest_expU1.md b/testfiles/suit_manifest_expU1.md index 60f3b2c..79b79f4 100644 --- a/testfiles/suit_manifest_expU1.md +++ b/testfiles/suit_manifest_expU1.md @@ -15,7 +15,7 @@ / authentication-wrapper / 2: << [ << [ / digest-algorithm-id: / -16 / SHA256 /, - / digest-bytes: / h'DC697E3C251C4E03AD84139FA8487902EF5D22BB535CD86CE1EF29854A65FD96' + / digest-bytes: / h'3063438CC2DCEFB2AA25D893AE16C5C6B4A7ECD87B3A578EEFDA2F760A724F06' ] >>, << / COSE_Sign1_Tagged / 18([ / protected: / << { @@ -23,7 +23,7 @@ } >>, / unprotected: / {}, / payload: / null, - / signature: / h'8F8AD74434699E3173818954CC94C8EF969E1C6440000E4805D3CC309260ED77646A3DCDFC362982524EB887CD2A77354AEBD09C9714EB5005B41A4246AD6318' + / signature: / h'BC6620A01A8526C4DB8FEC103F13FA3D2D91F6B6E14C6FA40919A65D704BD41822F886C06378C0CF54EC38B18A8953A67400665373254E3C8CF74AB0F9AA92B6' ]) >> ] >>, / manifest / 3: << { @@ -35,7 +35,7 @@ [h'01'] ] } >>, - / install / 17: << [ + / install / 20: << [ / directive-override-multiple / 34, { / index / 0: { / parameter-wait-info / 29: << { @@ -62,10 +62,10 @@ {: numbered='no'} ~~~~ -D86BA2025873825824822F5820DC697E3C251C4E03AD84139FA8487902EF -5D22BB535CD86CE1EF29854A65FD96584AD28443A10126A0F658408F8AD7 -4434699E3173818954CC94C8EF969E1C6440000E4805D3CC309260ED7764 -6A3DCDFC362982524EB887CD2A77354AEBD09C9714EB5005B41A4246AD63 -18035832A4010102000349A1028281410081410111581F861822A200A118 +D86BA2025873825824822F58203063438CC2DCEFB2AA25D893AE16C5C6B4 +A7ECD87B3A578EEFDA2F760A724F06584AD28443A10126A0F65840BC6620 +A01A8526C4DB8FEC103F13FA3D2D91F6B6E14C6FA40919A65D704BD41822 +F886C06378C0CF54EC38B18A8953A67400665373254E3C8CF74AB0F9AA92 +B6035832A4010102000349A1028281410081410114581F861822A200A118 1D45A20120020A01A1181D47A1061A000143700CF5181D0F ~~~~ diff --git a/testfiles/validate_encrypted_files.py b/testfiles/validate_encrypted_files.py new file mode 100755 index 0000000..1fa857f --- /dev/null +++ b/testfiles/validate_encrypted_files.py @@ -0,0 +1,79 @@ +#!/usr/bin/env python3 + +import base64 +from cbor2 import dumps +from cwt import COSE, COSEMessage, COSEKey + +expected_plaintext_payload = b'This is a real firmware image.' + +# See Section 7.1.2 Example (AES-KW + AES-GCM) +# https://datatracker.ietf.org/doc/html/draft-ietf-suit-firmware-encryption#section-7.1.2 +print("Example 1: AES-KW") +secret_key_jwk = { + "kty": "Symmetric", + "k": "61" * 16, # 0x61 = 'a' + "alg": "A128KW", + "kid": "kid-1", +} +print(f"Secret COSE_Key: {secret_key_jwk}") +for key in ["k"]: + secret_key_jwk[key] = base64.b64encode(bytes.fromhex(secret_key_jwk[key])).decode() +secret_key = COSEKey.from_jwk(secret_key_jwk) + +# 1. Load SUIT_Encryption_Info and the detached encrypted payload +with open("./encryption_info_aes.cose", "rb") as f: + suit_encryption_info_bytes = f.read() +print(f"SUIT_Encryption_Info: {suit_encryption_info_bytes.hex()}") +with open("./encrypted_image_aes.bin", "rb") as f: + encrypted_payload_bytes = f.read() +print(f"Encrypted Payload: {encrypted_payload_bytes.hex()}") + +# 2. Decrypt the Encrypted Payload using SUIT_Encryption_Info +ctx = COSE.new() +result = ctx.decode(suit_encryption_info_bytes, keys=[secret_key], detached_payload=encrypted_payload_bytes) +print(f"\nDecrypted Payload: {result}") +assert result == expected_plaintext_payload +print("Successfully decrypted") + + +# See Section 7.1.3 Example (ECDH-ES+AES-KW + AES-GCM) +# https://datatracker.ietf.org/doc/html/draft-ietf-suit-firmware-encryption#section-7.1.3 +print("Example 2: ECDH-ES+AES-KW + AES-GCM") +receiver_private_key_jwk = { + "kty": "EC2", + "crv": "P-256", + "x": '5886CD61DD875862E5AAA820E7A15274C968A9BC96048DDCACE32F50C3651BA3', + "y": '9EED8125E932CD60C0EAD3650D0A485CF726D378D1B016ED4298B2961E258F1B', + "d": '60FE6DD6D85D5740A5349B6F91267EEAC5BA81B8CB53EE249E4B4EB102C476B3', + "key_ops": ["deriveKey"], + "alg": "ECDH-ES+A128KW", + "kid": "kid-2", +} +kdf_context = { + "alg": "A128KW", + "supp_pub": { + "key_data_length": 128, + "protected": {"alg": "ECDH-ES+A128KW"}, + "other": "SUIT Payload Encryption", + }, +} +print(f"Private COSE_Key: {receiver_private_key_jwk}") +for key in ["x", "y", "d"]: + receiver_private_key_jwk[key] = base64.b64encode(bytes.fromhex(receiver_private_key_jwk[key])).decode() +receiver_private_key = COSEKey.from_jwk(receiver_private_key_jwk) + +# 1. Load SUIT_Encryption_Info and the detached encrypted payload +with open("./encryption_info_esdh.cose", "rb") as f: + suit_encryption_info_bytes = f.read() +print(f"SUIT_Encryption_Info: {suit_encryption_info_bytes.hex()}") +with open("./encrypted_image_esdh.bin", "rb") as f: + encrypted_payload_bytes = f.read() +print(f"Encrypted Payload: {encrypted_payload_bytes.hex()}") + +# 2. Decrypt the Encrypted Payload using SUIT_Encryption_Info +ctx = COSE.new() +result = ctx.decode(suit_encryption_info_bytes, keys=[receiver_private_key], context=kdf_context, detached_payload=encrypted_payload_bytes) +print(f"\nDecrypted Payload: {result}") +assert result == expected_plaintext_payload +print("Successfully decrypted") +