dice-coev/cwt-eat.cddl at main · TrustedComputingGroup/dice-coev · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

cwt-eat = {
  ; CWT claims are registered at https://www.iana.org/assignments/cwt/cwt.xhtml

  ; EAT claims are defined in https://datatracker.ietf.org/doc/draft-ietf-rats-eat/

  ; An EAT profile is either a URL or an OID.
  ? &(eat-profile : 265 ) => ~oid ; "2.16.840.1.113741.1.16.1" - note: `~` strips CBOR tag #6.111(oid) from `oid`

  ; Issuer claim is StringOrURI (tstr)
  &(iss : 1) => tstr

  ; Subject claim as StringOrURI (tstr)
  ? &(sub : 2) => tstr / bstr

  ; Nonce claim is nonce-type = bstr .size (8..64)
  ? &(nonce : 10) => bstr

  ; EAT measurements claim is defined in section-4.2.16
  ? &(eat-measurements : 273) => measurements-type

}

$measurements-body-cbor /= bytes .cbor concise-evidence-map
oid = tagged-oid-type

; EAT related CDDL

JC<J,C> = JSON-ONLY<J> / CBOR-ONLY<C>
JSON-ONLY<J> = J .feature "json"
CBOR-ONLY<C> = C .feature "cbor"

measurements-type = [+ measurements-format]
measurements-format = [
  content-type:   coap-content-format,
  content-format: JC< $measurements-body-json, $measurements-body-cbor >
]
coap-content-format = uint .le 65535

signed-cwt = #6.18(COSE-Sign1-concise-evidence)

COSE-Sign1-concise-evidence = [
  protected: bstr .cbor protected-ce-header-map
  unprotected: unprotected-ce-header-map
  payload: bstr .cbor cwt-eat
  signature: bstr
]

protected-ce-header-map = {
  ; Well-defined header fields
  &(alg-id: 1) => int
  &(content-type: 3) => tstr / int
  &(issuer-key-id: 4) => bstr
  ; User-defined fields
  * cose-label => cose-value
}

unprotected-ce-header-map = {
  ? &(x5-chain: 33) => bstr / [ 2*certs: bstr ]
  * cose-label => cose-value
}