Drop top level tagging requirement

Tagged type choices are not typical. I would go so far as to drop the 500 tag as the entrypoint to CoRIM altogether. NVIDIA is creating CoRIMs this way, but they are using a different content-type in the protected header. I think we can drop it in an follow-up. This patch drops * the need to tag the type choice * the extensibility of concise-rim-type-choice, since extensibility is governed by a profile, and the profile is not known at this point in parsing. * the need to tag the signed corim, since it is a COSE-sign1 with an unambigiuous content-type, and COSE-sign1 already has its own tag. Addresses Issue #333, but 500 and 502 removal is TBD. Signed-off-by: Dionna Glaze <[email protected]>
ietf-rats-wg · Oct 25, 2024 · 74cd2da · 74cd2da
1 parent 69cb6fd
commit 74cd2da
Show file tree

Hide file tree

Showing 8 changed files with 137 additions and 7 deletions.
diff --git a/cddl/cbor-tags.txt b/cddl/cbor-tags.txt
@@ -1,4 +1,4 @@
-tagged-concise-rim-type-choice = #6.500($concise-rim-type-choice)
+tagged-concise-rim-type-choice = #6.500(concise-rim-type-choice)
 tagged-corim-map = #6.501(corim-map)
 tagged-signed-corim = #6.502(signed-corim)
 tagged-concise-swid-tag = #6.505(bytes .cbor concise-swid-tag)

diff --git a/cddl/corim.cddl b/cddl/corim.cddl
@@ -1,4 +1,4 @@
-corim = tagged-concise-rim-type-choice
-
-$concise-rim-type-choice /= tagged-corim-map
-$concise-rim-type-choice /= tagged-signed-corim
+corim = (tagged-concise-rim-type-choice / concise-rim-type-choice)
+concise-rim-type-choice /= tagged-corim-map
+concise-rim-type-choice /= tagged-signed-corim
+concise-rim-type-choice /= signed-corim
diff --git a/cddl/examples/corim-3.diag b/cddl/examples/corim-3.diag
@@ -0,0 +1,48 @@
+/ corim-map / 501({
+  / corim.id / 0 : h'284e6c3e5d9f4f6b851f5a4247f243a7',
+  / corim.tags / 1 : [
+    / concise-mid-tag / 506( <<
+      / concise-mid-tag / {
+        / comid.tag-identity / 1 : {
+          / comid.tag-id / 0 : h'3f06af63a93c11e4979700505690773f'
+        },
+        / comid.entity / 2 : [ {
+          / comid.entity-name / 0 : "ACME Inc.",
+          / comid.reg-id / 1 : 32("https://acme.example"),
+          / comid.role / 2 : [ 0 ] / tag-creator /
+        } ],
+        / comid.triples / 4 : {
+          / comid.reference-triples / 0 : [ [
+            / environment-map / {
+              / comid.class / 0 : {
+                / comid.class-id / 0 :
+                  / tagged-uuid-type / 37(
+                    h'67b28b6c34cc40a19117ab5b05911e37'
+                  ),
+                / comid.vendor / 1 : "ACME Inc.",
+                / comid.model / 2 : "ACME RoadRunner",
+                / comid.layer / 3 : 1
+              }
+            },
+            [
+              / measurement-map / {
+                / comid.mval / 1 : {
+                  / comid.ver / 0 : {
+                    / comid.version / 0 : "1.0.0",
+                    / comid.version-scheme / 1 : 16384 / semver /
+                  },
+                  / comid.digests / 2 : [ [
+                    / hash-alg-id / 1, / sha256 /
+                    / hash-value / h'44aa336af4cb14a879432e53dd6571c7fa9bccafb75f488259262d6ea3a4d91b'
+                  ] ]
+                }
+              }
+            ]
+          ] ]
+        }
+      }
+    >> )
+    ]
+  }
+)
+
diff --git a/cddl/examples/corim-4.diag b/cddl/examples/corim-4.diag
@@ -0,0 +1,62 @@
+/ signed-corim / 18([
+  / protected / <<
+    {
+      / alg: / 1: / ECDSA with SHA-384 / -35,
+      / content-type: / 3: "application/corim-unsigned+cbor",
+      / kid: / 4: h'f8ccd2b49fdba32cd94498030fdc8e5010358919',
+      / corim-meta: / 8: << {
+        / signer: / 0: {
+	  / signer-name: / 0: "ACME Ltd."
+	}
+      } >>
+    }
+  >>,
+  / unprotected-corim-header-map / {},
+  / payload / << / corim-map / {
+    / corim.id / 0 : h'284e6c3e5d9f4f6b851f5a4247f243a7',
+    / corim.tags / 1 : [
+      / concise-mid-tag / 506( <<
+        / concise-mid-tag / {
+          / comid.tag-identity / 1 : {
+            / comid.tag-id / 0 : h'3f06af63a93c11e4979700505690773f'
+          },
+          / comid.entity / 2 : [ {
+            / comid.entity-name / 0 : "ACME Inc.",
+            / comid.reg-id / 1 : 32("https://acme.example"),
+            / comid.role / 2 : [ 0 ] / tag-creator /
+          } ],
+          / comid.triples / 4 : {
+            / comid.reference-triples / 0 : [ [
+              / environment-map / {
+                / comid.class / 0 : {
+                  / comid.class-id / 0 :
+                    / tagged-uuid-type / 37(
+                      h'67b28b6c34cc40a19117ab5b05911e37'
+                    ),
+                  / comid.vendor / 1 : "ACME Inc.",
+                  / comid.model / 2 : "ACME RoadRunner",
+                  / comid.layer / 3 : 1
+                }
+              },
+              [
+                / measurement-map / {
+                  / comid.mval / 1 : {
+                    / comid.ver / 0 : {
+                      / comid.version / 0 : "1.0.0",
+                      / comid.version-scheme / 1 : 16384 / semver /
+                    },
+                    / comid.digests / 2 : [ [
+                      / hash-alg-id / 1, / sha256 /
+                      / hash-value / h'44aa336af4cb14a879432e53dd6571c7fa9bccafb75f488259262d6ea3a4d91b'
+                    ] ]
+                  }
+                }
+              ]
+            ] ]
+          }
+        }
+      >> )
+      ]
+    } >>,
+  / signature / h'30650231009b98c7426d49d565c14df770dd3c0844a2b61d3573bdef2cea8495109b2e7f1d7e16d9109c70bc003d8a10b90787ec5e0230654242537fe8194ce8666d3fd907931329722dd065df11e14d6125b5f30dce54a26f7c7f69faa9dd977cee48a6bd087a'
+])
diff --git a/cddl/examples/testcert.pem b/cddl/examples/testcert.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICHzCCAaWgAwIBAgIUSqLyKszXuswGerHhgl6QpGUq68IwCgYIKoZIzj0EAwMw
+PDETMBEGA1UECAwKVGVzdCBTdGF0ZTESMBAGA1UECgwJQUNNRSBMdGQuMREwDwYD
+VQQDDAhUZXN0IGtleTAeFw0yNDEwMjMyMDEwMzlaFw0yNTEwMjMyMDEwMzlaMDwx
+EzARBgNVBAgMClRlc3QgU3RhdGUxEjAQBgNVBAoMCUFDTUUgTHRkLjERMA8GA1UE
+AwwIVGVzdCBrZXkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASZHfQ1cN6CZPoEBc2N
+AhhwULJVVuXOQ5H/EAC9SWHMYA9a5geCLjCH6xuNWUdYpvFagaa+YOEOA0wh6aNH
+0eujJ9d8aGp9qaWCAgB4Ojpt2Tz2/Sx9uMIBZ1EiTZTK/7SjaDBmMB0GA1UdDgQW
+BBT4zNK0n9ujLNlEmAMP3I5QEDWJGTAfBgNVHSMEGDAWgBT4zNK0n9ujLNlEmAMP
+3I5QEDWJGTAPBgNVHRMBAf8EBTADAQH/MBMGA1UdJQQMMAoGCCsGAQUFBwMDMAoG
+CCqGSM49BAMDA2gAMGUCMQCog6Xv+HWlQucSceLN04jOuv7CT/jAtsEdE+QcgRmB
+yntTntSiYh72QlaqailaoRwCMFClkUId76JG13C3qlRe8JAwuH7ofWDC3nzBH0CD
+cMqrMt8lCAKK7ZT5YvWrD7lNIQ==
+-----END CERTIFICATE-----
diff --git a/cddl/examples/testkey.pem b/cddl/examples/testkey.pem
@@ -0,0 +1,6 @@
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCY7ga4U2WsZVOoDHvk
+rbcUumkt7N0QTSdCUIVyFzLkSO3X15uty74E4djA2Vrg8GKhZANiAASZHfQ1cN6C
+ZPoEBc2NAhhwULJVVuXOQ5H/EAC9SWHMYA9a5geCLjCH6xuNWUdYpvFagaa+YOEO
+A0wh6aNH0eujJ9d8aGp9qaWCAgB4Ojpt2Tz2/Sx9uMIBZ1EiTZTK/7Q=
+-----END PRIVATE KEY-----
diff --git a/cddl/tagged-concise-rim-type-choice.cddl b/cddl/tagged-concise-rim-type-choice.cddl
@@ -1,2 +1,2 @@
 
-tagged-concise-rim-type-choice = #6.500($concise-rim-type-choice)
+tagged-concise-rim-type-choice = #6.500(concise-rim-type-choice)
diff --git a/draft-ietf-rats-corim.md b/draft-ietf-rats-corim.md
@@ -259,7 +259,7 @@ For more detail, see {{sec-corim-profile-types}}.
 
 A CoRIM can be signed ({{sec-corim-signed}}) using COSE Sign1 to provide end-to-end security to the CoRIM contents.
 When CoRIM is signed, the protected header carries further identifying information about the CoRIM signer.
-Alternatively, CoRIM can be encoded as a CBOR-tagged payload ({{sec-corim-map}}) and transported over a secure channel.
+Alternatively, CoRIM can be encoded as a #6.501 CBOR-tagged payload ({{sec-corim-map}}) and transported over a secure channel.
 
 The following CDDL describes the top-level CoRIM.