Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

extend the use of tagged-bytes to identifiers #188

Merged
merged 8 commits into from
Jan 8, 2024
Merged

extend the use of tagged-bytes to identifiers #188

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
50f2fe0
extend the use of tagged-bytes to identifiers
thomas-fossati Dec 20, 2023
9b82845
add test vector
thomas-fossati Dec 20, 2023
f6b97ba
Andy's comment about uniqueness
thomas-fossati Dec 20, 2023
b1f4810
do not use the passive form
thomas-fossati Dec 20, 2023
269c024
plural
thomas-fossati Dec 20, 2023
9757398
scoped uniqueness
thomas-fossati Dec 20, 2023
c3f0dee
Ned's editorial suggestion
thomas-fossati Jan 3, 2024
6fee7e3
add references to the tagged-bytes section
thomas-fossati Jan 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions cddl/class-id-type-choice.cddl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
$class-id-type-choice /= tagged-oid-type
$class-id-type-choice /= tagged-uuid-type
$class-id-type-choice /= tagged-int-type
$class-id-type-choice /= tagged-bytes
1 change: 1 addition & 0 deletions cddl/corim-frags.mk
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ COMID_FRAGS += tag-identity-map.cddl
COMID_FRAGS += tag-rel-type-choice.cddl
COMID_FRAGS += tag-version-type.cddl
COMID_FRAGS += tagged-int.cddl
COMID_FRAGS += tagged-bytes.cddl
COMID_FRAGS += triples-map.cddl
COMID_FRAGS += ueid.cddl
COMID_FRAGS += uuid.cddl
Expand Down
26 changes: 26 additions & 0 deletions cddl/examples/comid-opaque-instance-id.cddl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
/ concise-mid-tag / {
/ comid.tag-identity / 1 : {
/ comid.tag-id / 0 : h'3f06af63a93c11e4979700505690773f'
},
/ comid.entity / 2 : [ {
/ comid.entity-name / 0 : "ACME Inc.",
/ comid.reg-id / 1 : 32("https://acme.example"),
/ comid.role / 2 : [ 0 ] / tag-creator /
} ],
/ comid.triples / 4 : {
/ comid.reference-triples / 0 : [ [
/ environment-map / {
/ comid.instance / 1 : / e.g., SEV-SNP CHIP_ID / 560(
h'9f71ec4d223f4f899d532ed6ff6ecbbb4a62cb386ba24c204c9371ce5e3b9291713fe96b9b413d8842968ebb1fa4cf1920d0c5e9f872776a1e826f2851ecdb47')
},
/ measurement-map / {
/ comid.mval / 1 : {
/ comid.ver / 0 : {
/ comid.version / 0 : "1.0.0",
/ comid.version-scheme / 1 : 16384 / semver /
},
}
}
] ]
}
}
1 change: 1 addition & 0 deletions cddl/group-id-type-choice.cddl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
$group-id-type-choice /= tagged-uuid-type
$group-id-type-choice /= tagged-bytes
1 change: 1 addition & 0 deletions cddl/instance-id-type-choice.cddl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
$instance-id-type-choice /= tagged-ueid-type
$instance-id-type-choice /= tagged-uuid-type
$instance-id-type-choice /= $crypto-key-type-choice
$instance-id-type-choice /= tagged-bytes
1 change: 0 additions & 1 deletion cddl/raw-value.cddl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
tagged-bytes = #6.560(bytes)
$raw-value-type-choice /= tagged-bytes

raw-value-mask-type = bytes
1 change: 1 addition & 0 deletions cddl/tagged-bytes.cddl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
tagged-bytes = #6.560(bytes)
21 changes: 16 additions & 5 deletions draft-ietf-rats-corim.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -303,6 +303,17 @@ convention - e.g., {{Section 4.4.1.5 of -psa-token}}).
{::include cddl/digest.cddl}
~~~

### Tagged Bytes Type {#sec-common-tagged-bytes}

An opaque, variable-length byte string.
It can be used in different contexts: as an instance, class or group identifier in an `environment-map`; as a raw value measurement in a `measurement-values-map`.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed to omit this suggestion.

Its semantics are defined by the context in which it is found, and by the overarching CoRIM profile.
When used as an identifier the responsible allocator entity SHOULD ensure uniqueness within the usage scope.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
When used as an identifier the responsible allocator entity SHOULD ensure uniqueness within the usage scope.
When used as an identifier the responsible allocator entity SHOULD ensure global uniqueness.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think global uniqueness is needed here. It is sufficient that the tagged bytes unambiguously identify an entity within a given scope. The same 560(h'01') may refer to instance "1" or to class "1" without ambiguity.

Copy link
Collaborator

@nedmsmith nedmsmith Jan 3, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The other examples of instance-id have implied global uniqueness properties. The motivation for adding bytes was that some felt ueid might not be big enough to ensure global uniqueness. The verifier doesn't have additional context to know what scope to apply to disambiguate scope-A:bytes from scope-B:bytes. We shouldn't overload class properties in instance-id since class-id is intended accommodate class-based identifiers.

The problem is there is one section for describing the semantics of the tag 560 () but it is used in all three environment-map options where each has different scope (class, instance, or group). 560 means different things depending on class, instance, or group context. Descriptive text should be specific to each context.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Clarifying why I do not agree with Andy's suggestion: the word global to me implies across contexts, which is not what we should require from the allocator for the reason I've tried to describe above.

Descriptive text should be specific to each context.

Do you have any suggestions? ISTM that the exact semantics will be profile-specific, i.e., out-of-scope of base CoRIM -- except if DICE has anything to say about #6.560.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Discussion today resolved that 560 is to be interpreted within the CDDL context in which it occurs. This PR proposes 3 additional contexts from the current raw-value-group context. The description of the CDDL for each context should describe the expected properties.

In the case, of environment-map there are other issue #176 observes the lack of meaningful scoping discussion for each of the fields (class, instance, group). If we resolve #176, then this thread becomes mute.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Discussion today resolved that 560 is to be interpreted within the CDDL context in which it occurs.

Yes

This PR proposes 3 additional contexts from the current raw-value-group context.

I don't understand this.

The description of the CDDL for each context should describe the expected properties.

Yes

In the case, of environment-map there are other issue #176 observes the lack of meaningful scoping discussion for each of the fields (class, instance, group). If we resolve #176, then this thread becomes mute.

WFM

thomas-fossati marked this conversation as resolved.
Show resolved Hide resolved

~~~ cddl
{::include cddl/tagged-bytes.cddl}
~~~

# Concise Reference Integrity Manifest (CoRIM) {#sec-corim}

A CoRIM is a collection of tags and related metadata as described below.
Expand Down Expand Up @@ -821,7 +832,7 @@ An instance carries a unique identifier that is reliably bound to a Target Envir
that is an instance of the Attester.

The types defined for an instance identifier are CBOR tagged expressions of
UEID, UUID, or cryptographic key identifier.
UEID, UUID, variable-length opaque byte string, or cryptographic key identifier.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please either add a reference to tagged bytes or describe profile specific behaviour dependency here!

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done in 6fee7e3

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar entry is needed in the class identifier as well!

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see 6fee7e3


~~~ cddl
{::include cddl/instance-id-type-choice.cddl}
Expand All @@ -833,7 +844,7 @@ A group carries a unique identifier that is reliably bound to a group of
Attesters, for example when a number of Attester are hidden in the same
anonymity set.

The type defined for a group identified is UUID.
The types defined for a group identified are UUID and variable-length opaque byte string.

~~~ cddl
{::include cddl/group-id-type-choice.cddl}
Expand Down Expand Up @@ -1045,7 +1056,7 @@ Raw value measurements are typically vendor defined values that are checked by V
for consistency only, since the security relevance is opaque to Verifiers.

There are two parts to a `raw-value-group`, a measurement and an optional mask.
The default raw value measurement is a CBOR tagged `bstr`.
The default raw value measurement is of type `tagged-bytes` ({{sec-common-tagged-bytes}}).
Additional raw value types can be defined, but must be CBOR tagged so that parsers can distinguish
between the various semantics of type values.

Expand Down Expand Up @@ -1962,9 +1973,9 @@ IANA is requested to allocate the following tags in the "CBOR Tags" registry {{!
| 555 | `text` | tagged-pkix-base64-cert-type, see {{sec-crypto-keys}} | {{&SELF}} |
| 556 | `text` | tagged-pkix-base64-cert-path-type, see {{sec-crypto-keys}} | {{&SELF}} |
| 557 | `[int/text, bytes]` | tagged-thumbprint-type, see {{sec-common-hash-entry}} | {{&SELF}} |
| 558 | `COSE_Key/ COSE_KeySet` | tagged-cose-key-type, see {{sec-crypto-keys}} | {{&SELF}} |
| 558 | `COSE_Key/ COSE_KeySet` | tagged-cose-key-type, see {{sec-crypto-keys}} | {{&SELF}} |
| 559 | `digest` | tagged-cert-thumbprint-type, see {{sec-crypto-keys}} | {{&SELF}} |
| 560 | `bytes` | tagged-bytes, see {{sec-comid-raw-value-types}} | {{&SELF}} |
| 560 | `bytes` | tagged-bytes, see {{sec-common-tagged-bytes}} | {{&SELF}} |
| 561 | `digest` | tagged-cert-path-thumbprint-type, see {{sec-crypto-keys}} | {{&SELF}} |
| 562-599 | `any` | Earmarked for CoRIM | {{&SELF}} |

Expand Down
Loading