-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
extend the use of tagged-bytes to identifiers #188
Changes from 7 commits
50f2fe0
9b82845
f6b97ba
b1f4810
269c024
9757398
c3f0dee
6fee7e3
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,4 @@ | ||
$class-id-type-choice /= tagged-oid-type | ||
$class-id-type-choice /= tagged-uuid-type | ||
$class-id-type-choice /= tagged-int-type | ||
$class-id-type-choice /= tagged-bytes |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
/ concise-mid-tag / { | ||
/ comid.tag-identity / 1 : { | ||
/ comid.tag-id / 0 : h'3f06af63a93c11e4979700505690773f' | ||
}, | ||
/ comid.entity / 2 : [ { | ||
/ comid.entity-name / 0 : "ACME Inc.", | ||
/ comid.reg-id / 1 : 32("https://acme.example"), | ||
/ comid.role / 2 : [ 0 ] / tag-creator / | ||
} ], | ||
/ comid.triples / 4 : { | ||
/ comid.reference-triples / 0 : [ [ | ||
/ environment-map / { | ||
/ comid.instance / 1 : / e.g., SEV-SNP CHIP_ID / 560( | ||
h'9f71ec4d223f4f899d532ed6ff6ecbbb4a62cb386ba24c204c9371ce5e3b9291713fe96b9b413d8842968ebb1fa4cf1920d0c5e9f872776a1e826f2851ecdb47') | ||
}, | ||
/ measurement-map / { | ||
/ comid.mval / 1 : { | ||
/ comid.ver / 0 : { | ||
/ comid.version / 0 : "1.0.0", | ||
/ comid.version-scheme / 1 : 16384 / semver / | ||
}, | ||
} | ||
} | ||
] ] | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,2 @@ | ||
$group-id-type-choice /= tagged-uuid-type | ||
$group-id-type-choice /= tagged-bytes |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,4 @@ | ||
$instance-id-type-choice /= tagged-ueid-type | ||
$instance-id-type-choice /= tagged-uuid-type | ||
$instance-id-type-choice /= $crypto-key-type-choice | ||
$instance-id-type-choice /= tagged-bytes |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,3 @@ | ||
tagged-bytes = #6.560(bytes) | ||
$raw-value-type-choice /= tagged-bytes | ||
|
||
raw-value-mask-type = bytes |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
tagged-bytes = #6.560(bytes) |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -303,6 +303,17 @@ convention - e.g., {{Section 4.4.1.5 of -psa-token}}). | |
{::include cddl/digest.cddl} | ||
~~~ | ||
|
||
### Tagged Bytes Type {#sec-common-tagged-bytes} | ||
|
||
An opaque, variable-length byte string. | ||
It can be used in different contexts: as an instance, class or group identifier in an `environment-map`; as a raw value measurement in a `measurement-values-map`. | ||
Its semantics are defined by the context in which it is found, and by the overarching CoRIM profile. | ||
When used as an identifier the responsible allocator entity SHOULD ensure uniqueness within the context that it is used. | ||
|
||
~~~ cddl | ||
{::include cddl/tagged-bytes.cddl} | ||
~~~ | ||
|
||
# Concise Reference Integrity Manifest (CoRIM) {#sec-corim} | ||
|
||
A CoRIM is a collection of tags and related metadata as described below. | ||
|
@@ -821,7 +832,7 @@ An instance carries a unique identifier that is reliably bound to a Target Envir | |
that is an instance of the Attester. | ||
|
||
The types defined for an instance identifier are CBOR tagged expressions of | ||
UEID, UUID, or cryptographic key identifier. | ||
UEID, UUID, variable-length opaque byte string, or cryptographic key identifier. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Please either add a reference to tagged bytes or describe profile specific behaviour dependency here! There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. done in 6fee7e3 There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Similar entry is needed in the class identifier as well! There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. see 6fee7e3 |
||
|
||
~~~ cddl | ||
{::include cddl/instance-id-type-choice.cddl} | ||
|
@@ -833,7 +844,7 @@ A group carries a unique identifier that is reliably bound to a group of | |
Attesters, for example when a number of Attester are hidden in the same | ||
anonymity set. | ||
|
||
The type defined for a group identified is UUID. | ||
The types defined for a group identified are UUID and variable-length opaque byte string. | ||
|
||
~~~ cddl | ||
{::include cddl/group-id-type-choice.cddl} | ||
|
@@ -1045,7 +1056,7 @@ Raw value measurements are typically vendor defined values that are checked by V | |
for consistency only, since the security relevance is opaque to Verifiers. | ||
|
||
There are two parts to a `raw-value-group`, a measurement and an optional mask. | ||
The default raw value measurement is a CBOR tagged `bstr`. | ||
The default raw value measurement is of type `tagged-bytes` ({{sec-common-tagged-bytes}}). | ||
Additional raw value types can be defined, but must be CBOR tagged so that parsers can distinguish | ||
between the various semantics of type values. | ||
|
||
|
@@ -1962,9 +1973,9 @@ IANA is requested to allocate the following tags in the "CBOR Tags" registry {{! | |
| 555 | `text` | tagged-pkix-base64-cert-type, see {{sec-crypto-keys}} | {{&SELF}} | | ||
| 556 | `text` | tagged-pkix-base64-cert-path-type, see {{sec-crypto-keys}} | {{&SELF}} | | ||
| 557 | `[int/text, bytes]` | tagged-thumbprint-type, see {{sec-common-hash-entry}} | {{&SELF}} | | ||
| 558 | `COSE_Key/ COSE_KeySet` | tagged-cose-key-type, see {{sec-crypto-keys}} | {{&SELF}} | | ||
| 558 | `COSE_Key/ COSE_KeySet` | tagged-cose-key-type, see {{sec-crypto-keys}} | {{&SELF}} | | ||
| 559 | `digest` | tagged-cert-thumbprint-type, see {{sec-crypto-keys}} | {{&SELF}} | | ||
| 560 | `bytes` | tagged-bytes, see {{sec-comid-raw-value-types}} | {{&SELF}} | | ||
| 560 | `bytes` | tagged-bytes, see {{sec-common-tagged-bytes}} | {{&SELF}} | | ||
| 561 | `digest` | tagged-cert-path-thumbprint-type, see {{sec-crypto-keys}} | {{&SELF}} | | ||
| 562-599 | `any` | Earmarked for CoRIM | {{&SELF}} | | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed to omit this suggestion.