thomas-fossati · thomas-fossati · Feb 8, 2023 · Jan 27, 2023 · Jan 31, 2023 · Jan 31, 2023
diff --git a/Gemfile b/Gemfile
@@ -2,4 +2,4 @@ source 'https://rubygems.org'
 
 gem 'json_pure'
 gem 'cddl', '>=0.9.1'
-gem 'cbor-diag', '>=0.8.1'
+gem 'cbor-diag', '=0.8.1'
diff --git a/cddl/cbor-labels.cddl b/cddl/cbor-labels.cddl
@@ -4,12 +4,17 @@ ar4si.trust-tier-affirming = 2
 ar4si.trust-tier-warning = 32
 ar4si.trust-tier-contraindicated = 96
 
-; EAR claims keys
+; EAR CWT claims
 ear.status = 1000
 ear.trustworthiness-vector = 1001
 ear.raw-evidence = 1002
 ear.appraisal-policy-id = 1003
-eat_profile = 265
+ear.verifier-id = 1004
+; EAT CWT claims
+eat.profile = 265
+eat.nonce = 10
+eat.submods= 266
+; CWT claims
 iat = 6
 
 ; ar4si.trustworthiness-vector keys
@@ -25,3 +30,10 @@ sourced-data = 7
 ; CBOR type mappings
 ear-bytes = bytes
 ear-label = int / text
+
+; ar4si.verifier-id keys
+developer = 0
+build = 1
+
+; EAT
+eat.nonce-type = bytes .size (8..64)
diff --git a/cddl/attestation-result.cddl → cddl/ear-appraisal.cddl b/cddl/attestation-result.cddl → cddl/ear-appraisal.cddl
@@ -1,9 +1,6 @@
-EAR = {
+EAR-appraisal = {
   ear.status => $ar4si.trust-tier
-  eat_profile => "tag:github.com,2022:veraison/ear"
   ? ear.trustworthiness-vector => ar4si.trustworthiness-vector
-  ? ear.raw-evidence => ear-bytes
-  iat => int
   ? ear.appraisal-policy-id => text
-  * $$ear-extension
+  * $$ear-appraisal-extension
 }
diff --git a/cddl/ear-cbor-frags.mk b/cddl/ear-cbor-frags.mk
@@ -1,4 +1,6 @@
-EAR_CBOR_FRAGS := attestation-result.cddl
+EAR_CBOR_FRAGS := ear.cddl
+EAR_CBOR_FRAGS += ear-appraisal.cddl
+EAR_CBOR_FRAGS += verifier-id.cddl
 EAR_CBOR_FRAGS += trustworthiness-vector.cddl
 EAR_CBOR_FRAGS += trust-tiers.cddl
 EAR_CBOR_FRAGS += veraison.cddl

diff --git a/cddl/ear-json-frags.mk b/cddl/ear-json-frags.mk
@@ -1,4 +1,6 @@
-EAR_JSON_FRAGS := attestation-result.cddl
+EAR_JSON_FRAGS := ear.cddl
+EAR_JSON_FRAGS += ear-appraisal.cddl
+EAR_JSON_FRAGS += verifier-id.cddl
 EAR_JSON_FRAGS += trustworthiness-vector.cddl
 EAR_JSON_FRAGS += trust-tiers.cddl
 EAR_JSON_FRAGS += veraison.cddl

diff --git a/cddl/ear.cddl b/cddl/ear.cddl
@@ -0,0 +1,9 @@
+EAR = {
+  eat.profile => "tag:github.com,2023:veraison/ear"
+  iat => int
+  ear.verifier-id => ar4si.verifier-id
+  ? ear.raw-evidence => ear-bytes
+  eat.submods => { + text => EAR-appraisal }
+  ? eat.nonce => eat.nonce-type
+  * $$ear-extension
+}
diff --git a/cddl/examples/ear-cbor-1.diag b/cddl/examples/ear-cbor-1.diag
@@ -1,17 +1,20 @@
 {
-  265: "tag:github.com,2022:veraison/ear",
-  1000: 96,
-  1001: {
-    0: 2,
-    1: 32,
-    2: 96,
-    3: 0,
-    4: 2,
-    5: 0,
-    6: 0,
-    7: 0
+  265: "tag:github.com,2023:veraison/ear",
+  6: 1666529184,
+  1004: {
+    0: "https://veraison-project.org",
+    1: "vts 0.0.1"
   },
   1002: h'6C696665626F61746D616E',
-  1003: "https://veraison.example/policy/1/60a0068d",
-  6: 1666529184
+  266: {
+    "PSA": {
+      1000: 96,
+      1001: {
+        0: 2,
+        2: 96,
+        4: 2
+      },
+      1003: "https://veraison.example/policy/1/60a0068d"
+    }
+  }
 }
diff --git a/cddl/examples/ear-json-1.diag b/cddl/examples/ear-json-1.diag
@@ -1,17 +1,21 @@
 {
-  "eat_profile": "tag:github.com,2022:veraison/ear",
-  "ear.status": "contraindicated",
-  "ear.trustworthiness-vector": {
-    "instance-identity": 2,
-    "configuration": 32,
-    "executables": 96,
-    "file-system": 0,
-    "hardware": 2,
-    "runtime-opaque": 0,
-    "storage-opaque": 0,
-    "sourced-data": 0
+  "eat_profile": "tag:github.com,2023:veraison/ear",
+  "iat": 1666529184,
+  "ear.verifier-id": {
+    "developer": "https://veraison-project.org",
+    "build": "vts 0.0.1"
   },
   "ear.raw-evidence": "NzQ3MjY5NzM2NTYzNzQK",
-  "ear.appraisal-policy-id": "https://veraison.example/policy/1/60a0068d",
-  "iat": 1666529184
+  "submods": {
+    "PSA": {
+      "ear.status": "contraindicated",
+      "ear.trustworthiness-vector": {
+        "instance-identity": 2,
+        "executables": 96,
+        "hardware": 2
+      },
+      "ear.appraisal-policy-id":
+        "https://veraison.example/policy/1/60a0068d"
+    }
+  }
 }
diff --git a/cddl/examples/ear-json-2.diag b/cddl/examples/ear-json-2.diag
@@ -1,7 +1,29 @@
 {
-  "eat_profile": "tag:github.com,2022:veraison/ear",
-  "ear.status": "affirming",
-  "ear.raw-evidence": "b2tva29rb2tva29rb2sK",
-  "ear.appraisal-policy-id": "https://veraison.example/policy/1/60a0068d",
-  "iat": 1666529310
+  "eat_profile": "tag:github.com,2023:veraison/ear",
+  "iat": 1666529300,
+  "ear.verifier-id": {
+    "developer": "https://veraison-project.org",
+    "build": "vts 0.0.1"
+  },
+  "ear.raw-evidence": "NzQ3MjY5NzM2NTYzNzQKNzQ3MjY5NzM2NTYzNzQK",
+  "submods": {
+    "CCA Platform": {
+      "ear.status": "affirming",
+      "ear.trustworthiness-vector": {
+        "instance-identity": 2,
+        "executables": 2,
+        "hardware": 2
+      },
+      "ear.appraisal-policy-id":
+        "https://veraison.example/policy/1/60a0068d"
+    },
+    "CCA Realm": {
+      "ear.status": "affirming",
+      "ear.trustworthiness-vector": {
+        "instance-identity": 2
+      },
+      "ear.appraisal-policy-id":
+        "https://veraison.example/policy/1/60a0068d"
+    }
+  }
 }
diff --git a/cddl/examples/ext-teep-cbor-1.diag b/cddl/examples/ext-teep-cbor-1.diag
@@ -1,20 +1,28 @@
 {
-  265: "tag:github.com,2022:veraison/ear",
-  1000: 96,
-  1001: {
-    0: 2,
-    1: 2,
-    2: 2,
-    4: 2
+  265: "tag:github.com,2023:veraison/ear",
+  6: 1666529184,
+  1004: {
+    0: "https://veraison-project.org",
+    1: "vts 0.0.1"
   },
   1002: h'6C696665626F61746D616E',
-  1003: "https://veraison.example/policy/1/60a0068d",
-  6: 1666529184,
-  65000: {
-    10: h'948f8860d13a463e',
-    256: h'0198f50a4ff6c05861c8860d13a638ea',
-    258: 64242,
-    259: h'ee80f5a66c1fb9742999a8fdab930893',
-    260: ["1.2.5", 16384]
+  266: {
+    "PSA": {
+      1000: 0,
+      1001: {
+        0: 2,
+        1: 2,
+        2: 2,
+        4: 2
+      },
+      1003: "https://veraison.example/policy/1/60a0068d",
+      65000: {
+        10: h'948f8860d13a463e',
+        256: h'0198f50a4ff6c05861c8860d13a638ea',
+        258: 64242,
+        259: h'ee80f5a66c1fb9742999a8fdab930893',
+        260: ["1.2.5", 16384]
+      }
+    }
   }
 }
diff --git a/cddl/examples/ext-teep-json-1.diag b/cddl/examples/ext-teep-json-1.diag
@@ -1,19 +1,28 @@
 {
-  "eat_profile": "tag:github.com,2022:veraison/ear",
-  "ear.status": "affirming",
-  "ear.trustworthiness-vector": {
-    "instance-identity": 2,
-    "configuration": 2,
-    "executables": 2,
-    "hardware": 2
+  "eat_profile": "tag:github.com,2023:veraison/ear",
+  "iat": 1666529184,
+  "ear.verifier-id": {
+    "developer": "https://veraison-project.org",
+    "build": "vts 0.0.1"
   },
-  "iat": 1666529284,
-  "ear.appraisal-policy-id": "https://veraison.example/policy/1/60a0068d",
-  "ear.teep-claims": {
-    "nonce": "80FH7byS7VjfARIq0_KLqu6B9j-F79QtV6p",
-    "ueid": "AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAh",
-    "oemid": "Av8B",
-    "hwmodel": "fJYq",
-    "hwversion": ["1.2.5", 16384]
+  "ear.raw-evidence": "NzQ3MjY5NzM2NTYzNzQK",
+  "submods": {
+    "PSA": {
+      "ear.status": "contraindicated",
+      "ear.trustworthiness-vector": {
+        "instance-identity": 2,
+        "executables": 96,
+        "hardware": 2
+      },
+      "ear.appraisal-policy-id":
+        "https://veraison.example/policy/1/60a0068d",
+      "ear.teep-claims": {
+        "eat_nonce": "80FH7byS7VjfARIq0_KLqu6B9j-F79QtV6p",
+        "ueid": "AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAh",
+        "oemid": "Av8B",
+        "hwmodel": "fJYq",
+        "hwversion": ["1.2.5", 16384]
+      }
+    }
   }
 }
diff --git a/cddl/examples/ext-veraison-cbor-1.diag b/cddl/examples/ext-veraison-cbor-1.diag
@@ -1,45 +1,60 @@
 {
-  265: "tag:github.com,2022:veraison/ear",
-  1000: 0,
-  1001: {
-    0: 2,
-    1: 2,
-    2: 2,
-    4: 2
+  265: "tag:github.com,2023:veraison/ear",
+  6: 1666529184,
+  1004: {
+    0: "https://veraison-project.org",
+    1: "vts 0.0.1"
   },
   1002: h'6C696665626F61746D616E',
-  1003: "https://veraison.example/policy/1/60a0068d",
-  6: 1666529184,
-  -70000: {
-    "eat-profile": "http://arm.com/psa/2.0.0",
-    "psa-client-id": 1,
-    "psa-security-lifecycle": 12288,
-    "psa-implementation-id": "AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyA=",
-    "psa-software-components": [
-      {
-        "measurement-value": "AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyA=",
-        "signer-id": "AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyA="
+  266: {
+    "PSA": {
+      1000: 0,
+      1001: {
+        0: 2,
+        1: 2,
+        2: 2,
+        4: 2
       },
-      {
-        "measurement-value": "AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyA=",
-        "signer-id": "AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyA="
+      1003: "https://veraison.example/policy/1/60a0068d",
+      -70000: {
+        "eat-profile": "http://arm.com/psa/2.0.0",
+        "psa-client-id": 1,
+        "psa-security-lifecycle": 12288,
+        "psa-implementation-id":
+          "AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyA=",
+        "psa-software-components": [
+          {
+            "measurement-value":
+              "AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyA=",
+            "signer-id":
+              "AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyA="
+          },
+          {
+            "measurement-value":
+              "AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyA=",
+            "signer-id":
+              "AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyA="
+          }
+        ],
+        "psa-nonce":
+          "AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyA=",
+        "psa-instance-id":
+          "AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAh",
+        "psa-certification-reference": "1234567890123-12345"
+      },
+      -70001: {
+        "psa-certified": {
+          "certificate-number": "1234567890123-12345",
+          "date-of-issue": "23/06/2022",
+          "test-lab": "Riscure",
+          "certification-holder": "ACME Inc.",
+          "certified-product": "RoadRunner",
+          "hardware-version": "Gizmo v1.0.2",
+          "software-version": "TrustedFirmware-M v1.0.6",
+          "certification-type": "PSA Certified Level 1 v2.1",
+          "developer-type": "PSA Certified – Device"
+        }
       }
-    ],
-    "psa-nonce": "AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyA=",
-    "psa-instance-id": "AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAh",
-    "psa-certification-reference": "1234567890123-12345"
-  },
-  -70001: {
-    "psa-certified": {
-      "certificate-number": "1234567890123-12345",
-      "date-of-issue": "23/06/2022",
-      "test-lab": "Riscure",
-      "certification-holder": "ACME Inc.",
-      "certified-product": "RoadRunner",
-      "hardware-version": "Gizmo v1.0.2",
-      "software-version": "TrustedFirmware-M v1.0.6",
-      "certification-type": "PSA Certified Level 1 v2.1",
-      "developer-type": "PSA Certified – Device"
     }
   }
 }