add CDDL for the AR4SI types

Signed-off-by: Thomas Fossati <[email protected]>
ietf-rats-wg · Feb 3, 2025 · 5ed5e3c · 5ed5e3c
1 parent 1dff7f0
commit 5ed5e3c
Show file tree

Hide file tree

Showing 10 changed files with 87 additions and 0 deletions.
diff --git a/Makefile b/Makefile
@@ -13,3 +13,11 @@ else
 	    https://github.com/martinthomson/i-d-template $(LIBDIR)
 endif
 endif
+
+CDDL := cddl/ar4si-autogen.cddl
+
+cddl/ar4si-autogen.cddl: ; $(MAKE) -C cddl
+
+$(drafts_txt):: $(CDDL)
+
+clean:: ; $(MAKE) -C cddl $@
diff --git a/cddl/Makefile b/cddl/Makefile
@@ -0,0 +1,27 @@
+SHELL := /bin/bash
+
+.DEFAULT_GOAL := check
+
+FRAGMENTS += start.cddl
+FRAGMENTS += trustworthiness-vector.cddl 
+FRAGMENTS += trustworthiness-claim.cddl 
+FRAGMENTS += trust-tier.cddl 
+FRAGMENTS += verifier-id.cddl 
+FRAGMENTS += non-empty.cddl
+FRAGMENTS += jc.cddl
+
+ar4si-autogen.cddl: ; cddlc -2t cddl $(FRAGMENTS) > $@
+
+CLEANFILES += ar4si-autogen.cddl
+
+.PHONY: clean
+clean: ; rm -f $(CLEANFILES)
+
+.PHONY: check-c
+check-c: ar4si-autogen.cddl; cddl $< generate 10
+
+.PHONY: check-j
+check-j: ar4si-autogen.cddl; cddl $< json-generate 10
+
+.PHONY: check
+check: check-c check-j
diff --git a/cddl/jc.cddl b/cddl/jc.cddl
@@ -0,0 +1,3 @@
+JSON-ONLY<J> = J .feature "json"
+CBOR-ONLY<C> = C .feature "cbor"
+JC<J,C> = JSON-ONLY<J> / CBOR-ONLY<C>
diff --git a/cddl/non-empty.cddl b/cddl/non-empty.cddl
@@ -0,0 +1 @@
+non-empty<M> = (M) .within ({ + any => any })
diff --git a/cddl/start.cddl b/cddl/start.cddl
@@ -0,0 +1 @@
+$.start.$ = trustworthiness-vector / trust-tier / verifier-id
diff --git a/cddl/trust-tier.cddl b/cddl/trust-tier.cddl
@@ -0,0 +1,9 @@
+trust-tier-none-label = JC<"none", 0>
+trust-tier-affirming-label = JC<"affirming", 2>
+trust-tier-warning-label = JC<"warning", 32>
+trust-tier-contraindicated-label = JC<"contraindicated", 96>
+
+trust-tier /= trust-tier-none-label
+trust-tier /= trust-tier-affirming-label
+trust-tier /= trust-tier-warning-label
+trust-tier /= trust-tier-contraindicated-label
diff --git a/cddl/trustworthiness-claim.cddl b/cddl/trustworthiness-claim.cddl
@@ -0,0 +1 @@
+trustworthiness-claim = -128..127
diff --git a/cddl/trustworthiness-vector.cddl b/cddl/trustworthiness-vector.cddl
@@ -0,0 +1,19 @@
+trustworthiness-vector = non-empty<{
+  ? instance-identity-label => trustworthiness-claim
+  ? configuration-label => trustworthiness-claim
+  ? executables-label => trustworthiness-claim
+  ? file-system-label => trustworthiness-claim
+  ? hardware-label => trustworthiness-claim
+  ? runtime-opaque-label => trustworthiness-claim
+  ? storage-opaque-label => trustworthiness-claim
+  ? sourced-data-label => trustworthiness-claim
+}>
+
+instance-identity-label = JC<"instance-identity", 0>
+configuration-label = JC<"configuration", 1>
+executables-label = JC<"executables", 2>
+file-system-label = JC<"file-system", 3>
+hardware-label = JC<"hardware", 4>
+runtime-opaque-label = JC<"runtime-opaque", 5>
+storage-opaque-label = JC<"storage-opaque", 6>
+sourced-data-label = JC<"sourced-data", 7>
diff --git a/cddl/verifier-id.cddl b/cddl/verifier-id.cddl
@@ -0,0 +1,7 @@
+verifier-id = {
+  developer-label => text
+  build-label => text
+}
+
+developer-label = JC<"developer", 0>
+build-label = JC<"build", 1>
diff --git a/draft-ietf-rats-ar4si.md b/draft-ietf-rats-ar4si.md
@@ -97,6 +97,7 @@ This document defines reusable Attestation Result information elements.
 When these elements are offered to Relying Parties as Evidence, different aspects of Attester trustworthiness can be evaluated.
 Additionally, where the Relying Party is interfacing with a heterogeneous mix of Attesting Environment and Verifier types, consistent policies can be applied to subsequent information exchange between each Attester and the Relying Party.
 
+This document also defines two serialisations of the proposed information model, utilising CBOR and JSON.
 
 --- middle
 
@@ -631,6 +632,16 @@ This subset is when trustworthiness depends on the continuous availability of a
 With such connectivity dependent Attestation Results, if there is a reboot which resets transport connectivity, all established Trustworthiness Claims should be cleared.
 Subsequent connection re-establishment will allow fresh new Trustworthiness Claims to be delivered.
 
+# Data Model {#dm}
+
+The following CDDL defines the necessary AR4SI types for use in CBOR and JSON serializations.
+
+Other serializations are possible but must be defined in subsequent documents.
+
+~~~ cddl
+{::include cddl/ar4si-autogen.cddl}
+~~~
+
 # Secure Interactions Models
 
 There are multiple ways of providing a Trustworthiness Vector to a Relying Party.
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		$.start.$ = trustworthiness-vector / trust-tier / verifier-id