Re: [sacm] [Rats] CoSWID and EAT and CWT
Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Wed, 27 November 2019 13:08 UTC
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A50E91208B1; Wed, 27 Nov 2019 05:08:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u3go4sabj2Mj; Wed, 27 Nov 2019 05:08:21 -0800 (PST)
Received: from mailext.sit.fraunhofer.de (mailext.sit.fraunhofer.de [141.12.72.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C77A612083F; Wed, 27 Nov 2019 05:08:19 -0800 (PST)
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.15.2/8.15.2/Debian-10) with ESMTPS id xARD8E82006508 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA256 bits=128 verify=NOT); Wed, 27 Nov 2019 14:08:15 +0100
Received: from [192.168.178.8] (134.102.43.219) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.468.0; Wed, 27 Nov 2019 14:08:09 +0100
To: Laurence Lundblade <lgl@island-resort.com>, Thomas Fossati <Thomas.Fossati@arm.com>
CC: "rats@ietf.org" <rats@ietf.org>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "sacm@ietf.org" <sacm@ietf.org>
References: <2A12D8A3-722A-44D1-8011-218C89C8B50B@island-resort.com> <VI1PR08MB5360236E3583EBD3A78085EDFA490@VI1PR08MB5360.eurprd08.prod.outlook.com> <60C4E362-02FD-4DDF-BFB4-D09D358282D4@arm.com> <46CBC5D5-C4AF-4FFD-A06E-5D8B1FFF2AE7@island-resort.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <858c7298-10d2-9efc-ca94-98dc9801e607@sit.fraunhofer.de>
Date: Wed, 27 Nov 2019 14:08:08 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <46CBC5D5-C4AF-4FFD-A06E-5D8B1FFF2AE7@island-resort.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [134.102.43.219]
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/uNvjO30P4VuNXWL3zYj66IV-OoY>
Subject: Re: [sacm] [Rats] CoSWID and EAT and CWT
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Nov 2019 13:08:24 -0000
Hi Laurence, hi thomas, hi list, Thomas, thank you for the nice example write-up! And Laurance, thank you for the write-up of an example of a COSE signed EAT including an unsigned payload coswid tag. This is a write-up one option 3.) in issue #46. Option 4.) would wrap the CoSWID map in a COSE before putting it into an EAT using another key (let's say 22 instead of 21 - that's just an example). A reason could be that an external entity, such as the SIWD role software-creator [1], created the tag and signed it. Other keys would follow for XML encoding, type of resource collection, as outlined in #46. Viele Grüße, Henk [1] https://tools.ietf.org/html/draft-ietf-sacm-coswid-13#section-4.2 On 27.11.19 01:48, Laurence Lundblade wrote: > Looks good, Thomas > > Here’s a signed EAT with the CoSWID as a claim with label 21. > > In EATs with submods, there would likely be a CoSWID per submod (not > shown below). > > LL > > > 18( > [ > / protected parameters, bstr wrapped / << { > / alg / 1: -7 / ECDSA 256 / > } >>, > > / unprotected parameters / { > / kid / 4: h'4173796d6d657472696345434453413 > 23536' / 'AsymmetricECDSA256' / > }, > > > / COSE payload, the EAT, bstr wrapped / << { > / nonce / > > 7:h'948f8860d13a463e8e', > > > / UEID / > > 8:h'0198f50a4ff6c05861c8860d13a638ea4fe2f', > > > / boot_state (based on the -01 draft) / > > 12:{true, true, true, true, false}, > > > / time stamp / > > 6:1526542894, > > / The CoSWID / > > 21: { > > / tag-id, globally unique identifier for the software component / > > 0: "trustedfirmware.org/TF-M <http://trustedfirmware.org/TF-M>", > > > / tag-version (here: 0, i.e. initial tag) / > > 12: 0, > > > / software component name / > > 1: "TF-M", > > > / version of the software component / > > 13: "1.0.0-rc1+build.123", > > > / (optional) version scheme (here: semver) / > > 14: 16384, > > > / entity, i.e. organizations responsible for producing or > releasing > > the software component / > > 2: { > > / entity name / > > 31: "Linaro Limited", > > > / entity role (here: software creator) / > > 33: 2, > > > / thumbprint of the entity public key (algo -- here; > SHA-256 -- and value) / > > 34: [ > > 1, > > > h'5e73c2e6a96be594e56b218418a3ea03f1397934a2517d781855195fe3c5916b' > > ] > > }, > > > / payload / > 6: { > > / filesystem item (name and hash) / > 17: { > > 24: "tfm.bin", > 7: [ > 1, > > h'4a039f284d8ad68ca5b4d1592977c7c964c4abb5d08d87e4a0346b80cce5c74d' > ] > > } > > } > } > > } >>, > > > / signature / h'5427c1ff28d23fbad1f29c4c7c6a555e601d6fa29f > 9179bc3d7438bacaca5acd08c8d4d4f96131680c42 > 9a01f85951ecee743a52b9b63632c57209120e1c9e > 30' > > ] > > ) > > > > > >> On Nov 26, 2019, at 3:51 PM, Thomas Fossati <Thomas.Fossati@arm.com >> <mailto:Thomas.Fossati@arm.com>> wrote: >> >> Hi Hannes, >> >> On 22/11/2019, 00:08, Hannes.Tschofenig@arm.com >> <mailto:Hannes.Tschofenig@arm.com>> wrote: >>> Hi all >>> >>> Can someone send an example around how this would actually look like? >> >> For something such as TF-M, it should look like this: >> >> { >> / tag-id, globally unique identifier for the software component / >> 0: "trustedfirmware.org/TF-M <http://trustedfirmware.org/TF-M>", >> >> / tag-version (here: 0, i.e. initial tag) / >> 12: 0, >> >> / software component name / >> 1: "TF-M", >> >> / version of the software component / >> 13: "1.0.0-rc1+build.123", >> >> / (optional) version scheme (here: semver) / >> 14: 16384, >> >> / entity, i.e. organizations responsible for producing or releasing >> the software component / >> 2: { >> / entity name / >> 31: "Linaro Limited", >> >> / entity role (here: software creator) / >> 33: 2, >> >> / thumbprint of the entity public key (algo -- here; SHA-256 -- and >> value) / >> 34: [ >> 1, >> h'5e73c2e6a96be594e56b218418a3ea03f1397934a2517d781855195fe3c5916b' >> ] >> }, >> >> / payload / >> 6: { >> / filesystem item (name and hash) / >> 17: { >> 24: "tfm.bin", >> 7: [ >> 1, >> h'4a039f284d8ad68ca5b4d1592977c7c964c4abb5d08d87e4a0346b80cce5c74d' >> ] >> } >> } >> } >> >> At least this would be my interpretation of the CoSWID draft. I'm a bit >> unsure whether a "filesystem" item is the most appropriate payload for a >> firmware thingy. Surely Henk can suggest something better. >> >> Cheers! >> >> >> IMPORTANT NOTICE: The contents of this email and any attachments are >> confidential and may also be privileged. If you are not the intended >> recipient, please notify the sender immediately and do not disclose >> the contents to any other person, use it for any purpose, or store or >> copy the information in any medium. Thank you. >> _______________________________________________ >> RATS mailing list >> RATS@ietf.org <mailto:RATS@ietf.org> >> https://www.ietf.org/mailman/listinfo/rats >> > > > _______________________________________________ > sacm mailing list > sacm@ietf.org > https://www.ietf.org/mailman/listinfo/sacm >
- [sacm] CoSWID and EAT and CWT Laurence Lundblade
- Re: [sacm] [Rats] CoSWID and EAT and CWT Ira McDonald
- Re: [sacm] [Rats] CoSWID and EAT and CWT Kathleen Moriarty
- Re: [sacm] [Rats] CoSWID and EAT and CWT Waltermire, David A. (Fed)
- Re: [sacm] [Rats] CoSWID and EAT and CWT Kathleen Moriarty
- Re: [sacm] [Rats] CoSWID and EAT and CWT Waltermire, David A. (Fed)
- Re: [sacm] [Rats] CoSWID and EAT and CWT Smith, Ned
- Re: [sacm] [Rats] CoSWID and EAT and CWT Hannes Tschofenig
- Re: [sacm] [Rats] CoSWID and EAT and CWT Laurence Lundblade
- Re: [sacm] [Rats] CoSWID and EAT and CWT Henk Birkholz
- Re: [sacm] [Rats] CoSWID and EAT and CWT Kathleen Moriarty
- Re: [sacm] [Rats] CoSWID and EAT and CWT Smith, Ned
- Re: [sacm] [Rats] CoSWID and EAT and CWT Henk Birkholz
- Re: [sacm] [Rats] CoSWID and EAT and CWT Henk Birkholz
- Re: [sacm] [Rats] CoSWID and EAT and CWT Thomas Fossati
- Re: [sacm] [Rats] CoSWID and EAT and CWT Laurence Lundblade
- Re: [sacm] [Rats] CoSWID and EAT and CWT Thomas Fossati
- Re: [sacm] [Rats] CoSWID and EAT and CWT Henk Birkholz
- Re: [sacm] [Rats] CoSWID and EAT and CWT Henk Birkholz
- Re: [sacm] [Rats] CoSWID and EAT and CWT Kathleen Moriarty
- Re: [sacm] [Rats] CoSWID and EAT and CWT Thomas Fossati
- Re: [sacm] [Rats] CoSWID and EAT and CWT Adrian Shaw
- Re: [sacm] [Rats] CoSWID and EAT and CWT Henk Birkholz
- Re: [sacm] [Rats] CoSWID and EAT and CWT Henk Birkholz
- Re: [sacm] [Rats] CoSWID and EAT and CWT Kathleen Moriarty
- Re: [sacm] [Rats] CoSWID and EAT and CWT Thomas Fossati
- Re: [sacm] [Rats] CoSWID and EAT and CWT Laurence Lundblade
- Re: [sacm] [Rats] CoSWID and EAT and CWT Henk Birkholz
- Re: [sacm] [Suit] [Rats] CoSWID and EAT and CWT Brendan Moran
- Re: [sacm] [Suit] [Rats] CoSWID and EAT and CWT Michael Richardson
- Re: [sacm] [Rats] [Suit] CoSWID and EAT and CWT Kathleen Moriarty
- Re: [sacm] [Suit] [Rats] CoSWID and EAT and CWT Smith, Ned
- Re: [sacm] [Rats] [Suit] CoSWID and EAT and CWT Laurence Lundblade
- Re: [sacm] [Suit] [Rats] CoSWID and EAT and CWT Michael Richardson
- Re: [sacm] [Suit] [Rats] CoSWID and EAT and CWT Henk Birkholz
- Re: [sacm] [Suit] [Rats] CoSWID and EAT and CWT Smith, Ned
- Re: [sacm] [Suit] [Rats] CoSWID and EAT and CWT Michael Richardson
- Re: [sacm] [Suit] [Rats] CoSWID and EAT and CWT Smith, Ned