-
Notifications
You must be signed in to change notification settings - Fork 1
/
TargetsModule.asn1
123 lines (115 loc) · 4.68 KB
/
TargetsModule.asn1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
TargetsModule DEFINITIONS AUTOMATIC TAGS ::= BEGIN
EXPORTS TargetsMetadata, Target;
IMPORTS BinaryData,
Filename,
Hashes,
Identifier,
Keyids,
Length,
Natural,
Paths,
Positive,
PublicKeys,
StrictFilename,
Threshold FROM CommonModule;
TargetsMetadata ::= SEQUENCE {
-- Allowed to have no targets at all.
numberOfTargets Natural,
-- Metadata about unencrypted images on a repository.
targets Targets,
-- Delegations are optional.
delegations TargetsDelegations OPTIONAL,
-- https://tools.ietf.org/html/rfc6025#section-2.4.2
...
}
-- Adjust length of SEQUENCE OF to your needs.
Targets ::= SEQUENCE (SIZE(1..128)) OF TargetAndCustom
TargetAndCustom ::= SEQUENCE {
-- The filename, length, and hashes of unencrypted images on a repository.
target Target,
-- This attribute is used to specify additional information, such as which
-- images should be installed by which ECUs, and metadata about encrypted
-- images.
custom Custom OPTIONAL
}
Target ::= SEQUENCE {
filename Filename,
length Length,
numberOfHashes Length,
hashes Hashes
}
Custom ::= SEQUENCE {
-- NOTE: The following attributes are specified by both the image and
-- director repositories.
-- The release counter is used to prevent rollback attacks on images when
-- only the director repository is compromised.
-- Every ECU should check that the release counter of its latest image is
-- greater than or equal to the release counter of its previous image.
releaseCounter Natural OPTIONAL,
-- The hardware identifier is used to prevent the director repository,
-- when it is compromised, from choosing images for an ECU that were not
-- meant for it.
-- Every ECU should check that the hardware ID of its latest image matches
-- its hardware ID.
-- An OEM MAY define other types of information to further restrict the
-- choices that can be made by a compromised director repository.
hardwareIdentifier Identifier OPTIONAL,
-- NOTE: The following attributes are specified only by the director
-- repository.
-- The ECU identifier specifies information, e.g., serial numbers, that the
-- director uses to point ECUs as to which images they should install.
-- Every ECU should check that the ECU ID of its latest image matches its
-- own ECU ID.
ecuIdentifier Identifier OPTIONAL,
-- This attribute MAY be used by the director to encrypt images per ECU.
encryptedTarget Target OPTIONAL,
-- This attribute MAY be used if ECU keys are asymmetric, and a per-image
-- symmetric encryption key is desired for faster decryption of images.
-- In that case, the director would use the asymmetric ECU key to encrypt
-- this symmetric key.
encryptedSymmetricKey EncryptedSymmetricKey OPTIONAL,
...
}
EncryptedSymmetricKey ::= SEQUENCE {
-- This is the symmetric key type.
encryptedSymmetricKeyType EncryptedSymmetricKeyType,
-- This is the symmetric key encrypted using the asymmetric ECU key.
encryptedSymmetricKeyValue BinaryData
}
EncryptedSymmetricKeyType ::= ENUMERATED {aes128, aes192, aes256, ...}
-- https://github.com/theupdateframework/taps/blob/master/tap3.md
TargetsDelegations ::= SEQUENCE {
-- The public keys of all delegatees.
numberOfKeys Length,
keys PublicKeys,
-- The role name, filename, public keys, and threshold of a delegatee.
numberOfDelegations Length,
-- A list of paths to roles, listed in order of priority.
delegations PrioritizedPathsToRoles
}
-- Adjust length of SEQUENCE OF to your needs.
PrioritizedPathsToRoles ::= SEQUENCE (SIZE(1..8)) OF PathsToRoles
PathsToRoles ::= SEQUENCE {
-- A list of image/target paths entrusted to these roles.
numberOfPaths Length,
paths Paths,
-- A list of roles required to sign the same metadata about the matching
-- targets/images.
numberOfRoles Length,
roles MultiRoles,
-- Whether or not this delegation is terminating.
terminating BOOLEAN DEFAULT FALSE
}
-- Adjust length of SEQUENCE OF to your needs.
MultiRoles ::= SEQUENCE (SIZE(1..8)) OF MultiRole
MultiRole ::= SEQUENCE {
-- The rolename (e.g., "supplierA-dev").
-- No known path separator allowed in a rolename.
rolename StrictFilename,
-- The public keys used by this role.
numberOfKeyids Length,
keyids Keyids,
-- The threshold number of these keys.
threshold Threshold
}
END