Add EnvelopeSignedCSRdata requirements with RATS EAT/CWT format (#40)

* Add EnvelopeSignedCSRdata requirements with RATS EAT/CWT format

Signed-off-by: Fabrizio Damato <[email protected]>

Author: fdamato

specifications/device-identity-provisioning/bibliography.yaml

@@ -24,10 +24,24 @@ references:
       year: 2024
       month: 9
     url: "https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_1.3.2.pdf"
-  - id: ietf-cmw
-    title: "RATS Conceptual Messages Wrapper (CMW)"
+  - id: ietf-cwt
+    title: "CBOR Web Token (CWT)"
+    publisher: "IETF"
+    issued:
+      year: 2018
+      month: 5
+    url: "https://datatracker.ietf.org/doc/html/rfc8392"
+  - id: ietf-eat
+    title: "RATS Entity Attestation Token"
     publisher: "IETF"
     issued:
       year: 2025
-      month: 7
-    url: "https://www.ietf.org/archive/id/draft-ietf-rats-msg-wrap-16.html"
+      month: 4
+    url: "https://datatracker.ietf.org/doc/rfc9711/"
+  - id: pkcs-10
+    title: "PKCS #10: Certification Request Syntax Specification Version 1.7"
+    publisher: "IETF"
+    issued:
+      year: 2000
+      month: 11
+    url: "https://datatracker.ietf.org/doc/html/rfc2986"

specifications/device-identity-provisioning/cddl/ocp-enveloped-csr-eat.cddl renamed to specifications/device-identity-provisioning/cddl/envelope-signed-csr-eat.cddl

@@ -1,5 +1,5 @@
-cwt-enveloped-csr-eat = {  
-  ; The EAT Profile for Endorsed CSR OCP will register
+cwt-envelope-signed-csr-eat = {  
+  ; The EAT Profile for Envelope-Signed CSR OCP will register
   &(eat-profile : 265 ) => ~oid ; "2.16.840.1.113741.1.16.1" - note: `~` strips CBOR tag #6.111(oid) from `oid`
 
   ; Issuer claim is StringOrURI (tstr)
@@ -10,14 +10,11 @@ cwt-enveloped-csr-eat = {
 
   ; Private Claims (they have to be < -65536 for rfc8392)
 
-  ; KeyPair Id
-  &(id: -70001) => uint
-
   ; CSR bytestring
-  &(csr: -70002) => bstr
+  &(csr: -70001) => bstr
 
   ; Attribute List of OIDs
-  &(attrib: -70003) => [+ $key-attributes-type]
+  &(attrib: -70002) => [+ $key-attributes-type]
 }
 
 $key-attributes-type = tagged-oid-type
@@ -27,7 +24,7 @@ signed-cwt = #6.18(COSE-Sign1-concise-evidence)
 COSE-Sign1-concise-evidence = [
   protected: bstr .cbor protected-ce-header-map
   unprotected: unprotected-ce-header-map
-  payload: bstr .cbor cwt-enveloped-csr-eat
+  payload: bstr .cbor cwt-envelope-signed-csr-eat 
   signature: bstr
 ]
 

specifications/device-identity-provisioning/diag/enveloped-csr-csr-eat-example.diag renamed to specifications/device-identity-provisioning/diag/envelope-signed-csr-eat-example.diag

@@ -2,16 +2,15 @@ signed-cwt / 18([
   / protected / <<{
     / alg-id / 1 : 7,
     / content-type / 3 : "application/eat+cbor",
-    / kid / 4 : 'Example OCP Enveloped-Signed CSR CWT'
+    / kid / 4 : 'Example OCP Envelope-Signed CSR CWT'
   }>>,
 / unprotected / {/ x5-chain / 33 : h'59025630820252308201d9a003020102021431a4ef62e5244e4d952ea485976098090d5f242f300a06082a8648ce3d040303307b310b30090603550406130255533113301106035504080c0a43616c69666f726e69613116301406035504070c0d53616e204672616e636973636f311d301b060355040a0c144578616d706c65204f7267616e697a6174696f6e3120301e06035504030c174578616d706c652043575420456e646f7273656d656e74301e170d3235303231333139303230345a170d3236303231343139303230345a307b310b30090603550406130255533113301106035504080c0a43616c69666f726e69613116301406035504070c0d53616e204672616e636973636f311d301b060355040a0c144578616d706c65204f7267616e697a6174696f6e3120301e06035504030c174578616d706c652043575420456e646f7273656d656e743076301006072a8648ce3d020106052b8104002203620004fcd3fad48575addceee9638583aa7054f71a402f35993901923cc0ee9763b85b1e729c740331f4e91079559bce17d5c3b706748333faeb192120e32d815f88f7310ae05df55060f96fbdb2d0acb19e710d25ec27cfa8945fe5dda73332813feda31e301c301a0603551d1104133011820f7777772e6578616d706c652e636f6d300a06082a8648ce3d040303036700306402306e1166a8a3132d4a20e0200a26d1eba0937fec54fdb7547eb7c5ccca0370170853294cdd6b3a1eb0fe649f12446d8b17023071219daf2b7c1aa6f7727d053e1027309594fd8cab9f820fa89d8f88fc7e551c0d30781b12aea48b53fde200e6cf082b' },
 / payload / <<{
       / eat-profile / 265 : h'88378952',
       / iss / 1 : "RT Alias Key",
       / nonce / 10: h'AAAABBBBAAAABBBBAAAABBBB', 
-      / id / -70001 : 0,
-      / csr / -70002 :  h'59025630820252308201d9a003020102021431a4e0',
-      / attrib / -70003: [
+      / csr / -70001 :  h'59025630820252308201d9a003020102021431a4e0',
+      / attrib / -70002: [
       / tagged-oid-type / 111(h'6086480186F84D010F046301')
       ]
   }>>,

specifications/device-identity-provisioning/spec.ocp

@@ -184,7 +184,7 @@ To allow a device to attest that a given key is trustworthy, the device should i
 
 ![Envelope-signed CSR](./diagrams/envelope_signed_csr.drawio.svg){#fig:envelope-signed-csr}
 
-The CSR is included as a component of a Conceptual Message Wrapper [@{ietf-cmw}].
+The CSR is included as a claim of a CBOR Web Token [@{ietf-cwt}].
 
 Metadata such as the key's derivation attribute OID can also be embedded in a CoRIM. The mechanism for this is out of scope of this specification.
 
@@ -298,7 +298,30 @@ Table: ENVELOPE_SIGNED_CSR VendorDefinedRespPayload {#tbl:ecsr-resp}
 
 The EnvelopeSignedCSRdata shall adhere to the following requirements:
 
-- TODO: fill in
+- The payload SHALL be an Entity Attestation Token (EAT) [@{ietf-rats-eat}] encoded as a CBOR Web Token (CWT) [@{ietf-cwt}].
+- The EAT SHALL conform to the OCP Envelope-Signed CSR EAT profile (TODO: OCP to assign OID for this profile).
+- The EAT SHALL include standard claims for issuer identification and nonce for freshness verification.
+- The EAT SHALL include private claims[^private-claims] containing:
+  - The Certification Signing Request (CSR) as a byte string
+  - An array of OIDs representing the key's derivation attributes (see @sec:key-derivation-attribute-oids for defined OIDs)
+- The CSR included in the EAT SHALL be DER-encoded and may be either self-signed or non-self-signed depending on device capabilities. For non-self-signed CSRs, the signature field SHALL contain all zeroes and be the same size as would be required for a valid signature using the subject key's algorithm.
+- The nonce claim SHALL match the nonce value provided in the GET_ENVELOPE_SIGNED_CSR request to ensure freshness.
+- If SignerSlotIDParam indicates a signed envelope, the CWT SHALL be signed by an Attestation Key endorsed by the certificate chain corresponding to the specified SlotID. In addition, the unprotected header of the CWT SHALL contain the Attestation Key's certificate chain, including at least all certificates from the Attestation Key up to the identity certificate issued by the slot's PKI owner.
+  - E.g., Slot 0's certificate chain would extend at least to the vendor-endorsed certificate over IDevID. A separate slot's certificate chain would extend at least to the certificate issued by the slot's configured PKI owner.
+  - A device may report intermediate certificates for the slot's PKI owner if it is configured to do so.
+
+[^private-claims]: RFC 8392 defines a private claim as one whose key value has an integer value < -65536.
+
+### Key Derivation Attribute OIDs {#sec:key-derivation-attribute-oids}
+
+The following OIDs are defined for key derivation attributes:
+
+- **Derived from Owner Entropy Fuse** - (TODO: OCP to assign OID)
+- **Derived from First Mutable Code** - (TODO: OCP to assign OID)
+- **Derived from Non-First Mutable Code** - (TODO: OCP to assign OID)
+- **Derived from Owner Provisioned Key** - (TODO: OCP to assign OID)
+
+These OIDs indicate which inputs contribute to the derivation of the identity key for which the CSR is being requested.
 
 ## Issuing and provisioning an identity certificate {#sec:issuing-and-provisioning-identity-cert}