Align with rev. 10 of the spec#268
Open
setrofim wants to merge 18 commits into
Open
Conversation
- Enable encoding of nil containers as empty arrays rather than null (we usually omitempty so this mostly doesn't matter, but there some exceptions (e.g. conditional endorsement series condition) where we want to encode the empty value correctly. - Enable deterministic sorting of map keys for CoTS. Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>
Rev. 10 of the spec[1] defines the condition art of
conditional-endorsement-series-triple-record as
condition: [
environment: environment-map
claims-list: [ * measurement-map ]
? authorized-by: [ + $crypto-key-type-choice ]
]
Previous implementation used a type-aliased ValueTriple. This had two
issues:
- It did not allow specifying authorized-by
- It did not allow an empty claims-list (reference and endorsement
triples require at least one measurement and this is enforced by
ValueTriple).
Implement CondEndorseSeriesCondition with correct CBOR marshalling and
use it instead of the ValueTriple.
[1]: https://www.ietf.org/archive/id/draft-ietf-rats-corim-10.html#name-conditional-endorsement-ser
Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>
Implement conditional endorsement triples as described in section 5.1.7 of rev. 10 of the spec[1]. [1]: https://www.ietf.org/archive/id/draft-ietf-rats-corim-10.html#name-conditional-endorsement-tri Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>
Update Locator to allow multiple href's and thumbprints. In both cases, if only one element is present in the field, it serializes as a single item, otherwise the field is serialized as an array. Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>
Implement domain membership triples as described in section 5.1.1.11.1 of rev. 10 of the spec[1]. [1]: https://www.ietf.org/archive/id/draft-ietf-rats-corim-10.html#name-domain-membership-triple Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>
Integer has been removed as a valid class ID variant since rev. 5. BREAKING CHANGE: integer is no longer a valid type for class ID. Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>
Add support for ASN1 DER x509 certificate as a CryptoKey variant. This was introduced in rev. 6 of the spec. Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>
Re-implement raw value to add the masked variant plus support type extension. BREAKING CHANGE: the raw value API has been re-written to be more usable and aligned with the rest of the code base. Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>
- Add MustNewRawInteger, a panicking version of NewRawInteger. - Allow int as input into NewRawIntInteger (only int64 was accepted before). - Add int-range (code point 15) to Mval. Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>
Serialize the bytes variant as base64 strings. This is consistent with how bytes are serialized elsewhere. This fixes CryptoKey serialization more generally, making it consistent with how serialization is handled for other type-extended types; i.e. by relying on factory functions constructing the zero value for the type when given nil as input. Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>
Add conditions field to KeyTriple, which may be combined with the Environment field to identify the Target Environment the triple relates to. This field was first introduced in rev. 7 of the spec. Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>
Add CoswidTriples to the Triples struct. A CoSWID triple relates reference measurements contained in one or more CoSWIDs to a Target Environment. Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>
Rev. 8 of the spec added the existing CrypoKey types (sans chain types) to possible variants of the instance-id-type-choice. This updates Instance to support key types. Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>
Add tags to TaggedRawIntRange struct to ensure that it is marshaled as array in CBOR and uses lower-case fields in JSON. Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>
Move TaggedURI out of entity.go into its own file. Implement ITypeChoiceValue interface, allowing TaggedURI to be used as a type choice variant. Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>
Align definition of Profile with the CoRIM spec, which defines it as a uri or tagged-oid-type (or some extension variant). Up to this point, the implementation re-used EAT Profile. That is defined similarly, but both of its variants are untagged (it also does not allow extension). Define a new Profile type implementing the existing type choice pattern with TaggedOID and TaggedURI variants, and allowing registering of additional variants. BREAKING CHANGE: UnsignedCorim.Profile type changed form *eat.Profile to *Profile; both CBOR and JSON encodings now encode profile as a tagged value rather than string. Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>
Replace swid.HashEntry with a new Digest type. This need to accommodate text algorithm IDs supported by the CoRIM spec rev. 10[1], but not allowed by CoSWID. Note: CoRIM borrows the definition of Digest from EAT measured components spec[2]. The latter, unlike the CoRIM spec, defines a JSON representation, so the JSON serialization of digests has been changed to match that. [2]: https://datatracker.ietf.org/doc/html/draft-ietf-rats-corim-10 [2]: https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-measured-component-12 BREAKING CHANGE: swid.HashEntry is replaced with comid.Digest; their fields differ. Also JSON serialization for digests changed to be consistent with the one defined for eatmc.digest. Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>
Add tests to unmarshal compiled diag examples from the spec GitHub repository[1]. Specifically, all corim-*.diag and comid-*.diag are added as test case sources in the corim and comid sub-packages respectively, and a test added to each that runs through all compiled examples and ensures that they unmarshal without error. [1]: https://github.com/ietf-rats-wg/draft-ietf-rats-corim/tree/draft-ietf-rats-corim-10/cddl/examples Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This adds missing triple types and brings the implementation in alignment with rev. 10 of the spec. This is verified by adding all
corim-*.cddlandcomid-*.cddlexamples from the spec repo and ensuring that they unmarshal without error.