comid

package
v1.7.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 2, 2024 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Overview

Copyright 2023-2024 Contributors to the Veraison project. SPDX-License-Identifier: Apache-2.0

Copyright 2024 Contributors to the Veraison project. SPDX-License-Identifier: Apache-2.0

Copyright 2024 Contributors to the Veraison project. SPDX-License-Identifier: Apache-2.0

Example (Cca_realm_refval) 
package main

import (
	"fmt"
	"strings"
)

func main() {
	comid := Comid{}

	if err := comid.FromJSON([]byte(CCARealmRefValJSONTemplate)); err != nil {
		panic(err)
	}

	if err := comid.Valid(); err != nil {
		panic(err)
	}

	if err := extractRealmRefVals(&comid); err != nil {
		panic(err)
	}
}

func extractRealmRefVals(c *Comid) error {
	if c.Triples.ReferenceValues == nil {
		return fmt.Errorf("no reference values triples")
	}

	for i, rv := range c.Triples.ReferenceValues.Values {
		if err := extractRealmRefVal(rv); err != nil {
			return fmt.Errorf("bad Realm reference value at index %d: %w", i, err)
		}
	}

	return nil
}

func extractRealmRefVal(rv ValueTriple) error {
	class := rv.Environment.Class
	instance := rv.Environment.Instance

	if err := extractRealmClass(class); err != nil {
		return fmt.Errorf("extracting class: %w", err)
	}

	if err := extractRealmInstanceID(instance); err != nil {
		return fmt.Errorf("extracting realm instanceID: %w", err)
	}

	measurements := rv.Measurements

	if err := extractMeasurements(measurements); err != nil {
		return fmt.Errorf("extracting measurements: %w", err)
	}

	return nil
}

func extractMeasurements(m Measurements) error {
	if len(m.Values) == 0 {
		return fmt.Errorf("no measurements")
	}

	for i, meas := range m.Values {
		if err := extractMeasurement(meas); err != nil {
			return fmt.Errorf("extracting measurement at index %d: %w", i, err)
		}
	}

	return nil
}

func extractMeasurement(m Measurement) error {
	if err := extractRealmPersonalizationValue(m.Val.RawValue); err != nil {
		return fmt.Errorf("extracting realm personalization value: %w", err)
	}
	if err := extractIntegrityRegisters(m.Val.IntegrityRegisters); err != nil {
		return fmt.Errorf("extracting digest: %w", err)
	}

	return nil
}

func extractRealmClass(c *Class) error {
	if c == nil {
		fmt.Println("class not present")
		return nil
	}

	if c.Vendor != nil {
		fmt.Printf("Vendor: %s\n", c.GetVendor())
	}

	classID := c.ClassID
	if classID == nil {
		fmt.Println("class-id not present")
		return nil
	}

	if classID.Type() != "uuid" {
		return fmt.Errorf("class id is not a uuid")
	}
	if err := classID.Valid(); err != nil {
		return fmt.Errorf("invalid uuid: %v", err)
	}
	fmt.Printf("ClassID: %x\n", classID.Bytes())

	return nil
}

func extractRealmInstanceID(i *Instance) error {
	if i == nil {
		return fmt.Errorf("no instance")
	}

	if i.Type() != "bytes" {
		return fmt.Errorf("instance id is not bytes")
	}

	fmt.Printf("InstanceID: %x\n", i.Bytes())

	return nil
}

func extractRealmPersonalizationValue(r *RawValue) error {
	if r == nil {
		return nil
	}
	b, err := r.GetBytes()
	if err != nil {
		return err
	}
	if len(b) != 64 {
		return fmt.Errorf("invalid length %d, for realm personalization value", len(b))
	}
	fmt.Printf("RawValue: %x\n", b)
	return nil
}

func extractIntegrityRegisters(r *IntegrityRegisters) error {
	if r == nil {
		return fmt.Errorf("no integrity registers")
	}

	keys, err := extractRegisterIndexes(r)
	if err != nil {
		return fmt.Errorf("unable to extract register index: %v", err)
	}

	for _, k := range keys {
		d, ok := r.IndexMap[k]
		if !ok {
			return fmt.Errorf("unable to locate register index for: %s", k)
		}
		fmt.Printf("Index: %s\n", k)
		if err := extractRealmDigests(d); err != nil {
			return fmt.Errorf("invalid Digests for key: %s, %v", k, err)
		}
	}

	return nil
}

func extractRealmDigests(digests Digests) error {

	if err := digests.Valid(); err != nil {
		return fmt.Errorf("invalid digest: %v", err)
	}
	for _, d := range digests {
		fmt.Printf("Alg: %s\n", d.AlgIDToString())
		fmt.Printf("Digest: %x\n", d.HashValue)
	}

	return nil
}

func extractRegisterIndexes(r *IntegrityRegisters) ([]string, error) {
	var keys [5]string
	for k := range r.IndexMap {
		switch t := k.(type) {
		case string:
			key := strings.ToLower(t)
			switch key {
			case "rim":
				keys[0] = key
			case "rem0":
				keys[1] = key
			case "rem1":
				keys[2] = key
			case "rem2":
				keys[3] = key
			case "rem3":
				keys[4] = key
			default:
				return nil, fmt.Errorf("unexpected register index: %s", key)
			}
		default:
			return nil, fmt.Errorf("unexpected type for index: %T", t)
		}
	}
	return keys[:], nil
}

Output:

Vendor: Workload Client Ltd
ClassID: cd1f0e5526f9460db9d8f7fde171787c
InstanceID: 4284b5694ca6c0d2cf4789a0b95ac8025c818de52304364be7cd2981b2d2edc685b322277ec25819962413d8c9b2c1f5
RawValue: e45b72f5c0c0b572db4d8d3ab7e97f368ff74e62347a824decb67a84e5224d75e45b72f5c0c0b572db4d8d3ab7e97f368ff74e62347a824decb67a84e5224d75
Index: rim
Alg: sha-384
Digest: 4284b5694ca6c0d2cf4789a0b95ac8025c818de52304364be7cd2981b2d2edc685b322277ec25819962413d8c9b2c1f5
Index: rem0
Alg: sha-384
Digest: 2107bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a78
Index: rem1
Alg: sha-384
Digest: 2507bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a78
Index: rem2
Alg: sha-384
Digest: 3107bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a78
Index: rem3
Alg: sha-384
Digest: 3507bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a78
Example (Cca_refval) 
package main

import "fmt"

func main() {
	comid := Comid{}

	if err := comid.FromJSON([]byte(CCARefValJSONTemplate)); err != nil {
		panic(err)
	}

	if err := comid.Valid(); err != nil {
		panic(err)
	}

	if err := extractCcaRefVals(&comid); err != nil {
		panic(err)
	}

}

func extractCcaRefVals(c *Comid) error {
	if c.Triples.ReferenceValues == nil {
		return fmt.Errorf("no reference values triples")
	}

	for i, rv := range c.Triples.ReferenceValues.Values {
		if err := extractCCARefVal(rv); err != nil {
			return fmt.Errorf("bad PSA reference value at index %d: %w", i, err)
		}
	}

	return nil
}

func extractCCARefVal(rv ValueTriple) error {
	class := rv.Environment.Class

	if err := extractImplementationID(class); err != nil {
		return fmt.Errorf("extracting impl-id: %w", err)
	}

	for i, m := range rv.Measurements.Values {
		if m.Key == nil {
			return fmt.Errorf("missing mKey at index %d", i)
		}
		if !m.Key.IsSet() {
			return fmt.Errorf("mKey not set at index %d", i)
		}

		switch t := m.Key.Value.(type) {
		case *TaggedPSARefValID:
			if err := extractSwMeasurement(m); err != nil {
				return fmt.Errorf("extracting measurement at index %d: %w", i, err)
			}
		case *TaggedCCAPlatformConfigID:
			if err := extractCCARefValID(m.Key); err != nil {
				return fmt.Errorf("extracting cca-refval-id: %w", err)
			}
			if err := extractRawValue(m.Val.RawValue); err != nil {
				return fmt.Errorf("extracting raw vlue: %w", err)
			}
		default:
			return fmt.Errorf("unexpected  Mkey type: %T", t)
		}

	}

	return nil
}

func extractRawValue(r *RawValue) error {
	if r == nil {
		return fmt.Errorf("no raw value")
	}

	b, err := r.GetBytes()
	if err != nil {
		return fmt.Errorf("failed to extract raw value bytes")
	}
	fmt.Printf("Raw value: %x\n", b)

	return nil
}

func extractCCARefValID(k *Mkey) error {
	if k == nil {
		return fmt.Errorf("no measurement key")
	}

	id, ok := k.Value.(*TaggedCCAPlatformConfigID)
	if !ok {
		return fmt.Errorf("expected CCA platform config id, found: %T", k.Value)
	}
	fmt.Printf("Label: %s\n", id)
	return nil
}

Output:

ImplementationID: 61636d652d696d706c656d656e746174696f6e2d69642d303030303030303031
SignerID: acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd9e7871f7e5d8bae86b
Label: BL
Version: 2.1.0
Digest: 87428fc522803d31065e7bce3cf03fe475096631e5e07bbd7a0fde60c4cf25c7
SignerID: acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd9e7871f7e5d8bae86b
Label: PRoT
Version: 1.3.5
Digest: 0263829989b6fd954f72baaf2fc64bc2e2f01d692d4de72986ea808f6e99813f
SignerID: acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd9e7871f7e5d8bae86b
Label: ARoT
Version: 0.1.4
Digest: a3a5e715f0cc574a73c3f9bebb6bc24f32ffd5b67b387244c2c909da779a1478
Label: a non-empty (unique) label
Raw value: 72617776616c75650a72617776616c75650a
Example (Decode_CBOR_1) 
// https://github.com/ietf-rats/ietf-corim-cddl/blob/main/examples/comid-1.diag
in := []byte{
	0xa3, 0x01, 0xa1, 0x00, 0x50, 0x3f, 0x06, 0xaf, 0x63, 0xa9, 0x3c, 0x11,
	0xe4, 0x97, 0x97, 0x00, 0x50, 0x56, 0x90, 0x77, 0x3f, 0x02, 0x81, 0xa3,
	0x00, 0x69, 0x41, 0x43, 0x4d, 0x45, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x01,
	0xd8, 0x20, 0x74, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x61,
	0x63, 0x6d, 0x65, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x02,
	0x81, 0x00, 0x04, 0xa1, 0x00, 0x81, 0x82, 0xa1, 0x00, 0xa4, 0x00, 0xd8,
	0x25, 0x50, 0x67, 0xb2, 0x8b, 0x6c, 0x34, 0xcc, 0x40, 0xa1, 0x91, 0x17,
	0xab, 0x5b, 0x05, 0x91, 0x1e, 0x37, 0x01, 0x69, 0x41, 0x43, 0x4d, 0x45,
	0x20, 0x49, 0x6e, 0x63, 0x2e, 0x02, 0x6f, 0x41, 0x43, 0x4d, 0x45, 0x20,
	0x52, 0x6f, 0x61, 0x64, 0x52, 0x75, 0x6e, 0x6e, 0x65, 0x72, 0x03, 0x01,
	0x81, 0xa1, 0x01, 0xa2, 0x00, 0xa2, 0x00, 0x65, 0x31, 0x2e, 0x30, 0x2e,
	0x30, 0x01, 0x19, 0x40, 0x00, 0x02, 0x81, 0x82, 0x01, 0x58, 0x20, 0x44,
	0xaa, 0x33, 0x6a, 0xf4, 0xcb, 0x14, 0xa8, 0x79, 0x43, 0x2e, 0x53, 0xdd,
	0x65, 0x71, 0xc7, 0xfa, 0x9b, 0xcc, 0xaf, 0xb7, 0x5f, 0x48, 0x82, 0x59,
	0x26, 0x2d, 0x6e, 0xa3, 0xa4, 0xd9, 0x1b,
}

comid := Comid{}
err := comid.FromCBOR(in)
if err != nil {
	fmt.Printf("FAIL: %v", err)
} else {
	fmt.Println("OK")
}

Output:

OK
Example (Decode_CBOR_2) 
// https://github.com/ietf-rats/ietf-corim-cddl/blob/main/examples/comid-2.diag
in := []byte{
	0xa3, 0x01, 0xa1, 0x00, 0x50, 0x3f, 0x06, 0xaf, 0x63, 0xa9, 0x3c, 0x11,
	0xe4, 0x97, 0x97, 0x00, 0x50, 0x56, 0x90, 0x77, 0x3f, 0x02, 0x81, 0xa3,
	0x00, 0x69, 0x41, 0x43, 0x4d, 0x45, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x01,
	0xd8, 0x20, 0x74, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x61,
	0x63, 0x6d, 0x65, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x02,
	0x81, 0x00, 0x04, 0xa2, 0x00, 0x83, 0x82, 0xa1, 0x00, 0xa4, 0x00, 0xd8,
	0x25, 0x50, 0x67, 0xb2, 0x8b, 0x6c, 0x34, 0xcc, 0x40, 0xa1, 0x91, 0x17,
	0xab, 0x5b, 0x05, 0x91, 0x1e, 0x37, 0x01, 0x69, 0x41, 0x43, 0x4d, 0x45,
	0x20, 0x49, 0x6e, 0x63, 0x2e, 0x02, 0x78, 0x18, 0x41, 0x43, 0x4d, 0x45,
	0x20, 0x52, 0x6f, 0x61, 0x64, 0x52, 0x75, 0x6e, 0x6e, 0x65, 0x72, 0x20,
	0x46, 0x69, 0x72, 0x6d, 0x77, 0x61, 0x72, 0x65, 0x03, 0x01, 0x81, 0xa1,
	0x01, 0xa1, 0x02, 0x81, 0x82, 0x01, 0x58, 0x20, 0x44, 0xaa, 0x33, 0x6a,
	0xf4, 0xcb, 0x14, 0xa8, 0x79, 0x43, 0x2e, 0x53, 0xdd, 0x65, 0x71, 0xc7,
	0xfa, 0x9b, 0xcc, 0xaf, 0xb7, 0x5f, 0x48, 0x82, 0x59, 0x26, 0x2d, 0x6e,
	0xa3, 0xa4, 0xd9, 0x1b, 0x82, 0xa1, 0x00, 0xa5, 0x00, 0xd8, 0x25, 0x50,
	0xa7, 0x1b, 0x3e, 0x38, 0x8d, 0x45, 0x4a, 0x05, 0x81, 0xf3, 0x52, 0xe5,
	0x8c, 0x83, 0x2c, 0x5c, 0x01, 0x6a, 0x57, 0x59, 0x4c, 0x49, 0x45, 0x20,
	0x49, 0x6e, 0x63, 0x2e, 0x02, 0x77, 0x57, 0x59, 0x4c, 0x49, 0x45, 0x20,
	0x43, 0x6f, 0x79, 0x6f, 0x74, 0x65, 0x20, 0x54, 0x72, 0x75, 0x73, 0x74,
	0x65, 0x64, 0x20, 0x4f, 0x53, 0x03, 0x02, 0x04, 0x00, 0x81, 0xa1, 0x01,
	0xa1, 0x02, 0x81, 0x82, 0x01, 0x58, 0x20, 0xbb, 0x71, 0x19, 0x8e, 0xd6,
	0x0a, 0x95, 0xdc, 0x3c, 0x61, 0x9e, 0x55, 0x5c, 0x2c, 0x0b, 0x8d, 0x75,
	0x64, 0xa3, 0x80, 0x31, 0xb0, 0x34, 0xa1, 0x95, 0x89, 0x25, 0x91, 0xc6,
	0x53, 0x65, 0xb0, 0x82, 0xa1, 0x00, 0xa5, 0x00, 0xd8, 0x25, 0x50, 0xa7,
	0x1b, 0x3e, 0x38, 0x8d, 0x45, 0x4a, 0x05, 0x81, 0xf3, 0x52, 0xe5, 0x8c,
	0x83, 0x2c, 0x5c, 0x01, 0x6a, 0x57, 0x59, 0x4c, 0x49, 0x45, 0x20, 0x49,
	0x6e, 0x63, 0x2e, 0x02, 0x77, 0x57, 0x59, 0x4c, 0x49, 0x45, 0x20, 0x43,
	0x6f, 0x79, 0x6f, 0x74, 0x65, 0x20, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65,
	0x64, 0x20, 0x4f, 0x53, 0x03, 0x02, 0x04, 0x01, 0x81, 0xa1, 0x01, 0xa1,
	0x02, 0x81, 0x82, 0x01, 0x58, 0x20, 0xbb, 0x71, 0x19, 0x8e, 0xd6, 0x0a,
	0x95, 0xdc, 0x3c, 0x61, 0x9e, 0x55, 0x5c, 0x2c, 0x0b, 0x8d, 0x75, 0x64,
	0xa3, 0x80, 0x31, 0xb0, 0x34, 0xa1, 0x95, 0x89, 0x25, 0x91, 0xc6, 0x53,
	0x65, 0xb0, 0x01, 0x81, 0x82, 0xa1, 0x00, 0xa4, 0x00, 0xd8, 0x25, 0x50,
	0x67, 0xb2, 0x8b, 0x6c, 0x34, 0xcc, 0x40, 0xa1, 0x91, 0x17, 0xab, 0x5b,
	0x05, 0x91, 0x1e, 0x37, 0x01, 0x69, 0x41, 0x43, 0x4d, 0x45, 0x20, 0x49,
	0x6e, 0x63, 0x2e, 0x02, 0x72, 0x41, 0x43, 0x4d, 0x45, 0x20, 0x52, 0x6f,
	0x6f, 0x74, 0x20, 0x6f, 0x66, 0x20, 0x54, 0x72, 0x75, 0x73, 0x74, 0x03,
	0x00, 0x81, 0xa1, 0x01, 0xa1, 0x01, 0xd9, 0x02, 0x28, 0x01,
}

comid := Comid{}
err := comid.FromCBOR(in)
if err != nil {
	fmt.Printf("FAIL: %v", err)
} else {
	fmt.Println("OK")
}

Output:

OK
Example (Decode_CBOR_3) 
// https://github.com/ietf-rats/ietf-corim-cddl/blob/main/examples/comid-design-cd.diag
in := []byte{
	0xa4, 0x01, 0xa1, 0x00, 0x50, 0x1e, 0xac, 0xd5, 0x96, 0xf4, 0xa3, 0x4f,
	0xb6, 0x99, 0xbf, 0xae, 0xb5, 0x8e, 0x0a, 0x4e, 0x47, 0x02, 0x81, 0xa3,
	0x00, 0x71, 0x46, 0x50, 0x47, 0x41, 0x20, 0x44, 0x65, 0x73, 0x69, 0x67,
	0x6e, 0x73, 0x2d, 0x52, 0x2d, 0x55, 0x73, 0x01, 0xd8, 0x20, 0x78, 0x1e,
	0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x66, 0x70, 0x67, 0x61,
	0x64, 0x65, 0x73, 0x69, 0x67, 0x6e, 0x73, 0x72, 0x75, 0x73, 0x2e, 0x65,
	0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x02, 0x81, 0x00, 0x03, 0x81, 0xa2,
	0x00, 0x50, 0x97, 0xf5, 0xa7, 0x07, 0x1c, 0x6f, 0x43, 0x8f, 0x87, 0x7a,
	0x4a, 0x02, 0x07, 0x80, 0xeb, 0xe9, 0x01, 0x00, 0x04, 0xa2, 0x00, 0x84,
	0x82, 0xa1, 0x00, 0xa3, 0x00, 0xd8, 0x6f, 0x4b, 0x60, 0x86, 0x48, 0x01,
	0x86, 0xf8, 0x4d, 0x01, 0x0f, 0x04, 0x01, 0x01, 0x76, 0x66, 0x70, 0x67,
	0x61, 0x64, 0x65, 0x73, 0x69, 0x67, 0x6e, 0x73, 0x72, 0x75, 0x73, 0x2e,
	0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x03, 0x02, 0x81, 0xa1, 0x01,
	0xa2, 0x04, 0xd9, 0x02, 0x30, 0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x05, 0x48, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
	0x82, 0xa1, 0x00, 0xa3, 0x00, 0xd8, 0x6f, 0x4b, 0x60, 0x86, 0x48, 0x01,
	0x86, 0xf8, 0x4d, 0x01, 0x0f, 0x04, 0x02, 0x01, 0x76, 0x66, 0x70, 0x67,
	0x61, 0x64, 0x65, 0x73, 0x69, 0x67, 0x6e, 0x73, 0x72, 0x75, 0x73, 0x2e,
	0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x03, 0x02, 0x81, 0xa1, 0x01,
	0xa1, 0x02, 0x81, 0x82, 0x07, 0x58, 0x30, 0x3f, 0xe1, 0x8e, 0xca, 0x40,
	0x53, 0x87, 0x9e, 0x01, 0x7e, 0xf5, 0xeb, 0x7a, 0x3e, 0x51, 0x57, 0x65,
	0x9c, 0x5f, 0x9b, 0xb1, 0x5b, 0x7d, 0x09, 0x95, 0x9b, 0x8b, 0x86, 0x47,
	0x82, 0x2a, 0x4c, 0xc2, 0x1c, 0x3a, 0xa6, 0x72, 0x1c, 0xef, 0x87, 0xf5,
	0xbf, 0xa5, 0x34, 0x95, 0xdb, 0x08, 0x33, 0x82, 0xa1, 0x00, 0xa3, 0x00,
	0xd8, 0x6f, 0x4b, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x4d, 0x01, 0x0f,
	0x04, 0x03, 0x01, 0x76, 0x66, 0x70, 0x67, 0x61, 0x64, 0x65, 0x73, 0x69,
	0x67, 0x6e, 0x73, 0x72, 0x75, 0x73, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70,
	0x6c, 0x65, 0x03, 0x02, 0x81, 0xa1, 0x01, 0xa1, 0x02, 0x81, 0x82, 0x07,
	0x58, 0x30, 0x20, 0xff, 0x68, 0x1a, 0x08, 0x82, 0xe2, 0x9b, 0x48, 0x19,
	0x53, 0x88, 0x89, 0x36, 0x20, 0x9c, 0xb5, 0x3d, 0xf9, 0xc5, 0xaa, 0xec,
	0x60, 0x6a, 0x2c, 0x24, 0xa0, 0xfb, 0x13, 0x85, 0x95, 0x12, 0x4b, 0x8e,
	0x3f, 0x24, 0xa1, 0x27, 0x71, 0xbc, 0x38, 0x54, 0xcc, 0x68, 0xb4, 0x03,
	0x61, 0xad, 0x82, 0xa1, 0x00, 0xa2, 0x00, 0xd8, 0x6f, 0x4c, 0x60, 0x86,
	0x48, 0x01, 0x86, 0xf8, 0x4d, 0x01, 0x0f, 0x04, 0x63, 0x01, 0x01, 0x76,
	0x66, 0x70, 0x67, 0x61, 0x64, 0x65, 0x73, 0x69, 0x67, 0x6e, 0x73, 0x72,
	0x75, 0x73, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x81, 0xa1,
	0x01, 0xa2, 0x04, 0xd9, 0x02, 0x30, 0x58, 0x30, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x58, 0x30, 0x46,
	0x62, 0x24, 0x34, 0x3d, 0x68, 0x18, 0x02, 0xc1, 0x50, 0x6b, 0xbe, 0xd7,
	0xd7, 0xf0, 0x0b, 0x96, 0x9b, 0xad, 0xdd, 0x63, 0x46, 0xe4, 0xf2, 0xe7,
	0xce, 0x14, 0x66, 0x92, 0x99, 0x6f, 0x22, 0xa4, 0x58, 0x14, 0xde, 0x81,
	0xd2, 0x48, 0xf5, 0x83, 0xb6, 0x5f, 0x81, 0x7b, 0x5f, 0xce, 0xab, 0x01,
	0x81, 0x82, 0xa1, 0x00, 0xa2, 0x00, 0xd8, 0x6f, 0x4c, 0x60, 0x86, 0x48,
	0x01, 0x86, 0xf8, 0x4d, 0x01, 0x0f, 0x04, 0x63, 0x02, 0x01, 0x76, 0x66,
	0x70, 0x67, 0x61, 0x64, 0x65, 0x73, 0x69, 0x67, 0x6e, 0x73, 0x72, 0x75,
	0x73, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x81, 0xa1, 0x01,
	0xa2, 0x04, 0xd9, 0x02, 0x30, 0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x05, 0x48, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
}

comid := Comid{}
err := comid.FromCBOR(in)
if err != nil {
	fmt.Printf("FAIL: %v", err)
} else {
	fmt.Println("OK")
}

Output:

OK
Example (Decode_CBOR_4) 
// https://github.com/ietf-rats/ietf-corim-cddl/blob/main/examples/comid-firmware-cd.diag
in := []byte{
	0xa3, 0x01, 0xa1, 0x00, 0x50, 0xaf, 0x1c, 0xd8, 0x95, 0xbe, 0x78, 0x4a,
	0xdb, 0xb7, 0xe9, 0xad, 0xd4, 0x4a, 0x65, 0xab, 0xf3, 0x02, 0x81, 0xa3,
	0x00, 0x71, 0x46, 0x69, 0x72, 0x6d, 0x77, 0x61, 0x72, 0x65, 0x20, 0x4d,
	0x46, 0x47, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x01, 0xd8, 0x20, 0x78, 0x18,
	0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x66, 0x77, 0x6d, 0x66,
	0x67, 0x69, 0x6e, 0x63, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
	0x02, 0x81, 0x00, 0x04, 0xa2, 0x00, 0x82, 0x82, 0xa1, 0x00, 0xa4, 0x01,
	0x70, 0x66, 0x77, 0x6d, 0x66, 0x67, 0x69, 0x6e, 0x63, 0x2e, 0x65, 0x78,
	0x61, 0x6d, 0x70, 0x6c, 0x65, 0x02, 0x67, 0x66, 0x77, 0x59, 0x5f, 0x6e,
	0x35, 0x78, 0x03, 0x00, 0x04, 0x00, 0x81, 0xa1, 0x01, 0xa2, 0x01, 0xd9,
	0x02, 0x28, 0x01, 0x02, 0x81, 0x82, 0x07, 0x58, 0x30, 0x15, 0xe7, 0x7d,
	0x6f, 0x13, 0x32, 0x52, 0xf1, 0xdb, 0x70, 0x44, 0x90, 0x13, 0x13, 0x88,
	0x4f, 0x29, 0x77, 0xd2, 0x10, 0x9b, 0x33, 0xc7, 0x9f, 0x33, 0xe0, 0x79,
	0xbf, 0xc7, 0x88, 0x65, 0x25, 0x5c, 0x0f, 0xb7, 0x33, 0xc2, 0x40, 0xfd,
	0xda, 0x54, 0x4b, 0x82, 0x15, 0xd7, 0xb8, 0xf8, 0x15, 0x82, 0xa1, 0x00,
	0xa4, 0x01, 0x70, 0x66, 0x77, 0x6d, 0x66, 0x67, 0x69, 0x6e, 0x63, 0x2e,
	0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x02, 0x67, 0x66, 0x77, 0x58,
	0x5f, 0x6e, 0x35, 0x78, 0x03, 0x01, 0x04, 0x00, 0x81, 0xa1, 0x01, 0xa2,
	0x01, 0xd9, 0x02, 0x28, 0x01, 0x02, 0x81, 0x82, 0x07, 0x58, 0x30, 0x3d,
	0x90, 0xb6, 0xbf, 0x00, 0x3d, 0xa2, 0xd9, 0x4e, 0xa5, 0x46, 0x3f, 0x97,
	0xfb, 0x3c, 0x53, 0xdd, 0xc5, 0x1c, 0xfb, 0xa1, 0xe3, 0xe3, 0x8e, 0xef,
	0x7a, 0xf0, 0x71, 0xa6, 0x79, 0x86, 0x59, 0x5d, 0x22, 0x72, 0x91, 0x31,
	0xdf, 0x9f, 0xe8, 0x0f, 0x54, 0x51, 0xee, 0xf1, 0x54, 0xf8, 0x5e, 0x01,
	0x81, 0x82, 0xa1, 0x00, 0xa2, 0x00, 0xd8, 0x6f, 0x4c, 0x60, 0x86, 0x48,
	0x01, 0x86, 0xf8, 0x4d, 0x01, 0x0f, 0x04, 0x63, 0x01, 0x01, 0x70, 0x66,
	0x77, 0x6d, 0x66, 0x67, 0x69, 0x6e, 0x63, 0x2e, 0x65, 0x78, 0x61, 0x6d,
	0x70, 0x6c, 0x65, 0x81, 0xa1, 0x01, 0xa2, 0x04, 0xd9, 0x02, 0x30, 0x48,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x48, 0xff, 0xff,
	0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
}

comid := Comid{}
err := comid.FromCBOR(in)
if err != nil {
	fmt.Printf("FAIL: %v", err)
} else {
	fmt.Println("OK")
}

Output:

OK
Example (Decode_CBOR_5) 
// Taken from https://github.com/ietf-corim-cddl/blob/main/examples/comid-3.diag
in := []byte{
	0xa3, 0x01, 0xa1, 0x00, 0x78, 0x20, 0x6d, 0x79, 0x2d, 0x6e, 0x73, 0x3a,
	0x61, 0x63, 0x6d, 0x65, 0x2d, 0x72, 0x6f, 0x61, 0x64, 0x72, 0x75, 0x6e,
	0x6e, 0x65, 0x72, 0x2d, 0x73, 0x75, 0x70, 0x70, 0x6c, 0x65, 0x6d, 0x65,
	0x6e, 0x74, 0x02, 0x81, 0xa3, 0x00, 0x69, 0x41, 0x43, 0x4d, 0x45, 0x20,
	0x49, 0x6e, 0x63, 0x2e, 0x01, 0xd8, 0x20, 0x74, 0x68, 0x74, 0x74, 0x70,
	0x73, 0x3a, 0x2f, 0x2f, 0x61, 0x63, 0x6d, 0x65, 0x2e, 0x65, 0x78, 0x61,
	0x6d, 0x70, 0x6c, 0x65, 0x02, 0x83, 0x01, 0x00, 0x02, 0x04, 0xa1, 0x00,
	0x81, 0x82, 0xa1, 0x00, 0xa3, 0x00, 0xd8, 0x6f, 0x44, 0x55, 0x02, 0xc0,
	0x00, 0x01, 0x69, 0x41, 0x43, 0x4d, 0x45, 0x20, 0x49, 0x6e, 0x63, 0x2e,
	0x02, 0x78, 0x18, 0x41, 0x43, 0x4d, 0x45, 0x20, 0x52, 0x6f, 0x61, 0x64,
	0x52, 0x75, 0x6e, 0x6e, 0x65, 0x72, 0x20, 0x46, 0x69, 0x72, 0x6d, 0x77,
	0x61, 0x72, 0x65, 0x81, 0xa2, 0x00, 0x19, 0x02, 0xbc, 0x01, 0xa1, 0x02,
	0x81, 0x82, 0x06, 0x44, 0xab, 0xcd, 0xef, 0x00,
}
comid := Comid{}
err := comid.FromCBOR(in)
if err != nil {
	fmt.Printf("FAIL: %v", err)
} else {
	fmt.Println("OK")
}

Output:

OK
Example (Decode_JSON) 
j := `
{
	"lang": "en-GB",
	"tag-identity": {
		"id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16",
		"version": 1
	},
	"entities": [
		{
			"name": "ACME Ltd.",
			"regid": "https://acme.example",
			"roles": [ "tagCreator" ]
		},
		{
			"name": "EMCA Ltd.",
			"regid": "https://emca.example",
			"roles": [ "maintainer", "creator" ]
		}
	],
	"linked-tags": [
		{
			"target": "6F7D8D2F-EAEC-4A15-BB46-1E4DCB85DDFF",
			"rel": "replaces"
		}
	],
	"triples": {
		"reference-values": [
			{
				"environment": {
					"class": {
						"id": {
							"type": "uuid",
							"value": "83294297-97EB-42EF-8A72-AE9FEA002750"
						},
						"vendor": "ACME",
						"model": "RoadRunner Boot ROM",
						"layer": 0,
						"index": 0
					},
					"instance": {
						"type": "ueid",
						"value": "Ad6tvu/erb7v3q2+796tvu8="
					}
				},
				"measurements": [
					{
						"value": {
							"digests": [
								"sha-256:3q2+7w=="
							]
						}
					}
				]
			},
			{
				"environment": {
					"class": {
						"id": {
							"type": "psa.impl-id",
							"value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE="
						},
						"vendor": "PSA-X",
						"model": "Turbo PRoT"
					}
				},
				"measurements": [
					{
						"key": {
							"type": "psa.refval-id",
							"value": {
								"label": "PRoT",
								"version": "1.3.5",
								"signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs="
							}
						},
						"value": {
							"digests": [
								"sha-256:3q2+7w=="
							],
							"svn": {
								"type": "exact-value",
								"value": 1
							},
							"mac-addr": "00:00:5e:00:53:01"
						}
					}
				]
			}
		],
		"endorsed-values": [
			{
				"environment": {
					"class": {
						"id": {
							"type": "oid",
							"value": "2.16.840.1.101.3.4.2.1"
						}
					},
					"instance": {
						"type": "uuid",
						"value": "9090B8D3-3B17-474C-A0B9-6F54731CAB72"
					}
				},
				"measurements": [
					{
						"value": {
							"mac-addr": "00:00:5e:00:53:01",
							"ip-addr": "2001:4860:0:2001::68",
							"serial-number": "C02X70VHJHD5",
							"ueid": "Ad6tvu/erb7v3q2+796tvu8=",
							"uuid": "9090B8D3-3B17-474C-A0B9-6F54731CAB72",
							"raw-value": {
								"type": "bytes",
								"value": "cmF3dmFsdWUKcmF3dmFsdWUK"
							},
							"raw-value-mask": "qg==",
							"op-flags": [ "notSecure" ],
							"digests": [
								"sha-256;5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXU=",
								"sha-384;S1bPoH+usqtX3pIeSpfWVRRLVGRw66qrb3HA21GN31tKX7KPsq0bSTQmRCTrHlqG"
							],
							"version": {
								"scheme": "semaver",
								"value": "1.2.3beta4"
							},
							"svn": {
								"type": "min-value",
								"value": 10
							}
						}
					}
				]
			}
		],
		"attester-verification-keys": [
			{
				"environment": {
					"group": {
						"type": "uuid",
						"value": "83294297-97EB-42EF-8A72-AE9FEA002750"
					}
				},
				"verification-keys": [
					{
						"type": "pkix-base64-key",
						"value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEW1BvqF+/ry8BWa7ZEMU1xYYHEQ8B\nlLT4MFHOaO+ICTtIvrEeEpr/sfTAP66H2hCHdb5HEXKtRKod6QLcOLPA1Q==\n-----END PUBLIC KEY-----"
					}
				]
			}
		],
		"dev-identity-keys": [
			{
				"environment": {
					"instance": {
						"type": "uuid",
						"value": "4ECCE47C-85F2-4FD9-9EC6-00DEB72DA707"
					}
				},
				"verification-keys": [
					{
						"type": "pkix-base64-key",
						"value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEW1BvqF+/ry8BWa7ZEMU1xYYHEQ8B\nlLT4MFHOaO+ICTtIvrEeEpr/sfTAP66H2hCHdb5HEXKtRKod6QLcOLPA1Q==\n-----END PUBLIC KEY-----"
					},
					{
						"type": "pkix-base64-key",
						"value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEW1BvqF+/ry8BWa7ZEMU1xYYHEQ8B\nlLT4MFHOaO+ICTtIvrEeEpr/sfTAP66H2hCHdb5HEXKtRKod6QLcOLPA1Q==\n-----END PUBLIC KEY-----"
					}
				]
			}
		]
	}
}
`
comid := Comid{}
err := comid.FromJSON([]byte(j))

if err != nil {
	fmt.Printf("FAIL: %v", err)
} else {
	fmt.Println("OK")
}

Output:

OK
Example (Encode) 
comid := NewComid().
	SetLanguage("en-GB").
	SetTagIdentity("my-ns:acme-roadrunner-supplement", 0).
	AddEntity("ACME Ltd.", &TestRegID, RoleCreator, RoleTagCreator).
	AddEntity("EMCA Ltd.", nil, RoleMaintainer).
	AddLinkedTag("my-ns:acme-roadrunner-base", RelSupplements).
	AddLinkedTag("my-ns:acme-roadrunner-old", RelReplaces).
	AddReferenceValue(
		ValueTriple{
			Environment: Environment{
				Class: NewClassOID(TestOID).
					SetVendor("ACME Ltd.").
					SetModel("RoadRunner").
					SetLayer(0).
					SetIndex(1),
				Instance: MustNewUEIDInstance(TestUEID),
				Group:    MustNewUUIDGroup(TestUUID),
			},
			Measurements: *NewMeasurements().
				Add(
					MustNewUUIDMeasurement(TestUUID).
						SetRawValueBytes([]byte{0x01, 0x02, 0x03, 0x04}, []byte{0xff, 0xff, 0xff, 0xff}).
						SetSVN(2).
						AddDigest(swid.Sha256_32, []byte{0xab, 0xcd, 0xef, 0x00}).
						AddDigest(swid.Sha256_32, []byte{0xff, 0xff, 0xff, 0xff}).
						SetFlagsTrue(FlagIsDebug).
						SetFlagsFalse(FlagIsSecure).
						SetSerialNumber("C02X70VHJHD5").
						SetUEID(TestUEID).
						SetUUID(TestUUID).
						SetMACaddr(MACaddr(TestMACaddr)).
						SetIPaddr(TestIPaddr),
				),
		},
	).
	AddEndorsedValue(
		ValueTriple{
			Environment: Environment{
				Class: NewClassUUID(TestUUID).
					SetVendor("ACME Ltd.").
					SetModel("RoadRunner").
					SetLayer(0).
					SetIndex(1),
				Instance: MustNewUEIDInstance(TestUEID),
				Group:    MustNewUUIDGroup(TestUUID),
			},
			Measurements: *NewMeasurements().
				Add(
					MustNewUUIDMeasurement(TestUUID).
						SetRawValueBytes([]byte{0x01, 0x02, 0x03, 0x04}, []byte{0xff, 0xff, 0xff, 0xff}).
						SetMinSVN(2).
						AddDigest(swid.Sha256_32, []byte{0xab, 0xcd, 0xef, 0x00}).
						AddDigest(swid.Sha256_32, []byte{0xff, 0xff, 0xff, 0xff}).
						SetFlagsTrue(FlagIsDebug).
						SetFlagsFalse(FlagIsSecure, FlagIsConfigured).
						SetSerialNumber("C02X70VHJHD5").
						SetUEID(TestUEID).
						SetUUID(TestUUID).
						SetMACaddr(MACaddr(TestMACaddr)).
						SetIPaddr(TestIPaddr),
				),
		},
	).
	AddAttestVerifKey(
		KeyTriple{
			Environment: Environment{
				Instance: MustNewUUIDInstance(uuid.UUID(TestUUID)),
			},
			VerifKeys: *NewCryptoKeys().
				Add(
					MustNewPKIXBase64Key(TestECPubKey),
				),
		},
	).AddDevIdentityKey(
	KeyTriple{
		Environment: Environment{
			Instance: MustNewUEIDInstance(TestUEID),
		},
		VerifKeys: *NewCryptoKeys().
			Add(
				MustNewPKIXBase64Key(TestECPubKey),
			),
	},
)

cbor, err := comid.ToCBOR()
if err == nil {
	fmt.Printf("%x\n", cbor)
}

json, err := comid.ToJSON()
if err == nil {
	fmt.Printf("%s\n", string(json))
}

Output:

a50065656e2d474201a10078206d792d6e733a61636d652d726f616472756e6e65722d737570706c656d656e740282a3006941434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d706c6502820100a20069454d4341204c74642e0281020382a200781a6d792d6e733a61636d652d726f616472756e6e65722d626173650100a20078196d792d6e733a61636d652d726f616472756e6e65722d6f6c64010104a4008182a300a500d86f445502c000016941434d45204c74642e026a526f616452756e6e65720300040101d902264702deadbeefdead02d8255031fb5abf023e4992aa4e95f9c1503bfa81a200d8255031fb5abf023e4992aa4e95f9c1503bfa01aa01d90228020282820644abcdef00820644ffffffff03a201f403f504d9023044010203040544ffffffff064802005e1000000001075020010db8000000000000000000000068086c43303258373056484a484435094702deadbeefdead0a5031fb5abf023e4992aa4e95f9c1503bfa018182a300a500d8255031fb5abf023e4992aa4e95f9c1503bfa016941434d45204c74642e026a526f616452756e6e65720300040101d902264702deadbeefdead02d8255031fb5abf023e4992aa4e95f9c1503bfa81a200d8255031fb5abf023e4992aa4e95f9c1503bfa01aa01d90229020282820644abcdef00820644ffffffff03a300f401f403f504d9023044010203040544ffffffff064802005e1000000001075020010db8000000000000000000000068086c43303258373056484a484435094702deadbeefdead0a5031fb5abf023e4992aa4e95f9c1503bfa028182a101d902264702deadbeefdead81d9022a78b12d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d466b77457759484b6f5a497a6a3043415159494b6f5a497a6a304441516344516741455731427671462b2f727938425761375a454d553178595948455138420a6c4c54344d46484f614f2b4943547449767245654570722f7366544150363648326843486462354845584b74524b6f6436514c634f4c504131513d3d0a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d038182a101d8255031fb5abf023e4992aa4e95f9c1503bfa81d9022a78b12d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d466b77457759484b6f5a497a6a3043415159494b6f5a497a6a304441516344516741455731427671462b2f727938425761375a454d553178595948455138420a6c4c54344d46484f614f2b4943547449767245654570722f7366544150363648326843486462354845584b74524b6f6436514c634f4c504131513d3d0a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d
{"lang":"en-GB","tag-identity":{"id":"my-ns:acme-roadrunner-supplement"},"entities":[{"name":"ACME Ltd.","regid":"https://acme.example","roles":["creator","tagCreator"]},{"name":"EMCA Ltd.","roles":["maintainer"]}],"linked-tags":[{"target":"my-ns:acme-roadrunner-base","rel":"supplements"},{"target":"my-ns:acme-roadrunner-old","rel":"replaces"}],"triples":{"reference-values":[{"environment":{"class":{"id":{"type":"oid","value":"2.5.2.8192"},"vendor":"ACME Ltd.","model":"RoadRunner","layer":0,"index":1},"instance":{"type":"ueid","value":"At6tvu/erQ=="},"group":{"type":"uuid","value":"31fb5abf-023e-4992-aa4e-95f9c1503bfa"}},"measurements":[{"key":{"type":"uuid","value":"31fb5abf-023e-4992-aa4e-95f9c1503bfa"},"value":{"svn":{"type":"exact-value","value":2},"digests":["sha-256-32;q83vAA==","sha-256-32;/////w=="],"flags":{"is-secure":false,"is-debug":true},"raw-value":{"type":"bytes","value":"AQIDBA=="},"raw-value-mask":"/////w==","mac-addr":"02:00:5e:10:00:00:00:01","ip-addr":"2001:db8::68","serial-number":"C02X70VHJHD5","ueid":"At6tvu/erQ==","uuid":"31fb5abf-023e-4992-aa4e-95f9c1503bfa"}}]}],"endorsed-values":[{"environment":{"class":{"id":{"type":"uuid","value":"31fb5abf-023e-4992-aa4e-95f9c1503bfa"},"vendor":"ACME Ltd.","model":"RoadRunner","layer":0,"index":1},"instance":{"type":"ueid","value":"At6tvu/erQ=="},"group":{"type":"uuid","value":"31fb5abf-023e-4992-aa4e-95f9c1503bfa"}},"measurements":[{"key":{"type":"uuid","value":"31fb5abf-023e-4992-aa4e-95f9c1503bfa"},"value":{"svn":{"type":"min-value","value":2},"digests":["sha-256-32;q83vAA==","sha-256-32;/////w=="],"flags":{"is-configured":false,"is-secure":false,"is-debug":true},"raw-value":{"type":"bytes","value":"AQIDBA=="},"raw-value-mask":"/////w==","mac-addr":"02:00:5e:10:00:00:00:01","ip-addr":"2001:db8::68","serial-number":"C02X70VHJHD5","ueid":"At6tvu/erQ==","uuid":"31fb5abf-023e-4992-aa4e-95f9c1503bfa"}}]}],"dev-identity-keys":[{"environment":{"instance":{"type":"ueid","value":"At6tvu/erQ=="}},"verification-keys":[{"type":"pkix-base64-key","value":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEW1BvqF+/ry8BWa7ZEMU1xYYHEQ8B\nlLT4MFHOaO+ICTtIvrEeEpr/sfTAP66H2hCHdb5HEXKtRKod6QLcOLPA1Q==\n-----END PUBLIC KEY-----"}]}],"attester-verification-keys":[{"environment":{"instance":{"type":"uuid","value":"31fb5abf-023e-4992-aa4e-95f9c1503bfa"}},"verification-keys":[{"type":"pkix-base64-key","value":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEW1BvqF+/ry8BWa7ZEMU1xYYHEQ8B\nlLT4MFHOaO+ICTtIvrEeEpr/sfTAP66H2hCHdb5HEXKtRKod6QLcOLPA1Q==\n-----END PUBLIC KEY-----"}]}]}}
Example (Encode_PSA) 
comid := NewComid().
	SetTagIdentity("my-ns:acme-roadrunner-supplement", 0).
	AddEntity("ACME Ltd.", &TestRegID, RoleCreator, RoleTagCreator, RoleMaintainer).
	AddReferenceValue(
		ValueTriple{
			Environment: Environment{
				Class: NewClassImplID(TestImplID).
					SetVendor("ACME Ltd.").
					SetModel("RoadRunner 2.0"),
			},
			Measurements: *NewMeasurements().
				Add(
					MustNewPSAMeasurement(
						MustCreatePSARefValID(
							TestSignerID, "BL", "5.0.5",
						)).AddDigest(swid.Sha256_32, []byte{0xab, 0xcd, 0xef, 0x00}),
				).
				Add(
					MustNewPSAMeasurement(
						MustCreatePSARefValID(
							TestSignerID, "PRoT", "1.3.5",
						)).AddDigest(swid.Sha256_32, []byte{0xab, 0xcd, 0xef, 0x00}),
				),
		},
	).
	AddAttestVerifKey(
		KeyTriple{
			Environment: Environment{
				Instance: MustNewUEIDInstance(TestUEID),
			},
			VerifKeys: *NewCryptoKeys().
				Add(
					MustNewPKIXBase64Key(TestECPubKey),
				),
		},
	)

cbor, err := comid.ToCBOR()
if err == nil {
	fmt.Printf("%x\n", cbor)
}

json, err := comid.ToJSON()
if err == nil {
	fmt.Printf("%s\n", string(json))
}

Output:

a301a10078206d792d6e733a61636d652d726f616472756e6e65722d737570706c656d656e740281a3006941434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d706c65028301000204a2008182a100a300d90258582061636d652d696d706c656d656e746174696f6e2d69642d303030303030303031016941434d45204c74642e026e526f616452756e6e657220322e3082a200d90259a30162424c0465352e302e35055820acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd9e7871f7e5d8bae86b01a10281820644abcdef00a200d90259a3016450526f540465312e332e35055820acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd9e7871f7e5d8bae86b01a10281820644abcdef00038182a101d902264702deadbeefdead81d9022a78b12d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d466b77457759484b6f5a497a6a3043415159494b6f5a497a6a304441516344516741455731427671462b2f727938425761375a454d553178595948455138420a6c4c54344d46484f614f2b4943547449767245654570722f7366544150363648326843486462354845584b74524b6f6436514c634f4c504131513d3d0a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d
{"tag-identity":{"id":"my-ns:acme-roadrunner-supplement"},"entities":[{"name":"ACME Ltd.","regid":"https://acme.example","roles":["creator","tagCreator","maintainer"]}],"triples":{"reference-values":[{"environment":{"class":{"id":{"type":"psa.impl-id","value":"YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE="},"vendor":"ACME Ltd.","model":"RoadRunner 2.0"}},"measurements":[{"key":{"type":"psa.refval-id","value":{"label":"BL","version":"5.0.5","signer-id":"rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs="}},"value":{"digests":["sha-256-32;q83vAA=="]}},{"key":{"type":"psa.refval-id","value":{"label":"PRoT","version":"1.3.5","signer-id":"rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs="}},"value":{"digests":["sha-256-32;q83vAA=="]}}]}],"attester-verification-keys":[{"environment":{"instance":{"type":"ueid","value":"At6tvu/erQ=="}},"verification-keys":[{"type":"pkix-base64-key","value":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEW1BvqF+/ry8BWa7ZEMU1xYYHEQ8B\nlLT4MFHOaO+ICTtIvrEeEpr/sfTAP66H2hCHdb5HEXKtRKod6QLcOLPA1Q==\n-----END PUBLIC KEY-----"}]}]}}
Example (Encode_PSA_attestation_verification) 
comid := NewComid().
	SetTagIdentity("my-ns:acme-roadrunner-supplement", 0).
	AddEntity("ACME Ltd.", &TestRegID, RoleCreator, RoleTagCreator, RoleMaintainer).
	AddAttestVerifKey(
		KeyTriple{
			Environment: Environment{
				Instance: MustNewUEIDInstance(TestUEID),
			},
			VerifKeys: *NewCryptoKeys().
				Add(
					MustNewPKIXBase64Key(TestECPubKey),
				),
		},
	)

cbor, err := comid.ToCBOR()
if err == nil {
	fmt.Printf("%x\n", cbor)
}

json, err := comid.ToJSON()
if err == nil {
	fmt.Printf("%s", string(json))
}

Output:

a301a10078206d792d6e733a61636d652d726f616472756e6e65722d737570706c656d656e740281a3006941434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d706c65028301000204a1038182a101d902264702deadbeefdead81d9022a78b12d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d466b77457759484b6f5a497a6a3043415159494b6f5a497a6a304441516344516741455731427671462b2f727938425761375a454d553178595948455138420a6c4c54344d46484f614f2b4943547449767245654570722f7366544150363648326843486462354845584b74524b6f6436514c634f4c504131513d3d0a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d
{"tag-identity":{"id":"my-ns:acme-roadrunner-supplement"},"entities":[{"name":"ACME Ltd.","regid":"https://acme.example","roles":["creator","tagCreator","maintainer"]}],"triples":{"attester-verification-keys":[{"environment":{"instance":{"type":"ueid","value":"At6tvu/erQ=="}},"verification-keys":[{"type":"pkix-base64-key","value":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEW1BvqF+/ry8BWa7ZEMU1xYYHEQ8B\nlLT4MFHOaO+ICTtIvrEeEpr/sfTAP66H2hCHdb5HEXKtRKod6QLcOLPA1Q==\n-----END PUBLIC KEY-----"}]}]}}
Example (Psa_keys) 
package main

import "fmt"

func main() {
	comid := Comid{}

	if err := comid.FromJSON([]byte(PSAKeysJSONTemplate)); err != nil {
		panic(err)
	}

	if err := comid.Valid(); err != nil {
		panic(err)
	}

	if err := extractKeys(&comid); err != nil {
		panic(err)
	}

}

func extractKeys(c *Comid) error {
	if c.Triples.AttestVerifKeys == nil {
		return fmt.Errorf("no reference values triples")
	}

	for i, k := range *c.Triples.AttestVerifKeys {
		if err := extractPSAKey(k); err != nil {
			return fmt.Errorf("bad PSA verification key value at index %d: %w", i, err)
		}
	}

	return nil
}

func extractPSAKey(k KeyTriple) error {
	class := k.Environment.Class

	if err := extractImplementationID(class); err != nil {
		return fmt.Errorf("extracting impl-id: %w", err)
	}

	instance := k.Environment.Instance

	if err := extractInstanceID(instance); err != nil {
		return fmt.Errorf("extracting inst-id: %w", err)
	}

	if len(k.VerifKeys) != 1 {
		return fmt.Errorf("more than one key")
	}

	fmt.Printf("IAK public key: %x\n", k.VerifKeys[0])

	return nil
}

func extractInstanceID(i *Instance) error {
	if i == nil {
		return fmt.Errorf("no instance")
	}

	fmt.Printf("InstanceID: %x\n", i.Bytes())

	return nil
}

Output:

ImplementationID: 61636d652d696d706c656d656e746174696f6e2d69642d303030303030303031
InstanceID: 01ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
IAK public key: 2d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d466b77457759484b6f5a497a6a3043415159494b6f5a497a6a304441516344516741455731427671462b2f727938425761375a454d553178595948455138420a6c4c54344d46484f614f2b4943547449767245654570722f7366544150363648326843486462354845584b74524b6f6436514c634f4c504131513d3d0a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d
ImplementationID: 61636d652d696d706c656d656e746174696f6e2d69642d303030303030303031
InstanceID: 014ca3e4f50bf248c39787020d68ffd05c88767751bf2645ca923f57a98becd296
IAK public key: 2d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d466b77457759484b6f5a497a6a3043415159494b6f5a497a6a304441516344516741455731427671462b2f727938425761375a454d553178595948455138420a6c4c54344d46484f614f2b4943547449767245654570722f7366544150363648326843486462354845584b74524b6f6436514c634f4c504131513d3d0a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d
Example (Psa_refval) 
package main

import "fmt"

func main() {
	comid := Comid{}

	if err := comid.FromJSON([]byte(PSARefValJSONTemplate)); err != nil {
		panic(err)
	}

	if err := comid.Valid(); err != nil {
		panic(err)
	}

	if err := extractRefVals(&comid); err != nil {
		panic(err)
	}

}

func extractRefVals(c *Comid) error {
	if c.Triples.ReferenceValues == nil {
		return fmt.Errorf("no reference values triples")
	}

	for i, rv := range c.Triples.ReferenceValues.Values {
		if err := extractPSARefVal(rv); err != nil {
			return fmt.Errorf("bad PSA reference value at index %d: %w", i, err)
		}
	}

	return nil
}

func extractPSARefVal(rv ValueTriple) error {
	class := rv.Environment.Class

	if err := extractImplementationID(class); err != nil {
		return fmt.Errorf("extracting impl-id: %w", err)
	}

	measurements := rv.Measurements

	if err := extractSwMeasurements(measurements); err != nil {
		return fmt.Errorf("extracting measurements: %w", err)
	}

	return nil
}

func extractSwMeasurements(m Measurements) error {
	if len(m.Values) == 0 {
		return fmt.Errorf("no measurements")
	}

	for i, m := range m.Values {
		if err := extractSwMeasurement(m); err != nil {
			return fmt.Errorf("extracting measurement at index %d: %w", i, err)
		}
	}

	return nil
}

func extractSwMeasurement(m Measurement) error {
	if err := extractPSARefValID(m.Key); err != nil {
		return fmt.Errorf("extracting PSA refval id: %w", err)
	}

	if err := extractDigest(m.Val.Digests); err != nil {
		return fmt.Errorf("extracting digest: %w", err)
	}

	return nil
}

func extractDigest(d *Digests) error {
	if d == nil {
		return fmt.Errorf("no digest")
	}

	if len(*d) != 1 {
		return fmt.Errorf("more than one digest")
	}

	fmt.Printf("Digest: %x\n", (*d)[0].HashValue)

	return nil
}

func extractPSARefValID(k *Mkey) error {
	if k == nil {
		return fmt.Errorf("no measurement key")
	}

	id, ok := k.Value.(*TaggedPSARefValID)

	if !ok {
		return fmt.Errorf("expected PSA refval id, found: %T", k.Value)
	}

	fmt.Printf("SignerID: %x\n", id.SignerID)

	if id.Label != nil {
		fmt.Printf("Label: %s\n", *id.Label)
	}

	if id.Version != nil {
		fmt.Printf("Version: %s\n", *id.Version)
	}

	// ignore alg-id

	return nil
}

func extractImplementationID(c *Class) error {
	if c == nil {
		return fmt.Errorf("no class")
	}

	classID := c.ClassID

	if classID == nil {
		return fmt.Errorf("no class-id")
	}

	if classID.Type() != ImplIDType {
		return fmt.Errorf("class id is not a psa.impl-id")
	}

	fmt.Printf("ImplementationID: %x\n", classID.Bytes())

	return nil
}

Output:

ImplementationID: 61636d652d696d706c656d656e746174696f6e2d69642d303030303030303031
SignerID: acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd9e7871f7e5d8bae86b
Label: BL
Version: 2.1.0
Digest: 87428fc522803d31065e7bce3cf03fe475096631e5e07bbd7a0fde60c4cf25c7
SignerID: acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd9e7871f7e5d8bae86b
Label: PRoT
Version: 1.3.5
Digest: 0263829989b6fd954f72baaf2fc64bc2e2f01d692d4de72986ea808f6e99813f
SignerID: acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd9e7871f7e5d8bae86b
Label: ARoT
Version: 0.1.4
Digest: a3a5e715f0cc574a73c3f9bebb6bc24f32ffd5b67b387244c2c909da779a1478

Index

Examples

Constants

View Source 
const (
	// PKIXBase64KeyType indicates a PEM-encoded SubjectPublicKeyInfo. See
	// https://www.rfc-editor.org/rfc/rfc7468#section-13
	PKIXBase64KeyType = "pkix-base64-key"
	// PKIXBase64CertType indicates a PEM-encoded X.509 public key
	// certificate. See https://www.rfc-editor.org/rfc/rfc7468#section-5
	PKIXBase64CertType = "pkix-base64-cert"
	// PKIXBase64CertPathType indicates a X.509 certificate chain created
	// by the concatenation of as many PEM encoded X.509 certificates as
	// needed. The certificates MUST be concatenated in order so that each
	// directly certifies the one preceding.
	PKIXBase64CertPathType = "pkix-base64-cert-path"
	// COSEKeyType represents a CBOR encoded COSE_Key or COSE_KeySet. See
	// https://www.rfc-editor.org/rfc/rfc9052#section-7
	COSEKeyType = "cose-key"
	// ThumbprintType represents a digest of a raw public key. The digest
	// value may be used to find the public key if contained in a lookup
	// table.
	ThumbprintType = "thumbprint"
	// CertThumbprintType represents a digest of a certificate. The digest
	// value may be used to find the certificate if contained in a lookup
	// table.
	CertThumbprintType = "cert-thumbprint"
	// CertPathThumbprintType represents a digest of a certification path.
	// The digest value may be used to find the certificate path if
	// contained in a lookup table.
	CertPathThumbprintType = "cert-path-thumbprint"
)
View Source 
const (
	ExtComid               extensions.Point = "Comid"
	ExtEntity              extensions.Point = "ComidEntity"
	ExtTriples             extensions.Point = "Triples"
	ExtReferenceValue      extensions.Point = "ReferenceValue"
	ExtReferenceValueFlags extensions.Point = "ReferenceValueFlags"
	ExtEndorsedValue       extensions.Point = "EndorsedValue"
	ExtEndorsedValueFlags  extensions.Point = "EndorsedValueFlags"
	ExtMval                extensions.Point = "Mval"
	ExtFlags               extensions.Point = "Flags"
)
View Source 
const (
	// MaxASN1OIDLen is the maximum OID length accepted by the implementation
	MaxASN1OIDLen = 255
	// MinNumOIDArcs represents the minimum required arcs for a valid OID
	MinNumOIDArcs = 3
)
View Source 
const (
	ExactValueType = "exact-value"
	MinValueType   = "min-value"
)
View Source 
const BytesType = "bytes"
View Source 
const ImplIDType = "psa.impl-id"
View Source 
const IntType = "int"
View Source 
const MaxUint64 = ^uint64(0)
View Source 
const OIDType = "oid"
View Source 
const TextType = "text"
View Source 
const UEIDType = "ueid"
View Source 
const UUIDType = "uuid"
View Source 
const UintType = "uint"

Variables

View Source 
var (
	TestUUIDString = "31fb5abf-023e-4992-aa4e-95f9c1503bfa"
	TestUUID       = UUID(uuid.Must(uuid.Parse(TestUUIDString)))
	TestImplID     = ImplID([32]byte{
		0x61, 0x63, 0x6d, 0x65, 0x2d, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x6d, 0x65,
		0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2d, 0x69, 0x64, 0x2d, 0x30,
		0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x31,
	})
	TestOID               = "2.5.2.8192"
	TestRegID             = "https://acme.example"
	TestMACaddr, _        = net.ParseMAC("02:00:5e:10:00:00:00:01")
	TestIPaddr            = net.ParseIP("2001:db8::68")
	TestBytes             = []byte{0x89, 0x99, 0x78, 0x65, 0x56}
	TestUEIDString        = "02deadbeefdead"
	TestUEID              = eat.UEID(MustHexDecode(nil, TestUEIDString))
	TestSignerID          = MustHexDecode(nil, "acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd9e7871f7e5d8bae86b")
	TestTagID             = "urn:example:veraison"
	TestMKey       uint64 = 700
	TestCCALabel          = "cca-platform-config"

	TestECPrivKey = `` /* 226-byte string literal not displayed */

	TestECPubKey = `` /* 177-byte string literal not displayed */

	TestCert = `` /* 712-byte string literal not displayed */

	TestCertPath = `` /* 6439-byte string literal not displayed */

	TestCOSEKey = MustHexDecode(nil, `a501020258246d65726961646f632e6272616e64796275636b406275636b6c616e642e6578616d706c65200121582065eda5a12577c2bae829437fe338701a10aaa375e1bb5b5de108de439c08551d2258201e52ed75701163f7f9e40ddf9f341b3dc9ba860af7e0ca7ca7e9eecd0084d19c`)

	TestCOSEKeySetOne = MustHexDecode(nil, `81a501020258246d65726961646f632e6272616e64796275636b406275636b6c616e642e6578616d706c65200121582065eda5a12577c2bae829437fe338701a10aaa375e1bb5b5de108de439c08551d2258201e52ed75701163f7f9e40ddf9f341b3dc9ba860af7e0ca7ca7e9eecd0084d19c`)

	TestCOSEKeySetMulti = MustHexDecode(nil, `82a501020258246d65726961646f632e6272616e64796275636b406275636b6c616e642e6578616d706c65200121582065eda5a12577c2bae829437fe338701a10aaa375e1bb5b5de108de439c08551d2258201e52ed75701163f7f9e40ddf9f341b3dc9ba860af7e0ca7ca7e9eecd0084d19ca601010327048202647369676e0543030201200621582015522ef15729ccf39509ea5c15a26be949e38807a5c26ef9281487ef4ae67b46`)

	TestThumbprint = swid.HashEntry{
		HashAlgID: 1,
		HashValue: MustHexDecode(nil, `68e656b251e67e8358bef8483ab0d51c6619f3e7a1a9f0e75838d41ff368f728`),
	}
)
View Source 
var (
	PSARefValJSONTemplate = `` /* 1556-byte string literal not displayed */

	PSAKeysJSONTemplate = `` /* 1541-byte string literal not displayed */

	CCARefValJSONTemplate = `` /* 1806-byte string literal not displayed */

	CCARealmRefValJSONTemplate = `` /* 1727-byte string literal not displayed */

)
View Source 
var CCAPlatformConfigIDType = "cca.platform-config-id"
View Source 
var False = false
View Source 
var PSARefValIDType = "psa.refval-id"
View Source 
var True = true

Functions

func IsAbsoluteURI 

func IsAbsoluteURI(s string) error

func MustHexDecode 

func MustHexDecode(t *testing.T, s string) []byte

func NewHashEntry 

func NewHashEntry(algID uint64, value []byte) *swid.HashEntry

func RegisterClassIDType 

func RegisterClassIDType(tag uint64, factory IClassIDFactory) error

RegisterClassIDType registers a new IClassIDValue implementation (created by the provided IClassIDFactory) under the specified CBOR tag.

func RegisterCryptoKeyType 

func RegisterCryptoKeyType(tag uint64, factory ICryptoKeyFactory) error

RegisterCryptoKeyType registers a new ICryptoKeyValue implementation (created by the provided ICryptoKeyFactory) under the specified type name and CBOR tag.

func RegisterEntityNameType 

func RegisterEntityNameType(tag uint64, factory IEntityNameFactory) error

RegisterEntityNameType registers a new IEntityNameValue implementation (created by the provided IEntityNameFactory) under the specified type name and CBOR tag.

func RegisterGroupType 

func RegisterGroupType(tag uint64, factory IGroupFactory) error

RegisterGroupType registers a new IGroupValue implementation (created by the provided IGroupFactory) under the specified type name and CBOR tag.

func RegisterInstanceType 

func RegisterInstanceType(tag uint64, factory IInstanceFactory) error

RegisterInstanceType registers a new IInstanceValue implementation (created by the provided IInstanceFactory) under the specified CBOR tag.

func RegisterMkeyType 

func RegisterMkeyType(tag uint64, factory IMkeyFactory) error

RegisterMkeyType registers a new IMKeyValue implementation (created by the provided IMKeyFactory) under the specified CBOR tag.

func RegisterRel 

func RegisterRel(val int64, name string) error

RegisterRel creates a new Rel association between the provided value and name. An error is returned if either clashes with any of the existing roles.

func RegisterRole 

func RegisterRole(val int64, name string) error

RegisterRole creates a new Role association between the provided value and name. An error is returned if either clashes with any of the existing roles.

func RegisterSVNType 

func RegisterSVNType(tag uint64, factory ISVNFactory) error

RegisterSVNType registers a new ISVNValue implementation (created by the provided ISVNFactory) under the specified CBOR tag.

Types

type CCAPlatformConfigID 

type CCAPlatformConfigID string

func (CCAPlatformConfigID) Empty 

func (o CCAPlatformConfigID) Empty() bool

func (CCAPlatformConfigID) Get 

func (o CCAPlatformConfigID) Get() (CCAPlatformConfigID, error)

func (*CCAPlatformConfigID) Set 

func (o *CCAPlatformConfigID) Set(v string) error

type Class 

type Class struct {
	ClassID *ClassID `cbor:"0,keyasint,omitempty" json:"id,omitempty"`
	Vendor  *string  `cbor:"1,keyasint,omitempty" json:"vendor,omitempty"`
	Model   *string  `cbor:"2,keyasint,omitempty" json:"model,omitempty"`
	Layer   *uint64  `cbor:"3,keyasint,omitempty" json:"layer,omitempty"`
	Index   *uint64  `cbor:"4,keyasint,omitempty" json:"index,omitempty"`
}

Class represents the class of the (target / attesting) environment. The only required field is the class unique identifier (see ClassID). Optionally, information about the specific brand & product as well as its topological coordinates within the wider device can be recorded.

func NewClassImplID 

func NewClassImplID(implID ImplID) *Class

NewClassImplID instantiates a new Class object that identifies the specified PSA Implementation ID

func NewClassOID 

func NewClassOID(oid string) *Class

NewClassOID instantiates a new Class object that identifies the OID

func NewClassUUID 

func NewClassUUID(uuid UUID) *Class

NewClassUUID instantiates a new Class object with the specified UUID as identifier

func (*Class) FromCBOR 

func (o *Class) FromCBOR(data []byte) error

FromCBOR deserializes the supplied CBOR data into the target Class

func (*Class) FromJSON 

func (o *Class) FromJSON(data []byte) error

FromJSON deserializes the supplied JSON string into the target Class

func (Class) GetIndex 

func (o Class) GetIndex() uint64

GetIndex returns the index number if it set in the target Class. Otherwise, uint64_max is returned.

func (Class) GetLayer 

func (o Class) GetLayer() uint64

GetLayer returns the layer number if it set in the target Class. Otherwise, uint64_max is returned.

func (Class) GetModel 

func (o Class) GetModel() string

GetModel returns the model string if it set in the target Class. Otherwise, an empty string is returned.

func (Class) GetVendor 

func (o Class) GetVendor() string

GetVendor returns the vendor string if it set in the target Class. Otherwise, an empty string is returned.

func (*Class) SetIndex 

func (o *Class) SetIndex(index uint64) *Class

SetIndex sets the "index" (i.e., the identifier of the environment instance in a specific layer) as indicated

func (*Class) SetLayer 

func (o *Class) SetLayer(layer uint64) *Class

SetLayer sets the "layer" (i.e., the logical/topological location of the environment in the device) as indicated

func (*Class) SetModel 

func (o *Class) SetModel(model string) *Class

SetModel sets the model metadata to the supplied string

func (*Class) SetVendor 

func (o *Class) SetVendor(vendor string) *Class

SetVendor sets the vendor metadata to the supplied string

func (Class) ToCBOR 

func (o Class) ToCBOR() ([]byte, error)

ToCBOR serializes the target Class to CBOR (if the Class is "valid")

func (Class) ToJSON 

func (o Class) ToJSON() ([]byte, error)

ToJSON serializes the target Class to JSON (if the Class is "valid")

func (Class) Valid 

func (o Class) Valid() error

Valid checks the non-empty<> constraint on the map

type ClassID 

type ClassID struct {
	Value IClassIDValue
}

ClassID identifies the environment via a well-known identifier. This can be an OID, a UUID, variable-length opaque bytes or a profile-defined extension type.

func MustNewImplIDClassID 

func MustNewImplIDClassID(val any) *ClassID

func MustNewOIDClassID 

func MustNewOIDClassID(val any) *ClassID

func MustNewUUIDClassID 

func MustNewUUIDClassID(val any) *ClassID

func NewBytesClassID 

func NewBytesClassID(val any) (*ClassID, error)

NewBytesClassID creates a New ClassID of type bytes The supplied interface parameter could be a byte slice, a pointer to a byte slice or a string

func NewClassID 

func NewClassID(val any, typ string) (*ClassID, error)

NewClassID creates a new ClassID of the specified type using the specified value.

func NewImplIDClassID 

func NewImplIDClassID(val any) (*ClassID, error)

func NewIntClassID 

func NewIntClassID(val any) (*ClassID, error)

func NewOIDClassID 

func NewOIDClassID(val any) (*ClassID, error)

func NewUUIDClassID 

func NewUUIDClassID(val any) (*ClassID, error)

func (ClassID) Bytes 

func (o ClassID) Bytes() []byte

Bytes returns a []byte containing the raw bytes of the class id value

func (ClassID) GetImplID added in v1.3.0 

func (o ClassID) GetImplID() (ImplID, error)

GetImplID retrieves the value of the PSA Implementation ID (see Section 3.2.2 of draft-tschofenig-rats-psa-token) from ClassID

func (ClassID) GetOID added in v1.6.2 

func (o ClassID) GetOID() (string, error)

GetOID gets the value of the OID in a string dotted-decimal notation

func (ClassID) GetUUID added in v1.6.2 

func (o ClassID) GetUUID() (UUID, error)

func (ClassID) IsSet 

func (o ClassID) IsSet() bool

IsSet returns true iff the underlying class id value has been set (is not nil)

func (ClassID) MarshalCBOR 

func (o ClassID) MarshalCBOR() ([]byte, error)

MarshalCBOR serializes the target ClassID to CBOR

func (ClassID) MarshalJSON 

func (o ClassID) MarshalJSON() ([]byte, error)

MarshalJSON serializes the target ClassID to JSON

func (*ClassID) SetImplID added in v1.3.0 

func (o *ClassID) SetImplID(implID ImplID) *ClassID

SetImplID sets the value of the target ClassID to the supplied PSA Implementation ID (see Section 3.2.2 of draft-tschofenig-rats-psa-token)

func (*ClassID) SetOID added in v1.3.0 

func (o *ClassID) SetOID(s string) error

SetOID sets the value of the target ClassID to the supplied OID. The OID is a string in dotted-decimal notation

func (*ClassID) SetUUID added in v1.3.0 

func (o *ClassID) SetUUID(uuid UUID) *ClassID

SetUUID sets the value of the target ClassID to the supplied UUID

func (ClassID) String 

func (o ClassID) String() string

String returns a printable string of the ClassID value. UUIDs use the canonical 8-4-4-4-12 format, PSA Implementation IDs are base64 encoded. OIDs are output in dotted-decimal notation.

func (ClassID) Type 

func (o ClassID) Type() string

Type returns the type of the ClassID

func (*ClassID) UnmarshalCBOR 

func (o *ClassID) UnmarshalCBOR(data []byte) error

UnmarshalCBOR deserializes the supplied CBOR buffer into the target ClassID. It is undefined behavior to try and inspect the target ClassID in case this method returns an error.

func (*ClassID) UnmarshalJSON 

func (o *ClassID) UnmarshalJSON(data []byte) error

UnmarshalJSON deserializes the supplied JSON object into the target ClassID The class id object must have the following shape: 

{
  "type": "<CLASS_ID_TYPE>",
  "value": <CLASS_ID_VALUE>
}

where <CLASS_ID_TYPE> must be one of the known IClassIDValue implementation type names (available in this implementation: "uuid", "oid", "psa.impl-id", "int", "bytes"), and <CLASS_ID_VALUE> is the JSON encoding of the underlying class id value. The exact encoding is <CLASS_ID_TYPE> dependent. For the base implementation types it is 

	oid: dot-separated integers, e.g. "1.2.3.4"
	psa.impl-id: base64-encoded bytes, e.g. "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE="
	uuid: standard UUID string representation, e.g. "550e8400-e29b-41d4-a716-446655440000"
	int: an integer value, e.g. 7
 bytes: a variable length opaque bytes, example {0x07, 0x12, 0x34}

func (ClassID) Valid 

func (o ClassID) Valid() error

Valid returns nil if the ClassID is valid, or an error describing the problem, if it is not.

type Comid 

type Comid struct {
	Language    *string     `cbor:"0,keyasint,omitempty" json:"lang,omitempty"`
	TagIdentity TagIdentity `cbor:"1,keyasint" json:"tag-identity"`
	Entities    *Entities   `cbor:"2,keyasint,omitempty" json:"entities,omitempty"`
	LinkedTags  *LinkedTags `cbor:"3,keyasint,omitempty" json:"linked-tags,omitempty"`
	Triples     Triples     `cbor:"4,keyasint" json:"triples"`

	Extensions
}

Comid is the top-level representation of a Concise Module IDentifier with CBOR and JSON serialization.

func NewComid 

func NewComid() *Comid

NewComid instantiates an empty Comid

func (*Comid) AddAttestVerifKey 

func (o *Comid) AddAttestVerifKey(val KeyTriple) *Comid

AddAttestVerifKey adds the supplied verification key to the attest-key-triples list of the target Comid.

func (*Comid) AddDevIdentityKey 

func (o *Comid) AddDevIdentityKey(val KeyTriple) *Comid

AddDevIdentityKey adds the supplied identity key to the identity-triples list of the target Comid.

func (*Comid) AddEndorsedValue 

func (o *Comid) AddEndorsedValue(val ValueTriple) *Comid

AddEndorsedValue adds the supplied endorsed value to the endorsed-triples list of the target Comid.

func (*Comid) AddEntity 

func (o *Comid) AddEntity(name string, regID *string, roles ...Role) *Comid

AddEntity adds an organizational entity, together with the roles this entity claims with regards to the CoMID, to the target Comid. name is the entity name, regID is a URI that uniquely identifies the entity, and roles are one or more claimed roles chosen from the following: RoleTagCreator, RoleCreator and RoleMaintainer.

func (*Comid) AddLinkedTag 

func (o *Comid) AddLinkedTag(tagID interface{}, rel Rel) *Comid

AddLinkedTag adds a link relationship of type rel between the target Comid and another CoMID identified by its tagID. The rel parameter can be one of RelSupplements or RelReplaces.

func (*Comid) AddReferenceValue 

func (o *Comid) AddReferenceValue(val ValueTriple) *Comid

AddReferenceValue adds the supplied reference value to the reference-triples list of the target Comid.

func (*Comid) FromCBOR 

func (o *Comid) FromCBOR(data []byte) error

FromCBOR deserializes a CBOR-encoded CoMID into the target Comid

func (*Comid) FromJSON 

func (o *Comid) FromJSON(data []byte) error

FromJSON deserializes a JSON-encoded CoMID into the target Comid

func (*Comid) GetExtensions 

func (o *Comid) GetExtensions() extensions.IMapValue

GetExtensions returns previously registered extension

func (*Comid) RegisterExtensions 

func (o *Comid) RegisterExtensions(exts extensions.Map) error

RegisterExtensions registers a struct as a collections of extensions

func (*Comid) SetLanguage 

func (o *Comid) SetLanguage(language string) *Comid

SetLanguage sets the language used in the target Comid to the supplied language tag. See also: BCP 47 and the IANA Language subtag registry.

func (*Comid) SetTagIdentity 

func (o *Comid) SetTagIdentity(tagID interface{}, tagIDVersion uint) *Comid

SetTagIdentity sets the identifier of the target Comid to the supplied tagID, which MUST be of type string or [16]byte. A tagIDVersion must also be supplied to disambiguate between different revisions of the same tag identity. If the tagID is newly minted, use 0. If the tagID has already been associated with a CoMID, pick a tagIDVersion greater than any other existing tagIDVersion's associated with that tagID.

func (Comid) ToCBOR 

func (o Comid) ToCBOR() ([]byte, error)

ToCBOR serializes the target Comid to CBOR

func (Comid) ToJSON 

func (o Comid) ToJSON() ([]byte, error)

ToJSON serializes the target Comid to JSON

func (Comid) ToJSONPretty 

func (o Comid) ToJSONPretty(indent string) ([]byte, error)

func (Comid) Valid 

func (o Comid) Valid() error

type CryptoKey 

type CryptoKey struct {
	Value ICryptoKeyValue
}

CryptoKey is the struct implementing CoRIM crypto-key-type-choice. See https://www.ietf.org/archive/id/draft-ietf-rats-corim-02.html#name-crypto-keys

func MustNewCOSEKey 

func MustNewCOSEKey(k any) *CryptoKey

func MustNewCertPathThumbprint 

func MustNewCertPathThumbprint(k any) *CryptoKey

func MustNewCertThumbprint 

func MustNewCertThumbprint(k any) *CryptoKey

func MustNewCryptoKey 

func MustNewCryptoKey(k any, typ string) *CryptoKey

MustNewCryptoKey is the same as NewCryptoKey, but does not return an error, and panics if there is a problem.

func MustNewPKIXBase64Cert 

func MustNewPKIXBase64Cert(k any) *CryptoKey

func MustNewPKIXBase64CertPath 

func MustNewPKIXBase64CertPath(k any) *CryptoKey

func MustNewPKIXBase64Key 

func MustNewPKIXBase64Key(k any) *CryptoKey

func MustNewThumbprint 

func MustNewThumbprint(k any) *CryptoKey

func NewCOSEKey 

func NewCOSEKey(k any) (*CryptoKey, error)

func NewCertPathThumbprint 

func NewCertPathThumbprint(k any) (*CryptoKey, error)

func NewCertThumbprint 

func NewCertThumbprint(k any) (*CryptoKey, error)

func NewCryptoKey 

func NewCryptoKey(k any, typ string) (*CryptoKey, error)

NewCryptoKey returns the pointer to a new CryptoKey of the specified type, constructed using the provided value k. The type of k depends on the specified crypto key type. For PKIX types, k must be a string. For COSE_Key, k must be a []byte. For thumbprint types, k must be a swid.HashEntry.

func NewPKIXBase64Cert 

func NewPKIXBase64Cert(k any) (*CryptoKey, error)

func NewPKIXBase64CertPath 

func NewPKIXBase64CertPath(k any) (*CryptoKey, error)

func NewPKIXBase64Key 

func NewPKIXBase64Key(k any) (*CryptoKey, error)

func NewThumbprint 

func NewThumbprint(k any) (*CryptoKey, error)

func (CryptoKey) MarshalCBOR 

func (o CryptoKey) MarshalCBOR() ([]byte, error)

MarshalCBOR returns a []byte containing the CBOR representation of the CryptoKey.

func (CryptoKey) MarshalJSON 

func (o CryptoKey) MarshalJSON() ([]byte, error)

MarshalJSON returns a []byte containing the JSON representation of the CryptoKey.

func (CryptoKey) PublicKey 

func (o CryptoKey) PublicKey() (crypto.PublicKey, error)

PublicKey returns a crypto.PublicKey constructed from the CryptoKey's underlying value. This returns an error if the CryptoKey is one of the thumbprint types.

func (CryptoKey) String 

func (o CryptoKey) String() string

String returns the string representation of the CryptoKey.

func (CryptoKey) Type 

func (o CryptoKey) Type() string

Type returns the type of the CryptoKey value

func (*CryptoKey) UnmarshalCBOR 

func (o *CryptoKey) UnmarshalCBOR(b []byte) error

UnmarshalCBOR populates the CryptoKey from the CBOR representation inside the provided []byte.

func (*CryptoKey) UnmarshalJSON 

func (o *CryptoKey) UnmarshalJSON(b []byte) error

UnmarshalJSON populates the CryptoKey from the JSON representation inside the provided []byte.

func (CryptoKey) Valid 

func (o CryptoKey) Valid() error

Valid returns an error if validation of the CryptoKey fails, or nil if it succeeds.

type CryptoKeys 

type CryptoKeys []*CryptoKey

CryptoKeys is an array of *CryptoKey

func NewCryptoKeys 

func NewCryptoKeys() *CryptoKeys

NewCryptoKeys instantiates an empty CryptoKeys

func (*CryptoKeys) Add 

func (o *CryptoKeys) Add(v *CryptoKey) *CryptoKeys

Add the supplied *CryptoKey to the CryptoKeys

func (CryptoKeys) Valid 

func (o CryptoKeys) Valid() error

Valid returns an error if any of the contained keys fail to validate, or if CryptoKeys is empty

type Digests 

type Digests []swid.HashEntry

Digests is an alias for an array of SWID HashEntry

func NewDigests 

func NewDigests() *Digests

NewDigests instantiates an empty array of Digests

func (*Digests) AddDigest 

func (o *Digests) AddDigest(algID uint64, value []byte) *Digests

AddDigest create a new digest from the supplied arguments and appends it to the (already instantiated) Digests target. The method is a no-op if it is invoked on a nil target and will refuse to add inconsistent algo/value combinations.

func (Digests) Valid 

func (o Digests) Valid() error

type Entities 

type Entities struct {
	extensions.Collection[Entity, *Entity]
}

Entities is a container for Entity instances and their extensions. It is a thin wrapper around extensions.Collection.

func NewEntities 

func NewEntities() *Entities

type Entity 

type Entity struct {
	Name  *EntityName `cbor:"0,keyasint" json:"name"`
	RegID *TaggedURI  `cbor:"1,keyasint,omitempty" json:"regid,omitempty"`
	Roles Roles       `cbor:"2,keyasint" json:"roles"`

	Extensions
}

Entity stores an entity-map capable of CBOR and JSON serializations.

func (*Entity) GetExtensions 

func (o *Entity) GetExtensions() extensions.IMapValue

GetExtensions returns previously registered extension

func (Entity) MarshalCBOR 

func (o Entity) MarshalCBOR() ([]byte, error)

MarshalCBOR serializes to CBOR

func (Entity) MarshalJSON 

func (o Entity) MarshalJSON() ([]byte, error)

MarshalJSON serializes to JSON

func (*Entity) RegisterExtensions 

func (o *Entity) RegisterExtensions(exts extensions.Map) error

RegisterExtensions registers a struct as a collections of extensions

func (*Entity) SetName added in v1.6.2 

func (o *Entity) SetName(name string) *Entity

SetName is used to set the Name field of Entity using supplied name

func (*Entity) SetRegID 

func (o *Entity) SetRegID(uri string) *Entity

SetRegID is used to set the RegID field of Entity using supplied uri

func (*Entity) SetRoles 

func (o *Entity) SetRoles(roles ...Role) *Entity

SetRoles appends the supplied roles to the target entity.

func (*Entity) UnmarshalCBOR 

func (o *Entity) UnmarshalCBOR(data []byte) error

UnmarshalCBOR deserializes from CBOR

func (*Entity) UnmarshalJSON 

func (o *Entity) UnmarshalJSON(data []byte) error

UnmarshalJSON deserializes from JSON

func (Entity) Valid 

func (o Entity) Valid() error

Valid checks for validity of the fields within each Entity

type EntityName 

type EntityName struct {
	Value IEntityNameValue
}

EntityName encapsulates the name of the associated Entity. The CoRIM specification only allows for text (string) name, but this may be extended by other specifications.

func MustNewEntityName 

func MustNewEntityName(val any, typ string) *EntityName

MustNewEntityName is like NewEntityName, except it doesn't return an error, assuming that the provided value is valid. It panics if that isn't the case.

func MustNewStringEntityName 

func MustNewStringEntityName(val any) *EntityName

func NewEntityName 

func NewEntityName(val any, typ string) (*EntityName, error)

NewEntityName creates a new EntityName of the specified type using the provided value.

func NewStringEntityName 

func NewStringEntityName(val any) (*EntityName, error)

func (EntityName) MarshalCBOR 

func (o EntityName) MarshalCBOR() ([]byte, error)

func (EntityName) MarshalJSON 

func (o EntityName) MarshalJSON() ([]byte, error)

func (EntityName) String 

func (o EntityName) String() string

func (*EntityName) UnmarshalCBOR 

func (o *EntityName) UnmarshalCBOR(data []byte) error

func (*EntityName) UnmarshalJSON 

func (o *EntityName) UnmarshalJSON(data []byte) error

func (EntityName) Valid 

func (o EntityName) Valid() error

type Environment 

type Environment struct {
	Class    *Class    `cbor:"0,keyasint,omitempty" json:"class,omitempty"`
	Instance *Instance `cbor:"1,keyasint,omitempty" json:"instance,omitempty"`
	Group    *Group    `cbor:"2,keyasint,omitempty" json:"group,omitempty"`
}

Environment stores the identifying information about a target or attesting environment at the class, instance and group scope. The Environment type has JSON and CBOR serializations.

func (*Environment) FromCBOR 

func (o *Environment) FromCBOR(data []byte) error

FromCBOR deserializes the supplied CBOR data into the target Environment

func (*Environment) FromJSON 

func (o *Environment) FromJSON(data []byte) error

FromJSON deserializes the supplied JSON string into the target Environment

func (Environment) ToCBOR 

func (o Environment) ToCBOR() ([]byte, error)

ToCBOR serializes the target Environment to CBOR (if the Environment is "valid")

func (Environment) ToJSON 

func (o Environment) ToJSON() ([]byte, error)

ToJSON serializes the target Environment to JSON (if the Environment is "valid")

func (Environment) Valid 

func (o Environment) Valid() error

Valid checks the validity (according to the spec) of the target Environment

type Extensions 

type Extensions struct {
	extensions.Extensions
}

type Flag 

type Flag int

Flag indicates whether a particular operational mode is active within the measured environment. 

const (
	FlagIsConfigured Flag = iota
	FlagIsSecure
	FlagIsRecovery
	FlagIsDebug
	FlagIsReplayProtected
	FlagIsIntegrityProtected
	FlagIsRuntimeMeasured
	FlagIsImmutable
	FlagIsTcb
)

type FlagsMap 

type FlagsMap struct {
	// IsConfigured indicates whether the measured environment is fully
	// configured for normal operation.
	IsConfigured *bool `cbor:"0,keyasint,omitempty" json:"is-configured,omitempty"`
	// IsSecure indicates whether the measured environment's configurable
	// security settings are fully enabled.
	IsSecure *bool `cbor:"1,keyasint,omitempty" json:"is-secure,omitempty"`
	// IsRecovery indicates whether the measured environment is in recovery
	// mode.
	IsRecovery *bool `cbor:"2,keyasint,omitempty" json:"is-recovery,omitempty"`
	// IsDebug indicates whether the measured environment is in a debug
	// enabled mode.
	IsDebug *bool `cbor:"3,keyasint,omitempty" json:"is-debug,omitempty"`
	// IsReplayProtected indicates whether the measured environment is
	// protected from replay by a previous image that differs from the
	// current image.
	IsReplayProtected *bool `cbor:"4,keyasint,omitempty" json:"is-replay-protected,omitempty"`
	// IsIntegrityProtected indicates whether the measured environment is
	// protected from unauthorized update.
	IsIntegrityProtected *bool `cbor:"5,keyasint,omitempty" json:"is-integrity-protected,omitempty"`
	// IsRuntimeMeasured indicates whether the measured environment is
	// measured after being loaded into memory.
	IsRuntimeMeasured *bool `cbor:"6,keyasint,omitempty" json:"is-runtime-meas,omitempty"`
	// IsImmutable indicates whether the measured environment is immutable.
	IsImmutable *bool `cbor:"7,keyasint,omitempty" json:"is-immutable,omitempty"`
	// IsTcb indicates whether the measured environment is a trusted
	// computing base.
	IsTcb *bool `cbor:"8,keyasint,omitempty" json:"is-tcb,omitempty"`

	Extensions
}

FlagsMap describes a number of boolean operational modes. If a value is nil, then the operational mode is unknown.

func NewFlagsMap 

func NewFlagsMap() *FlagsMap

func (*FlagsMap) AnySet 

func (o *FlagsMap) AnySet() bool

func (*FlagsMap) Clear 

func (o *FlagsMap) Clear(flags ...Flag)

func (*FlagsMap) Get 

func (o *FlagsMap) Get(flag Flag) *bool

func (*FlagsMap) GetExtensions 

func (o *FlagsMap) GetExtensions() extensions.IMapValue

GetExtensions returns previously registered extension

func (FlagsMap) IsEmpty added in v1.6.2 

func (o FlagsMap) IsEmpty() bool

func (FlagsMap) MarshalCBOR 

func (o FlagsMap) MarshalCBOR() ([]byte, error)

MarshalCBOR serializes to CBOR

func (FlagsMap) MarshalJSON 

func (o FlagsMap) MarshalJSON() ([]byte, error)

MarshalJSON serializes to JSON

func (*FlagsMap) RegisterExtensions 

func (o *FlagsMap) RegisterExtensions(exts extensions.Map) error

RegisterExtensions registers a struct as a collections of extensions

func (*FlagsMap) SetFalse 

func (o *FlagsMap) SetFalse(flags ...Flag)

func (*FlagsMap) SetTrue 

func (o *FlagsMap) SetTrue(flags ...Flag)

func (*FlagsMap) UnmarshalCBOR 

func (o *FlagsMap) UnmarshalCBOR(data []byte) error

UnmarshalCBOR deserializes from CBOR

func (*FlagsMap) UnmarshalJSON 

func (o *FlagsMap) UnmarshalJSON(data []byte) error

UnmarshalJSON deserializes from JSON

func (FlagsMap) Valid 

func (o FlagsMap) Valid() error

Valid returns an error if the FlagsMap is invalid.

type Group 

type Group struct {
	Value IGroupValue
}

Group stores a group identity. The supported formats are UUID and variable-length opaque bytes.

func MustNewUUIDGroup 

func MustNewUUIDGroup(val any) *Group

func NewBytesGroup 

func NewBytesGroup(val any) (*Group, error)

NewBytesGroup creates a New Group of type bytes The supplied interface parameter could be a byte slice, a pointer to a byte slice or a string

func NewGroup 

func NewGroup(val any, typ string) (*Group, error)

NewGroup instantiates an empty group

func NewUUIDGroup 

func NewUUIDGroup(val any) (*Group, error)

func (Group) Bytes 

func (o Group) Bytes() []byte

Bytes returns a []byte containing the raw bytes of the group value

func (Group) MarshalCBOR 

func (o Group) MarshalCBOR() ([]byte, error)

MarshalCBOR serializes the target group to CBOR

func (Group) MarshalJSON 

func (o Group) MarshalJSON() ([]byte, error)

func (Group) String 

func (o Group) String() string

String returns a printable string of the Group value. UUIDs use the canonical 8-4-4-4-12 format, UEIDs are hex encoded.

func (Group) Type 

func (o Group) Type() string

Type returns the type of the Group

func (*Group) UnmarshalCBOR 

func (o *Group) UnmarshalCBOR(data []byte) error

UnmarshalCBOR deserializes the supplied CBOR into the target group

func (*Group) UnmarshalJSON 

func (o *Group) UnmarshalJSON(data []byte) error

UnmarshalJSON deserializes the supplied JSON type/value object into the Group target. The following formats are supported: 

 (a) UUID, e.g.:
	{
	  "type": "uuid",
	  "value": "69E027B2-7157-4758-BCB4-D9F167FE49EA"
	}

(b) Tagged bytes, e.g. : 

{
  "type": "bytes",
  "value": "MTIzNDU2Nzg5"
}

func (Group) Valid 

func (o Group) Valid() error

Valid checks for the validity of given group

type IClassIDFactory 

type IClassIDFactory func(any) (*ClassID, error)

IClassIDFactory defines the signature for the factory functions that may be registred using RegisterClassIDType to provide a new implementation of the corresponding type choice. The factory function should create a new *ClassID with the underlying value created based on the provided input. The range of valid inputs is up to the specific type choice implementation, however it _must_ accept nil as one of the inputs, and return the Zero value for implemented type. See also https://go.dev/ref/spec#The_zero_value

type IClassIDValue 

type IClassIDValue interface {
	extensions.ITypeChoiceValue

	Bytes() []byte
}

type IComidConstrainer 

type IComidConstrainer interface {
	ConstrainComid(*Comid) error
}

type ICryptoKeyFactory 

type ICryptoKeyFactory func(any) (*CryptoKey, error)

ICryptoKeyFactory defines the signature for the factory functions that may be registred using RegisterCryptoKeyType to provide a new implementation of the corresponding type choice. The factory function should create a new *CryptoKey with the underlying value created based on the provided input. The range of valid inputs is up to the specific type choice implementation, however it _must_ accept nil as one of the inputs, and return the Zero value for implemented type. See also https://go.dev/ref/spec#The_zero_value

type ICryptoKeyValue 

type ICryptoKeyValue interface {
	extensions.ITypeChoiceValue

	// PublicKey returns a crypto.PublicKey constructed from the
	// ICryptoKeyValue's underlying value. This returns an error if the
	// ICryptoKeyValue is one of the thumbprint types.
	PublicKey() (crypto.PublicKey, error)
}

ICryptoKeyValue is the interface implemented by the concrete CryptoKey value types.

type IEntityConstrainer 

type IEntityConstrainer interface {
	ConstrainEntity(*Entity) error
}

type IEntityNameFactory 

type IEntityNameFactory func(any) (*EntityName, error)

IEntityNameFactory defines the signature for the factory functions that may be registred using RegisterEntityNameType to provide a new implementation of the corresponding type choice. The factory function should create a new *EntityName with the underlying value created based on the provided input. The range of valid inputs is up to the specific type choice implementation, however it _must_ accept nil as one of the inputs, and return the Zero value for implemented type. See also https://go.dev/ref/spec#The_zero_value

type IEntityNameValue 

type IEntityNameValue interface {
	extensions.ITypeChoiceValue
}

type IFlagSetter 

type IFlagSetter interface {
	AnySet() bool
	SetTrue(Flag)
	SetFalse(Flag)
	Clear(Flag)
	Get(Flag) *bool
}

type IFlagsMapConstrainer 

type IFlagsMapConstrainer interface {
	ConstrainFlagsMap(*FlagsMap) error
}

type IGroupFactory 

type IGroupFactory func(any) (*Group, error)

IGroupFactory defines the signature for the factory functions that may be registered using RegisterGroupType to provide a new implementation of the corresponding type choice. The factory function should create a new *Group with the underlying value created based on the provided input. The range of valid inputs is up to the specific type choice implementation, however it _must_ accept nil as one of the inputs, and return the Zero value for implemented type. See also https://go.dev/ref/spec#The_zero_value

type IGroupValue 

type IGroupValue interface {
	extensions.ITypeChoiceValue

	Bytes() []byte
}

type IInstanceFactory 

type IInstanceFactory func(any) (*Instance, error)

IInstanceFactory defines the signature for the factory functions that may be registered using RegisterInstanceType to provide a new implementation of the corresponding type choice. The factory function should create a new *Instance with the underlying value created based on the provided input. The range of valid inputs is up to the specific type choice implementation, however it _must_ accept nil as one of the inputs, and return the Zero value for implemented type. See also https://go.dev/ref/spec#The_zero_value

type IInstanceValue 

type IInstanceValue interface {
	extensions.ITypeChoiceValue

	Bytes() []byte
}

IInstanceValue is the interface implemented by all Instance value implementations.

type IMKeyValue 

type IMKeyValue interface {
	extensions.ITypeChoiceValue
}

IMKeyValue is the interface implemented by all Mkey value implementations.

type IMkeyFactory 

type IMkeyFactory = func(val any) (*Mkey, error)

IMkeyFactory defines the signature for the factory functions that may be registred using RegisterMkeyType to provide a new implementation of the corresponding type choice. The factory function should create a new *Mkey with the underlying value created based on the provided input. The range of valid inputs is up to the specific type choice implementation, however it _must_ accept nil as one of the inputs, and return the Zero value for implemented type. See also https://go.dev/ref/spec#The_zero_value

type IMvalConstrainer 

type IMvalConstrainer interface {
	ConstrainMval(*Mval) error
}

type IRegisterIndex 

type IRegisterIndex interface{}

IRegisterIndex is the interface to hold register index Supported index types are uint and text

type ISVNFactory 

type ISVNFactory func(any) (*SVN, error)

ISVNFactory defines the signature for the factory functions that may be registred using RegisterSVNType to provide a new implementation of the corresponding type choice. The factory function should create a new *SVN with the underlying value created based on the provided input. The range of valid inputs is up to the specific type choice implementation, however it _must_ accept nil as one of the inputs, and return the Zero value for implemented type. See also https://go.dev/ref/spec#The_zero_value

type ISVNValue 

type ISVNValue interface {
	extensions.ITypeChoiceValue
}

ISVNValue is the interface that must be implemented by all SVN values.

type ITriplesConstrainer 

type ITriplesConstrainer interface {
	ValidTriples(*Triples) error
}

type ImplID 

type ImplID [32]byte

func (ImplID) String 

func (o ImplID) String() string

func (ImplID) Valid 

func (o ImplID) Valid() error

type Instance 

type Instance struct {
	Value IInstanceValue
}

Instance stores an instance identity. The supported formats are UUID, UEID and variable-length opaque bytes.

func MustNewUEIDInstance 

func MustNewUEIDInstance(val any) *Instance

MustNewUEIDInstance is like NewUEIDInstance execept it does not return an error, assuming that the provided value is valid. It panics if that isn't the case.

func MustNewUUIDInstance 

func MustNewUUIDInstance(val any) *Instance

MustNewUUIDInstance is like NewUUIDInstance execept it does not return an error, assuming that the provided value is valid. It panics if that isn't the case.

func NewBytesInstance 

func NewBytesInstance(val any) (*Instance, error)

NewBytesInstance creates a new instance of type bytes The supplied interface parameter could be a byte slice, a pointer to a byte slice or a string

func NewInstance 

func NewInstance(val any, typ string) (*Instance, error)

NewInstance creates a new instance with the value of the specified type populated using the provided value.

func NewUEIDInstance 

func NewUEIDInstance(val any) (*Instance, error)

NewUEIDInstance instantiates a new instance with the supplied UEID identity.

func NewUUIDInstance 

func NewUUIDInstance(val any) (*Instance, error)

NewUUIDInstance instantiates a new instance with the supplied UUID identity

func (Instance) Bytes 

func (o Instance) Bytes() []byte

Bytes returns a []byte containing the bytes of the underlying Instance value.

func (Instance) GetUEID added in v1.3.0 

func (o Instance) GetUEID() (eat.UEID, error)

func (Instance) GetUUID added in v1.3.0 

func (o Instance) GetUUID() (UUID, error)

func (Instance) MarshalCBOR 

func (o Instance) MarshalCBOR() ([]byte, error)

MarshalCBOR serializes the target instance to CBOR

func (Instance) MarshalJSON 

func (o Instance) MarshalJSON() ([]byte, error)

MarshalJSON serializes the Instance into a JSON object.

func (*Instance) SetUEID added in v1.3.0 

func (o *Instance) SetUEID(val eat.UEID) *Instance

SetUEID sets the identity of the target instance to the supplied UEID

func (*Instance) SetUUID added in v1.3.0 

func (o *Instance) SetUUID(val uuid.UUID) *Instance

SetUUID sets the identity of the target instance to the supplied UUID

func (Instance) String 

func (o Instance) String() string

String returns a printable string of the Instance value. UUIDs use the canonical 8-4-4-4-12 format, UEIDs are hex encoded.

func (Instance) Type 

func (o Instance) Type() string

Type returns a string naming the type of the underlying Instance value.

func (*Instance) UnmarshalCBOR 

func (o *Instance) UnmarshalCBOR(data []byte) error

func (*Instance) UnmarshalJSON 

func (o *Instance) UnmarshalJSON(data []byte) error

UnmarshalJSON deserializes the supplied JSON object into the target Instance The instance object must have the following shape: 

{
  "type": "<INSTANCE_TYPE>",
  "value": <INSTANCE_VALUE>
}

where <INSTANCE_TYPE> must be one of the known IInstanceValue implementation type names (available in the base implementation: "ueid" and "uuid"), and <INSTANCE_VALUE> is the JSON encoding of the instance value. The exact encoding is <INSTANCE_TYPE> dependent. For the base implmentation types it is 

ueid: base64-encoded bytes, e.g. "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE="
uuid: standard UUID string representation, e.g. "550e8400-e29b-41d4-a716-446655440000"
bytes: a variable-length opaque byte string, example {0x07, 0x12, 0x34}

func (Instance) Valid 

func (o Instance) Valid() error

Valid checks for the validity of given instance

type IntegrityRegisters 

type IntegrityRegisters struct {
	IndexMap map[IRegisterIndex]Digests
}

IntegrityRegisters holds the Integrity Registers

func NewIntegrityRegisters 

func NewIntegrityRegisters() *IntegrityRegisters

func (*IntegrityRegisters) AddDigest 

func (i *IntegrityRegisters) AddDigest(index IRegisterIndex, digest swid.HashEntry) error

AddDigest allows inserting a digest at a specific index Supported index types are uint and text

func (*IntegrityRegisters) AddDigests 

func (i *IntegrityRegisters) AddDigests(index IRegisterIndex, digests Digests) error

AddDigests allows inserting an array of digests at a specific index Supported index types are uint and text

func (IntegrityRegisters) MarshalCBOR 

func (i IntegrityRegisters) MarshalCBOR() ([]byte, error)

func (IntegrityRegisters) MarshalJSON 

func (i IntegrityRegisters) MarshalJSON() ([]byte, error)

func (*IntegrityRegisters) UnmarshalCBOR 

func (i *IntegrityRegisters) UnmarshalCBOR(data []byte) error

func (*IntegrityRegisters) UnmarshalJSON 

func (i *IntegrityRegisters) UnmarshalJSON(data []byte) error

type KeyTriple added in v1.6.2 

type KeyTriple struct {
	Environment Environment `json:"environment"`
	VerifKeys   CryptoKeys  `json:"verification-keys"`
	// contains filtered or unexported fields
}

KeyTriple stores a cryptographic key triple record (identity-triple-record or attest-key-triple-record) with CBOR and JSON serializations. Note that the CBOR serialization packs the structure into an array. Instead, when serializing to JSON, the structure is converted into an object.

func (KeyTriple) Valid added in v1.6.2 

func (o KeyTriple) Valid() error

type KeyTriples added in v1.6.2 

type KeyTriples []KeyTriple

func NewKeyTriples added in v1.6.2 

func NewKeyTriples() *KeyTriples

type LinkedTag 

type LinkedTag struct {
	LinkedTagID swid.TagID `cbor:"0,keyasint" json:"target"`
	Rel         Rel        `cbor:"1,keyasint" json:"rel"`
}

LinkedTag stores one link relation of type Rel between the embedding CoMID (the link context) and the referenced CoMID (the link target). The link can be viewed as a statement of the form: "$link_context $link_relation_type $link_target".

func NewLinkedTag 

func NewLinkedTag() *LinkedTag

func (*LinkedTag) SetLinkedTag 

func (o *LinkedTag) SetLinkedTag(t swid.TagID) *LinkedTag

func (*LinkedTag) SetRel 

func (o *LinkedTag) SetRel(r Rel) *LinkedTag

func (LinkedTag) Valid 

func (o LinkedTag) Valid() error

type LinkedTags 

type LinkedTags []LinkedTag

LinkedTags is an array of LinkedTag

func NewLinkedTags 

func NewLinkedTags() *LinkedTags

func (*LinkedTags) AddLinkedTag 

func (o *LinkedTags) AddLinkedTag(lt LinkedTag) *LinkedTags

AddLinkedTag adds the supplied linked Tag-map to the target Entities

func (LinkedTags) Valid 

func (o LinkedTags) Valid() error

type MACaddr 

type MACaddr net.HardwareAddr

MACaddr is an HW address (e.g., IEEE 802 MAC-48, EUI-48, EUI-64)

Note: Since TextUnmarshal is not defined on net.HardwareAddr (see: https://github.com/golang/go/issues/29678) we need to create an alias type with a custom decoder.

func (MACaddr) MarshalJSON 

func (o MACaddr) MarshalJSON() ([]byte, error)

func (*MACaddr) UnmarshalJSON 

func (o *MACaddr) UnmarshalJSON(data []byte) error

UnmarshalJSON deserialize a MAC address in textual form into the MACaddr target, e.g.: 

"mac-addr": "00:00:5e:00:53:01"

or 

"mac-addr": "02:00:5e:10:00:00:00:01"

Supported formats are IEEE 802 MAC-48, EUI-48, EUI-64, e.g.: 

00:00:5e:00:53:01
00-00-5e-00-53-01
02:00:5e:10:00:00:00:01
02-00-5e-10-00-00-00-01

type Measurement 

type Measurement struct {
	Key          *Mkey      `cbor:"0,keyasint,omitempty" json:"key,omitempty"`
	Val          Mval       `cbor:"1,keyasint" json:"value"`
	AuthorizedBy *CryptoKey `cbor:"2,keyasint,omitempty" json:"authorized-by,omitempty"`
}

Measurement stores a measurement-map with CBOR and JSON serializations.

func MustNewCCAPlatCfgMeasurement 

func MustNewCCAPlatCfgMeasurement(key any) *Measurement

func MustNewMeasurement 

func MustNewMeasurement(val any, typ string) *Measurement

func MustNewPSAMeasurement 

func MustNewPSAMeasurement(key any) *Measurement

func MustNewUUIDMeasurement 

func MustNewUUIDMeasurement(key any) *Measurement

func MustNewUintMeasurement 

func MustNewUintMeasurement(key any) *Measurement

func NewCCAPlatCfgMeasurement 

func NewCCAPlatCfgMeasurement(key any) (*Measurement, error)

NewCCAPlatCfgMeasurement instantiates a new measurement-map with the key set to the supplied CCA platform-config-id

func NewMeasurement 

func NewMeasurement(val any, typ string) (*Measurement, error)

func NewOIDMeasurement 

func NewOIDMeasurement(key any) (*Measurement, error)

NewOIDMeasurement instantiates a new measurement-map with the key set to the supplied OID

func NewPSAMeasurement 

func NewPSAMeasurement(key any) (*Measurement, error)

NewPSAMeasurement instantiates a new measurement-map with the key set to the supplied PSA refval-id

func NewUUIDMeasurement 

func NewUUIDMeasurement(key any) (*Measurement, error)

NewUUIDMeasurement instantiates a new measurement-map with the key set to the supplied UUID

func NewUintMeasurement 

func NewUintMeasurement(key any) (*Measurement, error)

NewUintMeasurement instantiates a new measurement-map with the key set to the supplied Uint

func (*Measurement) AddDigest 

func (o *Measurement) AddDigest(algID uint64, digest []byte) *Measurement

AddDigest add the supplied digest - comprising the digest itself together with the hash algorithm used to obtain it - to the measurement-values-map of the target measurement

func (*Measurement) ClearFlags 

func (o *Measurement) ClearFlags(flags ...Flag) *Measurement

ClearFlags clears the supplied operational flags in the measurement-values-map of the target measurement

func (Measurement) GetExtensions added in v1.6.2 

func (o Measurement) GetExtensions() extensions.IMapValue

func (*Measurement) RegisterExtensions added in v1.6.2 

func (o *Measurement) RegisterExtensions(exts extensions.Map) error

func (*Measurement) SetFlagsFalse 

func (o *Measurement) SetFlagsFalse(flags ...Flag) *Measurement

SetFlagsFalse sets the supplied operational flags to true in the measurement-values-map of the target measurement

func (*Measurement) SetFlagsTrue 

func (o *Measurement) SetFlagsTrue(flags ...Flag) *Measurement

SetFlagsTrue sets the supplied operational flags to true in the measurement-values-map of the target measurement

func (*Measurement) SetIPaddr 

func (o *Measurement) SetIPaddr(a net.IP) *Measurement

SetIPaddr sets the supplied IP (v4 or v6) address in the measurement-values-map of the target measurement

func (*Measurement) SetMACaddr 

func (o *Measurement) SetMACaddr(a MACaddr) *Measurement

SetMACaddr sets the supplied MAC address in the measurement-values-map of the target measurement

func (*Measurement) SetMinSVN 

func (o *Measurement) SetMinSVN(svn uint64) *Measurement

SetMinSVN sets the supplied min-svn in the measurement-values-map of the target measurement

func (*Measurement) SetRawValueBytes 

func (o *Measurement) SetRawValueBytes(rawValue, rawValueMask []byte) *Measurement

SetRawValueBytes sets the supplied raw-value and its mask in the measurement-values-map of the target measurement

func (*Measurement) SetSVN 

func (o *Measurement) SetSVN(svn uint64) *Measurement

SetSVN sets the supplied svn in the measurement-values-map of the target measurement

func (*Measurement) SetSerialNumber 

func (o *Measurement) SetSerialNumber(sn string) *Measurement

SetSerialNumber sets the supplied serial number in the measurement-values-map of the target measurement

func (*Measurement) SetUEID 

func (o *Measurement) SetUEID(ueid eat.UEID) *Measurement

SetUEID sets the supplied ueid in the measurement-values-map of the target measurement

func (*Measurement) SetUUID 

func (o *Measurement) SetUUID(u UUID) *Measurement

SetUUID sets the supplied uuid in the measurement-values-map of the target measurement

func (*Measurement) SetVersion 

func (o *Measurement) SetVersion(ver string, scheme int64) *Measurement

func (Measurement) Valid 

func (o Measurement) Valid() error

type Measurements 

type Measurements extensions.Collection[Measurement, *Measurement]

Measurements is a container for Measurement instances and their extensions. It is a thin wrapper around extensions.Collection.

func NewMeasurements 

func NewMeasurements() *Measurements

func (*Measurements) Add added in v1.7.2 

func (o *Measurements) Add(val *Measurement) *Measurements

func (*Measurements) GetExtensions added in v1.7.2 

func (o *Measurements) GetExtensions() extensions.IMapValue

func (*Measurements) IsEmpty added in v1.7.2 

func (o *Measurements) IsEmpty() bool

func (Measurements) MarshalCBOR added in v1.7.2 

func (o Measurements) MarshalCBOR() ([]byte, error)

func (Measurements) MarshalJSON added in v1.7.2 

func (o Measurements) MarshalJSON() ([]byte, error)

func (*Measurements) RegisterExtensions added in v1.7.2 

func (o *Measurements) RegisterExtensions(exts extensions.Map) error

func (*Measurements) UnmarshalCBOR added in v1.7.2 

func (o *Measurements) UnmarshalCBOR(data []byte) error

func (*Measurements) UnmarshalJSON added in v1.7.2 

func (o *Measurements) UnmarshalJSON(data []byte) error

func (*Measurements) Valid 

func (o *Measurements) Valid() error

type Mkey 

type Mkey struct {
	Value IMKeyValue
}

Mkey stores a $measured-element-type-choice. The supported types are UUID, PSA refval-id, CCA platform-config-id and unsigned integer TO DO Add tagged OID: see https://github.com/jraman567/corim/issues/35

func MustNewMkey 

func MustNewMkey(val any, typ string) *Mkey

MustNewMkey is like NewMkey, execept it does not return an error, assuming that the provided value is valid. It panics if that is not the case.

func NewMkey 

func NewMkey(val any, typ string) (*Mkey, error)

NewMkey creates a new Mkey of the specfied type using the provided value.

func NewMkeyCCAPlatformConfigID 

func NewMkeyCCAPlatformConfigID(val any) (*Mkey, error)

func NewMkeyOID 

func NewMkeyOID(val any) (*Mkey, error)

func NewMkeyPSARefvalID 

func NewMkeyPSARefvalID(val any) (*Mkey, error)

func NewMkeyUUID 

func NewMkeyUUID(val any) (*Mkey, error)

func NewMkeyUint 

func NewMkeyUint(val any) (*Mkey, error)

func (Mkey) GetCCAPlatformConfigID added in v1.3.0 

func (o Mkey) GetCCAPlatformConfigID() (CCAPlatformConfigID, error)

func (Mkey) GetKeyUint added in v1.3.0 

func (o Mkey) GetKeyUint() (uint64, error)

func (Mkey) GetPSARefValID added in v1.3.0 

func (o Mkey) GetPSARefValID() (PSARefValID, error)

func (Mkey) IsSet 

func (o Mkey) IsSet() bool

IsSet returns true if the value of the Mkey is set.

func (Mkey) MarshalCBOR 

func (o Mkey) MarshalCBOR() ([]byte, error)

MarshalCBOR serializes the taret mkey into CBOR-encoded bytes.

func (Mkey) MarshalJSON 

func (o Mkey) MarshalJSON() ([]byte, error)

MarshalJSON serializes the target Mkey into the type'n'value JSON object

func (Mkey) Type added in v1.5.1 

func (o Mkey) Type() string

Type returns the type of Mkey

func (*Mkey) UnmarshalCBOR 

func (o *Mkey) UnmarshalCBOR(data []byte) error

UnmarshalCBOR deserializes the Mkey from the provided CBOR bytes.

func (*Mkey) UnmarshalJSON 

func (o *Mkey) UnmarshalJSON(data []byte) error

UnmarshalJSON deserializes the supplied JSON object into the target MKey The key object must have the following shape: 

{
  "type": "<MKEY_TYPE>",
  "value": <MKEY_JSON_VALUE>
}

where <MKEY_TYPE> must be one of the known IMKeyValue implementation type names (available in the base implementation: "uuid", "oid", "psa.impl-id"), and <MKEY_JSON_VALUE> is the class id value serialized to JSON. The exact serialization is <CLASS_ID_TYPE> depenent. For the base implementation types it is 

oid: dot-seprated integers, e.g. "1.2.3.4"
uuid: standard UUID string representation, e.g. "550e8400-e29b-41d4-a716-446655440000"
psa.refval-id: JSON representation of the PSA refval-id

func (Mkey) Valid 

func (o Mkey) Valid() error

Valid returns nil if the Mkey is valid or an error describing the problem, if it is not.

type Mval 

type Mval struct {
	Ver                *Version            `cbor:"0,keyasint,omitempty" json:"version,omitempty"`
	SVN                *SVN                `cbor:"1,keyasint,omitempty" json:"svn,omitempty"`
	Digests            *Digests            `cbor:"2,keyasint,omitempty" json:"digests,omitempty"`
	Flags              *FlagsMap           `cbor:"3,keyasint,omitempty" json:"flags,omitempty"`
	RawValue           *RawValue           `cbor:"4,keyasint,omitempty" json:"raw-value,omitempty"`
	RawValueMask       *[]byte             `cbor:"5,keyasint,omitempty" json:"raw-value-mask,omitempty"`
	MACAddr            *MACaddr            `cbor:"6,keyasint,omitempty" json:"mac-addr,omitempty"`
	IPAddr             *net.IP             `cbor:"7,keyasint,omitempty" json:"ip-addr,omitempty"`
	SerialNumber       *string             `cbor:"8,keyasint,omitempty" json:"serial-number,omitempty"`
	UEID               *eat.UEID           `cbor:"9,keyasint,omitempty" json:"ueid,omitempty"`
	UUID               *UUID               `cbor:"10,keyasint,omitempty" json:"uuid,omitempty"`
	IntegrityRegisters *IntegrityRegisters `cbor:"14,keyasint,omitempty" json:"integrity-registers,omitempty"`
	Extensions
}

Mval stores a measurement-values-map with JSON and CBOR serializations.

func (*Mval) GetExtensions 

func (o *Mval) GetExtensions() extensions.IMapValue

GetExtensions returns pervisouosly registered extension

func (Mval) MarshalCBOR 

func (o Mval) MarshalCBOR() ([]byte, error)

MarshalCBOR serializes to CBOR

func (Mval) MarshalJSON 

func (o Mval) MarshalJSON() ([]byte, error)

MarshalJSON serializes to JSON

func (*Mval) RegisterExtensions 

func (o *Mval) RegisterExtensions(exts extensions.Map) error

RegisterExtensions registers a struct as a collections of extensions

func (*Mval) UnmarshalCBOR 

func (o *Mval) UnmarshalCBOR(data []byte) error

UnmarshalCBOR deserializes from CBOR

func (*Mval) UnmarshalJSON 

func (o *Mval) UnmarshalJSON(data []byte) error

UnmarshalJSON deserializes from JSON

func (Mval) Valid 

func (o Mval) Valid() error

type OID 

type OID []byte

BER-encoded absolute OID

func (*OID) FromString 

func (o *OID) FromString(s string) error

func (OID) MarshalJSON 

func (o OID) MarshalJSON() ([]byte, error)

func (OID) String 

func (o OID) String() string

func (*OID) UnmarshalJSON 

func (o *OID) UnmarshalJSON(data []byte) error

type PSARefValID 

type PSARefValID struct {
	Label    *string `cbor:"1,keyasint,omitempty" json:"label,omitempty"`
	Version  *string `cbor:"4,keyasint,omitempty" json:"version,omitempty"`
	SignerID []byte  `cbor:"5,keyasint" json:"signer-id"` // 32, 48 or 64
}

PSARefValID stores a PSA refval-id with CBOR and JSON serializations (See https://datatracker.ietf.org/doc/html/draft-xyz-rats-psa-endorsements)

func CreatePSARefValID 

func CreatePSARefValID(signerID []byte, label, version string) (*PSARefValID, error)

func MustCreatePSARefValID 

func MustCreatePSARefValID(signerID []byte, label, version string) *PSARefValID

func NewPSARefValID 

func NewPSARefValID(val any) (*PSARefValID, error)

func (*PSARefValID) SetLabel 

func (o *PSARefValID) SetLabel(label string) *PSARefValID

func (*PSARefValID) SetVersion 

func (o *PSARefValID) SetVersion(version string) *PSARefValID

func (PSARefValID) Valid 

func (o PSARefValID) Valid() error

Valid checks the validity (according to the spec) of the target PSARefValID

type RawValue 

type RawValue struct {
	// contains filtered or unexported fields
}

RawValue models a $raw-value-type-choice. For now, the only available type is bytes.

func NewRawValue 

func NewRawValue() *RawValue

func (RawValue) GetBytes 

func (o RawValue) GetBytes() ([]byte, error)

func (RawValue) MarshalCBOR 

func (o RawValue) MarshalCBOR() ([]byte, error)

func (RawValue) MarshalJSON 

func (o RawValue) MarshalJSON() ([]byte, error)

func (*RawValue) SetBytes 

func (o *RawValue) SetBytes(val []byte) *RawValue

func (*RawValue) UnmarshalCBOR 

func (o *RawValue) UnmarshalCBOR(data []byte) error

func (*RawValue) UnmarshalJSON 

func (o *RawValue) UnmarshalJSON(data []byte) error

UnmarshalJSON deserializes the type'n'value JSON object into the target RawValue. The only supported type is BytesType with value

type Rel 

type Rel int64
const (
	RelSupplements Rel = iota
	RelReplaces

	RelUnset = ^Rel(0)
)

func NewRel 

func NewRel() *Rel

func (*Rel) FromCBOR 

func (o *Rel) FromCBOR(data []byte) error

func (Rel) Get 

func (o Rel) Get() Rel

func (Rel) MarshalJSON 

func (o Rel) MarshalJSON() ([]byte, error)

func (*Rel) Set 

func (o *Rel) Set(r Rel) *Rel

func (Rel) String 

func (o Rel) String() string

func (Rel) ToCBOR 

func (o Rel) ToCBOR() ([]byte, error)

func (*Rel) UnmarshalJSON 

func (o *Rel) UnmarshalJSON(data []byte) error

func (Rel) Valid 

func (o Rel) Valid() error

type Role 

type Role int64
const (
	RoleTagCreator Role = iota
	RoleCreator
	RoleMaintainer
)

func (Role) String 

func (o Role) String() string

String returns the string representation of the Role.

type Roles 

type Roles []Role

func NewRoles 

func NewRoles() *Roles

func (*Roles) Add 

func (o *Roles) Add(roles ...Role) *Roles

func (*Roles) FromCBOR 

func (o *Roles) FromCBOR(data []byte) error

func (Roles) MarshalJSON 

func (o Roles) MarshalJSON() ([]byte, error)

func (Roles) ToCBOR 

func (o Roles) ToCBOR() ([]byte, error)

func (*Roles) UnmarshalJSON 

func (o *Roles) UnmarshalJSON(data []byte) error

func (Roles) Valid 

func (o Roles) Valid() error

type SVN 

type SVN struct {
	Value ISVNValue
}

SVN is the Security Version Number. This typically changes only when a security relevant change is needed to the measured environment.

func MustNewSVN 

func MustNewSVN(val any, typ string) *SVN

MustNewSVN is like NewSVN but does not return an error, assuming that the provided value is valid. It panics if this is not the case.

func MustNewTaggedMinSVN 

func MustNewTaggedMinSVN(val any) *SVN

func MustNewTaggedSVN 

func MustNewTaggedSVN(val any) *SVN

func NewSVN 

func NewSVN(val any, typ string) (*SVN, error)

NewSVN creates a new SVN of the specified and value. The type must be one of the strings defined by the spec ("exact-value", "min-value"), or has been registered with RegisterSVNType().

func NewTaggedMinSVN 

func NewTaggedMinSVN(val any) (*SVN, error)

func NewTaggedSVN 

func NewTaggedSVN(val any) (*SVN, error)

func (SVN) MarshalCBOR 

func (o SVN) MarshalCBOR() ([]byte, error)

MarshalCBOR returns the CBOR encoding of the SVN.

func (SVN) MarshalJSON 

func (o SVN) MarshalJSON() ([]byte, error)

MarshalJSON serializes the SVN int a JSON object

func (*SVN) UnmarshalCBOR 

func (o *SVN) UnmarshalCBOR(data []byte) error

UnmarshalCBOR populates the SVN form the provided CBOR bytes.

func (*SVN) UnmarshalJSON 

func (o *SVN) UnmarshalJSON(data []byte) error

UnmarshalJSON deserializes the supplied JSON object into the target SVN The SVN object must have the following shape: 

{
  "type": "<SVN_TYPE>",
  "value": <SVN_VALUE>
}

where <SVN_TYPE> must be one of the known ISVNValue implementation type names (available in the base implementation: "exact-value", "min-value"), and <SVN_VALUE> is the JSON encoding of the underlying class id value. The exact encoding is <SVN_TYPE> dependent. For both base types, it is an integer (JSON number).

type StringEntityName 

type StringEntityName string

func (StringEntityName) String 

func (o StringEntityName) String() string

func (StringEntityName) Type 

func (o StringEntityName) Type() string

func (StringEntityName) Valid 

func (o StringEntityName) Valid() error

type TagIdentity 

type TagIdentity struct {
	TagID      swid.TagID `cbor:"0,keyasint" json:"id"`
	TagVersion uint       `cbor:"1,keyasint,omitempty" json:"version,omitempty"`
}

func (TagIdentity) Valid 

func (o TagIdentity) Valid() error

type TaggedBytes 

type TaggedBytes []byte

func NewBytes 

func NewBytes(val any) (*TaggedBytes, error)

func (TaggedBytes) Bytes 

func (o TaggedBytes) Bytes() []byte

func (TaggedBytes) String 

func (o TaggedBytes) String() string

func (TaggedBytes) Type 

func (o TaggedBytes) Type() string

func (TaggedBytes) Valid 

func (o TaggedBytes) Valid() error

type TaggedCCAPlatformConfigID 

type TaggedCCAPlatformConfigID CCAPlatformConfigID

func NewTaggedCCAPlatformConfigID 

func NewTaggedCCAPlatformConfigID(val any) (*TaggedCCAPlatformConfigID, error)

func (TaggedCCAPlatformConfigID) IsZero 

func (o TaggedCCAPlatformConfigID) IsZero() bool

func (TaggedCCAPlatformConfigID) String 

func (o TaggedCCAPlatformConfigID) String() string

func (TaggedCCAPlatformConfigID) Type 

func (o TaggedCCAPlatformConfigID) Type() string

func (*TaggedCCAPlatformConfigID) UnmarshalJSON 

func (o *TaggedCCAPlatformConfigID) UnmarshalJSON(data []byte) error

func (TaggedCCAPlatformConfigID) Valid 

func (o TaggedCCAPlatformConfigID) Valid() error

type TaggedCOSEKey 

type TaggedCOSEKey []byte

TaggedCOSEKey is a CBOR encoded COSE_Key or COSE_KeySet. See https://www.rfc-editor.org/rfc/rfc9052#section-7

func (TaggedCOSEKey) MarshalCBOR 

func (o TaggedCOSEKey) MarshalCBOR() ([]byte, error)

func (TaggedCOSEKey) PublicKey 

func (o TaggedCOSEKey) PublicKey() (crypto.PublicKey, error)

func (TaggedCOSEKey) String 

func (o TaggedCOSEKey) String() string

func (TaggedCOSEKey) Type 

func (o TaggedCOSEKey) Type() string

func (*TaggedCOSEKey) UnmarshalCBOR 

func (o *TaggedCOSEKey) UnmarshalCBOR(b []byte) error

func (TaggedCOSEKey) Valid 

func (o TaggedCOSEKey) Valid() error

type TaggedCertPathThumbprint 

type TaggedCertPathThumbprint struct {
	// contains filtered or unexported fields
}

TaggedCertPathThumbprint represents a digest of a certification path. The digest value may be used to find the certificate path if contained in a lookup table.

func (TaggedCertPathThumbprint) PublicKey 

func (o TaggedCertPathThumbprint) PublicKey() (crypto.PublicKey, error)

func (TaggedCertPathThumbprint) String 

func (o TaggedCertPathThumbprint) String() string

func (TaggedCertPathThumbprint) Type 

func (o TaggedCertPathThumbprint) Type() string

func (TaggedCertPathThumbprint) Valid 

func (o TaggedCertPathThumbprint) Valid() error

type TaggedCertThumbprint 

type TaggedCertThumbprint struct {
	// contains filtered or unexported fields
}

TaggedCertThumbprint represents a digest of a certificate. The digest value may be used to find the certificate if contained in a lookup table.

func (TaggedCertThumbprint) PublicKey 

func (o TaggedCertThumbprint) PublicKey() (crypto.PublicKey, error)

func (TaggedCertThumbprint) String 

func (o TaggedCertThumbprint) String() string

func (TaggedCertThumbprint) Type 

func (o TaggedCertThumbprint) Type() string

func (TaggedCertThumbprint) Valid 

func (o TaggedCertThumbprint) Valid() error

type TaggedImplID 

type TaggedImplID ImplID

func (TaggedImplID) Bytes 

func (o TaggedImplID) Bytes() []byte

func (TaggedImplID) MarshalJSON 

func (o TaggedImplID) MarshalJSON() ([]byte, error)

func (TaggedImplID) String 

func (o TaggedImplID) String() string

func (TaggedImplID) Type 

func (o TaggedImplID) Type() string

func (*TaggedImplID) UnmarshalJSON 

func (o *TaggedImplID) UnmarshalJSON(data []byte) error

func (TaggedImplID) Valid 

func (o TaggedImplID) Valid() error

type TaggedInt 

type TaggedInt int

func (TaggedInt) Bytes 

func (o TaggedInt) Bytes() []byte

func (TaggedInt) String 

func (o TaggedInt) String() string

func (TaggedInt) Type 

func (o TaggedInt) Type() string

func (TaggedInt) Valid 

func (o TaggedInt) Valid() error

type TaggedMinSVN 

type TaggedMinSVN uint64

func (TaggedMinSVN) String 

func (o TaggedMinSVN) String() string

func (TaggedMinSVN) Type 

func (o TaggedMinSVN) Type() string

func (TaggedMinSVN) Valid 

func (o TaggedMinSVN) Valid() error

type TaggedOID 

type TaggedOID OID

func NewTaggedOID 

func NewTaggedOID(val any) (*TaggedOID, error)

func (TaggedOID) Bytes 

func (o TaggedOID) Bytes() []byte

func (*TaggedOID) FromString 

func (o *TaggedOID) FromString(s string) error

func (TaggedOID) MarshalJSON 

func (o TaggedOID) MarshalJSON() ([]byte, error)

func (TaggedOID) String 

func (o TaggedOID) String() string

func (TaggedOID) Type 

func (o TaggedOID) Type() string

func (*TaggedOID) UnmarshalJSON 

func (o *TaggedOID) UnmarshalJSON(data []byte) error

func (TaggedOID) Valid 

func (o TaggedOID) Valid() error

type TaggedPKIXBase64Cert 

type TaggedPKIXBase64Cert string

TaggedPKIXBase64Cert is a PEM-encoded X.509 public key certificate. See https://www.rfc-editor.org/rfc/rfc7468#section-5

func (TaggedPKIXBase64Cert) PublicKey 

func (o TaggedPKIXBase64Cert) PublicKey() (crypto.PublicKey, error)

func (TaggedPKIXBase64Cert) String 

func (o TaggedPKIXBase64Cert) String() string

func (TaggedPKIXBase64Cert) Type 

func (o TaggedPKIXBase64Cert) Type() string

func (TaggedPKIXBase64Cert) Valid 

func (o TaggedPKIXBase64Cert) Valid() error

type TaggedPKIXBase64CertPath 

type TaggedPKIXBase64CertPath string

TaggedPKIXBase64CertPath is a X.509 certificate chain created by the concatenation of as many PEM encoded X.509 certificates as needed. The certificates MUST be concatenated in order so that each directly certifies the one preceding.

func (TaggedPKIXBase64CertPath) PublicKey 

func (o TaggedPKIXBase64CertPath) PublicKey() (crypto.PublicKey, error)

func (TaggedPKIXBase64CertPath) String 

func (o TaggedPKIXBase64CertPath) String() string

func (TaggedPKIXBase64CertPath) Type 

func (o TaggedPKIXBase64CertPath) Type() string

func (TaggedPKIXBase64CertPath) Valid 

func (o TaggedPKIXBase64CertPath) Valid() error

type TaggedPKIXBase64Key 

type TaggedPKIXBase64Key string

TaggedPKIXBase64Key is a PEM-encoded SubjectPublicKeyInfo. See https://www.rfc-editor.org/rfc/rfc7468#section-13

func (TaggedPKIXBase64Key) PublicKey 

func (o TaggedPKIXBase64Key) PublicKey() (crypto.PublicKey, error)

func (TaggedPKIXBase64Key) String 

func (o TaggedPKIXBase64Key) String() string

func (TaggedPKIXBase64Key) Type 

func (o TaggedPKIXBase64Key) Type() string

func (TaggedPKIXBase64Key) Valid 

func (o TaggedPKIXBase64Key) Valid() error

type TaggedPSARefValID 

type TaggedPSARefValID PSARefValID

func NewTaggedPSARefValID 

func NewTaggedPSARefValID(val any) (*TaggedPSARefValID, error)

func (TaggedPSARefValID) IsZero 

func (o TaggedPSARefValID) IsZero() bool

func (TaggedPSARefValID) String 

func (o TaggedPSARefValID) String() string

func (TaggedPSARefValID) Type 

func (o TaggedPSARefValID) Type() string

func (TaggedPSARefValID) Valid 

func (o TaggedPSARefValID) Valid() error

type TaggedSVN 

type TaggedSVN uint64

func (TaggedSVN) String 

func (o TaggedSVN) String() string

func (TaggedSVN) Type 

func (o TaggedSVN) Type() string

func (TaggedSVN) Valid 

func (o TaggedSVN) Valid() error

type TaggedThumbprint 

type TaggedThumbprint struct {
	// contains filtered or unexported fields
}

ThumbprintTypeTaggedThumbprint represents a digest of a raw public key. The digest value may be used to find the public key if contained in a lookup table.

func (TaggedThumbprint) PublicKey 

func (o TaggedThumbprint) PublicKey() (crypto.PublicKey, error)

func (TaggedThumbprint) String 

func (o TaggedThumbprint) String() string

func (TaggedThumbprint) Type 

func (o TaggedThumbprint) Type() string

func (TaggedThumbprint) Valid 

func (o TaggedThumbprint) Valid() error

type TaggedUEID 

type TaggedUEID UEID

TaggedUEID is an alias to allow automatic tagging of an UEID type

func NewTaggedUEID 

func NewTaggedUEID(val any) (*TaggedUEID, error)

func (TaggedUEID) Bytes 

func (o TaggedUEID) Bytes() []byte

func (TaggedUEID) String 

func (o TaggedUEID) String() string

func (TaggedUEID) Type 

func (o TaggedUEID) Type() string

func (TaggedUEID) Valid 

func (o TaggedUEID) Valid() error

type TaggedURI 

type TaggedURI string

func String2URI 

func String2URI(s *string) (*TaggedURI, error)

func (TaggedURI) Empty 

func (o TaggedURI) Empty() bool

type TaggedUUID 

type TaggedUUID UUID

TaggedUUID is an alias to allow automatic tagging of a UUID type

func NewTaggedUUID 

func NewTaggedUUID(val any) (*TaggedUUID, error)

func (TaggedUUID) Bytes 

func (o TaggedUUID) Bytes() []byte

Bytes returns a []byte containing the raw UUID bytes

func (TaggedUUID) MarshalJSON 

func (o TaggedUUID) MarshalJSON() ([]byte, error)

func (TaggedUUID) String 

func (o TaggedUUID) String() string

String returns a string representation of the binary UUID

func (TaggedUUID) Type 

func (o TaggedUUID) Type() string

Type returns a string containing type name. This is part of the ITypeChoiceValue implementation.

func (*TaggedUUID) UnmarshalJSON 

func (o *TaggedUUID) UnmarshalJSON(data []byte) error

func (TaggedUUID) Valid 

func (o TaggedUUID) Valid() error

type Triples 

type Triples struct {
	ReferenceValues *ValueTriples `cbor:"0,keyasint,omitempty" json:"reference-values,omitempty"`
	EndorsedValues  *ValueTriples `cbor:"1,keyasint,omitempty" json:"endorsed-values,omitempty"`
	DevIdentityKeys *KeyTriples   `cbor:"2,keyasint,omitempty" json:"dev-identity-keys,omitempty"`
	AttestVerifKeys *KeyTriples   `cbor:"3,keyasint,omitempty" json:"attester-verification-keys,omitempty"`

	Extensions
}

func (*Triples) AddAttestVerifKey 

func (o *Triples) AddAttestVerifKey(val KeyTriple) *Triples

func (*Triples) AddDevIdentityKey 

func (o *Triples) AddDevIdentityKey(val KeyTriple) *Triples

func (*Triples) AddEndorsedValue 

func (o *Triples) AddEndorsedValue(val ValueTriple) *Triples

func (*Triples) AddReferenceValue 

func (o *Triples) AddReferenceValue(val ValueTriple) *Triples

func (*Triples) GetExtensions 

func (o *Triples) GetExtensions() extensions.IMapValue

GetExtensions returns pervisouosly registered extension

func (Triples) MarshalCBOR 

func (o Triples) MarshalCBOR() ([]byte, error)

MarshalCBOR serializes to CBOR

func (Triples) MarshalJSON 

func (o Triples) MarshalJSON() ([]byte, error)

MarshalJSON serializes to JSON

func (*Triples) RegisterExtensions 

func (o *Triples) RegisterExtensions(exts extensions.Map) error

RegisterExtensions registers a struct as a collections of extensions

func (*Triples) UnmarshalCBOR 

func (o *Triples) UnmarshalCBOR(data []byte) error

UnmarshalCBOR deserializes from CBOR

func (*Triples) UnmarshalJSON 

func (o *Triples) UnmarshalJSON(data []byte) error

UnmarshalJSON deserializes from JSON

func (Triples) Valid 

func (o Triples) Valid() error

Valid checks that the Triples is valid as per the specification

type UEID 

type UEID eat.UEID

UEID is an Unique Entity Identifier

func (UEID) Empty 

func (o UEID) Empty() bool

func (UEID) String 

func (o UEID) String() string

func (UEID) Valid 

func (o UEID) Valid() error

Valid checks that the target UEID is in one of the defined formats: IMEI, EUI or RAND

type UUID 

type UUID uuid.UUID

UUID represents an Universally Unique Identifier (UUID, see RFC4122)

func ParseUUID 

func ParseUUID(s string) (UUID, error)

ParseUUID parses the supplied string into a UUID

func (UUID) Empty 

func (o UUID) Empty() bool

func (UUID) MarshalJSON 

func (o UUID) MarshalJSON() ([]byte, error)

MarshalJSON serialize the target UUID to a JSON string in canonical 8-4-4-4-12 format

func (UUID) String 

func (o UUID) String() string

String returns a string representation of the binary UUID

func (*UUID) UnmarshalJSON 

func (o *UUID) UnmarshalJSON(data []byte) error

UnmarshalJSON deserializes the supplied string into the UUID target The UUID string in expected to be in canonical 8-4-4-4-12 format

func (UUID) Valid 

func (o UUID) Valid() error

Valid checks that the target UUID is formatted as per RFC4122

type UintMkey 

type UintMkey uint64

func NewUintMkey 

func NewUintMkey(val any) (*UintMkey, error)

func (UintMkey) String 

func (o UintMkey) String() string

func (UintMkey) Type 

func (o UintMkey) Type() string

func (*UintMkey) UnmarshalJSON 

func (o *UintMkey) UnmarshalJSON(data []byte) error

func (UintMkey) Valid 

func (o UintMkey) Valid() error

type ValueTriple added in v1.6.2 

type ValueTriple struct {
	Environment  Environment  `json:"environment"`
	Measurements Measurements `json:"measurements"`
	// contains filtered or unexported fields
}

ValueTriple relates measurements to a target environment, essentially forming a subject-predicate-object triple of "measurements-pertain to-environment". This structure is used to represent both reference-triple-record and endorsed-triple-record in the CoRIM spec (as of rev. 04).

func (*ValueTriple) GetExtensions added in v1.6.2 

func (o *ValueTriple) GetExtensions() extensions.IMapValue

func (*ValueTriple) RegisterExtensions added in v1.6.2 

func (o *ValueTriple) RegisterExtensions(exts extensions.Map) error

func (ValueTriple) Valid added in v1.6.2 

func (o ValueTriple) Valid() error

type ValueTriples added in v1.6.2 

type ValueTriples extensions.Collection[ValueTriple, *ValueTriple]

ValueTriples is a container for ValueTriple instances and their extensions. It is a thin wrapper around extensions.Collection.

func NewValueTriples added in v1.6.2 

func NewValueTriples() *ValueTriples

func (*ValueTriples) Add added in v1.6.2 

func (o *ValueTriples) Add(val *ValueTriple) *ValueTriples

func (*ValueTriples) GetExtensions added in v1.6.2 

func (o *ValueTriples) GetExtensions() extensions.IMapValue

func (*ValueTriples) IsEmpty added in v1.6.2 

func (o *ValueTriples) IsEmpty() bool

func (ValueTriples) MarshalCBOR added in v1.6.2 

func (o ValueTriples) MarshalCBOR() ([]byte, error)

func (ValueTriples) MarshalJSON added in v1.6.2 

func (o ValueTriples) MarshalJSON() ([]byte, error)

func (*ValueTriples) RegisterExtensions added in v1.6.2 

func (o *ValueTriples) RegisterExtensions(exts extensions.Map) error

func (*ValueTriples) UnmarshalCBOR added in v1.6.2 

func (o *ValueTriples) UnmarshalCBOR(data []byte) error

func (*ValueTriples) UnmarshalJSON added in v1.6.2 

func (o *ValueTriples) UnmarshalJSON(data []byte) error

func (ValueTriples) Valid added in v1.6.2 

func (o ValueTriples) Valid() error

type Version 

type Version struct {
	Version string             `cbor:"0,keyasint" json:"value"`
	Scheme  swid.VersionScheme `cbor:"1,keyasint" json:"scheme"`
}

Version stores a version-map with JSON and CBOR serializations.

func NewVersion 

func NewVersion() *Version

func (*Version) SetScheme 

func (o *Version) SetScheme(v int64) *Version

func (*Version) SetVersion 

func (o *Version) SetVersion(v string) *Version

func (Version) Valid 

func (o Version) Valid() error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.