comid

package
v1.6.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 14, 2024 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Overview

Copyright 2023 Contributors to the Veraison project. SPDX-License-Identifier: Apache-2.0

Copyright 2024 Contributors to the Veraison project. SPDX-License-Identifier: Apache-2.0

Example (Cca_realm_refval)
package main

import (
	"fmt"
	"strings"
)

func main() {
	comid := Comid{}

	if err := comid.FromJSON([]byte(CCARealmRefValJSONTemplate)); err != nil {
		panic(err)
	}

	if err := comid.Valid(); err != nil {
		panic(err)
	}

	if err := extractRealmRefVals(&comid); err != nil {
		panic(err)
	}
}

func extractRealmRefVals(c *Comid) error {
	if c.Triples.ReferenceValues == nil {
		return fmt.Errorf("no reference values triples")
	}

	for i, rv := range *c.Triples.ReferenceValues {
		if err := extractRealmRefVal(rv); err != nil {
			return fmt.Errorf("bad Realm reference value at index %d: %w", i, err)
		}
	}

	return nil
}

func extractRealmRefVal(rv ReferenceValue) error {
	class := rv.Environment.Class
	instance := rv.Environment.Instance

	if err := extractRealmClass(class); err != nil {
		return fmt.Errorf("extracting class: %w", err)
	}

	if err := extractRealmInstanceID(instance); err != nil {
		return fmt.Errorf("extracting realm instanceID: %w", err)
	}

	measurements := rv.Measurements

	if err := extractMeasurements(measurements); err != nil {
		return fmt.Errorf("extracting measurements: %w", err)
	}

	return nil
}

func extractMeasurements(m Measurements) error {
	if len(m) == 0 {
		return fmt.Errorf("no measurements")
	}

	for i, m := range m {
		if err := extractMeasurement(m); err != nil {
			return fmt.Errorf("extracting measurement at index %d: %w", i, err)
		}
	}

	return nil
}

func extractMeasurement(m Measurement) error {
	if err := extractIntegrityRegisters(m.Val.IntegrityRegisters); err != nil {
		return fmt.Errorf("extracting digest: %w", err)
	}

	return nil
}

func extractRealmClass(c *Class) error {
	if c == nil {
		fmt.Println("class not present")
		return nil
	}

	if c.Vendor != nil {
		fmt.Printf("Vendor: %s\n", c.GetVendor())
	}

	classID := c.ClassID
	if classID == nil {
		fmt.Println("class-id not present")
		return nil
	}

	if classID.Type() != "uuid" {
		return fmt.Errorf("class id is not a uuid")
	}
	if err := classID.Valid(); err != nil {
		return fmt.Errorf("invalid uuid: %v", err)
	}
	fmt.Printf("ClassID: %x\n", classID.Bytes())

	return nil
}

func extractRealmInstanceID(i *Instance) error {
	if i == nil {
		return fmt.Errorf("no instance")
	}

	if i.Type() != "bytes" {
		return fmt.Errorf("instance id is not bytes")
	}

	fmt.Printf("InstanceID: %x\n", i.Bytes())

	return nil
}

func extractIntegrityRegisters(r *IntegrityRegisters) error {
	if r == nil {
		return fmt.Errorf("no integrity registers")
	}

	keys, err := extractRegisterIndexes(r)
	if err != nil {
		return fmt.Errorf("unable to extract register index: %v", err)
	}

	for _, k := range keys {
		d, ok := r.m[k]
		if !ok {
			return fmt.Errorf("unable to locate register index for: %s", k)
		}
		fmt.Printf("Index: %s\n", k)
		if err := extractRealmDigests(d); err != nil {
			return fmt.Errorf("invalid Digests for key: %s, %v", k, err)
		}
	}

	return nil
}

func extractRealmDigests(digests Digests) error {

	if err := digests.Valid(); err != nil {
		return fmt.Errorf("invalid digest: %v", err)
	}
	for _, d := range digests {
		fmt.Printf("Alg: %s\n", d.AlgIDToString())
		fmt.Printf("Digest: %x\n", d.HashValue)
	}

	return nil
}

func extractRegisterIndexes(r *IntegrityRegisters) ([]string, error) {
	var keys [5]string
	for k := range r.m {
		switch t := k.(type) {
		case string:
			key := strings.ToLower(t)
			switch key {
			case "rim":
				keys[0] = key
			case "rem0":
				keys[1] = key
			case "rem1":
				keys[2] = key
			case "rem2":
				keys[3] = key
			case "rem3":
				keys[4] = key
			default:
				return nil, fmt.Errorf("unexpected register index: %s", key)
			}
		default:
			return nil, fmt.Errorf("unexpected type for index: %T", t)
		}
	}
	return keys[:], nil
}
Output:

Vendor: Workload Client Ltd
ClassID: cd1f0e5526f9460db9d8f7fde171787c
InstanceID: 4284b5694ca6c0d2cf4789a0b95ac8025c818de52304364be7cd2981b2d2edc685b322277ec25819962413d8c9b2c1f5
Index: rim
Alg: sha-384
Digest: 4284b5694ca6c0d2cf4789a0b95ac8025c818de52304364be7cd2981b2d2edc685b322277ec25819962413d8c9b2c1f5
Index: rem0
Alg: sha-384
Digest: 2107bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a78
Index: rem1
Alg: sha-384
Digest: 2507bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a78
Index: rem2
Alg: sha-384
Digest: 3107bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a78
Index: rem3
Alg: sha-384
Digest: 3507bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a78
Example (Cca_refval)
package main

import "fmt"

func main() {
	comid := Comid{}

	if err := comid.FromJSON([]byte(CCARefValJSONTemplate)); err != nil {
		panic(err)
	}

	if err := comid.Valid(); err != nil {
		panic(err)
	}

	if err := extractCcaRefVals(&comid); err != nil {
		panic(err)
	}

}

func extractCcaRefVals(c *Comid) error {
	if c.Triples.ReferenceValues == nil {
		return fmt.Errorf("no reference values triples")
	}

	for i, rv := range *c.Triples.ReferenceValues {
		if err := extractCCARefVal(rv); err != nil {
			return fmt.Errorf("bad PSA reference value at index %d: %w", i, err)
		}
	}

	return nil
}

func extractCCARefVal(rv ReferenceValue) error {
	class := rv.Environment.Class

	if err := extractImplementationID(class); err != nil {
		return fmt.Errorf("extracting impl-id: %w", err)
	}

	for i, m := range rv.Measurements {
		if m.Key == nil {
			return fmt.Errorf("missing mKey at index %d", i)
		}
		if !m.Key.IsSet() {
			return fmt.Errorf("mKey not set at index %d", i)
		}

		switch t := m.Key.Value.(type) {
		case *TaggedPSARefValID:
			if err := extractSwMeasurement(m); err != nil {
				return fmt.Errorf("extracting measurement at index %d: %w", i, err)
			}
		case *TaggedCCAPlatformConfigID:
			if err := extractCCARefValID(m.Key); err != nil {
				return fmt.Errorf("extracting cca-refval-id: %w", err)
			}
			if err := extractRawValue(m.Val.RawValue); err != nil {
				return fmt.Errorf("extracting raw vlue: %w", err)
			}
		default:
			return fmt.Errorf("unexpected  Mkey type: %T", t)
		}

	}

	return nil
}

func extractRawValue(r *RawValue) error {
	if r == nil {
		return fmt.Errorf("no raw value")
	}

	b, err := r.GetBytes()
	if err != nil {
		return fmt.Errorf("failed to extract raw value bytes")
	}
	fmt.Printf("Raw value: %x\n", b)

	return nil
}

func extractCCARefValID(k *Mkey) error {
	if k == nil {
		return fmt.Errorf("no measurement key")
	}

	id, ok := k.Value.(*TaggedCCAPlatformConfigID)
	if !ok {
		return fmt.Errorf("expected CCA platform config id, found: %T", k.Value)
	}
	fmt.Printf("Label: %s\n", id)
	return nil
}
Output:

ImplementationID: 61636d652d696d706c656d656e746174696f6e2d69642d303030303030303031
SignerID: acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd9e7871f7e5d8bae86b
Label: BL
Version: 2.1.0
Digest: 87428fc522803d31065e7bce3cf03fe475096631e5e07bbd7a0fde60c4cf25c7
SignerID: acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd9e7871f7e5d8bae86b
Label: PRoT
Version: 1.3.5
Digest: 0263829989b6fd954f72baaf2fc64bc2e2f01d692d4de72986ea808f6e99813f
SignerID: acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd9e7871f7e5d8bae86b
Label: ARoT
Version: 0.1.4
Digest: a3a5e715f0cc574a73c3f9bebb6bc24f32ffd5b67b387244c2c909da779a1478
Label: a non-empty (unique) label
Raw value: 72617776616c75650a72617776616c75650a
Example (Decode_CBOR_1)
// https://github.com/ietf-rats/ietf-corim-cddl/blob/main/examples/comid-1.diag
in := []byte{
	0xa3, 0x01, 0xa1, 0x00, 0x50, 0x3f, 0x06, 0xaf, 0x63, 0xa9, 0x3c, 0x11,
	0xe4, 0x97, 0x97, 0x00, 0x50, 0x56, 0x90, 0x77, 0x3f, 0x02, 0x81, 0xa3,
	0x00, 0x69, 0x41, 0x43, 0x4d, 0x45, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x01,
	0xd8, 0x20, 0x74, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x61,
	0x63, 0x6d, 0x65, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x02,
	0x81, 0x00, 0x04, 0xa1, 0x00, 0x81, 0x82, 0xa1, 0x00, 0xa4, 0x00, 0xd8,
	0x25, 0x50, 0x67, 0xb2, 0x8b, 0x6c, 0x34, 0xcc, 0x40, 0xa1, 0x91, 0x17,
	0xab, 0x5b, 0x05, 0x91, 0x1e, 0x37, 0x01, 0x69, 0x41, 0x43, 0x4d, 0x45,
	0x20, 0x49, 0x6e, 0x63, 0x2e, 0x02, 0x6f, 0x41, 0x43, 0x4d, 0x45, 0x20,
	0x52, 0x6f, 0x61, 0x64, 0x52, 0x75, 0x6e, 0x6e, 0x65, 0x72, 0x03, 0x01,
	0x81, 0xa1, 0x01, 0xa2, 0x00, 0xa2, 0x00, 0x65, 0x31, 0x2e, 0x30, 0x2e,
	0x30, 0x01, 0x19, 0x40, 0x00, 0x02, 0x81, 0x82, 0x01, 0x58, 0x20, 0x44,
	0xaa, 0x33, 0x6a, 0xf4, 0xcb, 0x14, 0xa8, 0x79, 0x43, 0x2e, 0x53, 0xdd,
	0x65, 0x71, 0xc7, 0xfa, 0x9b, 0xcc, 0xaf, 0xb7, 0x5f, 0x48, 0x82, 0x59,
	0x26, 0x2d, 0x6e, 0xa3, 0xa4, 0xd9, 0x1b,
}

comid := Comid{}
err := comid.FromCBOR(in)
if err != nil {
	fmt.Printf("FAIL: %v", err)
} else {
	fmt.Println("OK")
}
Output:

OK
Example (Decode_CBOR_2)
// https://github.com/ietf-rats/ietf-corim-cddl/blob/main/examples/comid-2.diag
in := []byte{
	0xa3, 0x01, 0xa1, 0x00, 0x50, 0x3f, 0x06, 0xaf, 0x63, 0xa9, 0x3c, 0x11,
	0xe4, 0x97, 0x97, 0x00, 0x50, 0x56, 0x90, 0x77, 0x3f, 0x02, 0x81, 0xa3,
	0x00, 0x69, 0x41, 0x43, 0x4d, 0x45, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x01,
	0xd8, 0x20, 0x74, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x61,
	0x63, 0x6d, 0x65, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x02,
	0x81, 0x00, 0x04, 0xa2, 0x00, 0x83, 0x82, 0xa1, 0x00, 0xa4, 0x00, 0xd8,
	0x25, 0x50, 0x67, 0xb2, 0x8b, 0x6c, 0x34, 0xcc, 0x40, 0xa1, 0x91, 0x17,
	0xab, 0x5b, 0x05, 0x91, 0x1e, 0x37, 0x01, 0x69, 0x41, 0x43, 0x4d, 0x45,
	0x20, 0x49, 0x6e, 0x63, 0x2e, 0x02, 0x78, 0x18, 0x41, 0x43, 0x4d, 0x45,
	0x20, 0x52, 0x6f, 0x61, 0x64, 0x52, 0x75, 0x6e, 0x6e, 0x65, 0x72, 0x20,
	0x46, 0x69, 0x72, 0x6d, 0x77, 0x61, 0x72, 0x65, 0x03, 0x01, 0x81, 0xa1,
	0x01, 0xa1, 0x02, 0x81, 0x82, 0x01, 0x58, 0x20, 0x44, 0xaa, 0x33, 0x6a,
	0xf4, 0xcb, 0x14, 0xa8, 0x79, 0x43, 0x2e, 0x53, 0xdd, 0x65, 0x71, 0xc7,
	0xfa, 0x9b, 0xcc, 0xaf, 0xb7, 0x5f, 0x48, 0x82, 0x59, 0x26, 0x2d, 0x6e,
	0xa3, 0xa4, 0xd9, 0x1b, 0x82, 0xa1, 0x00, 0xa5, 0x00, 0xd8, 0x25, 0x50,
	0xa7, 0x1b, 0x3e, 0x38, 0x8d, 0x45, 0x4a, 0x05, 0x81, 0xf3, 0x52, 0xe5,
	0x8c, 0x83, 0x2c, 0x5c, 0x01, 0x6a, 0x57, 0x59, 0x4c, 0x49, 0x45, 0x20,
	0x49, 0x6e, 0x63, 0x2e, 0x02, 0x77, 0x57, 0x59, 0x4c, 0x49, 0x45, 0x20,
	0x43, 0x6f, 0x79, 0x6f, 0x74, 0x65, 0x20, 0x54, 0x72, 0x75, 0x73, 0x74,
	0x65, 0x64, 0x20, 0x4f, 0x53, 0x03, 0x02, 0x04, 0x00, 0x81, 0xa1, 0x01,
	0xa1, 0x02, 0x81, 0x82, 0x01, 0x58, 0x20, 0xbb, 0x71, 0x19, 0x8e, 0xd6,
	0x0a, 0x95, 0xdc, 0x3c, 0x61, 0x9e, 0x55, 0x5c, 0x2c, 0x0b, 0x8d, 0x75,
	0x64, 0xa3, 0x80, 0x31, 0xb0, 0x34, 0xa1, 0x95, 0x89, 0x25, 0x91, 0xc6,
	0x53, 0x65, 0xb0, 0x82, 0xa1, 0x00, 0xa5, 0x00, 0xd8, 0x25, 0x50, 0xa7,
	0x1b, 0x3e, 0x38, 0x8d, 0x45, 0x4a, 0x05, 0x81, 0xf3, 0x52, 0xe5, 0x8c,
	0x83, 0x2c, 0x5c, 0x01, 0x6a, 0x57, 0x59, 0x4c, 0x49, 0x45, 0x20, 0x49,
	0x6e, 0x63, 0x2e, 0x02, 0x77, 0x57, 0x59, 0x4c, 0x49, 0x45, 0x20, 0x43,
	0x6f, 0x79, 0x6f, 0x74, 0x65, 0x20, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65,
	0x64, 0x20, 0x4f, 0x53, 0x03, 0x02, 0x04, 0x01, 0x81, 0xa1, 0x01, 0xa1,
	0x02, 0x81, 0x82, 0x01, 0x58, 0x20, 0xbb, 0x71, 0x19, 0x8e, 0xd6, 0x0a,
	0x95, 0xdc, 0x3c, 0x61, 0x9e, 0x55, 0x5c, 0x2c, 0x0b, 0x8d, 0x75, 0x64,
	0xa3, 0x80, 0x31, 0xb0, 0x34, 0xa1, 0x95, 0x89, 0x25, 0x91, 0xc6, 0x53,
	0x65, 0xb0, 0x01, 0x81, 0x82, 0xa1, 0x00, 0xa4, 0x00, 0xd8, 0x25, 0x50,
	0x67, 0xb2, 0x8b, 0x6c, 0x34, 0xcc, 0x40, 0xa1, 0x91, 0x17, 0xab, 0x5b,
	0x05, 0x91, 0x1e, 0x37, 0x01, 0x69, 0x41, 0x43, 0x4d, 0x45, 0x20, 0x49,
	0x6e, 0x63, 0x2e, 0x02, 0x72, 0x41, 0x43, 0x4d, 0x45, 0x20, 0x52, 0x6f,
	0x6f, 0x74, 0x20, 0x6f, 0x66, 0x20, 0x54, 0x72, 0x75, 0x73, 0x74, 0x03,
	0x00, 0x81, 0xa1, 0x01, 0xa1, 0x01, 0xd9, 0x02, 0x28, 0x01,
}

comid := Comid{}
err := comid.FromCBOR(in)
if err != nil {
	fmt.Printf("FAIL: %v", err)
} else {
	fmt.Println("OK")
}
Output:

OK
Example (Decode_CBOR_3)
// https://github.com/ietf-rats/ietf-corim-cddl/blob/main/examples/comid-design-cd.diag
in := []byte{
	0xa4, 0x01, 0xa1, 0x00, 0x50, 0x1e, 0xac, 0xd5, 0x96, 0xf4, 0xa3, 0x4f,
	0xb6, 0x99, 0xbf, 0xae, 0xb5, 0x8e, 0x0a, 0x4e, 0x47, 0x02, 0x81, 0xa3,
	0x00, 0x71, 0x46, 0x50, 0x47, 0x41, 0x20, 0x44, 0x65, 0x73, 0x69, 0x67,
	0x6e, 0x73, 0x2d, 0x52, 0x2d, 0x55, 0x73, 0x01, 0xd8, 0x20, 0x78, 0x1e,
	0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x66, 0x70, 0x67, 0x61,
	0x64, 0x65, 0x73, 0x69, 0x67, 0x6e, 0x73, 0x72, 0x75, 0x73, 0x2e, 0x65,
	0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x02, 0x81, 0x00, 0x03, 0x81, 0xa2,
	0x00, 0x50, 0x97, 0xf5, 0xa7, 0x07, 0x1c, 0x6f, 0x43, 0x8f, 0x87, 0x7a,
	0x4a, 0x02, 0x07, 0x80, 0xeb, 0xe9, 0x01, 0x00, 0x04, 0xa2, 0x00, 0x84,
	0x82, 0xa1, 0x00, 0xa3, 0x00, 0xd8, 0x6f, 0x4b, 0x60, 0x86, 0x48, 0x01,
	0x86, 0xf8, 0x4d, 0x01, 0x0f, 0x04, 0x01, 0x01, 0x76, 0x66, 0x70, 0x67,
	0x61, 0x64, 0x65, 0x73, 0x69, 0x67, 0x6e, 0x73, 0x72, 0x75, 0x73, 0x2e,
	0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x03, 0x02, 0x81, 0xa1, 0x01,
	0xa2, 0x04, 0xd9, 0x02, 0x30, 0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x05, 0x48, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
	0x82, 0xa1, 0x00, 0xa3, 0x00, 0xd8, 0x6f, 0x4b, 0x60, 0x86, 0x48, 0x01,
	0x86, 0xf8, 0x4d, 0x01, 0x0f, 0x04, 0x02, 0x01, 0x76, 0x66, 0x70, 0x67,
	0x61, 0x64, 0x65, 0x73, 0x69, 0x67, 0x6e, 0x73, 0x72, 0x75, 0x73, 0x2e,
	0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x03, 0x02, 0x81, 0xa1, 0x01,
	0xa1, 0x02, 0x81, 0x82, 0x07, 0x58, 0x30, 0x3f, 0xe1, 0x8e, 0xca, 0x40,
	0x53, 0x87, 0x9e, 0x01, 0x7e, 0xf5, 0xeb, 0x7a, 0x3e, 0x51, 0x57, 0x65,
	0x9c, 0x5f, 0x9b, 0xb1, 0x5b, 0x7d, 0x09, 0x95, 0x9b, 0x8b, 0x86, 0x47,
	0x82, 0x2a, 0x4c, 0xc2, 0x1c, 0x3a, 0xa6, 0x72, 0x1c, 0xef, 0x87, 0xf5,
	0xbf, 0xa5, 0x34, 0x95, 0xdb, 0x08, 0x33, 0x82, 0xa1, 0x00, 0xa3, 0x00,
	0xd8, 0x6f, 0x4b, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x4d, 0x01, 0x0f,
	0x04, 0x03, 0x01, 0x76, 0x66, 0x70, 0x67, 0x61, 0x64, 0x65, 0x73, 0x69,
	0x67, 0x6e, 0x73, 0x72, 0x75, 0x73, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70,
	0x6c, 0x65, 0x03, 0x02, 0x81, 0xa1, 0x01, 0xa1, 0x02, 0x81, 0x82, 0x07,
	0x58, 0x30, 0x20, 0xff, 0x68, 0x1a, 0x08, 0x82, 0xe2, 0x9b, 0x48, 0x19,
	0x53, 0x88, 0x89, 0x36, 0x20, 0x9c, 0xb5, 0x3d, 0xf9, 0xc5, 0xaa, 0xec,
	0x60, 0x6a, 0x2c, 0x24, 0xa0, 0xfb, 0x13, 0x85, 0x95, 0x12, 0x4b, 0x8e,
	0x3f, 0x24, 0xa1, 0x27, 0x71, 0xbc, 0x38, 0x54, 0xcc, 0x68, 0xb4, 0x03,
	0x61, 0xad, 0x82, 0xa1, 0x00, 0xa2, 0x00, 0xd8, 0x6f, 0x4c, 0x60, 0x86,
	0x48, 0x01, 0x86, 0xf8, 0x4d, 0x01, 0x0f, 0x04, 0x63, 0x01, 0x01, 0x76,
	0x66, 0x70, 0x67, 0x61, 0x64, 0x65, 0x73, 0x69, 0x67, 0x6e, 0x73, 0x72,
	0x75, 0x73, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x81, 0xa1,
	0x01, 0xa2, 0x04, 0xd9, 0x02, 0x30, 0x58, 0x30, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x58, 0x30, 0x46,
	0x62, 0x24, 0x34, 0x3d, 0x68, 0x18, 0x02, 0xc1, 0x50, 0x6b, 0xbe, 0xd7,
	0xd7, 0xf0, 0x0b, 0x96, 0x9b, 0xad, 0xdd, 0x63, 0x46, 0xe4, 0xf2, 0xe7,
	0xce, 0x14, 0x66, 0x92, 0x99, 0x6f, 0x22, 0xa4, 0x58, 0x14, 0xde, 0x81,
	0xd2, 0x48, 0xf5, 0x83, 0xb6, 0x5f, 0x81, 0x7b, 0x5f, 0xce, 0xab, 0x01,
	0x81, 0x82, 0xa1, 0x00, 0xa2, 0x00, 0xd8, 0x6f, 0x4c, 0x60, 0x86, 0x48,
	0x01, 0x86, 0xf8, 0x4d, 0x01, 0x0f, 0x04, 0x63, 0x02, 0x01, 0x76, 0x66,
	0x70, 0x67, 0x61, 0x64, 0x65, 0x73, 0x69, 0x67, 0x6e, 0x73, 0x72, 0x75,
	0x73, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x81, 0xa1, 0x01,
	0xa2, 0x04, 0xd9, 0x02, 0x30, 0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x05, 0x48, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
}

comid := Comid{}
err := comid.FromCBOR(in)
if err != nil {
	fmt.Printf("FAIL: %v", err)
} else {
	fmt.Println("OK")
}
Output:

OK
Example (Decode_CBOR_4)
// https://github.com/ietf-rats/ietf-corim-cddl/blob/main/examples/comid-firmware-cd.diag
in := []byte{
	0xa3, 0x01, 0xa1, 0x00, 0x50, 0xaf, 0x1c, 0xd8, 0x95, 0xbe, 0x78, 0x4a,
	0xdb, 0xb7, 0xe9, 0xad, 0xd4, 0x4a, 0x65, 0xab, 0xf3, 0x02, 0x81, 0xa3,
	0x00, 0x71, 0x46, 0x69, 0x72, 0x6d, 0x77, 0x61, 0x72, 0x65, 0x20, 0x4d,
	0x46, 0x47, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x01, 0xd8, 0x20, 0x78, 0x18,
	0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x66, 0x77, 0x6d, 0x66,
	0x67, 0x69, 0x6e, 0x63, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
	0x02, 0x81, 0x00, 0x04, 0xa2, 0x00, 0x82, 0x82, 0xa1, 0x00, 0xa4, 0x01,
	0x70, 0x66, 0x77, 0x6d, 0x66, 0x67, 0x69, 0x6e, 0x63, 0x2e, 0x65, 0x78,
	0x61, 0x6d, 0x70, 0x6c, 0x65, 0x02, 0x67, 0x66, 0x77, 0x59, 0x5f, 0x6e,
	0x35, 0x78, 0x03, 0x00, 0x04, 0x00, 0x81, 0xa1, 0x01, 0xa2, 0x01, 0xd9,
	0x02, 0x28, 0x01, 0x02, 0x81, 0x82, 0x07, 0x58, 0x30, 0x15, 0xe7, 0x7d,
	0x6f, 0x13, 0x32, 0x52, 0xf1, 0xdb, 0x70, 0x44, 0x90, 0x13, 0x13, 0x88,
	0x4f, 0x29, 0x77, 0xd2, 0x10, 0x9b, 0x33, 0xc7, 0x9f, 0x33, 0xe0, 0x79,
	0xbf, 0xc7, 0x88, 0x65, 0x25, 0x5c, 0x0f, 0xb7, 0x33, 0xc2, 0x40, 0xfd,
	0xda, 0x54, 0x4b, 0x82, 0x15, 0xd7, 0xb8, 0xf8, 0x15, 0x82, 0xa1, 0x00,
	0xa4, 0x01, 0x70, 0x66, 0x77, 0x6d, 0x66, 0x67, 0x69, 0x6e, 0x63, 0x2e,
	0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x02, 0x67, 0x66, 0x77, 0x58,
	0x5f, 0x6e, 0x35, 0x78, 0x03, 0x01, 0x04, 0x00, 0x81, 0xa1, 0x01, 0xa2,
	0x01, 0xd9, 0x02, 0x28, 0x01, 0x02, 0x81, 0x82, 0x07, 0x58, 0x30, 0x3d,
	0x90, 0xb6, 0xbf, 0x00, 0x3d, 0xa2, 0xd9, 0x4e, 0xa5, 0x46, 0x3f, 0x97,
	0xfb, 0x3c, 0x53, 0xdd, 0xc5, 0x1c, 0xfb, 0xa1, 0xe3, 0xe3, 0x8e, 0xef,
	0x7a, 0xf0, 0x71, 0xa6, 0x79, 0x86, 0x59, 0x5d, 0x22, 0x72, 0x91, 0x31,
	0xdf, 0x9f, 0xe8, 0x0f, 0x54, 0x51, 0xee, 0xf1, 0x54, 0xf8, 0x5e, 0x01,
	0x81, 0x82, 0xa1, 0x00, 0xa2, 0x00, 0xd8, 0x6f, 0x4c, 0x60, 0x86, 0x48,
	0x01, 0x86, 0xf8, 0x4d, 0x01, 0x0f, 0x04, 0x63, 0x01, 0x01, 0x70, 0x66,
	0x77, 0x6d, 0x66, 0x67, 0x69, 0x6e, 0x63, 0x2e, 0x65, 0x78, 0x61, 0x6d,
	0x70, 0x6c, 0x65, 0x81, 0xa1, 0x01, 0xa2, 0x04, 0xd9, 0x02, 0x30, 0x48,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x48, 0xff, 0xff,
	0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
}

comid := Comid{}
err := comid.FromCBOR(in)
if err != nil {
	fmt.Printf("FAIL: %v", err)
} else {
	fmt.Println("OK")
}
Output:

OK
Example (Decode_CBOR_5)
// Taken from https://github.com/ietf-corim-cddl/blob/main/examples/comid-3.diag
in := []byte{
	0xa3, 0x01, 0xa1, 0x00, 0x78, 0x20, 0x6d, 0x79, 0x2d, 0x6e, 0x73, 0x3a,
	0x61, 0x63, 0x6d, 0x65, 0x2d, 0x72, 0x6f, 0x61, 0x64, 0x72, 0x75, 0x6e,
	0x6e, 0x65, 0x72, 0x2d, 0x73, 0x75, 0x70, 0x70, 0x6c, 0x65, 0x6d, 0x65,
	0x6e, 0x74, 0x02, 0x81, 0xa3, 0x00, 0x69, 0x41, 0x43, 0x4d, 0x45, 0x20,
	0x49, 0x6e, 0x63, 0x2e, 0x01, 0xd8, 0x20, 0x74, 0x68, 0x74, 0x74, 0x70,
	0x73, 0x3a, 0x2f, 0x2f, 0x61, 0x63, 0x6d, 0x65, 0x2e, 0x65, 0x78, 0x61,
	0x6d, 0x70, 0x6c, 0x65, 0x02, 0x83, 0x01, 0x00, 0x02, 0x04, 0xa1, 0x00,
	0x81, 0x82, 0xa1, 0x00, 0xa3, 0x00, 0xd8, 0x6f, 0x44, 0x55, 0x02, 0xc0,
	0x00, 0x01, 0x69, 0x41, 0x43, 0x4d, 0x45, 0x20, 0x49, 0x6e, 0x63, 0x2e,
	0x02, 0x78, 0x18, 0x41, 0x43, 0x4d, 0x45, 0x20, 0x52, 0x6f, 0x61, 0x64,
	0x52, 0x75, 0x6e, 0x6e, 0x65, 0x72, 0x20, 0x46, 0x69, 0x72, 0x6d, 0x77,
	0x61, 0x72, 0x65, 0x81, 0xa2, 0x00, 0x19, 0x02, 0xbc, 0x01, 0xa1, 0x02,
	0x81, 0x82, 0x06, 0x44, 0xab, 0xcd, 0xef, 0x00,
}
comid := Comid{}
err := comid.FromCBOR(in)
if err != nil {
	fmt.Printf("FAIL: %v", err)
} else {
	fmt.Println("OK")
}
Output:

OK
Example (Decode_JSON)
j := `
{
	"lang": "en-GB",
	"tag-identity": {
		"id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16",
		"version": 1
	},
	"entities": [
		{
			"name": "ACME Ltd.",
			"regid": "https://acme.example",
			"roles": [ "tagCreator" ]
		},
		{
			"name": "EMCA Ltd.",
			"regid": "https://emca.example",
			"roles": [ "maintainer", "creator" ]
		}
	],
	"linked-tags": [
		{
			"target": "6F7D8D2F-EAEC-4A15-BB46-1E4DCB85DDFF",
			"rel": "replaces"
		}
	],
	"triples": {
		"reference-values": [
			{
				"environment": {
					"class": {
						"id": {
							"type": "uuid",
							"value": "83294297-97EB-42EF-8A72-AE9FEA002750"
						},
						"vendor": "ACME",
						"model": "RoadRunner Boot ROM",
						"layer": 0,
						"index": 0
					},
					"instance": {
						"type": "ueid",
						"value": "Ad6tvu/erb7v3q2+796tvu8="
					}
				},
				"measurements": [
					{
						"value": {
							"digests": [
								"sha-256:3q2+7w=="
							]
						}
					}
				]
			},
			{
				"environment": {
					"class": {
						"id": {
							"type": "psa.impl-id",
							"value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE="
						},
						"vendor": "PSA-X",
						"model": "Turbo PRoT"
					}
				},
				"measurements": [
					{
						"key": {
							"type": "psa.refval-id",
							"value": {
								"label": "PRoT",
								"version": "1.3.5",
								"signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs="
							}
						},
						"value": {
							"digests": [
								"sha-256:3q2+7w=="
							],
							"svn": {
								"type": "exact-value",
								"value": 1
							},
							"mac-addr": "00:00:5e:00:53:01"
						}
					}
				]
			}
		],
		"endorsed-values": [
			{
				"environment": {
					"class": {
						"id": {
							"type": "oid",
							"value": "2.16.840.1.101.3.4.2.1"
						}
					},
					"instance": {
						"type": "uuid",
						"value": "9090B8D3-3B17-474C-A0B9-6F54731CAB72"
					}
				},
				"measurements": [
					{
						"value": {
							"mac-addr": "00:00:5e:00:53:01",
							"ip-addr": "2001:4860:0:2001::68",
							"serial-number": "C02X70VHJHD5",
							"ueid": "Ad6tvu/erb7v3q2+796tvu8=",
							"uuid": "9090B8D3-3B17-474C-A0B9-6F54731CAB72",
							"raw-value": {
								"type": "bytes",
								"value": "cmF3dmFsdWUKcmF3dmFsdWUK"
							},
							"raw-value-mask": "qg==",
							"op-flags": [ "notSecure" ],
							"digests": [
								"sha-256;5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXU=",
								"sha-384;S1bPoH+usqtX3pIeSpfWVRRLVGRw66qrb3HA21GN31tKX7KPsq0bSTQmRCTrHlqG"
							],
							"version": {
								"scheme": "semaver",
								"value": "1.2.3beta4"
							},
							"svn": {
								"type": "min-value",
								"value": 10
							}
						}
					}
				]
			}
		],
		"attester-verification-keys": [
			{
				"environment": {
					"group": {
						"type": "uuid",
						"value": "83294297-97EB-42EF-8A72-AE9FEA002750"
					}
				},
				"verification-keys": [
					{
						"type": "pkix-base64-key",
						"value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEW1BvqF+/ry8BWa7ZEMU1xYYHEQ8B\nlLT4MFHOaO+ICTtIvrEeEpr/sfTAP66H2hCHdb5HEXKtRKod6QLcOLPA1Q==\n-----END PUBLIC KEY-----"
					}
				]
			}
		],
		"dev-identity-keys": [
			{
				"environment": {
					"instance": {
						"type": "uuid",
						"value": "4ECCE47C-85F2-4FD9-9EC6-00DEB72DA707"
					}
				},
				"verification-keys": [
					{
						"type": "pkix-base64-key",
						"value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEW1BvqF+/ry8BWa7ZEMU1xYYHEQ8B\nlLT4MFHOaO+ICTtIvrEeEpr/sfTAP66H2hCHdb5HEXKtRKod6QLcOLPA1Q==\n-----END PUBLIC KEY-----"
					},
					{
						"type": "pkix-base64-key",
						"value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEW1BvqF+/ry8BWa7ZEMU1xYYHEQ8B\nlLT4MFHOaO+ICTtIvrEeEpr/sfTAP66H2hCHdb5HEXKtRKod6QLcOLPA1Q==\n-----END PUBLIC KEY-----"
					}
				]
			}
		]
	}
}
`
comid := Comid{}
err := comid.FromJSON([]byte(j))

if err != nil {
	fmt.Printf("FAIL: %v", err)
} else {
	fmt.Println("OK")
}
Output:

OK
Example (Encode)
comid := NewComid().
	SetLanguage("en-GB").
	SetTagIdentity("my-ns:acme-roadrunner-supplement", 0).
	AddEntity("ACME Ltd.", &TestRegID, RoleCreator, RoleTagCreator).
	AddEntity("EMCA Ltd.", nil, RoleMaintainer).
	AddLinkedTag("my-ns:acme-roadrunner-base", RelSupplements).
	AddLinkedTag("my-ns:acme-roadrunner-old", RelReplaces).
	AddReferenceValue(
		ReferenceValue{
			Environment: Environment{
				Class: NewClassOID(TestOID).
					SetVendor("ACME Ltd.").
					SetModel("RoadRunner").
					SetLayer(0).
					SetIndex(1),
				Instance: MustNewUEIDInstance(TestUEID),
				Group:    MustNewUUIDGroup(TestUUID),
			},
			Measurements: *NewMeasurements().
				AddMeasurement(
					MustNewUUIDMeasurement(TestUUID).
						SetRawValueBytes([]byte{0x01, 0x02, 0x03, 0x04}, []byte{0xff, 0xff, 0xff, 0xff}).
						SetSVN(2).
						AddDigest(swid.Sha256_32, []byte{0xab, 0xcd, 0xef, 0x00}).
						AddDigest(swid.Sha256_32, []byte{0xff, 0xff, 0xff, 0xff}).
						SetFlagsTrue(FlagIsDebug).
						SetFlagsFalse(FlagIsSecure).
						SetSerialNumber("C02X70VHJHD5").
						SetUEID(TestUEID).
						SetUUID(TestUUID).
						SetMACaddr(MACaddr(TestMACaddr)).
						SetIPaddr(TestIPaddr),
				),
		},
	).
	AddEndorsedValue(
		EndorsedValue{
			Environment: Environment{
				Class: NewClassUUID(TestUUID).
					SetVendor("ACME Ltd.").
					SetModel("RoadRunner").
					SetLayer(0).
					SetIndex(1),
				Instance: MustNewUEIDInstance(TestUEID),
				Group:    MustNewUUIDGroup(TestUUID),
			},
			Measurements: *NewMeasurements().
				AddMeasurement(
					MustNewUUIDMeasurement(TestUUID).
						SetRawValueBytes([]byte{0x01, 0x02, 0x03, 0x04}, []byte{0xff, 0xff, 0xff, 0xff}).
						SetMinSVN(2).
						AddDigest(swid.Sha256_32, []byte{0xab, 0xcd, 0xef, 0x00}).
						AddDigest(swid.Sha256_32, []byte{0xff, 0xff, 0xff, 0xff}).
						SetFlagsTrue(FlagIsDebug).
						SetFlagsFalse(FlagIsSecure, FlagIsConfigured).
						SetSerialNumber("C02X70VHJHD5").
						SetUEID(TestUEID).
						SetUUID(TestUUID).
						SetMACaddr(MACaddr(TestMACaddr)).
						SetIPaddr(TestIPaddr),
				),
		},
	).
	AddAttestVerifKey(
		AttestVerifKey{
			Environment: Environment{
				Instance: MustNewUUIDInstance(uuid.UUID(TestUUID)),
			},
			VerifKeys: *NewCryptoKeys().
				Add(
					MustNewPKIXBase64Key(TestECPubKey),
				),
		},
	).AddDevIdentityKey(
	DevIdentityKey{
		Environment: Environment{
			Instance: MustNewUEIDInstance(TestUEID),
		},
		VerifKeys: *NewCryptoKeys().
			Add(
				MustNewPKIXBase64Key(TestECPubKey),
			),
	},
)

cbor, err := comid.ToCBOR()
if err == nil {
	fmt.Printf("%x\n", cbor)
}

json, err := comid.ToJSON()
if err == nil {
	fmt.Printf("%s\n", string(json))
}
Output:

a50065656e2d474201a10078206d792d6e733a61636d652d726f616472756e6e65722d737570706c656d656e740282a3006941434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d706c6502820100a20069454d4341204c74642e0281020382a200781a6d792d6e733a61636d652d726f616472756e6e65722d626173650100a20078196d792d6e733a61636d652d726f616472756e6e65722d6f6c64010104a4008182a300a500d86f445502c000016941434d45204c74642e026a526f616452756e6e65720300040101d902264702deadbeefdead02d8255031fb5abf023e4992aa4e95f9c1503bfa81a200d8255031fb5abf023e4992aa4e95f9c1503bfa01aa01d90228020282820644abcdef00820644ffffffff03a201f403f504d9023044010203040544ffffffff064802005e1000000001075020010db8000000000000000000000068086c43303258373056484a484435094702deadbeefdead0a5031fb5abf023e4992aa4e95f9c1503bfa018182a300a500d8255031fb5abf023e4992aa4e95f9c1503bfa016941434d45204c74642e026a526f616452756e6e65720300040101d902264702deadbeefdead02d8255031fb5abf023e4992aa4e95f9c1503bfa81a200d8255031fb5abf023e4992aa4e95f9c1503bfa01aa01d90229020282820644abcdef00820644ffffffff03a300f401f403f504d9023044010203040544ffffffff064802005e1000000001075020010db8000000000000000000000068086c43303258373056484a484435094702deadbeefdead0a5031fb5abf023e4992aa4e95f9c1503bfa028182a101d8255031fb5abf023e4992aa4e95f9c1503bfa81d9022a78b12d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d466b77457759484b6f5a497a6a3043415159494b6f5a497a6a304441516344516741455731427671462b2f727938425761375a454d553178595948455138420a6c4c54344d46484f614f2b4943547449767245654570722f7366544150363648326843486462354845584b74524b6f6436514c634f4c504131513d3d0a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d038182a101d902264702deadbeefdead81d9022a78b12d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d466b77457759484b6f5a497a6a3043415159494b6f5a497a6a304441516344516741455731427671462b2f727938425761375a454d553178595948455138420a6c4c54344d46484f614f2b4943547449767245654570722f7366544150363648326843486462354845584b74524b6f6436514c634f4c504131513d3d0a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d
{"lang":"en-GB","tag-identity":{"id":"my-ns:acme-roadrunner-supplement"},"entities":[{"name":"ACME Ltd.","regid":"https://acme.example","roles":["creator","tagCreator"]},{"name":"EMCA Ltd.","roles":["maintainer"]}],"linked-tags":[{"target":"my-ns:acme-roadrunner-base","rel":"supplements"},{"target":"my-ns:acme-roadrunner-old","rel":"replaces"}],"triples":{"reference-values":[{"environment":{"class":{"id":{"type":"oid","value":"2.5.2.8192"},"vendor":"ACME Ltd.","model":"RoadRunner","layer":0,"index":1},"instance":{"type":"ueid","value":"At6tvu/erQ=="},"group":{"type":"uuid","value":"31fb5abf-023e-4992-aa4e-95f9c1503bfa"}},"measurements":[{"key":{"type":"uuid","value":"31fb5abf-023e-4992-aa4e-95f9c1503bfa"},"value":{"svn":{"type":"exact-value","value":2},"digests":["sha-256-32;q83vAA==","sha-256-32;/////w=="],"flags":{"is-secure":false,"is-debug":true},"raw-value":{"type":"bytes","value":"AQIDBA=="},"raw-value-mask":"/////w==","mac-addr":"02:00:5e:10:00:00:00:01","ip-addr":"2001:db8::68","serial-number":"C02X70VHJHD5","ueid":"At6tvu/erQ==","uuid":"31fb5abf-023e-4992-aa4e-95f9c1503bfa"}}]}],"endorsed-values":[{"environment":{"class":{"id":{"type":"uuid","value":"31fb5abf-023e-4992-aa4e-95f9c1503bfa"},"vendor":"ACME Ltd.","model":"RoadRunner","layer":0,"index":1},"instance":{"type":"ueid","value":"At6tvu/erQ=="},"group":{"type":"uuid","value":"31fb5abf-023e-4992-aa4e-95f9c1503bfa"}},"measurements":[{"key":{"type":"uuid","value":"31fb5abf-023e-4992-aa4e-95f9c1503bfa"},"value":{"svn":{"type":"min-value","value":2},"digests":["sha-256-32;q83vAA==","sha-256-32;/////w=="],"flags":{"is-configured":false,"is-secure":false,"is-debug":true},"raw-value":{"type":"bytes","value":"AQIDBA=="},"raw-value-mask":"/////w==","mac-addr":"02:00:5e:10:00:00:00:01","ip-addr":"2001:db8::68","serial-number":"C02X70VHJHD5","ueid":"At6tvu/erQ==","uuid":"31fb5abf-023e-4992-aa4e-95f9c1503bfa"}}]}],"attester-verification-keys":[{"environment":{"instance":{"type":"uuid","value":"31fb5abf-023e-4992-aa4e-95f9c1503bfa"}},"verification-keys":[{"type":"pkix-base64-key","value":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEW1BvqF+/ry8BWa7ZEMU1xYYHEQ8B\nlLT4MFHOaO+ICTtIvrEeEpr/sfTAP66H2hCHdb5HEXKtRKod6QLcOLPA1Q==\n-----END PUBLIC KEY-----"}]}],"dev-identity-keys":[{"environment":{"instance":{"type":"ueid","value":"At6tvu/erQ=="}},"verification-keys":[{"type":"pkix-base64-key","value":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEW1BvqF+/ry8BWa7ZEMU1xYYHEQ8B\nlLT4MFHOaO+ICTtIvrEeEpr/sfTAP66H2hCHdb5HEXKtRKod6QLcOLPA1Q==\n-----END PUBLIC KEY-----"}]}]}}
Example (Encode_PSA)
comid := NewComid().
	SetTagIdentity("my-ns:acme-roadrunner-supplement", 0).
	AddEntity("ACME Ltd.", &TestRegID, RoleCreator, RoleTagCreator, RoleMaintainer).
	AddReferenceValue(
		ReferenceValue{
			Environment: Environment{
				Class: NewClassImplID(TestImplID).
					SetVendor("ACME Ltd.").
					SetModel("RoadRunner 2.0"),
			},
			Measurements: *NewMeasurements().
				AddMeasurement(
					MustNewPSAMeasurement(
						MustCreatePSARefValID(
							TestSignerID, "BL", "5.0.5",
						)).AddDigest(swid.Sha256_32, []byte{0xab, 0xcd, 0xef, 0x00}),
				).
				AddMeasurement(
					MustNewPSAMeasurement(
						MustCreatePSARefValID(
							TestSignerID, "PRoT", "1.3.5",
						)).AddDigest(swid.Sha256_32, []byte{0xab, 0xcd, 0xef, 0x00}),
				),
		},
	).
	AddAttestVerifKey(
		AttestVerifKey{
			Environment: Environment{
				Instance: MustNewUEIDInstance(TestUEID),
			},
			VerifKeys: *NewCryptoKeys().
				Add(
					MustNewPKIXBase64Key(TestECPubKey),
				),
		},
	)

cbor, err := comid.ToCBOR()
if err == nil {
	fmt.Printf("%x\n", cbor)
}

json, err := comid.ToJSON()
if err == nil {
	fmt.Printf("%s\n", string(json))
}
Output:

a301a10078206d792d6e733a61636d652d726f616472756e6e65722d737570706c656d656e740281a3006941434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d706c65028301000204a2008182a100a300d90258582061636d652d696d706c656d656e746174696f6e2d69642d303030303030303031016941434d45204c74642e026e526f616452756e6e657220322e3082a200d90259a30162424c0465352e302e35055820acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd9e7871f7e5d8bae86b01a10281820644abcdef00a200d90259a3016450526f540465312e332e35055820acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd9e7871f7e5d8bae86b01a10281820644abcdef00028182a101d902264702deadbeefdead81d9022a78b12d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d466b77457759484b6f5a497a6a3043415159494b6f5a497a6a304441516344516741455731427671462b2f727938425761375a454d553178595948455138420a6c4c54344d46484f614f2b4943547449767245654570722f7366544150363648326843486462354845584b74524b6f6436514c634f4c504131513d3d0a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d
{"tag-identity":{"id":"my-ns:acme-roadrunner-supplement"},"entities":[{"name":"ACME Ltd.","regid":"https://acme.example","roles":["creator","tagCreator","maintainer"]}],"triples":{"reference-values":[{"environment":{"class":{"id":{"type":"psa.impl-id","value":"YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE="},"vendor":"ACME Ltd.","model":"RoadRunner 2.0"}},"measurements":[{"key":{"type":"psa.refval-id","value":{"label":"BL","version":"5.0.5","signer-id":"rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs="}},"value":{"digests":["sha-256-32;q83vAA=="]}},{"key":{"type":"psa.refval-id","value":{"label":"PRoT","version":"1.3.5","signer-id":"rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs="}},"value":{"digests":["sha-256-32;q83vAA=="]}}]}],"attester-verification-keys":[{"environment":{"instance":{"type":"ueid","value":"At6tvu/erQ=="}},"verification-keys":[{"type":"pkix-base64-key","value":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEW1BvqF+/ry8BWa7ZEMU1xYYHEQ8B\nlLT4MFHOaO+ICTtIvrEeEpr/sfTAP66H2hCHdb5HEXKtRKod6QLcOLPA1Q==\n-----END PUBLIC KEY-----"}]}]}}
Example (Encode_PSA_attestation_verification)
comid := NewComid().
	SetTagIdentity("my-ns:acme-roadrunner-supplement", 0).
	AddEntity("ACME Ltd.", &TestRegID, RoleCreator, RoleTagCreator, RoleMaintainer).
	AddAttestVerifKey(
		AttestVerifKey{
			Environment: Environment{
				Instance: MustNewUEIDInstance(TestUEID),
			},
			VerifKeys: *NewCryptoKeys().
				Add(
					MustNewPKIXBase64Key(TestECPubKey),
				),
		},
	)

cbor, err := comid.ToCBOR()
if err == nil {
	fmt.Printf("%x\n", cbor)
}

json, err := comid.ToJSON()
if err == nil {
	fmt.Printf("%s", string(json))
}
Output:

a301a10078206d792d6e733a61636d652d726f616472756e6e65722d737570706c656d656e740281a3006941434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d706c65028301000204a1028182a101d902264702deadbeefdead81d9022a78b12d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d466b77457759484b6f5a497a6a3043415159494b6f5a497a6a304441516344516741455731427671462b2f727938425761375a454d553178595948455138420a6c4c54344d46484f614f2b4943547449767245654570722f7366544150363648326843486462354845584b74524b6f6436514c634f4c504131513d3d0a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d
{"tag-identity":{"id":"my-ns:acme-roadrunner-supplement"},"entities":[{"name":"ACME Ltd.","regid":"https://acme.example","roles":["creator","tagCreator","maintainer"]}],"triples":{"attester-verification-keys":[{"environment":{"instance":{"type":"ueid","value":"At6tvu/erQ=="}},"verification-keys":[{"type":"pkix-base64-key","value":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEW1BvqF+/ry8BWa7ZEMU1xYYHEQ8B\nlLT4MFHOaO+ICTtIvrEeEpr/sfTAP66H2hCHdb5HEXKtRKod6QLcOLPA1Q==\n-----END PUBLIC KEY-----"}]}]}}
Example (Psa_keys)
package main

import "fmt"

func main() {
	comid := Comid{}

	if err := comid.FromJSON([]byte(PSAKeysJSONTemplate)); err != nil {
		panic(err)
	}

	if err := comid.Valid(); err != nil {
		panic(err)
	}

	if err := extractKeys(&comid); err != nil {
		panic(err)
	}

}

func extractKeys(c *Comid) error {
	if c.Triples.AttestVerifKeys == nil {
		return fmt.Errorf("no reference values triples")
	}

	for i, k := range *c.Triples.AttestVerifKeys {
		if err := extractPSAKey(k); err != nil {
			return fmt.Errorf("bad PSA verification key value at index %d: %w", i, err)
		}
	}

	return nil
}

func extractPSAKey(k AttestVerifKey) error {
	class := k.Environment.Class

	if err := extractImplementationID(class); err != nil {
		return fmt.Errorf("extracting impl-id: %w", err)
	}

	instance := k.Environment.Instance

	if err := extractInstanceID(instance); err != nil {
		return fmt.Errorf("extracting inst-id: %w", err)
	}

	if len(k.VerifKeys) != 1 {
		return fmt.Errorf("more than one key")
	}

	fmt.Printf("IAK public key: %x\n", k.VerifKeys[0])

	return nil
}

func extractInstanceID(i *Instance) error {
	if i == nil {
		return fmt.Errorf("no instance")
	}

	fmt.Printf("InstanceID: %x\n", i.Bytes())

	return nil
}
Output:

ImplementationID: 61636d652d696d706c656d656e746174696f6e2d69642d303030303030303031
InstanceID: 01ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
IAK public key: 2d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d466b77457759484b6f5a497a6a3043415159494b6f5a497a6a304441516344516741455731427671462b2f727938425761375a454d553178595948455138420a6c4c54344d46484f614f2b4943547449767245654570722f7366544150363648326843486462354845584b74524b6f6436514c634f4c504131513d3d0a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d
ImplementationID: 61636d652d696d706c656d656e746174696f6e2d69642d303030303030303031
InstanceID: 014ca3e4f50bf248c39787020d68ffd05c88767751bf2645ca923f57a98becd296
IAK public key: 2d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d466b77457759484b6f5a497a6a3043415159494b6f5a497a6a304441516344516741455731427671462b2f727938425761375a454d553178595948455138420a6c4c54344d46484f614f2b4943547449767245654570722f7366544150363648326843486462354845584b74524b6f6436514c634f4c504131513d3d0a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d
Example (Psa_refval)
package main

import "fmt"

func main() {
	comid := Comid{}

	if err := comid.FromJSON([]byte(PSARefValJSONTemplate)); err != nil {
		panic(err)
	}

	if err := comid.Valid(); err != nil {
		panic(err)
	}

	if err := extractRefVals(&comid); err != nil {
		panic(err)
	}

}

func extractRefVals(c *Comid) error {
	if c.Triples.ReferenceValues == nil {
		return fmt.Errorf("no reference values triples")
	}

	for i, rv := range *c.Triples.ReferenceValues {
		if err := extractPSARefVal(rv); err != nil {
			return fmt.Errorf("bad PSA reference value at index %d: %w", i, err)
		}
	}

	return nil
}

func extractPSARefVal(rv ReferenceValue) error {
	class := rv.Environment.Class

	if err := extractImplementationID(class); err != nil {
		return fmt.Errorf("extracting impl-id: %w", err)
	}

	measurements := rv.Measurements

	if err := extractSwMeasurements(measurements); err != nil {
		return fmt.Errorf("extracting measurements: %w", err)
	}

	return nil
}

func extractSwMeasurements(m Measurements) error {
	if len(m) == 0 {
		return fmt.Errorf("no measurements")
	}

	for i, m := range m {
		if err := extractSwMeasurement(m); err != nil {
			return fmt.Errorf("extracting measurement at index %d: %w", i, err)
		}
	}

	return nil
}

func extractSwMeasurement(m Measurement) error {
	if err := extractPSARefValID(m.Key); err != nil {
		return fmt.Errorf("extracting PSA refval id: %w", err)
	}

	if err := extractDigest(m.Val.Digests); err != nil {
		return fmt.Errorf("extracting digest: %w", err)
	}

	return nil
}

func extractDigest(d *Digests) error {
	if d == nil {
		return fmt.Errorf("no digest")
	}

	if len(*d) != 1 {
		return fmt.Errorf("more than one digest")
	}

	fmt.Printf("Digest: %x\n", (*d)[0].HashValue)

	return nil
}

func extractPSARefValID(k *Mkey) error {
	if k == nil {
		return fmt.Errorf("no measurement key")
	}

	id, ok := k.Value.(*TaggedPSARefValID)

	if !ok {
		return fmt.Errorf("expected PSA refval id, found: %T", k.Value)
	}

	fmt.Printf("SignerID: %x\n", id.SignerID)

	if id.Label != nil {
		fmt.Printf("Label: %s\n", *id.Label)
	}

	if id.Version != nil {
		fmt.Printf("Version: %s\n", *id.Version)
	}

	// ignore alg-id

	return nil
}

func extractImplementationID(c *Class) error {
	if c == nil {
		return fmt.Errorf("no class")
	}

	classID := c.ClassID

	if classID == nil {
		return fmt.Errorf("no class-id")
	}

	if classID.Type() != ImplIDType {
		return fmt.Errorf("class id is not a psa.impl-id")
	}

	fmt.Printf("ImplementationID: %x\n", classID.Bytes())

	return nil
}
Output:

ImplementationID: 61636d652d696d706c656d656e746174696f6e2d69642d303030303030303031
SignerID: acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd9e7871f7e5d8bae86b
Label: BL
Version: 2.1.0
Digest: 87428fc522803d31065e7bce3cf03fe475096631e5e07bbd7a0fde60c4cf25c7
SignerID: acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd9e7871f7e5d8bae86b
Label: PRoT
Version: 1.3.5
Digest: 0263829989b6fd954f72baaf2fc64bc2e2f01d692d4de72986ea808f6e99813f
SignerID: acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd9e7871f7e5d8bae86b
Label: ARoT
Version: 0.1.4
Digest: a3a5e715f0cc574a73c3f9bebb6bc24f32ffd5b67b387244c2c909da779a1478

Index

Examples

Constants

View Source
const (
	// PKIXBase64KeyType indicates a PEM-encoded SubjectPublicKeyInfo. See
	// https://www.rfc-editor.org/rfc/rfc7468#section-13
	PKIXBase64KeyType = "pkix-base64-key"
	// PKIXBase64CertType indicates a PEM-encoded X.509 public key
	// certificate. See https://www.rfc-editor.org/rfc/rfc7468#section-5
	PKIXBase64CertType = "pkix-base64-cert"
	// PKIXBase64CertPathType indicates a X.509 certificate chain created
	// by the concatenation of as many PEM encoded X.509 certificates as
	// needed. The certificates MUST be concatenated in order so that each
	// directly certifies the one preceding.
	PKIXBase64CertPathType = "pkix-base64-cert-path"
	// COSEKeyType represents a CBOR encoded COSE_Key or COSE_KeySet. See
	// https://www.rfc-editor.org/rfc/rfc9052#section-7
	COSEKeyType = "cose-key"
	// ThumbprintType represents a digest of a raw public key. The digest
	// value may be used to find the public key if contained in a lookup
	// table.
	ThumbprintType = "thumbprint"
	// CertThumbprintType represents a digest of a certificate. The digest
	// value may be used to find the certificate if contained in a lookup
	// table.
	CertThumbprintType = "cert-thumbprint"
	// CertPathThumbprintType represents a digest of a certification path.
	// The digest value may be used to find the certificate path if
	// contained in a lookup table.
	CertPathThumbprintType = "cert-path-thumbprint"
	// CertAmdArkAskType represents the Certificate format used by AMD for either
	// AMD Root Key (ARK) or AMD Signing Key (ASK)
	CertAmdArkAskType = "cert-amd-ark-ask"
)
View Source
const (
	// MaxASN1OIDLen is the maximum OID length accepted by the implementation
	MaxASN1OIDLen = 255
	// MinNumOIDArcs represents the minimum required arcs for a valid OID
	MinNumOIDArcs = 3
)
View Source
const (
	ExactValueType = "exact-value"
	MinValueType   = "min-value"
)
View Source
const BytesType = "bytes"
View Source
const ImplIDType = "psa.impl-id"
View Source
const IntType = "int"
View Source
const MaxUint64 = ^uint64(0)
View Source
const OIDType = "oid"
View Source
const TextType = "text"
View Source
const UEIDType = "ueid"
View Source
const UUIDType = "uuid"
View Source
const UintType = "uint"

Variables

View Source
var (
	TestUUIDString = "31fb5abf-023e-4992-aa4e-95f9c1503bfa"
	TestUUID       = UUID(uuid.Must(uuid.Parse(TestUUIDString)))
	TestImplID     = ImplID([32]byte{
		0x61, 0x63, 0x6d, 0x65, 0x2d, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x6d, 0x65,
		0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2d, 0x69, 0x64, 0x2d, 0x30,
		0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x31,
	})
	TestOID               = "2.5.2.8192"
	TestRegID             = "https://acme.example"
	TestMACaddr, _        = net.ParseMAC("02:00:5e:10:00:00:00:01")
	TestIPaddr            = net.ParseIP("2001:db8::68")
	TestBytes             = []byte{0x89, 0x99, 0x78, 0x65, 0x56}
	TestUEIDString        = "02deadbeefdead"
	TestUEID              = eat.UEID(MustHexDecode(nil, TestUEIDString))
	TestSignerID          = MustHexDecode(nil, "acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd9e7871f7e5d8bae86b")
	TestTagID             = "urn:example:veraison"
	TestMKey       uint64 = 700
	TestCCALabel          = "cca-platform-config"

	TestECPrivKey = `` /* 226-byte string literal not displayed */

	TestECPubKey = `` /* 177-byte string literal not displayed */

	TestCert = `` /* 712-byte string literal not displayed */

	TestCertPath = `` /* 6439-byte string literal not displayed */

	TestCOSEKey = MustHexDecode(nil, `a501020258246d65726961646f632e6272616e64796275636b406275636b6c616e642e6578616d706c65200121582065eda5a12577c2bae829437fe338701a10aaa375e1bb5b5de108de439c08551d2258201e52ed75701163f7f9e40ddf9f341b3dc9ba860af7e0ca7ca7e9eecd0084d19c`)

	TestCOSEKeySetOne = MustHexDecode(nil, `81a501020258246d65726961646f632e6272616e64796275636b406275636b6c616e642e6578616d706c65200121582065eda5a12577c2bae829437fe338701a10aaa375e1bb5b5de108de439c08551d2258201e52ed75701163f7f9e40ddf9f341b3dc9ba860af7e0ca7ca7e9eecd0084d19c`)

	TestCOSEKeySetMulti = MustHexDecode(nil, `82a501020258246d65726961646f632e6272616e64796275636b406275636b6c616e642e6578616d706c65200121582065eda5a12577c2bae829437fe338701a10aaa375e1bb5b5de108de439c08551d2258201e52ed75701163f7f9e40ddf9f341b3dc9ba860af7e0ca7ca7e9eecd0084d19ca601010327048202647369676e0543030201200621582015522ef15729ccf39509ea5c15a26be949e38807a5c26ef9281487ef4ae67b46`)

	TestThumbprint = swid.HashEntry{
		HashAlgID: 1,
		HashValue: MustHexDecode(nil, `68e656b251e67e8358bef8483ab0d51c6619f3e7a1a9f0e75838d41ff368f728`),
	}
)
View Source
var (
	PSARefValJSONTemplate = `` /* 1556-byte string literal not displayed */

	PSAKeysJSONTemplate = `` /* 1541-byte string literal not displayed */

	CCARefValJSONTemplate = `` /* 1806-byte string literal not displayed */

	CCARealmRefValJSONTemplate = `` /* 1566-byte string literal not displayed */

)
View Source
var CCAPlatformConfigIDType = "cca.platform-config-id"
View Source
var False = false
View Source
var PSARefValIDType = "psa.refval-id"
View Source
var True = true

Functions

func IsAbsoluteURI

func IsAbsoluteURI(s string) error

func MustHexDecode

func MustHexDecode(t *testing.T, s string) []byte

func NewHashEntry

func NewHashEntry(algID uint64, value []byte) *swid.HashEntry

func RegisterClassIDType

func RegisterClassIDType(tag uint64, factory IClassIDFactory) error

RegisterClassIDType registers a new IClassIDValue implementation (created by the provided IClassIDFactory) under the specified CBOR tag.

func RegisterCryptoKeyType

func RegisterCryptoKeyType(tag uint64, factory ICryptoKeyFactory) error

RegisterCryptoKeyType registers a new ICryptoKeyValue implementation (created by the provided ICryptoKeyFactory) under the specified type name and CBOR tag.

func RegisterEntityNameType

func RegisterEntityNameType(tag uint64, factory IEntityNameFactory) error

RegisterEntityNameType registers a new IEntityNameValue implementation (created by the provided IEntityNameFactory) under the specified type name and CBOR tag.

func RegisterGroupType

func RegisterGroupType(tag uint64, factory IGroupFactory) error

RegisterGroupType registers a new IGroupValue implementation (created by the provided IGroupFactory) under the specified type name and CBOR tag.

func RegisterInstanceType

func RegisterInstanceType(tag uint64, factory IInstanceFactory) error

RegisterInstanceType registers a new IInstanceValue implementation (created by the provided IInstanceFactory) under the specified CBOR tag.

func RegisterMkeyType

func RegisterMkeyType(tag uint64, factory IMkeyFactory) error

RegisterMkeyType registers a new IMKeyValue implementation (created by the provided IMKeyFactory) under the specified CBOR tag.

func RegisterRel

func RegisterRel(val int64, name string) error

RegisterRel creates a new Rel association between the provided value and name. An error is returned if either clashes with any of the existing roles.

func RegisterRole

func RegisterRole(val int64, name string) error

RegisterRole creates a new Role association between the provided value and name. An error is returned if either clashes with any of the existing roles.

func RegisterSVNType

func RegisterSVNType(tag uint64, factory ISVNFactory) error

RegisterSVNType registers a new ISVNValue implementation (created by the provided ISVNFactory) under the specified CBOR tag.

Types

type AttestVerifKey

type AttestVerifKey struct {
	Environment Environment `json:"environment"`
	VerifKeys   CryptoKeys  `json:"verification-keys"`
	// contains filtered or unexported fields
}

AttestVerifKey stores an attest-key-triple-record with CBOR and JSON serializations. Note that the CBOR serialization packs the structure into an array. Instead, when serializing to JSON, the structure is converted into an object.

func (AttestVerifKey) Valid

func (o AttestVerifKey) Valid() error

type CCAPlatformConfigID

type CCAPlatformConfigID string

func (CCAPlatformConfigID) Empty

func (o CCAPlatformConfigID) Empty() bool

func (CCAPlatformConfigID) Get

func (*CCAPlatformConfigID) Set

func (o *CCAPlatformConfigID) Set(v string) error

type Class

type Class struct {
	ClassID *ClassID `cbor:"0,keyasint,omitempty" json:"id,omitempty"`
	Vendor  *string  `cbor:"1,keyasint,omitempty" json:"vendor,omitempty"`
	Model   *string  `cbor:"2,keyasint,omitempty" json:"model,omitempty"`
	Layer   *uint64  `cbor:"3,keyasint,omitempty" json:"layer,omitempty"`
	Index   *uint64  `cbor:"4,keyasint,omitempty" json:"index,omitempty"`
}

Class represents the class of the (target / attesting) environment. The only required field is the class unique identifier (see ClassID). Optionally, information about the specific brand & product as well as its topological coordinates within the wider device can be recorded.

func NewClassImplID

func NewClassImplID(implID ImplID) *Class

NewClassImplID instantiates a new Class object that identifies the specified PSA Implementation ID

func NewClassOID

func NewClassOID(oid string) *Class

NewClassOID instantiates a new Class object that identifies the OID

func NewClassUUID

func NewClassUUID(uuid UUID) *Class

NewClassUUID instantiates a new Class object with the specified UUID as identifier

func (*Class) FromCBOR

func (o *Class) FromCBOR(data []byte) error

FromCBOR deserializes the supplied CBOR data into the target Class

func (*Class) FromJSON

func (o *Class) FromJSON(data []byte) error

FromJSON deserializes the supplied JSON string into the target Class

func (Class) GetIndex

func (o Class) GetIndex() uint64

GetIndex returns the index number if it set in the target Class. Otherwise, uint64_max is returned.

func (Class) GetLayer

func (o Class) GetLayer() uint64

GetLayer returns the layer number if it set in the target Class. Otherwise, uint64_max is returned.

func (Class) GetModel

func (o Class) GetModel() string

GetModel returns the model string if it set in the target Class. Otherwise, an empty string is returned.

func (Class) GetVendor

func (o Class) GetVendor() string

GetVendor returns the vendor string if it set in the target Class. Otherwise, an empty string is returned.

func (*Class) SetIndex

func (o *Class) SetIndex(index uint64) *Class

SetIndex sets the "index" (i.e., the identifier of the environment instance in a specific layer) as indicated

func (*Class) SetLayer

func (o *Class) SetLayer(layer uint64) *Class

SetLayer sets the "layer" (i.e., the logical/topological location of the environment in the device) as indicated

func (*Class) SetModel

func (o *Class) SetModel(model string) *Class

SetModel sets the model metadata to the supplied string

func (*Class) SetVendor

func (o *Class) SetVendor(vendor string) *Class

SetVendor sets the vendor metadata to the supplied string

func (Class) ToCBOR

func (o Class) ToCBOR() ([]byte, error)

ToCBOR serializes the target Class to CBOR (if the Class is "valid")

func (Class) ToJSON

func (o Class) ToJSON() ([]byte, error)

ToJSON serializes the target Class to JSON (if the Class is "valid")

func (Class) Valid

func (o Class) Valid() error

Valid checks the non-empty<> constraint on the map

type ClassID

type ClassID struct {
	Value IClassIDValue
}

ClassID identifies the environment via a well-known identifier. This can be an OID, a UUID, variable-length opaque bytes or a profile-defined extension type.

func MustNewImplIDClassID

func MustNewImplIDClassID(val any) *ClassID

func MustNewOIDClassID

func MustNewOIDClassID(val any) *ClassID

func MustNewUUIDClassID

func MustNewUUIDClassID(val any) *ClassID

func NewBytesClassID

func NewBytesClassID(val any) (*ClassID, error)

NewBytesClassID creates a New ClassID of type bytes The supplied interface parameter could be a byte slice, a pointer to a byte slice or a string

func NewClassID

func NewClassID(val any, typ string) (*ClassID, error)

NewClassID creates a new ClassID of the specified type using the specified value.

func NewImplIDClassID

func NewImplIDClassID(val any) (*ClassID, error)

func NewIntClassID

func NewIntClassID(val any) (*ClassID, error)

func NewOIDClassID

func NewOIDClassID(val any) (*ClassID, error)

func NewUUIDClassID

func NewUUIDClassID(val any) (*ClassID, error)

func (ClassID) Bytes

func (o ClassID) Bytes() []byte

Bytes returns a []byte containing the raw bytes of the class id value

func (ClassID) GetImplID added in v1.3.0

func (o ClassID) GetImplID() (ImplID, error)

GetImplID retrieves the value of the PSA Implementation ID (see Section 3.2.2 of draft-tschofenig-rats-psa-token) from ClassID

func (ClassID) IsSet

func (o ClassID) IsSet() bool

IsSet returns true iff the underlying class id value has been set (is not nil)

func (ClassID) MarshalCBOR

func (o ClassID) MarshalCBOR() ([]byte, error)

MarshalCBOR serializes the target ClassID to CBOR

func (ClassID) MarshalJSON

func (o ClassID) MarshalJSON() ([]byte, error)

MarshalJSON serializes the target ClassID to JSON

func (*ClassID) SetImplID added in v1.3.0

func (o *ClassID) SetImplID(implID ImplID) *ClassID

SetImplID sets the value of the target ClassID to the supplied PSA Implementation ID (see Section 3.2.2 of draft-tschofenig-rats-psa-token)

func (*ClassID) SetOID added in v1.3.0

func (o *ClassID) SetOID(s string) *ClassID

SetOID sets the value of the targed ClassID to the supplied OID. The OID is a string in dotted-decimal notation

func (*ClassID) SetUUID added in v1.3.0

func (o *ClassID) SetUUID(uuid UUID) *ClassID

SetUUID sets the value of the target ClassID to the supplied UUID

func (ClassID) String

func (o ClassID) String() string

String returns a printable string of the ClassID value. UUIDs use the canonical 8-4-4-4-12 format, PSA Implementation IDs are base64 encoded. OIDs are output in dotted-decimal notation.

func (ClassID) Type

func (o ClassID) Type() string

Type returns the type of the ClassID

func (*ClassID) UnmarshalCBOR

func (o *ClassID) UnmarshalCBOR(data []byte) error

UnmarshalCBOR deserializes the supplied CBOR buffer into the target ClassID. It is undefined behavior to try and inspect the target ClassID in case this method returns an error.

func (*ClassID) UnmarshalJSON

func (o *ClassID) UnmarshalJSON(data []byte) error

UnmarshalJSON deserializes the supplied JSON object into the target ClassID The class id object must have the following shape:

{
  "type": "<CLASS_ID_TYPE>",
  "value": <CLASS_ID_VALUE>
}

where <CLASS_ID_TYPE> must be one of the known IClassIDValue implementation type names (available in this implementation: "uuid", "oid", "psa.impl-id", "int", "bytes"), and <CLASS_ID_VALUE> is the JSON encoding of the underlying class id value. The exact encoding is <CLASS_ID_TYPE> dependent. For the base implementation types it is

	oid: dot-separated integers, e.g. "1.2.3.4"
	psa.impl-id: base64-encoded bytes, e.g. "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE="
	uuid: standard UUID string representation, e.g. "550e8400-e29b-41d4-a716-446655440000"
	int: an integer value, e.g. 7
 bytes: a variable length opaque bytes, example {0x07, 0x12, 0x34}

func (ClassID) Valid

func (o ClassID) Valid() error

Valid returns nil if the ClassID is valid, or an error describing the problem, if it is not.

type Comid

type Comid struct {
	Language    *string     `cbor:"0,keyasint,omitempty" json:"lang,omitempty"`
	TagIdentity TagIdentity `cbor:"1,keyasint" json:"tag-identity"`
	Entities    *Entities   `cbor:"2,keyasint,omitempty" json:"entities,omitempty"`
	LinkedTags  *LinkedTags `cbor:"3,keyasint,omitempty" json:"linked-tags,omitempty"`
	Triples     Triples     `cbor:"4,keyasint" json:"triples"`

	Extensions
}

Comid is the top-level representation of a Concise Module IDentifier with CBOR and JSON serialization.

func NewComid

func NewComid() *Comid

NewComid instantiates an empty Comid

func (*Comid) AddAttestVerifKey

func (o *Comid) AddAttestVerifKey(val AttestVerifKey) *Comid

AddAttestVerifKey adds the supplied endorsed value to the attest-key-triples list of the target Comid.

func (*Comid) AddDevIdentityKey

func (o *Comid) AddDevIdentityKey(val DevIdentityKey) *Comid

AddDevIdentityKey adds the supplied identity key to the identity-triples list of the target Comid.

func (*Comid) AddEndorsedValue

func (o *Comid) AddEndorsedValue(val EndorsedValue) *Comid

AddEndorsedValue adds the supplied endorsed value to the endorsed-triples list of the target Comid.

func (*Comid) AddEntity

func (o *Comid) AddEntity(name string, regID *string, roles ...Role) *Comid

AddEntity adds an organizational entity, together with the roles this entity claims with regards to the CoMID, to the target Comid. name is the entity name, regID is a URI that uniquely identifies the entity, and roles are one or more claimed roles chosen from the following: RoleTagCreator, RoleCreator and RoleMaintainer.

func (*Comid) AddLinkedTag

func (o *Comid) AddLinkedTag(tagID interface{}, rel Rel) *Comid

AddLinkedTag adds a link relationship of type rel between the target Comid and another CoMID identified by its tagID. The rel parameter can be one of RelSupplements or RelReplaces.

func (*Comid) AddReferenceValue

func (o *Comid) AddReferenceValue(val ReferenceValue) *Comid

AddReferenceValue adds the supplied reference value to the reference-triples list of the target Comid.

func (*Comid) FromCBOR

func (o *Comid) FromCBOR(data []byte) error

FromCBOR deserializes a CBOR-encoded CoMID into the target Comid

func (*Comid) FromJSON

func (o *Comid) FromJSON(data []byte) error

FromJSON deserializes a JSON-encoded CoMID into the target Comid

func (*Comid) GetExtensions

func (o *Comid) GetExtensions() extensions.IExtensionsValue

GetExtensions returns pervisouosly registered extension

func (*Comid) RegisterExtensions

func (o *Comid) RegisterExtensions(exts extensions.IExtensionsValue)

RegisterExtensions registers a struct as a collections of extensions

func (*Comid) SetLanguage

func (o *Comid) SetLanguage(language string) *Comid

SetLanguage sets the language used in the target Comid to the supplied language tag. See also: BCP 47 and the IANA Language subtag registry.

func (*Comid) SetTagIdentity

func (o *Comid) SetTagIdentity(tagID interface{}, tagIDVersion uint) *Comid

SetTagIdentity sets the identifier of the target Comid to the supplied tagID, which MUST be of type string or [16]byte. A tagIDVersion must also be supplied to disambiguate between different revisions of the same tag identity. If the tagID is newly minted, use 0. If the tagID has already been associated with a CoMID, pick a tagIDVersion greater than any other existing tagIDVersion's associated with that tagID.

func (Comid) ToCBOR

func (o Comid) ToCBOR() ([]byte, error)

ToCBOR serializes the target Comid to CBOR

func (Comid) ToJSON

func (o Comid) ToJSON() ([]byte, error)

ToJSON serializes the target Comid to JSON

func (Comid) ToJSONPretty

func (o Comid) ToJSONPretty(indent string) ([]byte, error)

func (Comid) Valid

func (o Comid) Valid() error

type CryptoKey

type CryptoKey struct {
	Value ICryptoKeyValue
}

CryptoKey is the struct implementing CoRIM crypto-key-type-choice. See https://www.ietf.org/archive/id/draft-ietf-rats-corim-02.html#name-crypto-keys

func MustNewCOSEKey

func MustNewCOSEKey(k any) *CryptoKey

func MustNewCertAmdArkAsk

func MustNewCertAmdArkAsk(k any) *CryptoKey

func MustNewCertPathThumbprint

func MustNewCertPathThumbprint(k any) *CryptoKey

func MustNewCertThumbprint

func MustNewCertThumbprint(k any) *CryptoKey

func MustNewCryptoKey

func MustNewCryptoKey(k any, typ string) *CryptoKey

MustNewCryptoKey is the same as NewCryptoKey, but does not return an error, and panics if there is a problem.

func MustNewPKIXBase64Cert

func MustNewPKIXBase64Cert(k any) *CryptoKey

func MustNewPKIXBase64CertPath

func MustNewPKIXBase64CertPath(k any) *CryptoKey

func MustNewPKIXBase64Key

func MustNewPKIXBase64Key(k any) *CryptoKey

func MustNewThumbprint

func MustNewThumbprint(k any) *CryptoKey

func NewCOSEKey

func NewCOSEKey(k any) (*CryptoKey, error)

func NewCertAmdArkAsk

func NewCertAmdArkAsk(k any) (*CryptoKey, error)

func NewCertPathThumbprint

func NewCertPathThumbprint(k any) (*CryptoKey, error)

func NewCertThumbprint

func NewCertThumbprint(k any) (*CryptoKey, error)

func NewCryptoKey

func NewCryptoKey(k any, typ string) (*CryptoKey, error)

NewCryptoKey returns the pointer to a new CryptoKey of the specified type, constructed using the provided value k. The type of k depends on the specified crypto key type. For PKIX types, k must be a string. For COSE_Key, k must be a []byte. For thumbprint types, k must be a swid.HashEntry.

func NewPKIXBase64Cert

func NewPKIXBase64Cert(k any) (*CryptoKey, error)

func NewPKIXBase64CertPath

func NewPKIXBase64CertPath(k any) (*CryptoKey, error)

func NewPKIXBase64Key

func NewPKIXBase64Key(k any) (*CryptoKey, error)

func NewThumbprint

func NewThumbprint(k any) (*CryptoKey, error)

func (CryptoKey) MarshalCBOR

func (o CryptoKey) MarshalCBOR() ([]byte, error)

MarshalCBOR returns a []byte containing the CBOR representation of the CryptoKey.

func (CryptoKey) MarshalJSON

func (o CryptoKey) MarshalJSON() ([]byte, error)

MarshalJSON returns a []byte containing the JSON representation of the CryptoKey.

func (CryptoKey) PublicKey

func (o CryptoKey) PublicKey() (crypto.PublicKey, error)

PublicKey returns a crypto.PublicKey constructed from the CryptoKey's underlying value. This returns an error if the CryptoKey is one of the thumbprint types.

func (CryptoKey) String

func (o CryptoKey) String() string

String returns the string representation of the CryptoKey.

func (CryptoKey) Type

func (o CryptoKey) Type() string

Type returns the type of the CryptoKey value

func (*CryptoKey) UnmarshalCBOR

func (o *CryptoKey) UnmarshalCBOR(b []byte) error

UnmarshalCBOR populates the CryptoKey from the CBOR representation inside the provided []byte.

func (*CryptoKey) UnmarshalJSON

func (o *CryptoKey) UnmarshalJSON(b []byte) error

UnmarshalJSON populates the CryptoKey from the JSON representation inside the provided []byte.

func (CryptoKey) Valid

func (o CryptoKey) Valid() error

Valid returns an error if validation of the CryptoKey fails, or nil if it succeeds.

type CryptoKeys

type CryptoKeys []*CryptoKey

CryptoKeys is an array of *CryptoKey

func NewCryptoKeys

func NewCryptoKeys() *CryptoKeys

NewCryptoKeys instantiates an empty CryptoKeys

func (*CryptoKeys) Add

func (o *CryptoKeys) Add(v *CryptoKey) *CryptoKeys

Add the supplied *CryptoKey to the CryptoKeys

func (CryptoKeys) Valid

func (o CryptoKeys) Valid() error

Valid returns an error if any of the contained keys fail to validate, or if CryptoKeys is empty

type DevIdentityKey

type DevIdentityKey struct {
	Environment Environment `json:"environment"`
	VerifKeys   CryptoKeys  `json:"verification-keys"`
	// contains filtered or unexported fields
}

DevIdentityKey stores an identity-triple-record with CBOR and JSON serializations. Note that the CBOR serialization packs the structure into an array. Instead, when serializing to JSON, the structure is converted into an object.

func (DevIdentityKey) Valid

func (o DevIdentityKey) Valid() error

type Digests

type Digests []swid.HashEntry

Digests is an alias for an array of SWID HashEntry

func NewDigests

func NewDigests() *Digests

NewDigests instantiates an empty array of Digests

func (*Digests) AddDigest

func (o *Digests) AddDigest(algID uint64, value []byte) *Digests

AddDigest create a new digest from the supplied arguments and appends it to the (already instantiated) Digests target. The method is a no-op if it is invoked on a nil target and will refuse to add inconsistent algo/value combinations.

func (Digests) Valid

func (o Digests) Valid() error

type EndorsedValue

type EndorsedValue struct {
	Environment  Environment  `json:"environment"`
	Measurements Measurements `json:"measurements"`
	// contains filtered or unexported fields
}

EndorsedValue stores an endorsed-triple-record with CBOR and JSON serializations. Note that the CBOR serialization packs the structure into an array. Instead, when serializing to JSON, the structure is converted into an object.

func (EndorsedValue) Valid

func (o EndorsedValue) Valid() error

type Entities

type Entities []Entity

Entities is an array of entity-map's

func NewEntities

func NewEntities() *Entities

NewEntities instantiates an empty entity-map array

func (*Entities) AddEntity

func (o *Entities) AddEntity(e Entity) *Entities

AddEntity adds the supplied entity-map to the target Entities

func (Entities) Valid

func (o Entities) Valid() error

Valid iterates over the range of individual entities to check for validity

type Entity

type Entity struct {
	EntityName *EntityName `cbor:"0,keyasint" json:"name"`
	RegID      *TaggedURI  `cbor:"1,keyasint,omitempty" json:"regid,omitempty"`
	Roles      Roles       `cbor:"2,keyasint" json:"roles"`

	Extensions
}

Entity stores an entity-map capable of CBOR and JSON serializations.

func (*Entity) GetExtensions

func (o *Entity) GetExtensions() extensions.IExtensionsValue

GetExtensions returns pervisouosly registered extension

func (*Entity) MarshalCBOR

func (o *Entity) MarshalCBOR() ([]byte, error)

MarshalCBOR serializes to CBOR

func (*Entity) MarshalJSON

func (o *Entity) MarshalJSON() ([]byte, error)

MarshalJSON serializes to JSON

func (*Entity) RegisterExtensions

func (o *Entity) RegisterExtensions(exts extensions.IExtensionsValue)

RegisterExtensions registers a struct as a collections of extensions

func (*Entity) SetEntityName

func (o *Entity) SetEntityName(name string) *Entity

SetEntityName is used to set the EntityName field of Entity using supplied name

func (*Entity) SetRegID

func (o *Entity) SetRegID(uri string) *Entity

SetRegID is used to set the RegID field of Entity using supplied uri

func (*Entity) SetRoles

func (o *Entity) SetRoles(roles ...Role) *Entity

SetRoles appends the supplied roles to the target entity.

func (*Entity) UnmarshalCBOR

func (o *Entity) UnmarshalCBOR(data []byte) error

UnmarshalCBOR deserializes from CBOR

func (*Entity) UnmarshalJSON

func (o *Entity) UnmarshalJSON(data []byte) error

UnmarshalJSON deserializes from JSON

func (Entity) Valid

func (o Entity) Valid() error

Valid checks for validity of the fields within each Entity

type EntityName

type EntityName struct {
	Value IEntityNameValue
}

EntityName encapsulates the name of the associated Entity. The CoRIM specification only allows for text (string) name, but this may be extended by other specifications.

func MustNewEntityName

func MustNewEntityName(val any, typ string) *EntityName

MustNewEntityName is like NewEntityName, except it doesn't return an error, assuming that the provided value is valid. It panics if that isn't the case.

func MustNewStringEntityName

func MustNewStringEntityName(val any) *EntityName

func NewEntityName

func NewEntityName(val any, typ string) (*EntityName, error)

NewEntityName creates a new EntityName of the specified type using the provided value.

func NewStringEntityName

func NewStringEntityName(val any) (*EntityName, error)

func (EntityName) MarshalCBOR

func (o EntityName) MarshalCBOR() ([]byte, error)

func (EntityName) MarshalJSON

func (o EntityName) MarshalJSON() ([]byte, error)

func (EntityName) String

func (o EntityName) String() string

func (*EntityName) UnmarshalCBOR

func (o *EntityName) UnmarshalCBOR(data []byte) error

func (*EntityName) UnmarshalJSON

func (o *EntityName) UnmarshalJSON(data []byte) error

func (EntityName) Valid

func (o EntityName) Valid() error

type Environment

type Environment struct {
	Class    *Class    `cbor:"0,keyasint,omitempty" json:"class,omitempty"`
	Instance *Instance `cbor:"1,keyasint,omitempty" json:"instance,omitempty"`
	Group    *Group    `cbor:"2,keyasint,omitempty" json:"group,omitempty"`
}

Environment stores the identifying information about a target or attesting environment at the class, instance and group scope. The Environment type has JSON and CBOR serializations.

func (*Environment) FromCBOR

func (o *Environment) FromCBOR(data []byte) error

FromCBOR deserializes the supplied CBOR data into the target Environment

func (*Environment) FromJSON

func (o *Environment) FromJSON(data []byte) error

FromJSON deserializes the supplied JSON string into the target Environment

func (Environment) ToCBOR

func (o Environment) ToCBOR() ([]byte, error)

ToCBOR serializes the target Environment to CBOR (if the Environment is "valid")

func (Environment) ToJSON

func (o Environment) ToJSON() ([]byte, error)

ToJSON serializes the target Environment to JSON (if the Environment is "valid")

func (Environment) Valid

func (o Environment) Valid() error

Valid checks the validity (according to the spec) of the target Environment

type Extensions

type Extensions struct {
	extensions.Extensions
}

type Flag

type Flag int

Flag indicates whether a particular operational mode is active within the measured environment.

const (
	FlagIsConfigured Flag = iota
	FlagIsSecure
	FlagIsRecovery
	FlagIsDebug
	FlagIsReplayProtected
	FlagIsIntegrityProtected
	FlagIsRuntimeMeasured
	FlagIsImmutable
	FlagIsTcb
)

type FlagsMap

type FlagsMap struct {
	// IsConfigured indicates whether the measured environment is fully
	// configured for normal operation.
	IsConfigured *bool `cbor:"0,keyasint,omitempty" json:"is-configured,omitempty"`
	// IsSecure indicates whether the measured environment's configurable
	// security settings are fully enabled.
	IsSecure *bool `cbor:"1,keyasint,omitempty" json:"is-secure,omitempty"`
	// IsRecovery indicates whether the measured environment is in recovery
	// mode.
	IsRecovery *bool `cbor:"2,keyasint,omitempty" json:"is-recovery,omitempty"`
	// IsDebug indicates whether the measured environment is in a debug
	// enabled mode.
	IsDebug *bool `cbor:"3,keyasint,omitempty" json:"is-debug,omitempty"`
	// IsReplayProtected indicates whether the measured environment is
	// protected from replay by a previous image that differs from the
	// current image.
	IsReplayProtected *bool `cbor:"4,keyasint,omitempty" json:"is-replay-protected,omitempty"`
	// IsIntegrityProtected indicates whether the measured environment is
	// protected from unauthorized update.
	IsIntegrityProtected *bool `cbor:"5,keyasint,omitempty" json:"is-integrity-protected,omitempty"`
	// IsRuntimeMeasured indicates whether the measured environment is
	// measured after being loaded into memory.
	IsRuntimeMeasured *bool `cbor:"6,keyasint,omitempty" json:"is-runtime-meas,omitempty"`
	// IsImmutable indicates whether the measured environment is immutable.
	IsImmutable *bool `cbor:"7,keyasint,omitempty" json:"is-immutable,omitempty"`
	// IsTcb indicates whether the measured environment is a trusted
	// computing base.
	IsTcb *bool `cbor:"8,keyasint,omitempty" json:"is-tcb,omitempty"`

	Extensions
}

FlagsMap describes a number of boolean operational modes. If a value is nil, then the operational mode is unknown.

func NewFlagsMap

func NewFlagsMap() *FlagsMap

func (*FlagsMap) AnySet

func (o *FlagsMap) AnySet() bool

func (*FlagsMap) Clear

func (o *FlagsMap) Clear(flags ...Flag)

func (*FlagsMap) Get

func (o *FlagsMap) Get(flag Flag) *bool

func (*FlagsMap) GetExtensions

func (o *FlagsMap) GetExtensions() extensions.IExtensionsValue

GetExtensions returns pervisouosly registered extension

func (*FlagsMap) MarshalCBOR

func (o *FlagsMap) MarshalCBOR() ([]byte, error)

MarshalCBOR serializes to CBOR

func (*FlagsMap) MarshalJSON

func (o *FlagsMap) MarshalJSON() ([]byte, error)

MarshalJSON serializes to JSON

func (*FlagsMap) RegisterExtensions

func (o *FlagsMap) RegisterExtensions(exts extensions.IExtensionsValue)

RegisterExtensions registers a struct as a collections of extensions

func (*FlagsMap) SetFalse

func (o *FlagsMap) SetFalse(flags ...Flag)

func (*FlagsMap) SetTrue

func (o *FlagsMap) SetTrue(flags ...Flag)

func (*FlagsMap) UnmarshalCBOR

func (o *FlagsMap) UnmarshalCBOR(data []byte) error

UnmarshalCBOR deserializes from CBOR

func (*FlagsMap) UnmarshalJSON

func (o *FlagsMap) UnmarshalJSON(data []byte) error

UnmarshalJSON deserializes from JSON

func (FlagsMap) Valid

func (o FlagsMap) Valid() error

Valid returns an error if the FlagsMap is invalid.

type Group

type Group struct {
	Value IGroupValue
}

Group stores a group identity. The supported formats are UUID and variable-length opaque bytes.

func MustNewUUIDGroup

func MustNewUUIDGroup(val any) *Group

func NewBytesGroup

func NewBytesGroup(val any) (*Group, error)

NewBytesGroup creates a New Group of type bytes The supplied interface parameter could be a byte slice, a pointer to a byte slice or a string

func NewGroup

func NewGroup(val any, typ string) (*Group, error)

NewGroup instantiates an empty group

func NewUUIDGroup

func NewUUIDGroup(val any) (*Group, error)

func (Group) Bytes

func (o Group) Bytes() []byte

Bytes returns a []byte containing the raw bytes of the group value

func (Group) MarshalCBOR

func (o Group) MarshalCBOR() ([]byte, error)

MarshalCBOR serializes the target group to CBOR

func (Group) MarshalJSON

func (o Group) MarshalJSON() ([]byte, error)

func (Group) String

func (o Group) String() string

String returns a printable string of the Group value. UUIDs use the canonical 8-4-4-4-12 format, UEIDs are hex encoded.

func (Group) Type

func (o Group) Type() string

Type returns the type of the Group

func (*Group) UnmarshalCBOR

func (o *Group) UnmarshalCBOR(data []byte) error

UnmarshalCBOR deserializes the supplied CBOR into the target group

func (*Group) UnmarshalJSON

func (o *Group) UnmarshalJSON(data []byte) error

UnmarshalJSON deserializes the supplied JSON type/value object into the Group target. The following formats are supported:

 (a) UUID, e.g.:
	{
	  "type": "uuid",
	  "value": "69E027B2-7157-4758-BCB4-D9F167FE49EA"
	}

(b) Tagged bytes, e.g. :

{
  "type": "bytes",
  "value": "MTIzNDU2Nzg5"
}

func (Group) Valid

func (o Group) Valid() error

Valid checks for the validity of given group

type IClassIDFactory

type IClassIDFactory func(any) (*ClassID, error)

IClassIDFactory defines the signature for the factory functions that may be registred using RegisterClassIDType to provide a new implementation of the corresponding type choice. The factory function should create a new *ClassID with the underlying value created based on the provided input. The range of valid inputs is up to the specific type choice implementation, however it _must_ accept nil as one of the inputs, and return the Zero value for implemented type. See also https://go.dev/ref/spec#The_zero_value

type IClassIDValue

type IClassIDValue interface {
	extensions.ITypeChoiceValue

	Bytes() []byte
}

type IComidConstrainer

type IComidConstrainer interface {
	ConstrainComid(*Comid) error
}

type ICryptoKeyFactory

type ICryptoKeyFactory func(any) (*CryptoKey, error)

ICryptoKeyFactory defines the signature for the factory functions that may be registred using RegisterCryptoKeyType to provide a new implementation of the corresponding type choice. The factory function should create a new *CryptoKey with the underlying value created based on the provided input. The range of valid inputs is up to the specific type choice implementation, however it _must_ accept nil as one of the inputs, and return the Zero value for implemented type. See also https://go.dev/ref/spec#The_zero_value

type ICryptoKeyValue

type ICryptoKeyValue interface {
	extensions.ITypeChoiceValue

	// PublicKey returns a crypto.PublicKey constructed from the
	// ICryptoKeyValue's underlying value. This returns an error if the
	// ICryptoKeyValue is one of the thumbprint types.
	PublicKey() (crypto.PublicKey, error)
}

ICryptoKeyValue is the interface implemented by the concrete CryptoKey value types.

type IEntityConstrainer

type IEntityConstrainer interface {
	ConstrainEntity(*Entity) error
}

type IEntityNameFactory

type IEntityNameFactory func(any) (*EntityName, error)

IEntityNameFactory defines the signature for the factory functions that may be registred using RegisterEntityNameType to provide a new implementation of the corresponding type choice. The factory function should create a new *EntityName with the underlying value created based on the provided input. The range of valid inputs is up to the specific type choice implementation, however it _must_ accept nil as one of the inputs, and return the Zero value for implemented type. See also https://go.dev/ref/spec#The_zero_value

type IEntityNameValue

type IEntityNameValue interface {
	extensions.ITypeChoiceValue
}

type IFlagSetter

type IFlagSetter interface {
	AnySet() bool
	SetTrue(Flag)
	SetFalse(Flag)
	Clear(Flag)
	Get(Flag) *bool
}

type IFlagsMapConstrainer

type IFlagsMapConstrainer interface {
	ConstrainFlagsMap(*FlagsMap) error
}

type IGroupFactory

type IGroupFactory func(any) (*Group, error)

IGroupFactory defines the signature for the factory functions that may be registered using RegisterGroupType to provide a new implementation of the corresponding type choice. The factory function should create a new *Group with the underlying value created based on the provided input. The range of valid inputs is up to the specific type choice implementation, however it _must_ accept nil as one of the inputs, and return the Zero value for implemented type. See also https://go.dev/ref/spec#The_zero_value

type IGroupValue

type IGroupValue interface {
	extensions.ITypeChoiceValue

	Bytes() []byte
}

type IInstanceFactory

type IInstanceFactory func(any) (*Instance, error)

IInstanceFactory defines the signature for the factory functions that may be registered using RegisterInstanceType to provide a new implementation of the corresponding type choice. The factory function should create a new *Instance with the underlying value created based on the provided input. The range of valid inputs is up to the specific type choice implementation, however it _must_ accept nil as one of the inputs, and return the Zero value for implemented type. See also https://go.dev/ref/spec#The_zero_value

type IInstanceValue

type IInstanceValue interface {
	extensions.ITypeChoiceValue

	Bytes() []byte
}

IInstanceValue is the interface implemented by all Instance value implementations.

type IMKeyValue

type IMKeyValue interface {
	extensions.ITypeChoiceValue
}

IMKeyValue is the interface implemented by all Mkey value implementations.

type IMkeyFactory

type IMkeyFactory = func(val any) (*Mkey, error)

IMkeyFactory defines the signature for the factory functions that may be registred using RegisterMkeyType to provide a new implementation of the corresponding type choice. The factory function should create a new *Mkey with the underlying value created based on the provided input. The range of valid inputs is up to the specific type choice implementation, however it _must_ accept nil as one of the inputs, and return the Zero value for implemented type. See also https://go.dev/ref/spec#The_zero_value

type IMvalConstrainer

type IMvalConstrainer interface {
	ConstrainMval(*Mval) error
}

type IRegisterIndex

type IRegisterIndex interface{}

IRegisterIndex is the interface to hold register index Supported index types are uint and text

type ISVNFactory

type ISVNFactory func(any) (*SVN, error)

ISVNFactory defines the signature for the factory functions that may be registred using RegisterSVNType to provide a new implementation of the corresponding type choice. The factory function should create a new *SVN with the underlying value created based on the provided input. The range of valid inputs is up to the specific type choice implementation, however it _must_ accept nil as one of the inputs, and return the Zero value for implemented type. See also https://go.dev/ref/spec#The_zero_value

type ISVNValue

type ISVNValue interface {
	extensions.ITypeChoiceValue
}

ISVNValue is the interface that must be implemented by all SVN values.

type ITriplesConstrainer

type ITriplesConstrainer interface {
	ValidTriples(*Triples) error
}

type ImplID

type ImplID [32]byte

func (ImplID) String

func (o ImplID) String() string

func (ImplID) Valid

func (o ImplID) Valid() error

type Instance

type Instance struct {
	Value IInstanceValue
}

Instance stores an instance identity. The supported formats are UUID, UEID and variable-length opaque bytes.

func MustNewUEIDInstance

func MustNewUEIDInstance(val any) *Instance

MustNewUEIDInstance is like NewUEIDInstance execept it does not return an error, assuming that the provided value is valid. It panics if that isn't the case.

func MustNewUUIDInstance

func MustNewUUIDInstance(val any) *Instance

MustNewUUIDInstance is like NewUUIDInstance execept it does not return an error, assuming that the provided value is valid. It panics if that isn't the case.

func NewBytesInstance

func NewBytesInstance(val any) (*Instance, error)

NewBytesInstance creates a new instance of type bytes The supplied interface parameter could be a byte slice, a pointer to a byte slice or a string

func NewInstance

func NewInstance(val any, typ string) (*Instance, error)

NewInstance creates a new instance with the value of the specified type populated using the provided value.

func NewUEIDInstance

func NewUEIDInstance(val any) (*Instance, error)

NewUEIDInstance instantiates a new instance with the supplied UEID identity.

func NewUUIDInstance

func NewUUIDInstance(val any) (*Instance, error)

NewUUIDInstance instantiates a new instance with the supplied UUID identity

func (Instance) Bytes

func (o Instance) Bytes() []byte

Bytes returns a []byte containing the bytes of the underlying Instance value.

func (Instance) GetUEID added in v1.3.0

func (o Instance) GetUEID() (eat.UEID, error)

func (Instance) GetUUID added in v1.3.0

func (o Instance) GetUUID() (UUID, error)

func (Instance) MarshalCBOR

func (o Instance) MarshalCBOR() ([]byte, error)

MarshalCBOR serializes the target instance to CBOR

func (Instance) MarshalJSON

func (o Instance) MarshalJSON() ([]byte, error)

MarshalJSON serializes the Instance into a JSON object.

func (*Instance) SetUEID added in v1.3.0

func (o *Instance) SetUEID(val eat.UEID) *Instance

SetUEID sets the identity of the target instance to the supplied UEID

func (*Instance) SetUUID added in v1.3.0

func (o *Instance) SetUUID(val uuid.UUID) *Instance

SetUUID sets the identity of the target instance to the supplied UUID

func (Instance) String

func (o Instance) String() string

String returns a printable string of the Instance value. UUIDs use the canonical 8-4-4-4-12 format, UEIDs are hex encoded.

func (Instance) Type

func (o Instance) Type() string

Type returns a string naming the type of the underlying Instance value.

func (*Instance) UnmarshalCBOR

func (o *Instance) UnmarshalCBOR(data []byte) error

func (*Instance) UnmarshalJSON

func (o *Instance) UnmarshalJSON(data []byte) error

UnmarshalJSON deserializes the supplied JSON object into the target Instance The instance object must have the following shape:

{
  "type": "<INSTANCE_TYPE>",
  "value": <INSTANCE_VALUE>
}

where <INSTANCE_TYPE> must be one of the known IInstanceValue implementation type names (available in the base implementation: "ueid" and "uuid"), and <INSTANCE_VALUE> is the JSON encoding of the instance value. The exact encoding is <INSTANCE_TYPE> dependent. For the base implmentation types it is

ueid: base64-encoded bytes, e.g. "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE="
uuid: standard UUID string representation, e.g. "550e8400-e29b-41d4-a716-446655440000"
bytes: a variable-length opaque byte string, example {0x07, 0x12, 0x34}

func (Instance) Valid

func (o Instance) Valid() error

Valid checks for the validity of given instance

type IntegrityRegisters

type IntegrityRegisters struct {
	// contains filtered or unexported fields
}

IntegrityRegisters holds the Integrity Registers

func NewIntegrityRegisters

func NewIntegrityRegisters() *IntegrityRegisters

func (*IntegrityRegisters) AddDigest

func (i *IntegrityRegisters) AddDigest(index IRegisterIndex, digest swid.HashEntry) error

AddDigest allows inserting a digest at a specific index Supported index types are uint and text

func (*IntegrityRegisters) AddDigests

func (i *IntegrityRegisters) AddDigests(index IRegisterIndex, digests Digests) error

AddDigests allows inserting an array of digests at a specific index Supported index types are uint and text

func (IntegrityRegisters) MarshalCBOR

func (i IntegrityRegisters) MarshalCBOR() ([]byte, error)

func (IntegrityRegisters) MarshalJSON

func (i IntegrityRegisters) MarshalJSON() ([]byte, error)

func (*IntegrityRegisters) UnmarshalCBOR

func (i *IntegrityRegisters) UnmarshalCBOR(data []byte) error

func (*IntegrityRegisters) UnmarshalJSON

func (i *IntegrityRegisters) UnmarshalJSON(data []byte) error

type LinkedTag

type LinkedTag struct {
	LinkedTagID swid.TagID `cbor:"0,keyasint" json:"target"`
	Rel         Rel        `cbor:"1,keyasint" json:"rel"`
}

LinkedTag stores one link relation of type Rel between the embedding CoMID (the link context) and the referenced CoMID (the link target). The link can be viewed as a statement of the form: "$link_context $link_relation_type $link_target".

func NewLinkedTag

func NewLinkedTag() *LinkedTag

func (*LinkedTag) SetLinkedTag

func (o *LinkedTag) SetLinkedTag(t swid.TagID) *LinkedTag

func (*LinkedTag) SetRel

func (o *LinkedTag) SetRel(r Rel) *LinkedTag

func (LinkedTag) Valid

func (o LinkedTag) Valid() error

type LinkedTags

type LinkedTags []LinkedTag

LinkedTags is an array of LinkedTag

func NewLinkedTags

func NewLinkedTags() *LinkedTags

func (*LinkedTags) AddLinkedTag

func (o *LinkedTags) AddLinkedTag(lt LinkedTag) *LinkedTags

AddLinkedTag adds the supplied linked Tag-map to the target Entities

func (LinkedTags) Valid

func (o LinkedTags) Valid() error

type MACaddr

type MACaddr net.HardwareAddr

MACaddr is an HW address (e.g., IEEE 802 MAC-48, EUI-48, EUI-64)

Note: Since TextUnmarshal is not defined on net.HardwareAddr (see: https://github.com/golang/go/issues/29678) we need to create an alias type with a custom decoder.

func (MACaddr) MarshalJSON

func (o MACaddr) MarshalJSON() ([]byte, error)

func (*MACaddr) UnmarshalJSON

func (o *MACaddr) UnmarshalJSON(data []byte) error

UnmarshalJSON deserialize a MAC address in textual form into the MACaddr target, e.g.:

"mac-addr": "00:00:5e:00:53:01"

or

"mac-addr": "02:00:5e:10:00:00:00:01"

Supported formats are IEEE 802 MAC-48, EUI-48, EUI-64, e.g.:

00:00:5e:00:53:01
00-00-5e-00-53-01
02:00:5e:10:00:00:00:01
02-00-5e-10-00-00-00-01

type Measurement

type Measurement struct {
	Key          *Mkey      `cbor:"0,keyasint,omitempty" json:"key,omitempty"`
	Val          Mval       `cbor:"1,keyasint" json:"value"`
	AuthorizedBy *CryptoKey `cbor:"2,keyasint,omitempty" json:"authorized-by,omitempty"`
}

Measurement stores a measurement-map with CBOR and JSON serializations.

func MustNewCCAPlatCfgMeasurement

func MustNewCCAPlatCfgMeasurement(key any) *Measurement

func MustNewMeasurement

func MustNewMeasurement(val any, typ string) *Measurement

func MustNewPSAMeasurement

func MustNewPSAMeasurement(key any) *Measurement

func MustNewUUIDMeasurement

func MustNewUUIDMeasurement(key any) *Measurement

func MustNewUintMeasurement

func MustNewUintMeasurement(key any) *Measurement

func NewCCAPlatCfgMeasurement

func NewCCAPlatCfgMeasurement(key any) (*Measurement, error)

NewCCAPlatCfgMeasurement instantiates a new measurement-map with the key set to the supplied CCA platform-config-id

func NewMeasurement

func NewMeasurement(val any, typ string) (*Measurement, error)

func NewOIDMeasurement

func NewOIDMeasurement(key any) (*Measurement, error)

NewOIDMeasurement instantiates a new measurement-map with the key set to the supplied OID

func NewPSAMeasurement

func NewPSAMeasurement(key any) (*Measurement, error)

NewPSAMeasurement instantiates a new measurement-map with the key set to the supplied PSA refval-id

func NewUUIDMeasurement

func NewUUIDMeasurement(key any) (*Measurement, error)

NewUUIDMeasurement instantiates a new measurement-map with the key set to the supplied UUID

func NewUintMeasurement

func NewUintMeasurement(key any) (*Measurement, error)

NewUintMeasurement instantiates a new measurement-map with the key set to the supplied Uint

func (*Measurement) AddDigest

func (o *Measurement) AddDigest(algID uint64, digest []byte) *Measurement

AddDigest add the supplied digest - comprising the digest itself together with the hash algorithm used to obtain it - to the measurement-values-map of the target measurement

func (*Measurement) ClearFlags

func (o *Measurement) ClearFlags(flags ...Flag) *Measurement

ClearFlags clears the supplied operational flags in the measurement-values-map of the target measurement

func (*Measurement) SetFlagsFalse

func (o *Measurement) SetFlagsFalse(flags ...Flag) *Measurement

SetFlagsFalse sets the supplied operational flags to true in the measurement-values-map of the target measurement

func (*Measurement) SetFlagsTrue

func (o *Measurement) SetFlagsTrue(flags ...Flag) *Measurement

SetFlagsTrue sets the supplied operational flags to true in the measurement-values-map of the target measurement

func (*Measurement) SetIPaddr

func (o *Measurement) SetIPaddr(a net.IP) *Measurement

SetIPaddr sets the supplied IP (v4 or v6) address in the measurement-values-map of the target measurement

func (*Measurement) SetMACaddr

func (o *Measurement) SetMACaddr(a MACaddr) *Measurement

SetMACaddr sets the supplied MAC address in the measurement-values-map of the target measurement

func (*Measurement) SetMinSVN

func (o *Measurement) SetMinSVN(svn uint64) *Measurement

SetMinSVN sets the supplied min-svn in the measurement-values-map of the target measurement

func (*Measurement) SetRawValueBytes

func (o *Measurement) SetRawValueBytes(rawValue, rawValueMask []byte) *Measurement

SetRawValueBytes sets the supplied raw-value and its mask in the measurement-values-map of the target measurement

func (*Measurement) SetSVN

func (o *Measurement) SetSVN(svn uint64) *Measurement

SetSVN sets the supplied svn in the measurement-values-map of the target measurement

func (*Measurement) SetSerialNumber

func (o *Measurement) SetSerialNumber(sn string) *Measurement

SetSerialNumber sets the supplied serial number in the measurement-values-map of the target measurement

func (*Measurement) SetUEID

func (o *Measurement) SetUEID(ueid eat.UEID) *Measurement

SetUEID sets the supplied ueid in the measurement-values-map of the target measurement

func (*Measurement) SetUUID

func (o *Measurement) SetUUID(u UUID) *Measurement

SetUUID sets the supplied uuid in the measurement-values-map of the target measurement

func (*Measurement) SetVersion

func (o *Measurement) SetVersion(ver string, scheme int64) *Measurement

func (Measurement) Valid

func (o Measurement) Valid() error

type Measurements

type Measurements []Measurement

Measurements is an array of Measurement

func NewMeasurements

func NewMeasurements() *Measurements

NewMeasurements instantiates an empty Measurements array

func (*Measurements) AddMeasurement

func (o *Measurements) AddMeasurement(m *Measurement) *Measurements

AddMeasurements adds the supplied Measurement to the target Measurement

func (Measurements) Valid

func (o Measurements) Valid() error

type Mkey

type Mkey struct {
	Value IMKeyValue
}

Mkey stores a $measured-element-type-choice. The supported types are UUID, PSA refval-id, CCA platform-config-id and unsigned integer TO DO Add tagged OID: see https://github.com/jraman567/corim/issues/35

func MustNewMkey

func MustNewMkey(val any, typ string) *Mkey

MustNewMkey is like NewMkey, execept it does not return an error, assuming that the provided value is valid. It panics if that is not the case.

func NewMkey

func NewMkey(val any, typ string) (*Mkey, error)

NewMkey creates a new Mkey of the specfied type using the provided value.

func NewMkeyCCAPlatformConfigID

func NewMkeyCCAPlatformConfigID(val any) (*Mkey, error)

func NewMkeyOID

func NewMkeyOID(val any) (*Mkey, error)

func NewMkeyPSARefvalID

func NewMkeyPSARefvalID(val any) (*Mkey, error)

func NewMkeyUUID

func NewMkeyUUID(val any) (*Mkey, error)

func NewMkeyUint

func NewMkeyUint(val any) (*Mkey, error)

func (Mkey) GetCCAPlatformConfigID added in v1.3.0

func (o Mkey) GetCCAPlatformConfigID() (CCAPlatformConfigID, error)

func (Mkey) GetKeyUint added in v1.3.0

func (o Mkey) GetKeyUint() (uint64, error)

func (Mkey) GetPSARefValID added in v1.3.0

func (o Mkey) GetPSARefValID() (PSARefValID, error)

func (Mkey) IsSet

func (o Mkey) IsSet() bool

IsSet returns true if the value of the Mkey is set.

func (Mkey) MarshalCBOR

func (o Mkey) MarshalCBOR() ([]byte, error)

MarshalCBOR serializes the taret mkey into CBOR-encoded bytes.

func (Mkey) MarshalJSON

func (o Mkey) MarshalJSON() ([]byte, error)

MarshalJSON serializes the target Mkey into the type'n'value JSON object

func (Mkey) Type added in v1.5.1

func (o Mkey) Type() string

Type returns the type of Mkey

func (*Mkey) UnmarshalCBOR

func (o *Mkey) UnmarshalCBOR(data []byte) error

UnmarshalCBOR deserializes the Mkey from the provided CBOR bytes.

func (*Mkey) UnmarshalJSON

func (o *Mkey) UnmarshalJSON(data []byte) error

UnmarshalJSON deserializes the supplied JSON object into the target MKey The key object must have the following shape:

{
  "type": "<MKEY_TYPE>",
  "value": <MKEY_JSON_VALUE>
}

where <MKEY_TYPE> must be one of the known IMKeyValue implementation type names (available in the base implementation: "uuid", "oid", "psa.impl-id"), and <MKEY_JSON_VALUE> is the class id value serialized to JSON. The exact serialization is <CLASS_ID_TYPE> depenent. For the base implementation types it is

oid: dot-seprated integers, e.g. "1.2.3.4"
uuid: standard UUID string representation, e.g. "550e8400-e29b-41d4-a716-446655440000"
psa.refval-id: JSON representation of the PSA refval-id

func (Mkey) Valid

func (o Mkey) Valid() error

Valid returns nil if the Mkey is valid or an error describing the problem, if it is not.

type Mval

type Mval struct {
	Ver                *Version              `cbor:"0,keyasint,omitempty" json:"version,omitempty"`
	SVN                *SVN                  `cbor:"1,keyasint,omitempty" json:"svn,omitempty"`
	Digests            *Digests              `cbor:"2,keyasint,omitempty" json:"digests,omitempty"`
	Flags              *FlagsMap             `cbor:"3,keyasint,omitempty" json:"flags,omitempty"`
	RawValue           *RawValue             `cbor:"4,keyasint,omitempty" json:"raw-value,omitempty"`
	RawValueMask       *[]byte               `cbor:"5,keyasint,omitempty" json:"raw-value-mask,omitempty"`
	MACAddr            *MACaddr              `cbor:"6,keyasint,omitempty" json:"mac-addr,omitempty"`
	IPAddr             *net.IP               `cbor:"7,keyasint,omitempty" json:"ip-addr,omitempty"`
	SerialNumber       *string               `cbor:"8,keyasint,omitempty" json:"serial-number,omitempty"`
	UEID               *eat.UEID             `cbor:"9,keyasint,omitempty" json:"ueid,omitempty"`
	UUID               *UUID                 `cbor:"10,keyasint,omitempty" json:"uuid,omitempty"`
	IntegrityRegisters *IntegrityRegisters   `cbor:"14,keyasint,omitempty" json:"integrity-registers,omitempty"`
	OvmfMetadata       *ovmf.MetadataWrapper `cbor:"15,keyasint,omitempty" json:"ovmf-metadata,omitempty"`
	Extensions
}

Mval stores a measurement-values-map with JSON and CBOR serializations.

func (*Mval) GetExtensions

func (o *Mval) GetExtensions() extensions.IExtensionsValue

GetExtensions returns pervisouosly registered extension

func (*Mval) MarshalCBOR

func (o *Mval) MarshalCBOR() ([]byte, error)

MarshalCBOR serializes to CBOR

func (*Mval) MarshalJSON

func (o *Mval) MarshalJSON() ([]byte, error)

MarshalJSON serializes to JSON

func (*Mval) RegisterExtensions

func (o *Mval) RegisterExtensions(exts extensions.IExtensionsValue)

RegisterExtensions registers a struct as a collections of extensions

func (*Mval) UnmarshalCBOR

func (o *Mval) UnmarshalCBOR(data []byte) error

UnmarshalCBOR deserializes from CBOR

func (*Mval) UnmarshalJSON

func (o *Mval) UnmarshalJSON(data []byte) error

UnmarshalJSON deserializes from JSON

func (Mval) Valid

func (o Mval) Valid() error

type OID

type OID []byte

BER-encoded absolute OID

func (*OID) FromString

func (o *OID) FromString(s string) error

func (OID) MarshalJSON

func (o OID) MarshalJSON() ([]byte, error)

func (OID) String

func (o OID) String() string

func (*OID) UnmarshalJSON

func (o *OID) UnmarshalJSON(data []byte) error

type PSARefValID

type PSARefValID struct {
	Label    *string `cbor:"1,keyasint,omitempty" json:"label,omitempty"`
	Version  *string `cbor:"4,keyasint,omitempty" json:"version,omitempty"`
	SignerID []byte  `cbor:"5,keyasint" json:"signer-id"` // 32, 48 or 64
}

PSARefValID stores a PSA refval-id with CBOR and JSON serializations (See https://datatracker.ietf.org/doc/html/draft-xyz-rats-psa-endorsements)

func CreatePSARefValID

func CreatePSARefValID(signerID []byte, label, version string) (*PSARefValID, error)

func MustCreatePSARefValID

func MustCreatePSARefValID(signerID []byte, label, version string) *PSARefValID

func NewPSARefValID

func NewPSARefValID(val any) (*PSARefValID, error)

func (*PSARefValID) SetLabel

func (o *PSARefValID) SetLabel(label string) *PSARefValID

func (*PSARefValID) SetVersion

func (o *PSARefValID) SetVersion(version string) *PSARefValID

func (PSARefValID) Valid

func (o PSARefValID) Valid() error

Valid checks the validity (according to the spec) of the target PSARefValID

type RawValue

type RawValue struct {
	// contains filtered or unexported fields
}

RawValue models a $raw-value-type-choice. For now, the only available type is bytes.

func NewRawValue

func NewRawValue() *RawValue

func (RawValue) GetBytes

func (o RawValue) GetBytes() ([]byte, error)

func (RawValue) MarshalCBOR

func (o RawValue) MarshalCBOR() ([]byte, error)

func (RawValue) MarshalJSON

func (o RawValue) MarshalJSON() ([]byte, error)

func (*RawValue) SetBytes

func (o *RawValue) SetBytes(val []byte) *RawValue

func (*RawValue) UnmarshalCBOR

func (o *RawValue) UnmarshalCBOR(data []byte) error

func (*RawValue) UnmarshalJSON

func (o *RawValue) UnmarshalJSON(data []byte) error

UnmarshalJSON deserializes the type'n'value JSON object into the target RawValue. The only supported type is BytesType with value

type ReferenceValue

type ReferenceValue struct {
	Environment  Environment  `json:"environment"`
	Measurements Measurements `json:"measurements"`
	// contains filtered or unexported fields
}

func (ReferenceValue) Valid

func (o ReferenceValue) Valid() error

type Rel

type Rel int64
const (
	RelSupplements Rel = iota
	RelReplaces

	RelUnset = ^Rel(0)
)

func NewRel

func NewRel() *Rel

func (*Rel) FromCBOR

func (o *Rel) FromCBOR(data []byte) error

func (Rel) Get

func (o Rel) Get() Rel

func (Rel) MarshalJSON

func (o Rel) MarshalJSON() ([]byte, error)

func (*Rel) Set

func (o *Rel) Set(r Rel) *Rel

func (Rel) String

func (o Rel) String() string

func (Rel) ToCBOR

func (o Rel) ToCBOR() ([]byte, error)

func (*Rel) UnmarshalJSON

func (o *Rel) UnmarshalJSON(data []byte) error

func (Rel) Valid

func (o Rel) Valid() error

type Role

type Role int64
const (
	RoleTagCreator Role = iota
	RoleCreator
	RoleMaintainer
)

func (Role) String

func (o Role) String() string

String returns the string representation of the Role.

type Roles

type Roles []Role

func NewRoles

func NewRoles() *Roles

func (*Roles) Add

func (o *Roles) Add(roles ...Role) *Roles

func (*Roles) FromCBOR

func (o *Roles) FromCBOR(data []byte) error

func (Roles) MarshalJSON

func (o Roles) MarshalJSON() ([]byte, error)

func (Roles) ToCBOR

func (o Roles) ToCBOR() ([]byte, error)

func (*Roles) UnmarshalJSON

func (o *Roles) UnmarshalJSON(data []byte) error

func (Roles) Valid

func (o Roles) Valid() error

type SVN

type SVN struct {
	Value ISVNValue
}

SVN is the Security Version Number. This typically changes only when a security relevant change is needed to the measured environment.

func MustNewSVN

func MustNewSVN(val any, typ string) *SVN

MustNewSVN is like NewSVN but does not return an error, assuming that the provided value is valid. It panics if this is not the case.

func MustNewTaggedMinSVN

func MustNewTaggedMinSVN(val any) *SVN

func MustNewTaggedSVN

func MustNewTaggedSVN(val any) *SVN

func NewSVN

func NewSVN(val any, typ string) (*SVN, error)

NewSVN creates a new SVN of the specified and value. The type must be one of the strings defined by the spec ("exact-value", "min-value"), or has been registered with RegisterSVNType().

func NewTaggedMinSVN

func NewTaggedMinSVN(val any) (*SVN, error)

func NewTaggedSVN

func NewTaggedSVN(val any) (*SVN, error)

func (SVN) MarshalCBOR

func (o SVN) MarshalCBOR() ([]byte, error)

MarshalCBOR returns the CBOR encoding of the SVN.

func (SVN) MarshalJSON

func (o SVN) MarshalJSON() ([]byte, error)

MarshalJSON serializes the SVN int a JSON object

func (*SVN) UnmarshalCBOR

func (o *SVN) UnmarshalCBOR(data []byte) error

UnmarshalCBOR populates the SVN form the provided CBOR bytes.

func (*SVN) UnmarshalJSON

func (o *SVN) UnmarshalJSON(data []byte) error

UnmarshalJSON deserializes the supplied JSON object into the target SVN The SVN object must have the following shape:

{
  "type": "<SVN_TYPE>",
  "value": <SVN_VALUE>
}

where <SVN_TYPE> must be one of the known ISVNValue implementation type names (available in the base implementation: "exact-value", "min-value"), and <SVN_VALUE> is the JSON encoding of the underlying class id value. The exact encoding is <SVN_TYPE> dependent. For both base types, it is an integer (JSON number).

type StringEntityName

type StringEntityName string

func (StringEntityName) String

func (o StringEntityName) String() string

func (StringEntityName) Type

func (o StringEntityName) Type() string

func (StringEntityName) Valid

func (o StringEntityName) Valid() error

type TagIdentity

type TagIdentity struct {
	TagID      swid.TagID `cbor:"0,keyasint" json:"id"`
	TagVersion uint       `cbor:"1,keyasint,omitempty" json:"version,omitempty"`
}

func (TagIdentity) Valid

func (o TagIdentity) Valid() error

type TaggedBytes

type TaggedBytes []byte

func NewBytes

func NewBytes(val any) (*TaggedBytes, error)

func (TaggedBytes) Bytes

func (o TaggedBytes) Bytes() []byte

func (TaggedBytes) String

func (o TaggedBytes) String() string

func (TaggedBytes) Type

func (o TaggedBytes) Type() string

func (TaggedBytes) Valid

func (o TaggedBytes) Valid() error

type TaggedCCAPlatformConfigID

type TaggedCCAPlatformConfigID CCAPlatformConfigID

func NewTaggedCCAPlatformConfigID

func NewTaggedCCAPlatformConfigID(val any) (*TaggedCCAPlatformConfigID, error)

func (TaggedCCAPlatformConfigID) IsZero

func (o TaggedCCAPlatformConfigID) IsZero() bool

func (TaggedCCAPlatformConfigID) String

func (o TaggedCCAPlatformConfigID) String() string

func (TaggedCCAPlatformConfigID) Type

func (*TaggedCCAPlatformConfigID) UnmarshalJSON

func (o *TaggedCCAPlatformConfigID) UnmarshalJSON(data []byte) error

func (TaggedCCAPlatformConfigID) Valid

func (o TaggedCCAPlatformConfigID) Valid() error

type TaggedCOSEKey

type TaggedCOSEKey []byte

TaggedCOSEKey is a CBOR encoded COSE_Key or COSE_KeySet. See https://www.rfc-editor.org/rfc/rfc9052#section-7

func (TaggedCOSEKey) MarshalCBOR

func (o TaggedCOSEKey) MarshalCBOR() ([]byte, error)

func (TaggedCOSEKey) PublicKey

func (o TaggedCOSEKey) PublicKey() (crypto.PublicKey, error)

func (TaggedCOSEKey) String

func (o TaggedCOSEKey) String() string

func (TaggedCOSEKey) Type

func (o TaggedCOSEKey) Type() string

func (*TaggedCOSEKey) UnmarshalCBOR

func (o *TaggedCOSEKey) UnmarshalCBOR(b []byte) error

func (TaggedCOSEKey) Valid

func (o TaggedCOSEKey) Valid() error

type TaggedCertAmdArkAsk

type TaggedCertAmdArkAsk struct {
	Value string `cbor:"79499,keyasint" json:"askark"`
}

func (TaggedCertAmdArkAsk) PublicKey

func (o TaggedCertAmdArkAsk) PublicKey() (crypto.PublicKey, error)

ToDo: extract Public Key from ARK/ASK

ARK/ASK is in proprietary format. We need to extract the
Modulus and Exponent and then construct the Public Key

func (TaggedCertAmdArkAsk) String

func (o TaggedCertAmdArkAsk) String() string

func (TaggedCertAmdArkAsk) Type

func (o TaggedCertAmdArkAsk) Type() string

func (TaggedCertAmdArkAsk) Valid

func (o TaggedCertAmdArkAsk) Valid() error

ToDo: Add checks to validate ARK/ASK

type TaggedCertPathThumbprint

type TaggedCertPathThumbprint struct {
	// contains filtered or unexported fields
}

TaggedCertPathThumbprint represents a digest of a certification path. The digest value may be used to find the certificate path if contained in a lookup table.

func (TaggedCertPathThumbprint) PublicKey

func (o TaggedCertPathThumbprint) PublicKey() (crypto.PublicKey, error)

func (TaggedCertPathThumbprint) String

func (o TaggedCertPathThumbprint) String() string

func (TaggedCertPathThumbprint) Type

func (TaggedCertPathThumbprint) Valid

func (o TaggedCertPathThumbprint) Valid() error

type TaggedCertThumbprint

type TaggedCertThumbprint struct {
	// contains filtered or unexported fields
}

TaggedCertThumbprint represents a digest of a certificate. The digest value may be used to find the certificate if contained in a lookup table.

func (TaggedCertThumbprint) PublicKey

func (o TaggedCertThumbprint) PublicKey() (crypto.PublicKey, error)

func (TaggedCertThumbprint) String

func (o TaggedCertThumbprint) String() string

func (TaggedCertThumbprint) Type

func (o TaggedCertThumbprint) Type() string

func (TaggedCertThumbprint) Valid

func (o TaggedCertThumbprint) Valid() error

type TaggedImplID

type TaggedImplID ImplID

func (TaggedImplID) Bytes

func (o TaggedImplID) Bytes() []byte

func (*TaggedImplID) MarshalJSON

func (o *TaggedImplID) MarshalJSON() ([]byte, error)

func (TaggedImplID) String

func (o TaggedImplID) String() string

func (TaggedImplID) Type

func (o TaggedImplID) Type() string

func (*TaggedImplID) UnmarshalJSON

func (o *TaggedImplID) UnmarshalJSON(data []byte) error

func (TaggedImplID) Valid

func (o TaggedImplID) Valid() error

type TaggedInt

type TaggedInt int

func (TaggedInt) Bytes

func (o TaggedInt) Bytes() []byte

func (TaggedInt) String

func (o TaggedInt) String() string

func (TaggedInt) Type

func (o TaggedInt) Type() string

func (TaggedInt) Valid

func (o TaggedInt) Valid() error

type TaggedMinSVN

type TaggedMinSVN uint64

func (TaggedMinSVN) String

func (o TaggedMinSVN) String() string

func (TaggedMinSVN) Type

func (o TaggedMinSVN) Type() string

func (TaggedMinSVN) Valid

func (o TaggedMinSVN) Valid() error

type TaggedOID

type TaggedOID OID

func NewTaggedOID

func NewTaggedOID(val any) (*TaggedOID, error)

func (TaggedOID) Bytes

func (o TaggedOID) Bytes() []byte

func (*TaggedOID) FromString

func (o *TaggedOID) FromString(s string) error

func (TaggedOID) MarshalJSON

func (o TaggedOID) MarshalJSON() ([]byte, error)

func (TaggedOID) String

func (o TaggedOID) String() string

func (TaggedOID) Type

func (o TaggedOID) Type() string

func (*TaggedOID) UnmarshalJSON

func (o *TaggedOID) UnmarshalJSON(data []byte) error

func (TaggedOID) Valid

func (o TaggedOID) Valid() error

type TaggedPKIXBase64Cert

type TaggedPKIXBase64Cert string

TaggedPKIXBase64Cert is a PEM-encoded X.509 public key certificate. See https://www.rfc-editor.org/rfc/rfc7468#section-5

func (TaggedPKIXBase64Cert) PublicKey

func (o TaggedPKIXBase64Cert) PublicKey() (crypto.PublicKey, error)

func (TaggedPKIXBase64Cert) String

func (o TaggedPKIXBase64Cert) String() string

func (TaggedPKIXBase64Cert) Type

func (o TaggedPKIXBase64Cert) Type() string

func (TaggedPKIXBase64Cert) Valid

func (o TaggedPKIXBase64Cert) Valid() error

type TaggedPKIXBase64CertPath

type TaggedPKIXBase64CertPath string

TaggedPKIXBase64CertPath is a X.509 certificate chain created by the concatenation of as many PEM encoded X.509 certificates as needed. The certificates MUST be concatenated in order so that each directly certifies the one preceding.

func (TaggedPKIXBase64CertPath) PublicKey

func (TaggedPKIXBase64CertPath) String

func (o TaggedPKIXBase64CertPath) String() string

func (TaggedPKIXBase64CertPath) Type

func (TaggedPKIXBase64CertPath) Valid

func (o TaggedPKIXBase64CertPath) Valid() error

type TaggedPKIXBase64Key

type TaggedPKIXBase64Key string

TaggedPKIXBase64Key is a PEM-encoded SubjectPublicKeyInfo. See https://www.rfc-editor.org/rfc/rfc7468#section-13

func (TaggedPKIXBase64Key) PublicKey

func (o TaggedPKIXBase64Key) PublicKey() (crypto.PublicKey, error)

func (TaggedPKIXBase64Key) String

func (o TaggedPKIXBase64Key) String() string

func (TaggedPKIXBase64Key) Type

func (o TaggedPKIXBase64Key) Type() string

func (TaggedPKIXBase64Key) Valid

func (o TaggedPKIXBase64Key) Valid() error

type TaggedPSARefValID

type TaggedPSARefValID PSARefValID

func NewTaggedPSARefValID

func NewTaggedPSARefValID(val any) (*TaggedPSARefValID, error)

func (TaggedPSARefValID) IsZero

func (o TaggedPSARefValID) IsZero() bool

func (TaggedPSARefValID) String

func (o TaggedPSARefValID) String() string

func (TaggedPSARefValID) Type

func (o TaggedPSARefValID) Type() string

func (TaggedPSARefValID) Valid

func (o TaggedPSARefValID) Valid() error

type TaggedSVN

type TaggedSVN uint64

func (TaggedSVN) String

func (o TaggedSVN) String() string

func (TaggedSVN) Type

func (o TaggedSVN) Type() string

func (TaggedSVN) Valid

func (o TaggedSVN) Valid() error

type TaggedThumbprint

type TaggedThumbprint struct {
	// contains filtered or unexported fields
}

ThumbprintTypeTaggedThumbprint represents a digest of a raw public key. The digest value may be used to find the public key if contained in a lookup table.

func (TaggedThumbprint) PublicKey

func (o TaggedThumbprint) PublicKey() (crypto.PublicKey, error)

func (TaggedThumbprint) String

func (o TaggedThumbprint) String() string

func (TaggedThumbprint) Type

func (o TaggedThumbprint) Type() string

func (TaggedThumbprint) Valid

func (o TaggedThumbprint) Valid() error

type TaggedUEID

type TaggedUEID UEID

TaggedUEID is an alias to allow automatic tagging of an UEID type

func NewTaggedUEID

func NewTaggedUEID(val any) (*TaggedUEID, error)

func (TaggedUEID) Bytes

func (o TaggedUEID) Bytes() []byte

func (TaggedUEID) String

func (o TaggedUEID) String() string

func (TaggedUEID) Type

func (o TaggedUEID) Type() string

func (TaggedUEID) Valid

func (o TaggedUEID) Valid() error

type TaggedURI

type TaggedURI string

func String2URI

func String2URI(s *string) (*TaggedURI, error)

func (TaggedURI) Empty

func (o TaggedURI) Empty() bool

type TaggedUUID

type TaggedUUID UUID

TaggedUUID is an alias to allow automatic tagging of a UUID type

func NewTaggedUUID

func NewTaggedUUID(val any) (*TaggedUUID, error)

func (TaggedUUID) Bytes

func (o TaggedUUID) Bytes() []byte

Bytes returns a []byte containing the raw UUID bytes

func (TaggedUUID) MarshalJSON

func (o TaggedUUID) MarshalJSON() ([]byte, error)

func (TaggedUUID) String

func (o TaggedUUID) String() string

String returns a string representation of the binary UUID

func (TaggedUUID) Type

func (o TaggedUUID) Type() string

Type returns a string containing type name. This is part of the ITypeChoiceValue implementation.

func (*TaggedUUID) UnmarshalJSON

func (o *TaggedUUID) UnmarshalJSON(data []byte) error

func (TaggedUUID) Valid

func (o TaggedUUID) Valid() error

type Triples

type Triples struct {
	ReferenceValues *[]ReferenceValue `cbor:"0,keyasint,omitempty" json:"reference-values,omitempty"`
	EndorsedValues  *[]EndorsedValue  `cbor:"1,keyasint,omitempty" json:"endorsed-values,omitempty"`
	AttestVerifKeys *[]AttestVerifKey `cbor:"2,keyasint,omitempty" json:"attester-verification-keys,omitempty"`
	DevIdentityKeys *[]DevIdentityKey `cbor:"3,keyasint,omitempty" json:"dev-identity-keys,omitempty"`

	Extensions
}

func (*Triples) AddAttestVerifKey

func (o *Triples) AddAttestVerifKey(val AttestVerifKey) *Triples

func (*Triples) AddDevIdentityKey

func (o *Triples) AddDevIdentityKey(val DevIdentityKey) *Triples

func (*Triples) AddEndorsedValue

func (o *Triples) AddEndorsedValue(val EndorsedValue) *Triples

func (*Triples) AddReferenceValue

func (o *Triples) AddReferenceValue(val ReferenceValue) *Triples

func (*Triples) GetExtensions

func (o *Triples) GetExtensions() extensions.IExtensionsValue

GetExtensions returns pervisouosly registered extension

func (*Triples) MarshalCBOR

func (o *Triples) MarshalCBOR() ([]byte, error)

MarshalCBOR serializes to CBOR

func (*Triples) MarshalJSON

func (o *Triples) MarshalJSON() ([]byte, error)

MarshalJSON serializes to JSON

func (*Triples) RegisterExtensions

func (o *Triples) RegisterExtensions(exts extensions.IExtensionsValue)

RegisterExtensions registers a struct as a collections of extensions

func (*Triples) UnmarshalCBOR

func (o *Triples) UnmarshalCBOR(data []byte) error

UnmarshalCBOR deserializes from CBOR

func (*Triples) UnmarshalJSON

func (o *Triples) UnmarshalJSON(data []byte) error

UnmarshalJSON deserializes from JSON

func (Triples) Valid

func (o Triples) Valid() error

Valid checks that the Triples is valid as per the specification

type UEID

type UEID eat.UEID

UEID is an Unique Entity Identifier

func (UEID) Empty

func (o UEID) Empty() bool

func (UEID) String

func (o UEID) String() string

func (UEID) Valid

func (o UEID) Valid() error

Valid checks that the target UEID is in one of the defined formats: IMEI, EUI or RAND

type UUID

type UUID uuid.UUID

UUID represents an Universally Unique Identifier (UUID, see RFC4122)

func ParseUUID

func ParseUUID(s string) (UUID, error)

ParseUUID parses the supplied string into a UUID

func (UUID) Empty

func (o UUID) Empty() bool

func (UUID) MarshalJSON

func (o UUID) MarshalJSON() ([]byte, error)

MarshalJSON serialize the target UUID to a JSON string in canonical 8-4-4-4-12 format

func (UUID) String

func (o UUID) String() string

String returns a string representation of the binary UUID

func (*UUID) UnmarshalJSON

func (o *UUID) UnmarshalJSON(data []byte) error

UnmarshalJSON deserializes the supplied string into the UUID target The UUID string in expected to be in canonical 8-4-4-4-12 format

func (UUID) Valid

func (o UUID) Valid() error

Valid checks that the target UUID is formatted as per RFC4122

type UintMkey

type UintMkey uint64

func NewUintMkey

func NewUintMkey(val any) (*UintMkey, error)

func (UintMkey) String

func (o UintMkey) String() string

func (UintMkey) Type

func (o UintMkey) Type() string

func (*UintMkey) UnmarshalJSON

func (o *UintMkey) UnmarshalJSON(data []byte) error

func (UintMkey) Valid

func (o UintMkey) Valid() error

type Version

type Version struct {
	Version string             `cbor:"0,keyasint" json:"value"`
	Scheme  swid.VersionScheme `cbor:"1,keyasint" json:"scheme"`
}

Version stores a version-map with JSON and CBOR serializations.

func NewVersion

func NewVersion() *Version

func (*Version) SetScheme

func (o *Version) SetScheme(v int64) *Version

func (*Version) SetVersion

func (o *Version) SetVersion(v string) *Version

func (Version) Valid

func (o Version) Valid() error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL