corim

package
v1.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 18, 2024 License: Apache-2.0 Imports: 22 Imported by: 6

Documentation

Overview

Copyright 2023 Contributors to the Veraison project. SPDX-License-Identifier: Apache-2.0

Index

Constants

This section is empty.

Variables

View Source 
var (
	CoswidTag = []byte{0xd9, 0x01, 0xf9} // 505()
	ComidTag  = []byte{0xd9, 0x01, 0xfa} // 506()

)
View Source 
var (
	ContentType          = "application/rim+cbor"
	NoExternalData       = []byte("")
	HeaderLabelCorimMeta = int64(8)
)

Functions

func NewPublicKeyFromJWK 

func NewPublicKeyFromJWK(j []byte) (crypto.PublicKey, error)

func NewSignerFromJWK 

func NewSignerFromJWK(j []byte) (cose.Signer, error)

func RegisterEntityNameType added in v1.1.2 

func RegisterEntityNameType(tag uint64, factory IEntityNameFactory) error

RegisterEntityNameType registers a new IEntityNameValue implementation (created by the provided IEntityNameFactory) under the specified type name and CBOR tag.

func RegisterRole added in v1.1.2 

func RegisterRole(val int64, name string) error

RegisterRole creates a new Role association between the provided value and name. An error is returned if either clashes with any of the existing roles.

func ValidProfile 

func ValidProfile(p eat.Profile) error

ValidProfile checks that the supplied profile is in one of the supported formats (i.e., URI or OID)

Types

type Entities 

type Entities []Entity

Entities is an array of entity-map's

func NewEntities 

func NewEntities() *Entities

NewEntities instantiates an empty entity-map array

func (*Entities) AddEntity 

func (o *Entities) AddEntity(e Entity) *Entities

AddEntity adds the supplied entity-map to the target Entities

func (Entities) Valid 

func (o Entities) Valid() error

Valid iterates over the range of individual entities to check for validity

type Entity 

type Entity struct {
	EntityName *EntityName      `cbor:"0,keyasint" json:"name"`
	RegID      *comid.TaggedURI `cbor:"1,keyasint,omitempty" json:"regid,omitempty"`
	Roles      Roles            `cbor:"2,keyasint" json:"roles"`

	Extensions
}

Entity stores an entity-map capable of CBOR and JSON serializations.

func NewEntity 

func NewEntity() *Entity

func (*Entity) GetExtensions added in v1.1.2 

func (o *Entity) GetExtensions() extensions.IExtensionsValue

GetExtensions returns pervisouosly registered extension

func (*Entity) MarshalCBOR added in v1.1.2 

func (o *Entity) MarshalCBOR() ([]byte, error)

MarshalCBOR serializes to CBOR

func (*Entity) MarshalJSON added in v1.1.2 

func (o *Entity) MarshalJSON() ([]byte, error)

MarshalJSON serializes to JSON

func (*Entity) RegisterExtensions added in v1.1.2 

func (o *Entity) RegisterExtensions(exts extensions.IExtensionsValue)

RegisterExtensions registers a struct as a collections of extensions

func (*Entity) SetEntityName 

func (o *Entity) SetEntityName(name any) *Entity

SetEntityName is used to set the EntityName field of Entity using supplied name

func (*Entity) SetRegID 

func (o *Entity) SetRegID(uri string) *Entity

SetRegID is used to set the RegID field of Entity using supplied uri

func (*Entity) SetRoles 

func (o *Entity) SetRoles(roles ...Role) *Entity

SetRoles appends the supplied roles to the target entity.

func (*Entity) UnmarshalCBOR added in v1.1.2 

func (o *Entity) UnmarshalCBOR(data []byte) error

UnmarshalCBOR deserializes from CBOR

func (*Entity) UnmarshalJSON added in v1.1.2 

func (o *Entity) UnmarshalJSON(data []byte) error

UnmarshalJSON deserializes from JSON

func (Entity) Valid 

func (o Entity) Valid() error

Valid checks for validity of the fields within each Entity

type EntityName added in v1.1.2 

type EntityName struct {
	Value IEntityNameValue
}

EntityName encapsulates the name of the associated Entity. The CoRIM specification only allows for text (string) name, but this may be extended by other specifications.

func MustNewEntityName added in v1.1.2 

func MustNewEntityName(val any, typ string) *EntityName

MustNewEntityName is like NewEntityName, except it doesn't return an error, assuming that the provided value is valid. It panics if that isn't the case.

func MustNewStringEntityName added in v1.1.2 

func MustNewStringEntityName(val any) *EntityName

func NewEntityName added in v1.1.2 

func NewEntityName(val any, typ string) (*EntityName, error)

NewEntityName creates a new EntityName of the specified type using the provided value.

func NewStringEntityName added in v1.1.2 

func NewStringEntityName(val any) (*EntityName, error)

func (EntityName) MarshalCBOR added in v1.1.2 

func (o EntityName) MarshalCBOR() ([]byte, error)

MarshalCBOR serializes the EntityName into CBOR-encoded bytes.

func (EntityName) MarshalJSON added in v1.1.2 

func (o EntityName) MarshalJSON() ([]byte, error)

MarshalJSON serializes the EntityName into a JSON object.

func (EntityName) String added in v1.1.2 

func (o EntityName) String() string

String returns the string representation of the EntityName

func (*EntityName) UnmarshalCBOR added in v1.1.2 

func (o *EntityName) UnmarshalCBOR(data []byte) error

UnmarshalCBOR deserializes the EntityName from CBOR-encoded bytes.

func (*EntityName) UnmarshalJSON added in v1.1.2 

func (o *EntityName) UnmarshalJSON(data []byte) error

UnmarshalJSON deserializes EntityName from the provided JSON object.

func (EntityName) Valid added in v1.1.2 

func (o EntityName) Valid() error

Valid returns nil if the underlying EntityName value is valid, or an error describing the problem otherwise.

type Extensions added in v1.1.2 

type Extensions struct {
	extensions.Extensions
}

type ICorimConstrainer added in v1.1.2 

type ICorimConstrainer interface {
	ConstrainCorim(*UnsignedCorim) error
}

type IEntityConstrainer added in v1.1.2 

type IEntityConstrainer interface {
	ConstrainEntity(*Entity) error
}

type IEntityNameFactory added in v1.1.2 

type IEntityNameFactory func(any) (*EntityName, error)

IEntityNameFactory defines the signature for the factory functions that may be registred using RegisterEntityNameType to provide a new implementation of the corresponding type choice. The factory function should create a new *EntityName with the underlying value created based on the provided input. The range of valid inputs is up to the specific type choice implementation, however it _must_ accept nil as one of the inputs, and return the Zero value for implemented type. See also https://go.dev/ref/spec#The_zero_value

type IEntityNameValue added in v1.1.2 

type IEntityNameValue interface {
	extensions.ITypeChoiceValue
}

IEntityNameValue is the interface implemented by all EntityName value types.

type ISignerConstrainer added in v1.1.2 

type ISignerConstrainer interface {
	ConstrainSigner(*Signer) error
}

type Locator 

type Locator struct {
	Href       comid.TaggedURI `cbor:"0,keyasint" json:"href"`
	Thumbprint *swid.HashEntry `cbor:"1,keyasint,omitempty" json:"thumbprint,omitempty"`
}

Locator is the internal representation of the corim-locator-map with CBOR and JSON serialization.

func (Locator) Valid 

func (o Locator) Valid() error

type Meta 

type Meta struct {
	Signer   Signer    `cbor:"0,keyasint" json:"signer"`
	Validity *Validity `cbor:"1,keyasint,omitempty" json:"validity,omitempty"`
}

Meta stores a corim-meta-map with JSON and CBOR serializations. It carries information about the CoRIM signer and, optionally, a validity period associated with the signed assertion. A corim-meta-map is serialized to CBOR and added to the protected header structure in the signed-corim as a byte string

func NewMeta 

func NewMeta() *Meta

func (*Meta) FromCBOR 

func (o *Meta) FromCBOR(data []byte) error

FromCBOR deserializes the supplied CBOR data into the target Meta

func (*Meta) FromJSON 

func (o *Meta) FromJSON(data []byte) error

FromJSON deserializes the supplied JSON data into the target Meta

func (*Meta) SetSigner 

func (o *Meta) SetSigner(name string, uri *string) *Meta

SetSigner populates the Signer element in the target Meta with the supplied name and optional URI

func (*Meta) SetValidity 

func (o *Meta) SetValidity(notAfter time.Time, notBefore *time.Time) *Meta

SetValidity sets the validity period of the target Meta to the supplied time range

func (Meta) ToCBOR 

func (o Meta) ToCBOR() ([]byte, error)

ToCBOR serializes the target Meta to CBOR

func (Meta) ToJSON 

func (o Meta) ToJSON() ([]byte, error)

ToJSON serializes the target Meta to JSON

func (Meta) Valid 

func (o Meta) Valid() error

Valid checks for validity of the fields within Meta

type Role 

type Role int64
const (
	RoleManifestCreator Role = iota + 1
)

func (Role) String added in v1.1.2 

func (o Role) String() string

String returns the string representation of the Role.

type Roles 

type Roles []Role

func NewRoles 

func NewRoles() *Roles

func (*Roles) Add 

func (o *Roles) Add(roles ...Role) *Roles

Add appends the supplied roles to Roles list.

func (*Roles) FromJSON 

func (o *Roles) FromJSON(data []byte) error

func (Roles) MarshalJSON 

func (o Roles) MarshalJSON() ([]byte, error)

func (Roles) ToJSON 

func (o Roles) ToJSON() ([]byte, error)

func (*Roles) UnmarshalJSON 

func (o *Roles) UnmarshalJSON(data []byte) error

func (Roles) Valid 

func (o Roles) Valid() error

Valid iterates over the range of individual roles to check for validity

type SignedCorim 

type SignedCorim struct {
	UnsignedCorim UnsignedCorim
	Meta          Meta
	// contains filtered or unexported fields
}

SignedCorim encodes a signed-corim message (i.e., a COSE Sign1 wrapped CoRIM) with signature and verification methods

func (*SignedCorim) FromCOSE 

func (o *SignedCorim) FromCOSE(buf []byte) error

FromCOSE decodes and effects syntactic validation on the supplied signed-corim message, including the embedded unsigned-corim and corim-meta. On success, the unsigned-corim-map is made available via the UnsignedCorim field while the corim-meta-map is decoded into the Meta field.

func (*SignedCorim) Sign 

func (o *SignedCorim) Sign(signer cose.Signer) ([]byte, error)

Sign returns the serialized signed-corim, signed by the supplied cose Signer. The target SignedCorim must have its UnsignedCorim field correctly populated.

func (*SignedCorim) Verify 

func (o *SignedCorim) Verify(pk crypto.PublicKey) error

Verify verifies the signature of the target SignedCorim object using the supplied public key

type Signer 

type Signer struct {
	Name string           `cbor:"0,keyasint" json:"name"`
	URI  *comid.TaggedURI `cbor:"1,keyasint,omitempty" json:"uri,omitempty"`

	Extensions
}

func NewSigner 

func NewSigner() *Signer

func (*Signer) GetExtensions added in v1.1.2 

func (o *Signer) GetExtensions() extensions.IExtensionsValue

GetExtensions returns previously registered extension

func (*Signer) MarshalCBOR added in v1.1.2 

func (o *Signer) MarshalCBOR() ([]byte, error)

MarshalCBOR serializes to CBOR

func (*Signer) MarshalJSON added in v1.1.2 

func (o *Signer) MarshalJSON() ([]byte, error)

MarshalJSON serializes to JSON

func (*Signer) RegisterExtensions added in v1.1.2 

func (o *Signer) RegisterExtensions(exts extensions.IExtensionsValue)

RegisterExtensions registers a struct as a collections of extensions

func (*Signer) SetName 

func (o *Signer) SetName(name string) *Signer

SetName sets the target Signer's name to the supplied value

func (*Signer) SetURI 

func (o *Signer) SetURI(uri string) *Signer

SetURI sets the target Signer's URI to the supplied value

func (*Signer) UnmarshalCBOR added in v1.1.2 

func (o *Signer) UnmarshalCBOR(data []byte) error

UnmarshalCBOR deserializes from CBOR

func (*Signer) UnmarshalJSON added in v1.1.2 

func (o *Signer) UnmarshalJSON(data []byte) error

UnmarshalJSON deserializes from JSON

func (Signer) Valid 

func (o Signer) Valid() error

Valid checks the validity of individual fields within Signer

type StringEntityName added in v1.1.2 

type StringEntityName string

StringEntityName is a text string EntityName with no other contraints. This is the only EntityName value type defined by the CoRIM specification itself.

func (StringEntityName) String added in v1.1.2 

func (o StringEntityName) String() string

func (StringEntityName) Type added in v1.1.2 

func (o StringEntityName) Type() string

func (StringEntityName) Valid added in v1.1.2 

func (o StringEntityName) Valid() error

type Tag 

type Tag []byte

Tag is either a CBOR-encoded CoMID, CoSWID or CoTS

func (Tag) Valid 

func (o Tag) Valid() error

type UnsignedCorim 

type UnsignedCorim struct {
	ID swid.TagID `cbor:"0,keyasint" json:"corim-id"`
	// note: even though tags are mandatory for CoRIM, we allow omitting
	// them in our JSON templates for cocli (the min template just has
	// corim-id). Since we're never writing JSON (so far), this normally
	// wouldn't matter, however the custom serialization code we use to
	// handle embedded structs relies on the omitempty entry to determine
	// if a fieled is optional, so we use it during unmarshaling as well as
	// marshaling. Hence omitempty is present for the json tag, but not
	// cbor.
	Tags          []Tag          `cbor:"1,keyasint" json:"tags,omitempty"`
	DependentRims *[]Locator     `cbor:"2,keyasint,omitempty" json:"dependent-rims,omitempty"`
	Profiles      *[]eat.Profile `cbor:"3,keyasint,omitempty" json:"profiles,omitempty"`
	RimValidity   *Validity      `cbor:"4,keyasint,omitempty" json:"validity,omitempty"`
	Entities      *Entities      `cbor:"5,keyasint,omitempty" json:"entities,omitempty"`

	Extensions
}

UnsignedCorim is the top-level representation of the unsigned-corim-map with CBOR and JSON serialization.

func NewUnsignedCorim 

func NewUnsignedCorim() *UnsignedCorim

NewUnsignedCorim instantiates an empty UnsignedCorim

func (*UnsignedCorim) AddComid 

func (o *UnsignedCorim) AddComid(c comid.Comid) *UnsignedCorim

AddComid appends the CBOR encoded (and appropriately tagged) CoMID to the tags array of the unsigned-corim-map

func (*UnsignedCorim) AddCoswid 

func (o *UnsignedCorim) AddCoswid(c swid.SoftwareIdentity) *UnsignedCorim

AddCoswid appends the CBOR encoded (and appropriately tagged) CoSWID to the tags array of the unsigned-corim-map

func (*UnsignedCorim) AddCots added in v1.1.0 

func (o *UnsignedCorim) AddCots(c cots.ConciseTaStore) *UnsignedCorim

AddCots appends the CBOR encoded (and appropriately tagged) CoTS to the tags array of the unsigned-corim-map

func (*UnsignedCorim) AddDependentRim 

func (o *UnsignedCorim) AddDependentRim(href string, thumbprint *swid.HashEntry) *UnsignedCorim

AddDependentRim creates a corim-locator-map from the supplied arguments and appends it to the dependent RIMs in the unsigned-corim-map

func (*UnsignedCorim) AddEntity 

func (o *UnsignedCorim) AddEntity(name string, regID *string, roles ...Role) *UnsignedCorim

AddEntity adds an organizational entity, together with the roles this entity claims with regards to the CoRIM, to the target UnsignerCorim. name is the entity name, regID is a URI that uniquely identifies the entity. For the moment, roles can only be RoleManifestCreator.

func (*UnsignedCorim) AddProfile 

func (o *UnsignedCorim) AddProfile(urlOrOID string) *UnsignedCorim

AddProfile appends the supplied profile identifier (either a URL or OID) to the profiles array in the unsigned-corim-map

func (*UnsignedCorim) FromCBOR 

func (o *UnsignedCorim) FromCBOR(data []byte) error

FromCBOR deserializes a CBOR-encoded unsigned CoRIM into the target UnsignedCorim

func (*UnsignedCorim) FromJSON 

func (o *UnsignedCorim) FromJSON(data []byte) error

FromJSON deserializes a JSON-encoded unsigned CoRIM into the target UnsignedCorim

func (*UnsignedCorim) GetExtensions added in v1.1.2 

func (o *UnsignedCorim) GetExtensions() extensions.IExtensionsValue

GetExtensions returns pervisouosly registered extension

func (UnsignedCorim) GetID 

func (o UnsignedCorim) GetID() string

GetID retrieves the corim-id from the unsigned-corim-map as a string

func (*UnsignedCorim) RegisterExtensions added in v1.1.2 

func (o *UnsignedCorim) RegisterExtensions(exts extensions.IExtensionsValue)

RegisterExtensions registers a struct as a collections of extensions

func (*UnsignedCorim) SetID 

func (o *UnsignedCorim) SetID(v interface{}) *UnsignedCorim

SetID sets the corim-id in the unsigned-corim-map to the supplied value. The corim-id can be passed as UUID in string or binary form (i.e., byte array), or as a (non-empty) string

func (*UnsignedCorim) SetRimValidity 

func (o *UnsignedCorim) SetRimValidity(notAfter time.Time, notBefore *time.Time) *UnsignedCorim

SetRimValidity can be used to set the validity period of the CoRIM. The caller must supply a "not-after" timestamp and optionally a "not-before" timestamp.

func (*UnsignedCorim) ToCBOR 

func (o *UnsignedCorim) ToCBOR() ([]byte, error)

ToCBOR serializes the target unsigned CoRIM to CBOR

func (UnsignedCorim) Valid 

func (o UnsignedCorim) Valid() error

Valid checks the validity (according to the spec) of the target unsigned CoRIM

type Validity 

type Validity struct {
	NotBefore *time.Time `cbor:"0,keyasint,omitempty" json:"not-before,omitempty"`
	NotAfter  time.Time  `cbor:"1,keyasint" json:"not-after"`
}

func NewValidity 

func NewValidity() *Validity

func (*Validity) Set 

func (o *Validity) Set(notAfter time.Time, notBefore *time.Time) *Validity

Set instantiates a Validity object (using the supplied time inputs) & checks it been valid

func (Validity) Valid 

func (o Validity) Valid() error

Valid checks for validity of fields inside the Validity object

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.