search

veraison / corim

CoRIM and CoMID manipulation library and CLI
Apache License 2.0
9 stars 7 forks source link

signedcorim_test has outdated schema for serialized payload? #104

Open deeglaze opened 11 months ago

deeglaze commented 11 months ago

There's a comment in the corim Valid function that there can't be much done for validating Tag, but that isn't quite right since you can decode a RawTag and check the number for supported tags and continue down the tree. I started writing this up here https://github.com/veraison/corim/compare/main...deeglaze:corim:validatetag

Here's an error from the diff, with manually added formatting for clarity

Expected nil, but got: &fmt.wrapError{msg:"failed validation of unsigned CoRIM: tag validation failed at pos 0: unexpected concise-tag-type-choice value representation (map[
0:en-GB
1:map[0:[67 187 227 127 46 97 75 51 174 211 83 207 241 66 139 22]]
2:[map[0:ACME Ltd. 1:{32 https://acme.example} 2:[0 1 2]]]
4:map[
 / reference-triple / 0:[
 [/ environment-map /
 map[0:map[0:{600 [97 99 109 101 45 105 109 112 108 101 109 101 110 116 97 116 105 111 110 45 105 100 45 48 48 48 48 48 48 48 48 49]} 1:ACME 2:RoadRunner]]
 / measurement-map (... but somehow an array of measurement-map?) /
 [map[/ mkey /0:{600 map[1:BL
                         4:2.1.0
                         5:[172 187 17 199 228 218 33 114 5 82 60 228 206 26 36 90 225 162 57 174 60 107 253 158 120 113 247 229 216 186 232 107]]}
      / mval /1:map[/ digests /2:[[1 [135 66 143 197 34 128 61 49 6 94 123 206 60 240 63 228 117 9 102 49 229 224 123 189 122 15 222 96 196 207 37 199]]]]]
  map[/ mkey /0:{600 map[1:PRoT
                         4:1.3.5
                         5:[172 187 17 199 228 218 33 114 5 82 60 228 206 26 36 90 225 162 57 174 60 107 253 158 120 113 247 229 216 186 232 107]]}
      / mval /1:map[/ digests /2:[[1 [2 99 130 153 137 182 253 149 79 114 186 175 47 198 75 194 226 240 29 105 45 77 231 41 134 234 128 143 110 153 129 63]]]]]
  map[/ mkey /0:{600 map[1:ARoT
                         4:0.1.4
                         5:[172 187 17 199 228 218 33 114 5 82 60 228 206 26 36 90 225 162 57 174 60 107 253 158 120 113 247 229 216 186 232 107]]}
      / mval /1:map[/ digests /2:[[1 [163 165 231 21 240 204 87 74 115 195 249 190 187 107 194 79 50 255 213 182 123 56 114 68 194 201 9 218 119 154 20 120]]]]]]]]]]): error unmarshalling field \"Triples\": error unmarshalling field \"ReferenceValues\": cbor: cannot unmarshal map into Go struct field comid.ReferenceValue.measurements of type comid.TaggedImplID", err:(*fmt.wrapError)(0xc0000d7040)}

I added the cbor.Tag{} deserialization's Content value for inspecting what could be going on here. There seems to be two different content value types associated with the psa.impl-id tag 600? Impl-id should just be 32 bytes without an interpretation the way it is in the environment-map, but here it's getting interpreted as maps when in an mkey.

I'm not sure how frequently y'all are updating static serialized cbor values in tests as the corim draft evolves, but this is confusing to me.