Skip to content

veraison/corim

Concise Reference Integrity Manifest and Module Identifiers

ci cover ≥82% linters Go Reference

The corim/corim and corim/comid packages provide a golang API for low-level manipulation of Concise Reference Integrity Manifest (CoRIM) and Concise Module Identifier (CoMID) tags respectively. The corim/coev package provides a minimal golang implementation of TCG Concise Evidence CDDL as documented here The corim/coserv package provides a golang API for working with Concise Selector for Endorsements and Reference Values.

Note

These API are still in active development (as is the underlying CoRIM spec). They are subject to change in the future.

Required Tools

Ensure you have the following tools installed with the specified versions on your machine to ensure everything works properly:

  • Go: Version 1.22
  • golangci-lint: Version 1.54.2

Developer tips

Before requesting a PR (and routinely during the dev/test cycle), you are encouraged to run:

make presubmit

and check its output to make sure your code coverage figures are in line with the set target and that there are no newly introduced lint problems.

x5chain trust verification

Signed CoRIM messages may carry an X.509 chain in the COSE x5chain protected header. Use SignedCorim.VerifyWithX5Chain after FromCOSE to validate PKIX trust, optional CRL revocation, and the COSE signature.

Load trust material with LoadTrustAnchors. When no trust-anchor paths are supplied, verification uses the OS certificate store; for production deployments, pass explicit anchors. When no CRL paths are supplied, revocation checks are skipped; when CRLs are loaded, CrlPolicyStrict is the default.

For external-key verification without PKIX path validation, use SignedCorim.Verify instead.

Extending CoRIM/CoMID

The CoRIM specification provides a mechanism for adding extensions to the base CoRIM schema. The corim and comid structs which can be extended, embed an Extensions object that allows registering a wrapper structure defining extension fields. For field types that can be extended, i.e. type choice, extensions can be implemented by calling an appropriate registration function and giving it a new type or a value (for enums).

Please see extensions documentation for details.

About

CoRIM and CoMID manipulation library

Topics

Resources

License

Code of conduct

Contributing

Security policy

Stars

Watchers

Forks

Packages

 
 
 

Contributors

Languages