A number of enhancements to support CoRIM-based verifier implementation#42
Merged
thomas-fossati merged 11 commits intomasterfrom Oct 16, 2025
Merged
A number of enhancements to support CoRIM-based verifier implementation#42thomas-fossati merged 11 commits intomasterfrom
thomas-fossati merged 11 commits intomasterfrom
Conversation
- Add methods for getting a (reference to) CorimMap from a Corim. - Add to/from JSON methods to CorimMap - Add to_json_pretty(), which is similar to to_json() but generates indented and pretty-printed rather than compact string. - Fix from_json: read the Read object into a string and then deserialize from that, rather than deserializing from Read object directly. This is necessary because Deserialize implementations for various maps expect keys as borrowed strings, which is not possible with Read as there is not necessarily an underlying buffer to borrow from. - as_signed() and as_unsigned() now return untagged versions, since that is what is typically wanted; tags are only need for correct encoding. Note that as_unsinged() is now similar to into_map() with the difference beting that None is returned for signed CoRIMs. - add as_(un)signed_ref() and as_(un)signed_mut() methods for getting reference that do not move out of the original. Signed-off-by: setrofim <setrofim@gmail.com>
When encoding ExtensionValue::Bytes into JSON, prefix the base64-encoded string with "[base64]:" to indicate that the value is actually Bytes, not Text. When decoding, look for this prefix as an indication that the following value should be base64-decoded into Bytes. Up to this point, ExtensionValue would try to deserialize all strings as bytes, and would only yield Text if base64 decoding failed. This made it impossible to correctly decode JSON representations of certain values. NOTE: it is impossible to represent strings that start with "[base64]:", as they would be interpreted as encoded bytes. Signed-off-by: setrofim <setrofim@gmail.com>
CoseKeyType is a tagged CoseKeySetOrKey, so the derived From implementation requires explicitly constructing a CoseKeySetOrKey from a CoseKey before it can be used with various CoRIM structures. Signed-off-by: setrofim <setrofim@gmail.com>
A CoRIM's identifier may need to appear in logs and traces, and so should have a human-readable form. Signed-off-by: setrofim <setrofim@gmail.com>
CoRIM types use Cow's (copy-on-write smart pointers) for contained strings. A Cow can be either borrowed or owned. When a borrowed Cow is cloned, the result is also a borrowed Cow that borrows from the same underlying source. This means that cloning CoRIM structures does not fully copy them, as they will still contain references to strings in the original. In order to allow some structures (such as environments) to exceed the lifetimes of the CoRIMs that originated them, add to_fully_owned() method that behaves much like clone() but ensures that any contained Cow's are converted to own their contents. Note: explicit lifetimes are used as an indicator that the lifetime of the returned value is decoupled from that of the method's object. However, as there no formal lifetime bounds that necessitate this in the code base itself, clippy gets confused and mistakenly thinks that the explicit lifetimes can be elided. This requires suppressing clippy::needless_lifetime warnings for to_fully_owned() methods. Signed-off-by: setrofim <setrofim@gmail.com>
Add len(), is_empty(), and as_slice() methods to Bytes and TaggedBytes to allow them to be treated as vectors of bytes. Signed-off-by: setrofim <setrofim@gmail.com>
Add a get() method to ExtensionMap to allow accessing specific extensions contained therein. Signed-off-by: setrofim <setrofim@gmail.com>
Add the missing From<String> conversions for Uri and Ulabel types. Signed-off-by: setrofim <setrofim@gmail.com>
Add the missing add_extension() method to the MeasurementValuesMapBuilder. Signed-off-by: setrofim <setrofim@gmail.com>
This propagates the as_i128() implementations already available in the contained values. Signed-off-by: setrofim <setrofim@gmail.com>
thomas-fossati
approved these changes
Oct 16, 2025
Collaborator
thomas-fossati
left a comment
thomas-fossati
left a comment
There was a problem hiding this comment.
Some awesome stuff. And some scary stuff too — e.g., the deep copy part I was like "what?!” :-)
🚢 it!
Implement matching semantics as described by sections 9.4.5 and 9.4.6 of the Corim draft spec[1]. This tells you whether a reference matches some other value. This is distinct from equality, and is not symmetric, i.e. a.matches(b) does not imply b.matches(a). [1]: https://www.ietf.org/archive/id/draft-ietf-rats-corim-08.html Signed-off-by: setrofim <setrofim@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
matches()method.to_fully_owned()method that allows deep copy by converting any borrowedCows to owned.ExtensionValueJSON representation (specifically, distinguishing between strings and base64-encoded bytes)