From 96bcb039e954a784ef7eaebf12444c82defc42cd Mon Sep 17 00:00:00 2001 From: Sukuna0007Abhi Date: Tue, 7 Oct 2025 16:33:55 +0000 Subject: [PATCH 1/2] Add CoTS support to CoSERV (#201) Implements support for CoTS (Concise Trust Anchor Store) in the CoSERV package as specified in draft-howard-rats-coserv-02. Changes: - Added CoTSStmt struct to quads.go with authorities and CoTS fields - Updated ResultSet to include TAS field (CBOR field 4) for CoTS statements - Implemented AddCoTS() method to allow adding CoTS statements to ResultSet - Added comprehensive unit tests for CoTS functionality - Removed TODO comment for CoTS in resultset.go This implementation follows the CoSERV specification trust-anchors structure: trust-anchors = ( &(akq: 3) => [ * ak-quad ] &(tas: 4) => [ * cots-stmt ] ) Fixes #201 Signed-off-by: Sukuna0007Abhi --- coserv/quads.go | 10 +++++++++- coserv/resultset.go | 13 ++++++++++++- coserv/resultset_test.go | 34 ++++++++++++++++++++++++++++++++++ 3 files changed, 55 insertions(+), 2 deletions(-) diff --git a/coserv/quads.go b/coserv/quads.go index 69a29cad..8e66d3f8 100644 --- a/coserv/quads.go +++ b/coserv/quads.go @@ -3,7 +3,10 @@ package coserv -import "github.com/veraison/corim/comid" +import ( + "github.com/veraison/corim/comid" + "github.com/veraison/corim/cots" +) type RefValQuad struct { Authorities *comid.CryptoKeys `cbor:"1,keyasint"` @@ -14,3 +17,8 @@ type AKQuad struct { Authorities *comid.CryptoKeys `cbor:"1,keyasint"` AKTriple *comid.KeyTriple `cbor:"2,keyasint"` } + +type CoTSStmt struct { + Authorities *comid.CryptoKeys `cbor:"1,keyasint"` + CoTS *cots.ConciseTaStore `cbor:"2,keyasint"` +} diff --git a/coserv/resultset.go b/coserv/resultset.go index 87d9b711..1dd5ccf4 100644 --- a/coserv/resultset.go +++ b/coserv/resultset.go @@ -13,8 +13,8 @@ import ( type ResultSet struct { RVQ *[]RefValQuad `cbor:"0,keyasint,omitempty"` AKQ *[]AKQuad `cbor:"3,keyasint,omitempty"` + TAS *[]CoTSStmt `cbor:"4,keyasint,omitempty"` // TODO(tho) add endorsed values - // TODO(tho) add CoTS Expiry *time.Time `cbor:"10,keyasint"` SourceArtifacts *[]cmw.CMW `cbor:"11,keyasint,omitempty"` } @@ -46,6 +46,17 @@ func (o *ResultSet) AddAttestationKeys(v AKQuad) *ResultSet { return o } +// AddCoTS adds the supplied CoTS statement to the target ResultSet +func (o *ResultSet) AddCoTS(v CoTSStmt) *ResultSet { + if o.TAS == nil { + o.TAS = new([]CoTSStmt) + } + + *o.TAS = append(*o.TAS, v) + + return o +} + // AddSourceArtifacts adds the supplied CMW to the target ResultSet func (o *ResultSet) AddSourceArtifacts(v cmw.CMW) *ResultSet { // nolint:gocritic if o.SourceArtifacts == nil { diff --git a/coserv/resultset_test.go b/coserv/resultset_test.go index 96e831e3..f58a26aa 100644 --- a/coserv/resultset_test.go +++ b/coserv/resultset_test.go @@ -10,6 +10,7 @@ import ( "github.com/stretchr/testify/require" "github.com/veraison/cmw" "github.com/veraison/corim/comid" + "github.com/veraison/corim/cots" ) func TestResultSet_AddAttestationKeys(t *testing.T) { @@ -32,6 +33,39 @@ func TestResultSet_AddAttestationKeys(t *testing.T) { assert.NotNil(t, rset) } +func TestResultSet_AddCoTS(t *testing.T) { + authority, err := comid.NewCryptoKeyTaggedBytes(testAuthority) + require.NoError(t, err) + + // Create a simple CoTS structure for testing + cotsStore := cots.NewConciseTaStore() + + // Add a basic environment group with a class + class := comid.NewClassBytes(testBytes) + env := comid.Environment{ + Class: class, + } + eg := cots.EnvironmentGroup{} + eg.SetEnvironment(env) + cotsStore.AddEnvironmentGroup(eg) + + // Add trust anchor keys + testCert := []byte{0x30, 0x82, 0x01, 0x00} // Simple test cert bytes + tas := cots.NewTasAndCas() + tas.AddTaCert(testCert) + cotsStore.SetKeys(*tas) + + cotsStmt := CoTSStmt{ + Authorities: comid.NewCryptoKeys().Add(authority), + CoTS: cotsStore, + } + + rset := NewResultSet().SetExpiry(testExpiry).AddCoTS(cotsStmt) + assert.NotNil(t, rset) + assert.NotNil(t, rset.TAS) + assert.Equal(t, 1, len(*rset.TAS)) +} + func TestResultSet_AddSourceArtifacts(t *testing.T) { cmw0, err := cmw.NewMonad("application/vnd.example.refvals", []byte{0x00, 0x01, 0x02, 0x03}) require.NoError(t, err) From 591120a8ddd07b73a762994b6e7ab3136f183976 Mon Sep 17 00:00:00 2001 From: Sukuna0007Abhi Date: Tue, 7 Oct 2025 16:41:08 +0000 Subject: [PATCH 2/2] Fix gofmt linting issues Signed-off-by: Sukuna0007Abhi --- coserv/quads.go | 4 ++-- coserv/resultset_test.go | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/coserv/quads.go b/coserv/quads.go index 8e66d3f8..f5f8d25f 100644 --- a/coserv/quads.go +++ b/coserv/quads.go @@ -19,6 +19,6 @@ type AKQuad struct { } type CoTSStmt struct { - Authorities *comid.CryptoKeys `cbor:"1,keyasint"` - CoTS *cots.ConciseTaStore `cbor:"2,keyasint"` + Authorities *comid.CryptoKeys `cbor:"1,keyasint"` + CoTS *cots.ConciseTaStore `cbor:"2,keyasint"` } diff --git a/coserv/resultset_test.go b/coserv/resultset_test.go index f58a26aa..eb1a951c 100644 --- a/coserv/resultset_test.go +++ b/coserv/resultset_test.go @@ -39,7 +39,7 @@ func TestResultSet_AddCoTS(t *testing.T) { // Create a simple CoTS structure for testing cotsStore := cots.NewConciseTaStore() - + // Add a basic environment group with a class class := comid.NewClassBytes(testBytes) env := comid.Environment{ @@ -48,7 +48,7 @@ func TestResultSet_AddCoTS(t *testing.T) { eg := cots.EnvironmentGroup{} eg.SetEnvironment(env) cotsStore.AddEnvironmentGroup(eg) - + // Add trust anchor keys testCert := []byte{0x30, 0x82, 0x01, 0x00} // Simple test cert bytes tas := cots.NewTasAndCas()