Struct ComidBuilder 

pub struct ComidBuilder { /* private fields */ }

Builder for constructing a ComidTag (CoMID).

Accepts a caller-provided tag-id and allows adding any combination of the nine triple types defined by the RFC. At least one triple must be present for build to succeed.

Implementations

impl ComidBuilder

pub fn new(tag_id: TagIdChoice) -> Self

Create a new builder with the given tag identifier.

The tag identifier must be globally unique per §5.1.1.1.

Examples found in repository

examples/build_corim.rs (lines 39-41)

fn main() {
    // Define the target environment
    let env = EnvironmentMap {
        class: Some(ClassMap {
            class_id: None,
            vendor: Some("ACME Corp".into()),
            model: Some("Turbo Encabulator".into()),
            layer: Some(0),
            index: None,
        }),
        instance: None,
        group: None,
    };

    // Create a measurement with a SHA-384 digest
    let measurement = MeasurementMap {
        mkey: Some(MeasuredElement::Text("firmware".into())),
        mval: MeasurementValuesMap {
            digests: Some(vec![Digest::new(7, vec![0xAA; 48])]),
            ..MeasurementValuesMap::default()
        },
        authorized_by: None,
    };

    // Build a CoMID
    let comid = ComidBuilder::new(TagIdChoice::Text(
        "example.com/acme/turbo-encabulator".into(),
    ))
    .set_tag_version(0)
    .add_entity(EntityMap {
        entity_name: "ACME Corp".into(),
        reg_id: Some("https://acme.example.com".into()),
        role: vec![COMID_ROLE_TAG_CREATOR],
    })
    .add_reference_triple(ReferenceTriple::new(env, vec![measurement]))
    .build()
    .expect("failed to build CoMID");

    // Wrap in a CoRIM and encode
    let bytes = CorimBuilder::new(CorimId::Text("acme/corim/v1".into()))
        .set_profile(ProfileChoice::Uri(
            "https://example.com/acme-profile".into(),
        ))
        .set_validity(Some(1700000000), 1900000000)
        .unwrap()
        .add_comid_tag(comid)
        .expect("failed to encode CoMID")
        .build_bytes()
        .expect("failed to build CoRIM");

    println!("Encoded CoRIM: {} bytes", bytes.len());
    println!(
        "Hex: {}",
        bytes
            .iter()
            .map(|b| format!("{:02x}", b))
            .collect::<String>()
    );
}

pub fn strict_links(self, enable: bool) -> Self

Enable cross-triple link checking at build() time.

When enabled, two anchoring checks run:

1. Every condition environment in a conditional-endorsement-series, conditional-endorsement, or endorsed triple must structurally equal some reference-triple environment in the same CoMID; otherwise build() returns BuilderError::UnanchoredConditionEnv.
2. Every selection-side measurement (CES claims_list, CES series selection, or CE stateful-environment-record measurement) must structurally equal some measurement in a reference triple for the same env; otherwise build() returns BuilderError::UnanchoredConditionMeasurement. Endorsement and addition lists are not anchored.

The wire format does not encode either constraint — these are builder-side lints for catching authoring mistakes.

pub fn declare_env( &mut self, label: impl Into<String>, env: EnvironmentMap, ) -> Result<EnvRef, BuilderError>

Declare a named environment in this builder’s catalog.

Returns an EnvRef that can be passed to any add_*_for method on this same builder. The label is for diagnostics only; uniqueness is enforced — a second declare_env with the same label returns BuilderError::DuplicateEnvLabel.

EnvRefs never reach the wire format; build() resolves each ref into an inline EnvironmentMap before encoding.

pub fn add_reference_triple_for( self, env: impl Into<EnvSpec>, measurements: Vec<MeasurementMap>, ) -> Self

Add a reference values triple by env-spec.

env may be an EnvironmentMap (inline) or an EnvRef obtained from declare_env on this same builder. Resolution happens at build time.

pub fn add_endorsed_triple_for( self, env: impl Into<EnvSpec>, endorsement: Vec<MeasurementMap>, ) -> Self

Add an endorsed values triple by env-spec. See add_reference_triple_for.

pub fn add_identity_triple_for( self, env: impl Into<EnvSpec>, keys: Vec<CryptoKey>, conditions: Option<KeyTripleConditions>, ) -> Self

Add an identity triple by env-spec. See add_reference_triple_for.

pub fn add_attest_key_triple_for( self, env: impl Into<EnvSpec>, keys: Vec<CryptoKey>, conditions: Option<KeyTripleConditions>, ) -> Self

Add an attest-key triple by env-spec. See add_reference_triple_for.

pub fn add_dependency_triple_for( self, domain: impl Into<EnvSpec>, trustees: Vec<EnvSpec>, ) -> Self

Add a domain dependency triple by env-spec. Trustees are also env-specs; pass vec![env_a.into(), env_b_ref.into()] to mix inline envs and refs.

pub fn add_membership_triple_for( self, domain: impl Into<EnvSpec>, members: Vec<EnvSpec>, ) -> Self

Add a domain membership triple by env-spec. See add_dependency_triple_for.

pub fn add_coswid_triple_for( self, env: impl Into<EnvSpec>, tag_ids: Vec<TagIdChoice>, ) -> Self

Add a CoMID-CoSWID linking triple by env-spec.

pub fn add_conditional_endorsement_series_for( self, condition_env: impl Into<EnvSpec>, condition_claims_list: Vec<MeasurementMap>, condition_authorized_by: Option<Vec<CryptoKey>>, series: Vec<ConditionalSeriesRecord>, ) -> Self

Add a conditional-endorsement-series triple by env-spec.

The arguments correspond to the fields of CesCondition plus the series list. The condition env may be an EnvironmentMap or an EnvRef; refs are resolved at build time exactly like the other _for methods.

This is the preferred way to construct a CES triple whose condition env is shared with a reference triple — passing the same EnvRef to both add_reference_triple_for and this method guarantees the two envs are byte-for-byte identical on the wire, with no caller-visible clone.

pub fn add_conditional_endorsement_for( self, conditions: Vec<(EnvSpec, Vec<MeasurementMap>)>, endorsements: Vec<EndorsedTriple>, ) -> Self

Add a conditional-endorsement triple by env-spec.

conditions is the [+ stateful-environment-record] list — each entry pairs an env (inline or EnvRef) with its measurement list. endorsements is the [+ endorsed-triple-record] list; those inner envs are not covered by the catalog (use add_endorsed_triple_for when the shared-env intent is across whole endorsed triples instead).

pub fn set_tag_version(self, version: u64) -> Self

Set the tag version (§5.1.1.2). Defaults to 0 if not set.

Examples found in repository

examples/build_corim.rs (line 42)

fn main() {
    // Define the target environment
    let env = EnvironmentMap {
        class: Some(ClassMap {
            class_id: None,
            vendor: Some("ACME Corp".into()),
            model: Some("Turbo Encabulator".into()),
            layer: Some(0),
            index: None,
        }),
        instance: None,
        group: None,
    };

    // Create a measurement with a SHA-384 digest
    let measurement = MeasurementMap {
        mkey: Some(MeasuredElement::Text("firmware".into())),
        mval: MeasurementValuesMap {
            digests: Some(vec![Digest::new(7, vec![0xAA; 48])]),
            ..MeasurementValuesMap::default()
        },
        authorized_by: None,
    };

    // Build a CoMID
    let comid = ComidBuilder::new(TagIdChoice::Text(
        "example.com/acme/turbo-encabulator".into(),
    ))
    .set_tag_version(0)
    .add_entity(EntityMap {
        entity_name: "ACME Corp".into(),
        reg_id: Some("https://acme.example.com".into()),
        role: vec![COMID_ROLE_TAG_CREATOR],
    })
    .add_reference_triple(ReferenceTriple::new(env, vec![measurement]))
    .build()
    .expect("failed to build CoMID");

    // Wrap in a CoRIM and encode
    let bytes = CorimBuilder::new(CorimId::Text("acme/corim/v1".into()))
        .set_profile(ProfileChoice::Uri(
            "https://example.com/acme-profile".into(),
        ))
        .set_validity(Some(1700000000), 1900000000)
        .unwrap()
        .add_comid_tag(comid)
        .expect("failed to encode CoMID")
        .build_bytes()
        .expect("failed to build CoRIM");

    println!("Encoded CoRIM: {} bytes", bytes.len());
    println!(
        "Hex: {}",
        bytes
            .iter()
            .map(|b| format!("{:02x}", b))
            .collect::<String>()
    );
}

pub fn set_language(self, lang: impl Into<String>) -> Self

Set the optional language tag (BCP 47).

pub fn add_entity(self, entity: EntityMap) -> Self

Add an entity (§5.1.2).

Examples found in repository

examples/build_corim.rs (lines 43-47)

fn main() {
    // Define the target environment
    let env = EnvironmentMap {
        class: Some(ClassMap {
            class_id: None,
            vendor: Some("ACME Corp".into()),
            model: Some("Turbo Encabulator".into()),
            layer: Some(0),
            index: None,
        }),
        instance: None,
        group: None,
    };

    // Create a measurement with a SHA-384 digest
    let measurement = MeasurementMap {
        mkey: Some(MeasuredElement::Text("firmware".into())),
        mval: MeasurementValuesMap {
            digests: Some(vec![Digest::new(7, vec![0xAA; 48])]),
            ..MeasurementValuesMap::default()
        },
        authorized_by: None,
    };

    // Build a CoMID
    let comid = ComidBuilder::new(TagIdChoice::Text(
        "example.com/acme/turbo-encabulator".into(),
    ))
    .set_tag_version(0)
    .add_entity(EntityMap {
        entity_name: "ACME Corp".into(),
        reg_id: Some("https://acme.example.com".into()),
        role: vec![COMID_ROLE_TAG_CREATOR],
    })
    .add_reference_triple(ReferenceTriple::new(env, vec![measurement]))
    .build()
    .expect("failed to build CoMID");

    // Wrap in a CoRIM and encode
    let bytes = CorimBuilder::new(CorimId::Text("acme/corim/v1".into()))
        .set_profile(ProfileChoice::Uri(
            "https://example.com/acme-profile".into(),
        ))
        .set_validity(Some(1700000000), 1900000000)
        .unwrap()
        .add_comid_tag(comid)
        .expect("failed to encode CoMID")
        .build_bytes()
        .expect("failed to build CoRIM");

    println!("Encoded CoRIM: {} bytes", bytes.len());
    println!(
        "Hex: {}",
        bytes
            .iter()
            .map(|b| format!("{:02x}", b))
            .collect::<String>()
    );
}

pub fn add_linked_tag(self, linked_tag: LinkedTagMap) -> Self

Add a linked tag (§5.1.3).

pub fn add_reference_triple(self, triple: ReferenceTriple) -> Self

Add a reference values triple (§5.1.5).

Examples found in repository

examples/build_corim.rs (line 48)

fn main() {
    // Define the target environment
    let env = EnvironmentMap {
        class: Some(ClassMap {
            class_id: None,
            vendor: Some("ACME Corp".into()),
            model: Some("Turbo Encabulator".into()),
            layer: Some(0),
            index: None,
        }),
        instance: None,
        group: None,
    };

    // Create a measurement with a SHA-384 digest
    let measurement = MeasurementMap {
        mkey: Some(MeasuredElement::Text("firmware".into())),
        mval: MeasurementValuesMap {
            digests: Some(vec![Digest::new(7, vec![0xAA; 48])]),
            ..MeasurementValuesMap::default()
        },
        authorized_by: None,
    };

    // Build a CoMID
    let comid = ComidBuilder::new(TagIdChoice::Text(
        "example.com/acme/turbo-encabulator".into(),
    ))
    .set_tag_version(0)
    .add_entity(EntityMap {
        entity_name: "ACME Corp".into(),
        reg_id: Some("https://acme.example.com".into()),
        role: vec![COMID_ROLE_TAG_CREATOR],
    })
    .add_reference_triple(ReferenceTriple::new(env, vec![measurement]))
    .build()
    .expect("failed to build CoMID");

    // Wrap in a CoRIM and encode
    let bytes = CorimBuilder::new(CorimId::Text("acme/corim/v1".into()))
        .set_profile(ProfileChoice::Uri(
            "https://example.com/acme-profile".into(),
        ))
        .set_validity(Some(1700000000), 1900000000)
        .unwrap()
        .add_comid_tag(comid)
        .expect("failed to encode CoMID")
        .build_bytes()
        .expect("failed to build CoRIM");

    println!("Encoded CoRIM: {} bytes", bytes.len());
    println!(
        "Hex: {}",
        bytes
            .iter()
            .map(|b| format!("{:02x}", b))
            .collect::<String>()
    );
}

pub fn add_endorsed_triple(self, triple: EndorsedTriple) -> Self

Add an endorsed values triple (§5.1.6).

pub fn add_identity_triple(self, triple: IdentityTriple) -> Self

Add a device identity triple (§5.1.9).

pub fn add_attest_key_triple(self, triple: AttestKeyTriple) -> Self

Add an attest key triple (§5.1.10).

pub fn add_dependency_triple(self, triple: DomainDependencyTriple) -> Self

Add a domain dependency triple (§5.1.11.2).

pub fn add_membership_triple(self, triple: DomainMembershipTriple) -> Self

Add a domain membership triple (§5.1.11.1).

pub fn add_coswid_triple(self, triple: CoswidTriple) -> Self

Add a CoMID-CoSWID linking triple (§5.1.12).

pub fn add_conditional_endorsement_series( self, triple: ConditionalEndorsementSeriesTriple, ) -> Self

Add a conditional endorsement series triple (§5.1.8).

pub fn add_conditional_endorsement( self, triple: ConditionalEndorsementTriple, ) -> Self

Add a conditional endorsement triple (§5.1.7).

pub fn build(self) -> Result<ComidTag, BuilderError>

Build the ComidTag.

Returns an error if no triples have been added, or if any triple contains an empty list where the CDDL requires [+ T].

Examples found in repository

examples/build_corim.rs (line 49)

fn main() {
    // Define the target environment
    let env = EnvironmentMap {
        class: Some(ClassMap {
            class_id: None,
            vendor: Some("ACME Corp".into()),
            model: Some("Turbo Encabulator".into()),
            layer: Some(0),
            index: None,
        }),
        instance: None,
        group: None,
    };

    // Create a measurement with a SHA-384 digest
    let measurement = MeasurementMap {
        mkey: Some(MeasuredElement::Text("firmware".into())),
        mval: MeasurementValuesMap {
            digests: Some(vec![Digest::new(7, vec![0xAA; 48])]),
            ..MeasurementValuesMap::default()
        },
        authorized_by: None,
    };

    // Build a CoMID
    let comid = ComidBuilder::new(TagIdChoice::Text(
        "example.com/acme/turbo-encabulator".into(),
    ))
    .set_tag_version(0)
    .add_entity(EntityMap {
        entity_name: "ACME Corp".into(),
        reg_id: Some("https://acme.example.com".into()),
        role: vec![COMID_ROLE_TAG_CREATOR],
    })
    .add_reference_triple(ReferenceTriple::new(env, vec![measurement]))
    .build()
    .expect("failed to build CoMID");

    // Wrap in a CoRIM and encode
    let bytes = CorimBuilder::new(CorimId::Text("acme/corim/v1".into()))
        .set_profile(ProfileChoice::Uri(
            "https://example.com/acme-profile".into(),
        ))
        .set_validity(Some(1700000000), 1900000000)
        .unwrap()
        .add_comid_tag(comid)
        .expect("failed to encode CoMID")
        .build_bytes()
        .expect("failed to build CoRIM");

    println!("Encoded CoRIM: {} bytes", bytes.len());
    println!(
        "Hex: {}",
        bytes
            .iter()
            .map(|b| format!("{:02x}", b))
            .collect::<String>()
    );
}