corim 0.1.0

Concise Reference Integrity Manifest (CoRIM) — CBOR-based encoding of Endorsements and Reference Values for Remote Attestation (RATS).
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153

// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.

//! Error types for the corim crate.

#[allow(unused_imports)]
use crate::nostd_prelude::*;
use thiserror::Error;

/// Errors from CBOR encoding.
#[derive(Debug, Error)]
#[non_exhaustive]
pub enum EncodeError {
    /// CBOR serialization failed.
    #[error("CBOR serialization failed: {0}")]
    Serialization(String),
}

/// Errors from CBOR decoding.
#[derive(Debug, Error)]
#[non_exhaustive]
pub enum DecodeError {
    /// CBOR deserialization failed.
    #[error("CBOR deserialization failed: {0}")]
    Deserialization(String),

    /// Expected a specific CBOR tag but found a different one.
    #[error("expected CBOR tag {expected}, found {found}")]
    UnexpectedTag {
        /// The tag number that was expected.
        expected: u64,
        /// The tag number that was found.
        found: u64,
    },

    /// The decoded structure is invalid.
    #[error("invalid structure: {0}")]
    InvalidStructure(String),
}

/// Errors from the builder API.
#[derive(Debug, Error)]
#[non_exhaustive]
pub enum BuilderError {
    /// A required field was not set.
    #[error("missing required field: {0}")]
    MissingField(&'static str),

    /// The triples map is empty.
    #[error("triples map is empty — at least one triple type must be populated")]
    EmptyTriples,

    /// No CoMID tags were added to the CoRIM.
    #[error("at least one CoMID tag is required")]
    NoTags,

    /// A list that must be non-empty (CDDL `[+ T]`) was empty.
    #[error("CDDL requires [+ {field}] but the list is empty")]
    EmptyList {
        /// Name of the field.
        field: &'static str,
    },

    /// Validity constraint violated (not_before > not_after).
    #[error("invalid validity: not_before must be <= not_after")]
    InvalidValidity,

    /// A validation error from a type's `Valid()` check.
    #[error("validation error: {0}")]
    Validation(String),

    /// An encoding error occurred during building.
    #[error("encoding error: {0}")]
    Encode(#[from] EncodeError),
}

/// Errors from validation / appraisal.
#[derive(Debug, Error)]
#[non_exhaustive]
pub enum ValidationError {
    /// A decode error occurred during validation.
    #[error("decode error: {0}")]
    Decode(#[from] DecodeError),

    /// The CoRIM has expired.
    #[error("CoRIM has expired (not-after is in the past)")]
    Expired,

    /// The CoRIM is not yet valid (not-before is in the future).
    #[error("CoRIM is not yet valid (not-before is in the future)")]
    NotYetValid,

    /// No CoMID tags were found in the CoRIM.
    #[error("no CoMID tags found in the CoRIM")]
    NoComidTags,

    /// The CoMID tag-identity is missing tag-id.
    #[error("CoMID tag-identity is missing tag-id")]
    MissingTagId,

    /// The CoMID triples map is empty.
    #[error("CoMID triples map is empty")]
    EmptyTriples,

    /// The CoTL tags-list is empty.
    #[error("CoTL tags-list is empty")]
    EmptyTagsList,

    /// A type-level validation failed.
    #[error("{0}")]
    Invalid(String),

    /// A non-empty constraint was violated.
    #[error("non-empty constraint violated: {0}")]
    NonEmpty(String),

    /// No common digest algorithms between reference and evidence.
    #[error("no common digest algorithms between reference and evidence")]
    NoCommonAlgorithms,

    /// Digest values do not match for a given algorithm.
    #[error("digest mismatch for algorithm {alg}")]
    DigestMismatch {
        /// The algorithm identifier where the mismatch occurred.
        alg: i64,
    },

    /// SVN values do not match.
    #[error("SVN mismatch: expected {expected}, got {actual}")]
    SvnMismatch {
        /// The expected SVN value.
        expected: u64,
        /// The actual SVN value.
        actual: u64,
    },

    /// Conditional endorsement series entries use inconsistent mkeys.
    #[error("conditional-endorsement-series entries use inconsistent mkeys")]
    InconsistentMkeys,

    /// System clock error.
    #[error("system clock error: {0}")]
    Clock(String),

    /// Input payload exceeds maximum allowed size.
    #[error("input payload too large: {size} bytes (max {max})")]
    PayloadTooLarge {
        /// Actual size in bytes.
        size: usize,
        /// Maximum allowed size in bytes.
        max: usize,
    },
}