From 3799dbec8d3e85ffd42c7bf741508e169f003eec Mon Sep 17 00:00:00 2001
From: Sergei Trofimov <sergei.trofimov@arm.com>
Date: Fri, 1 Sep 2023 16:50:17 +0100
Subject: [PATCH] WIP

---
 comid/cbor.go     |  9 +++++++++
 comid/verifkey.go | 45 ++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 53 insertions(+), 1 deletion(-)

diff --git a/comid/cbor.go b/comid/cbor.go
index fec19025..4c08e3ec 100644
--- a/comid/cbor.go
+++ b/comid/cbor.go
@@ -24,6 +24,15 @@ func comidTags() cbor.TagSet {
 		//551: To Do see: https://github.com/veraison/corim/issues/32
 		552: TaggedSVN(0),
 		553: TaggedMinSVN(0),
+		554: TaggedPKIXBase64Key(""),
+		555: TaggedPKIXBase64Cert(""),
+		556: TaggedPKIXBase64CertPath(""),
+		557: TaggedThumbprint(""),
+		558: TaggedCOSEKey(""),
+		559: TaggedCertThumbprint(""),
+		// TODO(setrofim): there is currently a collision for tag 560 in the CORIM spec.
+		// see: https://github.com/ietf-rats-wg/draft-ietf-rats-corim/issues/132
+		//560: TaggedCertPathThumbprint(""),
 		560: TaggedRawValueBytes{},
 		// PSA profile tags
 		600: TaggedImplID{},
diff --git a/comid/verifkey.go b/comid/verifkey.go
index e70c4429..a80a1d46 100644
--- a/comid/verifkey.go
+++ b/comid/verifkey.go
@@ -3,7 +3,50 @@
 
 package comid
 
-import "fmt"
+import (
+	"crypto/x509"
+	"encoding/pem"
+	"errors"
+	"fmt"
+)
+
+// ICryptoKey is the interface implemented by variants of CoRIM
+// crypto-key-type-choice. See
+// https://www.ietf.org/archive/id/draft-ietf-rats-corim-02.html#name-crypto-keys
+type ICryptoKey interface {
+	Valid() error
+}
+
+type TaggedPKIXBase64Key string
+
+func (o TaggedPKIXBase64Key) Valid() error {
+	block, rest := pem.Decode([]byte(o))
+	if block == nil {
+		return errors.New("could not extract PKIX PEM block")
+	}
+
+	if len(rest) != 0 {
+		return errors.New("trailing data found after PEM block")
+	}
+
+	if block.Type != "PUBLIC KEY" {
+		return fmt.Errorf("unsupported PEM block type: %q", block.Type)
+	}
+
+	_, err := x509.ParsePKIXPublicKey(block.Bytes)
+	if err != nil {
+		return fmt.Errorf("unable to parse public key: %w", err)
+	}
+
+	return nil
+}
+
+type TaggedPKIXBase64Cert string
+type TaggedPKIXBase64CertPath string
+type TaggedThumbprint string
+type TaggedCOSEKey string
+type TaggedCertThumbprint string
+type TaggedCertPathThumbprint string
 
 // VerifKey stores the verification key material associated to a signing key.
 // Key is - typically, but not necessarily - a public key.  Chain is an optional