fix: Remove compatibility code and align all tests with multiple authorized-by keys

kallal79 · kallal79 · commit 1651e4d34a94 · 2025-10-02T02:51:57.000Z
Addresses reviewer feedback from setrofim in PR #219: - Remove unnecessary compatibility implementation as CoRIM spec is in draft - Align all tests and examples with current implementation instead of maintaining compatibility Core Changes: - comid/measurement.go: Changed AuthorizedBy from *CryptoKey to *CryptoKeys (arrays) - comid/cryptokeys.go: Added String() method returning array representation - coev/coswid_evidence.go: Updated AuthorizedBy to use CryptoKeys - coserv/quads.go: Updated authorities to use CryptoKeys arrays Test Data Updates: - Updated all JSON templates to use array format for authorized-by - Updated diagnostic files (.diag) to use CBOR array syntax [554(...)] - Regenerated all CBOR test files using cbor-diag tool - Updated expected test outputs to show 'CryptoKeys: [...]' format Testing: - All packages now pass tests: comid, comid/tdx, coev, coev/tdx, coserv - Supports multiple authorized-by keys as required by issue #195 - No backward compatibility - clean implementation for draft spec Fixes #195
diff --git a/coev/coswid_evidence.go b/coev/coswid_evidence.go
@@ -10,9 +10,9 @@ import (
 
 // CoSWIDEvidenceMap is the Map to carry CoSWID Evidence
 type CoSWIDEvidenceMap struct {
-	TagID        *swid.TagID      `cbor:"0,keyasint,omitempty" json:"tagId,omitempty"`
-	Evidence     swid.Evidence    `cbor:"1,keyasint,omitempty" json:"evidence,omitempty"`
-	AuthorizedBy *comid.CryptoKey `cbor:"2,keyasint,omitempty" json:"authorized-by,omitempty"`
+	TagID        *swid.TagID       `cbor:"0,keyasint,omitempty" json:"tagId,omitempty"`
+	Evidence     swid.Evidence     `cbor:"1,keyasint,omitempty" json:"evidence,omitempty"`
+	AuthorizedBy *comid.CryptoKeys `cbor:"2,keyasint,omitempty" json:"authorized-by,omitempty"`
 }
 
 type CoSWIDEvidence []CoSWIDEvidenceMap
diff --git a/coev/example_test.go b/coev/example_test.go
@@ -298,10 +298,12 @@ func Example_decode_JSON() {
                             "raw-value-mask": "/////w==",
                             "mac-addr": "02:00:5e:10:00:00:00:02"
                         },
-                        "authorized-by": {
-                            "type": "pkix-base64-key",
-                            "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----"
-                        }
+                        "authorized-by": [
+                            {
+                                "type": "pkix-base64-key",
+                                "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----"
+                            }
+                        ]
                     }
                 ]
             }
diff --git a/coev/tdx/example_pce_test.go b/coev/tdx/example_pce_test.go
@@ -213,10 +213,9 @@ func Example_decode_PCE_Evidence_CBOR() {
 	// ISVSVN: 0
 	// ISVSVN: 0
 	// ISVSVN: 0
-	// CryptoKey Type: pkix-base64-key
-	// CryptoKey Value: -----BEGIN PUBLIC KEY-----
+	// CryptoKeys: [-----BEGIN PUBLIC KEY-----
 	// MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==
-	// -----END PUBLIC KEY-----
+	// -----END PUBLIC KEY-----]
 }
 
 func ExtractPceEvidence(ce *coev.TaggedConciseEvidence) error {
diff --git a/coev/tdx/example_qe_test.go b/coev/tdx/example_qe_test.go
@@ -48,10 +48,9 @@ func Example_decode_QE_Evidence_JSON() {
 	// TEE TCB Status = UpToDate
 	// Tee AdvisoryID = INTEL-SA-00078
 	// Tee AdvisoryID = INTEL-SA-00079
-	// CryptoKey Type: pkix-base64-key
-	// CryptoKey Value: -----BEGIN PUBLIC KEY-----
+	// CryptoKeys: [-----BEGIN PUBLIC KEY-----
 	// MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==
-	// -----END PUBLIC KEY-----
+	// -----END PUBLIC KEY-----]
 }
 
 func Example_encode_tdx_qe_evidence_without_profile() {
@@ -201,10 +200,9 @@ func Example_decode_QE_Evidence_CBOR() {
 	// TEE TCB Status = UpToDate
 	// Tee AdvisoryID = INTEL-SA-00078
 	// Tee AdvisoryID = INTEL-SA-00079
-	// CryptoKey Type: pkix-base64-key
-	// CryptoKey Value: -----BEGIN PUBLIC KEY-----
+	// CryptoKeys: [-----BEGIN PUBLIC KEY-----
 	// MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==
-	// -----END PUBLIC KEY-----
+	// -----END PUBLIC KEY-----]
 }
 
 func ExtractQeEvidence(ce *coev.TaggedConciseEvidence) error {
diff --git a/coev/tdx/example_seam_test.go b/coev/tdx/example_seam_test.go
@@ -196,10 +196,9 @@ func Example_decode_CBOR() {
 	// mrsigner Digest Value: e45b72f5c0c0b572db4d8d3ab7e97f368ff74e62347a824decb67a84e5224d75
 	// mrsigner Digest Alg: 7
 	// mrsigner Digest Value: e45b72f5c0c0b572db4d8d3ab7e97f368ff74e62347a824decb67a84e5224d75e45b72f5c0c0b572db4d8d3ab7e97f36
-	// CryptoKey Type: pkix-base64-key
-	// CryptoKey Value: -----BEGIN PUBLIC KEY-----
+	// CryptoKeys: [-----BEGIN PUBLIC KEY-----
 	// MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==
-	// -----END PUBLIC KEY-----
+	// -----END PUBLIC KEY-----]
 }
 
 func ExtractSeamEvidence(ce *coev.TaggedConciseEvidence) error {
diff --git a/coev/tdx/test_vars.go b/coev/tdx/test_vars.go
@@ -72,10 +72,12 @@ var (
                                 ]
                             }
                         },
-                        "authorized-by": {
-                            "type": "pkix-base64-key",
-                            "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----"
-                        }
+                        "authorized-by": [
+                            {
+                                "type": "pkix-base64-key",
+                                "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----"
+                            }
+                        ]
                     }
                 ]
             }
diff --git a/coev/tdx/testcases/ce-pce-evidence.cbor b/coev/tdx/testcases/ce-pce-evidence.cbor
diff --git a/coev/tdx/testcases/ce-qe-evidence.cbor b/coev/tdx/testcases/ce-qe-evidence.cbor
diff --git a/coev/tdx/testcases/ce-seam-evidence.cbor b/coev/tdx/testcases/ce-seam-evidence.cbor
diff --git a/coev/tdx/testcases/src/ce-pce-evidence.diag b/coev/tdx/testcases/src/ce-pce-evidence.diag
@@ -36,7 +36,9 @@
               ],
               / pceid / -80 : "0000"
             },
-            / authorized-by / 2 : 554("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----")
+            / authorized-by / 2 : [
+              554("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----")
+            ]
           }
         ]
       ]
diff --git a/coev/tdx/testcases/src/ce-qe-evidence.diag b/coev/tdx/testcases/src/ce-qe-evidence.diag
@@ -30,7 +30,9 @@
                 "UpToDate"
               ]
             },
-            / authorized-by / 2 : 554("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----")
+            / authorized-by / 2 : [
+              554("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----")
+            ]
           }
         ]
       ]
diff --git a/coev/tdx/testcases/src/ce-seam-evidence.diag b/coev/tdx/testcases/src/ce-seam-evidence.diag
@@ -27,7 +27,7 @@
               ],
               / tcb-eval-num / -86 : 11
             },
-            2 : 554("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----")
+            2 : [554("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----")]
           }
         ]
       ]
diff --git a/comid/cryptokeys.go b/comid/cryptokeys.go
@@ -35,3 +35,20 @@ func (o CryptoKeys) Valid() error {
 	}
 	return nil
 }
+
+// String returns a string representation of all CryptoKeys
+func (o CryptoKeys) String() string {
+	if len(o) == 0 {
+		return "[]"
+	}
+	
+	result := "["
+	for i, key := range o {
+		if i > 0 {
+			result += ", "
+		}
+		result += key.String()
+	}
+	result += "]"
+	return result
+}
diff --git a/comid/measurement.go b/comid/measurement.go
@@ -493,9 +493,9 @@ func (o Mval) Valid() error {
 
 // Measurement stores a measurement-map with CBOR and JSON serializations.
 type Measurement struct {
-	Key          *Mkey      `cbor:"0,keyasint,omitempty" json:"key,omitempty"`
-	Val          Mval       `cbor:"1,keyasint" json:"value"`
-	AuthorizedBy *CryptoKey `cbor:"2,keyasint,omitempty" json:"authorized-by,omitempty"`
+	Key          *Mkey       `cbor:"0,keyasint,omitempty" json:"key,omitempty"`
+	Val          Mval        `cbor:"1,keyasint" json:"value"`
+	AuthorizedBy *CryptoKeys `cbor:"2,keyasint,omitempty" json:"authorized-by,omitempty"`
 }
 
 func NewMeasurement(val any, typ string) (*Measurement, error) {
diff --git a/comid/tdx/example_pce_refval_test.go b/comid/tdx/example_pce_refval_test.go
@@ -76,10 +76,9 @@ func Example_decode_PCE_JSON() {
 	// SVN Value: 10
 	// SVN Operator: greater_or_equal
 	// SVN Value: 10
-	// CryptoKey Type: pkix-base64-key
-	// CryptoKey Value: -----BEGIN PUBLIC KEY-----
+	// CryptoKeys: [-----BEGIN PUBLIC KEY-----
 	// MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==
-	// -----END PUBLIC KEY-----
+	// -----END PUBLIC KEY-----]
 }
 
 func extractPCERefVals(c *comid.Comid) error {
@@ -166,10 +165,9 @@ func Example_decode_PCE_CBOR() {
 	// SVN Value: 0
 	// SVN Operator: greater_or_equal
 	// SVN Value: 0
-	// CryptoKey Type: pkix-base64-key
-	// CryptoKey Value: -----BEGIN PUBLIC KEY-----
+	// CryptoKeys: [-----BEGIN PUBLIC KEY-----
 	// MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==
-	// -----END PUBLIC KEY-----
+	// -----END PUBLIC KEY-----]
 }
 
 func Example_encode_tdx_pce_refval_with_profile() {
diff --git a/comid/tdx/example_qe_refval_test.go b/comid/tdx/example_qe_refval_test.go
@@ -58,10 +58,9 @@ func Example_decode_QE_JSON() {
 	// Tee AdvisoryID = SA-00078
 	// Tee AdvisoryID = SA-00077
 	// Tee AdvisoryID = SA-00079
-	// CryptoKey Type: pkix-base64-key
-	// CryptoKey Value: -----BEGIN PUBLIC KEY-----
+	// CryptoKeys: [-----BEGIN PUBLIC KEY-----
 	// MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==
-	// -----END PUBLIC KEY-----
+	// -----END PUBLIC KEY-----]
 }
 
 func extractQERefVals(c *comid.Comid) error {
@@ -174,8 +173,7 @@ func Example_decode_QE_CBOR() {
 	// TeeAdvisory Operator: member
 	// Tee AdvisoryID = INTEL-SA-00078
 	// Tee AdvisoryID = INTEL-SA-00079
-	// CryptoKey Type: pkix-base64-key
-	// CryptoKey Value: -----BEGIN PUBLIC KEY-----
+	// CryptoKeys: [-----BEGIN PUBLIC KEY-----
 	// MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==
-	// -----END PUBLIC KEY-----
+	// -----END PUBLIC KEY-----]
 }
diff --git a/comid/tdx/example_seam_refval_test.go b/comid/tdx/example_seam_refval_test.go
@@ -58,10 +58,9 @@ func Example_decode_JSON() {
 	// mrsigner Digest Value: 87428fc522803d31065e7bce3cf03fe475096631e5e07bbd7a0fde60c4cf25c7
 	// mrsigner Digest Alg: 8
 	// mrsigner Digest Value: a314fc2dc663ae7a6b6bc6787594057396e6b3f569cd50fd5ddb4d1bbafd2b6aa314fc2dc663ae7a6b6bc6787594057396e6b3f569cd50fd5ddb4d1bbafd2b6a
-	// CryptoKey Type: pkix-base64-key
-	// CryptoKey Value: -----BEGIN PUBLIC KEY-----
+	// CryptoKeys: [-----BEGIN PUBLIC KEY-----
 	// MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==
-	// -----END PUBLIC KEY-----
+	// -----END PUBLIC KEY-----]
 }
 
 func Example_encode_tdx_seam_refval_without_profile() {
@@ -268,10 +267,9 @@ func Example_decode_CBOR() {
 	// mrsigner Digest Value: a314fc2dc663ae7a6b6bc6787594057396e6b3f569cd50fd5ddb4d1bbafd2b6a
 	// mrsigner Digest Alg: 8
 	// mrsigner Digest Value: a314fc2dc663ae7a6b6bc6787594057396e6b3f569cd50fd5ddb4d1bbafd2b6aa314fc2dc663ae7a6b6bc6787594057396e6b3f569cd50fd5ddb4d1bbafd2b6a
-	// CryptoKey Type: pkix-base64-key
-	// CryptoKey Value: -----BEGIN PUBLIC KEY-----
+	// CryptoKeys: [-----BEGIN PUBLIC KEY-----
 	// MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==
-	// -----END PUBLIC KEY-----
+	// -----END PUBLIC KEY-----]
 
 }
 
diff --git a/comid/tdx/test_common_methods.go b/comid/tdx/test_common_methods.go
@@ -136,11 +136,13 @@ func extractTeeTcbEvalNum(tcbEvalNum *TeeTcbEvalNumber) error {
 }
 
 func decodeAuthorisedBy(m *comid.Measurement) error {
+	if m.AuthorizedBy == nil {
+		return fmt.Errorf("no authorized-by keys")
+	}
 	if err := m.AuthorizedBy.Valid(); err != nil {
-		return fmt.Errorf("invalid cryptokey: %w", err)
+		return fmt.Errorf("invalid cryptokeys: %w", err)
 	}
-	fmt.Printf("\nCryptoKey Type: %s", m.AuthorizedBy.Type())
-	fmt.Printf("\nCryptoKey Value: %s", m.AuthorizedBy.String())
+	fmt.Printf("\nCryptoKeys: %s", m.AuthorizedBy.String())
 	return nil
 }
 
diff --git a/comid/tdx/test_vars.go b/comid/tdx/test_vars.go
@@ -215,10 +215,12 @@ const (
                             ],
                             "pceid": "0000"
                         },
-                        "authorized-by": {
-                            "type": "pkix-base64-key",
-                            "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----"
-                        }
+                        "authorized-by": [
+                            {
+                                "type": "pkix-base64-key",
+                                "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----"
+                            }
+                        ]
                     }
                 ]
             }
@@ -305,10 +307,12 @@ const (
                                 }
                             }
                         },
-                        "authorized-by": {
-                            "type": "pkix-base64-key",
-                            "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----"
-                        }
+                        "authorized-by": [
+                            {
+                                "type": "pkix-base64-key",
+                                "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----"
+                            }
+                        ]
                     }
                 ]
             }
@@ -394,10 +398,12 @@ const (
                                 }
                             }
                         },
-                        "authorized-by": {
-                            "type": "pkix-base64-key",
-                            "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----"
-                        }
+                        "authorized-by": [
+                            {
+                                "type": "pkix-base64-key",
+                                "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----"
+                            }
+                        ]
                     }
                 ]
             }
diff --git a/comid/tdx/testcases/comid_pce_refval.cbor b/comid/tdx/testcases/comid_pce_refval.cbor
diff --git a/comid/tdx/testcases/comid_qe_refval.cbor b/comid/tdx/testcases/comid_qe_refval.cbor
diff --git a/comid/tdx/testcases/comid_seam_refval.cbor b/comid/tdx/testcases/comid_seam_refval.cbor
diff --git a/comid/tdx/testcases/src/comid_pce_refval.diag b/comid/tdx/testcases/src/comid_pce_refval.diag
@@ -43,7 +43,9 @@
                ],
               / pceid / -80 : "0000"
           },
-          / authorized-by / 2: 554("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----")
+          / authorized-by / 2: [
+            554("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----")
+          ]
         }
       ]
     ] ]
diff --git a/comid/tdx/testcases/src/comid_qe_refval.diag b/comid/tdx/testcases/src/comid_qe_refval.diag
@@ -40,7 +40,9 @@
               / advisory-ids /  -89 : 60021([ /member/ 6, [ "INTEL-SA-00078", "INTEL-SA-00079"  ]]),
               / tcbstatus /  -88 : 60021([ /member/ 6, [ "UpToDate"  ]])
           },
-          / authorized-by / 2: 554("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----")
+          / authorized-by / 2: [
+            554("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----")
+          ]
         }
       ]
     ] ]
diff --git a/comid/tdx/testcases/src/comid_seam_refval.diag b/comid/tdx/testcases/src/comid_seam_refval.diag
@@ -47,7 +47,7 @@
               ]),
               / tcb-eval-num / -86 : 60010([ / op.ge / 2, 11 ])
           },
-          2: 554("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----")
+          2: [554("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----")]
         }
       ]
     ] ]
diff --git a/comid/testcases/regen-from-src.sh b/comid/testcases/regen-from-src.sh
diff --git a/coserv/quads.go b/coserv/quads.go
@@ -6,11 +6,11 @@ package coserv
 import "github.com/veraison/corim/comid"
 
 type RefValQuad struct {
-	Authorities *[]comid.CryptoKey `cbor:"1,keyasint"`
+	Authorities *comid.CryptoKeys `cbor:"1,keyasint"`
 	RVTriple    *comid.ValueTriple `cbor:"2,keyasint"`
 }
 
 type AKQuad struct {
-	Authorities *[]comid.CryptoKey `cbor:"1,keyasint"`
+	Authorities *comid.CryptoKeys `cbor:"1,keyasint"`
 	AKTriple    *comid.KeyTriple   `cbor:"2,keyasint"`
 }
diff --git a/coserv/resultset_test.go b/coserv/resultset_test.go
@@ -17,7 +17,7 @@ func TestResultSet_AddAttestationKeys(t *testing.T) {
 	require.NoError(t, err)
 
 	akq := AKQuad{
-		Authorities: &[]comid.CryptoKey{*authority},
+		Authorities: comid.NewCryptoKeys().Add(authority),
 		AKTriple: &comid.KeyTriple{
 			Environment: comid.Environment{
 				Class: comid.NewClassBytes(testBytes),
diff --git a/coserv/test_common.go b/coserv/test_common.go
@@ -161,7 +161,7 @@ func exampleReferenceValuesResultSet(t *testing.T) *ResultSet {
 	require.NoError(t, err)
 
 	rvq := RefValQuad{
-		Authorities: &[]comid.CryptoKey{*authority},
+		Authorities: comid.NewCryptoKeys().Add(authority),
 		RVTriple:    &refval,
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -298,10 +298,12 @@ func Example_decode_JSON() {`
`298`	`298`	`"raw-value-mask": "/////w==",`
`299`	`299`	`"mac-addr": "02:00:5e:10:00:00:00:02"`
`300`	`300`	`},`
`301`		`- "authorized-by": {`
`302`		`- "type": "pkix-base64-key",`
`303`		`- "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----"`
`304`		`- }`
	`301`	`+ "authorized-by": [`
	`302`	`+ {`
	`303`	`+ "type": "pkix-base64-key",`
	`304`	`+ "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----"`
	`305`	`+ }`
	`306`	`+ ]`
`305`	`307`	`}`
`306`	`308`	`]`
`307`	`309`	`}`
Original file line number	Diff line number	Diff line change
`@@ -72,10 +72,12 @@ var (`
`72`	`72`	`]`
`73`	`73`	`}`
`74`	`74`	`},`
`75`		`- "authorized-by": {`
`76`		`- "type": "pkix-base64-key",`
`77`		`- "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----"`
`78`		`- }`
	`75`	`+ "authorized-by": [`
	`76`	`+ {`
	`77`	`+ "type": "pkix-base64-key",`
	`78`	`+ "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----"`
	`79`	`+ }`
	`80`	`+ ]`
`79`	`81`	`}`
`80`	`82`	`]`
`81`	`83`	`}`
Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,9 @@`
`36`	`36`	`],`
`37`	`37`	`/ pceid / -80 : "0000"`
`38`	`38`	`},`
`39`		`- / authorized-by / 2 : 554("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----")`
	`39`	`+ / authorized-by / 2 : [`
	`40`	`+ 554("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----")`
	`41`	`+ ]`
`40`	`42`	`}`
`41`	`43`	`]`
`42`	`44`	`]`