Bug: cocli corim display messes up dependent-rims thumbprint

[fritzalder]

I just encountered that the latest version (v1.1.2) differs in its display output from the prior version (v1.1.1) when it comes to the thumbprint sha hash:

 ~/g/p/m/g/veraison$ go install github.com/veraison/corim/cocli@latest
 ~/g/p/m/g/veraison$ cocli corim display -f [email protected]/cocli/data/corim/signed-corim.cbor                               (3s)
Meta:
{
  "signer": {
    "name": "ACME Ltd signing key",
    "uri": "https://acme.example"
  },
  "validity": {
    "not-before": "2021-12-31T01:00:00+01:00",
    "not-after": "2025-12-31T01:00:00+01:00"
  }
}
Corim:
{
  "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc",
  "tags": [
    "2QH6ogGhAFAdWox8HHBMVpN+PFcTrlqDBKEAgoKhAKQA2CVQ3WZh8AkoRAGWa1iep04ycgJjRk1DAwAEAIGhAaMB2QIoCgKBggFYIESqM2r0yxSoeUMuU91lccf6m8yvt19IglkmLW6jpNkbAwqCoQCkANglUP/afPMjM0qRmagGhiYgOsoCYkwxAwEEAIGhAaMB2QIoAgKCggFYIIdCj8UigD0xBl57zjzwP+R1CWYx5eB7vXoP3mDEzyXHggFYIFYFzmp1O9XLJEe4YZeNfMtGp/M7A++9sCyWINqOmsA9Awo="
  ],
  "dependent-rims": [
    {
      "href": "https://parent.example/rims/ccb3aa85-61b4-40f1-848e-02ad6e8a254b",
      "thumbprint": "sha-256;5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXU="
    }
  ],
  "profiles": [
    "http://arm.com/psa/iot/1"
  ],
  "validity": {
    "not-before": "2021-12-31T01:00:00+01:00",
    "not-after": "2025-12-31T01:00:00+01:00"
  },
  "entities": [
    {
      "name": "ACME Ltd.",
      "regid": "acme.example",
      "roles": [
        "manifestCreator"
      ]
    }
  ]
}
 ~/g/p/m/g/veraison$ go install github.com/veraison/corim/[email protected]
 ~/g/p/m/g/veraison$ cocli corim display -f [email protected]/cocli/data/corim/signed-corim.cbor                               (2s)
Meta:
{
  "signer": {
    "name": "ACME Ltd signing key",
    "uri": "https://acme.example"
  },
  "validity": {
    "not-before": "2021-12-31T01:00:00+01:00",
    "not-after": "2025-12-31T01:00:00+01:00"
  }
}
Corim:
{
  "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc",
  "tags": [
    "2QH6ogGhAFAdWox8HHBMVpN+PFcTrlqDBKEAgoKhAKQA2CVQ3WZh8AkoRAGWa1iep04ycgJjRk1DAwAEAIGhAaMB2QIoCgKBggFYIESqM2r0yxSoeUMuU91lccf6m8yvt19IglkmLW6jpNkbAwqCoQCkANglUP/afPMjM0qRmagGhiYgOsoCYkwxAwEEAIGhAaMB2QIoAgKCggFYIIdCj8UigD0xBl57zjzwP+R1CWYx5eB7vXoP3mDEzyXHggFYIFYFzmp1O9XLJEe4YZeNfMtGp/M7A++9sCyWINqOmsA9Awo="
  ],
  "dependent-rims": [
    {
      "href": "https://parent.example/rims/ccb3aa85-61b4-40f1-848e-02ad6e8a254b",
      "thumbprint": "sha-256:5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXU="
    }
  ],
  "profiles": [
    "http://arm.com/psa/iot/1"
  ],
  "validity": {
    "not-before": "2021-12-31T01:00:00+01:00",
    "not-after": "2025-12-31T01:00:00+01:00"
  },
  "entities": [
    {
      "name": "ACME Ltd.",
      "regid": "acme.example",
      "roles": [
        "manifestCreator"
      ]
    }
  ]
}

Specifically, the diff is as follows (note the colon vs semi-colon difference after the sha-256):

diff v1.1.1-output.text v1.1.2-output.text
21c21
<       "thumbprint": "sha-256:5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXU="
---
>       "thumbprint": "sha-256;5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXU="

Unfortunately, I have no idea why this could be but thought I'd rather report it to you here.

[deeglaze]

58a92b0 changed the digest format.

Digging in more, the format appears to be intentionally changed to swid's hash entry format, which veraison/swid@c1e6777 details as making it follow RFC6920: Naming things with hashes.

Due to the intentional change, I'd call upon @setrofim to close WAI if I'm correct in this interpretation.