diff --git a/.github/workflows/ci-go-cover.yml b/.github/workflows/ci-go-cover.yml index dd2be893..9a23eb38 100644 --- a/.github/workflows/ci-go-cover.yml +++ b/.github/workflows/ci-go-cover.yml @@ -22,10 +22,11 @@ jobs: runs-on: ubuntu-latest env: GO111MODULE: on + CI_PIPELINE: true steps: - uses: actions/setup-go@v3 with: - go-version: "1.19" + go-version: "1.22" - name: Checkout code uses: actions/checkout@v2 - name: Install mockgen diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f8c9368b..977bac70 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,7 +12,7 @@ jobs: steps: - uses: actions/setup-go@v3 with: - go-version: "1.19" + go-version: "1.22" - name: Checkout code uses: actions/checkout@v2 - name: Install mockgen diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml index d207709b..c223b2ce 100644 --- a/.github/workflows/linters.yml +++ b/.github/workflows/linters.yml @@ -10,7 +10,7 @@ jobs: steps: - uses: actions/setup-go@v3 with: - go-version: "1.19" + go-version: "1.22" - name: Checkout code uses: actions/checkout@v2 - name: Install mockgen @@ -25,7 +25,7 @@ jobs: - name: Install golangci-lint run: | go version - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.51.1 + curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.54.2 - name: Install Protoc uses: arduino/setup-protoc@v1 with: diff --git a/.gitignore b/.gitignore index e0e86a1b..cbea534e 100644 --- a/.gitignore +++ b/.gitignore @@ -35,6 +35,3 @@ management/cmd/management-service/management-service tags .ipynb_checkpoints - -# generated by build-test-vector scripts -scheme/**/*Comid*.cbor diff --git a/Makefile b/Makefile index 41e38be9..df5de666 100644 --- a/Makefile +++ b/Makefile @@ -29,6 +29,22 @@ IGNORE_COVERAGE += github.com/veraison/services/plugin/test # There is protobuf-generated stuff here, which skews coverage. IGNORE_COVERAGE += github.com/veraison/services/handler +# Go 1.22 started reporting subpackages without any tests as having 0.0% +# coverage. Previous version of go ignored them. +# See: https://go-review.googlesource.com/c/go/+/495447 +IGNORE_COVERAGE += github.com/veraison/services/builtin +IGNORE_COVERAGE += github.com/veraison/services/management/api +IGNORE_COVERAGE += github.com/veraison/services/management/cmd/management-service +IGNORE_COVERAGE += github.com/veraison/services/provisioning/cmd/provisioning-service +IGNORE_COVERAGE += github.com/veraison/services/provisioning/provisioner +IGNORE_COVERAGE += github.com/veraison/services/scheme/common +IGNORE_COVERAGE += github.com/veraison/services/scheme/common/arm +IGNORE_COVERAGE += github.com/veraison/services/verification/cmd/verification-service +IGNORE_COVERAGE += github.com/veraison/services/verification/verifier +IGNORE_COVERAGE += github.com/veraison/services/vts/cmd/vts-service +IGNORE_COVERAGE += github.com/veraison/services/vts/trustedservices +IGNORE_COVERAGE += github.com/veraison/services/vtsclient + include mk/cover.mk define __MAKEFILE_HELP diff --git a/auth/keycloak.go b/auth/keycloak.go index fe3c4179..47b7ef12 100644 --- a/auth/keycloak.go +++ b/auth/keycloak.go @@ -1,4 +1,4 @@ -// Copyright 2023 Contributors to the Veraison project. +// Copyright 2023-2024 Contributors to the Veraison project. // SPDX-License-Identifier: Apache-2.0 package auth diff --git a/deployments/docker/src/builder.docker b/deployments/docker/src/builder.docker index d6bc3100..7e5919f7 100644 --- a/deployments/docker/src/builder.docker +++ b/deployments/docker/src/builder.docker @@ -1,6 +1,6 @@ # Go version that will be used to build the project. Due to the use of generics -# within the project, it must be at least 1.19. -ARG GO_VERSION=1.19 +# within the project, it must be at least 1.22. +ARG GO_VERSION=1.22 FROM golang:${GO_VERSION} AS veraison-builder @@ -60,7 +60,7 @@ RUN go mod download &&\ go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.26 &&\ go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.1 &&\ go install github.com/mitchellh/protoc-gen-go-json@v1.1.0 &&\ - go install github.com/veraison/corim/cocli@latest &&\ + go install github.com/veraison/corim/cocli@be7ec482 &&\ go install github.com/veraison/evcli/v2@latest &&\ go install github.com/veraison/pocli@latest &&\ go install github.com/go-delve/delve/cmd/dlv@v1.22.1 diff --git a/deployments/docker/veraison b/deployments/docker/veraison index 44cc89bd..91a9f4da 100755 --- a/deployments/docker/veraison +++ b/deployments/docker/veraison @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright 2023 Contributors to the Veraison project. +# Copyright 2023-2024 Contributors to the Veraison project. # SPDX-License-Identifier: Apache-2.0 function status() { diff --git a/deployments/native/bootstrap/arch.sh b/deployments/native/bootstrap/arch.sh index be5d79cf..1822802d 100755 --- a/deployments/native/bootstrap/arch.sh +++ b/deployments/native/bootstrap/arch.sh @@ -1,4 +1,6 @@ #!/bin/sh +# Copyright 2024 Contributors to the Veraison project. +# SPDX-License-Identifier: Apache-2.0 sudo pacman -Syy bash findutils grep sed openssl protobuf go make gettext sqlite3 step-cli jq sudo ln -s /usr/bin/step-cli /usr/local/bin/step diff --git a/deployments/native/bootstrap/macosx-brew.sh b/deployments/native/bootstrap/macosx-brew.sh index 9d0d85ab..010fcdd2 100755 --- a/deployments/native/bootstrap/macosx-brew.sh +++ b/deployments/native/bootstrap/macosx-brew.sh @@ -1,4 +1,6 @@ #!/bin/sh +# Copyright 2024 Contributors to the Veraison project. +# SPDX-License-Identifier: Apache-2.0 set -eux set -o pipefail diff --git a/deployments/native/bootstrap/ubuntu.sh b/deployments/native/bootstrap/ubuntu.sh index 3db53c59..5a395ecf 100755 --- a/deployments/native/bootstrap/ubuntu.sh +++ b/deployments/native/bootstrap/ubuntu.sh @@ -1,4 +1,6 @@ #!/bin/sh +# Copyright 2024 Contributors to the Veraison project. +# SPDX-License-Identifier: Apache-2.0 sudo apt update sudo apt install --yes git protobuf-compiler golang-1.20 make gettext sqlite3 openssl jq diff --git a/end-to-end/corimCcaRealm.cbor b/end-to-end/corimCcaRealm.cbor deleted file mode 100644 index 7b796c45..00000000 Binary files a/end-to-end/corimCcaRealm.cbor and /dev/null differ diff --git a/end-to-end/end-to-end-docker b/end-to-end/end-to-end-docker index 3ea23e3b..29f4ac05 100755 --- a/end-to-end/end-to-end-docker +++ b/end-to-end/end-to-end-docker @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright 2022-2023 Contributors to the Veraison project. +# Copyright 2022-2024 Contributors to the Veraison project. # SPDX-License-Identifier: Apache-2.0 SCHEME=${SCHEME:-psa} diff --git a/go.mod b/go.mod index 7c5ea531..cbc423ac 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/veraison/services -go 1.19 +go 1.22 require ( github.com/DATA-DOG/go-sqlmock v1.5.0 @@ -30,7 +30,7 @@ require ( github.com/tbaehler/gin-keycloak v1.6.1 github.com/veraison/ccatoken v1.1.0 github.com/veraison/cmw v0.1.0 - github.com/veraison/corim v1.1.3-0.20240615102753-72283bb916a0 + github.com/veraison/corim v1.1.3-0.20240814105452-be7ec4829479 github.com/veraison/dice v0.0.1 github.com/veraison/ear v1.1.2 github.com/veraison/eat v0.0.0-20220117140849-ddaf59d69f53 diff --git a/go.sum b/go.sum index 6d36eee5..33885b11 100644 --- a/go.sum +++ b/go.sum @@ -691,6 +691,7 @@ github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZo github.com/aws/aws-sdk-go v1.43.16/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= +github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= @@ -982,6 +983,7 @@ github.com/foxcpp/go-mockdns v0.0.0-20210729171921-fb145fc6f897 h1:E52jfcE64UG42 github.com/foxcpp/go-mockdns v0.0.0-20210729171921-fb145fc6f897/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= +github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI= @@ -1285,6 +1287,7 @@ github.com/j-keck/arping v1.0.2/go.mod h1:aJbELhR92bSk7tp79AWM/ftfc90EfEi2bQJrbB github.com/jellydator/ttlcache/v3 v3.0.0 h1:zmFhqrB/4sKiEiJHhtseJsNRE32IMVmJSs4++4gaQO4= github.com/jellydator/ttlcache/v3 v3.0.0/go.mod h1:WwTaEmcXQ3MTjOm4bsZoDFiCu/hMvNWLO1w67RXz6h4= github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE= +github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74= github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= @@ -1712,8 +1715,8 @@ github.com/veraison/ccatoken v1.1.0 h1:U0Z5fOQRsdz3ksvvxVzTITczo+kfRxIlkWahJNP6I github.com/veraison/ccatoken v1.1.0/go.mod h1:qh/KBwsrhPyGJqttlh8PU56wt1rPkUCX9A3ZAA/53Nc= github.com/veraison/cmw v0.1.0 h1:vD6tBlGPROCW/HlDcG1jh+XUJi5ihrjXatKZBjrv8mU= github.com/veraison/cmw v0.1.0/go.mod h1:WoBrlgByc6C1FeHhdze1/bQx1kv5d1sWKO5ezEf4Hs4= -github.com/veraison/corim v1.1.3-0.20240615102753-72283bb916a0 h1:FgWzsb/wUxeeKZ3Dd3NOTnwHBJ397EPNiF3o3ZJ/64o= -github.com/veraison/corim v1.1.3-0.20240615102753-72283bb916a0/go.mod h1:KB6TVcLcz1QppfzoyIesUMfdYodI/ndg7bqBdtqgc90= +github.com/veraison/corim v1.1.3-0.20240814105452-be7ec4829479 h1:dcKW+Nugh2Cs/ihz6xAmmTfi4v5flaLTg6MiZ8gN3N8= +github.com/veraison/corim v1.1.3-0.20240814105452-be7ec4829479/go.mod h1:sYmwruIqD5+83OcvMg6WUDTTWq8AWM6QbVQhbE9VFQM= github.com/veraison/dice v0.0.1 h1:dOm7ByDN/r4WlDsGkEUXzdPMXgTvAPTAksQ8+BwBrD4= github.com/veraison/dice v0.0.1/go.mod h1:QPMLc5LVMj08VZ+HNMYk4XxWoVYGAUBVm8Rd5V1hzxs= github.com/veraison/ear v1.1.2 h1:Xs41FqAG8IyJaceqNFcX2+nf51Et1uyhmCJV8SZqw/8= diff --git a/integration-tests/data/endorsements/comid-cca-platform-refval.json b/integration-tests/data/endorsements/comid-cca-platform-refval.json index afc94afb..08c70be4 100644 --- a/integration-tests/data/endorsements/comid-cca-platform-refval.json +++ b/integration-tests/data/endorsements/comid-cca-platform-refval.json @@ -28,81 +28,127 @@ "model": "RoadRunner" } }, - "measurements": [ - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "3.4.2", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } - }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] + "label": "BL", + "version": "3.4.2", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" } }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M1", - "version": "1.2.0", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } + "value": { + "digests": [ + "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] + "label": "M1", + "version": "1.2.0", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" } }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M2", - "version": "1.2.3", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } + "value": { + "digests": [ + "sha-256:CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] + "label": "M2", + "version": "1.2.3", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" } }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M3", - "version": "1.0.0", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } + "value": { + "digests": [ + "sha-256:DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] + "label": "M3", + "version": "1.0.0", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" } }, - { - "key": { - "type": "cca.platform-config-id", - "value": "cfg v1.0.0" + "value": { + "digests": [ + "sha-256:EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" }, - "value": { - "raw-value": { - "type": "bytes", - "value": "AQID" - } + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "cca.platform-config-id", + "value": "cfg v1.0.0" + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "AQID" } } - ] + } } ] } - } \ No newline at end of file + } diff --git a/integration-tests/data/endorsements/comid-cca-realm-refval.json b/integration-tests/data/endorsements/comid-cca-realm-refval.json index 16697f55..fa81d86b 100644 --- a/integration-tests/data/endorsements/comid-cca-realm-refval.json +++ b/integration-tests/data/endorsements/comid-cca-realm-refval.json @@ -31,49 +31,47 @@ "value": "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" } }, - "measurements": [ - { - "value": { - "raw-value": { - "type": "bytes", - "value": "QURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBRA==" + "measurement": { + "value": { + "raw-value": { + "type": "bytes", + "value": "QURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBRA==" + }, + "integrity-registers": { + "rim": { + "key-type": "text", + "value": [ + "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + }, + "rem0": { + "key-type": "text", + "value": [ + "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + }, + "rem1": { + "key-type": "text", + "value": [ + "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + }, + "rem2": { + "key-type": "text", + "value": [ + "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] }, - "integrity-registers": { - "rim": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - }, - "rem0": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - }, - "rem1": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - }, - "rem2": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - }, - "rem3": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - } + "rem3": { + "key-type": "text", + "value": [ + "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] } } } - ] + } } ] } -} \ No newline at end of file +} diff --git a/integration-tests/data/endorsements/comid-cca-refval.json b/integration-tests/data/endorsements/comid-cca-refval.json index 7a03aeea..86e78be6 100644 --- a/integration-tests/data/endorsements/comid-cca-refval.json +++ b/integration-tests/data/endorsements/comid-cca-refval.json @@ -28,81 +28,127 @@ "model": "RoadRunner" } }, - "measurements": [ - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "3.4.2", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } - }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] + "label": "BL", + "version": "3.4.2", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" } }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M1", - "version": "1.2.0", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } + "value": { + "digests": [ + "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] + "label": "M1", + "version": "1.2.0", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" } }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M2", - "version": "1.2.3", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } + "value": { + "digests": [ + "sha-256:CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] + "label": "M2", + "version": "1.2.3", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" } }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M3", - "version": "1.0.0", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } + "value": { + "digests": [ + "sha-256:DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] + "label": "M3", + "version": "1.0.0", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" } }, - { - "key": { - "type": "cca.platform-config-id", - "value": "cfg v1.0.0" + "value": { + "digests": [ + "sha-256:EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" }, - "value": { - "raw-value": { - "type": "bytes", - "value": "AQID" - } + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "cca.platform-config-id", + "value": "cfg v1.0.0" + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "AQID" } } - ] + } } ] } -} \ No newline at end of file +} diff --git a/integration-tests/data/endorsements/comid-enacttrust-refval.json b/integration-tests/data/endorsements/comid-enacttrust-refval.json index 3b4c4ae6..f4aa0e5b 100644 --- a/integration-tests/data/endorsements/comid-enacttrust-refval.json +++ b/integration-tests/data/endorsements/comid-enacttrust-refval.json @@ -22,15 +22,13 @@ "value": "7df7714e-aa04-4638-bcbf-434b1dd720f1" } }, - "measurements": [ - { - "value": { - "digests": [ - "sha-256;h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" - ] - } + "measurement": { + "value": { + "digests": [ + "sha-256;h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" + ] } - ] + } } ] } diff --git a/integration-tests/data/endorsements/comid-psa-refval.json b/integration-tests/data/endorsements/comid-psa-refval.json index 8fd66fbc..41a1f2ec 100644 --- a/integration-tests/data/endorsements/comid-psa-refval.json +++ b/integration-tests/data/endorsements/comid-psa-refval.json @@ -28,53 +28,75 @@ "model": "RoadRunner" } }, - "measurements": [ - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "2.1.0", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } - }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" - ] + "label": "BL", + "version": "2.1.0", + "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" } }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "PRoT", - "version": "1.3.5", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } + "value": { + "digests": [ + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:AmOCmYm2/ZVPcrqvL8ZLwuLwHWktTecphuqAj26ZgT8=" - ] + "label": "PRoT", + "version": "1.3.5", + "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" } }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "ARoT", - "version": "0.1.4", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } + "value": { + "digests": [ + "sha-256:AmOCmYm2/ZVPcrqvL8ZLwuLwHWktTecphuqAj26ZgT8=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:o6XnFfDMV0pzw/m+u2vCTzL/1bZ7OHJEwskJ2neaFHg=" - ] + "label": "ARoT", + "version": "0.1.4", + "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" } + }, + "value": { + "digests": [ + "sha-256:o6XnFfDMV0pzw/m+u2vCTzL/1bZ7OHJEwskJ2neaFHg=" + ] } - ] + } } ] } diff --git a/integration-tests/data/endorsements/corim-cca-full.json b/integration-tests/data/endorsements/corim-cca-full.json index fb28d9ba..59e536d5 100644 --- a/integration-tests/data/endorsements/corim-cca-full.json +++ b/integration-tests/data/endorsements/corim-cca-full.json @@ -1,8 +1,6 @@ { "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc", - "profiles": [ - "http://arm.com/cca/ssd/1" - ], + "profile": "http://arm.com/cca/ssd/1", "validity": { "not-before": "2021-12-31T00:00:00Z", "not-after": "2025-12-31T00:00:00Z" @@ -16,4 +14,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/integration-tests/data/endorsements/corim-cca-platform-full.json b/integration-tests/data/endorsements/corim-cca-platform-full.json index fcba13aa..3147f677 100644 --- a/integration-tests/data/endorsements/corim-cca-platform-full.json +++ b/integration-tests/data/endorsements/corim-cca-platform-full.json @@ -1,8 +1,6 @@ { "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc", - "profiles": [ - "http://arm.com/cca/ssd/1" - ], + "profile": "http://arm.com/cca/ssd/1", "validity": { "not-before": "2021-12-31T00:00:00Z", "not-after": "2025-12-31T00:00:00Z" @@ -16,4 +14,4 @@ ] } ] - } \ No newline at end of file + } diff --git a/integration-tests/data/endorsements/corim-cca-realm-full.json b/integration-tests/data/endorsements/corim-cca-realm-full.json index 030554bf..d57492bd 100644 --- a/integration-tests/data/endorsements/corim-cca-realm-full.json +++ b/integration-tests/data/endorsements/corim-cca-realm-full.json @@ -1,8 +1,6 @@ { "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc", - "profiles": [ - "http://arm.com/cca/realm/1" - ], + "profile": "http://arm.com/cca/realm/1", "validity": { "not-before": "2021-12-31T00:00:00Z", "not-after": "2025-12-31T00:00:00Z" @@ -16,4 +14,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/integration-tests/data/endorsements/corim-enacttrust-badta.cbor b/integration-tests/data/endorsements/corim-enacttrust-badta.cbor index 91b0f5a2..bb497ebe 100644 Binary files a/integration-tests/data/endorsements/corim-enacttrust-badta.cbor and b/integration-tests/data/endorsements/corim-enacttrust-badta.cbor differ diff --git a/integration-tests/data/endorsements/corim-enacttrust-badta.yaml b/integration-tests/data/endorsements/corim-enacttrust-badta.yaml new file mode 100644 index 00000000..81031d40 --- /dev/null +++ b/integration-tests/data/endorsements/corim-enacttrust-badta.yaml @@ -0,0 +1,29 @@ +# This can be compiled into CBOR using +# https://github.com/veraison/gen-testcases +--- +0: !!binary |- + XFfo9EbNQhuRyQjPk+E8/A== +1: +- encodedCBOR: + tag: 506 + value: + 1: + 0: !!binary |- + Q7vjfy5hSzOu01PP8UKLFg== + 2: + - 0: EnactTrust + 1: + tag: 32 + value: https://enacttrust.com + 2: + - 0 + - 1 + - 2 + 4: + 3: + - - 1: + tag: 37 + value: !!binary |- + ffdxTqoERji8v0NLHdcg8Q== + - - 0: "@@@@" +3: http://enacttrust.com/veraison/1.0.0 diff --git a/integration-tests/data/endorsements/corim-enacttrust-mini.json b/integration-tests/data/endorsements/corim-enacttrust-mini.json index 96d9fdc2..c73bcf4d 100644 --- a/integration-tests/data/endorsements/corim-enacttrust-mini.json +++ b/integration-tests/data/endorsements/corim-enacttrust-mini.json @@ -1,6 +1,4 @@ { "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc", - "profiles": [ - "http://enacttrust.com/veraison/1.0.0" - ] + "profile": "http://enacttrust.com/veraison/1.0.0" } diff --git a/integration-tests/data/endorsements/corim-psa-full.json b/integration-tests/data/endorsements/corim-psa-full.json index 52b7cd5e..db4d772a 100644 --- a/integration-tests/data/endorsements/corim-psa-full.json +++ b/integration-tests/data/endorsements/corim-psa-full.json @@ -6,9 +6,7 @@ "thumbprint": "sha-256:5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXU=" } ], - "profiles": [ - "http://arm.com/psa/iot/1" - ], + "profile": "http://arm.com/psa/iot/1", "validity": { "not-before": "2021-12-31T00:00:00Z", "not-after": "2025-12-31T00:00:00Z" diff --git a/integration-tests/data/endorsements/corim-psa-mini.json b/integration-tests/data/endorsements/corim-psa-mini.json index f0116feb..f9528480 100644 --- a/integration-tests/data/endorsements/corim-psa-mini.json +++ b/integration-tests/data/endorsements/corim-psa-mini.json @@ -1,6 +1,4 @@ { "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc", - "profiles": [ - "http://arm.com/psa/iot/1" - ] + "profile": "http://arm.com/psa/iot/1" } diff --git a/integration-tests/tests/test_enacttrust_badkey.tavern.yaml b/integration-tests/tests/test_enacttrust_badkey.tavern.yaml index 4041c412..bbc4d4a4 100644 --- a/integration-tests/tests/test_enacttrust_badkey.tavern.yaml +++ b/integration-tests/tests/test_enacttrust_badkey.tavern.yaml @@ -34,4 +34,4 @@ stages: status_code: 200 json: status: failed - failure-reason: 'submit endorsement returned error: submit endorsements failed: RPC server returned error: plugin "unsigned-corim (TPM EnactTrust profile)" returned error: decoding failed for CoMID at index 0: error unmarshalling field "Triples": error unmarshalling field "AttestVerifKeys": cbor: cannot unmarshal map into Go struct field comid.AttestVerifKey.verification-keys of type comid.ICryptoKeyValue' + failure-reason: 'submit endorsement returned error: submit endorsements failed: RPC server returned error: plugin "unsigned-corim (TPM EnactTrust profile)" returned error: decoding failed for CoMID at index 0: error unmarshalling field "Triples": error unmarshalling field "AttestVerifKeys": cbor: cannot unmarshal map into Go struct field comid.KeyTriple.verification-keys of type comid.ICryptoKeyValue' diff --git a/integration-tests/utils/checkers.py b/integration-tests/utils/checkers.py index 1e2ced68..dcf0c61a 100644 --- a/integration-tests/utils/checkers.py +++ b/integration-tests/utils/checkers.py @@ -1,4 +1,4 @@ -# Copyright 2023 Contributors to the Veraison project. +# Copyright 2023-2024 Contributors to the Veraison project. # SPDX-License-Identifier: Apache-2.0 import os import json diff --git a/integration-tests/utils/generators.py b/integration-tests/utils/generators.py index d9575e5b..f8751abf 100644 --- a/integration-tests/utils/generators.py +++ b/integration-tests/utils/generators.py @@ -1,4 +1,4 @@ -# Copyright 2023 Contributors to the Veraison project. +# Copyright 2023-2024 Contributors to the Veraison project. # SPDX-License-Identifier: Apache-2.0 import ast import os diff --git a/integration-tests/utils/hooks.py b/integration-tests/utils/hooks.py index 2e781761..abe9bdbe 100644 --- a/integration-tests/utils/hooks.py +++ b/integration-tests/utils/hooks.py @@ -1,4 +1,4 @@ -# Copyright 2023 Contributors to the Veraison project. +# Copyright 2023-2024 Contributors to the Veraison project. # SPDX-License-Identifier: Apache-2.0 import os diff --git a/integration-tests/utils/util.py b/integration-tests/utils/util.py index 4f4cb462..d195ea49 100644 --- a/integration-tests/utils/util.py +++ b/integration-tests/utils/util.py @@ -1,4 +1,4 @@ -# Copyright 2023 Contributors to the Veraison project. +# Copyright 2023-2024 Contributors to the Veraison project. # SPDX-License-Identifier: Apache-2.0 import json import os diff --git a/mk/cmd.mk b/mk/cmd.mk index 833fbc51..865d9988 100644 --- a/mk/cmd.mk +++ b/mk/cmd.mk @@ -17,7 +17,7 @@ endif SCHEME_LOADER ?= plugins -_MIN_GO_VERSION = 1.19 +_MIN_GO_VERSION = 1.22 _GO_VERSION = $(shell go version | sed 's/^[^0-9]*\([0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/') .PHONY: _check_version diff --git a/scheme/arm-cca/corim_extractor.go b/scheme/arm-cca/corim_extractor.go index aac70b53..3b40f875 100644 --- a/scheme/arm-cca/corim_extractor.go +++ b/scheme/arm-cca/corim_extractor.go @@ -15,20 +15,20 @@ type CorimExtractor struct { Profile string } -func (o CorimExtractor) RefValExtractor(rv comid.ReferenceValue) ([]*handler.Endorsement, error) { +func (o CorimExtractor) RefValExtractor(rvs comid.ValueTriples) ([]*handler.Endorsement, error) { switch o.Profile { case "http://arm.com/cca/ssd/1": subScheme := &platform.CcaSsdExtractor{Scheme: SchemeName} - return subScheme.RefValExtractor(rv) + return subScheme.RefValExtractor(rvs) case "http://arm.com/cca/realm/1": subScheme := &realm.RealmExtractor{Scheme: SchemeName} - return subScheme.RefValExtractor(rv) + return subScheme.RefValExtractor(rvs) default: return nil, fmt.Errorf("invalid profile %s for scheme %s", o.Profile, SchemeName) } } -func (o CorimExtractor) TaExtractor(avk comid.AttestVerifKey) (*handler.Endorsement, error) { +func (o CorimExtractor) TaExtractor(avk comid.KeyTriple) (*handler.Endorsement, error) { switch o.Profile { case "http://arm.com/cca/ssd/1": subScheme := &platform.CcaSsdExtractor{Scheme: SchemeName} diff --git a/scheme/arm-cca/endorsement_handler_test.go b/scheme/arm-cca/endorsement_handler_test.go index eac25f36..f184661c 100644 --- a/scheme/arm-cca/endorsement_handler_test.go +++ b/scheme/arm-cca/endorsement_handler_test.go @@ -6,7 +6,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/veraison/corim/comid" ) func TestDecoder_GetAttestationScheme(t *testing.T) { @@ -66,16 +65,15 @@ func TestDecoder_Decode_invalid_data(t *testing.T) { } func TestDecoder_Decode_CcaSsdRefVal_OK(t *testing.T) { - tvs := []string{ - unsignedcorimCcacomidCcaRefValOne, - unsignedcorimCcacomidCcaRefValFour, + tvs := [][]byte{ + unsignedCorimCcaComidCcaRefValOne, + unsignedCorimCcaComidCcaRefValFour, } d := &EndorsementHandler{} for _, tv := range tvs { - data := comid.MustHexDecode(t, tv) - _, err := d.Decode(data) + _, err := d.Decode(tv) assert.NoError(t, err) } } @@ -83,40 +81,38 @@ func TestDecoder_Decode_CcaSsdRefVal_OK(t *testing.T) { func TestDecoder_Decode_CCaSsdRefVal_NOK(t *testing.T) { tvs := []struct { desc string - input string + input []byte expectedErr string }{ { desc: "missing profile inside corim containing one CCA platform config measurement", - input: unsignedcorimCcaNoProfilecomidCcaRefValOne, + input: unsignedCorimCcaNoProfileComidCcaRefValOne, expectedErr: "no profile information set in CoRIM", }, { desc: "missing profile inside corim containing multiple reference value measurements", - input: unsignedcorimCcaNoProfilecomidCcaRefValFour, + input: unsignedCorimCcaNoProfileComidCcaRefValFour, expectedErr: "no profile information set in CoRIM", }, } for _, tv := range tvs { - data := comid.MustHexDecode(t, tv.input) d := &EndorsementHandler{} - _, err := d.Decode(data) + _, err := d.Decode(tv.input) assert.EqualError(t, err, tv.expectedErr) } } func TestDecoder_DecodeCcaRealm_OK(t *testing.T) { - tvs := []string{ - unsignedcorimCcaRealmcomidCcaRealm, - unsignedcorimCcaRealmcomidCcaRealmNoClass, + tvs := [][]byte{ + unsignedCorimCcaRealmComidCcaRealm, + unsignedCorimCcaRealmComidCcaRealmNoClass, } d := &EndorsementHandler{} for _, tv := range tvs { - data := comid.MustHexDecode(t, tv) - _, err := d.Decode(data) + _, err := d.Decode(tv) assert.NoError(t, err) } } @@ -124,30 +120,31 @@ func TestDecoder_DecodeCcaRealm_OK(t *testing.T) { func TestDecoder_DecodeCcaRealm_negative_tests(t *testing.T) { tvs := []struct { desc string - input string + input []byte expectedErr string }{ { desc: "no realm instance identity in corim", - input: unsignedcorimCcaRealmcomidCcaRealmNoInstance, + input: unsignedCorimCcaRealmComidCcaRealmNoInstance, expectedErr: "bad software component in CoMID at index 0: could not extract Realm instance attributes: expecting instance in environment", }, { desc: "invalid instance identity in corim", - input: unsignedcorimCcaRealmcomidCcaRealmInvalidInstance, + input: unsignedCorimCcaRealmComidCcaRealmInvalidInstance, expectedErr: "bad software component in CoMID at index 0: could not extract Realm instance attributes: expecting instance as bytes for CCA Realm", }, { desc: "invalid class identity in corim", - input: unsignedcorimCcaRealmcomidCcaRealmInvalidClass, + input: unsignedCorimCcaRealmComidCcaRealmInvalidClass, expectedErr: "bad software component in CoMID at index 0: could not extract Realm class attributes: could not extract uuid from class-id: class-id type is: *comid.TaggedImplID", }, } for _, tv := range tvs { - data := comid.MustHexDecode(t, tv.input) - d := &EndorsementHandler{} - _, err := d.Decode(data) - assert.EqualError(t, err, tv.expectedErr) + t.Run(tv.desc, func (t *testing.T) { + d := &EndorsementHandler{} + _, err := d.Decode(tv.input) + assert.EqualError(t, err, tv.expectedErr) + }) } } diff --git a/scheme/arm-cca/test/corim/ComidCcaRefValFour.json b/scheme/arm-cca/test/corim/ComidCcaRefValFour.json deleted file mode 100644 index 296e843b..00000000 --- a/scheme/arm-cca/test/corim/ComidCcaRefValFour.json +++ /dev/null @@ -1,93 +0,0 @@ -{ - "lang": "en-GB", - "tag-identity": { - "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", - "version": 0 - }, - "entities": [ - { - "name": "ACME Ltd.", - "regid": "https://acme.example", - "roles": [ - "tagCreator", - "creator", - "maintainer" - ] - } - ], - "triples": { - "reference-values": [ - { - "environment": { - "class": { - "id": { - "type": "psa.impl-id", - "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" - }, - "vendor": "ACME", - "model": "RoadRunner" - } - }, - "measurements": [ - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "2.1.0", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } - }, - "value": { - "digests": [ - "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" - ] - } - }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "PRoT", - "version": "1.3.5", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } - }, - "value": { - "digests": [ - "sha-256:AmOCmYm2/ZVPcrqvL8ZLwuLwHWktTecphuqAj26ZgT8=" - ] - } - }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "ARoT", - "version": "0.1.4", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } - }, - "value": { - "digests": [ - "sha-256:o6XnFfDMV0pzw/m+u2vCTzL/1bZ7OHJEwskJ2neaFHg=" - ] - } - }, - { - "key": { - "type": "cca.platform-config-id", - "value": "any-value" - }, - "value": { - "raw-value": { - "type": "bytes", - "value": "cmF3dmFsdWUKcmF3dmFsdWUK" - } - } - } - ] - } - ] - } -} diff --git a/scheme/arm-cca/test/corim/build-test-vectors.sh b/scheme/arm-cca/test/corim/build-test-vectors.sh index bd2390b4..16a64376 100755 --- a/scheme/arm-cca/test/corim/build-test-vectors.sh +++ b/scheme/arm-cca/test/corim/build-test-vectors.sh @@ -5,77 +5,64 @@ set -eu set -o pipefail -# function generate_go_test_vector constructs CBOR test vector using -# supplied comid and corim json template and saves them in a file -# $1 file name for comid json template, example one of COMID_TEMPLATES -# $2 file name for corim json template, example CORIM_TEMPLATE -# $3 a qualifier for each cbor test vector name -# $4 name of the file where the generated CBOR test vectors are aggregated -generate_go_test_vector () { - echo "generating test vector using $1 $2" - cocli comid create -t $1.json - cocli corim create -m $1.cbor -t $2.json -o corim$1.cbor - echo "// automatically generated from:" >> $4 - echo "// $1.json and $2.json" >> $4 - echo "var $3$2$1 = "'`' >> $4 - cat corim$1.cbor | xxd -p >> $4 - echo '`' >> $4 -} - -CORIM_REALM_TEMPLATE="corimCcaRealm" +THIS_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +GEN_CORIM="$THIS_DIR/../../../common/scripts/gen-corim" -COMID_REALM_TEMPLATES= -COMID_REALM_TEMPLATES="${COMID_REALM_TEMPLATES} comidCcaRealm" -COMID_REALM_TEMPLATES="${COMID_REALM_TEMPLATES} comidCcaRealmNoClass" -COMID_REALM_TEMPLATES="${COMID_REALM_TEMPLATES} comidCcaRealmNoInstance" -COMID_REALM_TEMPLATES="${COMID_REALM_TEMPLATES} comidCcaRealmInvalidInstance" -COMID_REALM_TEMPLATES="${COMID_REALM_TEMPLATES} comidCcaRealmInvalidClass" +SUBATTESTERS=( + cca_platform + cca_realm +) -# CORIM CCA PLATFORM TEMPLATES -CORIM_PLATFORM_TEMPLATE="corimCca" -CORIM_PLATFORM_TEMPLATE="${CORIM_PLATFORM_TEMPLATE} corimCcaNoProfile" +CORIM_REALM_TEMPLATES=( + corimCcaRealm +) -# COMID CCA PLATFORM TEMPLATES -COMID_PLATFORM_TEMPLATES= -COMID_PLATFORM_TEMPLATES="${COMID_PLATFORM_TEMPLATES} comidCcaRefValOne" -COMID_PLATFORM_TEMPLATES="${COMID_PLATFORM_TEMPLATES} comidCcaRefValFour" +COMID_REALM_TEMPLATES=( + comidCcaRealm + comidCcaRealmNoClass + comidCcaRealmNoInstance + comidCcaRealmInvalidInstance + comidCcaRealmInvalidClass +) -TV_DOT_GO=${TV_DOT_GO?must be set in the environment.} +CORIM_PLATFORM_TEMPLATES=( + corimCca + corimCcaNoProfile +) -printf "package cca\n\n" > ${TV_DOT_GO} +COMID_PLATFORM_TEMPLATES=( + comidCcaRefValOne + comidCcaRefValFour +) -# function to generate test vectors for the supplied CCA Platform or Realm +# function to generate test vectors for the supplied CCA Platform or Realm # $1 passed argument whose templates needs to be constructed generate_templates() { + local sub_at=$1 - echo "generating templates for subattester $1" - printf "" >> ${TV_DOT_GO} + echo "generating templates for subattester $sub_at" - if [ "$1" == "cca_platform" ]; then - COMID_TEMPLATES=$COMID_PLATFORM_TEMPLATES - CORIM_TEMPLATE=$CORIM_PLATFORM_TEMPLATE + if [ "$sub_at" == "cca_platform" ]; then + COMID_TEMPLATES=("${COMID_PLATFORM_TEMPLATES[@]}") + CORIM_TEMPLATES=("${CORIM_PLATFORM_TEMPLATES[@]}") else - COMID_TEMPLATES=$COMID_REALM_TEMPLATES - CORIM_TEMPLATE=$CORIM_REALM_TEMPLATE + COMID_TEMPLATES=("${COMID_REALM_TEMPLATES[@]}") + CORIM_TEMPLATES=("${CORIM_REALM_TEMPLATES[@]}") fi - - for r in ${CORIM_TEMPLATE} + + for corim in "${CORIM_TEMPLATES[@]}" do - for t in ${COMID_TEMPLATES} + for comid in "${COMID_TEMPLATES[@]}" do - generate_go_test_vector $t $r "unsigned" $TV_DOT_GO + "$GEN_CORIM" "$THIS_DIR" "$comid" "$corim" "unsigned" done done } -SUBATTESTER= -SUBATTESTER="${SUBATTESTER} cca_platform" -SUBATTESTER="${SUBATTESTER} cca_realm" - -for at in ${SUBATTESTER} +for at in "${SUBATTESTERS[@]}" do - generate_templates $at + generate_templates "$at" done -gofmt -w $TV_DOT_GO \ No newline at end of file +echo "done" diff --git a/scheme/arm-cca/test/corim/comidCcaRealm.json b/scheme/arm-cca/test/corim/comidCcaRealm.json deleted file mode 100644 index a8b80ad7..00000000 --- a/scheme/arm-cca/test/corim/comidCcaRealm.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "lang": "en-GB", - "tag-identity": { - "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", - "version": 0 - }, - "entities": [ - { - "name": "Workload Client Ltd.", - "regid": "https://workloadclient.example", - "roles": [ - "tagCreator", - "creator", - "maintainer" - ] - } - ], - "triples": { - "reference-values": [ - { - "environment": { - "class": { - "id": { - "type": "uuid", - "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" - }, - "vendor": "Workload Client Ltd" - }, - "instance": { - "type": "bytes", - "value": "QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" - } - }, - "measurements": [ - { - "value": { - "raw-value": { - "type": "bytes", - "value": "5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXXkW3L1wMC1cttNjTq36X82j/dOYjR6gk3stnqE5SJNdQ==" - }, - "integrity-registers": { - "rim": { - "key-type": "text", - "value": [ - "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" - ] - }, - "rem0": { - "key-type": "text", - "value": [ - "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem1": { - "key-type": "text", - "value": [ - "sha-384;JQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem2": { - "key-type": "text", - "value": [ - "sha-384;MQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem3": { - "key-type": "text", - "value": [ - "sha-384;NQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - } - } - } - } - ] - } - ] - } -} diff --git a/scheme/arm-cca/test/corim/comidCcaRealmInvalidClass.json b/scheme/arm-cca/test/corim/comidCcaRealmInvalidClass.json deleted file mode 100644 index 26da78d4..00000000 --- a/scheme/arm-cca/test/corim/comidCcaRealmInvalidClass.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "lang": "en-GB", - "tag-identity": { - "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", - "version": 0 - }, - "entities": [ - { - "name": "Workload Client Ltd.", - "regid": "https://workloadclient.example", - "roles": [ - "tagCreator", - "creator", - "maintainer" - ] - } - ], - "triples": { - "reference-values": [ - { - "environment": { - "class": { - "id": { - "type": "psa.impl-id", - "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" - }, - "vendor": "ACME" - }, - "instance": { - "type": "bytes", - "value": "QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" - } - }, - "measurements": [ - { - "value": { - "raw-value": { - "type": "bytes", - "value": "5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXXkW3L1wMC1cttNjTq36X82j/dOYjR6gk3stnqE5SJNdQ==" - }, - "integrity-registers": { - "rim": { - "key-type": "text", - "value": [ - "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" - ] - }, - "rem0": { - "key-type": "text", - "value": [ - "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem1": { - "key-type": "text", - "value": [ - "sha-384;JQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem2": { - "key-type": "text", - "value": [ - "sha-384;MQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem3": { - "key-type": "text", - "value": [ - "sha-384;NQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - } - } - } - } - ] - } - ] - } -} diff --git a/scheme/arm-cca/test/corim/comidCcaRealmInvalidInstance.json b/scheme/arm-cca/test/corim/comidCcaRealmInvalidInstance.json deleted file mode 100644 index a7ecff92..00000000 --- a/scheme/arm-cca/test/corim/comidCcaRealmInvalidInstance.json +++ /dev/null @@ -1,75 +0,0 @@ -{ - "lang": "en-GB", - "tag-identity": { - "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", - "version": 0 - }, - "entities": [ - { - "name": "Workload Client Ltd.", - "regid": "https://workloadclient.example", - "roles": [ - "tagCreator", - "creator", - "maintainer" - ] - } - ], - "triples": { - "reference-values": [ - { - "environment": { - "class": { - "id": { - "type": "uuid", - "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" - }, - "vendor": "Workload Client Ltd" - }, - "instance": { - "type": "ueid", - "value": "Ac7rrnuJJ6MiflMDz14PH3s0u1Qq1yUKwD+83jbsLxUI" - } - }, - "measurements": [ - { - "value": { - "integrity-registers": { - "rim": { - "key-type": "text", - "value": [ - "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" - ] - }, - "rem0": { - "key-type": "text", - "value": [ - "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem1": { - "key-type": "text", - "value": [ - "sha-384;JQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem2": { - "key-type": "text", - "value": [ - "sha-384;MQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem3": { - "key-type": "text", - "value": [ - "sha-384;NQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - } - } - } - } - ] - } - ] - } -} diff --git a/scheme/arm-cca/test/corim/comidCcaRealmNoClass.json b/scheme/arm-cca/test/corim/comidCcaRealmNoClass.json deleted file mode 100644 index 469585d0..00000000 --- a/scheme/arm-cca/test/corim/comidCcaRealmNoClass.json +++ /dev/null @@ -1,68 +0,0 @@ -{ - "lang": "en-GB", - "tag-identity": { - "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", - "version": 0 - }, - "entities": [ - { - "name": "Workload Client Ltd.", - "regid": "https://workloadclient.example", - "roles": [ - "tagCreator", - "creator", - "maintainer" - ] - } - ], - "triples": { - "reference-values": [ - { - "environment": { - "instance": { - "type": "bytes", - "value": "QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" - } - }, - "measurements": [ - { - "value": { - "integrity-registers": { - "rim": { - "key-type": "text", - "value": [ - "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" - ] - }, - "rem0": { - "key-type": "text", - "value": [ - "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem1": { - "key-type": "text", - "value": [ - "sha-384;JQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem2": { - "key-type": "text", - "value": [ - "sha-384;MQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem3": { - "key-type": "text", - "value": [ - "sha-384;NQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - } - } - } - } - ] - } - ] - } -} diff --git a/scheme/arm-cca/test/corim/comidCcaRealmNoInstance.json b/scheme/arm-cca/test/corim/comidCcaRealmNoInstance.json deleted file mode 100644 index 2b38bd54..00000000 --- a/scheme/arm-cca/test/corim/comidCcaRealmNoInstance.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "lang": "en-GB", - "tag-identity": { - "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", - "version": 0 - }, - "entities": [ - { - "name": "Workload Client Ltd.", - "regid": "https://workloadclient.example", - "roles": [ - "tagCreator", - "creator", - "maintainer" - ] - } - ], - "triples": { - "reference-values": [ - { - "environment": { - "class": { - "id": { - "type": "uuid", - "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" - }, - "vendor": "Workload Client Ltd" - } - }, - "measurements": [ - { - "value": { - "integrity-registers": { - "rim": { - "key-type": "text", - "value": [ - "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" - ] - }, - "rem0": { - "key-type": "text", - "value": [ - "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem1": { - "key-type": "text", - "value": [ - "sha-384;JQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem2": { - "key-type": "text", - "value": [ - "sha-384;MQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem3": { - "key-type": "text", - "value": [ - "sha-384;NQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - } - } - } - } - ] - } - ] - } -} diff --git a/scheme/arm-cca/test/corim/src/comidCcaRealm.json b/scheme/arm-cca/test/corim/src/comidCcaRealm.json new file mode 100644 index 00000000..b2c3f494 --- /dev/null +++ b/scheme/arm-cca/test/corim/src/comidCcaRealm.json @@ -0,0 +1,77 @@ +{ + "lang": "en-GB", + "tag-identity": { + "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", + "version": 0 + }, + "entities": [ + { + "name": "Workload Client Ltd.", + "regid": "https://workloadclient.example", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "uuid", + "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" + }, + "vendor": "Workload Client Ltd" + }, + "instance": { + "type": "bytes", + "value": "QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" + } + }, + "measurement": { + "value": { + "raw-value": { + "type": "bytes", + "value": "5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXXkW3L1wMC1cttNjTq36X82j/dOYjR6gk3stnqE5SJNdQ==" + }, + "integrity-registers": { + "rim": { + "key-type": "text", + "value": [ + "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" + ] + }, + "rem0": { + "key-type": "text", + "value": [ + "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem1": { + "key-type": "text", + "value": [ + "sha-384;JQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem2": { + "key-type": "text", + "value": [ + "sha-384;MQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem3": { + "key-type": "text", + "value": [ + "sha-384;NQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + } + } + } + } + } + ] + } +} diff --git a/scheme/arm-cca/test/corim/src/comidCcaRealmInvalidClass.json b/scheme/arm-cca/test/corim/src/comidCcaRealmInvalidClass.json new file mode 100644 index 00000000..c4080743 --- /dev/null +++ b/scheme/arm-cca/test/corim/src/comidCcaRealmInvalidClass.json @@ -0,0 +1,77 @@ +{ + "lang": "en-GB", + "tag-identity": { + "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", + "version": 0 + }, + "entities": [ + { + "name": "Workload Client Ltd.", + "regid": "https://workloadclient.example", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" + }, + "vendor": "ACME" + }, + "instance": { + "type": "bytes", + "value": "QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" + } + }, + "measurement": { + "value": { + "raw-value": { + "type": "bytes", + "value": "5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXXkW3L1wMC1cttNjTq36X82j/dOYjR6gk3stnqE5SJNdQ==" + }, + "integrity-registers": { + "rim": { + "key-type": "text", + "value": [ + "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" + ] + }, + "rem0": { + "key-type": "text", + "value": [ + "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem1": { + "key-type": "text", + "value": [ + "sha-384;JQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem2": { + "key-type": "text", + "value": [ + "sha-384;MQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem3": { + "key-type": "text", + "value": [ + "sha-384;NQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + } + } + } + } + } + ] + } +} diff --git a/scheme/arm-cca/test/corim/src/comidCcaRealmInvalidInstance.json b/scheme/arm-cca/test/corim/src/comidCcaRealmInvalidInstance.json new file mode 100644 index 00000000..47558bde --- /dev/null +++ b/scheme/arm-cca/test/corim/src/comidCcaRealmInvalidInstance.json @@ -0,0 +1,73 @@ +{ + "lang": "en-GB", + "tag-identity": { + "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", + "version": 0 + }, + "entities": [ + { + "name": "Workload Client Ltd.", + "regid": "https://workloadclient.example", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "uuid", + "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" + }, + "vendor": "Workload Client Ltd" + }, + "instance": { + "type": "ueid", + "value": "Ac7rrnuJJ6MiflMDz14PH3s0u1Qq1yUKwD+83jbsLxUI" + } + }, + "measurement": { + "value": { + "integrity-registers": { + "rim": { + "key-type": "text", + "value": [ + "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" + ] + }, + "rem0": { + "key-type": "text", + "value": [ + "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem1": { + "key-type": "text", + "value": [ + "sha-384;JQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem2": { + "key-type": "text", + "value": [ + "sha-384;MQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem3": { + "key-type": "text", + "value": [ + "sha-384;NQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + } + } + } + } + } + ] + } +} diff --git a/scheme/arm-cca/test/corim/src/comidCcaRealmNoClass.json b/scheme/arm-cca/test/corim/src/comidCcaRealmNoClass.json new file mode 100644 index 00000000..1e4c5771 --- /dev/null +++ b/scheme/arm-cca/test/corim/src/comidCcaRealmNoClass.json @@ -0,0 +1,66 @@ +{ + "lang": "en-GB", + "tag-identity": { + "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", + "version": 0 + }, + "entities": [ + { + "name": "Workload Client Ltd.", + "regid": "https://workloadclient.example", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "instance": { + "type": "bytes", + "value": "QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" + } + }, + "measurement": { + "value": { + "integrity-registers": { + "rim": { + "key-type": "text", + "value": [ + "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" + ] + }, + "rem0": { + "key-type": "text", + "value": [ + "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem1": { + "key-type": "text", + "value": [ + "sha-384;JQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem2": { + "key-type": "text", + "value": [ + "sha-384;MQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem3": { + "key-type": "text", + "value": [ + "sha-384;NQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + } + } + } + } + } + ] + } +} diff --git a/scheme/arm-cca/test/corim/src/comidCcaRealmNoInstance.json b/scheme/arm-cca/test/corim/src/comidCcaRealmNoInstance.json new file mode 100644 index 00000000..0bca088b --- /dev/null +++ b/scheme/arm-cca/test/corim/src/comidCcaRealmNoInstance.json @@ -0,0 +1,69 @@ +{ + "lang": "en-GB", + "tag-identity": { + "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", + "version": 0 + }, + "entities": [ + { + "name": "Workload Client Ltd.", + "regid": "https://workloadclient.example", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "uuid", + "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" + }, + "vendor": "Workload Client Ltd" + } + }, + "measurement": { + "value": { + "integrity-registers": { + "rim": { + "key-type": "text", + "value": [ + "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" + ] + }, + "rem0": { + "key-type": "text", + "value": [ + "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem1": { + "key-type": "text", + "value": [ + "sha-384;JQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem2": { + "key-type": "text", + "value": [ + "sha-384;MQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem3": { + "key-type": "text", + "value": [ + "sha-384;NQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + } + } + } + } + } + ] + } +} diff --git a/scheme/arm-cca/test/corim/src/comidCcaRefValFour.json b/scheme/arm-cca/test/corim/src/comidCcaRefValFour.json new file mode 100644 index 00000000..12de6cd4 --- /dev/null +++ b/scheme/arm-cca/test/corim/src/comidCcaRefValFour.json @@ -0,0 +1,127 @@ +{ + "lang": "en-GB", + "tag-identity": { + "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", + "version": 0 + }, + "entities": [ + { + "name": "ACME Ltd.", + "regid": "https://acme.example", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" + }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", + "value": { + "label": "BL", + "version": "2.1.0", + "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" + } + }, + "value": { + "digests": [ + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" + }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", + "value": { + "label": "PRoT", + "version": "1.3.5", + "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" + } + }, + "value": { + "digests": [ + "sha-256:AmOCmYm2/ZVPcrqvL8ZLwuLwHWktTecphuqAj26ZgT8=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" + }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", + "value": { + "label": "ARoT", + "version": "0.1.4", + "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" + } + }, + "value": { + "digests": [ + "sha-256:o6XnFfDMV0pzw/m+u2vCTzL/1bZ7OHJEwskJ2neaFHg=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" + }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "cca.platform-config-id", + "value": "any-value" + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "cmF3dmFsdWUKcmF3dmFsdWUK" + } + } + } + } + ] + } +} diff --git a/scheme/arm-cca/test/corim/ComidCcaRefValOne.json b/scheme/arm-cca/test/corim/src/comidCcaRefValOne.json similarity index 69% rename from scheme/arm-cca/test/corim/ComidCcaRefValOne.json rename to scheme/arm-cca/test/corim/src/comidCcaRefValOne.json index 0871e7ea..a02a8b02 100644 --- a/scheme/arm-cca/test/corim/ComidCcaRefValOne.json +++ b/scheme/arm-cca/test/corim/src/comidCcaRefValOne.json @@ -29,20 +29,18 @@ "model": "RoadRunner" } }, - "measurements": [ - { - "key": { - "type": "cca.platform-config-id", - "value": "any-label" - }, - "value": { - "raw-value": { - "type": "bytes", - "value": "cmF3dmFsdWUKcmF3dmFsdWUK" - } + "measurement": { + "key": { + "type": "cca.platform-config-id", + "value": "any-label" + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "cmF3dmFsdWUKcmF3dmFsdWUK" } } - ] + } } ] } diff --git a/scheme/arm-cca/test/corim/corimCca.json b/scheme/arm-cca/test/corim/src/corimCca.json similarity index 90% rename from scheme/arm-cca/test/corim/corimCca.json rename to scheme/arm-cca/test/corim/src/corimCca.json index 8413db0a..cbebc13b 100644 --- a/scheme/arm-cca/test/corim/corimCca.json +++ b/scheme/arm-cca/test/corim/src/corimCca.json @@ -6,9 +6,7 @@ "thumbprint": "sha-256:5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXU=" } ], - "profiles": [ - "http://arm.com/cca/ssd/1" - ], + "profile": "http://arm.com/cca/ssd/1", "validity": { "not-before": "2021-12-31T00:00:00Z", "not-after": "2025-12-31T00:00:00Z" diff --git a/scheme/arm-cca/test/corim/src/corimCcaNoProfile.json b/scheme/arm-cca/test/corim/src/corimCcaNoProfile.json new file mode 100644 index 00000000..b0650f9e --- /dev/null +++ b/scheme/arm-cca/test/corim/src/corimCcaNoProfile.json @@ -0,0 +1,22 @@ +{ + "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc", + "dependent-rims": [ + { + "href": "https://parent.example/rims/ccb3aa85-61b4-40f1-848e-02ad6e8a254b", + "thumbprint": "sha-256:5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXU=" + } + ], + "validity": { + "not-before": "2021-12-31T00:00:00Z", + "not-after": "2025-12-31T00:00:00Z" + }, + "entities": [ + { + "name": "ACME Ltd.", + "regid": "acme.example", + "roles": [ + "manifestCreator" + ] + } + ] +} diff --git a/scheme/arm-cca/test/corim/corimCcaRealm.json b/scheme/arm-cca/test/corim/src/corimCcaRealm.json similarity index 84% rename from scheme/arm-cca/test/corim/corimCcaRealm.json rename to scheme/arm-cca/test/corim/src/corimCcaRealm.json index cb496711..d57492bd 100644 --- a/scheme/arm-cca/test/corim/corimCcaRealm.json +++ b/scheme/arm-cca/test/corim/src/corimCcaRealm.json @@ -1,8 +1,6 @@ { "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc", - "profiles": [ - "http://arm.com/cca/realm/1" - ], + "profile": "http://arm.com/cca/realm/1", "validity": { "not-before": "2021-12-31T00:00:00Z", "not-after": "2025-12-31T00:00:00Z" diff --git a/scheme/arm-cca/test/corim/unsignedCorimCcaComidCcaRefValFour.cbor b/scheme/arm-cca/test/corim/unsignedCorimCcaComidCcaRefValFour.cbor new file mode 100644 index 00000000..8a8cc36a Binary files /dev/null and b/scheme/arm-cca/test/corim/unsignedCorimCcaComidCcaRefValFour.cbor differ diff --git a/scheme/arm-cca/test/corim/unsignedCorimCcaComidCcaRefValOne.cbor b/scheme/arm-cca/test/corim/unsignedCorimCcaComidCcaRefValOne.cbor new file mode 100644 index 00000000..186f8150 Binary files /dev/null and b/scheme/arm-cca/test/corim/unsignedCorimCcaComidCcaRefValOne.cbor differ diff --git a/scheme/arm-cca/test/corim/unsignedCorimCcaNoProfileComidCcaRefValFour.cbor b/scheme/arm-cca/test/corim/unsignedCorimCcaNoProfileComidCcaRefValFour.cbor new file mode 100644 index 00000000..04a63a5a Binary files /dev/null and b/scheme/arm-cca/test/corim/unsignedCorimCcaNoProfileComidCcaRefValFour.cbor differ diff --git a/scheme/arm-cca/test/corim/unsignedCorimCcaNoProfileComidCcaRefValOne.cbor b/scheme/arm-cca/test/corim/unsignedCorimCcaNoProfileComidCcaRefValOne.cbor new file mode 100644 index 00000000..f49ccae9 Binary files /dev/null and b/scheme/arm-cca/test/corim/unsignedCorimCcaNoProfileComidCcaRefValOne.cbor differ diff --git a/scheme/arm-cca/test/corim/unsignedCorimCcaRealmComidCcaRealm.cbor b/scheme/arm-cca/test/corim/unsignedCorimCcaRealmComidCcaRealm.cbor new file mode 100644 index 00000000..c41ff5e4 Binary files /dev/null and b/scheme/arm-cca/test/corim/unsignedCorimCcaRealmComidCcaRealm.cbor differ diff --git a/scheme/arm-cca/test/corim/unsignedCorimCcaRealmComidCcaRealmInvalidClass.cbor b/scheme/arm-cca/test/corim/unsignedCorimCcaRealmComidCcaRealmInvalidClass.cbor new file mode 100644 index 00000000..b48479b7 Binary files /dev/null and b/scheme/arm-cca/test/corim/unsignedCorimCcaRealmComidCcaRealmInvalidClass.cbor differ diff --git a/scheme/arm-cca/test/corim/unsignedCorimCcaRealmComidCcaRealmInvalidInstance.cbor b/scheme/arm-cca/test/corim/unsignedCorimCcaRealmComidCcaRealmInvalidInstance.cbor new file mode 100644 index 00000000..4e7fd5b4 Binary files /dev/null and b/scheme/arm-cca/test/corim/unsignedCorimCcaRealmComidCcaRealmInvalidInstance.cbor differ diff --git a/scheme/arm-cca/test/corim/unsignedCorimCcaRealmComidCcaRealmNoClass.cbor b/scheme/arm-cca/test/corim/unsignedCorimCcaRealmComidCcaRealmNoClass.cbor new file mode 100644 index 00000000..0925050f Binary files /dev/null and b/scheme/arm-cca/test/corim/unsignedCorimCcaRealmComidCcaRealmNoClass.cbor differ diff --git a/scheme/arm-cca/test/corim/unsignedCorimCcaRealmComidCcaRealmNoInstance.cbor b/scheme/arm-cca/test/corim/unsignedCorimCcaRealmComidCcaRealmNoInstance.cbor new file mode 100644 index 00000000..e6351aa9 Binary files /dev/null and b/scheme/arm-cca/test/corim/unsignedCorimCcaRealmComidCcaRealmNoInstance.cbor differ diff --git a/scheme/arm-cca/test_vectors.go b/scheme/arm-cca/test_vectors.go index 83b86a48..71c0393c 100644 --- a/scheme/arm-cca/test_vectors.go +++ b/scheme/arm-cca/test_vectors.go @@ -1,223 +1,36 @@ // Copyright 2024 Contributors to the Veraison project. +// Copyright 2024 Contributors to the Veraison project. // SPDX-License-Identifier: Apache-2.0 package arm_cca -// automatically generated from: -// comidCcaRefValOne.json and corimCca.json -var unsignedcorimCcacomidCcaRefValOne = ` -a600505c57e8f446cd421b91c908cf93e13cfc018158b3d901faa4006565 -6e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a3006941 -434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d70 -6c65028300010204a1008182a100a300d90258582061636d652d696d706c -656d656e746174696f6e2d69642d303030303030303031016441434d4502 -6a526f616452756e6e657281a200d9025a69616e792d6c6162656c01a104 -d902305272617776616c75650a72617776616c75650a0281a200d8207840 -68747470733a2f2f706172656e742e6578616d706c652f72696d732f6363 -6233616138352d363162342d343066312d383438652d3032616436653861 -323534620182015820e45b72f5c0c0b572db4d8d3ab7e97f368ff74e6234 -7a824decb67a84e5224d7503817818687474703a2f2f61726d2e636f6d2f -6363612f7373642f3104a200c11a61ce480001c11a695467800581a30069 -41434d45204c74642e01d8206c61636d652e6578616d706c65028101 -` +import _ "embed" + +var ( + //go:embed test/corim/unsignedCorimCcaComidCcaRefValOne.cbor + unsignedCorimCcaComidCcaRefValOne []byte -// automatically generated from: -// comidCcaRefValFour.json and corimCca.json -var unsignedcorimCcacomidCcaRefValFour = ` -a600505c57e8f446cd421b91c908cf93e13cfc01815901cbd901faa40065 -656e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a30069 -41434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d -706c65028300010204a1008182a100a300d90258582061636d652d696d70 -6c656d656e746174696f6e2d69642d303030303030303031016441434d45 -026a526f616452756e6e657284a200d90259a30162424c0465322e312e30 -055820acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd9e7871f7 -e5d8bae86b01a102818201582087428fc522803d31065e7bce3cf03fe475 -096631e5e07bbd7a0fde60c4cf25c7a200d90259a3016450526f54046531 -2e332e35055820acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd -9e7871f7e5d8bae86b01a10281820158200263829989b6fd954f72baaf2f -c64bc2e2f01d692d4de72986ea808f6e99813fa200d90259a3016441526f -540465302e312e34055820acbb11c7e4da217205523ce4ce1a245ae1a239 -ae3c6bfd9e7871f7e5d8bae86b01a1028182015820a3a5e715f0cc574a73 -c3f9bebb6bc24f32ffd5b67b387244c2c909da779a1478a200d9025a6961 -6e792d76616c756501a104d902305272617776616c75650a72617776616c -75650a0281a200d820784068747470733a2f2f706172656e742e6578616d -706c652f72696d732f63636233616138352d363162342d343066312d3834 -38652d3032616436653861323534620182015820e45b72f5c0c0b572db4d -8d3ab7e97f368ff74e62347a824decb67a84e5224d750381781868747470 -3a2f2f61726d2e636f6d2f6363612f7373642f3104a200c11a61ce480001 -c11a695467800581a3006941434d45204c74642e01d8206c61636d652e65 -78616d706c65028101 -` + //go:embed test/corim/unsignedCorimCcaComidCcaRefValFour.cbor + unsignedCorimCcaComidCcaRefValFour []byte -// automatically generated from: -// comidCcaRefValOne.json and corimCcaNoProfile.json -var unsignedcorimCcaNoProfilecomidCcaRefValOne = ` -a500505c57e8f446cd421b91c908cf93e13cfc018158b3d901faa4006565 -6e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a3006941 -434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d70 -6c65028300010204a1008182a100a300d90258582061636d652d696d706c -656d656e746174696f6e2d69642d303030303030303031016441434d4502 -6a526f616452756e6e657281a200d9025a69616e792d6c6162656c01a104 -d902305272617776616c75650a72617776616c75650a0281a200d8207840 -68747470733a2f2f706172656e742e6578616d706c652f72696d732f6363 -6233616138352d363162342d343066312d383438652d3032616436653861 -323534620182015820e45b72f5c0c0b572db4d8d3ab7e97f368ff74e6234 -7a824decb67a84e5224d7504a200c11a61ce480001c11a695467800581a3 -006941434d45204c74642e01d8206c61636d652e6578616d706c65028101 -` + //go:embed test/corim/unsignedCorimCcaNoProfileComidCcaRefValOne.cbor + unsignedCorimCcaNoProfileComidCcaRefValOne []byte -// automatically generated from: -// comidCcaRefValFour.json and corimCcaNoProfile.json -var unsignedcorimCcaNoProfilecomidCcaRefValFour = ` -a500505c57e8f446cd421b91c908cf93e13cfc01815901cbd901faa40065 -656e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a30069 -41434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d -706c65028300010204a1008182a100a300d90258582061636d652d696d70 -6c656d656e746174696f6e2d69642d303030303030303031016441434d45 -026a526f616452756e6e657284a200d90259a30162424c0465322e312e30 -055820acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd9e7871f7 -e5d8bae86b01a102818201582087428fc522803d31065e7bce3cf03fe475 -096631e5e07bbd7a0fde60c4cf25c7a200d90259a3016450526f54046531 -2e332e35055820acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd -9e7871f7e5d8bae86b01a10281820158200263829989b6fd954f72baaf2f -c64bc2e2f01d692d4de72986ea808f6e99813fa200d90259a3016441526f -540465302e312e34055820acbb11c7e4da217205523ce4ce1a245ae1a239 -ae3c6bfd9e7871f7e5d8bae86b01a1028182015820a3a5e715f0cc574a73 -c3f9bebb6bc24f32ffd5b67b387244c2c909da779a1478a200d9025a6961 -6e792d76616c756501a104d902305272617776616c75650a72617776616c -75650a0281a200d820784068747470733a2f2f706172656e742e6578616d -706c652f72696d732f63636233616138352d363162342d343066312d3834 -38652d3032616436653861323534620182015820e45b72f5c0c0b572db4d -8d3ab7e97f368ff74e62347a824decb67a84e5224d7504a200c11a61ce48 -0001c11a695467800581a3006941434d45204c74642e01d8206c61636d65 -2e6578616d706c65028101 -` + //go:embed test/corim/unsignedCorimCcaNoProfileComidCcaRefValFour.cbor + unsignedCorimCcaNoProfileComidCcaRefValFour []byte -// automatically generated from: -// comidCcaRealm.json and corimCcaRealm.json -var unsignedcorimCcaRealmcomidCcaRealm = ` -a500505c57e8f446cd421b91c908cf93e13cfc0181590234d901faa40065 -656e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a30074 -576f726b6c6f616420436c69656e74204c74642e01d820781e6874747073 -3a2f2f776f726b6c6f6164636c69656e742e6578616d706c650283000102 -04a1008182a200a200d82550cd1f0e5526f9460db9d8f7fde171787c0173 -576f726b6c6f616420436c69656e74204c746401d9023058304284b5694c -a6c0d2cf4789a0b95ac8025c818de52304364be7cd2981b2d2edc685b322 -277ec25819962413d8c9b2c1f581a101a204d902305840e45b72f5c0c0b5 -72db4d8d3ab7e97f368ff74e62347a824decb67a84e5224d75e45b72f5c0 -c0b572db4d8d3ab7e97f368ff74e62347a824decb67a84e5224d750ea563 -72696d81820758304284b5694ca6c0d2cf4789a0b95ac8025c818de52304 -364be7cd2981b2d2edc685b322277ec25819962413d8c9b2c1f56472656d -3081820758302107bbe761fca52d95136a1354db7a4dd57b1b26be0d3da7 -1d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a786472656d3181 -820758302507bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d9e -b23986b34ba615abf6514cf35e5a9ea55a032d068a786472656d32818207 -58303107bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb239 -86b34ba615abf6514cf35e5a9ea55a032d068a786472656d338182075830 -3507bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb23986b3 -4ba615abf6514cf35e5a9ea55a032d068a780381781a687474703a2f2f61 -726d2e636f6d2f6363612f7265616c6d2f3104a200c11a61ce480001c11a -695467800581a3006941434d45204c74642e01d8206c61636d652e657861 -6d706c65028101 -` + //go:embed test/corim/unsignedCorimCcaRealmComidCcaRealm.cbor + unsignedCorimCcaRealmComidCcaRealm []byte -// automatically generated from: -// comidCcaRealmNoClass.json and corimCcaRealm.json -var unsignedcorimCcaRealmcomidCcaRealmNoClass = ` -a500505c57e8f446cd421b91c908cf93e13cfc01815901c3d901faa40065 -656e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a30074 -576f726b6c6f616420436c69656e74204c74642e01d820781e6874747073 -3a2f2f776f726b6c6f6164636c69656e742e6578616d706c650283000102 -04a1008182a101d9023058304284b5694ca6c0d2cf4789a0b95ac8025c81 -8de52304364be7cd2981b2d2edc685b322277ec25819962413d8c9b2c1f5 -81a101a10ea56372696d81820758304284b5694ca6c0d2cf4789a0b95ac8 -025c818de52304364be7cd2981b2d2edc685b322277ec25819962413d8c9 -b2c1f56472656d3081820758302107bbe761fca52d95136a1354db7a4dd5 -7b1b26be0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a -786472656d3181820758302507bbe761fca52d95136a1354db7a4dd57b1b -26be0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a7864 -72656d3281820758303107bbe761fca52d95136a1354db7a4dd57b1b26be -0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a78647265 -6d3381820758303507bbe761fca52d95136a1354db7a4dd57b1b26be0d3d -a71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a780381781a68 -7474703a2f2f61726d2e636f6d2f6363612f7265616c6d2f3104a200c11a -61ce480001c11a695467800581a3006941434d45204c74642e01d8206c61 -636d652e6578616d706c65028101 -` + //go:embed test/corim/unsignedCorimCcaRealmComidCcaRealmNoClass.cbor + unsignedCorimCcaRealmComidCcaRealmNoClass []byte -// automatically generated from: -// comidCcaRealmNoInstance.json and corimCcaRealm.json -var unsignedcorimCcaRealmcomidCcaRealmNoInstance = ` -a500505c57e8f446cd421b91c908cf93e13cfc01815901b8d901faa40065 -656e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a30074 -576f726b6c6f616420436c69656e74204c74642e01d820781e6874747073 -3a2f2f776f726b6c6f6164636c69656e742e6578616d706c650283000102 -04a1008182a100a200d82550cd1f0e5526f9460db9d8f7fde171787c0173 -576f726b6c6f616420436c69656e74204c746481a101a10ea56372696d81 -820758304284b5694ca6c0d2cf4789a0b95ac8025c818de52304364be7cd -2981b2d2edc685b322277ec25819962413d8c9b2c1f56472656d30818207 -58302107bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb239 -86b34ba615abf6514cf35e5a9ea55a032d068a786472656d318182075830 -2507bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb23986b3 -4ba615abf6514cf35e5a9ea55a032d068a786472656d3281820758303107 -bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb23986b34ba6 -15abf6514cf35e5a9ea55a032d068a786472656d3381820758303507bbe7 -61fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb23986b34ba615ab -f6514cf35e5a9ea55a032d068a780381781a687474703a2f2f61726d2e63 -6f6d2f6363612f7265616c6d2f3104a200c11a61ce480001c11a69546780 -0581a3006941434d45204c74642e01d8206c61636d652e6578616d706c65 -028101 -` + //go:embed test/corim/unsignedCorimCcaRealmComidCcaRealmNoInstance.cbor + unsignedCorimCcaRealmComidCcaRealmNoInstance []byte -// automatically generated from: -// comidCcaRealmInvalidInstance.json and corimCcaRealm.json -var unsignedcorimCcaRealmcomidCcaRealmInvalidInstance = ` -a500505c57e8f446cd421b91c908cf93e13cfc01815901dfd901faa40065 -656e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a30074 -576f726b6c6f616420436c69656e74204c74642e01d820781e6874747073 -3a2f2f776f726b6c6f6164636c69656e742e6578616d706c650283000102 -04a1008182a200a200d82550cd1f0e5526f9460db9d8f7fde171787c0173 -576f726b6c6f616420436c69656e74204c746401d90226582101ceebae7b -8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f150881a1 -01a10ea56372696d81820758304284b5694ca6c0d2cf4789a0b95ac8025c -818de52304364be7cd2981b2d2edc685b322277ec25819962413d8c9b2c1 -f56472656d3081820758302107bbe761fca52d95136a1354db7a4dd57b1b -26be0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a7864 -72656d3181820758302507bbe761fca52d95136a1354db7a4dd57b1b26be -0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a78647265 -6d3281820758303107bbe761fca52d95136a1354db7a4dd57b1b26be0d3d -a71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a786472656d33 -81820758303507bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d -9eb23986b34ba615abf6514cf35e5a9ea55a032d068a780381781a687474 -703a2f2f61726d2e636f6d2f6363612f7265616c6d2f3104a200c11a61ce -480001c11a695467800581a3006941434d45204c74642e01d8206c61636d -652e6578616d706c65028101 -` + //go:embed test/corim/unsignedCorimCcaRealmComidCcaRealmInvalidInstance.cbor + unsignedCorimCcaRealmComidCcaRealmInvalidInstance []byte -// automatically generated from: -// comidCcaRealmInvalidClass.json and corimCcaRealm.json -var unsignedcorimCcaRealmcomidCcaRealmInvalidClass = ` -a500505c57e8f446cd421b91c908cf93e13cfc0181590237d901faa40065 -656e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a30074 -576f726b6c6f616420436c69656e74204c74642e01d820781e6874747073 -3a2f2f776f726b6c6f6164636c69656e742e6578616d706c650283000102 -04a1008182a200a200d90258582061636d652d696d706c656d656e746174 -696f6e2d69642d303030303030303031016441434d4501d9023058304284 -b5694ca6c0d2cf4789a0b95ac8025c818de52304364be7cd2981b2d2edc6 -85b322277ec25819962413d8c9b2c1f581a101a204d902305840e45b72f5 -c0c0b572db4d8d3ab7e97f368ff74e62347a824decb67a84e5224d75e45b -72f5c0c0b572db4d8d3ab7e97f368ff74e62347a824decb67a84e5224d75 -0ea56372696d81820758304284b5694ca6c0d2cf4789a0b95ac8025c818d -e52304364be7cd2981b2d2edc685b322277ec25819962413d8c9b2c1f564 -72656d3081820758302107bbe761fca52d95136a1354db7a4dd57b1b26be -0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a78647265 -6d3181820758302507bbe761fca52d95136a1354db7a4dd57b1b26be0d3d -a71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a786472656d32 -81820758303107bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d -9eb23986b34ba615abf6514cf35e5a9ea55a032d068a786472656d338182 -0758303507bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb2 -3986b34ba615abf6514cf35e5a9ea55a032d068a780381781a687474703a -2f2f61726d2e636f6d2f6363612f7265616c6d2f3104a200c11a61ce4800 -01c11a695467800581a3006941434d45204c74642e01d8206c61636d652e -6578616d706c65028101 -` + //go:embed test/corim/unsignedCorimCcaRealmComidCcaRealmInvalidClass.cbor + unsignedCorimCcaRealmComidCcaRealmInvalidClass []byte +) diff --git a/scheme/common/cca/platform/cca_ssd_extractor.go b/scheme/common/cca/platform/cca_ssd_extractor.go index 47e2b061..d11fe895 100644 --- a/scheme/common/cca/platform/cca_ssd_extractor.go +++ b/scheme/common/cca/platform/cca_ssd_extractor.go @@ -17,48 +17,58 @@ type CcaSsdExtractor struct { Scheme string } -func (o CcaSsdExtractor) RefValExtractor(rv comid.ReferenceValue) ([]*handler.Endorsement, error) { - var classAttrs platform.ClassAttributes +func (o CcaSsdExtractor) RefValExtractor(rvs comid.ValueTriples) ([]*handler.Endorsement, error) { + refVals := make([]*handler.Endorsement, 0, len(rvs.Values)) - if err := classAttrs.FromEnvironment(rv.Environment); err != nil { - return nil, fmt.Errorf("could not extract PSA class attributes: %w", err) - } + for i, rv := range rvs.Values { + var classAttrs platform.ClassAttributes + var refVal *handler.Endorsement + var err error + + if err := classAttrs.FromEnvironment(rv.Environment); err != nil { + return nil, fmt.Errorf("could not extract PSA class attributes: %w", err) + } - // Each measurement is encoded in a measurement-map of a CoMID - // reference-triple-record. Since a measurement-map can encode one or more - // measurements, a single reference-triple-record can carry as many - // measurements as needed, provided they belong to the same PSA RoT - // identified in the subject of the "reference value" triple. A single - // reference-triple-record SHALL completely describe the updatable PSA RoT. - refVals := make([]*handler.Endorsement, 0, len(rv.Measurements)) - var refVal *handler.Endorsement - var err error - for i, m := range rv.Measurements { - if m.Key == nil { + if rv.Measurement.Key == nil { return nil, fmt.Errorf("measurement key is not present") } - if !m.Key.IsSet() { + if !rv.Measurement.Key.IsSet() { return nil, fmt.Errorf("measurement key is not set") } // Check which MKey is present and then decide which extractor to invoke - switch m.Key.Type() { + switch rv.Measurement.Key.Type() { case comid.PSARefValIDType: var swCompAttrs platform.SwCompAttributes - refVal, err = o.extractMeasurement(&swCompAttrs, m, classAttrs) + refVal, err = o.extractMeasurement( + &swCompAttrs, + rv.Measurement, + classAttrs, + ) if err != nil { - return nil, fmt.Errorf("unable to extract measurement at index %d, %w", i, err) + return nil, fmt.Errorf( + "unable to extract measurement at index %d, %w", + i, + err, + ) } case comid.CCAPlatformConfigIDType: var ccaPlatformConfigID CCAPlatformConfigID - refVal, err = o.extractMeasurement(&ccaPlatformConfigID, m, classAttrs) + refVal, err = o.extractMeasurement( + &ccaPlatformConfigID, + rv.Measurement, + classAttrs, + ) if err != nil { return nil, fmt.Errorf("unable to extract measurement: %w", err) } default: - return nil, fmt.Errorf("unknown measurement key: %T", reflect.TypeOf(m.Key)) + return nil, fmt.Errorf( + "unknown measurement key: %T", + reflect.TypeOf(rv.Measurement.Key), + ) } refVals = append(refVals, refVal) } @@ -92,7 +102,7 @@ func (o CcaSsdExtractor) extractMeasurement( return &refVal, nil } -func (o CcaSsdExtractor) TaExtractor(avk comid.AttestVerifKey) (*handler.Endorsement, error) { +func (o CcaSsdExtractor) TaExtractor(avk comid.KeyTriple) (*handler.Endorsement, error) { // extract implementation ID var classAttrs platform.ClassAttributes if err := classAttrs.FromEnvironment(avk.Environment); err != nil { diff --git a/scheme/common/cca/realm/realm_extractor.go b/scheme/common/cca/realm/realm_extractor.go index f4856803..c9e55f89 100644 --- a/scheme/common/cca/realm/realm_extractor.go +++ b/scheme/common/cca/realm/realm_extractor.go @@ -14,31 +14,40 @@ type RealmExtractor struct { Scheme string } -func (o RealmExtractor) RefValExtractor(rv comid.ReferenceValue) ([]*handler.Endorsement, error) { - var classAttrs RealmClassAttributes - var instAttrs RealmInstanceAttributes - - if err := classAttrs.FromEnvironment(rv.Environment); err != nil { - return nil, fmt.Errorf("could not extract Realm class attributes: %w", err) - } - - if err := instAttrs.FromEnvironment(rv.Environment); err != nil { - return nil, fmt.Errorf("could not extract Realm instance attributes: %w", err) - } - +func (o RealmExtractor) RefValExtractor(rvs comid.ValueTriples) ([]*handler.Endorsement, error) { // Measurements are encoded in a measurement-map of a CoMID // reference-triple-record. For a Realm Instance, all the measurements // which comprise both the "RIM" & "REM" measurements are carried in an // integrity register - refVals := make([]*handler.Endorsement, 0, len(rv.Measurements)) + refVals := make([]*handler.Endorsement, 0, len(rvs.Values)) - var refVal *handler.Endorsement - for _, m := range rv.Measurements { + for _, rv := range rvs.Values { + var classAttrs RealmClassAttributes + var instAttrs RealmInstanceAttributes + var refVal *handler.Endorsement var rAttr RealmAttributes - if err := rAttr.FromMeasurement(m); err != nil { - return nil, fmt.Errorf("unable to extract realm reference attributes from measurement: %w", err) + + if err := classAttrs.FromEnvironment(rv.Environment); err != nil { + return nil, fmt.Errorf( + "could not extract Realm class attributes: %w", + err, + ) + } + + if err := instAttrs.FromEnvironment(rv.Environment); err != nil { + return nil, fmt.Errorf( + "could not extract Realm instance attributes: %w", + err, + ) + } + + if err := rAttr.FromMeasurement(rv.Measurement); err != nil { + return nil, fmt.Errorf( + "unable to extract realm reference attributes from measurement: %w", + err, + ) } - refAttrs, err := makeRefValAttrs(&classAttrs, &instAttrs, &rAttr) + refAttrs, err := makeRefValAttrs(&classAttrs, &rAttr) if err != nil { return nil, fmt.Errorf("unable to make reference attributes: %w", err) } @@ -58,9 +67,10 @@ func (o RealmExtractor) RefValExtractor(rv comid.ReferenceValue) ([]*handler.End return refVals, nil } -func makeRefValAttrs(cAttr *RealmClassAttributes, - iAttr *RealmInstanceAttributes, - rAttr *RealmAttributes) (json.RawMessage, error) { +func makeRefValAttrs( + cAttr *RealmClassAttributes, + rAttr *RealmAttributes, +) (json.RawMessage, error) { var attrs = map[string]interface{}{ "realm-initial-measurement": *rAttr.RIM, diff --git a/scheme/common/iextractor.go b/scheme/common/iextractor.go index 8160c5f2..777e3a99 100644 --- a/scheme/common/iextractor.go +++ b/scheme/common/iextractor.go @@ -18,7 +18,7 @@ import ( // well as extraction from the "global" CoRIM context. // See also https://github.com/veraison/services/issues/70 type IExtractor interface { - RefValExtractor(comid.ReferenceValue) ([]*handler.Endorsement, error) - TaExtractor(comid.AttestVerifKey) (*handler.Endorsement, error) + RefValExtractor(comid.ValueTriples) ([]*handler.Endorsement, error) + TaExtractor(comid.KeyTriple) (*handler.Endorsement, error) SetProfile(string) } diff --git a/scheme/common/scripts/gen-corim b/scheme/common/scripts/gen-corim new file mode 100755 index 00000000..9689922e --- /dev/null +++ b/scheme/common/scripts/gen-corim @@ -0,0 +1,21 @@ +#!/bin/bash +# Copyright 2024 Contributors to the Veraison project. +# SPDX-License-Identifier: Apache-2.0 +# This script constructs a CBOR CoRIM for use in test vectors, using supplied +# comid and corim json template and saves them in a file +# $1 directory into which the CoRIM should be generated; it must contain "src/" +# subdirectory with the templates specifie dby th use case. +# $2 file name for comid json template, example one of COMID_TEMPLATES +# $3 file name for corim json template, example CORIM_TEMPLATE +# $4 a qualifier for each cbor test vector name + +TEST_DIR=$1 +COMID=$2 +CORIM=$3 +QUALIFIER=$4 + +echo "generating test vector using $COMID $CORIM" +cocli comid create -t "$TEST_DIR/src/$COMID.json" -o "$TEST_DIR" +cocli corim create -m "$TEST_DIR/$COMID.cbor" -t "$TEST_DIR/src/$CORIM.json" \ + -o "$TEST_DIR/$QUALIFIER${CORIM^}${COMID^}.cbor" +rm "$TEST_DIR/$COMID.cbor" diff --git a/scheme/common/unsignedcorim_decoder.go b/scheme/common/unsignedcorim_decoder.go index 55adde1c..2baf0ae4 100644 --- a/scheme/common/unsignedcorim_decoder.go +++ b/scheme/common/unsignedcorim_decoder.go @@ -6,7 +6,6 @@ import ( "bytes" "errors" "fmt" - "strings" "github.com/veraison/corim/comid" "github.com/veraison/corim/corim" @@ -30,18 +29,8 @@ func UnsignedCorimDecoder( return nil, fmt.Errorf("invalid unsigned corim: %w", err) } - if uc.Profiles != nil { - // get the profile - if len(*uc.Profiles) > 1 { - var profiles []string - for _, p := range *uc.Profiles { - name, _ := p.Get() - profiles = append(profiles, name) - } - return nil, fmt.Errorf("found multiple profiles (expected exactly one): %s", strings.Join(profiles, ", ")) - } - p := (*uc.Profiles)[0] - profile, err := p.Get() + if uc.Profile != nil { + profile, err := uc.Profile.Get() if err != nil { return nil, fmt.Errorf("failed to get the profile information: %w", err) } @@ -78,15 +67,17 @@ func UnsignedCorimDecoder( } if c.Triples.ReferenceValues != nil { - for _, rv := range *c.Triples.ReferenceValues { - refVals, err := xtr.RefValExtractor(rv) - if err != nil { - return nil, fmt.Errorf("bad software component in CoMID at index %d: %w", i, err) - } + refVals, err := xtr.RefValExtractor(*c.Triples.ReferenceValues) + if err != nil { + return nil, fmt.Errorf( + "bad software component in CoMID at index %d: %w", + i, + err, + ) + } - for _, refVal := range refVals { - rsp.ReferenceValues = append(rsp.ReferenceValues, *refVal) - } + for _, refVal := range refVals { + rsp.ReferenceValues = append(rsp.ReferenceValues, *refVal) } } @@ -94,7 +85,11 @@ func UnsignedCorimDecoder( for _, avk := range *c.Triples.AttestVerifKeys { k, err := xtr.TaExtractor(avk) if err != nil { - return nil, fmt.Errorf("bad key in CoMID at index %d: %w", i, err) + return nil, fmt.Errorf( + "bad key in CoMID at index %d: %w", + i, + err, + ) } rsp.TrustAnchors = append(rsp.TrustAnchors, *k) diff --git a/scheme/parsec-cca/corim_test_vectors.go b/scheme/parsec-cca/corim_test_vectors.go index 8eef79a7..4a6a62ef 100644 --- a/scheme/parsec-cca/corim_test_vectors.go +++ b/scheme/parsec-cca/corim_test_vectors.go @@ -1,55 +1,14 @@ -// Copyright 2023 Contributors to the Veraison project. +// Copyright 2023-2024 Contributors to the Veraison project. // SPDX-License-Identifier: Apache-2.0 package parsec_cca -// automatically generated from: -// ComidParsecCcaRefValOne.json and corimParsecCca.json -var unsignedCorimComidParsecCcaRefValOne = ` -a600505c57e8f446cd421b91c908cf93e13cfc018158b4d901faa4006565 -6e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a3006941 -434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d70 -6c65028300010204a1008182a100a300d90258582061636d652d696d706c -656d656e746174696f6e2d69642d303030303030303031016441434d4502 -6a526f616452756e6e657281a200d9025a6a6366672076312e302e3001a1 -04d902305272617776616c75650a72617776616c75650a0281a200d82078 -4068747470733a2f2f706172656e742e6578616d706c652f72696d732f63 -636233616138352d363162342d343066312d383438652d30326164366538 -61323534620182015820e45b72f5c0c0b572db4d8d3ab7e97f368ff74e62 -347a824decb67a84e5224d750381782c7461673a6769746875622e636f6d -2f706172616c6c61787365636f6e642c323032332d30332d30333a636361 -04a200c11a61ce480001c11a695467800581a3006941434d45204c74642e -01d8206c61636d652e6578616d706c65028101 -` +import _ "embed" -// automatically generated from: -// ComidParsecCcaMultRefVal.json and corimParsecCca.json -var unsignedCorimComidParsecCcaMultRefVal = ` -a600505c57e8f446cd421b91c908cf93e13cfc018159022ed901faa40065 -656e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a30069 -41434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d -706c65028300010204a1008182a100a300d9025858207f454c4602010100 -000000000000000003003e00010000005058000000000000016441434d45 -026a526f616452756e6e657285a200d90259a30162424c0465332e342e32 -05582007060504030201000f0e0d0c0b0a090817161514131211101f1e1d -1c1b1a191801a102818201582007060504030201000f0e0d0c0b0a090817 -161514131211101f1e1d1c1b1a1918a200d90259a301624d310463312e32 -05582007060504030201000f0e0d0c0b0a090817161514131211101f1e1d -1c1b1a191801a102818201582007060504030201000f0e0d0c0b0a090817 -161514131211101f1e1d1c1b1a1918a200d90259a301624d320465312e32 -2e3305582007060504030201000f0e0d0c0b0a090817161514131211101f -1e1d1c1b1a191801a102818201582007060504030201000f0e0d0c0b0a09 -0817161514131211101f1e1d1c1b1a1918a200d90259a301624d33046131 -05582007060504030201000f0e0d0c0b0a090817161514131211101f1e1d -1c1b1a191801a102818201582007060504030201000f0e0d0c0b0a090817 -161514131211101f1e1d1c1b1a1918a200d9025a6a6366672076312e302e -3001a104d9023058210107060504030201000f0e0d0c0b0a090817161514 -131211101f1e1d1c1b1a19180281a200d820784068747470733a2f2f7061 -72656e742e6578616d706c652f72696d732f63636233616138352d363162 -342d343066312d383438652d3032616436653861323534620182015820e4 -5b72f5c0c0b572db4d8d3ab7e97f368ff74e62347a824decb67a84e5224d -750381782c7461673a6769746875622e636f6d2f706172616c6c61787365 -636f6e642c323032332d30332d30333a63636104a200c11a61ce480001c1 -1a695467800581a3006941434d45204c74642e01d8206c61636d652e6578 -616d706c65028101 -` +var ( + //go:embed test/corim/unsignedCorimParsecCcaComidParsecCcaRefValOne.cbor + unsignedCorimComidParsecCcaRefValOne []byte + + //go:embed test/corim/unsignedCorimParsecCcaComidParsecCcaMultRefVal.cbor + unsignedCorimComidParsecCcaMultRefVal []byte +) diff --git a/scheme/parsec-cca/endorsement_handler_test.go b/scheme/parsec-cca/endorsement_handler_test.go index d44da569..59a38a20 100644 --- a/scheme/parsec-cca/endorsement_handler_test.go +++ b/scheme/parsec-cca/endorsement_handler_test.go @@ -6,11 +6,10 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/veraison/corim/comid" ) func TestDecoder_Decode_OK(t *testing.T) { - tvs := []string{ + tvs := [][]byte{ unsignedCorimComidParsecCcaRefValOne, unsignedCorimComidParsecCcaMultRefVal, } @@ -18,8 +17,7 @@ func TestDecoder_Decode_OK(t *testing.T) { d := &EndorsementHandler{} for _, tv := range tvs { - data := comid.MustHexDecode(t, tv) - _, err := d.Decode(data) + _, err := d.Decode(tv) assert.NoError(t, err) } } diff --git a/scheme/parsec-cca/parsec_cca_extractor.go b/scheme/parsec-cca/parsec_cca_extractor.go index c6dc35d5..cb052eb3 100644 --- a/scheme/parsec-cca/parsec_cca_extractor.go +++ b/scheme/parsec-cca/parsec_cca_extractor.go @@ -14,15 +14,17 @@ type ParsecCcaExtractor struct { Profile string } -func (o ParsecCcaExtractor) RefValExtractor(rv comid.ReferenceValue) ([]*handler.Endorsement, error) { +func (o ParsecCcaExtractor) RefValExtractor( + rvs comid.ValueTriples, +) ([]*handler.Endorsement, error) { if o.Profile != "tag:github.com/parallaxsecond,2023-03-03:cca" { return nil, fmt.Errorf("invalid profile: %s for scheme PARSEC_CCA", o.Profile) } subScheme := &platform.CcaSsdExtractor{} - return subScheme.RefValExtractor(rv) + return subScheme.RefValExtractor(rvs) } -func (o ParsecCcaExtractor) TaExtractor(avk comid.AttestVerifKey) (*handler.Endorsement, error) { +func (o ParsecCcaExtractor) TaExtractor(avk comid.KeyTriple) (*handler.Endorsement, error) { if o.Profile != "tag:github.com/parallaxsecond,2023-03-03:cca" { return nil, fmt.Errorf("invalid profile: %s for scheme PARSEC_CCA", o.Profile) } diff --git a/scheme/parsec-cca/test/corim/ComidParsecCcaMultRefVal.json b/scheme/parsec-cca/test/corim/ComidParsecCcaMultRefVal.json deleted file mode 100644 index 7cdf68a1..00000000 --- a/scheme/parsec-cca/test/corim/ComidParsecCcaMultRefVal.json +++ /dev/null @@ -1,108 +0,0 @@ -{ - "lang": "en-GB", - "tag-identity": { - "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", - "version": 0 - }, - "entities": [ - { - "name": "ACME Ltd.", - "regid": "https://acme.example", - "roles": [ - "tagCreator", - "creator", - "maintainer" - ] - } - ], - "triples": { - "reference-values": [ - { - "environment": { - "class": { - "id": { - "type": "psa.impl-id", - "value": "f0VMRgIBAQAAAAAAAAAAAAMAPgABAAAAUFgAAAAAAAA=" - }, - "vendor": "ACME", - "model": "RoadRunner" - } - }, - "measurements": [ - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "3.4.2", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } - }, - "value": { - "digests": [ - "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] - } - }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M1", - "version": "1.2", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } - }, - "value": { - "digests": [ - "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] - } - }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M2", - "version": "1.2.3", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } - }, - "value": { - "digests": [ - "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] - } - }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M3", - "version": "1", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } - }, - "value": { - "digests": [ - "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] - } - }, - { - "key": { - "type": "cca.platform-config-id", - "value": "cfg v1.0.0" - }, - "value": { - "raw-value": { - "type": "bytes", - "value": "AQcGBQQDAgEADw4NDAsKCQgXFhUUExIREB8eHRwbGhkY" - } - } - } - ] - } - ] - } - } \ No newline at end of file diff --git a/scheme/parsec-cca/test/corim/Makefile b/scheme/parsec-cca/test/corim/Makefile deleted file mode 100644 index 104ebcfc..00000000 --- a/scheme/parsec-cca/test/corim/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -OUTPUT := ../../corim_test_vectors.go - -DEPS := $(wildcard Comid*.json) - -all: $(OUTPUT) - -$(OUTPUT): $(DEPS) - env TV_DOT_GO=$(OUTPUT) ./build-test-vectors.sh - -clean: ; $(RM) -f *.cbor \ No newline at end of file diff --git a/scheme/parsec-cca/test/corim/build-test-vectors.sh b/scheme/parsec-cca/test/corim/build-test-vectors.sh index 684d5954..839baf6a 100755 --- a/scheme/parsec-cca/test/corim/build-test-vectors.sh +++ b/scheme/parsec-cca/test/corim/build-test-vectors.sh @@ -1,41 +1,23 @@ #!/bin/bash -# Copyright 2022-2023 Contributors to the Veraison project. +# Copyright 2022-2024 Contributors to the Veraison project. # SPDX-License-Identifier: Apache-2.0 set -eu set -o pipefail -# function generate_go_test_vector constructs CBOR test vector using -# supplied comid and corim json template and saves them in a file -# $1 file name for comid json template, example one of COMID_TEMPLATES -# $2 file name for corim json template, example CORIM_TEMPLATE -# $3 a qualifier for each cbor test vector name -# $4 name of the file where the generated CBOR test vectors are aggregated -generate_go_test_vector () { - echo "generating test vector using $1 $2" - cocli comid create -t $1.json - cocli corim create -m $1.cbor -t $2 -o corim$1.cbor - echo "// automatically generated from:" >> $4 - echo "// $1.json and $2" >> $4 - echo "var $3$1 = "'`' >> $4 - cat corim$1.cbor | xxd -p >> $4 - echo '`' >> $4 -} +THIS_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +GEN_CORIM="$THIS_DIR/../../../common/scripts/gen-corim" -CORIM_TEMPLATE="corimParsecCca.json" +CORIM_TEMPLATE=corimParsecCca -COMID_TEMPLATES= -COMID_TEMPLATES="${COMID_TEMPLATES} ComidParsecCcaRefValOne" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidParsecCcaMultRefVal" +COMID_TEMPLATES=( + ComidParsecCcaRefValOne + ComidParsecCcaMultRefVal +) - -TV_DOT_GO=${TV_DOT_GO?must be set in the environment.} - -printf "package parsec_cca\n\n" > ${TV_DOT_GO} - -for t in ${COMID_TEMPLATES} +for comid in "${COMID_TEMPLATES[@]}" do - generate_go_test_vector $t $CORIM_TEMPLATE "unsignedCorim" $TV_DOT_GO + "$GEN_CORIM" "$THIS_DIR" "$comid" "$CORIM_TEMPLATE" "unsigned" done -gofmt -w $TV_DOT_GO +echo "done" diff --git a/scheme/parsec-cca/test/corim/src/ComidParsecCcaMultRefVal.json b/scheme/parsec-cca/test/corim/src/ComidParsecCcaMultRefVal.json new file mode 100644 index 00000000..4913c8c5 --- /dev/null +++ b/scheme/parsec-cca/test/corim/src/ComidParsecCcaMultRefVal.json @@ -0,0 +1,154 @@ +{ + "lang": "en-GB", + "tag-identity": { + "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", + "version": 0 + }, + "entities": [ + { + "name": "ACME Ltd.", + "regid": "https://acme.example", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "f0VMRgIBAQAAAAAAAAAAAAMAPgABAAAAUFgAAAAAAAA=" + }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", + "value": { + "label": "BL", + "version": "3.4.2", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + } + }, + "value": { + "digests": [ + "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "f0VMRgIBAQAAAAAAAAAAAAMAPgABAAAAUFgAAAAAAAA=" + }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", + "value": { + "label": "M1", + "version": "1.2", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + } + }, + "value": { + "digests": [ + "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "f0VMRgIBAQAAAAAAAAAAAAMAPgABAAAAUFgAAAAAAAA=" + }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", + "value": { + "label": "M2", + "version": "1.2.3", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + } + }, + "value": { + "digests": [ + "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "f0VMRgIBAQAAAAAAAAAAAAMAPgABAAAAUFgAAAAAAAA=" + }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", + "value": { + "label": "M3", + "version": "1", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + } + }, + "value": { + "digests": [ + "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "f0VMRgIBAQAAAAAAAAAAAAMAPgABAAAAUFgAAAAAAAA=" + }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "cca.platform-config-id", + "value": "cfg v1.0.0" + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "AQcGBQQDAgEADw4NDAsKCQgXFhUUExIREB8eHRwbGhkY" + } + } + } + } + ] + } + } diff --git a/scheme/parsec-cca/test/corim/ComidParsecCcaRefValOne.json b/scheme/parsec-cca/test/corim/src/ComidParsecCcaRefValOne.json similarity index 67% rename from scheme/parsec-cca/test/corim/ComidParsecCcaRefValOne.json rename to scheme/parsec-cca/test/corim/src/ComidParsecCcaRefValOne.json index c24561ee..440d3c38 100644 --- a/scheme/parsec-cca/test/corim/ComidParsecCcaRefValOne.json +++ b/scheme/parsec-cca/test/corim/src/ComidParsecCcaRefValOne.json @@ -28,21 +28,19 @@ "model": "RoadRunner" } }, - "measurements": [ - { - "key": { - "type": "cca.platform-config-id", - "value": "cfg v1.0.0" - }, - "value": { - "raw-value": { - "type": "bytes", - "value": "cmF3dmFsdWUKcmF3dmFsdWUK" - } + "measurement": { + "key": { + "type": "cca.platform-config-id", + "value": "cfg v1.0.0" + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "cmF3dmFsdWUKcmF3dmFsdWUK" } } - ] + } } ] } - } \ No newline at end of file + } diff --git a/scheme/parsec-cca/test/corim/corimParsecCca.json b/scheme/parsec-cca/test/corim/src/corimParsecCca.json similarity index 86% rename from scheme/parsec-cca/test/corim/corimParsecCca.json rename to scheme/parsec-cca/test/corim/src/corimParsecCca.json index 44e84c4e..9796f95a 100644 --- a/scheme/parsec-cca/test/corim/corimParsecCca.json +++ b/scheme/parsec-cca/test/corim/src/corimParsecCca.json @@ -6,9 +6,7 @@ "thumbprint": "sha-256:5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXU=" } ], - "profiles": [ - "tag:github.com/parallaxsecond,2023-03-03:cca" - ], + "profile": "tag:github.com/parallaxsecond,2023-03-03:cca", "validity": { "not-before": "2021-12-31T00:00:00Z", "not-after": "2025-12-31T00:00:00Z" @@ -22,4 +20,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/scheme/parsec-cca/test/corim/unsignedCorimParsecCcaComidParsecCcaMultRefVal.cbor b/scheme/parsec-cca/test/corim/unsignedCorimParsecCcaComidParsecCcaMultRefVal.cbor new file mode 100644 index 00000000..9758a451 Binary files /dev/null and b/scheme/parsec-cca/test/corim/unsignedCorimParsecCcaComidParsecCcaMultRefVal.cbor differ diff --git a/scheme/parsec-cca/test/corim/unsignedCorimParsecCcaComidParsecCcaRefValOne.cbor b/scheme/parsec-cca/test/corim/unsignedCorimParsecCcaComidParsecCcaRefValOne.cbor new file mode 100644 index 00000000..1ab37cd4 Binary files /dev/null and b/scheme/parsec-cca/test/corim/unsignedCorimParsecCcaComidParsecCcaRefValOne.cbor differ diff --git a/scheme/parsec-tpm/corim_extractor.go b/scheme/parsec-tpm/corim_extractor.go index df7eb2df..5958ae18 100644 --- a/scheme/parsec-tpm/corim_extractor.go +++ b/scheme/parsec-tpm/corim_extractor.go @@ -16,23 +16,26 @@ import ( type CorimExtractor struct{ Profile string } func (o CorimExtractor) RefValExtractor( - rv comid.ReferenceValue, + rvs comid.ValueTriples, ) ([]*handler.Endorsement, error) { - var id ID + refVals := make([]*handler.Endorsement, 0, len(rvs.Values)) - if err := id.FromEnvironment(rv.Environment); err != nil { - return nil, fmt.Errorf("could not extract id from ref-val environment: %w", err) - } + for i, rv := range rvs.Values { + var id ID - rvs := make([]*handler.Endorsement, 0, len(rv.Measurements)) + if err := id.FromEnvironment(rv.Environment); err != nil { + return nil, fmt.Errorf( + "could not extract id from ref-val environment: %w", + err, + ) + } - for i, m := range rv.Measurements { - pcr, err := extractPCR(m) + pcr, err := extractPCR(rv.Measurement) if err != nil { return nil, fmt.Errorf("could not extract PCR: %w", err) } - digests, err := extractDigests(m) + digests, err := extractDigests(rv.Measurement) if err != nil { return nil, fmt.Errorf("measurement[%d]: %w", i, err) } @@ -49,19 +52,19 @@ func (o CorimExtractor) RefValExtractor( Attributes: attrs, } - rvs = append(rvs, rv) + refVals = append(refVals, rv) } } - if len(rvs) == 0 { + if len(refVals) == 0 { return nil, fmt.Errorf("no measurements found") } - return rvs, nil + return refVals, nil } func (o CorimExtractor) TaExtractor( - avk comid.AttestVerifKey, + avk comid.KeyTriple, ) (*handler.Endorsement, error) { var id ID diff --git a/scheme/parsec-tpm/corim_test_vectors.go b/scheme/parsec-tpm/corim_test_vectors.go index 7335416d..bbd74b20 100644 --- a/scheme/parsec-tpm/corim_test_vectors.go +++ b/scheme/parsec-tpm/corim_test_vectors.go @@ -2,220 +2,42 @@ // SPDX-License-Identifier: Apache-2.0 package parsec_tpm -// automatically generated from: -// ComidParsecTpmKeyGood.json and corimMini.json -var unsignedCorimComidParsecTpmKeyGood = ` -a30050b3ec060e2a5b4bc28f711dab08ce5be90181590147d901faa301a1 -0050eee06f93e9824dbc9585620a816c2e590281a3006650617273656301 -d820782168747470733a2f2f6769746875622e636f6d2f706172616c6c61 -787365636f6e64028300010204a1028182a200a100d82550cd1f0e5526f9 -460db9d8f7fde171787c01d9022658210100000000000000000000000000 -0000000000000000000000000000000000000081d9022a78b02d2d2d2d2d -424547494e205055424c4943204b45592d2d2d2d2d0a4d466b7745775948 -4b6f5a497a6a3043415159494b6f5a497a6a30444151634451674145544b -5246452f527753586f6f493844646174504f59672f75694b6d3258727454 -2f75454d457671515a72774a484863667730633357567a476f714c33592f -5136786b48466664555671533257576b50644b4f303375773d3d0a2d2d2d -2d2d454e44205055424c4943204b45592d2d2d2d2d0381782c7461673a67 -69746875622e636f6d2f706172616c6c61787365636f6e642c323032332d -30332d30333a74706d -` +import _ "embed" -// automatically generated from: -// ComidParsecTpmKeyNoClass.json and corimMini.json -var unsignedCorimComidParsecTpmKeyNoClass = ` -a30050b3ec060e2a5b4bc28f711dab08ce5be90181590131d901faa301a1 -0050eee06f93e9824dbc9585620a816c2e590281a3006650617273656301 -d820782168747470733a2f2f6769746875622e636f6d2f706172616c6c61 -787365636f6e64028300010204a1028182a101d902265821010000000000 -00000000000000000000000000000000000000000000000000000081d902 -2a78b02d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a -4d466b77457759484b6f5a497a6a3043415159494b6f5a497a6a30444151 -634451674145544b5246452f527753586f6f493844646174504f59672f75 -694b6d32587274542f75454d457671515a72774a48486366773063335756 -7a476f714c33592f5136786b48466664555671533257576b50644b4f3033 -75773d3d0a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d03 -81782c7461673a6769746875622e636f6d2f706172616c6c61787365636f -6e642c323032332d30332d30333a74706d -` +var ( + //go:embed test/corim/unsignedCorimMiniComidParsecTpmKeyGood.cbor + unsignedCorimComidParsecTpmKeyGood []byte -// automatically generated from: -// ComidParsecTpmKeyNoClassId.json and corimMini.json -var unsignedCorimComidParsecTpmKeyNoClassId = ` -a30050b3ec060e2a5b4bc28f711dab08ce5be9018159013ed901faa301a1 -0050eee06f93e9824dbc9585620a816c2e590281a3006650617273656301 -d820782168747470733a2f2f6769746875622e636f6d2f706172616c6c61 -787365636f6e64028300010204a1028182a200a1016941434d4520496e63 -2e01d9022658210100000000000000000000000000000000000000000000 -0000000000000000000081d9022a78b02d2d2d2d2d424547494e20505542 -4c4943204b45592d2d2d2d2d0a4d466b77457759484b6f5a497a6a304341 -5159494b6f5a497a6a30444151634451674145544b5246452f527753586f -6f493844646174504f59672f75694b6d32587274542f75454d457671515a -72774a484863667730633357567a476f714c33592f5136786b4846666455 -5671533257576b50644b4f303375773d3d0a2d2d2d2d2d454e4420505542 -4c4943204b45592d2d2d2d2d0381782c7461673a6769746875622e636f6d -2f706172616c6c61787365636f6e642c323032332d30332d30333a74706d -` + //go:embed test/corim/unsignedCorimMiniComidParsecTpmKeyNoClass.cbor + unsignedCorimComidParsecTpmKeyNoClass []byte -// automatically generated from: -// ComidParsecTpmKeyNoInstance.json and corimMini.json -var unsignedCorimComidParsecTpmKeyNoInstance = ` -a30050b3ec060e2a5b4bc28f711dab08ce5be90181590120d901faa301a1 -0050eee06f93e9824dbc9585620a816c2e590281a3006650617273656301 -d820782168747470733a2f2f6769746875622e636f6d2f706172616c6c61 -787365636f6e64028300010204a1028182a100a100d82550cd1f0e5526f9 -460db9d8f7fde171787c81d9022a78b02d2d2d2d2d424547494e20505542 -4c4943204b45592d2d2d2d2d0a4d466b77457759484b6f5a497a6a304341 -5159494b6f5a497a6a30444151634451674145544b5246452f527753586f -6f493844646174504f59672f75694b6d32587274542f75454d457671515a -72774a484863667730633357567a476f714c33592f5136786b4846666455 -5671533257576b50644b4f303375773d3d0a2d2d2d2d2d454e4420505542 -4c4943204b45592d2d2d2d2d0381782c7461673a6769746875622e636f6d -2f706172616c6c61787365636f6e642c323032332d30332d30333a74706d -` + //go:embed test/corim/unsignedCorimMiniComidParsecTpmKeyNoClassId.cbor + unsignedCorimComidParsecTpmKeyNoClassId []byte -// automatically generated from: -// ComidParsecTpmKeyUnknownClassIdType.json and corimMini.json -var unsignedCorimComidParsecTpmKeyUnknownClassIdType = ` -a30050b3ec060e2a5b4bc28f711dab08ce5be9018159013ad901faa301a1 -0050eee06f93e9824dbc9585620a816c2e590281a3006650617273656301 -d820782168747470733a2f2f6769746875622e636f6d2f706172616c6c61 -787365636f6e64028300010204a1028182a200a100d86f432a030401d902 -265821010000000000000000000000000000000000000000000000000000 -00000000000081d9022a78b02d2d2d2d2d424547494e205055424c494320 -4b45592d2d2d2d2d0a4d466b77457759484b6f5a497a6a3043415159494b -6f5a497a6a30444151634451674145544b5246452f527753586f6f493844 -646174504f59672f75694b6d32587274542f75454d457671515a72774a48 -4863667730633357567a476f714c33592f5136786b484666645556715332 -57576b50644b4f303375773d3d0a2d2d2d2d2d454e44205055424c494320 -4b45592d2d2d2d2d0381782c7461673a6769746875622e636f6d2f706172 -616c6c61787365636f6e642c323032332d30332d30333a74706d -` + //go:embed test/corim/unsignedCorimMiniComidParsecTpmKeyNoInstance.cbor + unsignedCorimComidParsecTpmKeyNoInstance []byte -// automatically generated from: -// ComidParsecTpmKeyUnknownInstanceType.json and corimMini.json -var unsignedCorimComidParsecTpmKeyUnknownInstanceType = ` -a30050b3ec060e2a5b4bc28f711dab08ce5be90181590134d901faa301a1 -0050eee06f93e9824dbc9585620a816c2e590281a3006650617273656301 -d820782168747470733a2f2f6769746875622e636f6d2f706172616c6c61 -787365636f6e64028300010204a1028182a200a100d82550cd1f0e5526f9 -460db9d8f7fde171787c01d82550764431270d1043d09d76d2ff094d0faf -81d9022a78b02d2d2d2d2d424547494e205055424c4943204b45592d2d2d -2d2d0a4d466b77457759484b6f5a497a6a3043415159494b6f5a497a6a30 -444151634451674145544b5246452f527753586f6f493844646174504f59 -672f75694b6d32587274542f75454d457671515a72774a48486366773063 -3357567a476f714c33592f5136786b48466664555671533257576b50644b -4f303375773d3d0a2d2d2d2d2d454e44205055424c4943204b45592d2d2d -2d2d0381782c7461673a6769746875622e636f6d2f706172616c6c617873 -65636f6e642c323032332d30332d30333a74706d -` + //go:embed test/corim/unsignedCorimMiniComidParsecTpmKeyUnknownClassIdType.cbor + unsignedCorimComidParsecTpmKeyUnknownClassIdType []byte -// automatically generated from: -// ComidParsecTpmKeyManyKeys.json and corimMini.json -var unsignedCorimComidParsecTpmKeyManyKeys = ` -a30050b3ec060e2a5b4bc28f711dab08ce5be901815901fcd901faa301a1 -0050eee06f93e9824dbc9585620a816c2e590281a3006650617273656301 -d820782168747470733a2f2f6769746875622e636f6d2f706172616c6c61 -787365636f6e64028300010204a1028182a200a100d82550cd1f0e5526f9 -460db9d8f7fde171787c01d9022658210100000000000000000000000000 -0000000000000000000000000000000000000082d9022a78b02d2d2d2d2d -424547494e205055424c4943204b45592d2d2d2d2d0a4d466b7745775948 -4b6f5a497a6a3043415159494b6f5a497a6a30444151634451674145544b -5246452f527753586f6f493844646174504f59672f75694b6d3258727454 -2f75454d457671515a72774a484863667730633357567a476f714c33592f -5136786b48466664555671533257576b50644b4f303375773d3d0a2d2d2d -2d2d454e44205055424c4943204b45592d2d2d2d2dd9022a78b02d2d2d2d -2d424547494e205055424c4943204b45592d2d2d2d2d0a4d466b77457759 -484b6f5a497a6a3043415159494b6f5a497a6a3044415163445167414554 -4b5246452f527753586f6f493844646174504f59672f75694b6d32587274 -542f75454d457671515a72774a484863667730633357567a476f714c3359 -2f5136786b48466664555671533257576b50644b4f303375773d3d0a2d2d -2d2d2d454e44205055424c4943204b45592d2d2d2d2d0381782c7461673a -6769746875622e636f6d2f706172616c6c61787365636f6e642c32303233 -2d30332d30333a74706d -` + //go:embed test/corim/unsignedCorimMiniComidParsecTpmKeyUnknownInstanceType.cbor + unsignedCorimComidParsecTpmKeyUnknownInstanceType []byte -// automatically generated from: -// ComidParsecTpmPcrsGood.json and corimMini.json -var unsignedCorimComidParsecTpmPcrsGood = ` -a30050b3ec060e2a5b4bc28f711dab08ce5be90181590129d901faa301a1 -00509901922457aa44bcbef8d36bdd6bd0350281a3006650617273656301 -d820782168747470733a2f2f6769746875622e636f6d2f706172616c6c61 -787365636f6e64028300010204a1008182a100a100d82550cd1f0e5526f9 -460db9d8f7fde171787c82a2000001a102828201582087428fc522803d31 -065e7bce3cf03fe475096631e5e07bbd7a0fde60c4cf25c7820758304284 -b5694ca6c0d2cf4789a0b95ac8025c818de52304364be7cd2981b2d2edc6 -85b322277ec25819962413d8c9b2c1f5a2000101a1028282015820aea837 -b88e320abcd476f5839952d5e1a612c0e4a225cb9205d20071e6c3774582 -0758302107bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb2 -3986b34ba615abf6514cf35e5a9ea55a032d068a780381782c7461673a67 -69746875622e636f6d2f706172616c6c61787365636f6e642c323032332d -30332d30333a74706d -` + //go:embed test/corim/unsignedCorimMiniComidParsecTpmKeyManyKeys.cbor + unsignedCorimComidParsecTpmKeyManyKeys []byte -// automatically generated from: -// ComidParsecTpmPcrsNoClass.json and corimMini.json -var unsignedCorimComidParsecTpmPcrsNoClass = ` -a30050b3ec060e2a5b4bc28f711dab08ce5be9018159013ad901faa301a1 -00509901922457aa44bcbef8d36bdd6bd0350281a3006650617273656301 -d820782168747470733a2f2f6769746875622e636f6d2f706172616c6c61 -787365636f6e64028300010204a1008182a101d902265821010000000000 -00000000000000000000000000000000000000000000000000000082a200 -0001a102828201582087428fc522803d31065e7bce3cf03fe475096631e5 -e07bbd7a0fde60c4cf25c7820758304284b5694ca6c0d2cf4789a0b95ac8 -025c818de52304364be7cd2981b2d2edc685b322277ec25819962413d8c9 -b2c1f5a2000101a1028282015820aea837b88e320abcd476f5839952d5e1 -a612c0e4a225cb9205d20071e6c37745820758302107bbe761fca52d9513 -6a1354db7a4dd57b1b26be0d3da71d9eb23986b34ba615abf6514cf35e5a -9ea55a032d068a780381782c7461673a6769746875622e636f6d2f706172 -616c6c61787365636f6e642c323032332d30332d30333a74706d -` + //go:embed test/corim/unsignedCorimMiniComidParsecTpmPcrsGood.cbor + unsignedCorimComidParsecTpmPcrsGood []byte -// automatically generated from: -// ComidParsecTpmPcrsNoPCR.json and corimMini.json -var unsignedCorimComidParsecTpmPcrsNoPCR = ` -a30050b3ec060e2a5b4bc28f711dab08ce5be90181590125d901faa301a1 -00509901922457aa44bcbef8d36bdd6bd0350281a3006650617273656301 -d820782168747470733a2f2f6769746875622e636f6d2f706172616c6c61 -787365636f6e64028300010204a1008182a100a100d82550cd1f0e5526f9 -460db9d8f7fde171787c82a101a102828201582087428fc522803d31065e -7bce3cf03fe475096631e5e07bbd7a0fde60c4cf25c7820758304284b569 -4ca6c0d2cf4789a0b95ac8025c818de52304364be7cd2981b2d2edc685b3 -22277ec25819962413d8c9b2c1f5a101a1028282015820aea837b88e320a -bcd476f5839952d5e1a612c0e4a225cb9205d20071e6c377458207583021 -07bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb23986b34b -a615abf6514cf35e5a9ea55a032d068a780381782c7461673a6769746875 -622e636f6d2f706172616c6c61787365636f6e642c323032332d30332d30 -333a74706d -` + //go:embed test/corim/unsignedCorimMiniComidParsecTpmPcrsNoClass.cbor + unsignedCorimComidParsecTpmPcrsNoClass []byte -// automatically generated from: -// ComidParsecTpmPcrsUnknownPCRType.json and corimMini.json -var unsignedCorimComidParsecTpmPcrsUnknownPCRType = ` -a30050b3ec060e2a5b4bc28f711dab08ce5be9018159014dd901faa301a1 -00509901922457aa44bcbef8d36bdd6bd0350281a3006650617273656301 -d820782168747470733a2f2f6769746875622e636f6d2f706172616c6c61 -787365636f6e64028300010204a1008182a100a100d82550cd1f0e5526f9 -460db9d8f7fde171787c82a200d8255030688a7022f849668e528be779dc -57ba01a102828201582087428fc522803d31065e7bce3cf03fe475096631 -e5e07bbd7a0fde60c4cf25c7820758304284b5694ca6c0d2cf4789a0b95a -c8025c818de52304364be7cd2981b2d2edc685b322277ec25819962413d8 -c9b2c1f5a200d8255094152a5991e344c8b75ebe7f777a11bf01a1028282 -015820aea837b88e320abcd476f5839952d5e1a612c0e4a225cb9205d200 -71e6c37745820758302107bbe761fca52d95136a1354db7a4dd57b1b26be -0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a78038178 -2c7461673a6769746875622e636f6d2f706172616c6c61787365636f6e64 -2c323032332d30332d30333a74706d -` + //go:embed test/corim/unsignedCorimMiniComidParsecTpmPcrsNoPCR.cbor + unsignedCorimComidParsecTpmPcrsNoPCR []byte -// automatically generated from: -// ComidParsecTpmPcrsNoDigests.json and corimMini.json -var unsignedCorimComidParsecTpmPcrsNoDigests = ` -a30050b3ec060e2a5b4bc28f711dab08ce5be901815876d901faa301a100 -509901922457aa44bcbef8d36bdd6bd0350281a3006650617273656301d8 -20782168747470733a2f2f6769746875622e636f6d2f706172616c6c6178 -7365636f6e64028300010204a1008182a100a100d82550cd1f0e5526f946 -0db9d8f7fde171787c81a2000001a10864313233340381782c7461673a67 -69746875622e636f6d2f706172616c6c61787365636f6e642c323032332d -30332d30333a74706d -` + //go:embed test/corim/unsignedCorimMiniComidParsecTpmPcrsUnknownPCRType.cbor + unsignedCorimComidParsecTpmPcrsUnknownPCRType []byte + + //go:embed test/corim/unsignedCorimMiniComidParsecTpmPcrsNoDigests.cbor + unsignedCorimComidParsecTpmPcrsNoDigests []byte +) diff --git a/scheme/parsec-tpm/endorsement_handler_test.go b/scheme/parsec-tpm/endorsement_handler_test.go index 1f08bf51..d34f9b0c 100644 --- a/scheme/parsec-tpm/endorsement_handler_test.go +++ b/scheme/parsec-tpm/endorsement_handler_test.go @@ -6,11 +6,10 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/veraison/corim/comid" ) func TestDecoder_Decode_OK(t *testing.T) { - tvs := []string{ + tvs := [][]byte{ unsignedCorimComidParsecTpmKeyGood, unsignedCorimComidParsecTpmPcrsGood, } @@ -18,8 +17,7 @@ func TestDecoder_Decode_OK(t *testing.T) { d := &EndorsementHandler{} for _, tv := range tvs { - data := comid.MustHexDecode(t, tv) - _, err := d.Decode(data) + _, err := d.Decode(tv) assert.NoError(t, err) } } @@ -27,7 +25,7 @@ func TestDecoder_Decode_OK(t *testing.T) { func TestDecoder_Decode_negative_tests(t *testing.T) { tvs := []struct { desc string - input string + input []byte expectedErr string }{ { @@ -83,10 +81,11 @@ func TestDecoder_Decode_negative_tests(t *testing.T) { } for _, tv := range tvs { - data := comid.MustHexDecode(t, tv.input) - d := &EndorsementHandler{} - _, err := d.Decode(data) - assert.EqualError(t, err, tv.expectedErr) + t.Run(tv.desc, func(t *testing.T) { + d := &EndorsementHandler{} + _, err := d.Decode(tv.input) + assert.EqualError(t, err, tv.expectedErr) + }) } } diff --git a/scheme/parsec-tpm/test/corim/ComidParsecTpmPcrsGood.json b/scheme/parsec-tpm/test/corim/ComidParsecTpmPcrsGood.json deleted file mode 100644 index 9ea67cc5..00000000 --- a/scheme/parsec-tpm/test/corim/ComidParsecTpmPcrsGood.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "tag-identity": { - "id": "99019224-57AA-44BC-BEF8-D36BDD6BD035" - }, - "entities": [ - { - "name": "Parsec", - "regid": "https://github.com/parallaxsecond", - "roles": [ - "tagCreator", - "creator", - "maintainer" - ] - } - ], - "triples": { - "reference-values": [ - { - "environment": { - "class": { - "id": { - "type": "uuid", - "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" - } - } - }, - "measurements": [ - { - "key": { - "type": "uint", - "value": 0 - }, - "value": { - "digests": [ - "sha-256;h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=", - "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" - ] - } - }, - { - "key": { - "type": "uint", - "value": 1 - }, - "value": { - "digests": [ - "sha-256;rqg3uI4yCrzUdvWDmVLV4aYSwOSiJcuSBdIAcebDd0U=", - "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - } - } - ] - } - ] - } -} diff --git a/scheme/parsec-tpm/test/corim/ComidParsecTpmPcrsNoClass.json b/scheme/parsec-tpm/test/corim/ComidParsecTpmPcrsNoClass.json deleted file mode 100644 index a7044203..00000000 --- a/scheme/parsec-tpm/test/corim/ComidParsecTpmPcrsNoClass.json +++ /dev/null @@ -1,54 +0,0 @@ -{ - "tag-identity": { - "id": "99019224-57AA-44BC-BEF8-D36BDD6BD035" - }, - "entities": [ - { - "name": "Parsec", - "regid": "https://github.com/parallaxsecond", - "roles": [ - "tagCreator", - "creator", - "maintainer" - ] - } - ], - "triples": { - "reference-values": [ - { - "environment": { - "instance": { - "type": "ueid", - "value": "AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" - } - }, - "measurements": [ - { - "key": { - "type": "uint", - "value": 0 - }, - "value": { - "digests": [ - "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=", - "sha-384:QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" - ] - } - }, - { - "key": { - "type": "uint", - "value": 1 - }, - "value": { - "digests": [ - "sha-256:rqg3uI4yCrzUdvWDmVLV4aYSwOSiJcuSBdIAcebDd0U=", - "sha-384:IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - } - } - ] - } - ] - } -} \ No newline at end of file diff --git a/scheme/parsec-tpm/test/corim/ComidParsecTpmPcrsNoPCR.json b/scheme/parsec-tpm/test/corim/ComidParsecTpmPcrsNoPCR.json deleted file mode 100644 index 21279bd3..00000000 --- a/scheme/parsec-tpm/test/corim/ComidParsecTpmPcrsNoPCR.json +++ /dev/null @@ -1,48 +0,0 @@ -{ - "tag-identity": { - "id": "99019224-57AA-44BC-BEF8-D36BDD6BD035" - }, - "entities": [ - { - "name": "Parsec", - "regid": "https://github.com/parallaxsecond", - "roles": [ - "tagCreator", - "creator", - "maintainer" - ] - } - ], - "triples": { - "reference-values": [ - { - "environment": { - "class": { - "id": { - "type": "uuid", - "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" - } - } - }, - "measurements": [ - { - "value": { - "digests": [ - "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=", - "sha-384:QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" - ] - } - }, - { - "value": { - "digests": [ - "sha-256:rqg3uI4yCrzUdvWDmVLV4aYSwOSiJcuSBdIAcebDd0U=", - "sha-384:IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - } - } - ] - } - ] - } -} diff --git a/scheme/parsec-tpm/test/corim/ComidParsecTpmPcrsUnknownPCRType.json b/scheme/parsec-tpm/test/corim/ComidParsecTpmPcrsUnknownPCRType.json deleted file mode 100644 index f551f451..00000000 --- a/scheme/parsec-tpm/test/corim/ComidParsecTpmPcrsUnknownPCRType.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "tag-identity": { - "id": "99019224-57AA-44BC-BEF8-D36BDD6BD035" - }, - "entities": [ - { - "name": "Parsec", - "regid": "https://github.com/parallaxsecond", - "roles": [ - "tagCreator", - "creator", - "maintainer" - ] - } - ], - "triples": { - "reference-values": [ - { - "environment": { - "class": { - "id": { - "type": "uuid", - "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" - } - } - }, - "measurements": [ - { - "key": { - "type": "uuid", - "value": "30688A70-22F8-4966-8E52-8BE779DC57BA" - }, - "value": { - "digests": [ - "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=", - "sha-384:QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" - ] - } - }, - { - "key": { - "type": "uuid", - "value": "94152A59-91E3-44C8-B75E-BE7F777A11BF" - }, - "value": { - "digests": [ - "sha-256:rqg3uI4yCrzUdvWDmVLV4aYSwOSiJcuSBdIAcebDd0U=", - "sha-384:IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - } - } - ] - } - ] - } -} \ No newline at end of file diff --git a/scheme/parsec-tpm/test/corim/Makefile b/scheme/parsec-tpm/test/corim/Makefile deleted file mode 100644 index 2addbf28..00000000 --- a/scheme/parsec-tpm/test/corim/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -OUTPUT := ../../corim_test_vectors.go - -DEPS := $(wildcard Comid*.json) - -all: $(OUTPUT) - -$(OUTPUT): $(DEPS) - env TV_DOT_GO=$(OUTPUT) ./build-test-vectors.sh - -clean: ; $(RM) -f *.cbor diff --git a/scheme/parsec-tpm/test/corim/build-test-vectors.sh b/scheme/parsec-tpm/test/corim/build-test-vectors.sh index 999f521f..d79fd548 100755 --- a/scheme/parsec-tpm/test/corim/build-test-vectors.sh +++ b/scheme/parsec-tpm/test/corim/build-test-vectors.sh @@ -1,50 +1,33 @@ #!/bin/bash -# Copyright 2022-2023 Contributors to the Veraison project. +# Copyright 2022-2024 Contributors to the Veraison project. # SPDX-License-Identifier: Apache-2.0 set -eu set -o pipefail -# function generate_go_test_vector constructs CBOR test vector using -# supplied comid and corim json template and saves them in a file -# $1 file name for comid json template, example one of COMID_TEMPLATES -# $2 file name for corim json template, example CORIM_CCA_TEMPLATE -# $3 a qualifier for each cbor test vector name -# $4 name of the file where the generated CBOR test vectors are aggregated -generate_go_test_vector () { - echo "generating test vector using $1 $2" - cocli comid create -t $1.json - cocli corim create -m $1.cbor -t $2 -o corim$1.cbor - echo "// automatically generated from:" >> $4 - echo "// $1.json and $2" >> $4 - echo "var $3$1 = "'`' >> $4 - cat corim$1.cbor | xxd -p >> $4 - echo '`' >> $4 -} - -CORIM_TEMPLATE="corimMini.json" - -COMID_TEMPLATES= -COMID_TEMPLATES="${COMID_TEMPLATES} ComidParsecTpmKeyGood" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidParsecTpmKeyNoClass" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidParsecTpmKeyNoClassId" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidParsecTpmKeyNoInstance" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidParsecTpmKeyUnknownClassIdType" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidParsecTpmKeyUnknownInstanceType" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidParsecTpmKeyManyKeys" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidParsecTpmPcrsGood" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidParsecTpmPcrsNoClass" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidParsecTpmPcrsNoPCR" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidParsecTpmPcrsUnknownPCRType" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidParsecTpmPcrsNoDigests" - -TV_DOT_GO=${TV_DOT_GO?must be set in the environment.} - -printf "package parsec_tpm\n\n" > ${TV_DOT_GO} - -for t in ${COMID_TEMPLATES} +THIS_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +GEN_CORIM="$THIS_DIR/../../../common/scripts/gen-corim" + +CORIM_TEMPLATE=corimMini + +COMID_TEMPLATES=( + ComidParsecTpmKeyGood + ComidParsecTpmKeyNoClass + ComidParsecTpmKeyNoClassId + ComidParsecTpmKeyNoInstance + ComidParsecTpmKeyUnknownClassIdType + ComidParsecTpmKeyUnknownInstanceType + ComidParsecTpmKeyManyKeys + ComidParsecTpmPcrsGood + ComidParsecTpmPcrsNoClass + ComidParsecTpmPcrsNoPCR + ComidParsecTpmPcrsUnknownPCRType + ComidParsecTpmPcrsNoDigests +) + +for comid in "${COMID_TEMPLATES[@]}" do - generate_go_test_vector $t $CORIM_TEMPLATE "unsignedCorim" $TV_DOT_GO + "$GEN_CORIM" "$THIS_DIR" "$comid" "$CORIM_TEMPLATE" "unsigned" done -gofmt -w $TV_DOT_GO +echo "done" diff --git a/scheme/parsec-tpm/test/corim/corimMini.json b/scheme/parsec-tpm/test/corim/corimMini.json deleted file mode 100644 index 265537bf..00000000 --- a/scheme/parsec-tpm/test/corim/corimMini.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "corim-id": "B3EC060E-2A5B-4BC2-8F71-1DAB08CE5BE9", - "profiles": [ - "tag:github.com/parallaxsecond,2023-03-03:tpm" - ] -} diff --git a/scheme/parsec-tpm/test/corim/ComidParsecTpmKeyGood.json b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmKeyGood.json similarity index 100% rename from scheme/parsec-tpm/test/corim/ComidParsecTpmKeyGood.json rename to scheme/parsec-tpm/test/corim/src/ComidParsecTpmKeyGood.json diff --git a/scheme/parsec-tpm/test/corim/ComidParsecTpmKeyManyKeys.json b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmKeyManyKeys.json similarity index 100% rename from scheme/parsec-tpm/test/corim/ComidParsecTpmKeyManyKeys.json rename to scheme/parsec-tpm/test/corim/src/ComidParsecTpmKeyManyKeys.json diff --git a/scheme/parsec-tpm/test/corim/ComidParsecTpmKeyNoClass.json b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmKeyNoClass.json similarity index 100% rename from scheme/parsec-tpm/test/corim/ComidParsecTpmKeyNoClass.json rename to scheme/parsec-tpm/test/corim/src/ComidParsecTpmKeyNoClass.json diff --git a/scheme/parsec-tpm/test/corim/ComidParsecTpmKeyNoClassId.json b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmKeyNoClassId.json similarity index 100% rename from scheme/parsec-tpm/test/corim/ComidParsecTpmKeyNoClassId.json rename to scheme/parsec-tpm/test/corim/src/ComidParsecTpmKeyNoClassId.json diff --git a/scheme/parsec-tpm/test/corim/ComidParsecTpmKeyNoInstance.json b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmKeyNoInstance.json similarity index 100% rename from scheme/parsec-tpm/test/corim/ComidParsecTpmKeyNoInstance.json rename to scheme/parsec-tpm/test/corim/src/ComidParsecTpmKeyNoInstance.json diff --git a/scheme/parsec-tpm/test/corim/ComidParsecTpmKeyUnknownClassIdType.json b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmKeyUnknownClassIdType.json similarity index 100% rename from scheme/parsec-tpm/test/corim/ComidParsecTpmKeyUnknownClassIdType.json rename to scheme/parsec-tpm/test/corim/src/ComidParsecTpmKeyUnknownClassIdType.json diff --git a/scheme/parsec-tpm/test/corim/ComidParsecTpmKeyUnknownInstanceType.json b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmKeyUnknownInstanceType.json similarity index 100% rename from scheme/parsec-tpm/test/corim/ComidParsecTpmKeyUnknownInstanceType.json rename to scheme/parsec-tpm/test/corim/src/ComidParsecTpmKeyUnknownInstanceType.json diff --git a/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsGood.json b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsGood.json new file mode 100644 index 00000000..7b17ff43 --- /dev/null +++ b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsGood.json @@ -0,0 +1,64 @@ +{ + "tag-identity": { + "id": "99019224-57AA-44BC-BEF8-D36BDD6BD035" + }, + "entities": [ + { + "name": "Parsec", + "regid": "https://github.com/parallaxsecond", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "uuid", + "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" + } + } + }, + "measurement": { + "key": { + "type": "uint", + "value": 0 + }, + "value": { + "digests": [ + "sha-256;h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=", + "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "uuid", + "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" + } + } + }, + "measurement": { + "key": { + "type": "uint", + "value": 1 + }, + "value": { + "digests": [ + "sha-256;rqg3uI4yCrzUdvWDmVLV4aYSwOSiJcuSBdIAcebDd0U=", + "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + } + } + } + ] + } +} diff --git a/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsNoClass.json b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsNoClass.json new file mode 100644 index 00000000..1fcaadec --- /dev/null +++ b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsNoClass.json @@ -0,0 +1,60 @@ +{ + "tag-identity": { + "id": "99019224-57AA-44BC-BEF8-D36BDD6BD035" + }, + "entities": [ + { + "name": "Parsec", + "regid": "https://github.com/parallaxsecond", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "instance": { + "type": "ueid", + "value": "AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + } + }, + "measurement": { + "key": { + "type": "uint", + "value": 0 + }, + "value": { + "digests": [ + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=", + "sha-384:QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" + ] + } + } + }, + { + "environment": { + "instance": { + "type": "ueid", + "value": "AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + } + }, + "measurement": { + "key": { + "type": "uint", + "value": 1 + }, + "value": { + "digests": [ + "sha-256:rqg3uI4yCrzUdvWDmVLV4aYSwOSiJcuSBdIAcebDd0U=", + "sha-384:IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + } + } + } + ] + } +} diff --git a/scheme/parsec-tpm/test/corim/ComidParsecTpmPcrsNoDigests.json b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsNoDigests.json similarity index 71% rename from scheme/parsec-tpm/test/corim/ComidParsecTpmPcrsNoDigests.json rename to scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsNoDigests.json index 37641242..498bd325 100644 --- a/scheme/parsec-tpm/test/corim/ComidParsecTpmPcrsNoDigests.json +++ b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsNoDigests.json @@ -24,18 +24,16 @@ } } }, - "measurements": [ - { - "key": { - "type": "uint", - "value": 0 - }, - "value": { - "serial-number": "1234" - } + "measurement": { + "key": { + "type": "uint", + "value": 0 + }, + "value": { + "serial-number": "1234" } - ] + } } ] } -} \ No newline at end of file +} diff --git a/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsNoPCR.json b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsNoPCR.json new file mode 100644 index 00000000..b5a10aef --- /dev/null +++ b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsNoPCR.json @@ -0,0 +1,56 @@ +{ + "tag-identity": { + "id": "99019224-57AA-44BC-BEF8-D36BDD6BD035" + }, + "entities": [ + { + "name": "Parsec", + "regid": "https://github.com/parallaxsecond", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "uuid", + "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" + } + } + }, + "measurement": { + "value": { + "digests": [ + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=", + "sha-384:QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "uuid", + "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" + } + } + }, + "measurement": { + "value": { + "digests": [ + "sha-256:rqg3uI4yCrzUdvWDmVLV4aYSwOSiJcuSBdIAcebDd0U=", + "sha-384:IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + } + } + } + ] + } +} diff --git a/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsUnknownPCRType.json b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsUnknownPCRType.json new file mode 100644 index 00000000..884ba66d --- /dev/null +++ b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsUnknownPCRType.json @@ -0,0 +1,64 @@ +{ + "tag-identity": { + "id": "99019224-57AA-44BC-BEF8-D36BDD6BD035" + }, + "entities": [ + { + "name": "Parsec", + "regid": "https://github.com/parallaxsecond", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "uuid", + "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" + } + } + }, + "measurement": { + "key": { + "type": "uuid", + "value": "30688A70-22F8-4966-8E52-8BE779DC57BA" + }, + "value": { + "digests": [ + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=", + "sha-384:QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "uuid", + "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" + } + } + }, + "measurement": { + "key": { + "type": "uuid", + "value": "94152A59-91E3-44C8-B75E-BE7F777A11BF" + }, + "value": { + "digests": [ + "sha-256:rqg3uI4yCrzUdvWDmVLV4aYSwOSiJcuSBdIAcebDd0U=", + "sha-384:IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + } + } + } + ] + } +} diff --git a/scheme/parsec-tpm/test/corim/src/corimMini.json b/scheme/parsec-tpm/test/corim/src/corimMini.json new file mode 100644 index 00000000..8abf8483 --- /dev/null +++ b/scheme/parsec-tpm/test/corim/src/corimMini.json @@ -0,0 +1,4 @@ +{ + "corim-id": "B3EC060E-2A5B-4BC2-8F71-1DAB08CE5BE9", + "profile": "tag:github.com/parallaxsecond,2023-03-03:tpm" +} diff --git a/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyGood.cbor b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyGood.cbor new file mode 100644 index 00000000..ef312de1 Binary files /dev/null and b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyGood.cbor differ diff --git a/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyManyKeys.cbor b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyManyKeys.cbor new file mode 100644 index 00000000..2283d656 Binary files /dev/null and b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyManyKeys.cbor differ diff --git a/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyNoClass.cbor b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyNoClass.cbor new file mode 100644 index 00000000..6d456ee0 Binary files /dev/null and b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyNoClass.cbor differ diff --git a/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyNoClassId.cbor b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyNoClassId.cbor new file mode 100644 index 00000000..bc6f5421 Binary files /dev/null and b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyNoClassId.cbor differ diff --git a/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyNoInstance.cbor b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyNoInstance.cbor new file mode 100644 index 00000000..d1a2103e Binary files /dev/null and b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyNoInstance.cbor differ diff --git a/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyUnknownClassIdType.cbor b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyUnknownClassIdType.cbor new file mode 100644 index 00000000..df232ea8 Binary files /dev/null and b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyUnknownClassIdType.cbor differ diff --git a/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyUnknownInstanceType.cbor b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyUnknownInstanceType.cbor new file mode 100644 index 00000000..9b3b2195 Binary files /dev/null and b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyUnknownInstanceType.cbor differ diff --git a/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsGood.cbor b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsGood.cbor new file mode 100644 index 00000000..6c3ee245 Binary files /dev/null and b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsGood.cbor differ diff --git a/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsNoClass.cbor b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsNoClass.cbor new file mode 100644 index 00000000..12157714 Binary files /dev/null and b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsNoClass.cbor differ diff --git a/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsNoDigests.cbor b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsNoDigests.cbor new file mode 100644 index 00000000..42c253fc Binary files /dev/null and b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsNoDigests.cbor differ diff --git a/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsNoPCR.cbor b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsNoPCR.cbor new file mode 100644 index 00000000..890396d7 Binary files /dev/null and b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsNoPCR.cbor differ diff --git a/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsUnknownPCRType.cbor b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsUnknownPCRType.cbor new file mode 100644 index 00000000..93422612 Binary files /dev/null and b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsUnknownPCRType.cbor differ diff --git a/scheme/psa-iot/corim_extractor.go b/scheme/psa-iot/corim_extractor.go index 6d0b18db..df2aec52 100644 --- a/scheme/psa-iot/corim_extractor.go +++ b/scheme/psa-iot/corim_extractor.go @@ -17,45 +17,50 @@ type CorimExtractor struct { Profile string } -func (o CorimExtractor) RefValExtractor(rv comid.ReferenceValue) ([]*handler.Endorsement, error) { - var classAttrs platform.ClassAttributes - - if o.Profile != "http://arm.com/psa/iot/1" { - return nil, fmt.Errorf("incorrect profile: %s for Scheme PSA_IOT", o.Profile) - } +func (o CorimExtractor) RefValExtractor(rvs comid.ValueTriples) ([]*handler.Endorsement, error) { + refVals := make([]*handler.Endorsement, 0, len(rvs.Values)) + + for i, rv := range rvs.Values { + var classAttrs platform.ClassAttributes + var refVal *handler.Endorsement + var err error + + if o.Profile != "http://arm.com/psa/iot/1" { + return nil, fmt.Errorf( + "incorrect profile: %s for Scheme PSA_IOT", + o.Profile, + ) + } - if err := classAttrs.FromEnvironment(rv.Environment); err != nil { - return nil, fmt.Errorf("could not extract PSA class attributes: %w", err) - } + if err := classAttrs.FromEnvironment(rv.Environment); err != nil { + return nil, fmt.Errorf("could not extract PSA class attributes: %w", err) + } - // Each measurement is encoded in a measurement-map of a CoMID - // reference-triple-record. Since a measurement-map can encode one or more - // measurements, a single reference-triple-record can carry as many - // measurements as needed, provided they belong to the same PSA RoT - // identified in the subject of the "reference value" triple. A single - // reference-triple-record SHALL completely describe the updatable PSA RoT. - refVals := make([]*handler.Endorsement, 0, len(rv.Measurements)) - var refVal *handler.Endorsement - var err error - for i, m := range rv.Measurements { - if m.Key == nil { + if rv.Measurement.Key == nil { return nil, fmt.Errorf("measurement key is not present") } - if !m.Key.IsSet() { + if !rv.Measurement.Key.IsSet() { return nil, fmt.Errorf("measurement key is not set") } // Check which MKey is present and then decide which extractor to invoke - switch m.Key.Type() { + switch rv.Measurement.Key.Type() { case comid.PSARefValIDType: var swCompAttrs platform.SwCompAttributes - refVal, err = o.extractMeas(&swCompAttrs, m, classAttrs) + refVal, err = o.extractMeas(&swCompAttrs, rv.Measurement, classAttrs) if err != nil { - return nil, fmt.Errorf("unable to extract measurement at index %d, %w", i, err) + return nil, fmt.Errorf( + "unable to extract measurement at index %d, %w", + i, + err, + ) } default: - return nil, fmt.Errorf("unknown measurement key: %T", reflect.TypeOf(m.Key)) + return nil, fmt.Errorf( + "unknown measurement key: %T", + reflect.TypeOf(rv.Measurement.Key), + ) } refVals = append(refVals, refVal) } @@ -89,7 +94,7 @@ func (o CorimExtractor) extractMeas( return &refVal, nil } -func (o CorimExtractor) TaExtractor(avk comid.AttestVerifKey) (*handler.Endorsement, error) { +func (o CorimExtractor) TaExtractor(avk comid.KeyTriple) (*handler.Endorsement, error) { // extract implementation ID var classAttrs platform.ClassAttributes if err := classAttrs.FromEnvironment(avk.Environment); err != nil { diff --git a/scheme/psa-iot/endorsement_handler_test.go b/scheme/psa-iot/endorsement_handler_test.go index 586ac0d3..f03cc250 100644 --- a/scheme/psa-iot/endorsement_handler_test.go +++ b/scheme/psa-iot/endorsement_handler_test.go @@ -6,7 +6,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/veraison/corim/comid" ) func TestDecoder_GetAttestationScheme(t *testing.T) { @@ -66,7 +65,7 @@ func TestDecoder_Decode_invalid_data(t *testing.T) { } func TestDecoder_Decode_OK(t *testing.T) { - tvs := []string{ + tvs := [][]byte{ unsignedCorimComidPsaIakPubOne, unsignedCorimComidPsaIakPubTwo, unsignedCorimComidPsaRefValOne, @@ -77,8 +76,7 @@ func TestDecoder_Decode_OK(t *testing.T) { d := &EndorsementHandler{} for _, tv := range tvs { - data := comid.MustHexDecode(t, tv) - _, err := d.Decode(data) + _, err := d.Decode(tv) assert.NoError(t, err) } } @@ -86,7 +84,7 @@ func TestDecoder_Decode_OK(t *testing.T) { func TestDecoder_Decode_negative_tests(t *testing.T) { tvs := []struct { desc string - input string + input []byte expectedErr string }{ { @@ -102,7 +100,7 @@ func TestDecoder_Decode_negative_tests(t *testing.T) { { desc: "missing measurement identifier", input: unsignedCorimComidPsaRefValNoMkey, - expectedErr: `decoding failed for CoMID at index 0: error unmarshalling field "Triples": error unmarshalling field "ReferenceValues": error unmarshalling field "Flags": expected map (CBOR Major Type 5), found Major Type 0`, + expectedErr: `bad software component in CoMID at index 0: measurement key is not present`, }, { desc: "no implementation id specified in the measurement", @@ -121,9 +119,10 @@ func TestDecoder_Decode_negative_tests(t *testing.T) { }} for _, tv := range tvs { - data := comid.MustHexDecode(t, tv.input) - d := &EndorsementHandler{} - _, err := d.Decode(data) - assert.EqualError(t, err, tv.expectedErr) + t.Run(tv.desc, func(t *testing.T) { + d := &EndorsementHandler{} + _, err := d.Decode(tv.input) + assert.EqualError(t, err, tv.expectedErr) + }) } } diff --git a/scheme/psa-iot/test/ComidPsaRefValThree.json b/scheme/psa-iot/test/ComidPsaRefValThree.json deleted file mode 100644 index 8fd66fbc..00000000 --- a/scheme/psa-iot/test/ComidPsaRefValThree.json +++ /dev/null @@ -1,81 +0,0 @@ -{ - "lang": "en-GB", - "tag-identity": { - "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", - "version": 0 - }, - "entities": [ - { - "name": "ACME Ltd.", - "regid": "https://acme.example", - "roles": [ - "tagCreator", - "creator", - "maintainer" - ] - } - ], - "triples": { - "reference-values": [ - { - "environment": { - "class": { - "id": { - "type": "psa.impl-id", - "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" - }, - "vendor": "ACME", - "model": "RoadRunner" - } - }, - "measurements": [ - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "2.1.0", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } - }, - "value": { - "digests": [ - "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" - ] - } - }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "PRoT", - "version": "1.3.5", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } - }, - "value": { - "digests": [ - "sha-256:AmOCmYm2/ZVPcrqvL8ZLwuLwHWktTecphuqAj26ZgT8=" - ] - } - }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "ARoT", - "version": "0.1.4", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } - }, - "value": { - "digests": [ - "sha-256:o6XnFfDMV0pzw/m+u2vCTzL/1bZ7OHJEwskJ2neaFHg=" - ] - } - } - ] - } - ] - } -} diff --git a/scheme/psa-iot/test/build-test-vectors.sh b/scheme/psa-iot/test/build-test-vectors.sh deleted file mode 100755 index f069b0b9..00000000 --- a/scheme/psa-iot/test/build-test-vectors.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash -# Copyright 2022-2023 Contributors to the Veraison project. -# SPDX-License-Identifier: Apache-2.0 - -set -eu -set -o pipefail - -# function generate_go_test_vector constructs CBOR test vector using -# supplied comid and corim json template and saves them in a file -# $1 file name for comid json template, example one of COMID_TEMPLATES -# $2 file name for corim json template, example CORIM_TEMPLATE -# $3 a qualifier for each cbor test vector name -# $4 name of the file where the generated CBOR test vectors are aggregated -generate_go_test_vector () { - echo "generating test vector using $1 $2" - cocli comid create -t $1.json - cocli corim create -m $1.cbor -t $2 -o corim$1.cbor - echo "// automatically generated from:" >> $4 - echo "// $1.json and $2" >> $4 - echo "// nolint:unused" >> $4 - echo "var $3$1 = "'`' >> $4 - cat corim$1.cbor | xxd -p >> $4 - echo '`' >> $4 -} - -# CORIM TEMPLATE -CORIM_TEMPLATE=corimMini.json - -# COMID TEMPLATES -COMID_TEMPLATES= -COMID_TEMPLATES="${COMID_TEMPLATES} ComidPsaIakPubOne" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidPsaIakPubTwo" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidPsaRefValOne" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidPsaRefValThree" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidPsaMultIak" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidPsaRefValMultDigest" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidPsaRefValOnlyMandIDAttr" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidPsaRefValNoMkey" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidPsaRefValNoImplID" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidPsaIakPubNoUeID" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidPsaIakPubNoImplID" - - -TV_DOT_GO=${TV_DOT_GO?must be set in the environment.} - -printf "package psa_iot\n\n" > ${TV_DOT_GO} - -for t in ${COMID_TEMPLATES} -do - generate_go_test_vector $t $CORIM_TEMPLATE "unsignedCorim" $TV_DOT_GO -done - -gofmt -w $TV_DOT_GO diff --git a/scheme/psa-iot/test/corim/build-test-vectors.sh b/scheme/psa-iot/test/corim/build-test-vectors.sh new file mode 100755 index 00000000..c785b40b --- /dev/null +++ b/scheme/psa-iot/test/corim/build-test-vectors.sh @@ -0,0 +1,32 @@ +#!/bin/bash +# Copyright 2022-2024 Contributors to the Veraison project. +# SPDX-License-Identifier: Apache-2.0 + +set -eu +set -o pipefail + +THIS_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +GEN_CORIM="$THIS_DIR/../../../common/scripts/gen-corim" + +CORIM_TEMPLATE=corimMini + +COMID_TEMPLATES=( + ComidPsaIakPubOne + ComidPsaIakPubTwo + ComidPsaRefValOne + ComidPsaRefValThree + ComidPsaMultIak + ComidPsaRefValMultDigest + ComidPsaRefValOnlyMandIDAttr + ComidPsaRefValNoMkey + ComidPsaRefValNoImplID + ComidPsaIakPubNoUeID + ComidPsaIakPubNoImplID +) + +for comid in "${COMID_TEMPLATES[@]}" +do + "$GEN_CORIM" "$THIS_DIR" "$comid" "$CORIM_TEMPLATE" "unsigned" +done + +echo "done" diff --git a/scheme/psa-iot/test/ComidPsaIakPubNoImplID.json b/scheme/psa-iot/test/corim/src/ComidPsaIakPubNoImplID.json similarity index 100% rename from scheme/psa-iot/test/ComidPsaIakPubNoImplID.json rename to scheme/psa-iot/test/corim/src/ComidPsaIakPubNoImplID.json diff --git a/scheme/psa-iot/test/ComidPsaIakPubNoUeID.json b/scheme/psa-iot/test/corim/src/ComidPsaIakPubNoUeID.json similarity index 100% rename from scheme/psa-iot/test/ComidPsaIakPubNoUeID.json rename to scheme/psa-iot/test/corim/src/ComidPsaIakPubNoUeID.json diff --git a/scheme/psa-iot/test/ComidPsaIakPubOne.json b/scheme/psa-iot/test/corim/src/ComidPsaIakPubOne.json similarity index 100% rename from scheme/psa-iot/test/ComidPsaIakPubOne.json rename to scheme/psa-iot/test/corim/src/ComidPsaIakPubOne.json diff --git a/scheme/psa-iot/test/ComidPsaIakPubTwo.json b/scheme/psa-iot/test/corim/src/ComidPsaIakPubTwo.json similarity index 100% rename from scheme/psa-iot/test/ComidPsaIakPubTwo.json rename to scheme/psa-iot/test/corim/src/ComidPsaIakPubTwo.json diff --git a/scheme/psa-iot/test/ComidPsaMultIak.json b/scheme/psa-iot/test/corim/src/ComidPsaMultIak.json similarity index 100% rename from scheme/psa-iot/test/ComidPsaMultIak.json rename to scheme/psa-iot/test/corim/src/ComidPsaMultIak.json diff --git a/scheme/psa-iot/test/ComidPsaRefValMultDigest.json b/scheme/psa-iot/test/corim/src/ComidPsaRefValMultDigest.json similarity index 58% rename from scheme/psa-iot/test/ComidPsaRefValMultDigest.json rename to scheme/psa-iot/test/corim/src/ComidPsaRefValMultDigest.json index 65921af9..8e82b317 100644 --- a/scheme/psa-iot/test/ComidPsaRefValMultDigest.json +++ b/scheme/psa-iot/test/corim/src/ComidPsaRefValMultDigest.json @@ -28,24 +28,22 @@ "model": "RoadRunner" } }, - "measurements": [ - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "2.1.0", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } - }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=", - "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJYjHl4Hu9eg/eYMTPJcc=" - ] + "label": "BL", + "version": "2.1.0", + "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" } + }, + "value": { + "digests": [ + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=", + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJYjHl4Hu9eg/eYMTPJcc=" + ] } - ] + } } ] } diff --git a/scheme/psa-iot/test/ComidPsaRefValNoImplID.json b/scheme/psa-iot/test/corim/src/ComidPsaRefValNoImplID.json similarity index 62% rename from scheme/psa-iot/test/ComidPsaRefValNoImplID.json rename to scheme/psa-iot/test/corim/src/ComidPsaRefValNoImplID.json index 183c77aa..eaf5efc3 100644 --- a/scheme/psa-iot/test/ComidPsaRefValNoImplID.json +++ b/scheme/psa-iot/test/corim/src/ComidPsaRefValNoImplID.json @@ -29,23 +29,21 @@ "index": 0 } }, - "measurements": [ - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "2.1.0", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } - }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" - ] + "label": "BL", + "version": "2.1.0", + "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" } + }, + "value": { + "digests": [ + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" + ] } - ] + } } ] } diff --git a/scheme/psa-iot/test/ComidPsaRefValNoMkey.json b/scheme/psa-iot/test/corim/src/ComidPsaRefValNoMkey.json similarity index 60% rename from scheme/psa-iot/test/ComidPsaRefValNoMkey.json rename to scheme/psa-iot/test/corim/src/ComidPsaRefValNoMkey.json index 4335231c..5b5843f9 100644 --- a/scheme/psa-iot/test/ComidPsaRefValNoMkey.json +++ b/scheme/psa-iot/test/corim/src/ComidPsaRefValNoMkey.json @@ -28,25 +28,23 @@ "model": "RoadRunner" } }, - "measurements": [ - { - "value": { - "op-flags": [ - "notSecure", - "debug" - ], - "digests": [ - "sha-256:RKozavTLFKh5Qy5T3WVxx/qbzK+3X0iCWSYtbqOk2Rs=" - ], - "svn": { - "type": "exact-value", - "value": 10 - } - } + "measurement": { + "value": { + "op-flags": [ + "notSecure", + "debug" + ], + "digests": [ + "sha-256:RKozavTLFKh5Qy5T3WVxx/qbzK+3X0iCWSYtbqOk2Rs=" + ], + "svn": { + "type": "exact-value", + "value": 10 } - ] + } + } } ] } } - \ No newline at end of file + diff --git a/scheme/psa-iot/test/ComidPsaRefValOne.json b/scheme/psa-iot/test/corim/src/ComidPsaRefValOne.json similarity index 62% rename from scheme/psa-iot/test/ComidPsaRefValOne.json rename to scheme/psa-iot/test/corim/src/ComidPsaRefValOne.json index 26536dd5..b163e493 100644 --- a/scheme/psa-iot/test/ComidPsaRefValOne.json +++ b/scheme/psa-iot/test/corim/src/ComidPsaRefValOne.json @@ -28,23 +28,21 @@ "model": "RoadRunner" } }, - "measurements": [ - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "2.1.0", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } - }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" - ] + "label": "BL", + "version": "2.1.0", + "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" } + }, + "value": { + "digests": [ + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" + ] } - ] + } } ] } diff --git a/scheme/psa-iot/test/ComidPsaRefValOnlyMandIDAttr.json b/scheme/psa-iot/test/corim/src/ComidPsaRefValOnlyMandIDAttr.json similarity index 66% rename from scheme/psa-iot/test/ComidPsaRefValOnlyMandIDAttr.json rename to scheme/psa-iot/test/corim/src/ComidPsaRefValOnlyMandIDAttr.json index 7e397360..8a61d047 100644 --- a/scheme/psa-iot/test/ComidPsaRefValOnlyMandIDAttr.json +++ b/scheme/psa-iot/test/corim/src/ComidPsaRefValOnlyMandIDAttr.json @@ -28,21 +28,19 @@ "model": "RoadRunner" } }, - "measurements": [ - { - "key": { - "type": "psa.refval-id", - "value": { - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } - }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" - ] + "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" } + }, + "value": { + "digests": [ + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" + ] } - ] + } } ] } diff --git a/scheme/psa-iot/test/corim/src/ComidPsaRefValThree.json b/scheme/psa-iot/test/corim/src/ComidPsaRefValThree.json new file mode 100644 index 00000000..41a1f2ec --- /dev/null +++ b/scheme/psa-iot/test/corim/src/ComidPsaRefValThree.json @@ -0,0 +1,103 @@ +{ + "lang": "en-GB", + "tag-identity": { + "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", + "version": 0 + }, + "entities": [ + { + "name": "ACME Ltd.", + "regid": "https://acme.example", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" + }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", + "value": { + "label": "BL", + "version": "2.1.0", + "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" + } + }, + "value": { + "digests": [ + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" + }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", + "value": { + "label": "PRoT", + "version": "1.3.5", + "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" + } + }, + "value": { + "digests": [ + "sha-256:AmOCmYm2/ZVPcrqvL8ZLwuLwHWktTecphuqAj26ZgT8=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" + }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", + "value": { + "label": "ARoT", + "version": "0.1.4", + "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" + } + }, + "value": { + "digests": [ + "sha-256:o6XnFfDMV0pzw/m+u2vCTzL/1bZ7OHJEwskJ2neaFHg=" + ] + } + } + } + ] + } +} diff --git a/scheme/psa-iot/test/corimMini.json b/scheme/psa-iot/test/corim/src/corimMini.json similarity index 53% rename from scheme/psa-iot/test/corimMini.json rename to scheme/psa-iot/test/corim/src/corimMini.json index f0116feb..f9528480 100644 --- a/scheme/psa-iot/test/corimMini.json +++ b/scheme/psa-iot/test/corim/src/corimMini.json @@ -1,6 +1,4 @@ { "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc", - "profiles": [ - "http://arm.com/psa/iot/1" - ] + "profile": "http://arm.com/psa/iot/1" } diff --git a/scheme/psa-iot/test/corim/unsignedCorimCorimMiniComidPsaIakPubOne.cbor b/scheme/psa-iot/test/corim/unsignedCorimCorimMiniComidPsaIakPubOne.cbor new file mode 100644 index 00000000..88f45777 Binary files /dev/null and b/scheme/psa-iot/test/corim/unsignedCorimCorimMiniComidPsaIakPubOne.cbor differ diff --git a/scheme/psa-iot/test/corim/unsignedCorimCorimMiniComidPsaIakPubTwo.cbor b/scheme/psa-iot/test/corim/unsignedCorimCorimMiniComidPsaIakPubTwo.cbor new file mode 100644 index 00000000..6e93a80a Binary files /dev/null and b/scheme/psa-iot/test/corim/unsignedCorimCorimMiniComidPsaIakPubTwo.cbor differ diff --git a/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaIakPubNoImplID.cbor b/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaIakPubNoImplID.cbor new file mode 100644 index 00000000..dbf20010 Binary files /dev/null and b/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaIakPubNoImplID.cbor differ diff --git a/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaIakPubNoUeID.cbor b/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaIakPubNoUeID.cbor new file mode 100644 index 00000000..494a765e Binary files /dev/null and b/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaIakPubNoUeID.cbor differ diff --git a/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaIakPubOne.cbor b/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaIakPubOne.cbor new file mode 100644 index 00000000..4e0a8f6e Binary files /dev/null and b/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaIakPubOne.cbor differ diff --git a/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaIakPubTwo.cbor b/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaIakPubTwo.cbor new file mode 100644 index 00000000..b08aaf20 Binary files /dev/null and b/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaIakPubTwo.cbor differ diff --git a/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaMultIak.cbor b/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaMultIak.cbor new file mode 100644 index 00000000..b5a2b144 Binary files /dev/null and b/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaMultIak.cbor differ diff --git a/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaRefValMultDigest.cbor b/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaRefValMultDigest.cbor new file mode 100644 index 00000000..13566bda Binary files /dev/null and b/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaRefValMultDigest.cbor differ diff --git a/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaRefValNoImplID.cbor b/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaRefValNoImplID.cbor new file mode 100644 index 00000000..f790a11c Binary files /dev/null and b/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaRefValNoImplID.cbor differ diff --git a/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaRefValNoMkey.cbor b/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaRefValNoMkey.cbor new file mode 100644 index 00000000..e527b81f Binary files /dev/null and b/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaRefValNoMkey.cbor differ diff --git a/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaRefValOne.cbor b/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaRefValOne.cbor new file mode 100644 index 00000000..7607f38c Binary files /dev/null and b/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaRefValOne.cbor differ diff --git a/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaRefValOnlyMandIDAttr.cbor b/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaRefValOnlyMandIDAttr.cbor new file mode 100644 index 00000000..0eef1756 Binary files /dev/null and b/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaRefValOnlyMandIDAttr.cbor differ diff --git a/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaRefValThree.cbor b/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaRefValThree.cbor new file mode 100644 index 00000000..b6dac36b Binary files /dev/null and b/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaRefValThree.cbor differ diff --git a/scheme/psa-iot/test_vectors.go b/scheme/psa-iot/test_vectors.go index 060bef71..565bb89e 100644 --- a/scheme/psa-iot/test_vectors.go +++ b/scheme/psa-iot/test_vectors.go @@ -2,216 +2,50 @@ // SPDX-License-Identifier: Apache-2.0 package psa_iot -// automatically generated from: -// ComidPsaIakPubOne.json and corimMini.json -// nolint:unused -var unsignedCorimComidPsaIakPubOne = ` -a300505c57e8f446cd421b91c908cf93e13cfc0181590167d901faa40065 -656e2d474201a10050366d0a0a598845ed84882f2a544f62420281a30069 -41434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d -706c65028300010204a1028182a200a300d90258582061636d652d696d70 -6c656d656e746174696f6e2d69642d303030303030303031016441434d45 -026a526f616452756e6e657201d90226582101ceebae7b8927a3227e5303 -cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f150881d9022a78b02d2d2d -2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d466b774577 -59484b6f5a497a6a3043415159494b6f5a497a6a30444151634451674145 -466e3074616f41775233506d724b6b594c74417344396f30354b534d366d -6267664e436770754c306736567054486b5a6c3733776b354244786f5637 -6e2b4f656565306949716b5733484d5a54334554696e694a64673d3d0a2d -2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d03817818687474 -703a2f2f61726d2e636f6d2f7073612f696f742f31 -` +import _ "embed" -// automatically generated from: -// ComidPsaIakPubTwo.json and corimMini.json -// nolint:unused -var unsignedCorimComidPsaIakPubTwo = ` -a300505c57e8f446cd421b91c908cf93e13cfc0181590280d901faa40065 -656e2d474201a10050366d0a0a598845ed84882f2a544f62420281a30069 -41434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d -706c65028300010204a1028282a200a300d90258582061636d652d696d70 -6c656d656e746174696f6e2d69642d303030303030303031016441434d45 -026a526f616452756e6e657201d90226582101ceebae7b8927a3227e5303 -cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f150881d9022a78b02d2d2d -2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d466b774577 -59484b6f5a497a6a3043415159494b6f5a497a6a30444151634451674145 -466e3074616f41775233506d724b6b594c74417344396f30354b534d366d -6267664e436770754c306736567054486b5a6c3733776b354244786f5637 -6e2b4f656565306949716b5733484d5a54334554696e694a64673d3d0a2d -2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d82a200a300d902 -58582061636d652d696d706c656d656e746174696f6e2d69642d30303030 -3030303031016441434d45026a526f616452756e6e657201d90226582101 -4ca3e4f50bf248c39787020d68ffd05c88767751bf2645ca923f57a98bec -d29681d9022a78b02d2d2d2d2d424547494e205055424c4943204b45592d -2d2d2d2d0a4d466b77457759484b6f5a497a6a3043415159494b6f5a497a -6a304441516344516741453656777165376879334f385970612b42554554 -4c556a424e5533724558565579743958485237484a574c473758544b5164 -3969316b565258654250444c466e66597275312f657578526e4a4d374839 -556f46444c64413d3d0a2d2d2d2d2d454e44205055424c4943204b45592d -2d2d2d2d03817818687474703a2f2f61726d2e636f6d2f7073612f696f74 -2f31 -` +var ( + // nolint:unused + //go:embed test/corim/unsignedCorimMiniComidPsaIakPubOne.cbor + unsignedCorimComidPsaIakPubOne []byte -// automatically generated from: -// ComidPsaRefValOne.json and corimMini.json -// nolint:unused -var unsignedCorimComidPsaRefValOne = ` -a300505c57e8f446cd421b91c908cf93e13cfc018158e7d901faa4006565 -6e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a3006941 -434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d70 -6c65028300010204a1008182a100a300d90258582061636d652d696d706c -656d656e746174696f6e2d69642d303030303030303031016441434d4502 -6a526f616452756e6e657281a200d90259a30162424c0465322e312e3005 -5820acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd9e7871f7e5 -d8bae86b01a102818201582087428fc522803d31065e7bce3cf03fe47509 -6631e5e07bbd7a0fde60c4cf25c703817818687474703a2f2f61726d2e63 -6f6d2f7073612f696f742f31 -` + // nolint:unused + //go:embed test/corim/unsignedCorimMiniComidPsaIakPubTwo.cbor + unsignedCorimComidPsaIakPubTwo []byte -// automatically generated from: -// ComidPsaRefValThree.json and corimMini.json -// nolint:unused -var unsignedCorimComidPsaRefValThree = ` -a300505c57e8f446cd421b91c908cf93e13cfc01815901a3d901faa40065 -656e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a30069 -41434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d -706c65028300010204a1008182a100a300d90258582061636d652d696d70 -6c656d656e746174696f6e2d69642d303030303030303031016441434d45 -026a526f616452756e6e657283a200d90259a30162424c0465322e312e30 -055820acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd9e7871f7 -e5d8bae86b01a102818201582087428fc522803d31065e7bce3cf03fe475 -096631e5e07bbd7a0fde60c4cf25c7a200d90259a3016450526f54046531 -2e332e35055820acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd -9e7871f7e5d8bae86b01a10281820158200263829989b6fd954f72baaf2f -c64bc2e2f01d692d4de72986ea808f6e99813fa200d90259a3016441526f -540465302e312e34055820acbb11c7e4da217205523ce4ce1a245ae1a239 -ae3c6bfd9e7871f7e5d8bae86b01a1028182015820a3a5e715f0cc574a73 -c3f9bebb6bc24f32ffd5b67b387244c2c909da779a147803817818687474 -703a2f2f61726d2e636f6d2f7073612f696f742f31 -` + // nolint:unused + //go:embed test/corim/unsignedCorimMiniComidPsaRefValOne.cbor + unsignedCorimComidPsaRefValOne []byte -// automatically generated from: -// ComidPsaMultIak.json and corimMini.json -// nolint:unused -var unsignedCorimComidPsaMultIak = ` -a300505c57e8f446cd421b91c908cf93e13cfc018159021cd901faa40065 -656e2d474201a10050366d0a0a598845ed84882f2a544f62420281a30069 -41434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d -706c65028300010204a1028182a200a300d90258582061636d652d696d70 -6c656d656e746174696f6e2d69642d303030303030303031016441434d45 -026a526f616452756e6e657201d90226582101ceebae7b8927a3227e5303 -cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f150882d9022a78b02d2d2d -2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d466b774577 -59484b6f5a497a6a3043415159494b6f5a497a6a30444151634451674145 -466e3074616f41775233506d724b6b594c74417344396f30354b534d366d -6267664e436770754c306736567054486b5a6c3733776b354244786f5637 -6e2b4f656565306949716b5733484d5a54334554696e694a64673d3d0a2d -2d2d2d2d454e44205055424c4943204b45592d2d2d2d2dd9022a78b02d2d -2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d466b7745 -7759484b6f5a497a6a3043415159494b6f5a497a6a304441516344516741 -45466e3074616f41775233506d724b6b594c74417344396f30354b534d36 -6d6267664e436770754c306736567054486b5a6c3733776b354244786f56 -376e2b4f656565306949716b5733484d5a54334554696e694a64673d3d0a -2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d038178186874 -74703a2f2f61726d2e636f6d2f7073612f696f742f31 -` + // nolint:unused + //go:embed test/corim/unsignedCorimMiniComidPsaRefValThree.cbor + unsignedCorimComidPsaRefValThree []byte -// automatically generated from: -// ComidPsaRefValMultDigest.json and corimMini.json -// nolint:unused -var unsignedCorimComidPsaRefValMultDigest = ` -a300505c57e8f446cd421b91c908cf93e13cfc018159010bd901faa40065 -656e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a30069 -41434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d -706c65028300010204a1008182a100a300d90258582061636d652d696d70 -6c656d656e746174696f6e2d69642d303030303030303031016441434d45 -026a526f616452756e6e657281a200d90259a30162424c0465322e312e30 -055820acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd9e7871f7 -e5d8bae86b01a102828201582087428fc522803d31065e7bce3cf03fe475 -096631e5e07bbd7a0fde60c4cf25c78201582087428fc522803d31065e7b -ce3cf03fe475096231e5e07bbd7a0fde60c4cf25c703817818687474703a -2f2f61726d2e636f6d2f7073612f696f742f31 -` + // nolint:unused + //go:embed test/corim/unsignedCorimMiniComidPsaMultIak.cbor + unsignedCorimComidPsaMultIak []byte -// automatically generated from: -// ComidPsaRefValOnlyMandIDAttr.json and corimMini.json -// nolint:unused -var unsignedCorimComidPsaRefValOnlyMandIDAttr = ` -a300505c57e8f446cd421b91c908cf93e13cfc018158dcd901faa4006565 -6e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a3006941 -434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d70 -6c65028300010204a1008182a100a300d90258582061636d652d696d706c -656d656e746174696f6e2d69642d303030303030303031016441434d4502 -6a526f616452756e6e657281a200d90259a1055820acbb11c7e4da217205 -523ce4ce1a245ae1a239ae3c6bfd9e7871f7e5d8bae86b01a10281820158 -2087428fc522803d31065e7bce3cf03fe475096631e5e07bbd7a0fde60c4 -cf25c703817818687474703a2f2f61726d2e636f6d2f7073612f696f742f -31 -` + // nolint:unused + //go:embed test/corim/unsignedCorimMiniComidPsaRefValMultDigest.cbor + unsignedCorimComidPsaRefValMultDigest []byte -// automatically generated from: -// ComidPsaRefValNoMkey.json and corimMini.json -// nolint:unused -var unsignedCorimComidPsaRefValNoMkey = ` -a300505c57e8f446cd421b91c908cf93e13cfc018158bbd901faa4006565 -6e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a3006941 -434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d70 -6c65028300010204a1008182a100a300d90258582061636d652d696d706c -656d656e746174696f6e2d69642d303030303030303031016441434d4502 -6a526f616452756e6e657281a101a301d902280a02818201582044aa336a -f4cb14a879432e53dd6571c7fa9bccafb75f488259262d6ea3a4d91b030a -03817818687474703a2f2f61726d2e636f6d2f7073612f696f742f31 -` + // nolint:unused + //go:embed test/corim/unsignedCorimMiniComidPsaRefValOnlyMandIDAttr.cbor + unsignedCorimComidPsaRefValOnlyMandIDAttr []byte -// automatically generated from: -// ComidPsaRefValNoImplID.json and corimMini.json -// nolint:unused -var unsignedCorimComidPsaRefValNoImplID = ` -a300505c57e8f446cd421b91c908cf93e13cfc018158ccd901faa4006565 -6e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a3006941 -434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d70 -6c65028300010204a1008182a100a400d82550dd6661f009284401966b58 -9ea74e32720263464d430300040081a200d90259a30162424c0465322e31 -2e30055820acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd9e78 -71f7e5d8bae86b01a102818201582087428fc522803d31065e7bce3cf03f -e475096631e5e07bbd7a0fde60c4cf25c703817818687474703a2f2f6172 -6d2e636f6d2f7073612f696f742f31 -` + // nolint:unused + //go:embed test/corim/unsignedCorimMiniComidPsaRefValNoMkey.cbor + unsignedCorimComidPsaRefValNoMkey []byte -// automatically generated from: -// ComidPsaIakPubNoUeID.json and corimMini.json -// nolint:unused -var unsignedCorimComidPsaIakPubNoUeID = ` -a300505c57e8f446cd421b91c908cf93e13cfc0181590140d901faa40065 -656e2d474201a10050366d0a0a598845ed84882f2a544f62420281a30069 -41434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d -706c65028300010204a1028182a100a300d90258582061636d652d696d70 -6c656d656e746174696f6e2d69642d303030303030303031016441434d45 -026a526f616452756e6e657281d9022a78b02d2d2d2d2d424547494e2050 -55424c4943204b45592d2d2d2d2d0a4d466b77457759484b6f5a497a6a30 -43415159494b6f5a497a6a30444151634451674145466e3074616f417752 -33506d724b6b594c74417344396f30354b534d366d6267664e436770754c -306736567054486b5a6c3733776b354244786f56376e2b4f656565306949 -716b5733484d5a54334554696e694a64673d3d0a2d2d2d2d2d454e442050 -55424c4943204b45592d2d2d2d2d03817818687474703a2f2f61726d2e63 -6f6d2f7073612f696f742f31 -` + // nolint:unused + //go:embed test/corim/unsignedCorimMiniComidPsaRefValNoImplID.cbor + unsignedCorimComidPsaRefValNoImplID []byte -// automatically generated from: -// ComidPsaIakPubNoImplID.json and corimMini.json -// nolint:unused -var unsignedCorimComidPsaIakPubNoImplID = ` -a300505c57e8f446cd421b91c908cf93e13cfc018159014cd901faa40065 -656e2d474201a10050366d0a0a598845ed84882f2a544f62420281a30069 -41434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d -706c65028300010204a1028182a200a400d82550dd6661f009284401966b -589ea74e32720263464d430300040001d90226582101ceebae7b8927a322 -7e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f150881d9022a78b0 -2d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d466b -77457759484b6f5a497a6a3043415159494b6f5a497a6a30444151634451 -674145466e3074616f41775233506d724b6b594c74417344396f30354b53 -4d366d6267664e436770754c306736567054486b5a6c3733776b35424478 -6f56376e2b4f656565306949716b5733484d5a54334554696e694a64673d -3d0a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d03817818 -687474703a2f2f61726d2e636f6d2f7073612f696f742f31 -` + // nolint:unused + //go:embed test/corim/unsignedCorimMiniComidPsaIakPubNoUeID.cbor + unsignedCorimComidPsaIakPubNoUeID []byte + + // nolint:unused + //go:embed test/corim/unsignedCorimMiniComidPsaIakPubNoImplID.cbor + unsignedCorimComidPsaIakPubNoImplID []byte +) diff --git a/scheme/tpm-enacttrust/endorsement_handler_test.go b/scheme/tpm-enacttrust/endorsement_handler_test.go index 8c9b9efb..8a566483 100644 --- a/scheme/tpm-enacttrust/endorsement_handler_test.go +++ b/scheme/tpm-enacttrust/endorsement_handler_test.go @@ -1,4 +1,4 @@ -// Copyright 2022-2023 Contributors to the Veraison project. +// Copyright 2022-2024 Contributors to the Veraison project. // SPDX-License-Identifier: Apache-2.0 package tpm_enacttrust @@ -6,7 +6,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/veraison/corim/comid" ) func TestDecoder_GetAttestationScheme(t *testing.T) { @@ -54,7 +53,7 @@ func TestDecoder_Decode_empty_data(t *testing.T) { } func TestDecoder_Decode_OK(t *testing.T) { - tvs := []string{ + tvs := [][]byte{ unsignedCorimComidTpmEnactTrustAKOne, unsignedCorimComidTpmEnactTrustGoldenOne, } @@ -62,8 +61,7 @@ func TestDecoder_Decode_OK(t *testing.T) { d := &EndorsementHandler{} for _, tv := range tvs { - data := comid.MustHexDecode(t, tv) - _, err := d.Decode(data) + _, err := d.Decode(tv) assert.NoError(t, err) } } @@ -71,7 +69,7 @@ func TestDecoder_Decode_OK(t *testing.T) { func TestDecoder_Decode_negative_tests(t *testing.T) { tvs := []struct { desc string - input string + input []byte expectedErr string }{ { @@ -111,9 +109,10 @@ func TestDecoder_Decode_negative_tests(t *testing.T) { }} for _, tv := range tvs { - data := comid.MustHexDecode(t, tv.input) - d := &EndorsementHandler{} - _, err := d.Decode(data) - assert.EqualError(t, err, tv.expectedErr) + t.Run(tv.desc, func(t *testing.T) { + d := &EndorsementHandler{} + _, err := d.Decode(tv.input) + assert.EqualError(t, err, tv.expectedErr) + }) } } diff --git a/scheme/tpm-enacttrust/extractor.go b/scheme/tpm-enacttrust/extractor.go index e3b059ed..79346c2f 100644 --- a/scheme/tpm-enacttrust/extractor.go +++ b/scheme/tpm-enacttrust/extractor.go @@ -1,4 +1,4 @@ -// Copyright 2022-2023 Contributors to the Veraison project. +// Copyright 2022-2024 Contributors to the Veraison project. // SPDX-License-Identifier: Apache-2.0 package tpm_enacttrust @@ -19,21 +19,23 @@ func (o *Extractor) SetProfile(p string) { o.Profile = p } -func (o Extractor) RefValExtractor(rv comid.ReferenceValue) ([]*handler.Endorsement, error) { +func (o Extractor) RefValExtractor(rvs comid.ValueTriples) ([]*handler.Endorsement, error) { + if len(rvs.Values) != 1 { + return nil, fmt.Errorf("expecting one measurement only") + } + + rv := rvs.Values[0] var instanceAttrs InstanceAttributes if err := instanceAttrs.FromEnvironment(rv.Environment); err != nil { return nil, fmt.Errorf("could not extract instance attributes: %w", err) } - if len(rv.Measurements) != 1 { - return nil, fmt.Errorf("expecting one measurement only") - } var ( swComponents []*handler.Endorsement swCompAttrs SwCompAttributes - measurement comid.Measurement = rv.Measurements[0] + measurement comid.Measurement = rv.Measurement ) if err := swCompAttrs.FromMeasurement(measurement); err != nil { @@ -74,7 +76,7 @@ func makeSwAttrs(i InstanceAttributes, s SwCompAttributes) (json.RawMessage, err return msg, nil } -func (o Extractor) TaExtractor(avk comid.AttestVerifKey) (*handler.Endorsement, error) { +func (o Extractor) TaExtractor(avk comid.KeyTriple) (*handler.Endorsement, error) { var instanceAttrs InstanceAttributes if err := instanceAttrs.FromEnvironment(avk.Environment); err != nil { diff --git a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustGoldenTwo.json b/scheme/tpm-enacttrust/test/ComidTpmEnactTrustGoldenTwo.json deleted file mode 100644 index d6ff6cd5..00000000 --- a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustGoldenTwo.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "tag-identity": { - "id": "00000000-0000-0000-0000-000000000000" - }, - "entities": [ - { - "name": "EnactTrust", - "regid": "https://enacttrust.com", - "roles": [ - "tagCreator", - "creator", - "maintainer" - ] - } - ], - "triples": { - "reference-values": [ - { - "environment": { - "instance": { - "type": "uuid", - "value": "ffffffff-ffff-ffff-ffff-ffffffffffff" - } - }, - "measurements": [ - { - "value": { - "digests": [ - "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" - ] - } - }, - { - "value": { - "digests": [ - "sha-256:AmOCmYm2/ZVPcrqvL8ZLwuLwHWktTecphuqAj26ZgT8=" - ] - } - } - ] - } - ] - } -} diff --git a/scheme/tpm-enacttrust/test/build-test-vectors.sh b/scheme/tpm-enacttrust/test/build-test-vectors.sh deleted file mode 100755 index c63efc34..00000000 --- a/scheme/tpm-enacttrust/test/build-test-vectors.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright 2022-2023 Contributors to the Veraison project. -# SPDX-License-Identifier: Apache-2.0 - -set -eu -set -o pipefail - -CORIM_TEMPLATE=corimMini.json - -COMID_TEMPLATES= -COMID_TEMPLATES="${COMID_TEMPLATES} ComidTpmEnactTrustAKOne" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidTpmEnactTrustGoldenOne" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidTpmEnactTrustAKMult" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidTpmEnactTrustBadInst" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidTpmEnactTrustNoInst" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidTpmEnactTrustMultDigest" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidTpmEnactTrustGoldenTwo" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidTpmEnactTrustNoDigest" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidTpmEnactTrustAKBadInst" - -TV_DOT_GO=${TV_DOT_GO?must be set in the environment.} - -printf "package tpm_enacttrust\n\n" > ${TV_DOT_GO} - -for t in ${COMID_TEMPLATES} -do - cocli comid create -t ${t}.json - cocli corim create -m ${t}.cbor -t ${CORIM_TEMPLATE} -o corim${t}.cbor - echo "// automatically generated from $t.json" >> ${TV_DOT_GO} - echo "var unsignedCorim${t} = "'`' >> ${TV_DOT_GO} - cat corim${t}.cbor | xxd -p >> ${TV_DOT_GO} - echo '`' >> ${TV_DOT_GO} - gofmt -w ${TV_DOT_GO} -done diff --git a/scheme/tpm-enacttrust/test/corim/build-test-vectors.sh b/scheme/tpm-enacttrust/test/corim/build-test-vectors.sh new file mode 100755 index 00000000..9bcf1c8f --- /dev/null +++ b/scheme/tpm-enacttrust/test/corim/build-test-vectors.sh @@ -0,0 +1,30 @@ +#!/bin/bash +# Copyright 2022-2024 Contributors to the Veraison project. +# SPDX-License-Identifier: Apache-2.0 + +set -eu +set -o pipefail + +THIS_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +GEN_CORIM="$THIS_DIR/../../../common/scripts/gen-corim" + +CORIM_TEMPLATE=corimMini + +COMID_TEMPLATES=( + ComidTpmEnactTrustAKOne + ComidTpmEnactTrustGoldenOne + ComidTpmEnactTrustAKMult + ComidTpmEnactTrustBadInst + ComidTpmEnactTrustNoInst + ComidTpmEnactTrustMultDigest + ComidTpmEnactTrustGoldenTwo + ComidTpmEnactTrustNoDigest + ComidTpmEnactTrustAKBadInst +) + +for comid in "${COMID_TEMPLATES[@]}" +do + "$GEN_CORIM" "$THIS_DIR" "$comid" "$CORIM_TEMPLATE" "unsigned" +done + +echo "done" diff --git a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustAKBadInst.json b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustAKBadInst.json similarity index 100% rename from scheme/tpm-enacttrust/test/ComidTpmEnactTrustAKBadInst.json rename to scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustAKBadInst.json diff --git a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustAKMult.json b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustAKMult.json similarity index 94% rename from scheme/tpm-enacttrust/test/ComidTpmEnactTrustAKMult.json rename to scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustAKMult.json index b44ef409..37c566ee 100644 --- a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustAKMult.json +++ b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustAKMult.json @@ -19,7 +19,7 @@ "environment": { "instance": { "type": "uuid", - "value": "ffffffff-ffff-ffff-ffff-ffffffffffff" + "value": "DD6661F0-0928-4401-966B-589EA74E3272" } }, "verification-keys": [ diff --git a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustAKOne.json b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustAKOne.json similarity index 92% rename from scheme/tpm-enacttrust/test/ComidTpmEnactTrustAKOne.json rename to scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustAKOne.json index cb0104eb..a45f26a5 100644 --- a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustAKOne.json +++ b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustAKOne.json @@ -19,7 +19,7 @@ "environment": { "instance": { "type": "uuid", - "value": "ffffffff-ffff-ffff-ffff-ffffffffffff" + "value": "DD6661F0-0928-4401-966B-589EA74E3272" } }, "verification-keys": [ diff --git a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustBadInst.json b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustBadInst.json similarity index 72% rename from scheme/tpm-enacttrust/test/ComidTpmEnactTrustBadInst.json rename to scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustBadInst.json index 29ea4d1e..f5ffaab3 100644 --- a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustBadInst.json +++ b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustBadInst.json @@ -22,15 +22,13 @@ "value": "Ac7rrnuJJ6MiflMDz14PH3s0u1Qq1yUKwD+83jbsLxUI" } }, - "measurements": [ - { - "value": { - "digests": [ - "sha-256;h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" - ] - } + "measurement": { + "value": { + "digests": [ + "sha-256;h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" + ] } - ] + } } ] } diff --git a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustGoldenOne.json b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustGoldenOne.json similarity index 63% rename from scheme/tpm-enacttrust/test/ComidTpmEnactTrustGoldenOne.json rename to scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustGoldenOne.json index 4b2d9d7e..e5163b19 100644 --- a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustGoldenOne.json +++ b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustGoldenOne.json @@ -19,18 +19,16 @@ "environment": { "instance": { "type": "uuid", - "value": "ffffffff-ffff-ffff-ffff-ffffffffffff" + "value": "DD6661F0-0928-4401-966B-589EA74E3272" } }, - "measurements": [ - { - "value": { - "digests": [ - "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" - ] - } + "measurement": { + "value": { + "digests": [ + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" + ] } - ] + } } ] } diff --git a/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustGoldenTwo.json b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustGoldenTwo.json new file mode 100644 index 00000000..395216d9 --- /dev/null +++ b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustGoldenTwo.json @@ -0,0 +1,50 @@ +{ + "tag-identity": { + "id": "00000000-0000-0000-0000-000000000000" + }, + "entities": [ + { + "name": "EnactTrust", + "regid": "https://enacttrust.com", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "instance": { + "type": "uuid", + "value": "DD6661F0-0928-4401-966B-589EA74E3272" + } + }, + "measurement": { + "value": { + "digests": [ + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" + ] + } + } + }, + { + "environment": { + "instance": { + "type": "uuid", + "value": "DD6661F0-0928-4401-966B-589EA74E3272" + } + }, + "measurement": { + "value": { + "digests": [ + "sha-256:AmOCmYm2/ZVPcrqvL8ZLwuLwHWktTecphuqAj26ZgT8=" + ] + } + } + } + ] + } +} diff --git a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustMultDigest.json b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustMultDigest.json similarity index 57% rename from scheme/tpm-enacttrust/test/ComidTpmEnactTrustMultDigest.json rename to scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustMultDigest.json index b76df609..8616bfbb 100644 --- a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustMultDigest.json +++ b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustMultDigest.json @@ -19,19 +19,17 @@ "environment": { "instance": { "type": "uuid", - "value": "ffffffff-ffff-ffff-ffff-ffffffffffff" + "value": "DD6661F0-0928-4401-966B-589EA74E3272" } }, - "measurements": [ - { - "value": { - "digests": [ - "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=", - "sha-256:h0KPxSKAPTEGXnvOPPB/5HUJYjHl4Hu9eg/eYMTPJcc=" - ] - } + "measurement": { + "value": { + "digests": [ + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=", + "sha-256:h0KPxSKAPTEGXnvOPPB/5HUJYjHl4Hu9eg/eYMTPJcc=" + ] } - ] + } } ] } diff --git a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustNoDigest.json b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustNoDigest.json similarity index 66% rename from scheme/tpm-enacttrust/test/ComidTpmEnactTrustNoDigest.json rename to scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustNoDigest.json index c18814f2..b3f1804b 100644 --- a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustNoDigest.json +++ b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustNoDigest.json @@ -19,17 +19,15 @@ "environment": { "instance": { "type": "uuid", - "value": "ffffffff-ffff-ffff-ffff-ffffffffffff" + "value": "DD6661F0-0928-4401-966B-589EA74E3272" } }, - "measurements": [ - { - "value": { - "mac-addr": "00:00:5e:00:53:01", - "ip-addr": "2001:4860:0:2001::68" - } + "measurement": { + "value": { + "mac-addr": "00:00:5e:00:53:01", + "ip-addr": "2001:4860:0:2001::68" } - ] + } } ] } diff --git a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustNoInst.json b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustNoInst.json similarity index 75% rename from scheme/tpm-enacttrust/test/ComidTpmEnactTrustNoInst.json rename to scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustNoInst.json index 1c001a82..5328077e 100644 --- a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustNoInst.json +++ b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustNoInst.json @@ -26,15 +26,13 @@ "model": "RoadRunner" } }, - "measurements": [ - { - "value": { - "digests": [ - "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" - ] - } + "measurement": { + "value": { + "digests": [ + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" + ] } - ] + } } ] } diff --git a/scheme/tpm-enacttrust/test/corim/src/corimMini.json b/scheme/tpm-enacttrust/test/corim/src/corimMini.json new file mode 100644 index 00000000..f8b15f3a --- /dev/null +++ b/scheme/tpm-enacttrust/test/corim/src/corimMini.json @@ -0,0 +1,4 @@ +{ + "corim-id": "11111111-1111-1111-1111-111111111111", + "profile": "https://enacttrust.com/veraison/1.0.0" +} diff --git a/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustAKBadInst.cbor b/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustAKBadInst.cbor new file mode 100644 index 00000000..dde075cf Binary files /dev/null and b/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustAKBadInst.cbor differ diff --git a/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustAKMult.cbor b/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustAKMult.cbor new file mode 100644 index 00000000..4f0b3221 Binary files /dev/null and b/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustAKMult.cbor differ diff --git a/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustAKOne.cbor b/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustAKOne.cbor new file mode 100644 index 00000000..59077cbc Binary files /dev/null and b/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustAKOne.cbor differ diff --git a/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustBadInst.cbor b/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustBadInst.cbor new file mode 100644 index 00000000..c4a56d8c Binary files /dev/null and b/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustBadInst.cbor differ diff --git a/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustGoldenOne.cbor b/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustGoldenOne.cbor new file mode 100644 index 00000000..ef444fda Binary files /dev/null and b/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustGoldenOne.cbor differ diff --git a/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustGoldenTwo.cbor b/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustGoldenTwo.cbor new file mode 100644 index 00000000..86178fe5 Binary files /dev/null and b/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustGoldenTwo.cbor differ diff --git a/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustMultDigest.cbor b/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustMultDigest.cbor new file mode 100644 index 00000000..2e8a2d96 Binary files /dev/null and b/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustMultDigest.cbor differ diff --git a/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustNoDigest.cbor b/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustNoDigest.cbor new file mode 100644 index 00000000..06e3a1ed Binary files /dev/null and b/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustNoDigest.cbor differ diff --git a/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustNoInst.cbor b/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustNoInst.cbor new file mode 100644 index 00000000..5bfa474d Binary files /dev/null and b/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustNoInst.cbor differ diff --git a/scheme/tpm-enacttrust/test/corimMini.json b/scheme/tpm-enacttrust/test/corimMini.json deleted file mode 100644 index 77304944..00000000 --- a/scheme/tpm-enacttrust/test/corimMini.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "corim-id": "11111111-1111-1111-1111-111111111111", - "profiles": [ - "https://enacttrust.com/veraison/1.0.0" - ] -} diff --git a/scheme/tpm-enacttrust/test_vectors.go b/scheme/tpm-enacttrust/test_vectors.go index 775cdda5..ac4704d8 100644 --- a/scheme/tpm-enacttrust/test_vectors.go +++ b/scheme/tpm-enacttrust/test_vectors.go @@ -2,128 +2,33 @@ // SPDX-License-Identifier: Apache-2.0 package tpm_enacttrust -// automatically generated from ComidTpmEnactTrustAKOne.json -var unsignedCorimComidTpmEnactTrustAKOne = ` -a30050111111111111111111111111111111110181590116d901faa301a1 -0050000000000000000000000000000000000281a3006a456e6163745472 -75737401d8207668747470733a2f2f656e61637474727573742e636f6d02 -8300010204a1028182a101d82550ffffffffffffffffffffffffffffffff -81d9022a78b02d2d2d2d2d424547494e205055424c4943204b45592d2d2d -2d2d0a4d466b77457759484b6f5a497a6a3043415159494b6f5a497a6a30 -4441516344516741453656777165376879334f385970612b425545544c55 -6a424e5533724558565579743958485237484a574c473758544b51643969 -316b565258654250444c466e66597275312f657578526e4a4d374839556f -46444c64413d3d0a2d2d2d2d2d454e44205055424c4943204b45592d2d2d -2d2d0381782568747470733a2f2f656e61637474727573742e636f6d2f76 -65726169736f6e2f312e302e30 -` +import _ "embed" -// automatically generated from ComidTpmEnactTrustGoldenOne.json -var unsignedCorimComidTpmEnactTrustGoldenOne = ` -a30050111111111111111111111111111111110181588ad901faa301a100 -50000000000000000000000000000000000281a3006a456e616374547275 -737401d8207668747470733a2f2f656e61637474727573742e636f6d0283 -00010204a1008182a101d82550ffffffffffffffffffffffffffffffff81 -a101a102818201582087428fc522803d31065e7bce3cf03fe475096631e5 -e07bbd7a0fde60c4cf25c70381782568747470733a2f2f656e6163747472 -7573742e636f6d2f7665726169736f6e2f312e302e30 -` +var ( + //go:embed test/corim/unsignedCorimMiniComidTpmEnactTrustAKOne.cbor + unsignedCorimComidTpmEnactTrustAKOne []byte -// automatically generated from ComidTpmEnactTrustAKMult.json -var unsignedCorimComidTpmEnactTrustAKMult = ` -a300501111111111111111111111111111111101815901cbd901faa301a1 -0050000000000000000000000000000000000281a3006a456e6163745472 -75737401d8207668747470733a2f2f656e61637474727573742e636f6d02 -8300010204a1028182a101d82550ffffffffffffffffffffffffffffffff -82d9022a78b02d2d2d2d2d424547494e205055424c4943204b45592d2d2d -2d2d0a4d466b77457759484b6f5a497a6a3043415159494b6f5a497a6a30 -4441516344516741453656777165376879334f385970612b425545544c55 -6a424e5533724558565579743958485237484a574c473758544b51643969 -316b565258654250444c466e66597275312f657578526e4a4d374839556f -46444c64413d3d0a2d2d2d2d2d454e44205055424c4943204b45592d2d2d -2d2dd9022a78b02d2d2d2d2d424547494e205055424c4943204b45592d2d -2d2d2d0a4d466b77457759484b6f5a497a6a3043415159494b6f5a497a6a -304441516344516741453656777165376879334f385970612b425545544c -556a424e5533724558565579743958485237484a574c473758544b516439 -69316b565258654250444c466e66597275312f657578526e4a4d37483955 -6f46444c64413d3d0a2d2d2d2d2d454e44205055424c4943204b45592d2d -2d2d2d0381782568747470733a2f2f656e61637474727573742e636f6d2f -7665726169736f6e2f312e302e30 -` + //go:embed test/corim/unsignedCorimMiniComidTpmEnactTrustGoldenOne.cbor + unsignedCorimComidTpmEnactTrustGoldenOne []byte -// automatically generated from ComidTpmEnactTrustBadInst.json -var unsignedCorimComidTpmEnactTrustBadInst = ` -a30050111111111111111111111111111111110181589dd901faa301a100 -50000000000000000000000000000000000281a3006a456e616374547275 -737401d8207668747470733a2f2f656e61637474727573742e636f6d0283 -00010204a1008182a101d90226582101ceebae7b8927a3227e5303cf5e0f -1f7b34bb542ad7250ac03fbcde36ec2f150881a101a10281820158208742 -8fc522803d31065e7bce3cf03fe475096631e5e07bbd7a0fde60c4cf25c7 -0381782568747470733a2f2f656e61637474727573742e636f6d2f766572 -6169736f6e2f312e302e30 -` + //go:embed test/corim/unsignedCorimMiniComidTpmEnactTrustAKMult.cbor + unsignedCorimComidTpmEnactTrustAKMult []byte -// automatically generated from ComidTpmEnactTrustNoInst.json -var unsignedCorimComidTpmEnactTrustNoInst = ` -a3005011111111111111111111111111111111018158b0d901faa301a100 -50000000000000000000000000000000000281a3006a456e616374547275 -737401d8207668747470733a2f2f656e61637474727573742e636f6d0283 -00010204a1008182a100a300d90258582061636d652d696d706c656d656e -746174696f6e2d69642d303030303030303031016441434d45026a526f61 -6452756e6e657281a101a102818201582087428fc522803d31065e7bce3c -f03fe475096631e5e07bbd7a0fde60c4cf25c70381782568747470733a2f -2f656e61637474727573742e636f6d2f7665726169736f6e2f312e302e30 -` + //go:embed test/corim/unsignedCorimMiniComidTpmEnactTrustBadInst.cbor + unsignedCorimComidTpmEnactTrustBadInst []byte -// automatically generated from ComidTpmEnactTrustMultDigest.json -var unsignedCorimComidTpmEnactTrustMultDigest = ` -a3005011111111111111111111111111111111018158aed901faa301a100 -50000000000000000000000000000000000281a3006a456e616374547275 -737401d8207668747470733a2f2f656e61637474727573742e636f6d0283 -00010204a1008182a101d82550ffffffffffffffffffffffffffffffff81 -a101a102828201582087428fc522803d31065e7bce3cf03fe475096631e5 -e07bbd7a0fde60c4cf25c78201582087428fc522803d31065e7bce3cf07f -e475096231e5e07bbd7a0fde60c4cf25c70381782568747470733a2f2f65 -6e61637474727573742e636f6d2f7665726169736f6e2f312e302e30 -` + //go:embed test/corim/unsignedCorimMiniComidTpmEnactTrustNoInst.cbor + unsignedCorimComidTpmEnactTrustNoInst []byte -// automatically generated from ComidTpmEnactTrustGoldenTwo.json -var unsignedCorimComidTpmEnactTrustGoldenTwo = ` -a3005011111111111111111111111111111111018158b3d901faa301a100 -50000000000000000000000000000000000281a3006a456e616374547275 -737401d8207668747470733a2f2f656e61637474727573742e636f6d0283 -00010204a1008182a101d82550ffffffffffffffffffffffffffffffff82 -a101a102818201582087428fc522803d31065e7bce3cf03fe475096631e5 -e07bbd7a0fde60c4cf25c7a101a10281820158200263829989b6fd954f72 -baaf2fc64bc2e2f01d692d4de72986ea808f6e99813f0381782568747470 -733a2f2f656e61637474727573742e636f6d2f7665726169736f6e2f312e -302e30 -` + //go:embed test/corim/unsignedCorimMiniComidTpmEnactTrustMultDigest.cbor + unsignedCorimComidTpmEnactTrustMultDigest []byte -// automatically generated from ComidTpmEnactTrustNoDigest.json -var unsignedCorimComidTpmEnactTrustNoDigest = ` -a30050111111111111111111111111111111110181587ed901faa301a100 -50000000000000000000000000000000000281a3006a456e616374547275 -737401d8207668747470733a2f2f656e61637474727573742e636f6d0283 -00010204a1008182a101d82550ffffffffffffffffffffffffffffffff81 -a101a2064600005e00530107502001486000002001000000000000006803 -81782568747470733a2f2f656e61637474727573742e636f6d2f76657261 -69736f6e2f312e302e30 -` + //go:embed test/corim/unsignedCorimMiniComidTpmEnactTrustGoldenTwo.cbor + unsignedCorimComidTpmEnactTrustGoldenTwo []byte -// automatically generated from ComidTpmEnactTrustAKBadInst.json -var unsignedCorimComidTpmEnactTrustAKBadInst = ` -a30050111111111111111111111111111111110181590129d901faa301a1 -0050000000000000000000000000000000000281a3006a456e6163745472 -75737401d8207668747470733a2f2f656e61637474727573742e636f6d02 -8300010204a1028182a101d90226582101ceebae7b8927a3227e5303cf5e -0f1f7b34bb542ad7250ac03fbcde36ec2f150881d9022a78b02d2d2d2d2d -424547494e205055424c4943204b45592d2d2d2d2d0a4d466b7745775948 -4b6f5a497a6a3043415159494b6f5a497a6a304441516344516741453656 -777165376879334f385970612b425545544c556a424e5533724558565579 -743958485237484a574c473758544b51643969316b565258654250444c46 -6e66597275312f657578526e4a4d374839556f46444c64413d3d0a2d2d2d -2d2d454e44205055424c4943204b45592d2d2d2d2d038178256874747073 -3a2f2f656e61637474727573742e636f6d2f7665726169736f6e2f312e30 -2e30 -` + //go:embed test/corim/unsignedCorimMiniComidTpmEnactTrustNoDigest.cbor + unsignedCorimComidTpmEnactTrustNoDigest []byte + + //go:embed test/corim/unsignedCorimMiniComidTpmEnactTrustAKBadInst.cbor + unsignedCorimComidTpmEnactTrustAKBadInst []byte +) diff --git a/vts/policymanager/policymanager.go b/vts/policymanager/policymanager.go index 9a4afc4e..7b013c4c 100644 --- a/vts/policymanager/policymanager.go +++ b/vts/policymanager/policymanager.go @@ -1,4 +1,4 @@ -// Copyright 2022-2023 Contributors to the Veraison project. +// Copyright 2022-2024 Contributors to the Veraison project. // SPDX-License-Identifier: Apache-2.0 package policymanager