From 4b5cf0d0fcae3254d13bb2981405056efda45de7 Mon Sep 17 00:00:00 2001 From: Sergei Trofimov Date: Wed, 14 Aug 2024 18:38:07 +0100 Subject: [PATCH 1/3] chore: update copyrights Update the year in copyrights inside files modified by prior commits this year. Signed-off-by: Sergei Trofimov --- auth/keycloak.go | 2 +- deployments/docker/veraison | 2 +- deployments/native/bootstrap/arch.sh | 2 ++ deployments/native/bootstrap/macosx-brew.sh | 2 ++ deployments/native/bootstrap/ubuntu.sh | 2 ++ end-to-end/end-to-end-docker | 2 +- integration-tests/utils/checkers.py | 2 +- integration-tests/utils/generators.py | 2 +- integration-tests/utils/hooks.py | 2 +- integration-tests/utils/util.py | 2 +- vts/policymanager/policymanager.go | 2 +- 11 files changed, 14 insertions(+), 8 deletions(-) diff --git a/auth/keycloak.go b/auth/keycloak.go index fe3c4179..47b7ef12 100644 --- a/auth/keycloak.go +++ b/auth/keycloak.go @@ -1,4 +1,4 @@ -// Copyright 2023 Contributors to the Veraison project. +// Copyright 2023-2024 Contributors to the Veraison project. // SPDX-License-Identifier: Apache-2.0 package auth diff --git a/deployments/docker/veraison b/deployments/docker/veraison index 44cc89bd..91a9f4da 100755 --- a/deployments/docker/veraison +++ b/deployments/docker/veraison @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright 2023 Contributors to the Veraison project. +# Copyright 2023-2024 Contributors to the Veraison project. # SPDX-License-Identifier: Apache-2.0 function status() { diff --git a/deployments/native/bootstrap/arch.sh b/deployments/native/bootstrap/arch.sh index be5d79cf..1822802d 100755 --- a/deployments/native/bootstrap/arch.sh +++ b/deployments/native/bootstrap/arch.sh @@ -1,4 +1,6 @@ #!/bin/sh +# Copyright 2024 Contributors to the Veraison project. +# SPDX-License-Identifier: Apache-2.0 sudo pacman -Syy bash findutils grep sed openssl protobuf go make gettext sqlite3 step-cli jq sudo ln -s /usr/bin/step-cli /usr/local/bin/step diff --git a/deployments/native/bootstrap/macosx-brew.sh b/deployments/native/bootstrap/macosx-brew.sh index 9d0d85ab..010fcdd2 100755 --- a/deployments/native/bootstrap/macosx-brew.sh +++ b/deployments/native/bootstrap/macosx-brew.sh @@ -1,4 +1,6 @@ #!/bin/sh +# Copyright 2024 Contributors to the Veraison project. +# SPDX-License-Identifier: Apache-2.0 set -eux set -o pipefail diff --git a/deployments/native/bootstrap/ubuntu.sh b/deployments/native/bootstrap/ubuntu.sh index 3db53c59..5a395ecf 100755 --- a/deployments/native/bootstrap/ubuntu.sh +++ b/deployments/native/bootstrap/ubuntu.sh @@ -1,4 +1,6 @@ #!/bin/sh +# Copyright 2024 Contributors to the Veraison project. +# SPDX-License-Identifier: Apache-2.0 sudo apt update sudo apt install --yes git protobuf-compiler golang-1.20 make gettext sqlite3 openssl jq diff --git a/end-to-end/end-to-end-docker b/end-to-end/end-to-end-docker index 3ea23e3b..29f4ac05 100755 --- a/end-to-end/end-to-end-docker +++ b/end-to-end/end-to-end-docker @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright 2022-2023 Contributors to the Veraison project. +# Copyright 2022-2024 Contributors to the Veraison project. # SPDX-License-Identifier: Apache-2.0 SCHEME=${SCHEME:-psa} diff --git a/integration-tests/utils/checkers.py b/integration-tests/utils/checkers.py index 1e2ced68..dcf0c61a 100644 --- a/integration-tests/utils/checkers.py +++ b/integration-tests/utils/checkers.py @@ -1,4 +1,4 @@ -# Copyright 2023 Contributors to the Veraison project. +# Copyright 2023-2024 Contributors to the Veraison project. # SPDX-License-Identifier: Apache-2.0 import os import json diff --git a/integration-tests/utils/generators.py b/integration-tests/utils/generators.py index d9575e5b..f8751abf 100644 --- a/integration-tests/utils/generators.py +++ b/integration-tests/utils/generators.py @@ -1,4 +1,4 @@ -# Copyright 2023 Contributors to the Veraison project. +# Copyright 2023-2024 Contributors to the Veraison project. # SPDX-License-Identifier: Apache-2.0 import ast import os diff --git a/integration-tests/utils/hooks.py b/integration-tests/utils/hooks.py index 2e781761..abe9bdbe 100644 --- a/integration-tests/utils/hooks.py +++ b/integration-tests/utils/hooks.py @@ -1,4 +1,4 @@ -# Copyright 2023 Contributors to the Veraison project. +# Copyright 2023-2024 Contributors to the Veraison project. # SPDX-License-Identifier: Apache-2.0 import os diff --git a/integration-tests/utils/util.py b/integration-tests/utils/util.py index 4f4cb462..d195ea49 100644 --- a/integration-tests/utils/util.py +++ b/integration-tests/utils/util.py @@ -1,4 +1,4 @@ -# Copyright 2023 Contributors to the Veraison project. +# Copyright 2023-2024 Contributors to the Veraison project. # SPDX-License-Identifier: Apache-2.0 import json import os diff --git a/vts/policymanager/policymanager.go b/vts/policymanager/policymanager.go index 9a4afc4e..7b013c4c 100644 --- a/vts/policymanager/policymanager.go +++ b/vts/policymanager/policymanager.go @@ -1,4 +1,4 @@ -// Copyright 2022-2023 Contributors to the Veraison project. +// Copyright 2022-2024 Contributors to the Veraison project. // SPDX-License-Identifier: Apache-2.0 package policymanager From a705d94a077a06a698819a89a68946dbae3c751b Mon Sep 17 00:00:00 2001 From: Sergei Trofimov Date: Wed, 14 Aug 2024 14:01:50 +0100 Subject: [PATCH 2/3] chore: update to latest CoRIM implementation Update to support the latest github.com/veraison/corim, which is (more) aligned with he latest CoRIM spec draft. The latest implementation has the following major changes: - UnsignedCorim's Profiles field (a slice of strings) has been replaced with Profile field (a single string). - Reference value can now only contain a single measurement, so multiple measurements require multiple reference values (each with its own environment). - CBOR keys for DevIdentityKeys and AttestVerifKeys have been swapped to align with the spec (this was a bug in the old implementation). As the latest github.com/veraison/corim requires Go 1.22, the required version for this code base has been bumped to that as well. Signed-off-by: Sergei Trofimov --- .github/workflows/ci-go-cover.yml | 2 +- .github/workflows/ci.yml | 2 +- .github/workflows/linters.yml | 4 +- .gitignore | 3 - Makefile | 16 ++ deployments/docker/src/builder.docker | 6 +- end-to-end/corimCcaRealm.cbor | Bin 763 -> 0 bytes go.mod | 4 +- go.sum | 7 +- .../comid-cca-platform-refval.json | 160 +++++++----- .../endorsements/comid-cca-realm-refval.json | 76 +++--- .../data/endorsements/comid-cca-refval.json | 160 +++++++----- .../endorsements/comid-enacttrust-refval.json | 14 +- .../data/endorsements/comid-psa-refval.json | 94 ++++--- .../data/endorsements/corim-cca-full.json | 6 +- .../endorsements/corim-cca-platform-full.json | 6 +- .../endorsements/corim-cca-realm-full.json | 6 +- .../endorsements/corim-enacttrust-badta.cbor | Bin 167 -> 166 bytes .../endorsements/corim-enacttrust-badta.yaml | 29 +++ .../endorsements/corim-enacttrust-mini.json | 4 +- .../data/endorsements/corim-psa-full.json | 4 +- .../data/endorsements/corim-psa-mini.json | 4 +- .../tests/test_enacttrust_badkey.tavern.yaml | 2 +- mk/cmd.mk | 2 +- scheme/arm-cca/corim_extractor.go | 8 +- scheme/arm-cca/endorsement_handler_test.go | 45 ++-- .../test/corim/ComidCcaRefValFour.json | 93 ------- .../arm-cca/test/corim/build-test-vectors.sh | 91 +++---- scheme/arm-cca/test/corim/comidCcaRealm.json | 79 ------ .../test/corim/comidCcaRealmInvalidClass.json | 79 ------ .../corim/comidCcaRealmInvalidInstance.json | 75 ------ .../test/corim/comidCcaRealmNoClass.json | 68 ----- .../test/corim/comidCcaRealmNoInstance.json | 71 ------ .../arm-cca/test/corim/src/comidCcaRealm.json | 77 ++++++ .../corim/src/comidCcaRealmInvalidClass.json | 77 ++++++ .../src/comidCcaRealmInvalidInstance.json | 73 ++++++ .../test/corim/src/comidCcaRealmNoClass.json | 66 +++++ .../corim/src/comidCcaRealmNoInstance.json | 69 +++++ .../test/corim/src/comidCcaRefValFour.json | 127 +++++++++ .../comidCcaRefValOne.json} | 22 +- .../test/corim/{ => src}/corimCca.json | 4 +- .../test/corim/src/corimCcaNoProfile.json | 22 ++ .../test/corim/{ => src}/corimCcaRealm.json | 4 +- .../unsignedCorimCcaComidCcaRefValFour.cbor | Bin 0 -> 847 bytes .../unsignedCorimCcaComidCcaRefValOne.cbor | Bin 0 -> 386 bytes ...edCorimCcaNoProfileComidCcaRefValFour.cbor | Bin 0 -> 820 bytes ...nedCorimCcaNoProfileComidCcaRefValOne.cbor | Bin 0 -> 359 bytes .../unsignedCorimCcaRealmComidCcaRealm.cbor | Bin 0 -> 665 bytes ...orimCcaRealmComidCcaRealmInvalidClass.cbor | Bin 0 -> 668 bytes ...mCcaRealmComidCcaRealmInvalidInstance.cbor | Bin 0 -> 580 bytes ...gnedCorimCcaRealmComidCcaRealmNoClass.cbor | Bin 0 -> 552 bytes ...dCorimCcaRealmComidCcaRealmNoInstance.cbor | Bin 0 -> 541 bytes scheme/arm-cca/test_vectors.go | 233 ++--------------- .../common/cca/platform/cca_ssd_extractor.go | 56 ++-- scheme/common/cca/realm/realm_extractor.go | 52 ++-- scheme/common/iextractor.go | 4 +- scheme/common/scripts/gen-corim | 21 ++ scheme/common/unsignedcorim_decoder.go | 39 ++- scheme/parsec-cca/corim_test_vectors.go | 59 +---- scheme/parsec-cca/endorsement_handler_test.go | 6 +- scheme/parsec-cca/parsec_cca_extractor.go | 8 +- .../test/corim/ComidParsecCcaMultRefVal.json | 108 -------- scheme/parsec-cca/test/corim/Makefile | 10 - .../test/corim/build-test-vectors.sh | 40 +-- .../corim/src/ComidParsecCcaMultRefVal.json | 154 +++++++++++ .../{ => src}/ComidParsecCcaRefValOne.json | 24 +- .../test/corim/{ => src}/corimParsecCca.json | 6 +- ...orimParsecCcaComidParsecCcaMultRefVal.cbor | Bin 0 -> 1026 bytes ...CorimParsecCcaComidParsecCcaRefValOne.cbor | Bin 0 -> 407 bytes scheme/parsec-tpm/corim_extractor.go | 29 ++- scheme/parsec-tpm/corim_test_vectors.go | 234 ++--------------- scheme/parsec-tpm/endorsement_handler_test.go | 17 +- .../test/corim/ComidParsecTpmPcrsGood.json | 56 ---- .../test/corim/ComidParsecTpmPcrsNoClass.json | 54 ---- .../test/corim/ComidParsecTpmPcrsNoPCR.json | 48 ---- .../ComidParsecTpmPcrsUnknownPCRType.json | 56 ---- scheme/parsec-tpm/test/corim/Makefile | 10 - .../test/corim/build-test-vectors.sh | 65 ++--- scheme/parsec-tpm/test/corim/corimMini.json | 6 - .../{ => src}/ComidParsecTpmKeyGood.json | 0 .../{ => src}/ComidParsecTpmKeyManyKeys.json | 0 .../{ => src}/ComidParsecTpmKeyNoClass.json | 0 .../{ => src}/ComidParsecTpmKeyNoClassId.json | 0 .../ComidParsecTpmKeyNoInstance.json | 0 .../ComidParsecTpmKeyUnknownClassIdType.json | 0 .../ComidParsecTpmKeyUnknownInstanceType.json | 0 .../corim/src/ComidParsecTpmPcrsGood.json | 64 +++++ .../corim/src/ComidParsecTpmPcrsNoClass.json | 60 +++++ .../ComidParsecTpmPcrsNoDigests.json | 20 +- .../corim/src/ComidParsecTpmPcrsNoPCR.json | 56 ++++ .../src/ComidParsecTpmPcrsUnknownPCRType.json | 64 +++++ .../parsec-tpm/test/corim/src/corimMini.json | 4 + ...nsignedCorimMiniComidParsecTpmKeyGood.cbor | Bin 0 -> 398 bytes ...nedCorimMiniComidParsecTpmKeyManyKeys.cbor | Bin 0 -> 579 bytes ...gnedCorimMiniComidParsecTpmKeyNoClass.cbor | Bin 0 -> 376 bytes ...edCorimMiniComidParsecTpmKeyNoClassId.cbor | Bin 0 -> 389 bytes ...dCorimMiniComidParsecTpmKeyNoInstance.cbor | Bin 0 -> 359 bytes ...niComidParsecTpmKeyUnknownClassIdType.cbor | Bin 0 -> 385 bytes ...iComidParsecTpmKeyUnknownInstanceType.cbor | Bin 0 -> 379 bytes ...signedCorimMiniComidParsecTpmPcrsGood.cbor | Bin 0 -> 391 bytes ...nedCorimMiniComidParsecTpmPcrsNoClass.cbor | Bin 0 -> 425 bytes ...dCorimMiniComidParsecTpmPcrsNoDigests.cbor | Bin 0 -> 187 bytes ...ignedCorimMiniComidParsecTpmPcrsNoPCR.cbor | Bin 0 -> 387 bytes ...mMiniComidParsecTpmPcrsUnknownPCRType.cbor | Bin 0 -> 427 bytes scheme/psa-iot/corim_extractor.go | 57 +++-- scheme/psa-iot/endorsement_handler_test.go | 19 +- scheme/psa-iot/test/ComidPsaRefValThree.json | 81 ------ scheme/psa-iot/test/build-test-vectors.sh | 53 ---- .../psa-iot/test/corim/build-test-vectors.sh | 32 +++ .../src}/ComidPsaIakPubNoImplID.json | 0 .../{ => corim/src}/ComidPsaIakPubNoUeID.json | 0 .../{ => corim/src}/ComidPsaIakPubOne.json | 0 .../{ => corim/src}/ComidPsaIakPubTwo.json | 0 .../test/{ => corim/src}/ComidPsaMultIak.json | 0 .../src}/ComidPsaRefValMultDigest.json | 28 +- .../src}/ComidPsaRefValNoImplID.json | 26 +- .../{ => corim/src}/ComidPsaRefValNoMkey.json | 32 ++- .../{ => corim/src}/ComidPsaRefValOne.json | 26 +- .../src}/ComidPsaRefValOnlyMandIDAttr.json | 22 +- .../test/corim/src/ComidPsaRefValThree.json | 103 ++++++++ .../test/{ => corim/src}/corimMini.json | 4 +- ...signedCorimCorimMiniComidPsaIakPubOne.cbor | Bin 0 -> 383 bytes ...signedCorimCorimMiniComidPsaIakPubTwo.cbor | Bin 0 -> 664 bytes ...signedCorimMiniComidPsaIakPubNoImplID.cbor | Bin 0 -> 383 bytes ...unsignedCorimMiniComidPsaIakPubNoUeID.cbor | Bin 0 -> 371 bytes .../unsignedCorimMiniComidPsaIakPubOne.cbor | Bin 0 -> 410 bytes .../unsignedCorimMiniComidPsaIakPubTwo.cbor | Bin 0 -> 691 bytes .../unsignedCorimMiniComidPsaMultIak.cbor | Bin 0 -> 591 bytes ...gnedCorimMiniComidPsaRefValMultDigest.cbor | Bin 0 -> 317 bytes ...signedCorimMiniComidPsaRefValNoImplID.cbor | Bin 0 -> 253 bytes ...unsignedCorimMiniComidPsaRefValNoMkey.cbor | Bin 0 -> 234 bytes .../unsignedCorimMiniComidPsaRefValOne.cbor | Bin 0 -> 280 bytes ...CorimMiniComidPsaRefValOnlyMandIDAttr.cbor | Bin 0 -> 269 bytes .../unsignedCorimMiniComidPsaRefValThree.cbor | Bin 0 -> 589 bytes scheme/psa-iot/test_vectors.go | 240 +++--------------- .../endorsement_handler_test.go | 19 +- scheme/tpm-enacttrust/extractor.go | 16 +- .../test/ComidTpmEnactTrustGoldenTwo.json | 44 ---- .../tpm-enacttrust/test/build-test-vectors.sh | 34 --- .../test/corim/build-test-vectors.sh | 30 +++ .../src}/ComidTpmEnactTrustAKBadInst.json | 0 .../src}/ComidTpmEnactTrustAKMult.json | 2 +- .../src}/ComidTpmEnactTrustAKOne.json | 2 +- .../src}/ComidTpmEnactTrustBadInst.json | 14 +- .../src}/ComidTpmEnactTrustGoldenOne.json | 16 +- .../src/ComidTpmEnactTrustGoldenTwo.json | 50 ++++ .../src}/ComidTpmEnactTrustMultDigest.json | 18 +- .../src}/ComidTpmEnactTrustNoDigest.json | 14 +- .../src}/ComidTpmEnactTrustNoInst.json | 14 +- .../test/corim/src/corimMini.json | 4 + ...dCorimMiniComidTpmEnactTrustAKBadInst.cbor | Bin 0 -> 361 bytes ...gnedCorimMiniComidTpmEnactTrustAKMult.cbor | Bin 0 -> 523 bytes ...ignedCorimMiniComidTpmEnactTrustAKOne.cbor | Bin 0 -> 342 bytes ...nedCorimMiniComidTpmEnactTrustBadInst.cbor | Bin 0 -> 219 bytes ...dCorimMiniComidTpmEnactTrustGoldenOne.cbor | Bin 0 -> 200 bytes ...dCorimMiniComidTpmEnactTrustGoldenTwo.cbor | Bin 0 -> 263 bytes ...CorimMiniComidTpmEnactTrustMultDigest.cbor | Bin 0 -> 236 bytes ...edCorimMiniComidTpmEnactTrustNoDigest.cbor | Bin 0 -> 188 bytes ...gnedCorimMiniComidTpmEnactTrustNoInst.cbor | Bin 0 -> 238 bytes scheme/tpm-enacttrust/test/corimMini.json | 6 - scheme/tpm-enacttrust/test_vectors.go | 139 ++-------- 161 files changed, 2052 insertions(+), 2517 deletions(-) delete mode 100644 end-to-end/corimCcaRealm.cbor create mode 100644 integration-tests/data/endorsements/corim-enacttrust-badta.yaml delete mode 100644 scheme/arm-cca/test/corim/ComidCcaRefValFour.json delete mode 100644 scheme/arm-cca/test/corim/comidCcaRealm.json delete mode 100644 scheme/arm-cca/test/corim/comidCcaRealmInvalidClass.json delete mode 100644 scheme/arm-cca/test/corim/comidCcaRealmInvalidInstance.json delete mode 100644 scheme/arm-cca/test/corim/comidCcaRealmNoClass.json delete mode 100644 scheme/arm-cca/test/corim/comidCcaRealmNoInstance.json create mode 100644 scheme/arm-cca/test/corim/src/comidCcaRealm.json create mode 100644 scheme/arm-cca/test/corim/src/comidCcaRealmInvalidClass.json create mode 100644 scheme/arm-cca/test/corim/src/comidCcaRealmInvalidInstance.json create mode 100644 scheme/arm-cca/test/corim/src/comidCcaRealmNoClass.json create mode 100644 scheme/arm-cca/test/corim/src/comidCcaRealmNoInstance.json create mode 100644 scheme/arm-cca/test/corim/src/comidCcaRefValFour.json rename scheme/arm-cca/test/corim/{ComidCcaRefValOne.json => src/comidCcaRefValOne.json} (69%) rename scheme/arm-cca/test/corim/{ => src}/corimCca.json (90%) create mode 100644 scheme/arm-cca/test/corim/src/corimCcaNoProfile.json rename scheme/arm-cca/test/corim/{ => src}/corimCcaRealm.json (84%) create mode 100644 scheme/arm-cca/test/corim/unsignedCorimCcaComidCcaRefValFour.cbor create mode 100644 scheme/arm-cca/test/corim/unsignedCorimCcaComidCcaRefValOne.cbor create mode 100644 scheme/arm-cca/test/corim/unsignedCorimCcaNoProfileComidCcaRefValFour.cbor create mode 100644 scheme/arm-cca/test/corim/unsignedCorimCcaNoProfileComidCcaRefValOne.cbor create mode 100644 scheme/arm-cca/test/corim/unsignedCorimCcaRealmComidCcaRealm.cbor create mode 100644 scheme/arm-cca/test/corim/unsignedCorimCcaRealmComidCcaRealmInvalidClass.cbor create mode 100644 scheme/arm-cca/test/corim/unsignedCorimCcaRealmComidCcaRealmInvalidInstance.cbor create mode 100644 scheme/arm-cca/test/corim/unsignedCorimCcaRealmComidCcaRealmNoClass.cbor create mode 100644 scheme/arm-cca/test/corim/unsignedCorimCcaRealmComidCcaRealmNoInstance.cbor create mode 100755 scheme/common/scripts/gen-corim delete mode 100644 scheme/parsec-cca/test/corim/ComidParsecCcaMultRefVal.json delete mode 100644 scheme/parsec-cca/test/corim/Makefile create mode 100644 scheme/parsec-cca/test/corim/src/ComidParsecCcaMultRefVal.json rename scheme/parsec-cca/test/corim/{ => src}/ComidParsecCcaRefValOne.json (67%) rename scheme/parsec-cca/test/corim/{ => src}/corimParsecCca.json (86%) create mode 100644 scheme/parsec-cca/test/corim/unsignedCorimParsecCcaComidParsecCcaMultRefVal.cbor create mode 100644 scheme/parsec-cca/test/corim/unsignedCorimParsecCcaComidParsecCcaRefValOne.cbor delete mode 100644 scheme/parsec-tpm/test/corim/ComidParsecTpmPcrsGood.json delete mode 100644 scheme/parsec-tpm/test/corim/ComidParsecTpmPcrsNoClass.json delete mode 100644 scheme/parsec-tpm/test/corim/ComidParsecTpmPcrsNoPCR.json delete mode 100644 scheme/parsec-tpm/test/corim/ComidParsecTpmPcrsUnknownPCRType.json delete mode 100644 scheme/parsec-tpm/test/corim/Makefile delete mode 100644 scheme/parsec-tpm/test/corim/corimMini.json rename scheme/parsec-tpm/test/corim/{ => src}/ComidParsecTpmKeyGood.json (100%) rename scheme/parsec-tpm/test/corim/{ => src}/ComidParsecTpmKeyManyKeys.json (100%) rename scheme/parsec-tpm/test/corim/{ => src}/ComidParsecTpmKeyNoClass.json (100%) rename scheme/parsec-tpm/test/corim/{ => src}/ComidParsecTpmKeyNoClassId.json (100%) rename scheme/parsec-tpm/test/corim/{ => src}/ComidParsecTpmKeyNoInstance.json (100%) rename scheme/parsec-tpm/test/corim/{ => src}/ComidParsecTpmKeyUnknownClassIdType.json (100%) rename scheme/parsec-tpm/test/corim/{ => src}/ComidParsecTpmKeyUnknownInstanceType.json (100%) create mode 100644 scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsGood.json create mode 100644 scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsNoClass.json rename scheme/parsec-tpm/test/corim/{ => src}/ComidParsecTpmPcrsNoDigests.json (71%) create mode 100644 scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsNoPCR.json create mode 100644 scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsUnknownPCRType.json create mode 100644 scheme/parsec-tpm/test/corim/src/corimMini.json create mode 100644 scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyGood.cbor create mode 100644 scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyManyKeys.cbor create mode 100644 scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyNoClass.cbor create mode 100644 scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyNoClassId.cbor create mode 100644 scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyNoInstance.cbor create mode 100644 scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyUnknownClassIdType.cbor create mode 100644 scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyUnknownInstanceType.cbor create mode 100644 scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsGood.cbor create mode 100644 scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsNoClass.cbor create mode 100644 scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsNoDigests.cbor create mode 100644 scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsNoPCR.cbor create mode 100644 scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsUnknownPCRType.cbor delete mode 100644 scheme/psa-iot/test/ComidPsaRefValThree.json delete mode 100755 scheme/psa-iot/test/build-test-vectors.sh create mode 100755 scheme/psa-iot/test/corim/build-test-vectors.sh rename scheme/psa-iot/test/{ => corim/src}/ComidPsaIakPubNoImplID.json (100%) rename scheme/psa-iot/test/{ => corim/src}/ComidPsaIakPubNoUeID.json (100%) rename scheme/psa-iot/test/{ => corim/src}/ComidPsaIakPubOne.json (100%) rename scheme/psa-iot/test/{ => corim/src}/ComidPsaIakPubTwo.json (100%) rename scheme/psa-iot/test/{ => corim/src}/ComidPsaMultIak.json (100%) rename scheme/psa-iot/test/{ => corim/src}/ComidPsaRefValMultDigest.json (58%) rename scheme/psa-iot/test/{ => corim/src}/ComidPsaRefValNoImplID.json (62%) rename scheme/psa-iot/test/{ => corim/src}/ComidPsaRefValNoMkey.json (60%) rename scheme/psa-iot/test/{ => corim/src}/ComidPsaRefValOne.json (62%) rename scheme/psa-iot/test/{ => corim/src}/ComidPsaRefValOnlyMandIDAttr.json (66%) create mode 100644 scheme/psa-iot/test/corim/src/ComidPsaRefValThree.json rename scheme/psa-iot/test/{ => corim/src}/corimMini.json (53%) create mode 100644 scheme/psa-iot/test/corim/unsignedCorimCorimMiniComidPsaIakPubOne.cbor create mode 100644 scheme/psa-iot/test/corim/unsignedCorimCorimMiniComidPsaIakPubTwo.cbor create mode 100644 scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaIakPubNoImplID.cbor create mode 100644 scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaIakPubNoUeID.cbor create mode 100644 scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaIakPubOne.cbor create mode 100644 scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaIakPubTwo.cbor create mode 100644 scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaMultIak.cbor create mode 100644 scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaRefValMultDigest.cbor create mode 100644 scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaRefValNoImplID.cbor create mode 100644 scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaRefValNoMkey.cbor create mode 100644 scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaRefValOne.cbor create mode 100644 scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaRefValOnlyMandIDAttr.cbor create mode 100644 scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaRefValThree.cbor delete mode 100644 scheme/tpm-enacttrust/test/ComidTpmEnactTrustGoldenTwo.json delete mode 100755 scheme/tpm-enacttrust/test/build-test-vectors.sh create mode 100755 scheme/tpm-enacttrust/test/corim/build-test-vectors.sh rename scheme/tpm-enacttrust/test/{ => corim/src}/ComidTpmEnactTrustAKBadInst.json (100%) rename scheme/tpm-enacttrust/test/{ => corim/src}/ComidTpmEnactTrustAKMult.json (94%) rename scheme/tpm-enacttrust/test/{ => corim/src}/ComidTpmEnactTrustAKOne.json (92%) rename scheme/tpm-enacttrust/test/{ => corim/src}/ComidTpmEnactTrustBadInst.json (72%) rename scheme/tpm-enacttrust/test/{ => corim/src}/ComidTpmEnactTrustGoldenOne.json (63%) create mode 100644 scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustGoldenTwo.json rename scheme/tpm-enacttrust/test/{ => corim/src}/ComidTpmEnactTrustMultDigest.json (57%) rename scheme/tpm-enacttrust/test/{ => corim/src}/ComidTpmEnactTrustNoDigest.json (66%) rename scheme/tpm-enacttrust/test/{ => corim/src}/ComidTpmEnactTrustNoInst.json (75%) create mode 100644 scheme/tpm-enacttrust/test/corim/src/corimMini.json create mode 100644 scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustAKBadInst.cbor create mode 100644 scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustAKMult.cbor create mode 100644 scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustAKOne.cbor create mode 100644 scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustBadInst.cbor create mode 100644 scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustGoldenOne.cbor create mode 100644 scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustGoldenTwo.cbor create mode 100644 scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustMultDigest.cbor create mode 100644 scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustNoDigest.cbor create mode 100644 scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustNoInst.cbor delete mode 100644 scheme/tpm-enacttrust/test/corimMini.json diff --git a/.github/workflows/ci-go-cover.yml b/.github/workflows/ci-go-cover.yml index dd2be893..a47d118e 100644 --- a/.github/workflows/ci-go-cover.yml +++ b/.github/workflows/ci-go-cover.yml @@ -25,7 +25,7 @@ jobs: steps: - uses: actions/setup-go@v3 with: - go-version: "1.19" + go-version: "1.22" - name: Checkout code uses: actions/checkout@v2 - name: Install mockgen diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f8c9368b..977bac70 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,7 +12,7 @@ jobs: steps: - uses: actions/setup-go@v3 with: - go-version: "1.19" + go-version: "1.22" - name: Checkout code uses: actions/checkout@v2 - name: Install mockgen diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml index d207709b..c223b2ce 100644 --- a/.github/workflows/linters.yml +++ b/.github/workflows/linters.yml @@ -10,7 +10,7 @@ jobs: steps: - uses: actions/setup-go@v3 with: - go-version: "1.19" + go-version: "1.22" - name: Checkout code uses: actions/checkout@v2 - name: Install mockgen @@ -25,7 +25,7 @@ jobs: - name: Install golangci-lint run: | go version - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.51.1 + curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.54.2 - name: Install Protoc uses: arduino/setup-protoc@v1 with: diff --git a/.gitignore b/.gitignore index e0e86a1b..cbea534e 100644 --- a/.gitignore +++ b/.gitignore @@ -35,6 +35,3 @@ management/cmd/management-service/management-service tags .ipynb_checkpoints - -# generated by build-test-vector scripts -scheme/**/*Comid*.cbor diff --git a/Makefile b/Makefile index 41e38be9..df5de666 100644 --- a/Makefile +++ b/Makefile @@ -29,6 +29,22 @@ IGNORE_COVERAGE += github.com/veraison/services/plugin/test # There is protobuf-generated stuff here, which skews coverage. IGNORE_COVERAGE += github.com/veraison/services/handler +# Go 1.22 started reporting subpackages without any tests as having 0.0% +# coverage. Previous version of go ignored them. +# See: https://go-review.googlesource.com/c/go/+/495447 +IGNORE_COVERAGE += github.com/veraison/services/builtin +IGNORE_COVERAGE += github.com/veraison/services/management/api +IGNORE_COVERAGE += github.com/veraison/services/management/cmd/management-service +IGNORE_COVERAGE += github.com/veraison/services/provisioning/cmd/provisioning-service +IGNORE_COVERAGE += github.com/veraison/services/provisioning/provisioner +IGNORE_COVERAGE += github.com/veraison/services/scheme/common +IGNORE_COVERAGE += github.com/veraison/services/scheme/common/arm +IGNORE_COVERAGE += github.com/veraison/services/verification/cmd/verification-service +IGNORE_COVERAGE += github.com/veraison/services/verification/verifier +IGNORE_COVERAGE += github.com/veraison/services/vts/cmd/vts-service +IGNORE_COVERAGE += github.com/veraison/services/vts/trustedservices +IGNORE_COVERAGE += github.com/veraison/services/vtsclient + include mk/cover.mk define __MAKEFILE_HELP diff --git a/deployments/docker/src/builder.docker b/deployments/docker/src/builder.docker index d6bc3100..7e5919f7 100644 --- a/deployments/docker/src/builder.docker +++ b/deployments/docker/src/builder.docker @@ -1,6 +1,6 @@ # Go version that will be used to build the project. Due to the use of generics -# within the project, it must be at least 1.19. -ARG GO_VERSION=1.19 +# within the project, it must be at least 1.22. +ARG GO_VERSION=1.22 FROM golang:${GO_VERSION} AS veraison-builder @@ -60,7 +60,7 @@ RUN go mod download &&\ go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.26 &&\ go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.1 &&\ go install github.com/mitchellh/protoc-gen-go-json@v1.1.0 &&\ - go install github.com/veraison/corim/cocli@latest &&\ + go install github.com/veraison/corim/cocli@be7ec482 &&\ go install github.com/veraison/evcli/v2@latest &&\ go install github.com/veraison/pocli@latest &&\ go install github.com/go-delve/delve/cmd/dlv@v1.22.1 diff --git a/end-to-end/corimCcaRealm.cbor b/end-to-end/corimCcaRealm.cbor deleted file mode 100644 index 7b796c45be8854239c9689f4e8b0b3a5166f9955..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 763 zcmZ3=5D*jo;)~l^C+UeNInGahX!D1$F_LM@O~zkK7*bR7blsg87cvAm?|xjbm*{Q0 z?sD+?k51iUOpS{fO2YGtvUBniQxu$YGE?(P6nsij^cZg_RLEtNloS+O>Fbw66(ob@ z^-?Pma|?1(nVK0GnOGJwG&U__Sj2EcHQ=l~U#QwoH{P8$zW;q#SW&}RjKyTen@k1~ z4$c&U#)XWFSimMZx=;rBmL?Zv<~BBQQ0}OdqSRais+nX+HIs~}W|A>gOk!@VkOCzw zV9H7?%GFEG&(%*(PSh_-P0Y#FH)L7Fa8N4ooCgErL8;7;^afU763ujU_H~7&%bdjI L+*EiXY-9ug5K-yL diff --git a/go.mod b/go.mod index 7c5ea531..cbc423ac 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/veraison/services -go 1.19 +go 1.22 require ( github.com/DATA-DOG/go-sqlmock v1.5.0 @@ -30,7 +30,7 @@ require ( github.com/tbaehler/gin-keycloak v1.6.1 github.com/veraison/ccatoken v1.1.0 github.com/veraison/cmw v0.1.0 - github.com/veraison/corim v1.1.3-0.20240615102753-72283bb916a0 + github.com/veraison/corim v1.1.3-0.20240814105452-be7ec4829479 github.com/veraison/dice v0.0.1 github.com/veraison/ear v1.1.2 github.com/veraison/eat v0.0.0-20220117140849-ddaf59d69f53 diff --git a/go.sum b/go.sum index 6d36eee5..33885b11 100644 --- a/go.sum +++ b/go.sum @@ -691,6 +691,7 @@ github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZo github.com/aws/aws-sdk-go v1.43.16/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= +github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= @@ -982,6 +983,7 @@ github.com/foxcpp/go-mockdns v0.0.0-20210729171921-fb145fc6f897 h1:E52jfcE64UG42 github.com/foxcpp/go-mockdns v0.0.0-20210729171921-fb145fc6f897/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= +github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI= @@ -1285,6 +1287,7 @@ github.com/j-keck/arping v1.0.2/go.mod h1:aJbELhR92bSk7tp79AWM/ftfc90EfEi2bQJrbB github.com/jellydator/ttlcache/v3 v3.0.0 h1:zmFhqrB/4sKiEiJHhtseJsNRE32IMVmJSs4++4gaQO4= github.com/jellydator/ttlcache/v3 v3.0.0/go.mod h1:WwTaEmcXQ3MTjOm4bsZoDFiCu/hMvNWLO1w67RXz6h4= github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE= +github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74= github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= @@ -1712,8 +1715,8 @@ github.com/veraison/ccatoken v1.1.0 h1:U0Z5fOQRsdz3ksvvxVzTITczo+kfRxIlkWahJNP6I github.com/veraison/ccatoken v1.1.0/go.mod h1:qh/KBwsrhPyGJqttlh8PU56wt1rPkUCX9A3ZAA/53Nc= github.com/veraison/cmw v0.1.0 h1:vD6tBlGPROCW/HlDcG1jh+XUJi5ihrjXatKZBjrv8mU= github.com/veraison/cmw v0.1.0/go.mod h1:WoBrlgByc6C1FeHhdze1/bQx1kv5d1sWKO5ezEf4Hs4= -github.com/veraison/corim v1.1.3-0.20240615102753-72283bb916a0 h1:FgWzsb/wUxeeKZ3Dd3NOTnwHBJ397EPNiF3o3ZJ/64o= -github.com/veraison/corim v1.1.3-0.20240615102753-72283bb916a0/go.mod h1:KB6TVcLcz1QppfzoyIesUMfdYodI/ndg7bqBdtqgc90= +github.com/veraison/corim v1.1.3-0.20240814105452-be7ec4829479 h1:dcKW+Nugh2Cs/ihz6xAmmTfi4v5flaLTg6MiZ8gN3N8= +github.com/veraison/corim v1.1.3-0.20240814105452-be7ec4829479/go.mod h1:sYmwruIqD5+83OcvMg6WUDTTWq8AWM6QbVQhbE9VFQM= github.com/veraison/dice v0.0.1 h1:dOm7ByDN/r4WlDsGkEUXzdPMXgTvAPTAksQ8+BwBrD4= github.com/veraison/dice v0.0.1/go.mod h1:QPMLc5LVMj08VZ+HNMYk4XxWoVYGAUBVm8Rd5V1hzxs= github.com/veraison/ear v1.1.2 h1:Xs41FqAG8IyJaceqNFcX2+nf51Et1uyhmCJV8SZqw/8= diff --git a/integration-tests/data/endorsements/comid-cca-platform-refval.json b/integration-tests/data/endorsements/comid-cca-platform-refval.json index afc94afb..08c70be4 100644 --- a/integration-tests/data/endorsements/comid-cca-platform-refval.json +++ b/integration-tests/data/endorsements/comid-cca-platform-refval.json @@ -28,81 +28,127 @@ "model": "RoadRunner" } }, - "measurements": [ - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "3.4.2", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } - }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] + "label": "BL", + "version": "3.4.2", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" } }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M1", - "version": "1.2.0", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } + "value": { + "digests": [ + "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] + "label": "M1", + "version": "1.2.0", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" } }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M2", - "version": "1.2.3", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } + "value": { + "digests": [ + "sha-256:CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] + "label": "M2", + "version": "1.2.3", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" } }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M3", - "version": "1.0.0", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } + "value": { + "digests": [ + "sha-256:DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] + "label": "M3", + "version": "1.0.0", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" } }, - { - "key": { - "type": "cca.platform-config-id", - "value": "cfg v1.0.0" + "value": { + "digests": [ + "sha-256:EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" }, - "value": { - "raw-value": { - "type": "bytes", - "value": "AQID" - } + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "cca.platform-config-id", + "value": "cfg v1.0.0" + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "AQID" } } - ] + } } ] } - } \ No newline at end of file + } diff --git a/integration-tests/data/endorsements/comid-cca-realm-refval.json b/integration-tests/data/endorsements/comid-cca-realm-refval.json index 16697f55..fa81d86b 100644 --- a/integration-tests/data/endorsements/comid-cca-realm-refval.json +++ b/integration-tests/data/endorsements/comid-cca-realm-refval.json @@ -31,49 +31,47 @@ "value": "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" } }, - "measurements": [ - { - "value": { - "raw-value": { - "type": "bytes", - "value": "QURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBRA==" + "measurement": { + "value": { + "raw-value": { + "type": "bytes", + "value": "QURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBRA==" + }, + "integrity-registers": { + "rim": { + "key-type": "text", + "value": [ + "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + }, + "rem0": { + "key-type": "text", + "value": [ + "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + }, + "rem1": { + "key-type": "text", + "value": [ + "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + }, + "rem2": { + "key-type": "text", + "value": [ + "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] }, - "integrity-registers": { - "rim": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - }, - "rem0": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - }, - "rem1": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - }, - "rem2": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - }, - "rem3": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - } + "rem3": { + "key-type": "text", + "value": [ + "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] } } } - ] + } } ] } -} \ No newline at end of file +} diff --git a/integration-tests/data/endorsements/comid-cca-refval.json b/integration-tests/data/endorsements/comid-cca-refval.json index 7a03aeea..86e78be6 100644 --- a/integration-tests/data/endorsements/comid-cca-refval.json +++ b/integration-tests/data/endorsements/comid-cca-refval.json @@ -28,81 +28,127 @@ "model": "RoadRunner" } }, - "measurements": [ - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "3.4.2", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } - }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] + "label": "BL", + "version": "3.4.2", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" } }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M1", - "version": "1.2.0", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } + "value": { + "digests": [ + "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] + "label": "M1", + "version": "1.2.0", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" } }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M2", - "version": "1.2.3", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } + "value": { + "digests": [ + "sha-256:CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] + "label": "M2", + "version": "1.2.3", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" } }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M3", - "version": "1.0.0", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } + "value": { + "digests": [ + "sha-256:DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] + "label": "M3", + "version": "1.0.0", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" } }, - { - "key": { - "type": "cca.platform-config-id", - "value": "cfg v1.0.0" + "value": { + "digests": [ + "sha-256:EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" }, - "value": { - "raw-value": { - "type": "bytes", - "value": "AQID" - } + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "cca.platform-config-id", + "value": "cfg v1.0.0" + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "AQID" } } - ] + } } ] } -} \ No newline at end of file +} diff --git a/integration-tests/data/endorsements/comid-enacttrust-refval.json b/integration-tests/data/endorsements/comid-enacttrust-refval.json index 3b4c4ae6..f4aa0e5b 100644 --- a/integration-tests/data/endorsements/comid-enacttrust-refval.json +++ b/integration-tests/data/endorsements/comid-enacttrust-refval.json @@ -22,15 +22,13 @@ "value": "7df7714e-aa04-4638-bcbf-434b1dd720f1" } }, - "measurements": [ - { - "value": { - "digests": [ - "sha-256;h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" - ] - } + "measurement": { + "value": { + "digests": [ + "sha-256;h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" + ] } - ] + } } ] } diff --git a/integration-tests/data/endorsements/comid-psa-refval.json b/integration-tests/data/endorsements/comid-psa-refval.json index 8fd66fbc..41a1f2ec 100644 --- a/integration-tests/data/endorsements/comid-psa-refval.json +++ b/integration-tests/data/endorsements/comid-psa-refval.json @@ -28,53 +28,75 @@ "model": "RoadRunner" } }, - "measurements": [ - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "2.1.0", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } - }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" - ] + "label": "BL", + "version": "2.1.0", + "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" } }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "PRoT", - "version": "1.3.5", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } + "value": { + "digests": [ + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:AmOCmYm2/ZVPcrqvL8ZLwuLwHWktTecphuqAj26ZgT8=" - ] + "label": "PRoT", + "version": "1.3.5", + "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" } }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "ARoT", - "version": "0.1.4", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } + "value": { + "digests": [ + "sha-256:AmOCmYm2/ZVPcrqvL8ZLwuLwHWktTecphuqAj26ZgT8=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:o6XnFfDMV0pzw/m+u2vCTzL/1bZ7OHJEwskJ2neaFHg=" - ] + "label": "ARoT", + "version": "0.1.4", + "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" } + }, + "value": { + "digests": [ + "sha-256:o6XnFfDMV0pzw/m+u2vCTzL/1bZ7OHJEwskJ2neaFHg=" + ] } - ] + } } ] } diff --git a/integration-tests/data/endorsements/corim-cca-full.json b/integration-tests/data/endorsements/corim-cca-full.json index fb28d9ba..59e536d5 100644 --- a/integration-tests/data/endorsements/corim-cca-full.json +++ b/integration-tests/data/endorsements/corim-cca-full.json @@ -1,8 +1,6 @@ { "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc", - "profiles": [ - "http://arm.com/cca/ssd/1" - ], + "profile": "http://arm.com/cca/ssd/1", "validity": { "not-before": "2021-12-31T00:00:00Z", "not-after": "2025-12-31T00:00:00Z" @@ -16,4 +14,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/integration-tests/data/endorsements/corim-cca-platform-full.json b/integration-tests/data/endorsements/corim-cca-platform-full.json index fcba13aa..3147f677 100644 --- a/integration-tests/data/endorsements/corim-cca-platform-full.json +++ b/integration-tests/data/endorsements/corim-cca-platform-full.json @@ -1,8 +1,6 @@ { "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc", - "profiles": [ - "http://arm.com/cca/ssd/1" - ], + "profile": "http://arm.com/cca/ssd/1", "validity": { "not-before": "2021-12-31T00:00:00Z", "not-after": "2025-12-31T00:00:00Z" @@ -16,4 +14,4 @@ ] } ] - } \ No newline at end of file + } diff --git a/integration-tests/data/endorsements/corim-cca-realm-full.json b/integration-tests/data/endorsements/corim-cca-realm-full.json index 030554bf..d57492bd 100644 --- a/integration-tests/data/endorsements/corim-cca-realm-full.json +++ b/integration-tests/data/endorsements/corim-cca-realm-full.json @@ -1,8 +1,6 @@ { "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc", - "profiles": [ - "http://arm.com/cca/realm/1" - ], + "profile": "http://arm.com/cca/realm/1", "validity": { "not-before": "2021-12-31T00:00:00Z", "not-after": "2025-12-31T00:00:00Z" @@ -16,4 +14,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/integration-tests/data/endorsements/corim-enacttrust-badta.cbor b/integration-tests/data/endorsements/corim-enacttrust-badta.cbor index 91b0f5a2d9c9869f32bc6228048f1fd339f50f91..bb497ebe4ace5164e7227ac75412e4a904065a55 100644 GIT binary patch delta 60 zcmV-C0K@;M0j2>0qXUtFCXoRe0|J4gkv<;}0BS{UVPkYua&>cb1fc_wU>_6#p#V@r SyW@W@VM{Zv(^Jp!LW>qdY!w>- delta 110 zcmZ3+xSY{$F+)I1_=_)YXPu-cp5!<``Jv4p#>R+@n~c8}GcIHZU_b**jf)wwT=No> zOG1iDi%TZD%B!#}WNK_$$aq6Fp!R#A-zpY2i#_|Dy=AW}d~96Ekm3LY%#9P7)Bs2D BC5He2 diff --git a/integration-tests/data/endorsements/corim-enacttrust-badta.yaml b/integration-tests/data/endorsements/corim-enacttrust-badta.yaml new file mode 100644 index 00000000..81031d40 --- /dev/null +++ b/integration-tests/data/endorsements/corim-enacttrust-badta.yaml @@ -0,0 +1,29 @@ +# This can be compiled into CBOR using +# https://github.com/veraison/gen-testcases +--- +0: !!binary |- + XFfo9EbNQhuRyQjPk+E8/A== +1: +- encodedCBOR: + tag: 506 + value: + 1: + 0: !!binary |- + Q7vjfy5hSzOu01PP8UKLFg== + 2: + - 0: EnactTrust + 1: + tag: 32 + value: https://enacttrust.com + 2: + - 0 + - 1 + - 2 + 4: + 3: + - - 1: + tag: 37 + value: !!binary |- + ffdxTqoERji8v0NLHdcg8Q== + - - 0: "@@@@" +3: http://enacttrust.com/veraison/1.0.0 diff --git a/integration-tests/data/endorsements/corim-enacttrust-mini.json b/integration-tests/data/endorsements/corim-enacttrust-mini.json index 96d9fdc2..c73bcf4d 100644 --- a/integration-tests/data/endorsements/corim-enacttrust-mini.json +++ b/integration-tests/data/endorsements/corim-enacttrust-mini.json @@ -1,6 +1,4 @@ { "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc", - "profiles": [ - "http://enacttrust.com/veraison/1.0.0" - ] + "profile": "http://enacttrust.com/veraison/1.0.0" } diff --git a/integration-tests/data/endorsements/corim-psa-full.json b/integration-tests/data/endorsements/corim-psa-full.json index 52b7cd5e..db4d772a 100644 --- a/integration-tests/data/endorsements/corim-psa-full.json +++ b/integration-tests/data/endorsements/corim-psa-full.json @@ -6,9 +6,7 @@ "thumbprint": "sha-256:5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXU=" } ], - "profiles": [ - "http://arm.com/psa/iot/1" - ], + "profile": "http://arm.com/psa/iot/1", "validity": { "not-before": "2021-12-31T00:00:00Z", "not-after": "2025-12-31T00:00:00Z" diff --git a/integration-tests/data/endorsements/corim-psa-mini.json b/integration-tests/data/endorsements/corim-psa-mini.json index f0116feb..f9528480 100644 --- a/integration-tests/data/endorsements/corim-psa-mini.json +++ b/integration-tests/data/endorsements/corim-psa-mini.json @@ -1,6 +1,4 @@ { "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc", - "profiles": [ - "http://arm.com/psa/iot/1" - ] + "profile": "http://arm.com/psa/iot/1" } diff --git a/integration-tests/tests/test_enacttrust_badkey.tavern.yaml b/integration-tests/tests/test_enacttrust_badkey.tavern.yaml index 4041c412..bbc4d4a4 100644 --- a/integration-tests/tests/test_enacttrust_badkey.tavern.yaml +++ b/integration-tests/tests/test_enacttrust_badkey.tavern.yaml @@ -34,4 +34,4 @@ stages: status_code: 200 json: status: failed - failure-reason: 'submit endorsement returned error: submit endorsements failed: RPC server returned error: plugin "unsigned-corim (TPM EnactTrust profile)" returned error: decoding failed for CoMID at index 0: error unmarshalling field "Triples": error unmarshalling field "AttestVerifKeys": cbor: cannot unmarshal map into Go struct field comid.AttestVerifKey.verification-keys of type comid.ICryptoKeyValue' + failure-reason: 'submit endorsement returned error: submit endorsements failed: RPC server returned error: plugin "unsigned-corim (TPM EnactTrust profile)" returned error: decoding failed for CoMID at index 0: error unmarshalling field "Triples": error unmarshalling field "AttestVerifKeys": cbor: cannot unmarshal map into Go struct field comid.KeyTriple.verification-keys of type comid.ICryptoKeyValue' diff --git a/mk/cmd.mk b/mk/cmd.mk index 833fbc51..865d9988 100644 --- a/mk/cmd.mk +++ b/mk/cmd.mk @@ -17,7 +17,7 @@ endif SCHEME_LOADER ?= plugins -_MIN_GO_VERSION = 1.19 +_MIN_GO_VERSION = 1.22 _GO_VERSION = $(shell go version | sed 's/^[^0-9]*\([0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/') .PHONY: _check_version diff --git a/scheme/arm-cca/corim_extractor.go b/scheme/arm-cca/corim_extractor.go index aac70b53..3b40f875 100644 --- a/scheme/arm-cca/corim_extractor.go +++ b/scheme/arm-cca/corim_extractor.go @@ -15,20 +15,20 @@ type CorimExtractor struct { Profile string } -func (o CorimExtractor) RefValExtractor(rv comid.ReferenceValue) ([]*handler.Endorsement, error) { +func (o CorimExtractor) RefValExtractor(rvs comid.ValueTriples) ([]*handler.Endorsement, error) { switch o.Profile { case "http://arm.com/cca/ssd/1": subScheme := &platform.CcaSsdExtractor{Scheme: SchemeName} - return subScheme.RefValExtractor(rv) + return subScheme.RefValExtractor(rvs) case "http://arm.com/cca/realm/1": subScheme := &realm.RealmExtractor{Scheme: SchemeName} - return subScheme.RefValExtractor(rv) + return subScheme.RefValExtractor(rvs) default: return nil, fmt.Errorf("invalid profile %s for scheme %s", o.Profile, SchemeName) } } -func (o CorimExtractor) TaExtractor(avk comid.AttestVerifKey) (*handler.Endorsement, error) { +func (o CorimExtractor) TaExtractor(avk comid.KeyTriple) (*handler.Endorsement, error) { switch o.Profile { case "http://arm.com/cca/ssd/1": subScheme := &platform.CcaSsdExtractor{Scheme: SchemeName} diff --git a/scheme/arm-cca/endorsement_handler_test.go b/scheme/arm-cca/endorsement_handler_test.go index eac25f36..f184661c 100644 --- a/scheme/arm-cca/endorsement_handler_test.go +++ b/scheme/arm-cca/endorsement_handler_test.go @@ -6,7 +6,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/veraison/corim/comid" ) func TestDecoder_GetAttestationScheme(t *testing.T) { @@ -66,16 +65,15 @@ func TestDecoder_Decode_invalid_data(t *testing.T) { } func TestDecoder_Decode_CcaSsdRefVal_OK(t *testing.T) { - tvs := []string{ - unsignedcorimCcacomidCcaRefValOne, - unsignedcorimCcacomidCcaRefValFour, + tvs := [][]byte{ + unsignedCorimCcaComidCcaRefValOne, + unsignedCorimCcaComidCcaRefValFour, } d := &EndorsementHandler{} for _, tv := range tvs { - data := comid.MustHexDecode(t, tv) - _, err := d.Decode(data) + _, err := d.Decode(tv) assert.NoError(t, err) } } @@ -83,40 +81,38 @@ func TestDecoder_Decode_CcaSsdRefVal_OK(t *testing.T) { func TestDecoder_Decode_CCaSsdRefVal_NOK(t *testing.T) { tvs := []struct { desc string - input string + input []byte expectedErr string }{ { desc: "missing profile inside corim containing one CCA platform config measurement", - input: unsignedcorimCcaNoProfilecomidCcaRefValOne, + input: unsignedCorimCcaNoProfileComidCcaRefValOne, expectedErr: "no profile information set in CoRIM", }, { desc: "missing profile inside corim containing multiple reference value measurements", - input: unsignedcorimCcaNoProfilecomidCcaRefValFour, + input: unsignedCorimCcaNoProfileComidCcaRefValFour, expectedErr: "no profile information set in CoRIM", }, } for _, tv := range tvs { - data := comid.MustHexDecode(t, tv.input) d := &EndorsementHandler{} - _, err := d.Decode(data) + _, err := d.Decode(tv.input) assert.EqualError(t, err, tv.expectedErr) } } func TestDecoder_DecodeCcaRealm_OK(t *testing.T) { - tvs := []string{ - unsignedcorimCcaRealmcomidCcaRealm, - unsignedcorimCcaRealmcomidCcaRealmNoClass, + tvs := [][]byte{ + unsignedCorimCcaRealmComidCcaRealm, + unsignedCorimCcaRealmComidCcaRealmNoClass, } d := &EndorsementHandler{} for _, tv := range tvs { - data := comid.MustHexDecode(t, tv) - _, err := d.Decode(data) + _, err := d.Decode(tv) assert.NoError(t, err) } } @@ -124,30 +120,31 @@ func TestDecoder_DecodeCcaRealm_OK(t *testing.T) { func TestDecoder_DecodeCcaRealm_negative_tests(t *testing.T) { tvs := []struct { desc string - input string + input []byte expectedErr string }{ { desc: "no realm instance identity in corim", - input: unsignedcorimCcaRealmcomidCcaRealmNoInstance, + input: unsignedCorimCcaRealmComidCcaRealmNoInstance, expectedErr: "bad software component in CoMID at index 0: could not extract Realm instance attributes: expecting instance in environment", }, { desc: "invalid instance identity in corim", - input: unsignedcorimCcaRealmcomidCcaRealmInvalidInstance, + input: unsignedCorimCcaRealmComidCcaRealmInvalidInstance, expectedErr: "bad software component in CoMID at index 0: could not extract Realm instance attributes: expecting instance as bytes for CCA Realm", }, { desc: "invalid class identity in corim", - input: unsignedcorimCcaRealmcomidCcaRealmInvalidClass, + input: unsignedCorimCcaRealmComidCcaRealmInvalidClass, expectedErr: "bad software component in CoMID at index 0: could not extract Realm class attributes: could not extract uuid from class-id: class-id type is: *comid.TaggedImplID", }, } for _, tv := range tvs { - data := comid.MustHexDecode(t, tv.input) - d := &EndorsementHandler{} - _, err := d.Decode(data) - assert.EqualError(t, err, tv.expectedErr) + t.Run(tv.desc, func (t *testing.T) { + d := &EndorsementHandler{} + _, err := d.Decode(tv.input) + assert.EqualError(t, err, tv.expectedErr) + }) } } diff --git a/scheme/arm-cca/test/corim/ComidCcaRefValFour.json b/scheme/arm-cca/test/corim/ComidCcaRefValFour.json deleted file mode 100644 index 296e843b..00000000 --- a/scheme/arm-cca/test/corim/ComidCcaRefValFour.json +++ /dev/null @@ -1,93 +0,0 @@ -{ - "lang": "en-GB", - "tag-identity": { - "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", - "version": 0 - }, - "entities": [ - { - "name": "ACME Ltd.", - "regid": "https://acme.example", - "roles": [ - "tagCreator", - "creator", - "maintainer" - ] - } - ], - "triples": { - "reference-values": [ - { - "environment": { - "class": { - "id": { - "type": "psa.impl-id", - "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" - }, - "vendor": "ACME", - "model": "RoadRunner" - } - }, - "measurements": [ - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "2.1.0", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } - }, - "value": { - "digests": [ - "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" - ] - } - }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "PRoT", - "version": "1.3.5", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } - }, - "value": { - "digests": [ - "sha-256:AmOCmYm2/ZVPcrqvL8ZLwuLwHWktTecphuqAj26ZgT8=" - ] - } - }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "ARoT", - "version": "0.1.4", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } - }, - "value": { - "digests": [ - "sha-256:o6XnFfDMV0pzw/m+u2vCTzL/1bZ7OHJEwskJ2neaFHg=" - ] - } - }, - { - "key": { - "type": "cca.platform-config-id", - "value": "any-value" - }, - "value": { - "raw-value": { - "type": "bytes", - "value": "cmF3dmFsdWUKcmF3dmFsdWUK" - } - } - } - ] - } - ] - } -} diff --git a/scheme/arm-cca/test/corim/build-test-vectors.sh b/scheme/arm-cca/test/corim/build-test-vectors.sh index bd2390b4..16a64376 100755 --- a/scheme/arm-cca/test/corim/build-test-vectors.sh +++ b/scheme/arm-cca/test/corim/build-test-vectors.sh @@ -5,77 +5,64 @@ set -eu set -o pipefail -# function generate_go_test_vector constructs CBOR test vector using -# supplied comid and corim json template and saves them in a file -# $1 file name for comid json template, example one of COMID_TEMPLATES -# $2 file name for corim json template, example CORIM_TEMPLATE -# $3 a qualifier for each cbor test vector name -# $4 name of the file where the generated CBOR test vectors are aggregated -generate_go_test_vector () { - echo "generating test vector using $1 $2" - cocli comid create -t $1.json - cocli corim create -m $1.cbor -t $2.json -o corim$1.cbor - echo "// automatically generated from:" >> $4 - echo "// $1.json and $2.json" >> $4 - echo "var $3$2$1 = "'`' >> $4 - cat corim$1.cbor | xxd -p >> $4 - echo '`' >> $4 -} - -CORIM_REALM_TEMPLATE="corimCcaRealm" +THIS_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +GEN_CORIM="$THIS_DIR/../../../common/scripts/gen-corim" -COMID_REALM_TEMPLATES= -COMID_REALM_TEMPLATES="${COMID_REALM_TEMPLATES} comidCcaRealm" -COMID_REALM_TEMPLATES="${COMID_REALM_TEMPLATES} comidCcaRealmNoClass" -COMID_REALM_TEMPLATES="${COMID_REALM_TEMPLATES} comidCcaRealmNoInstance" -COMID_REALM_TEMPLATES="${COMID_REALM_TEMPLATES} comidCcaRealmInvalidInstance" -COMID_REALM_TEMPLATES="${COMID_REALM_TEMPLATES} comidCcaRealmInvalidClass" +SUBATTESTERS=( + cca_platform + cca_realm +) -# CORIM CCA PLATFORM TEMPLATES -CORIM_PLATFORM_TEMPLATE="corimCca" -CORIM_PLATFORM_TEMPLATE="${CORIM_PLATFORM_TEMPLATE} corimCcaNoProfile" +CORIM_REALM_TEMPLATES=( + corimCcaRealm +) -# COMID CCA PLATFORM TEMPLATES -COMID_PLATFORM_TEMPLATES= -COMID_PLATFORM_TEMPLATES="${COMID_PLATFORM_TEMPLATES} comidCcaRefValOne" -COMID_PLATFORM_TEMPLATES="${COMID_PLATFORM_TEMPLATES} comidCcaRefValFour" +COMID_REALM_TEMPLATES=( + comidCcaRealm + comidCcaRealmNoClass + comidCcaRealmNoInstance + comidCcaRealmInvalidInstance + comidCcaRealmInvalidClass +) -TV_DOT_GO=${TV_DOT_GO?must be set in the environment.} +CORIM_PLATFORM_TEMPLATES=( + corimCca + corimCcaNoProfile +) -printf "package cca\n\n" > ${TV_DOT_GO} +COMID_PLATFORM_TEMPLATES=( + comidCcaRefValOne + comidCcaRefValFour +) -# function to generate test vectors for the supplied CCA Platform or Realm +# function to generate test vectors for the supplied CCA Platform or Realm # $1 passed argument whose templates needs to be constructed generate_templates() { + local sub_at=$1 - echo "generating templates for subattester $1" - printf "" >> ${TV_DOT_GO} + echo "generating templates for subattester $sub_at" - if [ "$1" == "cca_platform" ]; then - COMID_TEMPLATES=$COMID_PLATFORM_TEMPLATES - CORIM_TEMPLATE=$CORIM_PLATFORM_TEMPLATE + if [ "$sub_at" == "cca_platform" ]; then + COMID_TEMPLATES=("${COMID_PLATFORM_TEMPLATES[@]}") + CORIM_TEMPLATES=("${CORIM_PLATFORM_TEMPLATES[@]}") else - COMID_TEMPLATES=$COMID_REALM_TEMPLATES - CORIM_TEMPLATE=$CORIM_REALM_TEMPLATE + COMID_TEMPLATES=("${COMID_REALM_TEMPLATES[@]}") + CORIM_TEMPLATES=("${CORIM_REALM_TEMPLATES[@]}") fi - - for r in ${CORIM_TEMPLATE} + + for corim in "${CORIM_TEMPLATES[@]}" do - for t in ${COMID_TEMPLATES} + for comid in "${COMID_TEMPLATES[@]}" do - generate_go_test_vector $t $r "unsigned" $TV_DOT_GO + "$GEN_CORIM" "$THIS_DIR" "$comid" "$corim" "unsigned" done done } -SUBATTESTER= -SUBATTESTER="${SUBATTESTER} cca_platform" -SUBATTESTER="${SUBATTESTER} cca_realm" - -for at in ${SUBATTESTER} +for at in "${SUBATTESTERS[@]}" do - generate_templates $at + generate_templates "$at" done -gofmt -w $TV_DOT_GO \ No newline at end of file +echo "done" diff --git a/scheme/arm-cca/test/corim/comidCcaRealm.json b/scheme/arm-cca/test/corim/comidCcaRealm.json deleted file mode 100644 index a8b80ad7..00000000 --- a/scheme/arm-cca/test/corim/comidCcaRealm.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "lang": "en-GB", - "tag-identity": { - "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", - "version": 0 - }, - "entities": [ - { - "name": "Workload Client Ltd.", - "regid": "https://workloadclient.example", - "roles": [ - "tagCreator", - "creator", - "maintainer" - ] - } - ], - "triples": { - "reference-values": [ - { - "environment": { - "class": { - "id": { - "type": "uuid", - "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" - }, - "vendor": "Workload Client Ltd" - }, - "instance": { - "type": "bytes", - "value": "QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" - } - }, - "measurements": [ - { - "value": { - "raw-value": { - "type": "bytes", - "value": "5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXXkW3L1wMC1cttNjTq36X82j/dOYjR6gk3stnqE5SJNdQ==" - }, - "integrity-registers": { - "rim": { - "key-type": "text", - "value": [ - "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" - ] - }, - "rem0": { - "key-type": "text", - "value": [ - "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem1": { - "key-type": "text", - "value": [ - "sha-384;JQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem2": { - "key-type": "text", - "value": [ - "sha-384;MQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem3": { - "key-type": "text", - "value": [ - "sha-384;NQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - } - } - } - } - ] - } - ] - } -} diff --git a/scheme/arm-cca/test/corim/comidCcaRealmInvalidClass.json b/scheme/arm-cca/test/corim/comidCcaRealmInvalidClass.json deleted file mode 100644 index 26da78d4..00000000 --- a/scheme/arm-cca/test/corim/comidCcaRealmInvalidClass.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "lang": "en-GB", - "tag-identity": { - "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", - "version": 0 - }, - "entities": [ - { - "name": "Workload Client Ltd.", - "regid": "https://workloadclient.example", - "roles": [ - "tagCreator", - "creator", - "maintainer" - ] - } - ], - "triples": { - "reference-values": [ - { - "environment": { - "class": { - "id": { - "type": "psa.impl-id", - "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" - }, - "vendor": "ACME" - }, - "instance": { - "type": "bytes", - "value": "QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" - } - }, - "measurements": [ - { - "value": { - "raw-value": { - "type": "bytes", - "value": "5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXXkW3L1wMC1cttNjTq36X82j/dOYjR6gk3stnqE5SJNdQ==" - }, - "integrity-registers": { - "rim": { - "key-type": "text", - "value": [ - "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" - ] - }, - "rem0": { - "key-type": "text", - "value": [ - "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem1": { - "key-type": "text", - "value": [ - "sha-384;JQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem2": { - "key-type": "text", - "value": [ - "sha-384;MQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem3": { - "key-type": "text", - "value": [ - "sha-384;NQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - } - } - } - } - ] - } - ] - } -} diff --git a/scheme/arm-cca/test/corim/comidCcaRealmInvalidInstance.json b/scheme/arm-cca/test/corim/comidCcaRealmInvalidInstance.json deleted file mode 100644 index a7ecff92..00000000 --- a/scheme/arm-cca/test/corim/comidCcaRealmInvalidInstance.json +++ /dev/null @@ -1,75 +0,0 @@ -{ - "lang": "en-GB", - "tag-identity": { - "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", - "version": 0 - }, - "entities": [ - { - "name": "Workload Client Ltd.", - "regid": "https://workloadclient.example", - "roles": [ - "tagCreator", - "creator", - "maintainer" - ] - } - ], - "triples": { - "reference-values": [ - { - "environment": { - "class": { - "id": { - "type": "uuid", - "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" - }, - "vendor": "Workload Client Ltd" - }, - "instance": { - "type": "ueid", - "value": "Ac7rrnuJJ6MiflMDz14PH3s0u1Qq1yUKwD+83jbsLxUI" - } - }, - "measurements": [ - { - "value": { - "integrity-registers": { - "rim": { - "key-type": "text", - "value": [ - "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" - ] - }, - "rem0": { - "key-type": "text", - "value": [ - "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem1": { - "key-type": "text", - "value": [ - "sha-384;JQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem2": { - "key-type": "text", - "value": [ - "sha-384;MQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem3": { - "key-type": "text", - "value": [ - "sha-384;NQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - } - } - } - } - ] - } - ] - } -} diff --git a/scheme/arm-cca/test/corim/comidCcaRealmNoClass.json b/scheme/arm-cca/test/corim/comidCcaRealmNoClass.json deleted file mode 100644 index 469585d0..00000000 --- a/scheme/arm-cca/test/corim/comidCcaRealmNoClass.json +++ /dev/null @@ -1,68 +0,0 @@ -{ - "lang": "en-GB", - "tag-identity": { - "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", - "version": 0 - }, - "entities": [ - { - "name": "Workload Client Ltd.", - "regid": "https://workloadclient.example", - "roles": [ - "tagCreator", - "creator", - "maintainer" - ] - } - ], - "triples": { - "reference-values": [ - { - "environment": { - "instance": { - "type": "bytes", - "value": "QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" - } - }, - "measurements": [ - { - "value": { - "integrity-registers": { - "rim": { - "key-type": "text", - "value": [ - "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" - ] - }, - "rem0": { - "key-type": "text", - "value": [ - "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem1": { - "key-type": "text", - "value": [ - "sha-384;JQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem2": { - "key-type": "text", - "value": [ - "sha-384;MQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem3": { - "key-type": "text", - "value": [ - "sha-384;NQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - } - } - } - } - ] - } - ] - } -} diff --git a/scheme/arm-cca/test/corim/comidCcaRealmNoInstance.json b/scheme/arm-cca/test/corim/comidCcaRealmNoInstance.json deleted file mode 100644 index 2b38bd54..00000000 --- a/scheme/arm-cca/test/corim/comidCcaRealmNoInstance.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "lang": "en-GB", - "tag-identity": { - "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", - "version": 0 - }, - "entities": [ - { - "name": "Workload Client Ltd.", - "regid": "https://workloadclient.example", - "roles": [ - "tagCreator", - "creator", - "maintainer" - ] - } - ], - "triples": { - "reference-values": [ - { - "environment": { - "class": { - "id": { - "type": "uuid", - "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" - }, - "vendor": "Workload Client Ltd" - } - }, - "measurements": [ - { - "value": { - "integrity-registers": { - "rim": { - "key-type": "text", - "value": [ - "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" - ] - }, - "rem0": { - "key-type": "text", - "value": [ - "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem1": { - "key-type": "text", - "value": [ - "sha-384;JQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem2": { - "key-type": "text", - "value": [ - "sha-384;MQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - }, - "rem3": { - "key-type": "text", - "value": [ - "sha-384;NQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" - ] - } - } - } - } - ] - } - ] - } -} diff --git a/scheme/arm-cca/test/corim/src/comidCcaRealm.json b/scheme/arm-cca/test/corim/src/comidCcaRealm.json new file mode 100644 index 00000000..b2c3f494 --- /dev/null +++ b/scheme/arm-cca/test/corim/src/comidCcaRealm.json @@ -0,0 +1,77 @@ +{ + "lang": "en-GB", + "tag-identity": { + "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", + "version": 0 + }, + "entities": [ + { + "name": "Workload Client Ltd.", + "regid": "https://workloadclient.example", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "uuid", + "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" + }, + "vendor": "Workload Client Ltd" + }, + "instance": { + "type": "bytes", + "value": "QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" + } + }, + "measurement": { + "value": { + "raw-value": { + "type": "bytes", + "value": "5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXXkW3L1wMC1cttNjTq36X82j/dOYjR6gk3stnqE5SJNdQ==" + }, + "integrity-registers": { + "rim": { + "key-type": "text", + "value": [ + "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" + ] + }, + "rem0": { + "key-type": "text", + "value": [ + "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem1": { + "key-type": "text", + "value": [ + "sha-384;JQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem2": { + "key-type": "text", + "value": [ + "sha-384;MQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem3": { + "key-type": "text", + "value": [ + "sha-384;NQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + } + } + } + } + } + ] + } +} diff --git a/scheme/arm-cca/test/corim/src/comidCcaRealmInvalidClass.json b/scheme/arm-cca/test/corim/src/comidCcaRealmInvalidClass.json new file mode 100644 index 00000000..c4080743 --- /dev/null +++ b/scheme/arm-cca/test/corim/src/comidCcaRealmInvalidClass.json @@ -0,0 +1,77 @@ +{ + "lang": "en-GB", + "tag-identity": { + "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", + "version": 0 + }, + "entities": [ + { + "name": "Workload Client Ltd.", + "regid": "https://workloadclient.example", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" + }, + "vendor": "ACME" + }, + "instance": { + "type": "bytes", + "value": "QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" + } + }, + "measurement": { + "value": { + "raw-value": { + "type": "bytes", + "value": "5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXXkW3L1wMC1cttNjTq36X82j/dOYjR6gk3stnqE5SJNdQ==" + }, + "integrity-registers": { + "rim": { + "key-type": "text", + "value": [ + "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" + ] + }, + "rem0": { + "key-type": "text", + "value": [ + "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem1": { + "key-type": "text", + "value": [ + "sha-384;JQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem2": { + "key-type": "text", + "value": [ + "sha-384;MQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem3": { + "key-type": "text", + "value": [ + "sha-384;NQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + } + } + } + } + } + ] + } +} diff --git a/scheme/arm-cca/test/corim/src/comidCcaRealmInvalidInstance.json b/scheme/arm-cca/test/corim/src/comidCcaRealmInvalidInstance.json new file mode 100644 index 00000000..47558bde --- /dev/null +++ b/scheme/arm-cca/test/corim/src/comidCcaRealmInvalidInstance.json @@ -0,0 +1,73 @@ +{ + "lang": "en-GB", + "tag-identity": { + "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", + "version": 0 + }, + "entities": [ + { + "name": "Workload Client Ltd.", + "regid": "https://workloadclient.example", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "uuid", + "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" + }, + "vendor": "Workload Client Ltd" + }, + "instance": { + "type": "ueid", + "value": "Ac7rrnuJJ6MiflMDz14PH3s0u1Qq1yUKwD+83jbsLxUI" + } + }, + "measurement": { + "value": { + "integrity-registers": { + "rim": { + "key-type": "text", + "value": [ + "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" + ] + }, + "rem0": { + "key-type": "text", + "value": [ + "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem1": { + "key-type": "text", + "value": [ + "sha-384;JQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem2": { + "key-type": "text", + "value": [ + "sha-384;MQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem3": { + "key-type": "text", + "value": [ + "sha-384;NQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + } + } + } + } + } + ] + } +} diff --git a/scheme/arm-cca/test/corim/src/comidCcaRealmNoClass.json b/scheme/arm-cca/test/corim/src/comidCcaRealmNoClass.json new file mode 100644 index 00000000..1e4c5771 --- /dev/null +++ b/scheme/arm-cca/test/corim/src/comidCcaRealmNoClass.json @@ -0,0 +1,66 @@ +{ + "lang": "en-GB", + "tag-identity": { + "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", + "version": 0 + }, + "entities": [ + { + "name": "Workload Client Ltd.", + "regid": "https://workloadclient.example", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "instance": { + "type": "bytes", + "value": "QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" + } + }, + "measurement": { + "value": { + "integrity-registers": { + "rim": { + "key-type": "text", + "value": [ + "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" + ] + }, + "rem0": { + "key-type": "text", + "value": [ + "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem1": { + "key-type": "text", + "value": [ + "sha-384;JQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem2": { + "key-type": "text", + "value": [ + "sha-384;MQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem3": { + "key-type": "text", + "value": [ + "sha-384;NQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + } + } + } + } + } + ] + } +} diff --git a/scheme/arm-cca/test/corim/src/comidCcaRealmNoInstance.json b/scheme/arm-cca/test/corim/src/comidCcaRealmNoInstance.json new file mode 100644 index 00000000..0bca088b --- /dev/null +++ b/scheme/arm-cca/test/corim/src/comidCcaRealmNoInstance.json @@ -0,0 +1,69 @@ +{ + "lang": "en-GB", + "tag-identity": { + "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", + "version": 0 + }, + "entities": [ + { + "name": "Workload Client Ltd.", + "regid": "https://workloadclient.example", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "uuid", + "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" + }, + "vendor": "Workload Client Ltd" + } + }, + "measurement": { + "value": { + "integrity-registers": { + "rim": { + "key-type": "text", + "value": [ + "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" + ] + }, + "rem0": { + "key-type": "text", + "value": [ + "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem1": { + "key-type": "text", + "value": [ + "sha-384;JQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem2": { + "key-type": "text", + "value": [ + "sha-384;MQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem3": { + "key-type": "text", + "value": [ + "sha-384;NQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + } + } + } + } + } + ] + } +} diff --git a/scheme/arm-cca/test/corim/src/comidCcaRefValFour.json b/scheme/arm-cca/test/corim/src/comidCcaRefValFour.json new file mode 100644 index 00000000..12de6cd4 --- /dev/null +++ b/scheme/arm-cca/test/corim/src/comidCcaRefValFour.json @@ -0,0 +1,127 @@ +{ + "lang": "en-GB", + "tag-identity": { + "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", + "version": 0 + }, + "entities": [ + { + "name": "ACME Ltd.", + "regid": "https://acme.example", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" + }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", + "value": { + "label": "BL", + "version": "2.1.0", + "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" + } + }, + "value": { + "digests": [ + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" + }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", + "value": { + "label": "PRoT", + "version": "1.3.5", + "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" + } + }, + "value": { + "digests": [ + "sha-256:AmOCmYm2/ZVPcrqvL8ZLwuLwHWktTecphuqAj26ZgT8=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" + }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", + "value": { + "label": "ARoT", + "version": "0.1.4", + "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" + } + }, + "value": { + "digests": [ + "sha-256:o6XnFfDMV0pzw/m+u2vCTzL/1bZ7OHJEwskJ2neaFHg=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" + }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "cca.platform-config-id", + "value": "any-value" + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "cmF3dmFsdWUKcmF3dmFsdWUK" + } + } + } + } + ] + } +} diff --git a/scheme/arm-cca/test/corim/ComidCcaRefValOne.json b/scheme/arm-cca/test/corim/src/comidCcaRefValOne.json similarity index 69% rename from scheme/arm-cca/test/corim/ComidCcaRefValOne.json rename to scheme/arm-cca/test/corim/src/comidCcaRefValOne.json index 0871e7ea..a02a8b02 100644 --- a/scheme/arm-cca/test/corim/ComidCcaRefValOne.json +++ b/scheme/arm-cca/test/corim/src/comidCcaRefValOne.json @@ -29,20 +29,18 @@ "model": "RoadRunner" } }, - "measurements": [ - { - "key": { - "type": "cca.platform-config-id", - "value": "any-label" - }, - "value": { - "raw-value": { - "type": "bytes", - "value": "cmF3dmFsdWUKcmF3dmFsdWUK" - } + "measurement": { + "key": { + "type": "cca.platform-config-id", + "value": "any-label" + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "cmF3dmFsdWUKcmF3dmFsdWUK" } } - ] + } } ] } diff --git a/scheme/arm-cca/test/corim/corimCca.json b/scheme/arm-cca/test/corim/src/corimCca.json similarity index 90% rename from scheme/arm-cca/test/corim/corimCca.json rename to scheme/arm-cca/test/corim/src/corimCca.json index 8413db0a..cbebc13b 100644 --- a/scheme/arm-cca/test/corim/corimCca.json +++ b/scheme/arm-cca/test/corim/src/corimCca.json @@ -6,9 +6,7 @@ "thumbprint": "sha-256:5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXU=" } ], - "profiles": [ - "http://arm.com/cca/ssd/1" - ], + "profile": "http://arm.com/cca/ssd/1", "validity": { "not-before": "2021-12-31T00:00:00Z", "not-after": "2025-12-31T00:00:00Z" diff --git a/scheme/arm-cca/test/corim/src/corimCcaNoProfile.json b/scheme/arm-cca/test/corim/src/corimCcaNoProfile.json new file mode 100644 index 00000000..b0650f9e --- /dev/null +++ b/scheme/arm-cca/test/corim/src/corimCcaNoProfile.json @@ -0,0 +1,22 @@ +{ + "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc", + "dependent-rims": [ + { + "href": "https://parent.example/rims/ccb3aa85-61b4-40f1-848e-02ad6e8a254b", + "thumbprint": "sha-256:5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXU=" + } + ], + "validity": { + "not-before": "2021-12-31T00:00:00Z", + "not-after": "2025-12-31T00:00:00Z" + }, + "entities": [ + { + "name": "ACME Ltd.", + "regid": "acme.example", + "roles": [ + "manifestCreator" + ] + } + ] +} diff --git a/scheme/arm-cca/test/corim/corimCcaRealm.json b/scheme/arm-cca/test/corim/src/corimCcaRealm.json similarity index 84% rename from scheme/arm-cca/test/corim/corimCcaRealm.json rename to scheme/arm-cca/test/corim/src/corimCcaRealm.json index cb496711..d57492bd 100644 --- a/scheme/arm-cca/test/corim/corimCcaRealm.json +++ b/scheme/arm-cca/test/corim/src/corimCcaRealm.json @@ -1,8 +1,6 @@ { "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc", - "profiles": [ - "http://arm.com/cca/realm/1" - ], + "profile": "http://arm.com/cca/realm/1", "validity": { "not-before": "2021-12-31T00:00:00Z", "not-after": "2025-12-31T00:00:00Z" diff --git a/scheme/arm-cca/test/corim/unsignedCorimCcaComidCcaRefValFour.cbor b/scheme/arm-cca/test/corim/unsignedCorimCcaComidCcaRefValFour.cbor new file mode 100644 index 0000000000000000000000000000000000000000..8a8cc36afbc75002d3a8da8949daa59298e81f84 GIT binary patch literal 847 zcmZ3+5D*jo;)~l^C+UeNInGahX!D1$F_Nk7CgZOq45_Jky6#Sl3mF2OcR#MzOY}Bg zcRBd{N2hKvrpCn#nU2oBt_nUSDSC`I6iPBmN(zdt^z{>yb5r$FD-v@Ha#ER^85o&Z z7BaLnEo4~CaFZz_LIEVLn+cN4P0cGwEXmBz)6GoLHGl#`#uSjLOj$wsi77#)d3mWt zi+~y<7c(X~`LLuK=^5%7utq4X*)4ed$t}eq)*zcF=cH7k9xk$6XOsPRUPa;er#E)J z$Yxx~)Y!xrq0sKse^jZ#){rf(`kc)N`zNKGX@*Z9RPU|gzn5_2yy|f(xGN!W4?X%Io2l#jT(j*}Lx0}PMtf?w%n|G|17Mh$ zkl?b#OP`B=I1}zweE8?S-Pwoyjs9QVR&7z_a_A)It@2qS6_mOxDl;*!QnxHIr!#Bf8Q!U2}33KENesRfp-^oufci}jO}lZ+D+ElhRI43kWB zO$^cubuCORQgscC5>w1lEfS4PO_CTviQq|e(boe9wiey??X}wevfix!yI+z?Rg>?V zZB;E#m3&K?D*jeM6Q-3nA4Xrs}0uB<2?6q%t)#Ffy?$ zWN2(!$gr5@2%?y)FbWIG>40SC`EK+q1j1p7KQY{jVOihv)n;0V$oDl;U#ffYTda!`V(kr4n$f{aQ4 literal 0 HcmV?d00001 diff --git a/scheme/arm-cca/test/corim/unsignedCorimCcaNoProfileComidCcaRefValFour.cbor b/scheme/arm-cca/test/corim/unsignedCorimCcaNoProfileComidCcaRefValFour.cbor new file mode 100644 index 0000000000000000000000000000000000000000..04a63a5aa532e08582238581fff4ad93e7999965 GIT binary patch literal 820 zcmZ3=5D*jo;)~l^C+UeNInGahX!D1$F_Nk7CgZOq45_Jky6#Sl3mF2OcR#MzOY}Bg zcRBd{N2hKvrpCn#nU2oBt_nUSDSC`I6iPBmN(zdt^z{>yb5r$FD-v@Ha#ER^85o&Z z7BaLnEo4~CaFZz_LIEVLn+cN4P0cGwEXmBz)6GoLHGl#`#uSjLOj$wsi77#)d3mWt zi+~y<7c(X~`LLuK=^5%7utq4X*)4ed$t}eq)*zcF=cH7k9xk$6XOsPRUPa;er#E)J z$Yxx~)Y!xrq0sKse^jZ#){rf(`kc)N`zNKGX@*Z9RPU|gzn5_2yy|f(xGN!W4?X%Io2l#jT(j*}Lx0}PMtf?w%n|G|17Mh$ zkl?b#OP`B=I1}zweE8?S-Pwoyjs9QVR&7z_a_A)It@2qS6_mOxDl;*!QnxHIr!#Bf8Q!U2}33KENesRfp-^oufci}jO}lZ+D+ElhRI43kWB zO$^cubuCORQgscC5>w1lEfS4PO_CTviQq|e(boe9wiey??X}wevfix!yI+z?Rg>?V lZB;E#m3&KC7BL)@N<8Pmz<5w9GbFu%6+La|prq+WMgTdvJ~sdW literal 0 HcmV?d00001 diff --git a/scheme/arm-cca/test/corim/unsignedCorimCcaNoProfileComidCcaRefValOne.cbor b/scheme/arm-cca/test/corim/unsignedCorimCcaNoProfileComidCcaRefValOne.cbor new file mode 100644 index 0000000000000000000000000000000000000000..f49ccae9bddabad2deac44bef0d3c50fe88f878e GIT binary patch literal 359 zcmZ3=5D*jo;)~l^C+UeNInGahX!D1$F=EqA#$QVqQd9GE-JKX0G6Xp9eq67Y=xx02 za`5?&PTgWmjf)vF9i4q$6?{rk^cZg_lw_2Y6ck(O>nA4Xrs}0uB<2?6q%t)#Ffy?$ zWN2(!$gr5@2%?y)FbWIG>40SC`EK+q1j1p7KQY{jVOihv)n;0V$oRO!y^YJ92yw` D^$CN5 literal 0 HcmV?d00001 diff --git a/scheme/arm-cca/test/corim/unsignedCorimCcaRealmComidCcaRealm.cbor b/scheme/arm-cca/test/corim/unsignedCorimCcaRealmComidCcaRealm.cbor new file mode 100644 index 0000000000000000000000000000000000000000..c41ff5e42046297f6470b8d238393d68a31856ee GIT binary patch literal 665 zcmZ3=5D*jo;)~l^C+UeNInGahX!D1$F_OvnCgZOq45_Jky6#Sl3mF2OcR#MzOY}Bg zcRBd{N2hKvrpCn#CE@u+**W=%DGJUxnW=dt3O*$%dW<&|D&#UsN(zdt^!3Z33X;L{ zdZ`tOxdl0?OwA08Oe_l-8k-g|EMmB!8gN#gFI4TP8}H5=-~T==tf*lu#$qz#O(uf~ z1E-d)nLf)7TsrUGxnO7138t9F-lxheX5P=wYBp}V^!8ZmW+nByLlKhGRD^Gw+;s5k zLdHcbAdL=BqKm#BIIy+owr{W1_Luc${onnPOsblE-)yUDd8*`FN=Tk>X>w6!ZetTW z>263VO3gI@>r`al{XFr{Qr)S-S;8T=t9-9kORMeUwOuYdZog@%Cv$}qDB^+fo>-KtmzFDh13QILPiOIRC@Fdd62mn-T9DV=* literal 0 HcmV?d00001 diff --git a/scheme/arm-cca/test/corim/unsignedCorimCcaRealmComidCcaRealmInvalidClass.cbor b/scheme/arm-cca/test/corim/unsignedCorimCcaRealmComidCcaRealmInvalidClass.cbor new file mode 100644 index 0000000000000000000000000000000000000000..b48479b763ee4f207d90c8786e744fcb4c65612f GIT binary patch literal 668 zcmZ3=5D*jo;)~l^C+UeNInGahX!D1$F_OvbCgZOq45_Jky6#Sl3mF2OcR#MzOY}Bg zcRBd{N2hKvrpCn#CE@u+**W=%DGJUxnW=dt3O*$%dW<&|D&#UsN(zdt^!3Z33X;L{ zdZ`tOxdl0?OwA08Oe_l-8k-g|EMmCH6cM42n4Fucn+cN41sarCl9`{Uo0+0(00oAO zDUQy*u8cRC3?dAiTDE5TEIV-NynE+@olz&4Vj6p&Dzlh*KR>J4xarc{W38K&)awpK zNKR7`zHxHX!LJJ$7qNgeIy{Lk`g-8N)}q_Ky;j>_)|>Tz_e(OVYVv)vt*Ygzl5Z&? zdA_B|MVYycP3)w*A*Coa*8r?jk$v~`#6L@QrwV5Yhup66y;?1;wvX3#x$L}6mTjB8 zmx-?a7U=UiE^6M=C}v%@t_qM&L$FR&GISb&bsCbP(-^GNlti7(6;hzM2S$BjQLbKc zey)CUa-x1wYGO{Vz9GvZhJ#Xx=R6n~4@zZ*q&Khv(@-WTUSSC*2b2upsict+0H})? A)c^nh literal 0 HcmV?d00001 diff --git a/scheme/arm-cca/test/corim/unsignedCorimCcaRealmComidCcaRealmInvalidInstance.cbor b/scheme/arm-cca/test/corim/unsignedCorimCcaRealmComidCcaRealmInvalidInstance.cbor new file mode 100644 index 0000000000000000000000000000000000000000..4e7fd5b42958783b5f60e2ddc0e3c27124f4a285 GIT binary patch literal 580 zcmZ3=5D*jo;)~l^C+UeNInGahX!D1$F_Q7#O~zkK7*bR7blsg87cvAm?|xjbm*{Q0 z?sD+?k51iUOpS{fO2YGtvUBniQxu$YGE?(P6nsij^cZg_RLEtNloS+O>Fbw66(ob@ z^-?Pma|?1(nVK0GnOGJwG&U__Sj2EcHQ=l~U#QwoH{P8$zW;q#SW&}RjKyTen@nmE zij3!8udD7w6!ZetUBgn?7b z)=Zye2QHm=?_97m>I73vWA9UC7BlbXXEhr)U3z=0b+eLs-JuA{X)3}uPHsB*HKiyu z*8r?jk$v~`#6L@QrwV5Yhup66y;?1;wvX3#x$L}6mTjB8mx-?a7U=UiE^6M=C}v%@ zt_qM&L$FR&GISb&bsCbP(-^GNlti7(6;hx$0!C3{QLbKcey)CUa-x1wYGO{Vz9GvZ nhJ#Xx=R6n~4@zZ*q&Khv<2uvP+1C{o!8wV^xvB8jY-9ugFbw66(ob@ z^-?Pma|?1(nVK0GnOGJwG&U_{yvbw`Vc^uVHPdI=flKGzI~VMXI>8jv*!xtO#mxKp zSJL$Spic)h8z&aJ#cRx@3 zvs8DgaF%e$?JD1^)zWJFcx{)<&f8?!w%L1`=<08QKA+>F<}Hn4)@AFe0O>RY>r^E} zrx94EAsIT2!8%Pz)X7{S1&Rk?G$a<~>Lusr>L({B>KCOZ=H%)dvMgdaD3y55gMsm& dRAxwe11m5-Gaa3MU15=!lbD>F3XicyMgUvU<^=!% literal 0 HcmV?d00001 diff --git a/scheme/arm-cca/test/corim/unsignedCorimCcaRealmComidCcaRealmNoInstance.cbor b/scheme/arm-cca/test/corim/unsignedCorimCcaRealmComidCcaRealmNoInstance.cbor new file mode 100644 index 0000000000000000000000000000000000000000..e6351aa9497b4bb540eb8f4d6adc13d5947e255e GIT binary patch literal 541 zcmZ3=5D*jo;)~l^C+UeNInGahX!D1$F_LlnO~zkK7*bR7blsg87cvAm?|xjbm*{Q0 z?sD+?k51iUOpS{fO2YGtvUBniQxu$YGE?(P6nsij^cZg_RLEtNloS+O>Fbw66(ob@ z^-?Pma|?1(nVK0GnOGJwG&U_{Sj2EcHQ=l~U#QwoH{P8$zW;q#SW&}RjK$=Ij0^de zCKqMqHa4+G7&x_T&GcDz;L>^b&ILQ8PB6tZ_C8f+G4pv9g2{g zrXqaf^ur{IgVds&JNY$n7fMtJTtK`*>}a%g) 1 { - var profiles []string - for _, p := range *uc.Profiles { - name, _ := p.Get() - profiles = append(profiles, name) - } - return nil, fmt.Errorf("found multiple profiles (expected exactly one): %s", strings.Join(profiles, ", ")) - } - p := (*uc.Profiles)[0] - profile, err := p.Get() + if uc.Profile != nil { + profile, err := uc.Profile.Get() if err != nil { return nil, fmt.Errorf("failed to get the profile information: %w", err) } @@ -78,15 +67,17 @@ func UnsignedCorimDecoder( } if c.Triples.ReferenceValues != nil { - for _, rv := range *c.Triples.ReferenceValues { - refVals, err := xtr.RefValExtractor(rv) - if err != nil { - return nil, fmt.Errorf("bad software component in CoMID at index %d: %w", i, err) - } + refVals, err := xtr.RefValExtractor(*c.Triples.ReferenceValues) + if err != nil { + return nil, fmt.Errorf( + "bad software component in CoMID at index %d: %w", + i, + err, + ) + } - for _, refVal := range refVals { - rsp.ReferenceValues = append(rsp.ReferenceValues, *refVal) - } + for _, refVal := range refVals { + rsp.ReferenceValues = append(rsp.ReferenceValues, *refVal) } } @@ -94,7 +85,11 @@ func UnsignedCorimDecoder( for _, avk := range *c.Triples.AttestVerifKeys { k, err := xtr.TaExtractor(avk) if err != nil { - return nil, fmt.Errorf("bad key in CoMID at index %d: %w", i, err) + return nil, fmt.Errorf( + "bad key in CoMID at index %d: %w", + i, + err, + ) } rsp.TrustAnchors = append(rsp.TrustAnchors, *k) diff --git a/scheme/parsec-cca/corim_test_vectors.go b/scheme/parsec-cca/corim_test_vectors.go index 8eef79a7..4a6a62ef 100644 --- a/scheme/parsec-cca/corim_test_vectors.go +++ b/scheme/parsec-cca/corim_test_vectors.go @@ -1,55 +1,14 @@ -// Copyright 2023 Contributors to the Veraison project. +// Copyright 2023-2024 Contributors to the Veraison project. // SPDX-License-Identifier: Apache-2.0 package parsec_cca -// automatically generated from: -// ComidParsecCcaRefValOne.json and corimParsecCca.json -var unsignedCorimComidParsecCcaRefValOne = ` -a600505c57e8f446cd421b91c908cf93e13cfc018158b4d901faa4006565 -6e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a3006941 -434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d70 -6c65028300010204a1008182a100a300d90258582061636d652d696d706c -656d656e746174696f6e2d69642d303030303030303031016441434d4502 -6a526f616452756e6e657281a200d9025a6a6366672076312e302e3001a1 -04d902305272617776616c75650a72617776616c75650a0281a200d82078 -4068747470733a2f2f706172656e742e6578616d706c652f72696d732f63 -636233616138352d363162342d343066312d383438652d30326164366538 -61323534620182015820e45b72f5c0c0b572db4d8d3ab7e97f368ff74e62 -347a824decb67a84e5224d750381782c7461673a6769746875622e636f6d -2f706172616c6c61787365636f6e642c323032332d30332d30333a636361 -04a200c11a61ce480001c11a695467800581a3006941434d45204c74642e -01d8206c61636d652e6578616d706c65028101 -` +import _ "embed" -// automatically generated from: -// ComidParsecCcaMultRefVal.json and corimParsecCca.json -var unsignedCorimComidParsecCcaMultRefVal = ` -a600505c57e8f446cd421b91c908cf93e13cfc018159022ed901faa40065 -656e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a30069 -41434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d -706c65028300010204a1008182a100a300d9025858207f454c4602010100 -000000000000000003003e00010000005058000000000000016441434d45 -026a526f616452756e6e657285a200d90259a30162424c0465332e342e32 -05582007060504030201000f0e0d0c0b0a090817161514131211101f1e1d -1c1b1a191801a102818201582007060504030201000f0e0d0c0b0a090817 -161514131211101f1e1d1c1b1a1918a200d90259a301624d310463312e32 -05582007060504030201000f0e0d0c0b0a090817161514131211101f1e1d -1c1b1a191801a102818201582007060504030201000f0e0d0c0b0a090817 -161514131211101f1e1d1c1b1a1918a200d90259a301624d320465312e32 -2e3305582007060504030201000f0e0d0c0b0a090817161514131211101f -1e1d1c1b1a191801a102818201582007060504030201000f0e0d0c0b0a09 -0817161514131211101f1e1d1c1b1a1918a200d90259a301624d33046131 -05582007060504030201000f0e0d0c0b0a090817161514131211101f1e1d -1c1b1a191801a102818201582007060504030201000f0e0d0c0b0a090817 -161514131211101f1e1d1c1b1a1918a200d9025a6a6366672076312e302e -3001a104d9023058210107060504030201000f0e0d0c0b0a090817161514 -131211101f1e1d1c1b1a19180281a200d820784068747470733a2f2f7061 -72656e742e6578616d706c652f72696d732f63636233616138352d363162 -342d343066312d383438652d3032616436653861323534620182015820e4 -5b72f5c0c0b572db4d8d3ab7e97f368ff74e62347a824decb67a84e5224d -750381782c7461673a6769746875622e636f6d2f706172616c6c61787365 -636f6e642c323032332d30332d30333a63636104a200c11a61ce480001c1 -1a695467800581a3006941434d45204c74642e01d8206c61636d652e6578 -616d706c65028101 -` +var ( + //go:embed test/corim/unsignedCorimParsecCcaComidParsecCcaRefValOne.cbor + unsignedCorimComidParsecCcaRefValOne []byte + + //go:embed test/corim/unsignedCorimParsecCcaComidParsecCcaMultRefVal.cbor + unsignedCorimComidParsecCcaMultRefVal []byte +) diff --git a/scheme/parsec-cca/endorsement_handler_test.go b/scheme/parsec-cca/endorsement_handler_test.go index d44da569..59a38a20 100644 --- a/scheme/parsec-cca/endorsement_handler_test.go +++ b/scheme/parsec-cca/endorsement_handler_test.go @@ -6,11 +6,10 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/veraison/corim/comid" ) func TestDecoder_Decode_OK(t *testing.T) { - tvs := []string{ + tvs := [][]byte{ unsignedCorimComidParsecCcaRefValOne, unsignedCorimComidParsecCcaMultRefVal, } @@ -18,8 +17,7 @@ func TestDecoder_Decode_OK(t *testing.T) { d := &EndorsementHandler{} for _, tv := range tvs { - data := comid.MustHexDecode(t, tv) - _, err := d.Decode(data) + _, err := d.Decode(tv) assert.NoError(t, err) } } diff --git a/scheme/parsec-cca/parsec_cca_extractor.go b/scheme/parsec-cca/parsec_cca_extractor.go index c6dc35d5..cb052eb3 100644 --- a/scheme/parsec-cca/parsec_cca_extractor.go +++ b/scheme/parsec-cca/parsec_cca_extractor.go @@ -14,15 +14,17 @@ type ParsecCcaExtractor struct { Profile string } -func (o ParsecCcaExtractor) RefValExtractor(rv comid.ReferenceValue) ([]*handler.Endorsement, error) { +func (o ParsecCcaExtractor) RefValExtractor( + rvs comid.ValueTriples, +) ([]*handler.Endorsement, error) { if o.Profile != "tag:github.com/parallaxsecond,2023-03-03:cca" { return nil, fmt.Errorf("invalid profile: %s for scheme PARSEC_CCA", o.Profile) } subScheme := &platform.CcaSsdExtractor{} - return subScheme.RefValExtractor(rv) + return subScheme.RefValExtractor(rvs) } -func (o ParsecCcaExtractor) TaExtractor(avk comid.AttestVerifKey) (*handler.Endorsement, error) { +func (o ParsecCcaExtractor) TaExtractor(avk comid.KeyTriple) (*handler.Endorsement, error) { if o.Profile != "tag:github.com/parallaxsecond,2023-03-03:cca" { return nil, fmt.Errorf("invalid profile: %s for scheme PARSEC_CCA", o.Profile) } diff --git a/scheme/parsec-cca/test/corim/ComidParsecCcaMultRefVal.json b/scheme/parsec-cca/test/corim/ComidParsecCcaMultRefVal.json deleted file mode 100644 index 7cdf68a1..00000000 --- a/scheme/parsec-cca/test/corim/ComidParsecCcaMultRefVal.json +++ /dev/null @@ -1,108 +0,0 @@ -{ - "lang": "en-GB", - "tag-identity": { - "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", - "version": 0 - }, - "entities": [ - { - "name": "ACME Ltd.", - "regid": "https://acme.example", - "roles": [ - "tagCreator", - "creator", - "maintainer" - ] - } - ], - "triples": { - "reference-values": [ - { - "environment": { - "class": { - "id": { - "type": "psa.impl-id", - "value": "f0VMRgIBAQAAAAAAAAAAAAMAPgABAAAAUFgAAAAAAAA=" - }, - "vendor": "ACME", - "model": "RoadRunner" - } - }, - "measurements": [ - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "3.4.2", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } - }, - "value": { - "digests": [ - "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] - } - }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M1", - "version": "1.2", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } - }, - "value": { - "digests": [ - "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] - } - }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M2", - "version": "1.2.3", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } - }, - "value": { - "digests": [ - "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] - } - }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M3", - "version": "1", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } - }, - "value": { - "digests": [ - "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] - } - }, - { - "key": { - "type": "cca.platform-config-id", - "value": "cfg v1.0.0" - }, - "value": { - "raw-value": { - "type": "bytes", - "value": "AQcGBQQDAgEADw4NDAsKCQgXFhUUExIREB8eHRwbGhkY" - } - } - } - ] - } - ] - } - } \ No newline at end of file diff --git a/scheme/parsec-cca/test/corim/Makefile b/scheme/parsec-cca/test/corim/Makefile deleted file mode 100644 index 104ebcfc..00000000 --- a/scheme/parsec-cca/test/corim/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -OUTPUT := ../../corim_test_vectors.go - -DEPS := $(wildcard Comid*.json) - -all: $(OUTPUT) - -$(OUTPUT): $(DEPS) - env TV_DOT_GO=$(OUTPUT) ./build-test-vectors.sh - -clean: ; $(RM) -f *.cbor \ No newline at end of file diff --git a/scheme/parsec-cca/test/corim/build-test-vectors.sh b/scheme/parsec-cca/test/corim/build-test-vectors.sh index 684d5954..839baf6a 100755 --- a/scheme/parsec-cca/test/corim/build-test-vectors.sh +++ b/scheme/parsec-cca/test/corim/build-test-vectors.sh @@ -1,41 +1,23 @@ #!/bin/bash -# Copyright 2022-2023 Contributors to the Veraison project. +# Copyright 2022-2024 Contributors to the Veraison project. # SPDX-License-Identifier: Apache-2.0 set -eu set -o pipefail -# function generate_go_test_vector constructs CBOR test vector using -# supplied comid and corim json template and saves them in a file -# $1 file name for comid json template, example one of COMID_TEMPLATES -# $2 file name for corim json template, example CORIM_TEMPLATE -# $3 a qualifier for each cbor test vector name -# $4 name of the file where the generated CBOR test vectors are aggregated -generate_go_test_vector () { - echo "generating test vector using $1 $2" - cocli comid create -t $1.json - cocli corim create -m $1.cbor -t $2 -o corim$1.cbor - echo "// automatically generated from:" >> $4 - echo "// $1.json and $2" >> $4 - echo "var $3$1 = "'`' >> $4 - cat corim$1.cbor | xxd -p >> $4 - echo '`' >> $4 -} +THIS_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +GEN_CORIM="$THIS_DIR/../../../common/scripts/gen-corim" -CORIM_TEMPLATE="corimParsecCca.json" +CORIM_TEMPLATE=corimParsecCca -COMID_TEMPLATES= -COMID_TEMPLATES="${COMID_TEMPLATES} ComidParsecCcaRefValOne" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidParsecCcaMultRefVal" +COMID_TEMPLATES=( + ComidParsecCcaRefValOne + ComidParsecCcaMultRefVal +) - -TV_DOT_GO=${TV_DOT_GO?must be set in the environment.} - -printf "package parsec_cca\n\n" > ${TV_DOT_GO} - -for t in ${COMID_TEMPLATES} +for comid in "${COMID_TEMPLATES[@]}" do - generate_go_test_vector $t $CORIM_TEMPLATE "unsignedCorim" $TV_DOT_GO + "$GEN_CORIM" "$THIS_DIR" "$comid" "$CORIM_TEMPLATE" "unsigned" done -gofmt -w $TV_DOT_GO +echo "done" diff --git a/scheme/parsec-cca/test/corim/src/ComidParsecCcaMultRefVal.json b/scheme/parsec-cca/test/corim/src/ComidParsecCcaMultRefVal.json new file mode 100644 index 00000000..4913c8c5 --- /dev/null +++ b/scheme/parsec-cca/test/corim/src/ComidParsecCcaMultRefVal.json @@ -0,0 +1,154 @@ +{ + "lang": "en-GB", + "tag-identity": { + "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", + "version": 0 + }, + "entities": [ + { + "name": "ACME Ltd.", + "regid": "https://acme.example", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "f0VMRgIBAQAAAAAAAAAAAAMAPgABAAAAUFgAAAAAAAA=" + }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", + "value": { + "label": "BL", + "version": "3.4.2", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + } + }, + "value": { + "digests": [ + "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "f0VMRgIBAQAAAAAAAAAAAAMAPgABAAAAUFgAAAAAAAA=" + }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", + "value": { + "label": "M1", + "version": "1.2", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + } + }, + "value": { + "digests": [ + "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "f0VMRgIBAQAAAAAAAAAAAAMAPgABAAAAUFgAAAAAAAA=" + }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", + "value": { + "label": "M2", + "version": "1.2.3", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + } + }, + "value": { + "digests": [ + "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "f0VMRgIBAQAAAAAAAAAAAAMAPgABAAAAUFgAAAAAAAA=" + }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", + "value": { + "label": "M3", + "version": "1", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + } + }, + "value": { + "digests": [ + "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "f0VMRgIBAQAAAAAAAAAAAAMAPgABAAAAUFgAAAAAAAA=" + }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "cca.platform-config-id", + "value": "cfg v1.0.0" + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "AQcGBQQDAgEADw4NDAsKCQgXFhUUExIREB8eHRwbGhkY" + } + } + } + } + ] + } + } diff --git a/scheme/parsec-cca/test/corim/ComidParsecCcaRefValOne.json b/scheme/parsec-cca/test/corim/src/ComidParsecCcaRefValOne.json similarity index 67% rename from scheme/parsec-cca/test/corim/ComidParsecCcaRefValOne.json rename to scheme/parsec-cca/test/corim/src/ComidParsecCcaRefValOne.json index c24561ee..440d3c38 100644 --- a/scheme/parsec-cca/test/corim/ComidParsecCcaRefValOne.json +++ b/scheme/parsec-cca/test/corim/src/ComidParsecCcaRefValOne.json @@ -28,21 +28,19 @@ "model": "RoadRunner" } }, - "measurements": [ - { - "key": { - "type": "cca.platform-config-id", - "value": "cfg v1.0.0" - }, - "value": { - "raw-value": { - "type": "bytes", - "value": "cmF3dmFsdWUKcmF3dmFsdWUK" - } + "measurement": { + "key": { + "type": "cca.platform-config-id", + "value": "cfg v1.0.0" + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "cmF3dmFsdWUKcmF3dmFsdWUK" } } - ] + } } ] } - } \ No newline at end of file + } diff --git a/scheme/parsec-cca/test/corim/corimParsecCca.json b/scheme/parsec-cca/test/corim/src/corimParsecCca.json similarity index 86% rename from scheme/parsec-cca/test/corim/corimParsecCca.json rename to scheme/parsec-cca/test/corim/src/corimParsecCca.json index 44e84c4e..9796f95a 100644 --- a/scheme/parsec-cca/test/corim/corimParsecCca.json +++ b/scheme/parsec-cca/test/corim/src/corimParsecCca.json @@ -6,9 +6,7 @@ "thumbprint": "sha-256:5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXU=" } ], - "profiles": [ - "tag:github.com/parallaxsecond,2023-03-03:cca" - ], + "profile": "tag:github.com/parallaxsecond,2023-03-03:cca", "validity": { "not-before": "2021-12-31T00:00:00Z", "not-after": "2025-12-31T00:00:00Z" @@ -22,4 +20,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/scheme/parsec-cca/test/corim/unsignedCorimParsecCcaComidParsecCcaMultRefVal.cbor b/scheme/parsec-cca/test/corim/unsignedCorimParsecCcaComidParsecCcaMultRefVal.cbor new file mode 100644 index 0000000000000000000000000000000000000000..9758a45139c3425f2df79d3a72f239b67ac60e19 GIT binary patch literal 1026 zcmZ3+5D*jo;)~l^C+UeNInGahX!D1$F_KyKCgZOq45_Jky6#Sl3mF2OcR#MzOY}Bg zcRBd{N2hKvrpCn#nU2oBt_nUSDSC`I6iPBmN(zdt^z{>yb5r$FD-v@Ha#ER^85o&Z z7BaLpEo4~CaFZz_LZRN($Bl`RkpTvn8SEH9ynqOZ2xAJ!RHm$;{KS-?(!9LXqD4TB zk&79VoP1bPjrC0Qj94QS*x6WFn3)(E`1yEwxVbnv#KlBKgoOkJ$qO(uf~ zMMgr&i>YxD!wrQB2UwafNGwXtD}kkY{i4j=V*TXgB;&+H3sYS)!z2@36N5BET?-S7 zR9yq3#1yksi$o(+lO#q^8hsL7^!31jtwpzed#$#=tT*fb?w4dz)#UqTTUEnA4Xrs}0uB<2?6q%t)#Ffy?$ zWN2(!$gr5{UY3|sn#u)dFf}e>xS>$t0CPz}ViC{^m|OIV zGINXdlarH-6B8{=b&^PV`z4uFHTk~TR@L%U$+wibLZ>7#-6}n^B%?G*FF8L~A81`-PEKM) wacXjYUW$&9fswJU0SH+oCnvHjVmK(3c+P`?@t{;@NO}V+didp_gj*vc05> $4 - echo "// $1.json and $2" >> $4 - echo "var $3$1 = "'`' >> $4 - cat corim$1.cbor | xxd -p >> $4 - echo '`' >> $4 -} - -CORIM_TEMPLATE="corimMini.json" - -COMID_TEMPLATES= -COMID_TEMPLATES="${COMID_TEMPLATES} ComidParsecTpmKeyGood" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidParsecTpmKeyNoClass" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidParsecTpmKeyNoClassId" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidParsecTpmKeyNoInstance" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidParsecTpmKeyUnknownClassIdType" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidParsecTpmKeyUnknownInstanceType" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidParsecTpmKeyManyKeys" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidParsecTpmPcrsGood" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidParsecTpmPcrsNoClass" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidParsecTpmPcrsNoPCR" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidParsecTpmPcrsUnknownPCRType" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidParsecTpmPcrsNoDigests" - -TV_DOT_GO=${TV_DOT_GO?must be set in the environment.} - -printf "package parsec_tpm\n\n" > ${TV_DOT_GO} - -for t in ${COMID_TEMPLATES} +THIS_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +GEN_CORIM="$THIS_DIR/../../../common/scripts/gen-corim" + +CORIM_TEMPLATE=corimMini + +COMID_TEMPLATES=( + ComidParsecTpmKeyGood + ComidParsecTpmKeyNoClass + ComidParsecTpmKeyNoClassId + ComidParsecTpmKeyNoInstance + ComidParsecTpmKeyUnknownClassIdType + ComidParsecTpmKeyUnknownInstanceType + ComidParsecTpmKeyManyKeys + ComidParsecTpmPcrsGood + ComidParsecTpmPcrsNoClass + ComidParsecTpmPcrsNoPCR + ComidParsecTpmPcrsUnknownPCRType + ComidParsecTpmPcrsNoDigests +) + +for comid in "${COMID_TEMPLATES[@]}" do - generate_go_test_vector $t $CORIM_TEMPLATE "unsignedCorim" $TV_DOT_GO + "$GEN_CORIM" "$THIS_DIR" "$comid" "$CORIM_TEMPLATE" "unsigned" done -gofmt -w $TV_DOT_GO +echo "done" diff --git a/scheme/parsec-tpm/test/corim/corimMini.json b/scheme/parsec-tpm/test/corim/corimMini.json deleted file mode 100644 index 265537bf..00000000 --- a/scheme/parsec-tpm/test/corim/corimMini.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "corim-id": "B3EC060E-2A5B-4BC2-8F71-1DAB08CE5BE9", - "profiles": [ - "tag:github.com/parallaxsecond,2023-03-03:tpm" - ] -} diff --git a/scheme/parsec-tpm/test/corim/ComidParsecTpmKeyGood.json b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmKeyGood.json similarity index 100% rename from scheme/parsec-tpm/test/corim/ComidParsecTpmKeyGood.json rename to scheme/parsec-tpm/test/corim/src/ComidParsecTpmKeyGood.json diff --git a/scheme/parsec-tpm/test/corim/ComidParsecTpmKeyManyKeys.json b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmKeyManyKeys.json similarity index 100% rename from scheme/parsec-tpm/test/corim/ComidParsecTpmKeyManyKeys.json rename to scheme/parsec-tpm/test/corim/src/ComidParsecTpmKeyManyKeys.json diff --git a/scheme/parsec-tpm/test/corim/ComidParsecTpmKeyNoClass.json b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmKeyNoClass.json similarity index 100% rename from scheme/parsec-tpm/test/corim/ComidParsecTpmKeyNoClass.json rename to scheme/parsec-tpm/test/corim/src/ComidParsecTpmKeyNoClass.json diff --git a/scheme/parsec-tpm/test/corim/ComidParsecTpmKeyNoClassId.json b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmKeyNoClassId.json similarity index 100% rename from scheme/parsec-tpm/test/corim/ComidParsecTpmKeyNoClassId.json rename to scheme/parsec-tpm/test/corim/src/ComidParsecTpmKeyNoClassId.json diff --git a/scheme/parsec-tpm/test/corim/ComidParsecTpmKeyNoInstance.json b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmKeyNoInstance.json similarity index 100% rename from scheme/parsec-tpm/test/corim/ComidParsecTpmKeyNoInstance.json rename to scheme/parsec-tpm/test/corim/src/ComidParsecTpmKeyNoInstance.json diff --git a/scheme/parsec-tpm/test/corim/ComidParsecTpmKeyUnknownClassIdType.json b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmKeyUnknownClassIdType.json similarity index 100% rename from scheme/parsec-tpm/test/corim/ComidParsecTpmKeyUnknownClassIdType.json rename to scheme/parsec-tpm/test/corim/src/ComidParsecTpmKeyUnknownClassIdType.json diff --git a/scheme/parsec-tpm/test/corim/ComidParsecTpmKeyUnknownInstanceType.json b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmKeyUnknownInstanceType.json similarity index 100% rename from scheme/parsec-tpm/test/corim/ComidParsecTpmKeyUnknownInstanceType.json rename to scheme/parsec-tpm/test/corim/src/ComidParsecTpmKeyUnknownInstanceType.json diff --git a/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsGood.json b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsGood.json new file mode 100644 index 00000000..7b17ff43 --- /dev/null +++ b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsGood.json @@ -0,0 +1,64 @@ +{ + "tag-identity": { + "id": "99019224-57AA-44BC-BEF8-D36BDD6BD035" + }, + "entities": [ + { + "name": "Parsec", + "regid": "https://github.com/parallaxsecond", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "uuid", + "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" + } + } + }, + "measurement": { + "key": { + "type": "uint", + "value": 0 + }, + "value": { + "digests": [ + "sha-256;h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=", + "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "uuid", + "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" + } + } + }, + "measurement": { + "key": { + "type": "uint", + "value": 1 + }, + "value": { + "digests": [ + "sha-256;rqg3uI4yCrzUdvWDmVLV4aYSwOSiJcuSBdIAcebDd0U=", + "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + } + } + } + ] + } +} diff --git a/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsNoClass.json b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsNoClass.json new file mode 100644 index 00000000..1fcaadec --- /dev/null +++ b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsNoClass.json @@ -0,0 +1,60 @@ +{ + "tag-identity": { + "id": "99019224-57AA-44BC-BEF8-D36BDD6BD035" + }, + "entities": [ + { + "name": "Parsec", + "regid": "https://github.com/parallaxsecond", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "instance": { + "type": "ueid", + "value": "AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + } + }, + "measurement": { + "key": { + "type": "uint", + "value": 0 + }, + "value": { + "digests": [ + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=", + "sha-384:QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" + ] + } + } + }, + { + "environment": { + "instance": { + "type": "ueid", + "value": "AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + } + }, + "measurement": { + "key": { + "type": "uint", + "value": 1 + }, + "value": { + "digests": [ + "sha-256:rqg3uI4yCrzUdvWDmVLV4aYSwOSiJcuSBdIAcebDd0U=", + "sha-384:IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + } + } + } + ] + } +} diff --git a/scheme/parsec-tpm/test/corim/ComidParsecTpmPcrsNoDigests.json b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsNoDigests.json similarity index 71% rename from scheme/parsec-tpm/test/corim/ComidParsecTpmPcrsNoDigests.json rename to scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsNoDigests.json index 37641242..498bd325 100644 --- a/scheme/parsec-tpm/test/corim/ComidParsecTpmPcrsNoDigests.json +++ b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsNoDigests.json @@ -24,18 +24,16 @@ } } }, - "measurements": [ - { - "key": { - "type": "uint", - "value": 0 - }, - "value": { - "serial-number": "1234" - } + "measurement": { + "key": { + "type": "uint", + "value": 0 + }, + "value": { + "serial-number": "1234" } - ] + } } ] } -} \ No newline at end of file +} diff --git a/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsNoPCR.json b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsNoPCR.json new file mode 100644 index 00000000..b5a10aef --- /dev/null +++ b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsNoPCR.json @@ -0,0 +1,56 @@ +{ + "tag-identity": { + "id": "99019224-57AA-44BC-BEF8-D36BDD6BD035" + }, + "entities": [ + { + "name": "Parsec", + "regid": "https://github.com/parallaxsecond", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "uuid", + "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" + } + } + }, + "measurement": { + "value": { + "digests": [ + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=", + "sha-384:QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "uuid", + "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" + } + } + }, + "measurement": { + "value": { + "digests": [ + "sha-256:rqg3uI4yCrzUdvWDmVLV4aYSwOSiJcuSBdIAcebDd0U=", + "sha-384:IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + } + } + } + ] + } +} diff --git a/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsUnknownPCRType.json b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsUnknownPCRType.json new file mode 100644 index 00000000..884ba66d --- /dev/null +++ b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsUnknownPCRType.json @@ -0,0 +1,64 @@ +{ + "tag-identity": { + "id": "99019224-57AA-44BC-BEF8-D36BDD6BD035" + }, + "entities": [ + { + "name": "Parsec", + "regid": "https://github.com/parallaxsecond", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "uuid", + "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" + } + } + }, + "measurement": { + "key": { + "type": "uuid", + "value": "30688A70-22F8-4966-8E52-8BE779DC57BA" + }, + "value": { + "digests": [ + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=", + "sha-384:QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "uuid", + "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" + } + } + }, + "measurement": { + "key": { + "type": "uuid", + "value": "94152A59-91E3-44C8-B75E-BE7F777A11BF" + }, + "value": { + "digests": [ + "sha-256:rqg3uI4yCrzUdvWDmVLV4aYSwOSiJcuSBdIAcebDd0U=", + "sha-384:IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + } + } + } + ] + } +} diff --git a/scheme/parsec-tpm/test/corim/src/corimMini.json b/scheme/parsec-tpm/test/corim/src/corimMini.json new file mode 100644 index 00000000..8abf8483 --- /dev/null +++ b/scheme/parsec-tpm/test/corim/src/corimMini.json @@ -0,0 +1,4 @@ +{ + "corim-id": "B3EC060E-2A5B-4BC2-8F71-1DAB08CE5BE9", + "profile": "tag:github.com/parallaxsecond,2023-03-03:tpm" +} diff --git a/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyGood.cbor b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyGood.cbor new file mode 100644 index 0000000000000000000000000000000000000000..ef312de1a3d339fa0f009c8dac6068edd22f6416 GIT binary patch literal 398 zcmZ3?5U}|T8=qFR_o4nm+0`89qF*vLMl!nJWc;<5aUny%y9fD`UpD#fncAAf)tI9f z$<(-*AuS-Ws5mv5@rFW$Vn#_xL9vy-etKp}Mro2>a(=FUL1Iy2PEKM4P)UAX3R5!! zBNNL)=EkN)3=0`BhVB#`nJu3oB|EZ!)PxC^9k-0F5`9v??~}f`F5& zyQiN*K&X?Cr?Y~$Yb02Z%hxTt+_gN?!#h99vntEL*)cHE6UugR3`}+jOm}n*@eXox z)ekBUj>ymVv~WpDED7+BOxG{X^v*SkC@KljFLm{GEh`L+Dk}H#@JLQ8H%K-P536#| zFZ3~v)DJYP$o6ncO9>4t3^oc6&kjiO_BSvtEw{Dh0z1Lg&jsC8%oRE%iRo52Lr2HR Oz{ptF0EDbc3UUG3zzijf|Gqp8|t1(9} zlBsbqLs~#$QE_TA;|+xh#f*}Yf?_Lu{q)R|jM5~%zY2lKRSQ6kLnXX@&>78p7QB)G5U+U`XT2>esRaEZf;gOtHZjfvo9#-X^ zU+7~TsUK)ok?rA@mJ%9P7;F?Co*j_l?QdXQT5fC01$Kg~p9{LHhNPpJD|AW{)2(nu Ssg99>k+H4;2w9aBa(=FUL1Iy2PEKM4P)UAX3R5!! zBNNL)=EkOlj5nFoA`}@J2!O_$Oj;EibV0z$)!oxiAt2Pr$J1HC+cgp_$mQ#nUG7>Q z>EWFphIj|Lx#|a%2S?=Rds?`pB$fpDN2cqSW_sru zMHH2U=$E?sx|S6NMirHNd3YqJl^Y}*hlf?U=NI}IN9qTfRb+d(rKN<16$TrHhi3<* rc>5a|mzLYwa)F)T>gR&)D&`8ElEic?oZ+BjWME{hYXCx4B?Y+v!q;-z literal 0 HcmV?d00001 diff --git a/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyNoClassId.cbor b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyNoClassId.cbor new file mode 100644 index 0000000000000000000000000000000000000000..bc6f5421c9f23e68a1fa22a548bcf97a7fc5a6a7 GIT binary patch literal 389 zcmZ3?5U}|T8=qFR_o4nm+0`89qF*vLMl#ynWc;<5aUny%y9fD`UpD#fncAAf)tI9f z$<(-*AuS-Ws5mv5@rFW$Vn#_xL9vy-etKp}Mro2>a(=FUL1Iy2PEKM4P)UAX3R5!! zBNNL)=EkN)3=0`E9i4q$6+H8j^%!q5sYNIr;P42&u&_ww*aPAfM^HVzM~a?daHF^<#^G^@z= za7#-G4J!;b3J=c?Nb&YJFfJ{(wdDdk!PU6QSl0lAtV#-U E0m3YHaR2}S literal 0 HcmV?d00001 diff --git a/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyNoInstance.cbor b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyNoInstance.cbor new file mode 100644 index 0000000000000000000000000000000000000000..d1a2103e25b37854d46fce6f09c7161efb406078 GIT binary patch literal 359 zcmZ3?5U}|T8=qFR_o4nm+0`89qF*vLMlvegWc;<5aUny%y9fD`UpD#fncAAf)tI9f z$<(-*AuS-Ws5mv5@rFW$Vn#_xL9vy-etKp}Mro2>a(=FUL1Iy2PEKM4P)UAX3R5!! zBNNL)=EkOl3=0`BhVB#`nJu3oB|GZ!&3BY|sS(Cs%h*KZSr$Cm&B| z1#j0#uppPOTXwl?d8CJTew1fbmVvWlV5BFM?cx}i>=Kyn=o;c3g!ro7#LMl?&aZ;oK|j-Y#bg|<(^;YV;rd;XjYN! z;g*&X8dex=6ds-(kmBucU|d>mYs&?8f~%hkx~rHgbV?G_t#Eo<$H>6QSl0lAtV#-U E0Ut_x#{d8T literal 0 HcmV?d00001 diff --git a/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyUnknownClassIdType.cbor b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyUnknownClassIdType.cbor new file mode 100644 index 0000000000000000000000000000000000000000..df232ea8fac948539cdf4dc17a039cc5808c4baf GIT binary patch literal 385 zcmZ3?5U}|T8=qFR_o4nm+0`89qF*vLMlxF6Wc;<5aUny%y9fD`UpD#fncAAf)tI9f z$<(-*AuS-Ws5mv5@rFW$Vn#_xL9vy-etKp}Mro2>a(=FUL1Iy2PEKM4P)UAX3R5!! zBNNL)=EkN)3=0`<=Kyn=o;c3g!ro7#LMl?&aZ;oK|j-Y#bg|<(^;YV;rd;XjYN!;g*&X z8dex=6ds-(kmBucU|d>mYs&?8f~%hkx~rHgbV?G_t#Ag2j*)?pv919KS(Oyz0szmn BbwB_B literal 0 HcmV?d00001 diff --git a/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyUnknownInstanceType.cbor b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmKeyUnknownInstanceType.cbor new file mode 100644 index 0000000000000000000000000000000000000000..9b3b2195d03edd6dbe339811ad4086048ca69de7 GIT binary patch literal 379 zcmZ3?5U}|T8=qFR_o4nm+0`89qF*vLMlzb*Wc;<5aUny%y9fD`UpD#fncAAf)tI9f z$<(-*AuS-Ws5mv5@rFW$Vn#_xL9vy-etKp}Mro2>a(=FUL1Iy2PEKM4P)UAX3R5!! zBNNL)=EkN)3=0`BhVB#`nJu3oB|EfnsGYhU&Zm&KKsEUHZ@I%fG(y zCX-gh23-(va&`CgQwRuk^6_+5@OF&^3v&6oWtY2_M|ybYM|oCd88|xzMtVZoE{=i8 zE`jNet|8t*Zm#-4<-rm8`JNUoDTyTk{*meWrJ3HjMiE6NA^N4RzOH43fl)=}ULGFF zY2^mV#^GUA?)im2#*zAgW);~UZfPl@VTHj);o;cl%QNRY^fE09Dz8WB>pF literal 0 HcmV?d00001 diff --git a/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsGood.cbor b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsGood.cbor new file mode 100644 index 0000000000000000000000000000000000000000..6c3ee245a2958a7bf2b1de1f8c7c9efea75f0a7f GIT binary patch literal 391 zcmZ3?5U}|T8=qFR_o4nm+0`89qF*vLMlw3wWc;<5aUny%OvXtn;j3Ks?E7&!`)>9H zQ>Mnn3~2$0Ma8Mfj5ic26f;Un3W}}t_0uy;GD?&5lJj%*3lfVGb8-?ZfJ*Z7Qka?< z7@1fWGBhLp9*6JYT5VPdDD3H@^RUSXfcBh=GA|AyZQmV}wGxQ~yz=23te6 zxaxB@AMBr$a;6zReNer(ivM21k@Kp@o7f`^oLaVK`Ybze>AZXAf}K$(m|_}xpDMGM zc|Sj^*|_P_+heVpmDKAFMMzFl5x#M9)4{K}t!0E+yKaT~jy@x9H zQ>Mnn3~2$0Ma8Mfj5ic26f;Un3W}}t_0uy;GD?&5lJj%*3lfVGb8-?ZfJ*Z7Qka?< z7@1fWGBhcQqYWsL?m&?xEWZAaadzt9!Z-G9a#AU`&?!kwx5624Iz|RY#<~U|WK~j-3jiIll(zr? literal 0 HcmV?d00001 diff --git a/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsNoDigests.cbor b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsNoDigests.cbor new file mode 100644 index 0000000000000000000000000000000000000000..42c253fc89cd48561a7f3b910b4f3080cceed7bd GIT binary patch literal 187 zcmZ3?5U}|T8=qFR_o4nm+0`89qF*vLMwH%U{I!^IAw$4S#z`vSt6cW%`*At@ZuSLJ zrpCn#X#t5v#i_}RHxw!qGfGMdimmkZ(=$slN|W@G^K9H zQ>Mnn3~2$0Ma8Mfj5ic26f;Un3W}}t_0uy;GD?&5lJj%*3lfVGb8-?ZfJ*Z7Qka?< z7@1fWGBhLp9*6JYT5VPdDD3H@^RUSXfcBkZ~bXQxju^Lc3G{QKbf3L$hqyBMh8cwr2V)J8C)R{t(%q9>kdUoPE!%SadOkauLLb!x59i!pApxdD`j7sX9it;xJ>B4lSQhh zC$U~)D13If+!bW0BKz*=iGP;rP8H4)4!K?Bd$n3xZ6B}ga@l#CEZa7FFB4t;Ezsw4 kT-3a!QOvq*T@}m~IwgteRyc!1$H>6QSl0lAtV#-U0c7H)iU0rr literal 0 HcmV?d00001 diff --git a/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsUnknownPCRType.cbor b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsUnknownPCRType.cbor new file mode 100644 index 0000000000000000000000000000000000000000..93422612177a7f58a0f57699aad3c9f7732f76d4 GIT binary patch literal 427 zcmZ3?5U}|T8=qFR_o4nm+0`89qF*vLMlz<{Wc;<5aUny%OvXtn;j3Ks?E7&!`)>9H zQ>Mnn3~2$0Ma8Mfj5ic26f;Un3W}}t_0uy;GD?&5lJj%*3lfVGb8-?ZfJ*Z7Qka?< z7@1fWGBhLp9*6JYT5VPdDD3H@^RUSXfcB2qb8b(N&=I!!xZfsQY>4o$y_Z z3z?dl7$X$go%)X|HP{-m#Z{lP`C$K~lrzon>4WOMRs8o7j+|FL-ozeZ;MB4;(`VU% zOXuA?7wn8W!4%Wj`&605%=`IS&Bjfa-X3e+tfXFdC_-|Yitvq-n+|@(>yRm;T9FeU zyPVh_x39juN^n2SA?sF{@8~n)+HE?ZXxbA?Vx WV!9R1pwlrjFf!IP03oZAf?NO&F1a88 literal 0 HcmV?d00001 diff --git a/scheme/psa-iot/corim_extractor.go b/scheme/psa-iot/corim_extractor.go index 6d0b18db..df2aec52 100644 --- a/scheme/psa-iot/corim_extractor.go +++ b/scheme/psa-iot/corim_extractor.go @@ -17,45 +17,50 @@ type CorimExtractor struct { Profile string } -func (o CorimExtractor) RefValExtractor(rv comid.ReferenceValue) ([]*handler.Endorsement, error) { - var classAttrs platform.ClassAttributes - - if o.Profile != "http://arm.com/psa/iot/1" { - return nil, fmt.Errorf("incorrect profile: %s for Scheme PSA_IOT", o.Profile) - } +func (o CorimExtractor) RefValExtractor(rvs comid.ValueTriples) ([]*handler.Endorsement, error) { + refVals := make([]*handler.Endorsement, 0, len(rvs.Values)) + + for i, rv := range rvs.Values { + var classAttrs platform.ClassAttributes + var refVal *handler.Endorsement + var err error + + if o.Profile != "http://arm.com/psa/iot/1" { + return nil, fmt.Errorf( + "incorrect profile: %s for Scheme PSA_IOT", + o.Profile, + ) + } - if err := classAttrs.FromEnvironment(rv.Environment); err != nil { - return nil, fmt.Errorf("could not extract PSA class attributes: %w", err) - } + if err := classAttrs.FromEnvironment(rv.Environment); err != nil { + return nil, fmt.Errorf("could not extract PSA class attributes: %w", err) + } - // Each measurement is encoded in a measurement-map of a CoMID - // reference-triple-record. Since a measurement-map can encode one or more - // measurements, a single reference-triple-record can carry as many - // measurements as needed, provided they belong to the same PSA RoT - // identified in the subject of the "reference value" triple. A single - // reference-triple-record SHALL completely describe the updatable PSA RoT. - refVals := make([]*handler.Endorsement, 0, len(rv.Measurements)) - var refVal *handler.Endorsement - var err error - for i, m := range rv.Measurements { - if m.Key == nil { + if rv.Measurement.Key == nil { return nil, fmt.Errorf("measurement key is not present") } - if !m.Key.IsSet() { + if !rv.Measurement.Key.IsSet() { return nil, fmt.Errorf("measurement key is not set") } // Check which MKey is present and then decide which extractor to invoke - switch m.Key.Type() { + switch rv.Measurement.Key.Type() { case comid.PSARefValIDType: var swCompAttrs platform.SwCompAttributes - refVal, err = o.extractMeas(&swCompAttrs, m, classAttrs) + refVal, err = o.extractMeas(&swCompAttrs, rv.Measurement, classAttrs) if err != nil { - return nil, fmt.Errorf("unable to extract measurement at index %d, %w", i, err) + return nil, fmt.Errorf( + "unable to extract measurement at index %d, %w", + i, + err, + ) } default: - return nil, fmt.Errorf("unknown measurement key: %T", reflect.TypeOf(m.Key)) + return nil, fmt.Errorf( + "unknown measurement key: %T", + reflect.TypeOf(rv.Measurement.Key), + ) } refVals = append(refVals, refVal) } @@ -89,7 +94,7 @@ func (o CorimExtractor) extractMeas( return &refVal, nil } -func (o CorimExtractor) TaExtractor(avk comid.AttestVerifKey) (*handler.Endorsement, error) { +func (o CorimExtractor) TaExtractor(avk comid.KeyTriple) (*handler.Endorsement, error) { // extract implementation ID var classAttrs platform.ClassAttributes if err := classAttrs.FromEnvironment(avk.Environment); err != nil { diff --git a/scheme/psa-iot/endorsement_handler_test.go b/scheme/psa-iot/endorsement_handler_test.go index 586ac0d3..f03cc250 100644 --- a/scheme/psa-iot/endorsement_handler_test.go +++ b/scheme/psa-iot/endorsement_handler_test.go @@ -6,7 +6,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/veraison/corim/comid" ) func TestDecoder_GetAttestationScheme(t *testing.T) { @@ -66,7 +65,7 @@ func TestDecoder_Decode_invalid_data(t *testing.T) { } func TestDecoder_Decode_OK(t *testing.T) { - tvs := []string{ + tvs := [][]byte{ unsignedCorimComidPsaIakPubOne, unsignedCorimComidPsaIakPubTwo, unsignedCorimComidPsaRefValOne, @@ -77,8 +76,7 @@ func TestDecoder_Decode_OK(t *testing.T) { d := &EndorsementHandler{} for _, tv := range tvs { - data := comid.MustHexDecode(t, tv) - _, err := d.Decode(data) + _, err := d.Decode(tv) assert.NoError(t, err) } } @@ -86,7 +84,7 @@ func TestDecoder_Decode_OK(t *testing.T) { func TestDecoder_Decode_negative_tests(t *testing.T) { tvs := []struct { desc string - input string + input []byte expectedErr string }{ { @@ -102,7 +100,7 @@ func TestDecoder_Decode_negative_tests(t *testing.T) { { desc: "missing measurement identifier", input: unsignedCorimComidPsaRefValNoMkey, - expectedErr: `decoding failed for CoMID at index 0: error unmarshalling field "Triples": error unmarshalling field "ReferenceValues": error unmarshalling field "Flags": expected map (CBOR Major Type 5), found Major Type 0`, + expectedErr: `bad software component in CoMID at index 0: measurement key is not present`, }, { desc: "no implementation id specified in the measurement", @@ -121,9 +119,10 @@ func TestDecoder_Decode_negative_tests(t *testing.T) { }} for _, tv := range tvs { - data := comid.MustHexDecode(t, tv.input) - d := &EndorsementHandler{} - _, err := d.Decode(data) - assert.EqualError(t, err, tv.expectedErr) + t.Run(tv.desc, func(t *testing.T) { + d := &EndorsementHandler{} + _, err := d.Decode(tv.input) + assert.EqualError(t, err, tv.expectedErr) + }) } } diff --git a/scheme/psa-iot/test/ComidPsaRefValThree.json b/scheme/psa-iot/test/ComidPsaRefValThree.json deleted file mode 100644 index 8fd66fbc..00000000 --- a/scheme/psa-iot/test/ComidPsaRefValThree.json +++ /dev/null @@ -1,81 +0,0 @@ -{ - "lang": "en-GB", - "tag-identity": { - "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", - "version": 0 - }, - "entities": [ - { - "name": "ACME Ltd.", - "regid": "https://acme.example", - "roles": [ - "tagCreator", - "creator", - "maintainer" - ] - } - ], - "triples": { - "reference-values": [ - { - "environment": { - "class": { - "id": { - "type": "psa.impl-id", - "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" - }, - "vendor": "ACME", - "model": "RoadRunner" - } - }, - "measurements": [ - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "2.1.0", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } - }, - "value": { - "digests": [ - "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" - ] - } - }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "PRoT", - "version": "1.3.5", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } - }, - "value": { - "digests": [ - "sha-256:AmOCmYm2/ZVPcrqvL8ZLwuLwHWktTecphuqAj26ZgT8=" - ] - } - }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "ARoT", - "version": "0.1.4", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } - }, - "value": { - "digests": [ - "sha-256:o6XnFfDMV0pzw/m+u2vCTzL/1bZ7OHJEwskJ2neaFHg=" - ] - } - } - ] - } - ] - } -} diff --git a/scheme/psa-iot/test/build-test-vectors.sh b/scheme/psa-iot/test/build-test-vectors.sh deleted file mode 100755 index f069b0b9..00000000 --- a/scheme/psa-iot/test/build-test-vectors.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash -# Copyright 2022-2023 Contributors to the Veraison project. -# SPDX-License-Identifier: Apache-2.0 - -set -eu -set -o pipefail - -# function generate_go_test_vector constructs CBOR test vector using -# supplied comid and corim json template and saves them in a file -# $1 file name for comid json template, example one of COMID_TEMPLATES -# $2 file name for corim json template, example CORIM_TEMPLATE -# $3 a qualifier for each cbor test vector name -# $4 name of the file where the generated CBOR test vectors are aggregated -generate_go_test_vector () { - echo "generating test vector using $1 $2" - cocli comid create -t $1.json - cocli corim create -m $1.cbor -t $2 -o corim$1.cbor - echo "// automatically generated from:" >> $4 - echo "// $1.json and $2" >> $4 - echo "// nolint:unused" >> $4 - echo "var $3$1 = "'`' >> $4 - cat corim$1.cbor | xxd -p >> $4 - echo '`' >> $4 -} - -# CORIM TEMPLATE -CORIM_TEMPLATE=corimMini.json - -# COMID TEMPLATES -COMID_TEMPLATES= -COMID_TEMPLATES="${COMID_TEMPLATES} ComidPsaIakPubOne" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidPsaIakPubTwo" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidPsaRefValOne" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidPsaRefValThree" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidPsaMultIak" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidPsaRefValMultDigest" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidPsaRefValOnlyMandIDAttr" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidPsaRefValNoMkey" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidPsaRefValNoImplID" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidPsaIakPubNoUeID" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidPsaIakPubNoImplID" - - -TV_DOT_GO=${TV_DOT_GO?must be set in the environment.} - -printf "package psa_iot\n\n" > ${TV_DOT_GO} - -for t in ${COMID_TEMPLATES} -do - generate_go_test_vector $t $CORIM_TEMPLATE "unsignedCorim" $TV_DOT_GO -done - -gofmt -w $TV_DOT_GO diff --git a/scheme/psa-iot/test/corim/build-test-vectors.sh b/scheme/psa-iot/test/corim/build-test-vectors.sh new file mode 100755 index 00000000..c785b40b --- /dev/null +++ b/scheme/psa-iot/test/corim/build-test-vectors.sh @@ -0,0 +1,32 @@ +#!/bin/bash +# Copyright 2022-2024 Contributors to the Veraison project. +# SPDX-License-Identifier: Apache-2.0 + +set -eu +set -o pipefail + +THIS_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +GEN_CORIM="$THIS_DIR/../../../common/scripts/gen-corim" + +CORIM_TEMPLATE=corimMini + +COMID_TEMPLATES=( + ComidPsaIakPubOne + ComidPsaIakPubTwo + ComidPsaRefValOne + ComidPsaRefValThree + ComidPsaMultIak + ComidPsaRefValMultDigest + ComidPsaRefValOnlyMandIDAttr + ComidPsaRefValNoMkey + ComidPsaRefValNoImplID + ComidPsaIakPubNoUeID + ComidPsaIakPubNoImplID +) + +for comid in "${COMID_TEMPLATES[@]}" +do + "$GEN_CORIM" "$THIS_DIR" "$comid" "$CORIM_TEMPLATE" "unsigned" +done + +echo "done" diff --git a/scheme/psa-iot/test/ComidPsaIakPubNoImplID.json b/scheme/psa-iot/test/corim/src/ComidPsaIakPubNoImplID.json similarity index 100% rename from scheme/psa-iot/test/ComidPsaIakPubNoImplID.json rename to scheme/psa-iot/test/corim/src/ComidPsaIakPubNoImplID.json diff --git a/scheme/psa-iot/test/ComidPsaIakPubNoUeID.json b/scheme/psa-iot/test/corim/src/ComidPsaIakPubNoUeID.json similarity index 100% rename from scheme/psa-iot/test/ComidPsaIakPubNoUeID.json rename to scheme/psa-iot/test/corim/src/ComidPsaIakPubNoUeID.json diff --git a/scheme/psa-iot/test/ComidPsaIakPubOne.json b/scheme/psa-iot/test/corim/src/ComidPsaIakPubOne.json similarity index 100% rename from scheme/psa-iot/test/ComidPsaIakPubOne.json rename to scheme/psa-iot/test/corim/src/ComidPsaIakPubOne.json diff --git a/scheme/psa-iot/test/ComidPsaIakPubTwo.json b/scheme/psa-iot/test/corim/src/ComidPsaIakPubTwo.json similarity index 100% rename from scheme/psa-iot/test/ComidPsaIakPubTwo.json rename to scheme/psa-iot/test/corim/src/ComidPsaIakPubTwo.json diff --git a/scheme/psa-iot/test/ComidPsaMultIak.json b/scheme/psa-iot/test/corim/src/ComidPsaMultIak.json similarity index 100% rename from scheme/psa-iot/test/ComidPsaMultIak.json rename to scheme/psa-iot/test/corim/src/ComidPsaMultIak.json diff --git a/scheme/psa-iot/test/ComidPsaRefValMultDigest.json b/scheme/psa-iot/test/corim/src/ComidPsaRefValMultDigest.json similarity index 58% rename from scheme/psa-iot/test/ComidPsaRefValMultDigest.json rename to scheme/psa-iot/test/corim/src/ComidPsaRefValMultDigest.json index 65921af9..8e82b317 100644 --- a/scheme/psa-iot/test/ComidPsaRefValMultDigest.json +++ b/scheme/psa-iot/test/corim/src/ComidPsaRefValMultDigest.json @@ -28,24 +28,22 @@ "model": "RoadRunner" } }, - "measurements": [ - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "2.1.0", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } - }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=", - "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJYjHl4Hu9eg/eYMTPJcc=" - ] + "label": "BL", + "version": "2.1.0", + "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" } + }, + "value": { + "digests": [ + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=", + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJYjHl4Hu9eg/eYMTPJcc=" + ] } - ] + } } ] } diff --git a/scheme/psa-iot/test/ComidPsaRefValNoImplID.json b/scheme/psa-iot/test/corim/src/ComidPsaRefValNoImplID.json similarity index 62% rename from scheme/psa-iot/test/ComidPsaRefValNoImplID.json rename to scheme/psa-iot/test/corim/src/ComidPsaRefValNoImplID.json index 183c77aa..eaf5efc3 100644 --- a/scheme/psa-iot/test/ComidPsaRefValNoImplID.json +++ b/scheme/psa-iot/test/corim/src/ComidPsaRefValNoImplID.json @@ -29,23 +29,21 @@ "index": 0 } }, - "measurements": [ - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "2.1.0", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } - }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" - ] + "label": "BL", + "version": "2.1.0", + "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" } + }, + "value": { + "digests": [ + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" + ] } - ] + } } ] } diff --git a/scheme/psa-iot/test/ComidPsaRefValNoMkey.json b/scheme/psa-iot/test/corim/src/ComidPsaRefValNoMkey.json similarity index 60% rename from scheme/psa-iot/test/ComidPsaRefValNoMkey.json rename to scheme/psa-iot/test/corim/src/ComidPsaRefValNoMkey.json index 4335231c..5b5843f9 100644 --- a/scheme/psa-iot/test/ComidPsaRefValNoMkey.json +++ b/scheme/psa-iot/test/corim/src/ComidPsaRefValNoMkey.json @@ -28,25 +28,23 @@ "model": "RoadRunner" } }, - "measurements": [ - { - "value": { - "op-flags": [ - "notSecure", - "debug" - ], - "digests": [ - "sha-256:RKozavTLFKh5Qy5T3WVxx/qbzK+3X0iCWSYtbqOk2Rs=" - ], - "svn": { - "type": "exact-value", - "value": 10 - } - } + "measurement": { + "value": { + "op-flags": [ + "notSecure", + "debug" + ], + "digests": [ + "sha-256:RKozavTLFKh5Qy5T3WVxx/qbzK+3X0iCWSYtbqOk2Rs=" + ], + "svn": { + "type": "exact-value", + "value": 10 } - ] + } + } } ] } } - \ No newline at end of file + diff --git a/scheme/psa-iot/test/ComidPsaRefValOne.json b/scheme/psa-iot/test/corim/src/ComidPsaRefValOne.json similarity index 62% rename from scheme/psa-iot/test/ComidPsaRefValOne.json rename to scheme/psa-iot/test/corim/src/ComidPsaRefValOne.json index 26536dd5..b163e493 100644 --- a/scheme/psa-iot/test/ComidPsaRefValOne.json +++ b/scheme/psa-iot/test/corim/src/ComidPsaRefValOne.json @@ -28,23 +28,21 @@ "model": "RoadRunner" } }, - "measurements": [ - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "2.1.0", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } - }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" - ] + "label": "BL", + "version": "2.1.0", + "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" } + }, + "value": { + "digests": [ + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" + ] } - ] + } } ] } diff --git a/scheme/psa-iot/test/ComidPsaRefValOnlyMandIDAttr.json b/scheme/psa-iot/test/corim/src/ComidPsaRefValOnlyMandIDAttr.json similarity index 66% rename from scheme/psa-iot/test/ComidPsaRefValOnlyMandIDAttr.json rename to scheme/psa-iot/test/corim/src/ComidPsaRefValOnlyMandIDAttr.json index 7e397360..8a61d047 100644 --- a/scheme/psa-iot/test/ComidPsaRefValOnlyMandIDAttr.json +++ b/scheme/psa-iot/test/corim/src/ComidPsaRefValOnlyMandIDAttr.json @@ -28,21 +28,19 @@ "model": "RoadRunner" } }, - "measurements": [ - { - "key": { - "type": "psa.refval-id", - "value": { - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } - }, + "measurement": { + "key": { + "type": "psa.refval-id", "value": { - "digests": [ - "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" - ] + "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" } + }, + "value": { + "digests": [ + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" + ] } - ] + } } ] } diff --git a/scheme/psa-iot/test/corim/src/ComidPsaRefValThree.json b/scheme/psa-iot/test/corim/src/ComidPsaRefValThree.json new file mode 100644 index 00000000..41a1f2ec --- /dev/null +++ b/scheme/psa-iot/test/corim/src/ComidPsaRefValThree.json @@ -0,0 +1,103 @@ +{ + "lang": "en-GB", + "tag-identity": { + "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", + "version": 0 + }, + "entities": [ + { + "name": "ACME Ltd.", + "regid": "https://acme.example", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" + }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", + "value": { + "label": "BL", + "version": "2.1.0", + "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" + } + }, + "value": { + "digests": [ + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" + }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", + "value": { + "label": "PRoT", + "version": "1.3.5", + "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" + } + }, + "value": { + "digests": [ + "sha-256:AmOCmYm2/ZVPcrqvL8ZLwuLwHWktTecphuqAj26ZgT8=" + ] + } + } + }, + { + "environment": { + "class": { + "id": { + "type": "psa.impl-id", + "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" + }, + "vendor": "ACME", + "model": "RoadRunner" + } + }, + "measurement": { + "key": { + "type": "psa.refval-id", + "value": { + "label": "ARoT", + "version": "0.1.4", + "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" + } + }, + "value": { + "digests": [ + "sha-256:o6XnFfDMV0pzw/m+u2vCTzL/1bZ7OHJEwskJ2neaFHg=" + ] + } + } + } + ] + } +} diff --git a/scheme/psa-iot/test/corimMini.json b/scheme/psa-iot/test/corim/src/corimMini.json similarity index 53% rename from scheme/psa-iot/test/corimMini.json rename to scheme/psa-iot/test/corim/src/corimMini.json index f0116feb..f9528480 100644 --- a/scheme/psa-iot/test/corimMini.json +++ b/scheme/psa-iot/test/corim/src/corimMini.json @@ -1,6 +1,4 @@ { "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc", - "profiles": [ - "http://arm.com/psa/iot/1" - ] + "profile": "http://arm.com/psa/iot/1" } diff --git a/scheme/psa-iot/test/corim/unsignedCorimCorimMiniComidPsaIakPubOne.cbor b/scheme/psa-iot/test/corim/unsignedCorimCorimMiniComidPsaIakPubOne.cbor new file mode 100644 index 0000000000000000000000000000000000000000..88f457770f07ab8c69431a37343b08a75456a55b GIT binary patch literal 383 zcmZ3)5D*jo;)~l^C+UeNInGahX!D1$F_JO;CgZOq45_Jky6#Sl3mF2;a=Ex7J6zwk zbm(h^_$N6rH7;hzbaeK0Rq!cE(PO-!P?AwnQc!HAub-Hlo2r*uk(gVMlgiZ0z{te1 zkh!sG5yN7Jn@kZA3Lt6SOps)5YFy};aS{~`)ogd{{m1W@U7#QgZWxF^ACc6ZtJG#2%8I&aE zJC+9-2jmucXGi*!I2OBD<{OxL2m6}kCZ(tOIj0wt`WU2}g%yN&WJl$g8<%IBI=NKj rhneST`=_R+8f1DFW``Sl_(p{oyM|=uWqPHg+uCx0o#5){g6=8+!_a>J literal 0 HcmV?d00001 diff --git a/scheme/psa-iot/test/corim/unsignedCorimCorimMiniComidPsaIakPubTwo.cbor b/scheme/psa-iot/test/corim/unsignedCorimCorimMiniComidPsaIakPubTwo.cbor new file mode 100644 index 0000000000000000000000000000000000000000..6e93a80a8db4daf4f0e7cf76d8662540b4d1b433 GIT binary patch literal 664 zcmZ3)5D*jo;)~l^C+UeNInGahX!D1$F_Nj_CgZOq45_Jky6#Sl3mF2;a=Ex7J6zwk zbm(h^_$N6rH7;hzbaeK0Rq!cE(PO-!P?AwnQc!HAub-Hlo2r*uk(gVMlgiZ0z{te1 zkh!U85yN7Jn@kZA3Lt6SOps)5YFy};aS{~`)ogd{{m1W@U7#QgZWxF^ACc6ZtJG#2%8I&aE zJC+9-2jmucXGi*!I2OBD<{OxL2m6}kCZ(tOIj0wt`WU2}g%yN&WJl$g8<%IBI=NKj zhneST`=_R+8f1DFW``Sl_(p{oyM|=uWqPHg+uCx0o#5){g6=9R1dPw(CttZgc^sbJ z&cvJX|3XYhS$W`oHP=&6J+ZxLCLsO=Q$8sZb0<>VJ? zT;v)N7Ft#_!(-J>$YPc{?%Z`}0+|Q_pDcQ}}nVErwf$=7jT7)9wx!3EeJJlB} z)de%3kK>oGHrXAbbzPO~fc>6(W^eRGIT~*=X;o~{1py~lcTYcsfKVqNPiF;h*GRA+ zm#K*KBmYbBG=I5MVQ0illZWdM$;*lMdV{TlYZR+GwksoHBr|qAbnre{gS(qJe z?BN>~V(c1{nV0F6l5T6u1$Kg~p9{LHm@6bep#ut>qFlY?{9OHl;za$-{1Sab0BI9` A;s5{u literal 0 HcmV?d00001 diff --git a/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaIakPubNoUeID.cbor b/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaIakPubNoUeID.cbor new file mode 100644 index 0000000000000000000000000000000000000000..494a765e82148c05bff9eb42b487e168c436c4ab GIT binary patch literal 371 zcmZ3?5D*jo;)~l^C+UeNInGahX!D1$F_O{YCgZOq45_Jky6#Sl3mF2;a=Ex7J6zwk zbm(h^_$N6rH7;hzbaeK0Rq!cE(PO-!P?AwnQc!HAub-Hlo2r*uk(gVMlgiZ0z{te1 zkh!sGA;V&Zn@kZA3Lt6SOps)5YFK{S*R1oqRl<6}(*|!Gc`AZrSCo<&hrV`B9!#Sq9FIfsvk2wu@t6 zvP)pPqpMqlS@T@n0cPIe`;!~L8fP6cDS*JZ&Zk}Ye;5ZrdLY3tt}VW39f!F=&oX} akN|}UC_svG^^)^*^$Us<^)vHJ^bG-aqIkyu literal 0 HcmV?d00001 diff --git a/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaIakPubOne.cbor b/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaIakPubOne.cbor new file mode 100644 index 0000000000000000000000000000000000000000..4e0a8f6ea37f1d16d273cd3155f519de29eb7430 GIT binary patch literal 410 zcmZ3?5D*jo;)~l^C+UeNInGahX!D1$F_JO;CgZOq45_Jky6#Sl3mF2;a=Ex7J6zwk zbm(h^_$N6rH7;hzbaeK0Rq!cE(PO-!P?AwnQc!HAub-Hlo2r*uk(gVMlgiZ0z{te1 zkh!sG5yN7Jn@kZA3Lt6SOps)5YFy};aS{~`)ogd{{m1W@U7#QgZWxF^ACc6ZtJG#2%8I&aE zJC+9-2jmucXGi*!I2OBD<{OxL2m6}kCZ(tOIj0wt`WU2}g%yN&WJl$g8<%IBI=NKj zhneST`=_R+8f1DFW``Sl_(p{oyM|=uWqPHg+uCx0o#5){g6=Bj3JFlafx@jQS1&m~ PSHGY*Q9m=kMBfkqq}GS# literal 0 HcmV?d00001 diff --git a/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaIakPubTwo.cbor b/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaIakPubTwo.cbor new file mode 100644 index 0000000000000000000000000000000000000000..b08aaf20eea55cc882c8ed33e301c144a2b7ff96 GIT binary patch literal 691 zcmZ3?5D*jo;)~l^C+UeNInGahX!D1$F_Nj_CgZOq45_Jky6#Sl3mF2;a=Ex7J6zwk zbm(h^_$N6rH7;hzbaeK0Rq!cE(PO-!P?AwnQc!HAub-Hlo2r*uk(gVMlgiZ0z{te1 zkh!U85yN7Jn@kZA3Lt6SOps)5YFy};aS{~`)ogd{{m1W@U7#QgZWxF^ACc6ZtJG#2%8I&aE zJC+9-2jmucXGi*!I2OBD<{OxL2m6}kCZ(tOIj0wt`WU2}g%yN&WJl$g8<%IBI=NKj zhneST`=_R+8f1DFW``Sl_(p{oyM|=uWqPHg+uCx0o#5){g6=9R1dPw(CttZgc^sbJ z&cvJX|3XYhS$W`oHP=&6J+ZxLCLsO=Q$8sZb0<>VJ? zT;v)N7Fty};aS{~`)ogd{{m1W@U7#QgZWxF^ACc6ZtJG#2%8I&aE zJC+9-2jmucXGi*!I2OBD<{OxL2m6}kCZ(tOIj0wt`WU2}g%yN&WJl$g8<%IBI=NKj zhneST`=_R+8f1DFW``Sl_(p{oyM|=uWqPHg+uCx0o#5){g6^sz>1gH(2~ccyb5r$FD-v@Ha#ER^85o&Z z7BVz8Eo4~CaFZz_LIEVLn+cN4P0cGwEXmBz)6GoLHGl#`#uSjLOj$wsi77#)d3mWt zi+~y<7c(X~`LLuK=^5%7utq4X*)4ed$t}eq)*zcF=cH7k9xk$6XOsPRUPa;er#E)J z$Yxx~)YQZnq0sKse^jZ#){rf(`kc)N`zNKGX@*Z9RPU|gzn5_2yy|i6YLZaYFjq)` Y{08z`QLbKcey)B&aiV@^eu=&z0C2T@dH?_b literal 0 HcmV?d00001 diff --git a/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaRefValNoImplID.cbor b/scheme/psa-iot/test/corim/unsignedCorimMiniComidPsaRefValNoImplID.cbor new file mode 100644 index 0000000000000000000000000000000000000000..f790a11cb390ee3517f7ea9376154b8e507da0e8 GIT binary patch literal 253 zcmVnA4Xrs}0uB<2?6q%t)#Ffy?$ zWN2(!$gr5)Y!xrq2RL0IP1%4krkEBdck*73y=SreP;dkc#oz?HQl_$OKwUtS4enA4Xrs}0uB<2?6q%t)#Ffy?$ zWN2(!$gr5nA4Xrs}0uB<2?6q%t)#Ffy?$ zWN2(!$gr5`^lUs^KtU)$U&Pl06JzQkD&L;csyo$o_PjBpckyb5r$FD-v@Ha#ER^85o&Z z7BVz9Eo4~CaFZz_LIEVLn+cN4P0cGwEXmBz)6GoLHGl#`#uSjLOj$wsi77#)d3mWt zi+~y<7c(X~`LLuK=^5%7utq4X*)4ed$t}eq)*zcF=cH7k9xk$6XOsPRUPa;er#E)J z$Yxx~)Y!xrq0sKse^jZ#){rf(`kc)N`zNKGX@*Z9RPU|gzn5_2yy|f(xGN!W4?X%Io2l#jT(j*}Lx0}PMtf?w%n|G|17Mh$ zkl?b#OP`B=I1}zweE8?S-Pwoyjs9QVR&7z_a_A)It@2qS70eY9ptuG_by2Qfa(=FU NL2;sfW`2pjApkAM>Q4Xw literal 0 HcmV?d00001 diff --git a/scheme/psa-iot/test_vectors.go b/scheme/psa-iot/test_vectors.go index 060bef71..565bb89e 100644 --- a/scheme/psa-iot/test_vectors.go +++ b/scheme/psa-iot/test_vectors.go @@ -2,216 +2,50 @@ // SPDX-License-Identifier: Apache-2.0 package psa_iot -// automatically generated from: -// ComidPsaIakPubOne.json and corimMini.json -// nolint:unused -var unsignedCorimComidPsaIakPubOne = ` -a300505c57e8f446cd421b91c908cf93e13cfc0181590167d901faa40065 -656e2d474201a10050366d0a0a598845ed84882f2a544f62420281a30069 -41434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d -706c65028300010204a1028182a200a300d90258582061636d652d696d70 -6c656d656e746174696f6e2d69642d303030303030303031016441434d45 -026a526f616452756e6e657201d90226582101ceebae7b8927a3227e5303 -cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f150881d9022a78b02d2d2d -2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d466b774577 -59484b6f5a497a6a3043415159494b6f5a497a6a30444151634451674145 -466e3074616f41775233506d724b6b594c74417344396f30354b534d366d -6267664e436770754c306736567054486b5a6c3733776b354244786f5637 -6e2b4f656565306949716b5733484d5a54334554696e694a64673d3d0a2d -2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d03817818687474 -703a2f2f61726d2e636f6d2f7073612f696f742f31 -` +import _ "embed" -// automatically generated from: -// ComidPsaIakPubTwo.json and corimMini.json -// nolint:unused -var unsignedCorimComidPsaIakPubTwo = ` -a300505c57e8f446cd421b91c908cf93e13cfc0181590280d901faa40065 -656e2d474201a10050366d0a0a598845ed84882f2a544f62420281a30069 -41434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d -706c65028300010204a1028282a200a300d90258582061636d652d696d70 -6c656d656e746174696f6e2d69642d303030303030303031016441434d45 -026a526f616452756e6e657201d90226582101ceebae7b8927a3227e5303 -cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f150881d9022a78b02d2d2d -2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d466b774577 -59484b6f5a497a6a3043415159494b6f5a497a6a30444151634451674145 -466e3074616f41775233506d724b6b594c74417344396f30354b534d366d -6267664e436770754c306736567054486b5a6c3733776b354244786f5637 -6e2b4f656565306949716b5733484d5a54334554696e694a64673d3d0a2d -2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d82a200a300d902 -58582061636d652d696d706c656d656e746174696f6e2d69642d30303030 -3030303031016441434d45026a526f616452756e6e657201d90226582101 -4ca3e4f50bf248c39787020d68ffd05c88767751bf2645ca923f57a98bec -d29681d9022a78b02d2d2d2d2d424547494e205055424c4943204b45592d -2d2d2d2d0a4d466b77457759484b6f5a497a6a3043415159494b6f5a497a -6a304441516344516741453656777165376879334f385970612b42554554 -4c556a424e5533724558565579743958485237484a574c473758544b5164 -3969316b565258654250444c466e66597275312f657578526e4a4d374839 -556f46444c64413d3d0a2d2d2d2d2d454e44205055424c4943204b45592d -2d2d2d2d03817818687474703a2f2f61726d2e636f6d2f7073612f696f74 -2f31 -` +var ( + // nolint:unused + //go:embed test/corim/unsignedCorimMiniComidPsaIakPubOne.cbor + unsignedCorimComidPsaIakPubOne []byte -// automatically generated from: -// ComidPsaRefValOne.json and corimMini.json -// nolint:unused -var unsignedCorimComidPsaRefValOne = ` -a300505c57e8f446cd421b91c908cf93e13cfc018158e7d901faa4006565 -6e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a3006941 -434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d70 -6c65028300010204a1008182a100a300d90258582061636d652d696d706c -656d656e746174696f6e2d69642d303030303030303031016441434d4502 -6a526f616452756e6e657281a200d90259a30162424c0465322e312e3005 -5820acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd9e7871f7e5 -d8bae86b01a102818201582087428fc522803d31065e7bce3cf03fe47509 -6631e5e07bbd7a0fde60c4cf25c703817818687474703a2f2f61726d2e63 -6f6d2f7073612f696f742f31 -` + // nolint:unused + //go:embed test/corim/unsignedCorimMiniComidPsaIakPubTwo.cbor + unsignedCorimComidPsaIakPubTwo []byte -// automatically generated from: -// ComidPsaRefValThree.json and corimMini.json -// nolint:unused -var unsignedCorimComidPsaRefValThree = ` -a300505c57e8f446cd421b91c908cf93e13cfc01815901a3d901faa40065 -656e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a30069 -41434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d -706c65028300010204a1008182a100a300d90258582061636d652d696d70 -6c656d656e746174696f6e2d69642d303030303030303031016441434d45 -026a526f616452756e6e657283a200d90259a30162424c0465322e312e30 -055820acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd9e7871f7 -e5d8bae86b01a102818201582087428fc522803d31065e7bce3cf03fe475 -096631e5e07bbd7a0fde60c4cf25c7a200d90259a3016450526f54046531 -2e332e35055820acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd -9e7871f7e5d8bae86b01a10281820158200263829989b6fd954f72baaf2f -c64bc2e2f01d692d4de72986ea808f6e99813fa200d90259a3016441526f -540465302e312e34055820acbb11c7e4da217205523ce4ce1a245ae1a239 -ae3c6bfd9e7871f7e5d8bae86b01a1028182015820a3a5e715f0cc574a73 -c3f9bebb6bc24f32ffd5b67b387244c2c909da779a147803817818687474 -703a2f2f61726d2e636f6d2f7073612f696f742f31 -` + // nolint:unused + //go:embed test/corim/unsignedCorimMiniComidPsaRefValOne.cbor + unsignedCorimComidPsaRefValOne []byte -// automatically generated from: -// ComidPsaMultIak.json and corimMini.json -// nolint:unused -var unsignedCorimComidPsaMultIak = ` -a300505c57e8f446cd421b91c908cf93e13cfc018159021cd901faa40065 -656e2d474201a10050366d0a0a598845ed84882f2a544f62420281a30069 -41434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d -706c65028300010204a1028182a200a300d90258582061636d652d696d70 -6c656d656e746174696f6e2d69642d303030303030303031016441434d45 -026a526f616452756e6e657201d90226582101ceebae7b8927a3227e5303 -cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f150882d9022a78b02d2d2d -2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d466b774577 -59484b6f5a497a6a3043415159494b6f5a497a6a30444151634451674145 -466e3074616f41775233506d724b6b594c74417344396f30354b534d366d -6267664e436770754c306736567054486b5a6c3733776b354244786f5637 -6e2b4f656565306949716b5733484d5a54334554696e694a64673d3d0a2d -2d2d2d2d454e44205055424c4943204b45592d2d2d2d2dd9022a78b02d2d -2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d466b7745 -7759484b6f5a497a6a3043415159494b6f5a497a6a304441516344516741 -45466e3074616f41775233506d724b6b594c74417344396f30354b534d36 -6d6267664e436770754c306736567054486b5a6c3733776b354244786f56 -376e2b4f656565306949716b5733484d5a54334554696e694a64673d3d0a -2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d038178186874 -74703a2f2f61726d2e636f6d2f7073612f696f742f31 -` + // nolint:unused + //go:embed test/corim/unsignedCorimMiniComidPsaRefValThree.cbor + unsignedCorimComidPsaRefValThree []byte -// automatically generated from: -// ComidPsaRefValMultDigest.json and corimMini.json -// nolint:unused -var unsignedCorimComidPsaRefValMultDigest = ` -a300505c57e8f446cd421b91c908cf93e13cfc018159010bd901faa40065 -656e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a30069 -41434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d -706c65028300010204a1008182a100a300d90258582061636d652d696d70 -6c656d656e746174696f6e2d69642d303030303030303031016441434d45 -026a526f616452756e6e657281a200d90259a30162424c0465322e312e30 -055820acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd9e7871f7 -e5d8bae86b01a102828201582087428fc522803d31065e7bce3cf03fe475 -096631e5e07bbd7a0fde60c4cf25c78201582087428fc522803d31065e7b -ce3cf03fe475096231e5e07bbd7a0fde60c4cf25c703817818687474703a -2f2f61726d2e636f6d2f7073612f696f742f31 -` + // nolint:unused + //go:embed test/corim/unsignedCorimMiniComidPsaMultIak.cbor + unsignedCorimComidPsaMultIak []byte -// automatically generated from: -// ComidPsaRefValOnlyMandIDAttr.json and corimMini.json -// nolint:unused -var unsignedCorimComidPsaRefValOnlyMandIDAttr = ` -a300505c57e8f446cd421b91c908cf93e13cfc018158dcd901faa4006565 -6e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a3006941 -434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d70 -6c65028300010204a1008182a100a300d90258582061636d652d696d706c -656d656e746174696f6e2d69642d303030303030303031016441434d4502 -6a526f616452756e6e657281a200d90259a1055820acbb11c7e4da217205 -523ce4ce1a245ae1a239ae3c6bfd9e7871f7e5d8bae86b01a10281820158 -2087428fc522803d31065e7bce3cf03fe475096631e5e07bbd7a0fde60c4 -cf25c703817818687474703a2f2f61726d2e636f6d2f7073612f696f742f -31 -` + // nolint:unused + //go:embed test/corim/unsignedCorimMiniComidPsaRefValMultDigest.cbor + unsignedCorimComidPsaRefValMultDigest []byte -// automatically generated from: -// ComidPsaRefValNoMkey.json and corimMini.json -// nolint:unused -var unsignedCorimComidPsaRefValNoMkey = ` -a300505c57e8f446cd421b91c908cf93e13cfc018158bbd901faa4006565 -6e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a3006941 -434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d70 -6c65028300010204a1008182a100a300d90258582061636d652d696d706c -656d656e746174696f6e2d69642d303030303030303031016441434d4502 -6a526f616452756e6e657281a101a301d902280a02818201582044aa336a -f4cb14a879432e53dd6571c7fa9bccafb75f488259262d6ea3a4d91b030a -03817818687474703a2f2f61726d2e636f6d2f7073612f696f742f31 -` + // nolint:unused + //go:embed test/corim/unsignedCorimMiniComidPsaRefValOnlyMandIDAttr.cbor + unsignedCorimComidPsaRefValOnlyMandIDAttr []byte -// automatically generated from: -// ComidPsaRefValNoImplID.json and corimMini.json -// nolint:unused -var unsignedCorimComidPsaRefValNoImplID = ` -a300505c57e8f446cd421b91c908cf93e13cfc018158ccd901faa4006565 -6e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a3006941 -434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d70 -6c65028300010204a1008182a100a400d82550dd6661f009284401966b58 -9ea74e32720263464d430300040081a200d90259a30162424c0465322e31 -2e30055820acbb11c7e4da217205523ce4ce1a245ae1a239ae3c6bfd9e78 -71f7e5d8bae86b01a102818201582087428fc522803d31065e7bce3cf03f -e475096631e5e07bbd7a0fde60c4cf25c703817818687474703a2f2f6172 -6d2e636f6d2f7073612f696f742f31 -` + // nolint:unused + //go:embed test/corim/unsignedCorimMiniComidPsaRefValNoMkey.cbor + unsignedCorimComidPsaRefValNoMkey []byte -// automatically generated from: -// ComidPsaIakPubNoUeID.json and corimMini.json -// nolint:unused -var unsignedCorimComidPsaIakPubNoUeID = ` -a300505c57e8f446cd421b91c908cf93e13cfc0181590140d901faa40065 -656e2d474201a10050366d0a0a598845ed84882f2a544f62420281a30069 -41434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d -706c65028300010204a1028182a100a300d90258582061636d652d696d70 -6c656d656e746174696f6e2d69642d303030303030303031016441434d45 -026a526f616452756e6e657281d9022a78b02d2d2d2d2d424547494e2050 -55424c4943204b45592d2d2d2d2d0a4d466b77457759484b6f5a497a6a30 -43415159494b6f5a497a6a30444151634451674145466e3074616f417752 -33506d724b6b594c74417344396f30354b534d366d6267664e436770754c -306736567054486b5a6c3733776b354244786f56376e2b4f656565306949 -716b5733484d5a54334554696e694a64673d3d0a2d2d2d2d2d454e442050 -55424c4943204b45592d2d2d2d2d03817818687474703a2f2f61726d2e63 -6f6d2f7073612f696f742f31 -` + // nolint:unused + //go:embed test/corim/unsignedCorimMiniComidPsaRefValNoImplID.cbor + unsignedCorimComidPsaRefValNoImplID []byte -// automatically generated from: -// ComidPsaIakPubNoImplID.json and corimMini.json -// nolint:unused -var unsignedCorimComidPsaIakPubNoImplID = ` -a300505c57e8f446cd421b91c908cf93e13cfc018159014cd901faa40065 -656e2d474201a10050366d0a0a598845ed84882f2a544f62420281a30069 -41434d45204c74642e01d8207468747470733a2f2f61636d652e6578616d -706c65028300010204a1028182a200a400d82550dd6661f009284401966b -589ea74e32720263464d430300040001d90226582101ceebae7b8927a322 -7e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f150881d9022a78b0 -2d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d466b -77457759484b6f5a497a6a3043415159494b6f5a497a6a30444151634451 -674145466e3074616f41775233506d724b6b594c74417344396f30354b53 -4d366d6267664e436770754c306736567054486b5a6c3733776b35424478 -6f56376e2b4f656565306949716b5733484d5a54334554696e694a64673d -3d0a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d03817818 -687474703a2f2f61726d2e636f6d2f7073612f696f742f31 -` + // nolint:unused + //go:embed test/corim/unsignedCorimMiniComidPsaIakPubNoUeID.cbor + unsignedCorimComidPsaIakPubNoUeID []byte + + // nolint:unused + //go:embed test/corim/unsignedCorimMiniComidPsaIakPubNoImplID.cbor + unsignedCorimComidPsaIakPubNoImplID []byte +) diff --git a/scheme/tpm-enacttrust/endorsement_handler_test.go b/scheme/tpm-enacttrust/endorsement_handler_test.go index 8c9b9efb..8a566483 100644 --- a/scheme/tpm-enacttrust/endorsement_handler_test.go +++ b/scheme/tpm-enacttrust/endorsement_handler_test.go @@ -1,4 +1,4 @@ -// Copyright 2022-2023 Contributors to the Veraison project. +// Copyright 2022-2024 Contributors to the Veraison project. // SPDX-License-Identifier: Apache-2.0 package tpm_enacttrust @@ -6,7 +6,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/veraison/corim/comid" ) func TestDecoder_GetAttestationScheme(t *testing.T) { @@ -54,7 +53,7 @@ func TestDecoder_Decode_empty_data(t *testing.T) { } func TestDecoder_Decode_OK(t *testing.T) { - tvs := []string{ + tvs := [][]byte{ unsignedCorimComidTpmEnactTrustAKOne, unsignedCorimComidTpmEnactTrustGoldenOne, } @@ -62,8 +61,7 @@ func TestDecoder_Decode_OK(t *testing.T) { d := &EndorsementHandler{} for _, tv := range tvs { - data := comid.MustHexDecode(t, tv) - _, err := d.Decode(data) + _, err := d.Decode(tv) assert.NoError(t, err) } } @@ -71,7 +69,7 @@ func TestDecoder_Decode_OK(t *testing.T) { func TestDecoder_Decode_negative_tests(t *testing.T) { tvs := []struct { desc string - input string + input []byte expectedErr string }{ { @@ -111,9 +109,10 @@ func TestDecoder_Decode_negative_tests(t *testing.T) { }} for _, tv := range tvs { - data := comid.MustHexDecode(t, tv.input) - d := &EndorsementHandler{} - _, err := d.Decode(data) - assert.EqualError(t, err, tv.expectedErr) + t.Run(tv.desc, func(t *testing.T) { + d := &EndorsementHandler{} + _, err := d.Decode(tv.input) + assert.EqualError(t, err, tv.expectedErr) + }) } } diff --git a/scheme/tpm-enacttrust/extractor.go b/scheme/tpm-enacttrust/extractor.go index e3b059ed..79346c2f 100644 --- a/scheme/tpm-enacttrust/extractor.go +++ b/scheme/tpm-enacttrust/extractor.go @@ -1,4 +1,4 @@ -// Copyright 2022-2023 Contributors to the Veraison project. +// Copyright 2022-2024 Contributors to the Veraison project. // SPDX-License-Identifier: Apache-2.0 package tpm_enacttrust @@ -19,21 +19,23 @@ func (o *Extractor) SetProfile(p string) { o.Profile = p } -func (o Extractor) RefValExtractor(rv comid.ReferenceValue) ([]*handler.Endorsement, error) { +func (o Extractor) RefValExtractor(rvs comid.ValueTriples) ([]*handler.Endorsement, error) { + if len(rvs.Values) != 1 { + return nil, fmt.Errorf("expecting one measurement only") + } + + rv := rvs.Values[0] var instanceAttrs InstanceAttributes if err := instanceAttrs.FromEnvironment(rv.Environment); err != nil { return nil, fmt.Errorf("could not extract instance attributes: %w", err) } - if len(rv.Measurements) != 1 { - return nil, fmt.Errorf("expecting one measurement only") - } var ( swComponents []*handler.Endorsement swCompAttrs SwCompAttributes - measurement comid.Measurement = rv.Measurements[0] + measurement comid.Measurement = rv.Measurement ) if err := swCompAttrs.FromMeasurement(measurement); err != nil { @@ -74,7 +76,7 @@ func makeSwAttrs(i InstanceAttributes, s SwCompAttributes) (json.RawMessage, err return msg, nil } -func (o Extractor) TaExtractor(avk comid.AttestVerifKey) (*handler.Endorsement, error) { +func (o Extractor) TaExtractor(avk comid.KeyTriple) (*handler.Endorsement, error) { var instanceAttrs InstanceAttributes if err := instanceAttrs.FromEnvironment(avk.Environment); err != nil { diff --git a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustGoldenTwo.json b/scheme/tpm-enacttrust/test/ComidTpmEnactTrustGoldenTwo.json deleted file mode 100644 index d6ff6cd5..00000000 --- a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustGoldenTwo.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "tag-identity": { - "id": "00000000-0000-0000-0000-000000000000" - }, - "entities": [ - { - "name": "EnactTrust", - "regid": "https://enacttrust.com", - "roles": [ - "tagCreator", - "creator", - "maintainer" - ] - } - ], - "triples": { - "reference-values": [ - { - "environment": { - "instance": { - "type": "uuid", - "value": "ffffffff-ffff-ffff-ffff-ffffffffffff" - } - }, - "measurements": [ - { - "value": { - "digests": [ - "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" - ] - } - }, - { - "value": { - "digests": [ - "sha-256:AmOCmYm2/ZVPcrqvL8ZLwuLwHWktTecphuqAj26ZgT8=" - ] - } - } - ] - } - ] - } -} diff --git a/scheme/tpm-enacttrust/test/build-test-vectors.sh b/scheme/tpm-enacttrust/test/build-test-vectors.sh deleted file mode 100755 index c63efc34..00000000 --- a/scheme/tpm-enacttrust/test/build-test-vectors.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Copyright 2022-2023 Contributors to the Veraison project. -# SPDX-License-Identifier: Apache-2.0 - -set -eu -set -o pipefail - -CORIM_TEMPLATE=corimMini.json - -COMID_TEMPLATES= -COMID_TEMPLATES="${COMID_TEMPLATES} ComidTpmEnactTrustAKOne" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidTpmEnactTrustGoldenOne" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidTpmEnactTrustAKMult" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidTpmEnactTrustBadInst" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidTpmEnactTrustNoInst" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidTpmEnactTrustMultDigest" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidTpmEnactTrustGoldenTwo" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidTpmEnactTrustNoDigest" -COMID_TEMPLATES="${COMID_TEMPLATES} ComidTpmEnactTrustAKBadInst" - -TV_DOT_GO=${TV_DOT_GO?must be set in the environment.} - -printf "package tpm_enacttrust\n\n" > ${TV_DOT_GO} - -for t in ${COMID_TEMPLATES} -do - cocli comid create -t ${t}.json - cocli corim create -m ${t}.cbor -t ${CORIM_TEMPLATE} -o corim${t}.cbor - echo "// automatically generated from $t.json" >> ${TV_DOT_GO} - echo "var unsignedCorim${t} = "'`' >> ${TV_DOT_GO} - cat corim${t}.cbor | xxd -p >> ${TV_DOT_GO} - echo '`' >> ${TV_DOT_GO} - gofmt -w ${TV_DOT_GO} -done diff --git a/scheme/tpm-enacttrust/test/corim/build-test-vectors.sh b/scheme/tpm-enacttrust/test/corim/build-test-vectors.sh new file mode 100755 index 00000000..9bcf1c8f --- /dev/null +++ b/scheme/tpm-enacttrust/test/corim/build-test-vectors.sh @@ -0,0 +1,30 @@ +#!/bin/bash +# Copyright 2022-2024 Contributors to the Veraison project. +# SPDX-License-Identifier: Apache-2.0 + +set -eu +set -o pipefail + +THIS_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +GEN_CORIM="$THIS_DIR/../../../common/scripts/gen-corim" + +CORIM_TEMPLATE=corimMini + +COMID_TEMPLATES=( + ComidTpmEnactTrustAKOne + ComidTpmEnactTrustGoldenOne + ComidTpmEnactTrustAKMult + ComidTpmEnactTrustBadInst + ComidTpmEnactTrustNoInst + ComidTpmEnactTrustMultDigest + ComidTpmEnactTrustGoldenTwo + ComidTpmEnactTrustNoDigest + ComidTpmEnactTrustAKBadInst +) + +for comid in "${COMID_TEMPLATES[@]}" +do + "$GEN_CORIM" "$THIS_DIR" "$comid" "$CORIM_TEMPLATE" "unsigned" +done + +echo "done" diff --git a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustAKBadInst.json b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustAKBadInst.json similarity index 100% rename from scheme/tpm-enacttrust/test/ComidTpmEnactTrustAKBadInst.json rename to scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustAKBadInst.json diff --git a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustAKMult.json b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustAKMult.json similarity index 94% rename from scheme/tpm-enacttrust/test/ComidTpmEnactTrustAKMult.json rename to scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustAKMult.json index b44ef409..37c566ee 100644 --- a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustAKMult.json +++ b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustAKMult.json @@ -19,7 +19,7 @@ "environment": { "instance": { "type": "uuid", - "value": "ffffffff-ffff-ffff-ffff-ffffffffffff" + "value": "DD6661F0-0928-4401-966B-589EA74E3272" } }, "verification-keys": [ diff --git a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustAKOne.json b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustAKOne.json similarity index 92% rename from scheme/tpm-enacttrust/test/ComidTpmEnactTrustAKOne.json rename to scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustAKOne.json index cb0104eb..a45f26a5 100644 --- a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustAKOne.json +++ b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustAKOne.json @@ -19,7 +19,7 @@ "environment": { "instance": { "type": "uuid", - "value": "ffffffff-ffff-ffff-ffff-ffffffffffff" + "value": "DD6661F0-0928-4401-966B-589EA74E3272" } }, "verification-keys": [ diff --git a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustBadInst.json b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustBadInst.json similarity index 72% rename from scheme/tpm-enacttrust/test/ComidTpmEnactTrustBadInst.json rename to scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustBadInst.json index 29ea4d1e..f5ffaab3 100644 --- a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustBadInst.json +++ b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustBadInst.json @@ -22,15 +22,13 @@ "value": "Ac7rrnuJJ6MiflMDz14PH3s0u1Qq1yUKwD+83jbsLxUI" } }, - "measurements": [ - { - "value": { - "digests": [ - "sha-256;h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" - ] - } + "measurement": { + "value": { + "digests": [ + "sha-256;h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" + ] } - ] + } } ] } diff --git a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustGoldenOne.json b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustGoldenOne.json similarity index 63% rename from scheme/tpm-enacttrust/test/ComidTpmEnactTrustGoldenOne.json rename to scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustGoldenOne.json index 4b2d9d7e..e5163b19 100644 --- a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustGoldenOne.json +++ b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustGoldenOne.json @@ -19,18 +19,16 @@ "environment": { "instance": { "type": "uuid", - "value": "ffffffff-ffff-ffff-ffff-ffffffffffff" + "value": "DD6661F0-0928-4401-966B-589EA74E3272" } }, - "measurements": [ - { - "value": { - "digests": [ - "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" - ] - } + "measurement": { + "value": { + "digests": [ + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" + ] } - ] + } } ] } diff --git a/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustGoldenTwo.json b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustGoldenTwo.json new file mode 100644 index 00000000..395216d9 --- /dev/null +++ b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustGoldenTwo.json @@ -0,0 +1,50 @@ +{ + "tag-identity": { + "id": "00000000-0000-0000-0000-000000000000" + }, + "entities": [ + { + "name": "EnactTrust", + "regid": "https://enacttrust.com", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "instance": { + "type": "uuid", + "value": "DD6661F0-0928-4401-966B-589EA74E3272" + } + }, + "measurement": { + "value": { + "digests": [ + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" + ] + } + } + }, + { + "environment": { + "instance": { + "type": "uuid", + "value": "DD6661F0-0928-4401-966B-589EA74E3272" + } + }, + "measurement": { + "value": { + "digests": [ + "sha-256:AmOCmYm2/ZVPcrqvL8ZLwuLwHWktTecphuqAj26ZgT8=" + ] + } + } + } + ] + } +} diff --git a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustMultDigest.json b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustMultDigest.json similarity index 57% rename from scheme/tpm-enacttrust/test/ComidTpmEnactTrustMultDigest.json rename to scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustMultDigest.json index b76df609..8616bfbb 100644 --- a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustMultDigest.json +++ b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustMultDigest.json @@ -19,19 +19,17 @@ "environment": { "instance": { "type": "uuid", - "value": "ffffffff-ffff-ffff-ffff-ffffffffffff" + "value": "DD6661F0-0928-4401-966B-589EA74E3272" } }, - "measurements": [ - { - "value": { - "digests": [ - "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=", - "sha-256:h0KPxSKAPTEGXnvOPPB/5HUJYjHl4Hu9eg/eYMTPJcc=" - ] - } + "measurement": { + "value": { + "digests": [ + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=", + "sha-256:h0KPxSKAPTEGXnvOPPB/5HUJYjHl4Hu9eg/eYMTPJcc=" + ] } - ] + } } ] } diff --git a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustNoDigest.json b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustNoDigest.json similarity index 66% rename from scheme/tpm-enacttrust/test/ComidTpmEnactTrustNoDigest.json rename to scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustNoDigest.json index c18814f2..b3f1804b 100644 --- a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustNoDigest.json +++ b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustNoDigest.json @@ -19,17 +19,15 @@ "environment": { "instance": { "type": "uuid", - "value": "ffffffff-ffff-ffff-ffff-ffffffffffff" + "value": "DD6661F0-0928-4401-966B-589EA74E3272" } }, - "measurements": [ - { - "value": { - "mac-addr": "00:00:5e:00:53:01", - "ip-addr": "2001:4860:0:2001::68" - } + "measurement": { + "value": { + "mac-addr": "00:00:5e:00:53:01", + "ip-addr": "2001:4860:0:2001::68" } - ] + } } ] } diff --git a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustNoInst.json b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustNoInst.json similarity index 75% rename from scheme/tpm-enacttrust/test/ComidTpmEnactTrustNoInst.json rename to scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustNoInst.json index 1c001a82..5328077e 100644 --- a/scheme/tpm-enacttrust/test/ComidTpmEnactTrustNoInst.json +++ b/scheme/tpm-enacttrust/test/corim/src/ComidTpmEnactTrustNoInst.json @@ -26,15 +26,13 @@ "model": "RoadRunner" } }, - "measurements": [ - { - "value": { - "digests": [ - "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" - ] - } + "measurement": { + "value": { + "digests": [ + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" + ] } - ] + } } ] } diff --git a/scheme/tpm-enacttrust/test/corim/src/corimMini.json b/scheme/tpm-enacttrust/test/corim/src/corimMini.json new file mode 100644 index 00000000..f8b15f3a --- /dev/null +++ b/scheme/tpm-enacttrust/test/corim/src/corimMini.json @@ -0,0 +1,4 @@ +{ + "corim-id": "11111111-1111-1111-1111-111111111111", + "profile": "https://enacttrust.com/veraison/1.0.0" +} diff --git a/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustAKBadInst.cbor b/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustAKBadInst.cbor new file mode 100644 index 0000000000000000000000000000000000000000..dde075cf399178e09f9d24d4e20525a5c216bc8c GIT binary patch literal 361 zcmZ3?5Fm&K7#kxQHE%NhTFkhRA%Fo5Ff}e_$a2j~OfCs2DlINyyrEE*QBqP+Y^ATC z3KA^=iRvZi=Q1@jFfy?$WNvI)$as@UEkcp;-0OAKo$8B~>Vlci$MMToo9qtJx~|G~ zz<$p?vp4#p9E~@bv??~}f`F5&yQiN*K&X?Cr?Y~$Yb02Z%hxTt+_gN?!#h99vntEL z*)cHE6UugR3`}+jOm}oO3o9>7HP5It_P2;ENYr);bq(XO51bkf@}&W?eRo=~=nV_>pNV7jBLSy*{t zs(D7GvA;!RL87)(sB4H%XqJ;-sBw{NL|ABLiDiUGkhzCfxR1MeM2L4_ie;u@c34nE zs#AcAk6T_^WKpT1erjn&P@b2sxrb$FzMG3rileP97uX4|elF;)8j_A?u297uMfzo_ QMTwck`FZ+=dIow105pJ`&;S4c literal 0 HcmV?d00001 diff --git a/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustAKOne.cbor b/scheme/tpm-enacttrust/test/corim/unsignedCorimMiniComidTpmEnactTrustAKOne.cbor new file mode 100644 index 0000000000000000000000000000000000000000..59077cbce27057181daa0aa8db7926b16a431f2e GIT binary patch literal 342 zcmZ3?5Fm&K7#kxQ#cneGTFkhRA%Fo5Ff}e_$a2j~OfCs2DlINyyrEE*QBqP+Y^ATC z3KA^=iRvZi=Q1@jFfy?$WNvI)$aq6F;BH#t2Tlza#%b9R^OpM=6*b;u(yG{?3j$8A z?w)=M0ijMlp3Vy1u909tE?>9oa@X=m5AXaa&#Ei~XUD)uPbk~PF)-OBFx}DBEUdgR z)jXrp*xw?uAW_>X)HTE>G|R~^)VRnsA}qAB#4^Go$lSv#+{fKKBE&l|#WK?{J1i(7 z)hWQm$1N`{vZ&NhKeeLusrGBqm~kOP00SCeYFx~a<(ik6ToO`LT3o_-L!m6Aq@LusrGBqu?m~kOP00SCeYFx~a<(ik6ToO`LT3o_-L!m6Aq@Q08^PvCjbBd literal 0 HcmV?d00001 diff --git a/scheme/tpm-enacttrust/test/corimMini.json b/scheme/tpm-enacttrust/test/corimMini.json deleted file mode 100644 index 77304944..00000000 --- a/scheme/tpm-enacttrust/test/corimMini.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "corim-id": "11111111-1111-1111-1111-111111111111", - "profiles": [ - "https://enacttrust.com/veraison/1.0.0" - ] -} diff --git a/scheme/tpm-enacttrust/test_vectors.go b/scheme/tpm-enacttrust/test_vectors.go index 775cdda5..ac4704d8 100644 --- a/scheme/tpm-enacttrust/test_vectors.go +++ b/scheme/tpm-enacttrust/test_vectors.go @@ -2,128 +2,33 @@ // SPDX-License-Identifier: Apache-2.0 package tpm_enacttrust -// automatically generated from ComidTpmEnactTrustAKOne.json -var unsignedCorimComidTpmEnactTrustAKOne = ` -a30050111111111111111111111111111111110181590116d901faa301a1 -0050000000000000000000000000000000000281a3006a456e6163745472 -75737401d8207668747470733a2f2f656e61637474727573742e636f6d02 -8300010204a1028182a101d82550ffffffffffffffffffffffffffffffff -81d9022a78b02d2d2d2d2d424547494e205055424c4943204b45592d2d2d -2d2d0a4d466b77457759484b6f5a497a6a3043415159494b6f5a497a6a30 -4441516344516741453656777165376879334f385970612b425545544c55 -6a424e5533724558565579743958485237484a574c473758544b51643969 -316b565258654250444c466e66597275312f657578526e4a4d374839556f -46444c64413d3d0a2d2d2d2d2d454e44205055424c4943204b45592d2d2d -2d2d0381782568747470733a2f2f656e61637474727573742e636f6d2f76 -65726169736f6e2f312e302e30 -` +import _ "embed" -// automatically generated from ComidTpmEnactTrustGoldenOne.json -var unsignedCorimComidTpmEnactTrustGoldenOne = ` -a30050111111111111111111111111111111110181588ad901faa301a100 -50000000000000000000000000000000000281a3006a456e616374547275 -737401d8207668747470733a2f2f656e61637474727573742e636f6d0283 -00010204a1008182a101d82550ffffffffffffffffffffffffffffffff81 -a101a102818201582087428fc522803d31065e7bce3cf03fe475096631e5 -e07bbd7a0fde60c4cf25c70381782568747470733a2f2f656e6163747472 -7573742e636f6d2f7665726169736f6e2f312e302e30 -` +var ( + //go:embed test/corim/unsignedCorimMiniComidTpmEnactTrustAKOne.cbor + unsignedCorimComidTpmEnactTrustAKOne []byte -// automatically generated from ComidTpmEnactTrustAKMult.json -var unsignedCorimComidTpmEnactTrustAKMult = ` -a300501111111111111111111111111111111101815901cbd901faa301a1 -0050000000000000000000000000000000000281a3006a456e6163745472 -75737401d8207668747470733a2f2f656e61637474727573742e636f6d02 -8300010204a1028182a101d82550ffffffffffffffffffffffffffffffff -82d9022a78b02d2d2d2d2d424547494e205055424c4943204b45592d2d2d -2d2d0a4d466b77457759484b6f5a497a6a3043415159494b6f5a497a6a30 -4441516344516741453656777165376879334f385970612b425545544c55 -6a424e5533724558565579743958485237484a574c473758544b51643969 -316b565258654250444c466e66597275312f657578526e4a4d374839556f -46444c64413d3d0a2d2d2d2d2d454e44205055424c4943204b45592d2d2d -2d2dd9022a78b02d2d2d2d2d424547494e205055424c4943204b45592d2d -2d2d2d0a4d466b77457759484b6f5a497a6a3043415159494b6f5a497a6a -304441516344516741453656777165376879334f385970612b425545544c -556a424e5533724558565579743958485237484a574c473758544b516439 -69316b565258654250444c466e66597275312f657578526e4a4d37483955 -6f46444c64413d3d0a2d2d2d2d2d454e44205055424c4943204b45592d2d -2d2d2d0381782568747470733a2f2f656e61637474727573742e636f6d2f -7665726169736f6e2f312e302e30 -` + //go:embed test/corim/unsignedCorimMiniComidTpmEnactTrustGoldenOne.cbor + unsignedCorimComidTpmEnactTrustGoldenOne []byte -// automatically generated from ComidTpmEnactTrustBadInst.json -var unsignedCorimComidTpmEnactTrustBadInst = ` -a30050111111111111111111111111111111110181589dd901faa301a100 -50000000000000000000000000000000000281a3006a456e616374547275 -737401d8207668747470733a2f2f656e61637474727573742e636f6d0283 -00010204a1008182a101d90226582101ceebae7b8927a3227e5303cf5e0f -1f7b34bb542ad7250ac03fbcde36ec2f150881a101a10281820158208742 -8fc522803d31065e7bce3cf03fe475096631e5e07bbd7a0fde60c4cf25c7 -0381782568747470733a2f2f656e61637474727573742e636f6d2f766572 -6169736f6e2f312e302e30 -` + //go:embed test/corim/unsignedCorimMiniComidTpmEnactTrustAKMult.cbor + unsignedCorimComidTpmEnactTrustAKMult []byte -// automatically generated from ComidTpmEnactTrustNoInst.json -var unsignedCorimComidTpmEnactTrustNoInst = ` -a3005011111111111111111111111111111111018158b0d901faa301a100 -50000000000000000000000000000000000281a3006a456e616374547275 -737401d8207668747470733a2f2f656e61637474727573742e636f6d0283 -00010204a1008182a100a300d90258582061636d652d696d706c656d656e -746174696f6e2d69642d303030303030303031016441434d45026a526f61 -6452756e6e657281a101a102818201582087428fc522803d31065e7bce3c -f03fe475096631e5e07bbd7a0fde60c4cf25c70381782568747470733a2f -2f656e61637474727573742e636f6d2f7665726169736f6e2f312e302e30 -` + //go:embed test/corim/unsignedCorimMiniComidTpmEnactTrustBadInst.cbor + unsignedCorimComidTpmEnactTrustBadInst []byte -// automatically generated from ComidTpmEnactTrustMultDigest.json -var unsignedCorimComidTpmEnactTrustMultDigest = ` -a3005011111111111111111111111111111111018158aed901faa301a100 -50000000000000000000000000000000000281a3006a456e616374547275 -737401d8207668747470733a2f2f656e61637474727573742e636f6d0283 -00010204a1008182a101d82550ffffffffffffffffffffffffffffffff81 -a101a102828201582087428fc522803d31065e7bce3cf03fe475096631e5 -e07bbd7a0fde60c4cf25c78201582087428fc522803d31065e7bce3cf07f -e475096231e5e07bbd7a0fde60c4cf25c70381782568747470733a2f2f65 -6e61637474727573742e636f6d2f7665726169736f6e2f312e302e30 -` + //go:embed test/corim/unsignedCorimMiniComidTpmEnactTrustNoInst.cbor + unsignedCorimComidTpmEnactTrustNoInst []byte -// automatically generated from ComidTpmEnactTrustGoldenTwo.json -var unsignedCorimComidTpmEnactTrustGoldenTwo = ` -a3005011111111111111111111111111111111018158b3d901faa301a100 -50000000000000000000000000000000000281a3006a456e616374547275 -737401d8207668747470733a2f2f656e61637474727573742e636f6d0283 -00010204a1008182a101d82550ffffffffffffffffffffffffffffffff82 -a101a102818201582087428fc522803d31065e7bce3cf03fe475096631e5 -e07bbd7a0fde60c4cf25c7a101a10281820158200263829989b6fd954f72 -baaf2fc64bc2e2f01d692d4de72986ea808f6e99813f0381782568747470 -733a2f2f656e61637474727573742e636f6d2f7665726169736f6e2f312e -302e30 -` + //go:embed test/corim/unsignedCorimMiniComidTpmEnactTrustMultDigest.cbor + unsignedCorimComidTpmEnactTrustMultDigest []byte -// automatically generated from ComidTpmEnactTrustNoDigest.json -var unsignedCorimComidTpmEnactTrustNoDigest = ` -a30050111111111111111111111111111111110181587ed901faa301a100 -50000000000000000000000000000000000281a3006a456e616374547275 -737401d8207668747470733a2f2f656e61637474727573742e636f6d0283 -00010204a1008182a101d82550ffffffffffffffffffffffffffffffff81 -a101a2064600005e00530107502001486000002001000000000000006803 -81782568747470733a2f2f656e61637474727573742e636f6d2f76657261 -69736f6e2f312e302e30 -` + //go:embed test/corim/unsignedCorimMiniComidTpmEnactTrustGoldenTwo.cbor + unsignedCorimComidTpmEnactTrustGoldenTwo []byte -// automatically generated from ComidTpmEnactTrustAKBadInst.json -var unsignedCorimComidTpmEnactTrustAKBadInst = ` -a30050111111111111111111111111111111110181590129d901faa301a1 -0050000000000000000000000000000000000281a3006a456e6163745472 -75737401d8207668747470733a2f2f656e61637474727573742e636f6d02 -8300010204a1028182a101d90226582101ceebae7b8927a3227e5303cf5e -0f1f7b34bb542ad7250ac03fbcde36ec2f150881d9022a78b02d2d2d2d2d -424547494e205055424c4943204b45592d2d2d2d2d0a4d466b7745775948 -4b6f5a497a6a3043415159494b6f5a497a6a304441516344516741453656 -777165376879334f385970612b425545544c556a424e5533724558565579 -743958485237484a574c473758544b51643969316b565258654250444c46 -6e66597275312f657578526e4a4d374839556f46444c64413d3d0a2d2d2d -2d2d454e44205055424c4943204b45592d2d2d2d2d038178256874747073 -3a2f2f656e61637474727573742e636f6d2f7665726169736f6e2f312e30 -2e30 -` + //go:embed test/corim/unsignedCorimMiniComidTpmEnactTrustNoDigest.cbor + unsignedCorimComidTpmEnactTrustNoDigest []byte + + //go:embed test/corim/unsignedCorimMiniComidTpmEnactTrustAKBadInst.cbor + unsignedCorimComidTpmEnactTrustAKBadInst []byte +) From fc989fb59ead87c99fc9d08fb8bf6c7bbbdce1f8 Mon Sep 17 00:00:00 2001 From: Sergei Trofimov Date: Wed, 14 Aug 2024 20:36:25 +0100 Subject: [PATCH 3/3] fix(github): make sure CI_PIPELINE is defined for ci-go-cover Otherwise, copyright year check triggers, causing problems. This is already set for the ci flow, but it seems was not need need for ci-go-cover until now(?) Signed-off-by: Sergei Trofimov --- .github/workflows/ci-go-cover.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci-go-cover.yml b/.github/workflows/ci-go-cover.yml index a47d118e..9a23eb38 100644 --- a/.github/workflows/ci-go-cover.yml +++ b/.github/workflows/ci-go-cover.yml @@ -22,6 +22,7 @@ jobs: runs-on: ubuntu-latest env: GO111MODULE: on + CI_PIPELINE: true steps: - uses: actions/setup-go@v3 with: