diff --git a/go.mod b/go.mod index 4297ade0..7fd7d22a 100644 --- a/go.mod +++ b/go.mod @@ -10,6 +10,7 @@ require ( github.com/fxamacker/cbor/v2 v2.4.0 github.com/gin-gonic/gin v1.8.1 github.com/golang/mock v1.6.0 + github.com/golang/protobuf v1.5.2 github.com/google/go-tpm v0.3.3 github.com/google/uuid v1.3.0 github.com/hashicorp/go-hclog v1.2.0 @@ -27,11 +28,12 @@ require ( github.com/spf13/jwalterweatherman v1.1.0 github.com/spf13/viper v1.13.0 github.com/stretchr/testify v1.8.0 + github.com/veraison/ccatoken v0.0.0-20221129100525-5e7c18ed29a4 github.com/veraison/corim v0.0.0-20221101190258-b8e2d544a0a3 github.com/veraison/dice v0.0.1 github.com/veraison/ear v0.0.3 - github.com/veraison/eat v0.0.0-20210331113810-3da8a4dd42ff - github.com/veraison/psatoken v0.0.2-0.20220729120948-5bec1d03670c + github.com/veraison/eat v0.0.0-20220117140849-ddaf59d69f53 + github.com/veraison/psatoken v0.0.2-0.20221010113344-b92196b83882 go.uber.org/zap v1.23.0 golang.org/x/text v0.3.7 google.golang.org/grpc v1.49.0 @@ -51,7 +53,6 @@ require ( github.com/go-playground/validator/v10 v10.10.0 // indirect github.com/gobwas/glob v0.2.3 // indirect github.com/goccy/go-json v0.9.11 // indirect - github.com/golang/protobuf v1.5.2 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb // indirect github.com/huandu/xstrings v1.3.3 // indirect @@ -63,7 +64,8 @@ require ( github.com/lestrrat-go/httpcc v1.0.1 // indirect github.com/lestrrat-go/httprc v1.0.4 // indirect github.com/lestrrat-go/iter v1.0.2 // indirect - github.com/lestrrat-go/jwx v1.2.23 // indirect + github.com/lestrrat-go/jwx v1.2.25 // indirect + github.com/lestrrat-go/jwx/v2 v2.0.6 // indirect github.com/lestrrat-go/option v1.0.0 // indirect github.com/magiconair/properties v1.8.6 // indirect github.com/mattn/go-colorable v0.1.12 // indirect @@ -91,7 +93,7 @@ require ( github.com/yashtewari/glob-intersection v0.1.0 // indirect go.uber.org/atomic v1.10.0 // indirect go.uber.org/multierr v1.8.0 // indirect - golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e // indirect + golang.org/x/crypto v0.0.0-20221005025214-4161e89ecf1b // indirect golang.org/x/net v0.0.0-20220909164309-bea034e7d591 // indirect golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f // indirect golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 // indirect diff --git a/go.sum b/go.sum index dfe52fea..2b2c988c 100644 --- a/go.sum +++ b/go.sum @@ -462,6 +462,7 @@ github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg78 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/goccy/go-json v0.9.6/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= +github.com/goccy/go-json v0.9.7/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/goccy/go-json v0.9.11 h1:/pAaQDLHEoCq/5FFmSKBswWmK6H0e8g4159Kc/X/nqk= github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= @@ -721,8 +722,9 @@ github.com/lestrrat-go/httprc v1.0.4/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhB github.com/lestrrat-go/iter v1.0.1/go.mod h1:zIdgO1mRKhn8l9vrZJZz9TUMMFbQbLeTsbqPDrJ/OJc= github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI= github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4= -github.com/lestrrat-go/jwx v1.2.23 h1:8oP5fY1yzCRraUNNyfAVdOkLCqY7xMZz11lVcvHqC1Y= github.com/lestrrat-go/jwx v1.2.23/go.mod h1:sAXjRwzSvCN6soO4RLoWWm1bVPpb8iOuv0IYfH8OWd8= +github.com/lestrrat-go/jwx v1.2.25 h1:tAx93jN2SdPvFn08fHNAhqFJazn5mBBOB8Zli0g0otA= +github.com/lestrrat-go/jwx v1.2.25/go.mod h1:zoNuZymNl5lgdcu6P7K6ie2QRll5HVfF4xwxBBK1NxY= github.com/lestrrat-go/jwx/v2 v2.0.6 h1:RlyYNLV892Ed7+FTfj1ROoF6x7WxL965PGTHso/60G0= github.com/lestrrat-go/jwx/v2 v2.0.6/go.mod h1:aVrGuwEr3cp2Prw6TtQvr8sQxe+84gruID5C9TxT64Q= github.com/lestrrat-go/option v1.0.0 h1:WqAWL8kh8VcSoD6xjSH34/1m8yxluXQbDeKNfvFeEO4= @@ -1068,18 +1070,23 @@ github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtX github.com/vektah/gqlparser/v2 v2.4.6 h1:Yjzp66g6oVq93Jihbi0qhGnf/6zIWjcm8H6gA27zstE= github.com/vektah/gqlparser/v2 v2.4.6/go.mod h1:flJWIR04IMQPGz+BXLrORkrARBxv/rtyIAFvd/MceW0= github.com/veraison/apiclient v0.0.2/go.mod h1:H8YDx1ixM24GYP/aLbhq+HJsej0lVUqFCRIL5Uu4B0o= +github.com/veraison/ccatoken v0.0.0-20221115175900-ab13e83c2d35 h1:6L8563gDsXqi0hS4T1MQ3ew52/5xWrHElilFr6AMors= +github.com/veraison/ccatoken v0.0.0-20221115175900-ab13e83c2d35/go.mod h1:iFrrw1RnEK5IPLzEBOAcPolOlaRcyarrGPeL97gkltk= +github.com/veraison/ccatoken v0.0.0-20221129100525-5e7c18ed29a4 h1:WnQ3ky4v5B/rmtqEv1pRUQk4/7vtBzbuE3DgW6JK5iU= +github.com/veraison/ccatoken v0.0.0-20221129100525-5e7c18ed29a4/go.mod h1:iFrrw1RnEK5IPLzEBOAcPolOlaRcyarrGPeL97gkltk= github.com/veraison/corim v0.0.0-20221101190258-b8e2d544a0a3 h1:ILszRwMhWop0sDMb5HJfDMKZ7uRGTlTn6L9cLxSQi1w= github.com/veraison/corim v0.0.0-20221101190258-b8e2d544a0a3/go.mod h1:FOUHHZ7fOyWKk4oKUjO5Zw5gnkjz0rtzcJDvUZZFRSg= github.com/veraison/dice v0.0.1 h1:dOm7ByDN/r4WlDsGkEUXzdPMXgTvAPTAksQ8+BwBrD4= github.com/veraison/dice v0.0.1/go.mod h1:QPMLc5LVMj08VZ+HNMYk4XxWoVYGAUBVm8Rd5V1hzxs= github.com/veraison/ear v0.0.3 h1:0Mx4TCWLoEK6/E09H5ZGLxbvgDgOOH3dxiaNyt8+hYU= github.com/veraison/ear v0.0.3/go.mod h1:O3yKgZR04DWKHHiNxfXCMX9ky0cLVoC67TFks6JwEhI= -github.com/veraison/eat v0.0.0-20210331113810-3da8a4dd42ff h1:r6I2eJL/z8dp5flsQIKHMeDjyV6UO8If3MaVBLvTjF4= github.com/veraison/eat v0.0.0-20210331113810-3da8a4dd42ff/go.mod h1:+kxt8iuFiVvKRs2VQ1Ho7bbAScXAB/kHFFuP5Biw19I= +github.com/veraison/eat v0.0.0-20220117140849-ddaf59d69f53 h1:5gnX2TrGd/Xz8DOp2OaLtg/jLoIubSUTrgz6iZ58pJ4= +github.com/veraison/eat v0.0.0-20220117140849-ddaf59d69f53/go.mod h1:+kxt8iuFiVvKRs2VQ1Ho7bbAScXAB/kHFFuP5Biw19I= github.com/veraison/go-cose v1.0.0-rc.1 h1:4qA7dbFJGvt7gcqv5MCIyCQvN+NpHFPkW7do3EeDLb8= github.com/veraison/go-cose v1.0.0-rc.1/go.mod h1:7ziE85vSq4ScFTg6wyoMXjucIGOf4JkFEZi/an96Ct4= -github.com/veraison/psatoken v0.0.2-0.20220729120948-5bec1d03670c h1:x8tUa5XNEc27B8igB7DtlnrJtsmbx2zSr8K9aL2HuFs= -github.com/veraison/psatoken v0.0.2-0.20220729120948-5bec1d03670c/go.mod h1:VZLfnDO8lZ52tw++K0pTbWpxIz3QUv0dqKx0A6Nddd4= +github.com/veraison/psatoken v0.0.2-0.20221010113344-b92196b83882 h1:PMxyTULqX377ZJwb/FdrFpB0NpxIoxbDbBajvymYO4c= +github.com/veraison/psatoken v0.0.2-0.20221010113344-b92196b83882/go.mod h1:VZLfnDO8lZ52tw++K0pTbWpxIz3QUv0dqKx0A6Nddd4= github.com/veraison/swid v0.0.1-beta.6 h1:ysDyCOPwGyjiBnhAM+/kgTEcc/PWieIbUQJOjnSTK48= github.com/veraison/swid v0.0.1-beta.6/go.mod h1:d5jt76uMNbTfQ+f2qU4Lt8RvWOTsv6PFgstIM1QdMH0= github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= @@ -1207,8 +1214,9 @@ golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e h1:T8NU3HyQ8ClP4SEE+KbFlg6n0NhuTsN4MyznaarGsZM= golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20221005025214-4161e89ecf1b h1:huxqepDufQpLLIRXiVkTvnxrzJlpwmIWAObmcCcUFr0= +golang.org/x/crypto v0.0.0-20221005025214-4161e89ecf1b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= diff --git a/proto/evidence.pb.go b/proto/evidence.pb.go index 257bf15f..b70e89c3 100644 --- a/proto/evidence.pb.go +++ b/proto/evidence.pb.go @@ -7,9 +7,9 @@ package proto import ( + _struct "github.com/golang/protobuf/ptypes/struct" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" - structpb "google.golang.org/protobuf/types/known/structpb" reflect "reflect" sync "sync" ) @@ -26,10 +26,12 @@ type EvidenceContext struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - TenantId string `protobuf:"bytes,1,opt,name=tenant_id,json=tenant-id,proto3" json:"tenant_id,omitempty"` - TrustAnchorId string `protobuf:"bytes,2,opt,name=trust_anchor_id,json=trust-anchor-id,proto3" json:"trust_anchor_id,omitempty"` - SoftwareId string `protobuf:"bytes,3,opt,name=software_id,json=software-id,proto3" json:"software_id,omitempty"` - Evidence *structpb.Struct `protobuf:"bytes,5,opt,name=evidence,proto3" json:"evidence,omitempty"` + TenantId string `protobuf:"bytes,1,opt,name=tenant_id,json=tenant-id,proto3" json:"tenant_id,omitempty"` + TrustAnchorId string `protobuf:"bytes,2,opt,name=trust_anchor_id,json=trust-anchor-id,proto3" json:"trust_anchor_id,omitempty"` + ReferenceId string `protobuf:"bytes,3,opt,name=reference_id,json=reference-id,proto3" json:"reference_id,omitempty"` + Evidence *_struct.Struct `protobuf:"bytes,5,opt,name=evidence,proto3" json:"evidence,omitempty"` + // unprocessed evidence not handled by the Evidence Context + UpEvidence *_struct.Struct `protobuf:"bytes,6,opt,name=up_evidence,json=upEvidence,proto3" json:"up_evidence,omitempty"` } func (x *EvidenceContext) Reset() { @@ -78,41 +80,52 @@ func (x *EvidenceContext) GetTrustAnchorId() string { return "" } -func (x *EvidenceContext) GetSoftwareId() string { +func (x *EvidenceContext) GetReferenceId() string { if x != nil { - return x.SoftwareId + return x.ReferenceId } return "" } -func (x *EvidenceContext) GetEvidence() *structpb.Struct { +func (x *EvidenceContext) GetEvidence() *_struct.Struct { if x != nil { return x.Evidence } return nil } +func (x *EvidenceContext) GetUpEvidence() *_struct.Struct { + if x != nil { + return x.UpEvidence + } + return nil +} + var File_evidence_proto protoreflect.FileDescriptor var file_evidence_proto_rawDesc = []byte{ 0x0a, 0x0e, 0x65, 0x76, 0x69, 0x64, 0x65, 0x6e, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x05, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xb0, 0x01, 0x0a, 0x0f, 0x45, 0x76, 0x69, 0x64, 0x65, 0x6e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xec, 0x01, 0x0a, 0x0f, 0x45, 0x76, 0x69, 0x64, 0x65, 0x6e, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x65, 0x6e, 0x61, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x74, 0x65, 0x6e, 0x61, 0x6e, 0x74, 0x2d, 0x69, 0x64, 0x12, 0x28, 0x0a, 0x0f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x5f, 0x61, 0x6e, 0x63, 0x68, 0x6f, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2d, 0x61, 0x6e, 0x63, 0x68, 0x6f, 0x72, 0x2d, 0x69, - 0x64, 0x12, 0x20, 0x0a, 0x0b, 0x73, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x5f, 0x69, 0x64, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x73, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, - 0x2d, 0x69, 0x64, 0x12, 0x33, 0x0a, 0x08, 0x65, 0x76, 0x69, 0x64, 0x65, 0x6e, 0x63, 0x65, 0x18, - 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x08, - 0x65, 0x76, 0x69, 0x64, 0x65, 0x6e, 0x63, 0x65, 0x42, 0x24, 0x5a, 0x22, 0x67, 0x69, 0x74, 0x68, - 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x76, 0x65, 0x72, 0x61, 0x69, 0x73, 0x6f, 0x6e, 0x2f, - 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x64, 0x12, 0x22, 0x0a, 0x0c, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x5f, 0x69, + 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, + 0x63, 0x65, 0x2d, 0x69, 0x64, 0x12, 0x33, 0x0a, 0x08, 0x65, 0x76, 0x69, 0x64, 0x65, 0x6e, 0x63, + 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, + 0x52, 0x08, 0x65, 0x76, 0x69, 0x64, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x38, 0x0a, 0x0b, 0x75, 0x70, + 0x5f, 0x65, 0x76, 0x69, 0x64, 0x65, 0x6e, 0x63, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, + 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x0a, 0x75, 0x70, 0x45, 0x76, 0x69, 0x64, + 0x65, 0x6e, 0x63, 0x65, 0x42, 0x24, 0x5a, 0x22, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, + 0x6f, 0x6d, 0x2f, 0x76, 0x65, 0x72, 0x61, 0x69, 0x73, 0x6f, 0x6e, 0x2f, 0x73, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x73, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x33, } var ( @@ -130,15 +143,16 @@ func file_evidence_proto_rawDescGZIP() []byte { var file_evidence_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_evidence_proto_goTypes = []interface{}{ (*EvidenceContext)(nil), // 0: proto.EvidenceContext - (*structpb.Struct)(nil), // 1: google.protobuf.Struct + (*_struct.Struct)(nil), // 1: google.protobuf.Struct } var file_evidence_proto_depIdxs = []int32{ 1, // 0: proto.EvidenceContext.evidence:type_name -> google.protobuf.Struct - 1, // [1:1] is the sub-list for method output_type - 1, // [1:1] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name + 1, // 1: proto.EvidenceContext.up_evidence:type_name -> google.protobuf.Struct + 2, // [2:2] is the sub-list for method output_type + 2, // [2:2] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name } func init() { file_evidence_proto_init() } diff --git a/proto/evidence.proto b/proto/evidence.proto index a45ab78c..31c65c59 100644 --- a/proto/evidence.proto +++ b/proto/evidence.proto @@ -4,9 +4,12 @@ package proto; option go_package = "github.com/veraison/services/proto"; import "google/protobuf/struct.proto"; + message EvidenceContext { string tenant_id = 1 [json_name = "tenant-id"]; string trust_anchor_id = 2 [json_name = "trust-anchor-id"]; - string software_id = 3 [json_name = "software-id"]; + string reference_id = 3 [json_name = "reference-id"]; google.protobuf.Struct evidence = 5; + // unprocessed evidence not handled by the Evidence Context + google.protobuf.Struct up_evidence = 6; } diff --git a/proto/param.pb.go b/proto/param.pb.go index 29d3f9cc..67d99c50 100644 --- a/proto/param.pb.go +++ b/proto/param.pb.go @@ -7,9 +7,9 @@ package proto import ( + _struct "github.com/golang/protobuf/ptypes/struct" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" - structpb "google.golang.org/protobuf/types/known/structpb" reflect "reflect" sync "sync" ) @@ -137,7 +137,7 @@ type ParamStore struct { Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` IsFrozen bool `protobuf:"varint,2,opt,name=is_frozen,json=isFrozen,proto3" json:"is_frozen,omitempty"` - Data *structpb.Struct `protobuf:"bytes,3,opt,name=data,proto3" json:"data,omitempty"` + Data *_struct.Struct `protobuf:"bytes,3,opt,name=data,proto3" json:"data,omitempty"` Params map[string]*ParamDescription `protobuf:"bytes,4,rep,name=params,proto3" json:"params,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` Required []string `protobuf:"bytes,5,rep,name=required,proto3" json:"required,omitempty"` } @@ -188,7 +188,7 @@ func (x *ParamStore) GetIsFrozen() bool { return false } -func (x *ParamStore) GetData() *structpb.Struct { +func (x *ParamStore) GetData() *_struct.Struct { if x != nil { return x.Data } @@ -267,7 +267,7 @@ var file_param_proto_goTypes = []interface{}{ (*ParamDescription)(nil), // 1: proto.ParamDescription (*ParamStore)(nil), // 2: proto.ParamStore nil, // 3: proto.ParamStore.ParamsEntry - (*structpb.Struct)(nil), // 4: google.protobuf.Struct + (*_struct.Struct)(nil), // 4: google.protobuf.Struct } var file_param_proto_depIdxs = []int32{ 0, // 0: proto.ParamDescription.required:type_name -> proto.ParamNecessity diff --git a/proto/state.pb.go b/proto/state.pb.go index 35f32b87..da9c6697 100644 --- a/proto/state.pb.go +++ b/proto/state.pb.go @@ -7,9 +7,9 @@ package proto import ( + _struct "github.com/golang/protobuf/ptypes/struct" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" - structpb "google.golang.org/protobuf/types/known/structpb" reflect "reflect" sync "sync" ) @@ -78,9 +78,9 @@ type ServiceState struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Status ServiceStatus `protobuf:"varint,1,opt,name=status,proto3,enum=proto.ServiceStatus" json:"status,omitempty"` - ServerVersion string `protobuf:"bytes,2,opt,name=server_version,json=server-version,proto3" json:"server_version,omitempty"` - SupportedMediaTypes map[string]*structpb.ListValue `protobuf:"bytes,3,rep,name=supported_media_types,json=supported-media-types,proto3" json:"supported_media_types,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + Status ServiceStatus `protobuf:"varint,1,opt,name=status,proto3,enum=proto.ServiceStatus" json:"status,omitempty"` + ServerVersion string `protobuf:"bytes,2,opt,name=server_version,json=server-version,proto3" json:"server_version,omitempty"` + SupportedMediaTypes map[string]*_struct.ListValue `protobuf:"bytes,3,rep,name=supported_media_types,json=supported-media-types,proto3" json:"supported_media_types,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` } func (x *ServiceState) Reset() { @@ -129,7 +129,7 @@ func (x *ServiceState) GetServerVersion() string { return "" } -func (x *ServiceState) GetSupportedMediaTypes() map[string]*structpb.ListValue { +func (x *ServiceState) GetSupportedMediaTypes() map[string]*_struct.ListValue { if x != nil { return x.SupportedMediaTypes } @@ -186,10 +186,10 @@ func file_state_proto_rawDescGZIP() []byte { var file_state_proto_enumTypes = make([]protoimpl.EnumInfo, 1) var file_state_proto_msgTypes = make([]protoimpl.MessageInfo, 2) var file_state_proto_goTypes = []interface{}{ - (ServiceStatus)(0), // 0: proto.ServiceStatus - (*ServiceState)(nil), // 1: proto.ServiceState - nil, // 2: proto.ServiceState.SupportedMediaTypesEntry - (*structpb.ListValue)(nil), // 3: google.protobuf.ListValue + (ServiceStatus)(0), // 0: proto.ServiceStatus + (*ServiceState)(nil), // 1: proto.ServiceState + nil, // 2: proto.ServiceState.SupportedMediaTypesEntry + (*_struct.ListValue)(nil), // 3: google.protobuf.ListValue } var file_state_proto_depIdxs = []int32{ 0, // 0: proto.ServiceState.status:type_name -> proto.ServiceStatus diff --git a/proto/vts.pb.go b/proto/vts.pb.go index b482f1a9..8713c897 100644 --- a/proto/vts.pb.go +++ b/proto/vts.pb.go @@ -7,10 +7,10 @@ package proto import ( + empty "github.com/golang/protobuf/ptypes/empty" + _struct "github.com/golang/protobuf/ptypes/struct" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" - emptypb "google.golang.org/protobuf/types/known/emptypb" - structpb "google.golang.org/protobuf/types/known/structpb" reflect "reflect" sync "sync" ) @@ -131,7 +131,7 @@ type Evidence struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Value *structpb.Struct `protobuf:"bytes,1,opt,name=value,proto3" json:"value,omitempty"` + Value *_struct.Struct `protobuf:"bytes,1,opt,name=value,proto3" json:"value,omitempty"` } func (x *Evidence) Reset() { @@ -166,23 +166,23 @@ func (*Evidence) Descriptor() ([]byte, []int) { return file_vts_proto_rawDescGZIP(), []int{1} } -func (x *Evidence) GetValue() *structpb.Struct { +func (x *Evidence) GetValue() *_struct.Struct { if x != nil { return x.Value } return nil } -type AddSwComponentsRequest struct { +type AddRefValuesRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - SwComponents []*Endorsement `protobuf:"bytes,1,rep,name=sw_components,json=swComponents,proto3" json:"sw_components,omitempty"` + ReferenceValues []*Endorsement `protobuf:"bytes,1,rep,name=reference_values,json=referenceValues,proto3" json:"reference_values,omitempty"` } -func (x *AddSwComponentsRequest) Reset() { - *x = AddSwComponentsRequest{} +func (x *AddRefValuesRequest) Reset() { + *x = AddRefValuesRequest{} if protoimpl.UnsafeEnabled { mi := &file_vts_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -190,13 +190,13 @@ func (x *AddSwComponentsRequest) Reset() { } } -func (x *AddSwComponentsRequest) String() string { +func (x *AddRefValuesRequest) String() string { return protoimpl.X.MessageStringOf(x) } -func (*AddSwComponentsRequest) ProtoMessage() {} +func (*AddRefValuesRequest) ProtoMessage() {} -func (x *AddSwComponentsRequest) ProtoReflect() protoreflect.Message { +func (x *AddRefValuesRequest) ProtoReflect() protoreflect.Message { mi := &file_vts_proto_msgTypes[2] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -208,19 +208,19 @@ func (x *AddSwComponentsRequest) ProtoReflect() protoreflect.Message { return mi.MessageOf(x) } -// Deprecated: Use AddSwComponentsRequest.ProtoReflect.Descriptor instead. -func (*AddSwComponentsRequest) Descriptor() ([]byte, []int) { +// Deprecated: Use AddRefValuesRequest.ProtoReflect.Descriptor instead. +func (*AddRefValuesRequest) Descriptor() ([]byte, []int) { return file_vts_proto_rawDescGZIP(), []int{2} } -func (x *AddSwComponentsRequest) GetSwComponents() []*Endorsement { +func (x *AddRefValuesRequest) GetReferenceValues() []*Endorsement { if x != nil { - return x.SwComponents + return x.ReferenceValues } return nil } -type AddSwComponentsResponse struct { +type AddRefValuesResponse struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields @@ -228,8 +228,8 @@ type AddSwComponentsResponse struct { Status *Status `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"` } -func (x *AddSwComponentsResponse) Reset() { - *x = AddSwComponentsResponse{} +func (x *AddRefValuesResponse) Reset() { + *x = AddRefValuesResponse{} if protoimpl.UnsafeEnabled { mi := &file_vts_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -237,13 +237,13 @@ func (x *AddSwComponentsResponse) Reset() { } } -func (x *AddSwComponentsResponse) String() string { +func (x *AddRefValuesResponse) String() string { return protoimpl.X.MessageStringOf(x) } -func (*AddSwComponentsResponse) ProtoMessage() {} +func (*AddRefValuesResponse) ProtoMessage() {} -func (x *AddSwComponentsResponse) ProtoReflect() protoreflect.Message { +func (x *AddRefValuesResponse) ProtoReflect() protoreflect.Message { mi := &file_vts_proto_msgTypes[3] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -255,12 +255,12 @@ func (x *AddSwComponentsResponse) ProtoReflect() protoreflect.Message { return mi.MessageOf(x) } -// Deprecated: Use AddSwComponentsResponse.ProtoReflect.Descriptor instead. -func (*AddSwComponentsResponse) Descriptor() ([]byte, []int) { +// Deprecated: Use AddRefValuesResponse.ProtoReflect.Descriptor instead. +func (*AddRefValuesResponse) Descriptor() ([]byte, []int) { return file_vts_proto_rawDescGZIP(), []int{3} } -func (x *AddSwComponentsResponse) GetStatus() *Status { +func (x *AddRefValuesResponse) GetStatus() *Status { if x != nil { return x.Status } @@ -272,9 +272,13 @@ type Endorsement struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Scheme string `protobuf:"bytes,1,opt,name=scheme,proto3" json:"scheme,omitempty"` - Type EndorsementType `protobuf:"varint,2,opt,name=type,proto3,enum=proto.EndorsementType" json:"type,omitempty"` - Attributes *structpb.Struct `protobuf:"bytes,3,opt,name=attributes,proto3" json:"attributes,omitempty"` + Scheme string `protobuf:"bytes,1,opt,name=scheme,proto3" json:"scheme,omitempty"` + Type EndorsementType `protobuf:"varint,2,opt,name=type,proto3,enum=proto.EndorsementType" json:"type,omitempty"` + // sub_type is opaque to Veraison and is used by schemes to classify range of + //Endorsement sub types for a given Endorsement type. It is assumed that + //there is going to be only one single sub type required + SubType string `protobuf:"bytes,3,opt,name=sub_type,json=subType,proto3" json:"sub_type,omitempty"` + Attributes *_struct.Struct `protobuf:"bytes,4,opt,name=attributes,proto3" json:"attributes,omitempty"` } func (x *Endorsement) Reset() { @@ -323,7 +327,14 @@ func (x *Endorsement) GetType() EndorsementType { return EndorsementType_UNSET } -func (x *Endorsement) GetAttributes() *structpb.Struct { +func (x *Endorsement) GetSubType() string { + if x != nil { + return x.SubType + } + return "" +} + +func (x *Endorsement) GetAttributes() *_struct.Struct { if x != nil { return x.Attributes } @@ -490,68 +501,69 @@ var file_vts_proto_rawDesc = []byte{ 0x65, 0x12, 0x2d, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x22, 0x51, 0x0a, 0x16, 0x41, 0x64, 0x64, 0x53, 0x77, 0x43, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, - 0x6e, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x37, 0x0a, 0x0d, 0x73, 0x77, - 0x5f, 0x63, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, + 0x22, 0x54, 0x0a, 0x13, 0x41, 0x64, 0x64, 0x52, 0x65, 0x66, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x73, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x3d, 0x0a, 0x10, 0x72, 0x65, 0x66, 0x65, 0x72, + 0x65, 0x6e, 0x63, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x45, 0x6e, 0x64, 0x6f, 0x72, 0x73, - 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x0c, 0x73, 0x77, 0x43, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, - 0x6e, 0x74, 0x73, 0x22, 0x40, 0x0a, 0x17, 0x41, 0x64, 0x64, 0x53, 0x77, 0x43, 0x6f, 0x6d, 0x70, - 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x25, + 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x0f, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, + 0x56, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x22, 0x3d, 0x0a, 0x14, 0x41, 0x64, 0x64, 0x52, 0x65, 0x66, + 0x56, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x25, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73, - 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x8a, 0x01, 0x0a, 0x0b, 0x45, 0x6e, 0x64, 0x6f, 0x72, 0x73, + 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0xa5, 0x01, 0x0a, 0x0b, 0x45, 0x6e, 0x64, 0x6f, 0x72, 0x73, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x12, 0x2a, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x16, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x45, 0x6e, 0x64, 0x6f, 0x72, 0x73, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x54, - 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x37, 0x0a, 0x0a, 0x61, 0x74, 0x74, - 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, - 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x0a, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, - 0x65, 0x73, 0x22, 0x4e, 0x0a, 0x15, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x41, 0x6e, - 0x63, 0x68, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x35, 0x0a, 0x0c, 0x74, - 0x72, 0x75, 0x73, 0x74, 0x5f, 0x61, 0x6e, 0x63, 0x68, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x12, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x45, 0x6e, 0x64, 0x6f, 0x72, 0x73, - 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x0b, 0x74, 0x72, 0x75, 0x73, 0x74, 0x41, 0x6e, 0x63, 0x68, - 0x6f, 0x72, 0x22, 0x3f, 0x0a, 0x16, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x41, 0x6e, - 0x63, 0x68, 0x6f, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x25, 0x0a, 0x06, - 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73, 0x74, 0x61, - 0x74, 0x75, 0x73, 0x22, 0x30, 0x0a, 0x0d, 0x4d, 0x65, 0x64, 0x69, 0x61, 0x54, 0x79, 0x70, 0x65, - 0x4c, 0x69, 0x73, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x5f, 0x74, 0x79, - 0x70, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x6d, 0x65, 0x64, 0x69, 0x61, - 0x54, 0x79, 0x70, 0x65, 0x73, 0x2a, 0x47, 0x0a, 0x0f, 0x45, 0x6e, 0x64, 0x6f, 0x72, 0x73, 0x65, - 0x6d, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x09, 0x0a, 0x05, 0x55, 0x4e, 0x53, 0x45, - 0x54, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, 0x52, 0x45, 0x46, 0x45, 0x52, 0x45, 0x4e, 0x43, 0x45, - 0x5f, 0x56, 0x41, 0x4c, 0x55, 0x45, 0x10, 0x01, 0x12, 0x14, 0x0a, 0x10, 0x56, 0x45, 0x52, 0x49, - 0x46, 0x49, 0x43, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4b, 0x45, 0x59, 0x10, 0x02, 0x32, 0xfe, - 0x02, 0x0a, 0x03, 0x56, 0x54, 0x53, 0x12, 0x3e, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x53, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, - 0x79, 0x1a, 0x13, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x42, 0x0a, 0x0e, 0x47, 0x65, 0x74, 0x41, 0x74, 0x74, - 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x17, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x6f, 0x6b, 0x65, - 0x6e, 0x1a, 0x17, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x41, 0x70, 0x70, 0x72, 0x61, 0x69, - 0x73, 0x61, 0x6c, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x52, 0x0a, 0x22, 0x47, 0x65, - 0x74, 0x53, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x64, 0x69, 0x61, 0x54, 0x79, 0x70, 0x65, 0x73, - 0x12, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x14, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x2e, 0x4d, 0x65, 0x64, 0x69, 0x61, 0x54, 0x79, 0x70, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x50, - 0x0a, 0x0f, 0x41, 0x64, 0x64, 0x53, 0x77, 0x43, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, - 0x73, 0x12, 0x1d, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x41, 0x64, 0x64, 0x53, 0x77, 0x43, - 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x1e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x41, 0x64, 0x64, 0x53, 0x77, 0x43, 0x6f, - 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x12, 0x4d, 0x0a, 0x0e, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x41, 0x6e, 0x63, 0x68, - 0x6f, 0x72, 0x12, 0x1c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x41, 0x64, 0x64, 0x54, 0x72, - 0x75, 0x73, 0x74, 0x41, 0x6e, 0x63, 0x68, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x1d, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, - 0x74, 0x41, 0x6e, 0x63, 0x68, 0x6f, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, - 0x24, 0x5a, 0x22, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x76, 0x65, - 0x72, 0x61, 0x69, 0x73, 0x6f, 0x6e, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2f, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x75, 0x62, + 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x73, 0x75, 0x62, + 0x54, 0x79, 0x70, 0x65, 0x12, 0x37, 0x0a, 0x0a, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, + 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, + 0x74, 0x52, 0x0a, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x22, 0x4e, 0x0a, + 0x15, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x41, 0x6e, 0x63, 0x68, 0x6f, 0x72, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x35, 0x0a, 0x0c, 0x74, 0x72, 0x75, 0x73, 0x74, 0x5f, + 0x61, 0x6e, 0x63, 0x68, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x45, 0x6e, 0x64, 0x6f, 0x72, 0x73, 0x65, 0x6d, 0x65, 0x6e, 0x74, + 0x52, 0x0b, 0x74, 0x72, 0x75, 0x73, 0x74, 0x41, 0x6e, 0x63, 0x68, 0x6f, 0x72, 0x22, 0x3f, 0x0a, + 0x16, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x41, 0x6e, 0x63, 0x68, 0x6f, 0x72, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x25, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, + 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, + 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x30, + 0x0a, 0x0d, 0x4d, 0x65, 0x64, 0x69, 0x61, 0x54, 0x79, 0x70, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x12, + 0x1f, 0x0a, 0x0b, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x18, 0x01, + 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x54, 0x79, 0x70, 0x65, 0x73, + 0x2a, 0x47, 0x0a, 0x0f, 0x45, 0x6e, 0x64, 0x6f, 0x72, 0x73, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x54, + 0x79, 0x70, 0x65, 0x12, 0x09, 0x0a, 0x05, 0x55, 0x4e, 0x53, 0x45, 0x54, 0x10, 0x00, 0x12, 0x13, + 0x0a, 0x0f, 0x52, 0x45, 0x46, 0x45, 0x52, 0x45, 0x4e, 0x43, 0x45, 0x5f, 0x56, 0x41, 0x4c, 0x55, + 0x45, 0x10, 0x01, 0x12, 0x14, 0x0a, 0x10, 0x56, 0x45, 0x52, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, + 0x49, 0x4f, 0x4e, 0x5f, 0x4b, 0x45, 0x59, 0x10, 0x02, 0x32, 0xf5, 0x02, 0x0a, 0x03, 0x56, 0x54, + 0x53, 0x12, 0x3e, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x53, + 0x74, 0x61, 0x74, 0x65, 0x12, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x13, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x53, 0x74, 0x61, 0x74, + 0x65, 0x12, 0x42, 0x0a, 0x0e, 0x47, 0x65, 0x74, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x12, 0x17, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x41, 0x74, 0x74, 0x65, + 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x1a, 0x17, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x41, 0x70, 0x70, 0x72, 0x61, 0x69, 0x73, 0x61, 0x6c, 0x43, 0x6f, + 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x52, 0x0a, 0x22, 0x47, 0x65, 0x74, 0x53, 0x75, 0x70, 0x70, + 0x6f, 0x72, 0x74, 0x65, 0x64, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x4d, 0x65, 0x64, 0x69, 0x61, 0x54, 0x79, 0x70, 0x65, 0x73, 0x12, 0x16, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, + 0x70, 0x74, 0x79, 0x1a, 0x14, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x4d, 0x65, 0x64, 0x69, + 0x61, 0x54, 0x79, 0x70, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x47, 0x0a, 0x0c, 0x41, 0x64, 0x64, + 0x52, 0x65, 0x66, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x12, 0x1a, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x2e, 0x41, 0x64, 0x64, 0x52, 0x65, 0x66, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1b, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x41, 0x64, + 0x64, 0x52, 0x65, 0x66, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x12, 0x4d, 0x0a, 0x0e, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x41, 0x6e, + 0x63, 0x68, 0x6f, 0x72, 0x12, 0x1c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x41, 0x64, 0x64, + 0x54, 0x72, 0x75, 0x73, 0x74, 0x41, 0x6e, 0x63, 0x68, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x41, 0x64, 0x64, 0x54, 0x72, + 0x75, 0x73, 0x74, 0x41, 0x6e, 0x63, 0x68, 0x6f, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x42, 0x24, 0x5a, 0x22, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, + 0x76, 0x65, 0x72, 0x61, 0x69, 0x73, 0x6f, 0x6e, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x73, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -569,25 +581,25 @@ func file_vts_proto_rawDescGZIP() []byte { var file_vts_proto_enumTypes = make([]protoimpl.EnumInfo, 1) var file_vts_proto_msgTypes = make([]protoimpl.MessageInfo, 8) var file_vts_proto_goTypes = []interface{}{ - (EndorsementType)(0), // 0: proto.EndorsementType - (*Status)(nil), // 1: proto.Status - (*Evidence)(nil), // 2: proto.Evidence - (*AddSwComponentsRequest)(nil), // 3: proto.AddSwComponentsRequest - (*AddSwComponentsResponse)(nil), // 4: proto.AddSwComponentsResponse - (*Endorsement)(nil), // 5: proto.Endorsement - (*AddTrustAnchorRequest)(nil), // 6: proto.AddTrustAnchorRequest - (*AddTrustAnchorResponse)(nil), // 7: proto.AddTrustAnchorResponse - (*MediaTypeList)(nil), // 8: proto.MediaTypeList - (*structpb.Struct)(nil), // 9: google.protobuf.Struct - (*emptypb.Empty)(nil), // 10: google.protobuf.Empty - (*AttestationToken)(nil), // 11: proto.AttestationToken - (*ServiceState)(nil), // 12: proto.ServiceState - (*AppraisalContext)(nil), // 13: proto.AppraisalContext + (EndorsementType)(0), // 0: proto.EndorsementType + (*Status)(nil), // 1: proto.Status + (*Evidence)(nil), // 2: proto.Evidence + (*AddRefValuesRequest)(nil), // 3: proto.AddRefValuesRequest + (*AddRefValuesResponse)(nil), // 4: proto.AddRefValuesResponse + (*Endorsement)(nil), // 5: proto.Endorsement + (*AddTrustAnchorRequest)(nil), // 6: proto.AddTrustAnchorRequest + (*AddTrustAnchorResponse)(nil), // 7: proto.AddTrustAnchorResponse + (*MediaTypeList)(nil), // 8: proto.MediaTypeList + (*_struct.Struct)(nil), // 9: google.protobuf.Struct + (*empty.Empty)(nil), // 10: google.protobuf.Empty + (*AttestationToken)(nil), // 11: proto.AttestationToken + (*ServiceState)(nil), // 12: proto.ServiceState + (*AppraisalContext)(nil), // 13: proto.AppraisalContext } var file_vts_proto_depIdxs = []int32{ 9, // 0: proto.Evidence.value:type_name -> google.protobuf.Struct - 5, // 1: proto.AddSwComponentsRequest.sw_components:type_name -> proto.Endorsement - 1, // 2: proto.AddSwComponentsResponse.status:type_name -> proto.Status + 5, // 1: proto.AddRefValuesRequest.reference_values:type_name -> proto.Endorsement + 1, // 2: proto.AddRefValuesResponse.status:type_name -> proto.Status 0, // 3: proto.Endorsement.type:type_name -> proto.EndorsementType 9, // 4: proto.Endorsement.attributes:type_name -> google.protobuf.Struct 5, // 5: proto.AddTrustAnchorRequest.trust_anchor:type_name -> proto.Endorsement @@ -595,12 +607,12 @@ var file_vts_proto_depIdxs = []int32{ 10, // 7: proto.VTS.GetServiceState:input_type -> google.protobuf.Empty 11, // 8: proto.VTS.GetAttestation:input_type -> proto.AttestationToken 10, // 9: proto.VTS.GetSupportedVerificationMediaTypes:input_type -> google.protobuf.Empty - 3, // 10: proto.VTS.AddSwComponents:input_type -> proto.AddSwComponentsRequest + 3, // 10: proto.VTS.AddRefValues:input_type -> proto.AddRefValuesRequest 6, // 11: proto.VTS.AddTrustAnchor:input_type -> proto.AddTrustAnchorRequest 12, // 12: proto.VTS.GetServiceState:output_type -> proto.ServiceState 13, // 13: proto.VTS.GetAttestation:output_type -> proto.AppraisalContext 8, // 14: proto.VTS.GetSupportedVerificationMediaTypes:output_type -> proto.MediaTypeList - 4, // 15: proto.VTS.AddSwComponents:output_type -> proto.AddSwComponentsResponse + 4, // 15: proto.VTS.AddRefValues:output_type -> proto.AddRefValuesResponse 7, // 16: proto.VTS.AddTrustAnchor:output_type -> proto.AddTrustAnchorResponse 12, // [12:17] is the sub-list for method output_type 7, // [7:12] is the sub-list for method input_type @@ -643,7 +655,7 @@ func file_vts_proto_init() { } } file_vts_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AddSwComponentsRequest); i { + switch v := v.(*AddRefValuesRequest); i { case 0: return &v.state case 1: @@ -655,7 +667,7 @@ func file_vts_proto_init() { } } file_vts_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AddSwComponentsResponse); i { + switch v := v.(*AddRefValuesResponse); i { case 0: return &v.state case 1: diff --git a/proto/vts.pb.json.go b/proto/vts.pb.json.go index 92d2b306..f345afe4 100644 --- a/proto/vts.pb.json.go +++ b/proto/vts.pb.json.go @@ -40,7 +40,7 @@ func (msg *Evidence) UnmarshalJSON(b []byte) error { } // MarshalJSON implements json.Marshaler -func (msg *AddSwComponentsRequest) MarshalJSON() ([]byte, error) { +func (msg *AddRefValuesRequest) MarshalJSON() ([]byte, error) { return protojson.MarshalOptions{ UseEnumNumbers: false, EmitUnpopulated: false, @@ -49,14 +49,14 @@ func (msg *AddSwComponentsRequest) MarshalJSON() ([]byte, error) { } // UnmarshalJSON implements json.Unmarshaler -func (msg *AddSwComponentsRequest) UnmarshalJSON(b []byte) error { +func (msg *AddRefValuesRequest) UnmarshalJSON(b []byte) error { return protojson.UnmarshalOptions{ DiscardUnknown: false, }.Unmarshal(b, msg) } // MarshalJSON implements json.Marshaler -func (msg *AddSwComponentsResponse) MarshalJSON() ([]byte, error) { +func (msg *AddRefValuesResponse) MarshalJSON() ([]byte, error) { return protojson.MarshalOptions{ UseEnumNumbers: false, EmitUnpopulated: false, @@ -65,7 +65,7 @@ func (msg *AddSwComponentsResponse) MarshalJSON() ([]byte, error) { } // UnmarshalJSON implements json.Unmarshaler -func (msg *AddSwComponentsResponse) UnmarshalJSON(b []byte) error { +func (msg *AddRefValuesResponse) UnmarshalJSON(b []byte) error { return protojson.UnmarshalOptions{ DiscardUnknown: false, }.Unmarshal(b, msg) diff --git a/proto/vts.proto b/proto/vts.proto index b553e288..e7c6bd10 100644 --- a/proto/vts.proto +++ b/proto/vts.proto @@ -20,11 +20,11 @@ message Evidence { google.protobuf.Struct value = 1; } -message AddSwComponentsRequest { - repeated Endorsement sw_components = 1; +message AddRefValuesRequest { + repeated Endorsement reference_values = 1; } -message AddSwComponentsResponse { +message AddRefValuesResponse { Status status = 1; } @@ -37,7 +37,11 @@ enum EndorsementType { message Endorsement { string scheme = 1; EndorsementType type = 2; - google.protobuf.Struct attributes = 3; + /* sub_type is opaque to Veraison and is used by schemes to classify range of + Endorsement sub types for a given Endorsement type. It is assumed that + there is going to be only one single sub type required */ + string sub_type = 3; + google.protobuf.Struct attributes = 4; } message AddTrustAnchorRequest { @@ -62,9 +66,9 @@ service VTS { rpc GetAttestation(AttestationToken) returns (AppraisalContext); rpc GetSupportedVerificationMediaTypes(google.protobuf.Empty) returns (MediaTypeList); - // Service endpoints that are used to store Software Components + // Service endpoints that are used to store Reference Values // and Trust Anchors to the endorsement store - rpc AddSwComponents(AddSwComponentsRequest) returns (AddSwComponentsResponse); + rpc AddRefValues(AddRefValuesRequest) returns (AddRefValuesResponse); rpc AddTrustAnchor(AddTrustAnchorRequest) returns (AddTrustAnchorResponse); // TODO When we move the provisiong plugins under VTS we need to enable this // TODO interface too. diff --git a/proto/vts_grpc.pb.go b/proto/vts_grpc.pb.go index 8b182760..54a9184e 100644 --- a/proto/vts_grpc.pb.go +++ b/proto/vts_grpc.pb.go @@ -4,10 +4,10 @@ package proto import ( context "context" + empty "github.com/golang/protobuf/ptypes/empty" grpc "google.golang.org/grpc" codes "google.golang.org/grpc/codes" status "google.golang.org/grpc/status" - emptypb "google.golang.org/protobuf/types/known/emptypb" ) // This is a compile-time assertion to ensure that this generated file @@ -20,14 +20,14 @@ const _ = grpc.SupportPackageIsVersion7 // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. type VTSClient interface { // Return the summary state of the service. - GetServiceState(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*ServiceState, error) + GetServiceState(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*ServiceState, error) // Returns attestation information -- evidences, endorsed claims, trust // vector, etc -- for the provided attestation token data. GetAttestation(ctx context.Context, in *AttestationToken, opts ...grpc.CallOption) (*AppraisalContext, error) - GetSupportedVerificationMediaTypes(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*MediaTypeList, error) - // Service endpoints that are used to store Software Components + GetSupportedVerificationMediaTypes(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*MediaTypeList, error) + // Service endpoints that are used to store Reference Values // and Trust Anchors to the endorsement store - AddSwComponents(ctx context.Context, in *AddSwComponentsRequest, opts ...grpc.CallOption) (*AddSwComponentsResponse, error) + AddRefValues(ctx context.Context, in *AddRefValuesRequest, opts ...grpc.CallOption) (*AddRefValuesResponse, error) AddTrustAnchor(ctx context.Context, in *AddTrustAnchorRequest, opts ...grpc.CallOption) (*AddTrustAnchorResponse, error) } @@ -39,7 +39,7 @@ func NewVTSClient(cc grpc.ClientConnInterface) VTSClient { return &vTSClient{cc} } -func (c *vTSClient) GetServiceState(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*ServiceState, error) { +func (c *vTSClient) GetServiceState(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*ServiceState, error) { out := new(ServiceState) err := c.cc.Invoke(ctx, "/proto.VTS/GetServiceState", in, out, opts...) if err != nil { @@ -57,7 +57,7 @@ func (c *vTSClient) GetAttestation(ctx context.Context, in *AttestationToken, op return out, nil } -func (c *vTSClient) GetSupportedVerificationMediaTypes(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*MediaTypeList, error) { +func (c *vTSClient) GetSupportedVerificationMediaTypes(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*MediaTypeList, error) { out := new(MediaTypeList) err := c.cc.Invoke(ctx, "/proto.VTS/GetSupportedVerificationMediaTypes", in, out, opts...) if err != nil { @@ -66,9 +66,9 @@ func (c *vTSClient) GetSupportedVerificationMediaTypes(ctx context.Context, in * return out, nil } -func (c *vTSClient) AddSwComponents(ctx context.Context, in *AddSwComponentsRequest, opts ...grpc.CallOption) (*AddSwComponentsResponse, error) { - out := new(AddSwComponentsResponse) - err := c.cc.Invoke(ctx, "/proto.VTS/AddSwComponents", in, out, opts...) +func (c *vTSClient) AddRefValues(ctx context.Context, in *AddRefValuesRequest, opts ...grpc.CallOption) (*AddRefValuesResponse, error) { + out := new(AddRefValuesResponse) + err := c.cc.Invoke(ctx, "/proto.VTS/AddRefValues", in, out, opts...) if err != nil { return nil, err } @@ -89,14 +89,14 @@ func (c *vTSClient) AddTrustAnchor(ctx context.Context, in *AddTrustAnchorReques // for forward compatibility type VTSServer interface { // Return the summary state of the service. - GetServiceState(context.Context, *emptypb.Empty) (*ServiceState, error) + GetServiceState(context.Context, *empty.Empty) (*ServiceState, error) // Returns attestation information -- evidences, endorsed claims, trust // vector, etc -- for the provided attestation token data. GetAttestation(context.Context, *AttestationToken) (*AppraisalContext, error) - GetSupportedVerificationMediaTypes(context.Context, *emptypb.Empty) (*MediaTypeList, error) - // Service endpoints that are used to store Software Components + GetSupportedVerificationMediaTypes(context.Context, *empty.Empty) (*MediaTypeList, error) + // Service endpoints that are used to store Reference Values // and Trust Anchors to the endorsement store - AddSwComponents(context.Context, *AddSwComponentsRequest) (*AddSwComponentsResponse, error) + AddRefValues(context.Context, *AddRefValuesRequest) (*AddRefValuesResponse, error) AddTrustAnchor(context.Context, *AddTrustAnchorRequest) (*AddTrustAnchorResponse, error) mustEmbedUnimplementedVTSServer() } @@ -105,17 +105,17 @@ type VTSServer interface { type UnimplementedVTSServer struct { } -func (UnimplementedVTSServer) GetServiceState(context.Context, *emptypb.Empty) (*ServiceState, error) { +func (UnimplementedVTSServer) GetServiceState(context.Context, *empty.Empty) (*ServiceState, error) { return nil, status.Errorf(codes.Unimplemented, "method GetServiceState not implemented") } func (UnimplementedVTSServer) GetAttestation(context.Context, *AttestationToken) (*AppraisalContext, error) { return nil, status.Errorf(codes.Unimplemented, "method GetAttestation not implemented") } -func (UnimplementedVTSServer) GetSupportedVerificationMediaTypes(context.Context, *emptypb.Empty) (*MediaTypeList, error) { +func (UnimplementedVTSServer) GetSupportedVerificationMediaTypes(context.Context, *empty.Empty) (*MediaTypeList, error) { return nil, status.Errorf(codes.Unimplemented, "method GetSupportedVerificationMediaTypes not implemented") } -func (UnimplementedVTSServer) AddSwComponents(context.Context, *AddSwComponentsRequest) (*AddSwComponentsResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method AddSwComponents not implemented") +func (UnimplementedVTSServer) AddRefValues(context.Context, *AddRefValuesRequest) (*AddRefValuesResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method AddRefValues not implemented") } func (UnimplementedVTSServer) AddTrustAnchor(context.Context, *AddTrustAnchorRequest) (*AddTrustAnchorResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method AddTrustAnchor not implemented") @@ -134,7 +134,7 @@ func RegisterVTSServer(s grpc.ServiceRegistrar, srv VTSServer) { } func _VTS_GetServiceState_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(emptypb.Empty) + in := new(empty.Empty) if err := dec(in); err != nil { return nil, err } @@ -146,7 +146,7 @@ func _VTS_GetServiceState_Handler(srv interface{}, ctx context.Context, dec func FullMethod: "/proto.VTS/GetServiceState", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(VTSServer).GetServiceState(ctx, req.(*emptypb.Empty)) + return srv.(VTSServer).GetServiceState(ctx, req.(*empty.Empty)) } return interceptor(ctx, in, info, handler) } @@ -170,7 +170,7 @@ func _VTS_GetAttestation_Handler(srv interface{}, ctx context.Context, dec func( } func _VTS_GetSupportedVerificationMediaTypes_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(emptypb.Empty) + in := new(empty.Empty) if err := dec(in); err != nil { return nil, err } @@ -182,25 +182,25 @@ func _VTS_GetSupportedVerificationMediaTypes_Handler(srv interface{}, ctx contex FullMethod: "/proto.VTS/GetSupportedVerificationMediaTypes", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(VTSServer).GetSupportedVerificationMediaTypes(ctx, req.(*emptypb.Empty)) + return srv.(VTSServer).GetSupportedVerificationMediaTypes(ctx, req.(*empty.Empty)) } return interceptor(ctx, in, info, handler) } -func _VTS_AddSwComponents_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(AddSwComponentsRequest) +func _VTS_AddRefValues_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(AddRefValuesRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(VTSServer).AddSwComponents(ctx, in) + return srv.(VTSServer).AddRefValues(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.VTS/AddSwComponents", + FullMethod: "/proto.VTS/AddRefValues", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(VTSServer).AddSwComponents(ctx, req.(*AddSwComponentsRequest)) + return srv.(VTSServer).AddRefValues(ctx, req.(*AddRefValuesRequest)) } return interceptor(ctx, in, info, handler) } @@ -243,8 +243,8 @@ var VTS_ServiceDesc = grpc.ServiceDesc{ Handler: _VTS_GetSupportedVerificationMediaTypes_Handler, }, { - MethodName: "AddSwComponents", - Handler: _VTS_AddSwComponents_Handler, + MethodName: "AddRefValues", + Handler: _VTS_AddRefValues_Handler, }, { MethodName: "AddTrustAnchor", diff --git a/provisioning/api/handler.go b/provisioning/api/handler.go index b52b803f..4b28044c 100644 --- a/provisioning/api/handler.go +++ b/provisioning/api/handler.go @@ -206,22 +206,22 @@ func (o *Handler) store(rsp *decoder.EndorsementDecoderResponse) error { } } - for _, swComp := range rsp.SwComponents { - swCompReq := &proto.AddSwComponentsRequest{ - SwComponents: []*proto.Endorsement{ - swComp, + for _, refVal := range rsp.ReferenceValues { + refValReq := &proto.AddRefValuesRequest{ + ReferenceValues: []*proto.Endorsement{ + refVal, }, } - swCompRes, err := o.VTSClient.AddSwComponents(context.TODO(), swCompReq) + refValRes, err := o.VTSClient.AddRefValues(context.TODO(), refValReq) if err != nil { - return fmt.Errorf("store operation failed for software components: %w", err) + return fmt.Errorf("store operation failed for reference values: %w", err) } - if !swCompRes.GetStatus().Result { + if !refValRes.GetStatus().Result { return fmt.Errorf( - "store operation failed for software components: %s", - swCompRes.Status.GetErrorDetail(), + "store operation failed for reference values: %s", + refValRes.Status.GetErrorDetail(), ) } } diff --git a/provisioning/api/handler_test.go b/provisioning/api/handler_test.go index 8fda6a52..06500bb0 100644 --- a/provisioning/api/handler_test.go +++ b/provisioning/api/handler_test.go @@ -28,7 +28,7 @@ var ( TrustAnchors: []*proto.Endorsement{ {}, }, - SwComponents: []*proto.Endorsement{ + ReferenceValues: []*proto.Endorsement{ {}, }, } @@ -38,10 +38,10 @@ var ( testGoodTaRes = proto.AddTrustAnchorResponse{ Status: &proto.Status{Result: true}, } - testFailedSwCompRes = proto.AddSwComponentsResponse{ + testFailedRefValRes = proto.AddRefValuesResponse{ Status: &proto.Status{Result: false}, } - testGoodSwCompRes = proto.AddSwComponentsResponse{ + testGoodRefValRes = proto.AddRefValuesResponse{ Status: &proto.Status{Result: true}, } ) @@ -342,7 +342,7 @@ func TestHandler_Submit_store_AddTrustAnchor_failure2(t *testing.T) { assert.Equal(t, expectedStatus, body.Status) } -func TestHandler_Submit_store_AddSwComponents_failure1(t *testing.T) { +func TestHandler_Submit_store_AddRefValues_failure1(t *testing.T) { ctrl := gomock.NewController(t) defer ctrl.Finish() @@ -375,11 +375,11 @@ func TestHandler_Submit_store_AddSwComponents_failure1(t *testing.T) { ). Return(&testGoodTaRes, nil) sc.EXPECT(). - AddSwComponents( + AddRefValues( gomock.Eq(context.TODO()), gomock.Eq( - &proto.AddSwComponentsRequest{ - SwComponents: []*proto.Endorsement{ + &proto.AddRefValuesRequest{ + ReferenceValues: []*proto.Endorsement{ {}, }, }, @@ -392,7 +392,7 @@ func TestHandler_Submit_store_AddSwComponents_failure1(t *testing.T) { expectedCode := http.StatusOK expectedType := ProvisioningSessionMediaType expectedFailureReason := fmt.Sprintf( - "endorsement store returned error: store operation failed for software components: %s", + "endorsement store returned error: store operation failed for reference values: %s", storeError, ) expectedStatus := "failed" @@ -416,14 +416,14 @@ func TestHandler_Submit_store_AddSwComponents_failure1(t *testing.T) { assert.Equal(t, expectedStatus, body.Status) } -func TestHandler_Submit_store_AddSwComponents_failure2(t *testing.T) { +func TestHandler_Submit_store_AddRefValues_failure2(t *testing.T) { ctrl := gomock.NewController(t) defer ctrl.Finish() mediaType := "application/good+json" endo := []byte("some data") storeError := "store says doh!" - testFailedSwCompRes.Status.ErrorDetail = storeError + testFailedRefValRes.Status.ErrorDetail = storeError dm := mock_deps.NewMockIDecoderManager(ctrl) dm.EXPECT(). @@ -450,24 +450,24 @@ func TestHandler_Submit_store_AddSwComponents_failure2(t *testing.T) { ). Return(&testGoodTaRes, nil) sc.EXPECT(). - AddSwComponents( + AddRefValues( gomock.Eq(context.TODO()), gomock.Eq( - &proto.AddSwComponentsRequest{ - SwComponents: []*proto.Endorsement{ + &proto.AddRefValuesRequest{ + ReferenceValues: []*proto.Endorsement{ {}, }, }, ), ). - Return(&testFailedSwCompRes, nil) + Return(&testFailedRefValRes, nil) h := NewHandler(dm, sc, log.Named("test")) expectedCode := http.StatusOK expectedType := ProvisioningSessionMediaType expectedFailureReason := fmt.Sprintf( - "endorsement store returned error: store operation failed for software components: %s", + "endorsement store returned error: store operation failed for reference values: %s", storeError, ) expectedStatus := "failed" @@ -523,17 +523,17 @@ func TestHandler_Submit_ok(t *testing.T) { ). Return(&testGoodTaRes, nil) sc.EXPECT(). - AddSwComponents( + AddRefValues( gomock.Eq(context.TODO()), gomock.Eq( - &proto.AddSwComponentsRequest{ - SwComponents: []*proto.Endorsement{ + &proto.AddRefValuesRequest{ + ReferenceValues: []*proto.Endorsement{ {}, }, }, ), ). - Return(&testGoodSwCompRes, nil) + Return(&testGoodRefValRes, nil) h := NewHandler(dm, sc, log.Named("test")) diff --git a/provisioning/api/mocks/ivtsclient.go b/provisioning/api/mocks/ivtsclient.go index ca7b73b7..6af619eb 100644 --- a/provisioning/api/mocks/ivtsclient.go +++ b/provisioning/api/mocks/ivtsclient.go @@ -37,24 +37,24 @@ func (m *MockIVTSClient) EXPECT() *MockIVTSClientMockRecorder { return m.recorder } -// AddSwComponents mocks base method. -func (m *MockIVTSClient) AddSwComponents(ctx context.Context, in *proto.AddSwComponentsRequest, opts ...grpc.CallOption) (*proto.AddSwComponentsResponse, error) { +// AddRefValues mocks base method. +func (m *MockIVTSClient) AddRefValues(ctx context.Context, in *proto.AddRefValuesRequest, opts ...grpc.CallOption) (*proto.AddRefValuesResponse, error) { m.ctrl.T.Helper() varargs := []interface{}{ctx, in} for _, a := range opts { varargs = append(varargs, a) } - ret := m.ctrl.Call(m, "AddSwComponents", varargs...) - ret0, _ := ret[0].(*proto.AddSwComponentsResponse) + ret := m.ctrl.Call(m, "AddRefValues", varargs...) + ret0, _ := ret[0].(*proto.AddRefValuesResponse) ret1, _ := ret[1].(error) return ret0, ret1 } -// AddSwComponents indicates an expected call of AddSwComponents. -func (mr *MockIVTSClientMockRecorder) AddSwComponents(ctx, in interface{}, opts ...interface{}) *gomock.Call { +// AddRefValues indicates an expected call of AddRefValues. +func (mr *MockIVTSClientMockRecorder) AddRefValues(ctx, in interface{}, opts ...interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() varargs := append([]interface{}{ctx, in}, opts...) - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AddSwComponents", reflect.TypeOf((*MockIVTSClient)(nil).AddSwComponents), varargs...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AddRefValues", reflect.TypeOf((*MockIVTSClient)(nil).AddRefValues), varargs...) } // AddTrustAnchor mocks base method. diff --git a/provisioning/decoder/decoder_response.pb.go b/provisioning/decoder/decoder_response.pb.go index a5bdf49c..5411e403 100644 --- a/provisioning/decoder/decoder_response.pb.go +++ b/provisioning/decoder/decoder_response.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.27.1 -// protoc v3.21.7 +// protoc v3.21.9 // source: decoder_response.proto package decoder @@ -26,8 +26,8 @@ type EndorsementDecoderResponse struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - SwComponents []*proto.Endorsement `protobuf:"bytes,1,rep,name=swComponents,proto3" json:"swComponents,omitempty"` - TrustAnchors []*proto.Endorsement `protobuf:"bytes,2,rep,name=trustAnchors,proto3" json:"trustAnchors,omitempty"` + ReferenceValues []*proto.Endorsement `protobuf:"bytes,1,rep,name=referenceValues,proto3" json:"referenceValues,omitempty"` + TrustAnchors []*proto.Endorsement `protobuf:"bytes,2,rep,name=trustAnchors,proto3" json:"trustAnchors,omitempty"` } func (x *EndorsementDecoderResponse) Reset() { @@ -62,9 +62,9 @@ func (*EndorsementDecoderResponse) Descriptor() ([]byte, []int) { return file_decoder_response_proto_rawDescGZIP(), []int{0} } -func (x *EndorsementDecoderResponse) GetSwComponents() []*proto.Endorsement { +func (x *EndorsementDecoderResponse) GetReferenceValues() []*proto.Endorsement { if x != nil { - return x.SwComponents + return x.ReferenceValues } return nil } @@ -83,19 +83,20 @@ var file_decoder_response_proto_rawDesc = []byte{ 0x73, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1c, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x73, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x5f, 0x64, 0x65, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x09, 0x76, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x22, 0x8c, 0x01, 0x0a, 0x1a, 0x45, 0x6e, 0x64, 0x6f, 0x72, 0x73, 0x65, 0x6d, 0x65, 0x6e, + 0x6f, 0x22, 0x92, 0x01, 0x0a, 0x1a, 0x45, 0x6e, 0x64, 0x6f, 0x72, 0x73, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x44, 0x65, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x12, 0x36, 0x0a, 0x0c, 0x73, 0x77, 0x43, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x73, - 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x45, - 0x6e, 0x64, 0x6f, 0x72, 0x73, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x0c, 0x73, 0x77, 0x43, 0x6f, - 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x36, 0x0a, 0x0c, 0x74, 0x72, 0x75, 0x73, - 0x74, 0x41, 0x6e, 0x63, 0x68, 0x6f, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x45, 0x6e, 0x64, 0x6f, 0x72, 0x73, 0x65, 0x6d, 0x65, - 0x6e, 0x74, 0x52, 0x0c, 0x74, 0x72, 0x75, 0x73, 0x74, 0x41, 0x6e, 0x63, 0x68, 0x6f, 0x72, 0x73, - 0x42, 0x33, 0x5a, 0x31, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x76, - 0x65, 0x72, 0x61, 0x69, 0x73, 0x6f, 0x6e, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, - 0x2f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x2f, 0x64, 0x65, - 0x63, 0x6f, 0x64, 0x65, 0x72, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x12, 0x3c, 0x0a, 0x0f, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x56, 0x61, 0x6c, + 0x75, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x2e, 0x45, 0x6e, 0x64, 0x6f, 0x72, 0x73, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x0f, 0x72, + 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x12, 0x36, + 0x0a, 0x0c, 0x74, 0x72, 0x75, 0x73, 0x74, 0x41, 0x6e, 0x63, 0x68, 0x6f, 0x72, 0x73, 0x18, 0x02, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x45, 0x6e, 0x64, + 0x6f, 0x72, 0x73, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x0c, 0x74, 0x72, 0x75, 0x73, 0x74, 0x41, + 0x6e, 0x63, 0x68, 0x6f, 0x72, 0x73, 0x42, 0x33, 0x5a, 0x31, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, + 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x76, 0x65, 0x72, 0x61, 0x69, 0x73, 0x6f, 0x6e, 0x2f, 0x73, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, + 0x69, 0x6e, 0x67, 0x2f, 0x64, 0x65, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x62, 0x06, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x33, } var ( @@ -116,7 +117,7 @@ var file_decoder_response_proto_goTypes = []interface{}{ (*proto.Endorsement)(nil), // 1: proto.Endorsement } var file_decoder_response_proto_depIdxs = []int32{ - 1, // 0: endorsement_decoder_response.EndorsementDecoderResponse.swComponents:type_name -> proto.Endorsement + 1, // 0: endorsement_decoder_response.EndorsementDecoderResponse.referenceValues:type_name -> proto.Endorsement 1, // 1: endorsement_decoder_response.EndorsementDecoderResponse.trustAnchors:type_name -> proto.Endorsement 2, // [2:2] is the sub-list for method output_type 2, // [2:2] is the sub-list for method input_type diff --git a/provisioning/decoder/decoder_response.proto b/provisioning/decoder/decoder_response.proto index 5618ee1c..719d4295 100644 --- a/provisioning/decoder/decoder_response.proto +++ b/provisioning/decoder/decoder_response.proto @@ -6,6 +6,6 @@ option go_package = "github.com/veraison/services/provisioning/decoder"; import "vts.proto"; message EndorsementDecoderResponse { - repeated proto.Endorsement swComponents = 1; + repeated proto.Endorsement referenceValues = 1; repeated proto.Endorsement trustAnchors = 2; } diff --git a/provisioning/plugins/common/unsignedcorim_decoder.go b/provisioning/plugins/common/unsignedcorim_decoder.go index a2ea201a..9c133a2c 100644 --- a/provisioning/plugins/common/unsignedcorim_decoder.go +++ b/provisioning/plugins/common/unsignedcorim_decoder.go @@ -99,7 +99,8 @@ func UnsignedCorimDecoder(data []byte, xtr IExtractor) (*decoder.EndorsementDeco } for i := range refVal { - rsp.SwComponents = append(rsp.SwComponents, refVal[i]) + rsp.ReferenceValues = append(rsp.ReferenceValues, refVal[i]) + } } } diff --git a/provisioning/plugins/corim-psa-decoder/ccaplatformconfigid.go b/provisioning/plugins/corim-psa-decoder/ccaplatformconfigid.go index 02fc6ade..2621c392 100644 --- a/provisioning/plugins/corim-psa-decoder/ccaplatformconfigid.go +++ b/provisioning/plugins/corim-psa-decoder/ccaplatformconfigid.go @@ -33,19 +33,23 @@ func (o *CCAPlatformConfigID) FromMeasurement(m comid.Measurement) error { return nil } -func (o CCAPlatformConfigID) MakeRefAttrs(c PSAClassAttributes) (*structpb.Struct, error) { +func (o CCAPlatformConfigID) GetRefValType() string { + return "platform-config" +} + +func (o CCAPlatformConfigID) MakeRefAttrs(c ClassAttributes, scheme string) (*structpb.Struct, error) { refAttrs := map[string]interface{}{ - "psa.impl-id": c.ImplID, - "cca.platform-config-label": o.Label, - "cca.platform-config-id": o.Value, + scheme + ".impl-id": c.ImplID, + scheme + ".platform-config-label": o.Label, + scheme + ".platform-config-id": o.Value, } if c.Vendor != "" { - refAttrs["psa.hw-vendor"] = c.Vendor + refAttrs[scheme+".hw-vendor"] = c.Vendor } if c.Model != "" { - refAttrs["psa.hw-model"] = c.Model + refAttrs[scheme+".hw-model"] = c.Model } return structpb.NewStruct(refAttrs) diff --git a/provisioning/plugins/corim-psa-decoder/classattributes.go b/provisioning/plugins/corim-psa-decoder/classattributes.go index 3c975967..e3732209 100644 --- a/provisioning/plugins/corim-psa-decoder/classattributes.go +++ b/provisioning/plugins/corim-psa-decoder/classattributes.go @@ -8,14 +8,14 @@ import ( "github.com/veraison/corim/comid" ) -type PSAClassAttributes struct { +type ClassAttributes struct { ImplID []byte Vendor string Model string } // extract mandatory ImplID and optional vendor & model -func (o *PSAClassAttributes) FromEnvironment(e comid.Environment) error { +func (o *ClassAttributes) FromEnvironment(e comid.Environment) error { class := e.Class if class == nil { diff --git a/provisioning/plugins/corim-psa-decoder/extractor.go b/provisioning/plugins/corim-psa-decoder/extractor.go index 1430469e..20518f19 100644 --- a/provisioning/plugins/corim-psa-decoder/extractor.go +++ b/provisioning/plugins/corim-psa-decoder/extractor.go @@ -13,9 +13,10 @@ import ( ) const ( - psaProfile = "http://arm.com/psa/iot/1" - ccaProfile = "http://arm.com/cca/ssd/1" - schemeName = "PSA_IOT" + psaProfile = "http://arm.com/psa/iot/1" + ccaProfile = "http://arm.com/cca/ssd/1" + psaSchemeName = "PSA_IOT" + ccaSchemeName = "CCA_SSD_PLATFORM" ) type Extractor struct { @@ -30,13 +31,14 @@ func (o *Extractor) SetProfile(p string) { // and to make ref attributes from them type MeasurementExtractor interface { FromMeasurement(comid.Measurement) error - MakeRefAttrs(PSAClassAttributes) (*structpb.Struct, error) + GetRefValType() string + MakeRefAttrs(ClassAttributes, string) (*structpb.Struct, error) } func (o Extractor) RefValExtractor(rv comid.ReferenceValue) ([]*proto.Endorsement, error) { - var psaClassAttrs PSAClassAttributes + var classAttrs ClassAttributes - if err := psaClassAttrs.FromEnvironment(rv.Environment); err != nil { + if err := classAttrs.FromEnvironment(rv.Environment); err != nil { return nil, fmt.Errorf("could not extract PSA class attributes: %w", err) } @@ -53,9 +55,11 @@ func (o Extractor) RefValExtractor(rv comid.ReferenceValue) ([]*proto.Endorsemen if m.Key == nil { return nil, fmt.Errorf("measurement key is not present") } + if !m.Key.IsSet() { return nil, fmt.Errorf("measurement key is not set") } + // Check which MKey is present and then decide which extractor to invoke if m.Key.IsPSARefValID() { // Check correct profile and then proceed @@ -66,9 +70,9 @@ func (o Extractor) RefValExtractor(rv comid.ReferenceValue) ([]*proto.Endorsemen return nil, fmt.Errorf("measurement error at index %d: incorrect profile %s", i, o.Profile) } - var psaSwCompAttrs PSASwCompAttributes + var swCompAttrs SwCompAttributes - refVal, err = ExtractMeas(&psaSwCompAttrs, m, psaClassAttrs) + refVal, err = extractMeasurement(&swCompAttrs, m, classAttrs, o.Profile) if err != nil { return nil, fmt.Errorf("unable to extract measurement at index %d, %w", i, err) } @@ -77,7 +81,7 @@ func (o Extractor) RefValExtractor(rv comid.ReferenceValue) ([]*proto.Endorsemen return nil, fmt.Errorf("measurement error at index %d: incorrect profile %s", i, o.Profile) } var ccaPlatformConfigID CCAPlatformConfigID - refVal, err = ExtractMeas(&ccaPlatformConfigID, m, psaClassAttrs) + refVal, err = extractMeasurement(&ccaPlatformConfigID, m, classAttrs, o.Profile) if err != nil { return nil, fmt.Errorf("unable to extract measurement: %w", err) } @@ -94,19 +98,23 @@ func (o Extractor) RefValExtractor(rv comid.ReferenceValue) ([]*proto.Endorsemen return refVals, nil } -func ExtractMeas(obj MeasurementExtractor, m comid.Measurement, class PSAClassAttributes) (*proto.Endorsement, error) { - +func extractMeasurement(obj MeasurementExtractor, m comid.Measurement, class ClassAttributes, profile string) (*proto.Endorsement, error) { if err := obj.FromMeasurement(m); err != nil { return nil, err } + schemeName, scheme, err := profileToSchemeParams(profile) + if err != nil { + return nil, err + } - refAttrs, err := obj.MakeRefAttrs(class) + refAttrs, err := obj.MakeRefAttrs(class, scheme) if err != nil { return &proto.Endorsement{}, fmt.Errorf("failed to create software component attributes: %w", err) } refVal := proto.Endorsement{ Scheme: schemeName, Type: proto.EndorsementType_REFERENCE_VALUE, + SubType: scheme + "." + obj.GetRefValType(), Attributes: refAttrs, } return &refVal, nil @@ -114,16 +122,16 @@ func ExtractMeas(obj MeasurementExtractor, m comid.Measurement, class PSAClassAt func (o Extractor) TaExtractor(avk comid.AttestVerifKey) (*proto.Endorsement, error) { // extract instance ID - var psaInstanceAttrs PSAInstanceAttributes + var instanceAttrs InstanceAttributes - if err := psaInstanceAttrs.FromEnvironment(avk.Environment); err != nil { + if err := instanceAttrs.FromEnvironment(avk.Environment); err != nil { return nil, fmt.Errorf("could not extract PSA instance-id: %w", err) } // extract implementation ID - var psaClassAttrs PSAClassAttributes + var classAttrs ClassAttributes - if err := psaClassAttrs.FromEnvironment(avk.Environment); err != nil { + if err := classAttrs.FromEnvironment(avk.Environment); err != nil { return nil, fmt.Errorf("could not extract PSA class attributes: %w", err) } @@ -133,14 +141,19 @@ func (o Extractor) TaExtractor(avk comid.AttestVerifKey) (*proto.Endorsement, er } iakPub := avk.VerifKeys[0].Key - // TODO(tho) check that format of IAK pub is as expected - taAttrs, err := makeTaAttrs(psaInstanceAttrs, psaClassAttrs, iakPub) + schemeName, scheme, err := profileToSchemeParams(o.Profile) + if err != nil { + return nil, err + } + + taAttrs, err := makeTaAttrs(instanceAttrs, classAttrs, iakPub, scheme) if err != nil { return nil, fmt.Errorf("failed to create trust anchor attributes: %w", err) } + // note we do not need a subType for TA ta := &proto.Endorsement{ Scheme: schemeName, Type: proto.EndorsementType_VERIFICATION_KEY, @@ -150,20 +163,32 @@ func (o Extractor) TaExtractor(avk comid.AttestVerifKey) (*proto.Endorsement, er return ta, nil } -func makeTaAttrs(i PSAInstanceAttributes, c PSAClassAttributes, key string) (*structpb.Struct, error) { +func makeTaAttrs(i InstanceAttributes, c ClassAttributes, key string, scheme string) (*structpb.Struct, error) { taID := map[string]interface{}{ - "psa.impl-id": c.ImplID, - "psa.inst-id": []byte(i.InstID), - "psa.iak-pub": key, + scheme + ".impl-id": c.ImplID, + scheme + ".inst-id": []byte(i.InstID), + scheme + ".iak-pub": key, } if c.Vendor != "" { - taID["psa.hw-vendor"] = c.Vendor + taID[scheme+".hw-vendor"] = c.Vendor } if c.Model != "" { - taID["psa.hw-model"] = c.Model + taID[scheme+".hw-model"] = c.Model } return structpb.NewStruct(taID) } + +func profileToSchemeParams(profile string) (string, string, error) { + // Check correct profile and then proceed + switch profile { + case psaProfile: + return psaSchemeName, "psa", nil + case ccaProfile: + return ccaSchemeName, "cca", nil + default: + return "", "", fmt.Errorf("could not map profile %s to scheme", profile) + } +} diff --git a/provisioning/plugins/corim-psa-decoder/instanceattributes.go b/provisioning/plugins/corim-psa-decoder/instanceattributes.go index 7238bb47..8b7622e7 100644 --- a/provisioning/plugins/corim-psa-decoder/instanceattributes.go +++ b/provisioning/plugins/corim-psa-decoder/instanceattributes.go @@ -9,11 +9,11 @@ import ( "github.com/veraison/eat" ) -type PSAInstanceAttributes struct { +type InstanceAttributes struct { InstID eat.UEID } -func (o *PSAInstanceAttributes) FromEnvironment(e comid.Environment) error { +func (o *InstanceAttributes) FromEnvironment(e comid.Environment) error { var err error if e.Instance == nil { diff --git a/provisioning/plugins/corim-psa-decoder/swcompattributes.go b/provisioning/plugins/corim-psa-decoder/swcompattributes.go index 8d7ddb55..eefc954f 100644 --- a/provisioning/plugins/corim-psa-decoder/swcompattributes.go +++ b/provisioning/plugins/corim-psa-decoder/swcompattributes.go @@ -9,7 +9,7 @@ import ( structpb "google.golang.org/protobuf/types/known/structpb" ) -type PSASwCompAttributes struct { +type SwCompAttributes struct { MeasurementType string Version string SignerID []byte @@ -17,7 +17,7 @@ type PSASwCompAttributes struct { MeasurementValue []byte } -func (o *PSASwCompAttributes) FromMeasurement(m comid.Measurement) error { +func (o *SwCompAttributes) FromMeasurement(m comid.Measurement) error { if m.Key == nil { return fmt.Errorf("measurement key is not present") @@ -60,28 +60,32 @@ func (o *PSASwCompAttributes) FromMeasurement(m comid.Measurement) error { return nil } -func (o *PSASwCompAttributes) MakeRefAttrs(c PSAClassAttributes) (*structpb.Struct, error) { +func (o SwCompAttributes) GetRefValType() string { + return "sw-component" +} + +func (o *SwCompAttributes) MakeRefAttrs(c ClassAttributes, scheme string) (*structpb.Struct, error) { swAttrs := map[string]interface{}{ - "psa.impl-id": c.ImplID, - "psa.signer-id": o.SignerID, - "psa.measurement-value": o.MeasurementValue, - "psa.measurement-desc": o.AlgID, + scheme + ".impl-id": c.ImplID, + scheme + ".signer-id": o.SignerID, + scheme + ".measurement-value": o.MeasurementValue, + scheme + ".measurement-desc": o.AlgID, } if c.Vendor != "" { - swAttrs["psa.hw-vendor"] = c.Vendor + swAttrs[scheme+".hw-vendor"] = c.Vendor } if c.Model != "" { - swAttrs["psa.hw-model"] = c.Model + swAttrs[scheme+".hw-model"] = c.Model } if o.MeasurementType != "" { - swAttrs["psa.measurement-type"] = o.MeasurementType + swAttrs[scheme+".measurement-type"] = o.MeasurementType } if o.Version != "" { - swAttrs["psa.version"] = o.Version + swAttrs[scheme+".version"] = o.Version } return structpb.NewStruct(swAttrs) diff --git a/provisioning/plugins/corim-tpm-enacttrust-decoder/extractor.go b/provisioning/plugins/corim-tpm-enacttrust-decoder/extractor.go index b2e346d7..943d739e 100644 --- a/provisioning/plugins/corim-tpm-enacttrust-decoder/extractor.go +++ b/provisioning/plugins/corim-tpm-enacttrust-decoder/extractor.go @@ -50,6 +50,7 @@ func (o Extractor) RefValExtractor(rv comid.ReferenceValue) ([]*proto.Endorsemen swComponent := proto.Endorsement{ Scheme: schemeName, Type: proto.EndorsementType_REFERENCE_VALUE, + SubType: "enacttrust-tpm.sw-component", Attributes: swAttrs, } diff --git a/scheme/ischeme.go b/scheme/ischeme.go index a7ea87dc..d62a8214 100644 --- a/scheme/ischeme.go +++ b/scheme/ischeme.go @@ -64,9 +64,9 @@ type IScheme interface { endorsements []string, ) (*ear.AttestationResult, error) - // SynthKeysFromSwComponent synthesizes lookup key(s) for the - // provided software component endorsement. - SynthKeysFromSwComponent(tenantID string, swComp *proto.Endorsement) ([]string, error) + // SynthKeysFromRefValue synthesizes lookup key(s) for the + // provided reference value endorsement. + SynthKeysFromRefValue(tenantID string, refVal *proto.Endorsement) ([]string, error) // SynthKeysFromTrustAnchor synthesizes lookup key(s) for the provided // trust anchor. @@ -74,13 +74,18 @@ type IScheme interface { } // ExtractedClaims contains a map of claims extracted from an attestation -// token along with the corresponding SoftwareID that is used to fetch +// token along with the corresponding ReferenceID that is used to fetch // the associated endorsements. // // XXX(tho) -- not clear why SoftwareID is treated differently from TrustAnchorID +// XXX(yd) Thomas to answer your question: Here basically this is the key used +// to fetch all the Endorsements (using reference value key), generated from claims +// extracted from the token type ExtractedClaims struct { - ClaimsSet map[string]interface{} `json:"claims-set"` - SoftwareID string `json:"software-id"` + ClaimsSet map[string]interface{} `json:"claims-set"` + ReferenceID string `json:"reference-id"` + // UnprocessedClaimsSet are claims decoded by Scheme but not appraised + UnprocessedClaimsSet map[string]interface{} `json:"unprocessed-claims-set"` } func NewExtractedClaims() *ExtractedClaims { diff --git a/scheme/rpc.go b/scheme/rpc.go index 3e130ade..40809126 100644 --- a/scheme/rpc.go +++ b/scheme/rpc.go @@ -44,7 +44,7 @@ type SynthKeysArgs struct { EndorsementJSON []byte } -func (s *RPCServer) SynthKeysFromSwComponent(args SynthKeysArgs, resp *[]string) error { +func (s *RPCServer) SynthKeysFromRefValue(args SynthKeysArgs, resp *[]string) error { var ( err error swComp proto.Endorsement @@ -55,7 +55,7 @@ func (s *RPCServer) SynthKeysFromSwComponent(args SynthKeysArgs, resp *[]string) return fmt.Errorf("unmarshaling software component: %w", err) } - *resp, err = s.Impl.SynthKeysFromSwComponent(args.TenantID, &swComp) + *resp, err = s.Impl.SynthKeysFromRefValue(args.TenantID, &swComp) return err } @@ -195,7 +195,7 @@ func (s *RPCClient) GetSupportedMediaTypes() []string { return resp } -func (s *RPCClient) SynthKeysFromSwComponent(tenantID string, swComp *proto.Endorsement) ([]string, error) { +func (s *RPCClient) SynthKeysFromRefValue(tenantID string, swComp *proto.Endorsement) ([]string, error) { var ( err error resp []string @@ -209,9 +209,9 @@ func (s *RPCClient) SynthKeysFromSwComponent(tenantID string, swComp *proto.Endo return nil, fmt.Errorf("marshaling software component: %w", err) } - err = s.client.Call("Plugin.SynthKeysFromSwComponent", args, &resp) + err = s.client.Call("Plugin.SynthKeysFromRefValue", args, &resp) if err != nil { - return nil, fmt.Errorf("Plugin.SynthKeysFromSwComponent RPC call failed: %w", err) // nolint + return nil, fmt.Errorf("Plugin.SynthKeysFromRefValue RPC call failed: %w", err) // nolint } return resp, nil diff --git a/vts/cmd/vts-service/en-store.sql b/vts/cmd/vts-service/en-store.sql new file mode 100644 index 00000000..0bc55fbd Binary files /dev/null and b/vts/cmd/vts-service/en-store.sql differ diff --git a/vts/cmd/vts-service/po-store.sql b/vts/cmd/vts-service/po-store.sql new file mode 100644 index 00000000..0bc55fbd Binary files /dev/null and b/vts/cmd/vts-service/po-store.sql differ diff --git a/vts/cmd/vts-service/ta-store.sql b/vts/cmd/vts-service/ta-store.sql new file mode 100644 index 00000000..0bc55fbd Binary files /dev/null and b/vts/cmd/vts-service/ta-store.sql differ diff --git a/vts/pluginmanager/pluginmanager_goplugin.go b/vts/pluginmanager/pluginmanager_goplugin.go index 413bac8a..7e004924 100644 --- a/vts/pluginmanager/pluginmanager_goplugin.go +++ b/vts/pluginmanager/pluginmanager_goplugin.go @@ -56,7 +56,7 @@ func New(logger *zap.SugaredLogger) *GoPluginManager { } // variables read from the config store: -// * "go-plugin.folder" +// - "go-plugin.folder" func (o *GoPluginManager) Init(v *viper.Viper) error { cfg := cfg{Backend: "go-plugin"} loader := config.NewLoader(&cfg) @@ -94,7 +94,7 @@ func (o *GoPluginManager) Init(v *viper.Viper) error { // advertised by another plugin. Should raise fatal error if this // is the case. tbl[mt] = ctx - o.logger.Infow("media type registred", "media-type", mt) + o.logger.Infow("media type registered", "media-type", mt) } } diff --git a/vts/plugins/Makefile b/vts/plugins/Makefile index a3023a08..39e94b80 100644 --- a/vts/plugins/Makefile +++ b/vts/plugins/Makefile @@ -2,6 +2,7 @@ # SPDX-License-Identifier: Apache-2.0 SUBDIR := common +SUBDIR += scheme-cca-ssd-platform SUBDIR += scheme-tcg-dice SUBDIR += scheme-psa-iot SUBDIR += scheme-tpm-enacttrust diff --git a/vts/plugins/scheme-cca-ssd-platform/Makefile b/vts/plugins/scheme-cca-ssd-platform/Makefile new file mode 100644 index 00000000..217b907b --- /dev/null +++ b/vts/plugins/scheme-cca-ssd-platform/Makefile @@ -0,0 +1,11 @@ +# Copyright 2021 Contributors to the Veraison project. +# SPDX-License-Identifier: Apache-2.0 + +PLUGIN := ../bin/scheme-cca-ssd-platform +GOPKG := github.com/veraison/services/vts/plugins/scheme-cca-ssd-platform +SRCS := main.go + +include ../../../mk/common.mk +include ../../../mk/plugin.mk +include ../../../mk/lint.mk +include ../../../mk/test.mk diff --git a/vts/plugins/scheme-cca-ssd-platform/main.go b/vts/plugins/scheme-cca-ssd-platform/main.go new file mode 100644 index 00000000..084fb195 --- /dev/null +++ b/vts/plugins/scheme-cca-ssd-platform/main.go @@ -0,0 +1,459 @@ +// Copyright 2021-2023 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 + +package main + +import ( + "bytes" + "crypto/x509" + "encoding/base64" + "encoding/json" + "encoding/pem" + "errors" + "fmt" + "log" + "net/url" + "strings" + + "github.com/hashicorp/go-plugin" + "github.com/veraison/ccatoken" + "github.com/veraison/ear" + "github.com/veraison/psatoken" + "github.com/veraison/services/proto" + "github.com/veraison/services/scheme" + "github.com/veraison/services/vts/plugins/common" + structpb "google.golang.org/protobuf/types/known/structpb" +) + +type SwAttr struct { + ImplID []byte `json:"cca.impl-id"` + Model string `json:"cca.hw-model"` + Vendor string `json:"cca.hw-vendor"` + MeasDesc uint64 `json:"cca.measurement-desc"` + MeasType string `json:"cca.measurement-type"` + MeasValue []byte `json:"cca.measurement-value"` + SignerID []byte `json:"cca.signer-id"` + Version string `json:"cca.version"` +} + +type CcaPlatformCfg struct { + ImplID []byte `json:"cca.impl-id"` + Model string `json:"cca.hw-model"` + Vendor string `json:"cca.hw-vendor"` + Label string `json:"cca.platform-config-label"` + Value []byte `json:"cca.platform-config-id"` +} + +type Endorsements struct { + Scheme string `json:"scheme"` + Type string `json:"type"` + SubType string `json:"sub_type"` + Attr json.RawMessage `json:"attributes"` +} + +type TaAttr struct { + Model string `json:"cca.hw-model"` + Vendor string `json:"cca.hw-vendor"` + VerifKey string `json:"cca.iak-pub"` + ImplID []byte `json:"cca.impl-id"` + InstID string `json:"cca.inst-id"` +} + +type TaEndorsements struct { + Scheme string `json:"scheme"` + Type string `json:"type"` + SubType string `json:"sub_type"` + Attr TaAttr `json:"attributes"` +} + +const SchemeName = "CCA_SSD_PLATFORM" + +type Scheme struct{} + +func (s Scheme) GetName() string { + return SchemeName +} + +func (s Scheme) SynthKeysFromRefValue( + tenantID string, + refVal *proto.Endorsement, +) ([]string, error) { + var ( + implID string + fields map[string]*structpb.Value + err error + ) + + fields, err = common.GetFieldsFromParts(refVal.GetAttributes()) + if err != nil { + return nil, fmt.Errorf("unable to synthesize reference value abs-path: %w", err) + } + + implID, err = common.GetMandatoryPathSegment("cca.impl-id", fields) + if err != nil { + return nil, fmt.Errorf("unable to synthesize reference value abs-path: %w", err) + } + + finalstr := ccaReferenceLookupKey(tenantID, implID) + log.Printf("CCA Plugin CCA Reference Value Look Up Key= %s\n", finalstr) + return []string{ccaReferenceLookupKey(tenantID, implID)}, nil +} + +func (s Scheme) SynthKeysFromTrustAnchor(tenantID string, ta *proto.Endorsement) ([]string, error) { + var ( + instID string + implID string + fields map[string]*structpb.Value + err error + ) + + fields, err = common.GetFieldsFromParts(ta.GetAttributes()) + if err != nil { + return nil, fmt.Errorf("unable to synthesize trust anchor abs-path: %w", err) + } + + implID, err = common.GetMandatoryPathSegment("cca.impl-id", fields) + if err != nil { + return nil, fmt.Errorf("unable to synthesize trust anchor abs-path: %w", err) + } + + instID, err = common.GetMandatoryPathSegment("cca.inst-id", fields) + if err != nil { + return nil, fmt.Errorf("unable to synthesize trust anchor abs-path: %w", err) + } + + finalstr := ccaTaLookupKey(tenantID, implID, instID) + log.Printf("CCA Plugin TA CCA Look Up Key= %s\n", finalstr) + return []string{ccaTaLookupKey(tenantID, implID, instID)}, nil +} + +func (s Scheme) GetSupportedMediaTypes() []string { + return []string{ + "application/eat-cwt; profile=http://arm.com/CCA-SSD/1.0.0", + } +} + +func (s Scheme) GetTrustAnchorID(token *proto.AttestationToken) (string, error) { + var ccaToken ccatoken.Evidence + + err := ccaToken.FromCBOR(token.Data) + if err != nil { + return "", err + } + + return ccaTaLookupKey( + token.TenantId, + MustImplIDString(ccaToken.PlatformClaims), + MustInstIDString(ccaToken.PlatformClaims), + ), nil +} + +func (s Scheme) ExtractClaims( + token *proto.AttestationToken, + trustAnchor string, +) (*scheme.ExtractedClaims, error) { + + var ccaToken ccatoken.Evidence + + if err := ccaToken.FromCBOR(token.Data); err != nil { + return nil, err + } + + var extracted scheme.ExtractedClaims + + claimsSet, err := claimsToMap(ccaToken.PlatformClaims) + if err != nil { + return nil, err + } + + extracted.ClaimsSet = claimsSet + + unprocessedclaimsSet, err := claimsToMap(ccaToken.RealmClaims) + if err != nil { + return nil, err + } + extracted.UnprocessedClaimsSet = unprocessedclaimsSet + + extracted.ReferenceID = ccaReferenceLookupKey( + token.TenantId, + MustImplIDString(ccaToken.PlatformClaims), + ) + log.Printf("\n Extracted Reference ID Key = %s", extracted.ReferenceID) + return &extracted, nil +} + +// ValidateEvidenceIntegrity, decodes CCA collection and then invokes Verify API of ccatoken library. +// which verifies the signature on the platform part of CCA collection, using supplied trust anchor +// and internally verifies the realm part of CCA token using realm public key extracted from +// realm token. +func (s Scheme) ValidateEvidenceIntegrity( + token *proto.AttestationToken, + trustAnchor string, + endorsementsStrings []string, +) error { + var endorsement TaEndorsements + + if err := json.Unmarshal([]byte(trustAnchor), &endorsement); err != nil { + log.Println("Could not decode Endorsements in ExtractVerifiedClaims") + return fmt.Errorf("could not decode endorsement: %w", err) + } + ta := endorsement.Attr.VerifKey + block, rest := pem.Decode([]byte(ta)) + + if block == nil { + log.Println("could not get TA PEM Block during validating evidence integrity") + return errors.New("could not extract trust anchor PEM block") + } + + if len(rest) != 0 { + return errors.New("trailing data found after PEM block") + } + + if block.Type != "PUBLIC KEY" { + return fmt.Errorf("unsupported key type %q", block.Type) + } + + pk, err := x509.ParsePKIXPublicKey(block.Bytes) + if err != nil { + return err + } + + var ccaToken ccatoken.Evidence + + if err = ccaToken.FromCBOR(token.Data); err != nil { + return err + } + + if err = ccaToken.Verify(pk); err != nil { + return err + } + log.Println("\n CCA platform token signature, realm token signature and cryptographic binding verified") + return nil +} + +func (s Scheme) AppraiseEvidence( + ec *proto.EvidenceContext, endorsementsStrings []string, +) (*ear.AttestationResult, error) { + var endorsements []Endorsements + + result := ear.NewAttestationResult() + + for i, e := range endorsementsStrings { + var endorsement Endorsements + + if err := json.Unmarshal([]byte(e), &endorsement); err != nil { + return nil, fmt.Errorf("could not decode endorsement at index %d: %w", i, err) + } + + endorsements = append(endorsements, endorsement) + } + + err := populateAttestationResult(result, ec.Evidence.AsMap(), endorsements) + + // TO DO: Need to populate Unprocessed Evidence in a suitable format in AR + /* + // Unprocessed evidence should be a JSON Byte Array, which can be UnMarshalled by EAR Library + result.unprocessed_evidence = json.Marshal(ec.UpEvidence.AsMap()) + */ + + return result, err +} + +type ClaimMapper interface { + ToJSON() ([]byte, error) +} + +func claimsToMap(mapper ClaimMapper) (map[string]interface{}, error) { + data, err := mapper.ToJSON() + if err != nil { + return nil, err + } + + var out map[string]interface{} + err = json.Unmarshal(data, &out) + + return out, err +} + +func mapToClaims(in map[string]interface{}) (psatoken.IClaims, error) { + data, err := json.Marshal(in) + if err != nil { + return nil, err + } + + return psatoken.DecodeJSONClaims(data) +} + +func populateAttestationResult( + result *ear.AttestationResult, + evidence map[string]interface{}, + endorsements []Endorsements, +) error { + claims, err := mapToClaims(evidence) + if err != nil { + return err + } + + // once the signature on the token is verified, we can claim the HW is + // authentic + result.TrustVector.Hardware = ear.GenuineHardwareClaim + + swComps := filterRefVal(endorsements, "cca.sw-component") + match := matchSoftware(claims, swComps) + if match { + result.TrustVector.Executables = ear.ApprovedRuntimeClaim + log.Println("\n matchSoftware Success") + + } else { + result.TrustVector.Executables = ear.UnrecognizedRuntimeClaim + log.Println("\n matchSoftware Failed") + } + + platformConfig := filterRefVal(endorsements, "cca.platform-config") + match = matchPlatformConfig(claims, platformConfig) + + if match { + result.TrustVector.Configuration = ear.ApprovedConfigClaim + log.Println("\n matchPlatformConfig Success") + + } else { + result.TrustVector.Configuration = ear.UnsafeConfigClaim + log.Println("\n matchPlatformConfig Failed") + } + result.UpdateStatusFromTrustVector() + + result.VeraisonProcessedEvidence = &evidence + + return nil +} + +func filterRefVal(endorsements []Endorsements, key string) []Endorsements { + var refVal []Endorsements + for _, end := range endorsements { + if end.SubType == key { + refVal = append(refVal, end) + } + } + return refVal +} + +func matchSoftware(evidence psatoken.IClaims, endorsements []Endorsements) bool { + evidenceComponents := make(map[string]psatoken.SwComponent) + + swComps, err := evidence.GetSoftwareComponents() + if err != nil { + return false + } + + for _, c := range swComps { + key := base64.StdEncoding.EncodeToString(*c.MeasurementValue) + evidenceComponents[key] = c + } + matched := false + for _, endorsement := range endorsements { + // If we have Endorsements we assume they match to begin with + matched = true + var attr SwAttr + if err := json.Unmarshal(endorsement.Attr, &attr); err != nil { + log.Println("Could not decode sw attributes from endorsements") + return false + } + + key := base64.StdEncoding.EncodeToString(attr.MeasValue) + evComp, ok := evidenceComponents[key] + if !ok { + matched = false + break + } + + log.Printf("MeasType Evidence: %s, Endorsement: %s", *evComp.MeasurementType, attr.MeasType) + typeMatched := attr.MeasType == "" || attr.MeasType == *evComp.MeasurementType + sigMatched := attr.SignerID == nil || bytes.Equal(attr.SignerID, *evComp.SignerID) + versionMatched := attr.Version == "" || attr.Version == *evComp.Version + + if !(typeMatched && sigMatched && versionMatched) { + matched = false + break + } + } + return matched +} + +func matchPlatformConfig(evidence psatoken.IClaims, endorsements []Endorsements) bool { + + pfConfig, err := evidence.GetConfig() + if err != nil { + return false + } + if len(endorsements) > 1 { + log.Printf("matchPlatformConfig failed number of cca config %d > 1 ", len(endorsements)) + } + var attr CcaPlatformCfg + if err := json.Unmarshal(endorsements[0].Attr, &attr); err != nil { + log.Println("Could not decode cca platform config in matchPlatformConfig") + return false + } + + return bytes.Equal(pfConfig, attr.Value) +} + +func ccaReferenceLookupKey(tenantID, implID string) string { + absPath := []string{implID} + + u := url.URL{ + Scheme: SchemeName, + Host: tenantID, + Path: strings.Join(absPath, "/"), + } + + return u.String() +} + +func ccaTaLookupKey(tenantID, implID, instID string) string { + absPath := []string{implID, instID} + + u := url.URL{ + Scheme: SchemeName, + Host: tenantID, + Path: strings.Join(absPath, "/"), + } + + return u.String() +} + +func MustImplIDString(c psatoken.IClaims) string { + v, err := c.GetImplID() + if err != nil { + panic(err) + } + + return base64.StdEncoding.EncodeToString(v) +} + +func MustInstIDString(c psatoken.IClaims) string { + v, err := c.GetInstID() + if err != nil { + panic(err) + } + + return base64.StdEncoding.EncodeToString(v) +} + +func main() { + var handshakeConfig = plugin.HandshakeConfig{ + ProtocolVersion: 1, + MagicCookieKey: "VERAISON_PLUGIN", + MagicCookieValue: "VERAISON", + } + + var pluginMap = map[string]plugin.Plugin{ + "scheme": &scheme.Plugin{ + Impl: &Scheme{}, + }, + } + + plugin.Serve(&plugin.ServeConfig{ + HandshakeConfig: handshakeConfig, + Plugins: pluginMap, + }) +} diff --git a/vts/plugins/scheme-cca-ssd-platform/main_test.go b/vts/plugins/scheme-cca-ssd-platform/main_test.go new file mode 100644 index 00000000..c77c4870 --- /dev/null +++ b/vts/plugins/scheme-cca-ssd-platform/main_test.go @@ -0,0 +1,208 @@ +// Copyright 2021-2023 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 + +package main + +import ( + "encoding/json" + "os" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/veraison/ear" + "github.com/veraison/services/proto" +) + +func Test_GetTrustAnchorID_ok(t *testing.T) { + tokenBytes, err := os.ReadFile("test/cca-token.cbor") + require.NoError(t, err) + + token := proto.AttestationToken{ + TenantId: "1", + Data: tokenBytes, + } + + expectedTaID := "CCA_SSD_PLATFORM://1/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=/AQICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC" + + scheme := &Scheme{} + + taID, err := scheme.GetTrustAnchorID(&token) + require.NoError(t, err) + assert.Equal(t, expectedTaID, taID) +} + +func Test_SynthKeysFromTrustAnchor_ok(t *testing.T) { + endorsementsBytes, err := os.ReadFile("test/ta-endorsements.json") + require.NoError(t, err) + + var endors proto.Endorsement + err = json.Unmarshal(endorsementsBytes, &endors) + require.NoError(t, err) + expectedKey := "CCA_SSD_PLATFORM://1/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=/Ac7rrnuJJ6MiflMDz14PH3s0u1Qq1yUKwD+83jbsLxUI" + + scheme := &Scheme{} + key_list, err := scheme.SynthKeysFromTrustAnchor("1", &endors) + require.NoError(t, err) + assert.Equal(t, expectedKey, key_list[0]) + +} + +func Test_SynthKeysFromRefValue_ok(t *testing.T) { + endorsementsBytes, err := os.ReadFile("test/refval-endorsements.json") + require.NoError(t, err) + + var endors proto.Endorsement + err = json.Unmarshal(endorsementsBytes, &endors) + require.NoError(t, err) + expectedKey := "CCA_SSD_PLATFORM://1/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" + + scheme := &Scheme{} + key_list, err := scheme.SynthKeysFromRefValue("1", &endors) + require.NoError(t, err) + assert.Equal(t, expectedKey, key_list[0]) +} + +func Test_AppraiseEvidence_ok(t *testing.T) { + extractedBytes, err := os.ReadFile("test/extracted.json") + require.NoError(t, err) + + var ec proto.EvidenceContext + err = json.Unmarshal(extractedBytes, &ec) + require.NoError(t, err) + + var endorsemementsArray []string + endorsementsBytes, err := os.ReadFile("test/endorsements.json") + require.NoError(t, err) + err = json.Unmarshal(endorsementsBytes, &endorsemementsArray) + require.NoError(t, err) + + scheme := &Scheme{} + + attestation, err := scheme.AppraiseEvidence(&ec, endorsemementsArray) + require.NoError(t, err) + + assert.Equal(t, ear.TrustTierAffirming, *attestation.Status) + assert.Equal(t, attestation.TrustVector.Executables, ear.ApprovedRuntimeClaim) + assert.Equal(t, attestation.TrustVector.Configuration, ear.ApprovedConfigClaim) +} + +func Test_AppraiseEvidence_mismatch_refval_meas(t *testing.T) { + extractedBytes, err := os.ReadFile("test/extracted.json") + require.NoError(t, err) + + var ec proto.EvidenceContext + err = json.Unmarshal(extractedBytes, &ec) + require.NoError(t, err) + + var endorsemementsArray []string + endorsementsBytes, err := os.ReadFile("test/mismatch-refval-endorsements.json") + require.NoError(t, err) + err = json.Unmarshal(endorsementsBytes, &endorsemementsArray) + require.NoError(t, err) + + scheme := &Scheme{} + + attestation, err := scheme.AppraiseEvidence(&ec, endorsemementsArray) + require.NoError(t, err) + + assert.Equal(t, ear.TrustTierWarning, *attestation.Status) + assert.Equal(t, attestation.TrustVector.Executables, ear.UnrecognizedRuntimeClaim) + assert.Equal(t, attestation.TrustVector.Configuration, ear.ApprovedConfigClaim) +} + +func Test_AppraiseEvidence_mismatch_refval_cfg(t *testing.T) { + extractedBytes, err := os.ReadFile("test/extracted.json") + require.NoError(t, err) + + var ec proto.EvidenceContext + err = json.Unmarshal(extractedBytes, &ec) + require.NoError(t, err) + + var endorsemementsArray []string + endorsementsBytes, err := os.ReadFile("test/mismatch-cfg-endorsements.json") + require.NoError(t, err) + err = json.Unmarshal(endorsementsBytes, &endorsemementsArray) + require.NoError(t, err) + + scheme := &Scheme{} + + attestation, err := scheme.AppraiseEvidence(&ec, endorsemementsArray) + require.NoError(t, err) + + assert.Equal(t, ear.TrustTierWarning, *attestation.Status) + assert.Equal(t, attestation.TrustVector.Executables, ear.ApprovedRuntimeClaim) + assert.Equal(t, attestation.TrustVector.Configuration, ear.UnsafeConfigClaim) +} + +func Test_ExtractVerifiedClaims_ok(t *testing.T) { + tokenBytes, err := os.ReadFile("test/cca-token.cbor") + require.NoError(t, err) + + taEndValBytes, err := os.ReadFile("test/ta-endorsements.json") + require.NoError(t, err) + + scheme := &Scheme{} + + token := proto.AttestationToken{ + TenantId: "1", + Data: tokenBytes, + } + + extracted, err := scheme.ExtractClaims(&token, string(taEndValBytes)) + + require.NoError(t, err) + assert.Equal(t, "http://arm.com/CCA-SSD/1.0.0", extracted.ClaimsSet["cca-platform-profile"].(string)) + + swComponents := extracted.ClaimsSet["cca-platform-sw-components"].([]interface{}) + assert.Len(t, swComponents, 4) + assert.Equal(t, "BL", swComponents[0].(map[string]interface{})["measurement-type"].(string)) + ccaPlatformCfg := extracted.ClaimsSet["cca-platform-config"] + assert.Equal(t, "AQID", ccaPlatformCfg) +} + +func Test_ValidateEvidenceIntegrity_ok(t *testing.T) { + tokenBytes, err := os.ReadFile("test/cca-token.cbor") + require.NoError(t, err) + + taEndValBytes, err := os.ReadFile("test/ta-endorsements.json") + require.NoError(t, err) + + scheme := &Scheme{} + + token := proto.AttestationToken{ + TenantId: "1", + Data: tokenBytes, + } + + err = scheme.ValidateEvidenceIntegrity(&token, string(taEndValBytes), nil) + + assert.NoError(t, err) +} + +func Test_ValidateEvidenceIntegrity_invalid_key(t *testing.T) { + tokenBytes, err := os.ReadFile("test/cca-token.cbor") + require.NoError(t, err) + + taEndValBytes, err := os.ReadFile("test/invalid-key-ta-endorsements.json") + require.NoError(t, err) + + scheme := &Scheme{} + + token := proto.AttestationToken{ + TenantId: "1", + Data: tokenBytes, + } + + err = scheme.ValidateEvidenceIntegrity(&token, string(taEndValBytes), nil) + assert.EqualError(t, err, "unsupported key type \"PRIVATE KEY\"") +} + +func Test_GetSupportedMediaType_ok(t *testing.T) { + expectedMt := "application/eat-cwt; profile=http://arm.com/CCA-SSD/1.0.0" + scheme := &Scheme{} + mtList := scheme.GetSupportedMediaTypes() + assert.Len(t, mtList, 1) + assert.Equal(t, mtList[0], expectedMt) +} diff --git a/vts/plugins/scheme-cca-ssd-platform/test/cca-token.cbor b/vts/plugins/scheme-cca-ssd-platform/test/cca-token.cbor new file mode 100644 index 00000000..edb0c9ef Binary files /dev/null and b/vts/plugins/scheme-cca-ssd-platform/test/cca-token.cbor differ diff --git a/vts/plugins/scheme-cca-ssd-platform/test/cca-token.json b/vts/plugins/scheme-cca-ssd-platform/test/cca-token.json new file mode 100644 index 00000000..c8294a4a --- /dev/null +++ b/vts/plugins/scheme-cca-ssd-platform/test/cca-token.json @@ -0,0 +1,53 @@ +{ + "cca-platform-token": { + "cca-platform-profile": "http://arm.com/CCA-SSD/1.0.0", + "cca-platform-challenge": "Bea1iETGoM0ZOCBpuv2w5JRmKjrc+P3hFHjpM5Ua8XkP9d5ceOPbESPaCiB6i2ZVbgoi8Z7mS9wviZU7azJVXw==", + "cca-platform-implementation-id": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", + "cca-platform-instance-id": "AQICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC", + "cca-platform-config": "AQID", + "cca-platform-lifecycle": 12288, + "cca-platform-sw-components": [ + { + "measurement-description": "TF-M_SHA256MemPreXIP", + "measurement-type": "BL", + "measurement-value": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=", + "version": "3.4.2" + }, + { + "measurement-type": "M1", + "measurement-value": "CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=", + "version": "1.2.0" + }, + { + "measurement-type": "M2", + "measurement-value": "DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=", + "version": "1.2.3" + }, + { + "measurement-type": "M3", + "measurement-value": "EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=", + "version": "1.0.0" + } + ], + "cca-platform-service-indicator": "https://veraison.example/v1/challenge-response", + "cca-platform-hash-algo-id": "sha-256" + }, + "cca-realm-delegated-token": { + "cca-realm-challenge": "QUJBQkFCQUJBQkFCQUJBQkFCQUJBQkFCQUJBQkFCQUJBQkFCQUJBQkFCQUJBQkFCQUJBQkFCQUJBQkFCQUJBQg==", + "cca-realm-personalization-value": "QURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBRA==", + "cca-realm-initial-measurement": "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==", + "cca-realm-extensible-measurements": [ + "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==", + "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==", + "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==", + "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ], + "cca-realm-hash-algo-id": "sha-256", + "cca-realm-public-key": "BIL70TKptcOWh5+7FTQNkFCXjlXHnVJ5oroOlYVPN+IM0vZPO3K1cLvXc+7iznaEJe31Re2+if+v4OlrvUbicPIHlsRIuY2vRqdk0nRC5ubthPjOyBfm7ManHTo959Z+zQ==", + "cca-realm-public-key-hash-algo-id": "sha-512" + } +} \ No newline at end of file diff --git a/vts/plugins/scheme-cca-ssd-platform/test/endorsements.json b/vts/plugins/scheme-cca-ssd-platform/test/endorsements.json new file mode 100644 index 00000000..2b6136fb --- /dev/null +++ b/vts/plugins/scheme-cca-ssd-platform/test/endorsements.json @@ -0,0 +1,7 @@ +[ +"{\"scheme\":\"CCA_SSD_PLATFORM\",\"type\":\"REFERENCE_VALUE\",\"sub_type\": \"cca.sw-component\",\"attributes\":{\"cca.hw-model\":\"RoadRunner\",\"cca.hw-vendor\":\"ACME\",\"cca.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"cca.measurement-desc\":1,\"cca.measurement-type\":\"BL\",\"cca.measurement-value\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"cca.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"cca.version\":\"3.4.2\"}}", +"{\"scheme\":\"CCA_SSD_PLATFORM\",\"type\":\"REFERENCE_VALUE\",\"sub_type\": \"cca.sw-component\",\"attributes\":{\"cca.hw-model\":\"RoadRunner\",\"cca.hw-vendor\":\"ACME\",\"cca.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"cca.measurement-desc\":1,\"cca.measurement-type\":\"M1\",\"cca.measurement-value\":\"CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"cca.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"cca.version\":\"1.2.0\"}}", +"{\"scheme\":\"CCA_SSD_PLATFORM\",\"type\":\"REFERENCE_VALUE\",\"sub_type\": \"cca.sw-component\",\"attributes\":{\"cca.hw-model\":\"RoadRunner\",\"cca.hw-vendor\":\"ACME\",\"cca.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"cca.measurement-desc\":1,\"cca.measurement-type\":\"M2\",\"cca.measurement-value\":\"DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"cca.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"cca.version\":\"1.2.3\"}}", +"{\"scheme\":\"CCA_SSD_PLATFORM\",\"type\":\"REFERENCE_VALUE\",\"sub_type\": \"cca.sw-component\",\"attributes\":{\"cca.hw-model\":\"RoadRunner\",\"cca.hw-vendor\":\"ACME\",\"cca.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"cca.measurement-desc\":1,\"cca.measurement-type\":\"M3\",\"cca.measurement-value\":\"EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"cca.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"cca.version\":\"1.0.0\"}}", +"{\"scheme\":\"CCA_SSD_PLATFORM\",\"type\":\"REFERENCE_VALUE\",\"sub_type\": \"cca.platform-config\",\"attributes\":{\"cca.hw-model\":\"RoadRunner\",\"cca.hw-vendor\":\"ACME\",\"cca.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"cca.platform-config-label\": \"platform-config-label\",\"cca.platform-config-id\": \"AQID\"}}" +] \ No newline at end of file diff --git a/vts/plugins/scheme-cca-ssd-platform/test/extracted.json b/vts/plugins/scheme-cca-ssd-platform/test/extracted.json new file mode 100644 index 00000000..016c1f72 --- /dev/null +++ b/vts/plugins/scheme-cca-ssd-platform/test/extracted.json @@ -0,0 +1,42 @@ +{ + "evidence": { + "cca-platform-profile": "http://arm.com/CCA-SSD/1.0.0", + "cca-platform-challenge": "AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyA=", + "cca-platform-implementation-id": "AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyA=", + "cca-platform-instance-id": "AQICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC", + "cca-platform-config":"AQID", + "cca-platform-lifecycle": 12288, + "cca-platform-sw-components": [ + { + "measurement-description": "TF-M_SHA256MemPreXIP", + "measurement-type": "BL", + "measurement-value": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=", + "version": "3.4.2" + }, + { + "measurement-type": "M1", + "measurement-value": "CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=", + "version": "1.2.0" + }, + { + "measurement-type": "M2", + "measurement-value": "DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=", + "version": "1.2.3" + }, + { + "measurement-type": "M3", + "measurement-value": "EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=", + "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=", + "version": "1.0.0" + } + ], + "cca-platform-service-indicator" : "https://veraison.example/v1/challenge-response", + "cca-platform-hash-algo-id": "sha-256" + }, + "reference-id": "CCA_SSD_PLATFORM://1/BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=/AQcGBQQDAgEADw4NDAsKCQgXFhUUExIREB8eHRwbGhkY", + "trust-anchor-id": "CCA_SSD_PLATFORM://1/BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=/", + "tenant-id": "1" +} \ No newline at end of file diff --git a/vts/plugins/scheme-cca-ssd-platform/test/invalid-key-ta-endorsements.json b/vts/plugins/scheme-cca-ssd-platform/test/invalid-key-ta-endorsements.json new file mode 100644 index 00000000..289551b1 --- /dev/null +++ b/vts/plugins/scheme-cca-ssd-platform/test/invalid-key-ta-endorsements.json @@ -0,0 +1,11 @@ +{ + "scheme":"CCA_SSD_PLATFORM", + "type":"VERIFICATION_KEY", + "attributes":{ + "cca.hw-model":"RoadRunner", + "cca.hw-vendor":"ACME", + "cca.impl-id":"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", + "cca.iak-pub":"-----BEGIN PRIVATE KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEgvvRMqm1w5aHn7sVNA2QUJeOVcedUnmiug6VhU834gzS9k87crVwu9dz7uLOdoQl7fVF7b6J/6/g6Wu9RuJw8geWxEi5ja9G\np2TSdELm5u2E+M7IF+bsxqcdOj3n1n7N\n-----END PRIVATE KEY-----", + "cca.inst-id":"Ac7rrnuJJ6MiflMDz14PH3s0u1Qq1yUKwD+83jbsLxUI" + } +} \ No newline at end of file diff --git a/vts/plugins/scheme-cca-ssd-platform/test/mismatch-cfg-endorsements.json b/vts/plugins/scheme-cca-ssd-platform/test/mismatch-cfg-endorsements.json new file mode 100644 index 00000000..0656af49 --- /dev/null +++ b/vts/plugins/scheme-cca-ssd-platform/test/mismatch-cfg-endorsements.json @@ -0,0 +1,7 @@ +[ +"{\"scheme\":\"CCA_SSD_PLATFORM\",\"type\":\"REFERENCE_VALUE\",\"sub_type\": \"cca.sw-component\",\"attributes\":{\"cca.hw-model\":\"RoadRunner\",\"cca.hw-vendor\":\"ACME\",\"cca.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"cca.measurement-desc\":1,\"cca.measurement-type\":\"BL\",\"cca.measurement-value\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"cca.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"cca.version\":\"3.4.2\"}}", +"{\"scheme\":\"CCA_SSD_PLATFORM\",\"type\":\"REFERENCE_VALUE\",\"sub_type\": \"cca.sw-component\",\"attributes\":{\"cca.hw-model\":\"RoadRunner\",\"cca.hw-vendor\":\"ACME\",\"cca.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"cca.measurement-desc\":1,\"cca.measurement-type\":\"M1\",\"cca.measurement-value\":\"CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"cca.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"cca.version\":\"1.2.0\"}}", +"{\"scheme\":\"CCA_SSD_PLATFORM\",\"type\":\"REFERENCE_VALUE\",\"sub_type\": \"cca.sw-component\",\"attributes\":{\"cca.hw-model\":\"RoadRunner\",\"cca.hw-vendor\":\"ACME\",\"cca.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"cca.measurement-desc\":1,\"cca.measurement-type\":\"M2\",\"cca.measurement-value\":\"DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"cca.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"cca.version\":\"1.2.3\"}}", +"{\"scheme\":\"CCA_SSD_PLATFORM\",\"type\":\"REFERENCE_VALUE\",\"sub_type\": \"cca.sw-component\",\"attributes\":{\"cca.hw-model\":\"RoadRunner\",\"cca.hw-vendor\":\"ACME\",\"cca.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"cca.measurement-desc\":1,\"cca.measurement-type\":\"M3\",\"cca.measurement-value\":\"EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"cca.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"cca.version\":\"1.0.0\"}}", +"{\"scheme\":\"CCA_SSD_PLATFORM\",\"type\":\"REFERENCE_VALUE\",\"sub_type\": \"cca.platform-config\",\"attributes\":{\"cca.hw-model\":\"RoadRunner\",\"cca.hw-vendor\":\"ACME\",\"cca.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"cca.platform-config-label\": \"platform-config-label\",\"cca.platform-config-id\": \"ACID\"}}" +] \ No newline at end of file diff --git a/vts/plugins/scheme-cca-ssd-platform/test/mismatch-refval-endorsements.json b/vts/plugins/scheme-cca-ssd-platform/test/mismatch-refval-endorsements.json new file mode 100644 index 00000000..7ac69bbf --- /dev/null +++ b/vts/plugins/scheme-cca-ssd-platform/test/mismatch-refval-endorsements.json @@ -0,0 +1,7 @@ +[ +"{\"scheme\":\"CCA_SSD_PLATFORM\",\"type\":\"REFERENCE_VALUE\",\"sub_type\": \"cca.sw-component\",\"attributes\":{\"cca.hw-model\":\"RoadRunner\",\"cca.hw-vendor\":\"ACME\",\"cca.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"cca.measurement-desc\":1,\"cca.measurement-type\":\"BL\",\"cca.measurement-value\":\"AwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"cca.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"cca.version\":\"3.4.2\"}}", +"{\"scheme\":\"CCA_SSD_PLATFORM\",\"type\":\"REFERENCE_VALUE\",\"sub_type\": \"cca.sw-component\",\"attributes\":{\"cca.hw-model\":\"RoadRunner\",\"cca.hw-vendor\":\"ACME\",\"cca.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"cca.measurement-desc\":1,\"cca.measurement-type\":\"M1\",\"cca.measurement-value\":\"CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"cca.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"cca.version\":\"1.2.0\"}}", +"{\"scheme\":\"CCA_SSD_PLATFORM\",\"type\":\"REFERENCE_VALUE\",\"sub_type\": \"cca.sw-component\",\"attributes\":{\"cca.hw-model\":\"RoadRunner\",\"cca.hw-vendor\":\"ACME\",\"cca.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"cca.measurement-desc\":1,\"cca.measurement-type\":\"M2\",\"cca.measurement-value\":\"DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"cca.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"cca.version\":\"1.2.3\"}}", +"{\"scheme\":\"CCA_SSD_PLATFORM\",\"type\":\"REFERENCE_VALUE\",\"sub_type\": \"cca.sw-component\",\"attributes\":{\"cca.hw-model\":\"RoadRunner\",\"cca.hw-vendor\":\"ACME\",\"cca.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"cca.measurement-desc\":1,\"cca.measurement-type\":\"M3\",\"cca.measurement-value\":\"EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"cca.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"cca.version\":\"1.0.0\"}}", +"{\"scheme\":\"CCA_SSD_PLATFORM\",\"type\":\"REFERENCE_VALUE\",\"sub_type\": \"cca.platform-config\",\"attributes\":{\"cca.hw-model\":\"RoadRunner\",\"cca.hw-vendor\":\"ACME\",\"cca.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"cca.platform-config-label\": \"platform-config-label\",\"cca.platform-config-id\": \"AQID\"}}" +] \ No newline at end of file diff --git a/vts/plugins/scheme-cca-ssd-platform/test/mult-endorsements.json b/vts/plugins/scheme-cca-ssd-platform/test/mult-endorsements.json new file mode 100644 index 00000000..7ea7a2ad --- /dev/null +++ b/vts/plugins/scheme-cca-ssd-platform/test/mult-endorsements.json @@ -0,0 +1,2 @@ + +["{\n\"scheme\":\"CCA_SSD_PLATFORM\",\n\"type\":\"REFERENCE_VALUE\",\n\"sub_type\":\"cca.sw-component\",\n\"attributes\":{\n \"cca.hw-model\":\"RoadRunner\",\n \"cca.hw-vendor\":\"ACME\",\n \"cca.impl-id\":\"76543210fedcba9817161514131211101f1e1d1c1b1a1918\",\n \"cca.measurement-desc\":1,\n \"cca.measurement-type\":\"BL\",\n \"cca.measurement-value\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\n \"cca.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\n \"cca.version\":\"3.4.2\"\n }\n }","\n{\n \"scheme\":\"PSA_IOT\",\n \"type\":\"REFERENCE_VALUE\",\n \"attributes\":{\n \"cca.hw-model\":\"RoadRunner\",\n \"cca.hw-vendor\":\"ACME\",\n \"cca.impl-id\":\"76543210fedcba9817161514131211101f1e1d1c1b1a1918\",\n \"cca.measurement-desc\":1,\n \"cca.measurement-type\":\"M1\",\n \"cca.measurement-value\":\"CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\n \"cca.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\n \"cca.version\":\"1.2.0\"}\n }\n ","\n {\n \"scheme\":\"PSA_IOT\",\n \"type\":\"REFERENCE_VALUE\",\n\"sub_type\":\"cca.sw-component\",\n, \"attributes\":{\n \"cca.hw-model\":\"RoadRunner\",\n \"cca.hw-vendor\":\"ACME\",\n \"cca.impl-id\":\"76543210fedcba9817161514131211101f1e1d1c1b1a1918\",\n \"cca.measurement-desc\":1,\n \"cca.measurement-type\":\"M2\",\n \"cca.measurement-value\":\"DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\n \"cca.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\n \"cca.version\":\"1.2.3\"}\n }\n "] \ No newline at end of file diff --git a/vts/plugins/scheme-cca-ssd-platform/test/refval-endorsements.json b/vts/plugins/scheme-cca-ssd-platform/test/refval-endorsements.json new file mode 100644 index 00000000..0ac1a6e0 --- /dev/null +++ b/vts/plugins/scheme-cca-ssd-platform/test/refval-endorsements.json @@ -0,0 +1,12 @@ +{ + "scheme": "CCA_SSD_PLATFORM", + "type":"REFERENCE_VALUE", + "sub_type": "cca.platform-config", + "attributes":{ + "cca.hw-model":"RoadRunner", + "cca.hw-vendor":"ACME", + "cca.impl-id":"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", + "cca.platform-config-label": "abcd", + "cca.platform-config-id": "AQID" + } +} \ No newline at end of file diff --git a/vts/plugins/scheme-cca-ssd-platform/test/ta-endorsements.json b/vts/plugins/scheme-cca-ssd-platform/test/ta-endorsements.json new file mode 100644 index 00000000..cad809ce --- /dev/null +++ b/vts/plugins/scheme-cca-ssd-platform/test/ta-endorsements.json @@ -0,0 +1,11 @@ +{ + "scheme":"CCA_SSD_PLATFORM", + "type":"VERIFICATION_KEY", + "attributes":{ + "cca.hw-model":"RoadRunner", + "cca.hw-vendor":"ACME", + "cca.impl-id":"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", + "cca.iak-pub":"-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEgvvRMqm1w5aHn7sVNA2QUJeOVcedUnmiug6VhU834gzS9k87crVwu9dz7uLOdoQl7fVF7b6J/6/g6Wu9RuJw8geWxEi5ja9G\np2TSdELm5u2E+M7IF+bsxqcdOj3n1n7N\n-----END PUBLIC KEY-----", + "cca.inst-id":"Ac7rrnuJJ6MiflMDz14PH3s0u1Qq1yUKwD+83jbsLxUI" + } +} \ No newline at end of file diff --git a/vts/plugins/scheme-cca-ssd-platform/test/ta-integ-endorsements.json b/vts/plugins/scheme-cca-ssd-platform/test/ta-integ-endorsements.json new file mode 100644 index 00000000..e5d8637f --- /dev/null +++ b/vts/plugins/scheme-cca-ssd-platform/test/ta-integ-endorsements.json @@ -0,0 +1,11 @@ +{ +"scheme":"CCA_SSD_PLATFORM", +"type":"VERIFICATION_KEY", +"attributes":{ + "cca.hw-model":"RoadRunner", + "cca.hw-vendor":"ACME", + "cca.impl-id":"76543210fedcba9817161514131211101f1e1d1c1b1a1918", + "cca.iak-pub":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEMKBCTNIcKUSDii11ySs3526iDZ8A\niTo7Tu6KPAqv7D7gS2XpJFbZiItSs3m9+9Ue6GnvHw/GW2ZZaVtszggXIw==\n-----END PUBLIC KEY-----", + "cca.inst-id":"Ac7rrnuJJ6MiflMDz14PH3s0u1Qq1yUKwD+83jbsLxUI" + } +} \ No newline at end of file diff --git a/vts/plugins/scheme-psa-iot/main.go b/vts/plugins/scheme-psa-iot/main.go index 9eff1c81..24675379 100644 --- a/vts/plugins/scheme-psa-iot/main.go +++ b/vts/plugins/scheme-psa-iot/main.go @@ -36,9 +36,10 @@ type SwAttr struct { } type Endorsements struct { - Scheme string `json:"scheme"` - Type string `json:"type"` - Attr SwAttr `json:"attributes"` + Scheme string `json:"scheme"` + Type string `json:"type"` + SubType string `json:"sub_type"` + Attr SwAttr `json:"attributes"` } type TaAttr struct { @@ -50,9 +51,10 @@ type TaAttr struct { } type TaEndorsements struct { - Scheme string `json:"scheme"` - Type string `json:"type"` - Attr TaAttr `json:"attributes"` + Scheme string `json:"scheme"` + Type string `json:"type"` + SubType string `json:"sub_type"` + Attr TaAttr `json:"attributes"` } const SchemeName = "PSA_IOT" @@ -63,17 +65,17 @@ func (s Scheme) GetName() string { return SchemeName } -func (s Scheme) SynthKeysFromSwComponent( +func (s Scheme) SynthKeysFromRefValue( tenantID string, - swComp *proto.Endorsement, + refValue *proto.Endorsement, ) ([]string, error) { var ( implID string fields map[string]*structpb.Value err error ) - log.Printf("SynthKeysFromSwComponent called\n") - fields, err = common.GetFieldsFromParts(swComp.GetAttributes()) + log.Printf("SynthKeysFromRefValue called\n") + fields, err = common.GetFieldsFromParts(refValue.GetAttributes()) if err != nil { return nil, fmt.Errorf("unable to synthesize software component abs-path: %w", err) } @@ -156,11 +158,11 @@ func (s Scheme) ExtractClaims( } extracted.ClaimsSet = claimsSet - extracted.SoftwareID = psaSoftwareLookupKey( + extracted.ReferenceID = psaSoftwareLookupKey( token.TenantId, MustImplIDString(psaToken.Claims), ) - log.Printf("\n Extracted SW ID Key = %s", extracted.SoftwareID) + log.Printf("\n Extracted SW ID Key = %s", extracted.ReferenceID) return &extracted, nil } @@ -286,12 +288,12 @@ func populateAttestationResult( func matchSoftware(evidence psatoken.IClaims, endorsements []Endorsements) bool { evidenceComponents := make(map[string]psatoken.SwComponent) - swComps, err := evidence.GetSoftwareComponents() + refValues, err := evidence.GetSoftwareComponents() if err != nil { return false } - for _, c := range swComps { + for _, c := range refValues { key := base64.StdEncoding.EncodeToString(*c.MeasurementValue) evidenceComponents[key] = c } diff --git a/vts/plugins/scheme-psa-iot/test/endorsements.json b/vts/plugins/scheme-psa-iot/test/endorsements.json index c2376d53..b45863ec 100644 --- a/vts/plugins/scheme-psa-iot/test/endorsements.json +++ b/vts/plugins/scheme-psa-iot/test/endorsements.json @@ -10,5 +10,5 @@ "psa.measurement-value":"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=", "psa.signer-id":"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=", "psa.version":"3.4.2" - } - } \ No newline at end of file + } +} \ No newline at end of file diff --git a/vts/plugins/scheme-psa-iot/test/extracted.json b/vts/plugins/scheme-psa-iot/test/extracted.json index c7035638..958ec39c 100644 --- a/vts/plugins/scheme-psa-iot/test/extracted.json +++ b/vts/plugins/scheme-psa-iot/test/extracted.json @@ -35,7 +35,7 @@ } ] }, - "software-id": "PSA_IOT://1/BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=/AQcGBQQDAgEADw4NDAsKCQgXFhUUExIREB8eHRwbGhkY", + "reference-id": "PSA_IOT://1/BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=/AQcGBQQDAgEADw4NDAsKCQgXFhUUExIREB8eHRwbGhkY", "trust-anchor-id": "PSA_IOT://1/BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=/", "tenant-id": "1" } diff --git a/vts/plugins/scheme-tcg-dice/main.go b/vts/plugins/scheme-tcg-dice/main.go index 30ea01e0..d0919ef3 100644 --- a/vts/plugins/scheme-tcg-dice/main.go +++ b/vts/plugins/scheme-tcg-dice/main.go @@ -36,7 +36,7 @@ func (s Scheme) GetTrustAnchorID(token *proto.AttestationToken) (string, error) return "dice://", nil } -func (s Scheme) SynthKeysFromSwComponent(tenantID string, swComp *proto.Endorsement) ([]string, error) { +func (s Scheme) SynthKeysFromRefValue(tenantID string, swComp *proto.Endorsement) ([]string, error) { return nil, errors.New("TODO") } @@ -78,8 +78,8 @@ func (s Scheme) ExtractClaims( } extracted := scheme.ExtractedClaims{ - ClaimsSet: claims, - SoftwareID: "dice://", + ClaimsSet: claims, + ReferenceID: "dice://", } return &extracted, err diff --git a/vts/plugins/scheme-tpm-enacttrust/main.go b/vts/plugins/scheme-tpm-enacttrust/main.go index fe2f4464..9ed4840f 100644 --- a/vts/plugins/scheme-tpm-enacttrust/main.go +++ b/vts/plugins/scheme-tpm-enacttrust/main.go @@ -37,7 +37,7 @@ func (s Scheme) GetSupportedMediaTypes() []string { } } -func (s Scheme) SynthKeysFromSwComponent( +func (s Scheme) SynthKeysFromRefValue( tenantID string, swComp *proto.Endorsement, ) ([]string, error) { @@ -50,7 +50,7 @@ func (s Scheme) SynthKeysFromTrustAnchor(tenantID string, ta *proto.Endorsement) func (s Scheme) GetTrustAnchorID(token *proto.AttestationToken) (string, error) { if token.MediaType != TPMEnactTrustTokenMediaType { - return "", fmt.Errorf("wrong format: expect %q, but found %q", + return "", fmt.Errorf("wrong mediaType: expect %q, but found %q", TPMEnactTrustTokenMediaType, token.MediaType, ) @@ -75,7 +75,7 @@ func (s Scheme) ExtractClaims( trustAnchor string, ) (*scheme.ExtractedClaims, error) { if token.MediaType != TPMEnactTrustTokenMediaType { - return nil, fmt.Errorf("wrong format: expect %q, but found %q", + return nil, fmt.Errorf("wrong mediaType: expect %q, but found %q", TPMEnactTrustTokenMediaType, token.MediaType, ) @@ -106,7 +106,7 @@ func (s Scheme) ExtractClaims( if err != nil { return nil, fmt.Errorf("could not decode node-id: %w", err) } - evidence.SoftwareID = tpmEnactTrustLookupKey(token.TenantId, nodeID.String()) + evidence.ReferenceID = tpmEnactTrustLookupKey(token.TenantId, nodeID.String()) return evidence, nil } diff --git a/vts/plugins/scheme-tpm-enacttrust/main_test.go b/vts/plugins/scheme-tpm-enacttrust/main_test.go index 1bf36fe6..c32a376c 100644 --- a/vts/plugins/scheme-tpm-enacttrust/main_test.go +++ b/vts/plugins/scheme-tpm-enacttrust/main_test.go @@ -85,7 +85,7 @@ func Test_ExtractVerifiedClaims_ok(t *testing.T) { 0x7a, 0xf, 0xde, 0x60, 0xc4, 0xcf, 0x25, 0xc7, } - assert.Equal(t, "TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1", ev.SoftwareID) + assert.Equal(t, "TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1", ev.ReferenceID) assert.Equal(t, []int64{1, 2, 3, 4}, ev.ClaimsSet["pcr-selection"]) assert.Equal(t, int64(11), ev.ClaimsSet["hash-algorithm"]) assert.Equal(t, expectedPCRDigest, ev.ClaimsSet["pcr-digest"]) @@ -127,7 +127,7 @@ func Test_GetAttestation(t *testing.T) { evidenceContext := &proto.EvidenceContext{ TenantId: "0", TrustAnchorId: "TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1", - SoftwareId: "TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1", + ReferenceId: "TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1", Evidence: evStruct, } endorsements := []string{"h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc="} diff --git a/vts/policymanager/policymanager_test.go b/vts/policymanager/policymanager_test.go index 2c734ab9..12c6a7fe 100644 --- a/vts/policymanager/policymanager_test.go +++ b/vts/policymanager/policymanager_test.go @@ -38,7 +38,7 @@ func TestPolicyMgr_getPolicy_not_found(t *testing.T) { ec := &proto.EvidenceContext{ TenantId: "0", TrustAnchorId: "TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1", - SoftwareId: "TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1", + ReferenceId: "TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1", Evidence: evStruct, } @@ -69,7 +69,7 @@ func TestPolicyMgr_getPolicy_OK(t *testing.T) { ec := &proto.EvidenceContext{ TenantId: "0", TrustAnchorId: "TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1", - SoftwareId: "TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1", + ReferenceId: "TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1", Evidence: evStruct, } @@ -116,7 +116,7 @@ func TestPolicyMgr_Evaluate_OK(t *testing.T) { ec := &proto.EvidenceContext{ TenantId: "0", TrustAnchorId: "TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1", - SoftwareId: "TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1", + ReferenceId: "TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1", Evidence: evStruct, } endorsements := []string{"h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc="} @@ -143,7 +143,7 @@ func TestPolicyMgr_Evaluate_NOK(t *testing.T) { ec := &proto.EvidenceContext{ TenantId: "0", TrustAnchorId: "TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1", - SoftwareId: "TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1", + ReferenceId: "TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1", Evidence: evStruct, } endorsements := []string{"h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc="} diff --git a/vts/trustedservices/trustedservices_grpc.go b/vts/trustedservices/trustedservices_grpc.go index a5bd0c6e..885a1b2a 100644 --- a/vts/trustedservices/trustedservices_grpc.go +++ b/vts/trustedservices/trustedservices_grpc.go @@ -169,7 +169,7 @@ func (o *GRPC) GetServiceState(context.Context, *emptypb.Empty) (*proto.ServiceS }, nil } -func (o *GRPC) AddSwComponents(ctx context.Context, req *proto.AddSwComponentsRequest) (*proto.AddSwComponentsResponse, error) { +func (o *GRPC) AddRefValues(ctx context.Context, req *proto.AddRefValuesRequest) (*proto.AddRefValuesResponse, error) { var ( err error keys []string @@ -177,45 +177,45 @@ func (o *GRPC) AddSwComponents(ctx context.Context, req *proto.AddSwComponentsRe val []byte ) - for _, swComp := range req.GetSwComponents() { - scheme, err = o.PluginManager.LookupBySchemeName(swComp.GetScheme()) + for _, refVal := range req.GetReferenceValues() { + scheme, err = o.PluginManager.LookupBySchemeName(refVal.GetScheme()) if err != nil { - return addSwComponentErrorResponse(err), nil + return addRefValueErrorResponse(err), nil } - keys, err = scheme.SynthKeysFromSwComponent(DummyTenantID, swComp) + keys, err = scheme.SynthKeysFromRefValue(DummyTenantID, refVal) if err != nil { - return addSwComponentErrorResponse(err), nil + return addRefValueErrorResponse(err), nil } - val, err = json.Marshal(swComp) + val, err = json.Marshal(refVal) if err != nil { - return addSwComponentErrorResponse(err), nil + return addRefValueErrorResponse(err), nil } } for _, key := range keys { if err := o.EnStore.Add(key, string(val)); err != nil { if err != nil { - return addSwComponentErrorResponse(err), nil + return addRefValueErrorResponse(err), nil } } } - o.logger.Infow("added software component", "keys", keys) + o.logger.Infow("added reference values", "keys", keys) - return addSwComponentSuccessResponse(), nil + return addRefValueSuccessResponse(), nil } -func addSwComponentSuccessResponse() *proto.AddSwComponentsResponse { - return &proto.AddSwComponentsResponse{ +func addRefValueSuccessResponse() *proto.AddRefValuesResponse { + return &proto.AddRefValuesResponse{ Status: &proto.Status{ Result: true, }, } } -func addSwComponentErrorResponse(err error) *proto.AddSwComponentsResponse { - return &proto.AddSwComponentsResponse{ +func addRefValueErrorResponse(err error) *proto.AddRefValuesResponse { + return &proto.AddRefValuesResponse{ Status: &proto.Status{ Result: false, ErrorDetail: fmt.Sprintf("%v", err), @@ -290,7 +290,8 @@ func (o *GRPC) GetAttestation( ctx context.Context, token *proto.AttestationToken, ) (*proto.AppraisalContext, error) { - o.logger.Infow("get attestation", "media-type", token.MediaType, "tenant-id", token.TenantId) + o.logger.Infow("get attestation", "media-type", token.MediaType, + "tenant-id", token.TenantId) scheme, err := o.PluginManager.LookupByMediaType(token.MediaType) if err != nil { @@ -317,13 +318,18 @@ func (o *GRPC) GetAttestation( return nil, err } - appraisal.EvidenceContext.SoftwareId = extracted.SoftwareID + appraisal.EvidenceContext.UpEvidence, err = structpb.NewStruct(extracted.UnprocessedClaimsSet) + if err != nil { + return nil, err + } + + appraisal.EvidenceContext.ReferenceId = extracted.ReferenceID o.logger.Debugw("constructed evidence context", - "software-id", appraisal.EvidenceContext.SoftwareId, + "software-id", appraisal.EvidenceContext.ReferenceId, "trust-anchor-id", appraisal.EvidenceContext.TrustAnchorId) - endorsements, err := o.EnStore.Get(appraisal.EvidenceContext.SoftwareId) + endorsements, err := o.EnStore.Get(appraisal.EvidenceContext.ReferenceId) if err != nil && !errors.Is(err, kvstore.ErrKeyNotFound) { return nil, err } diff --git a/vtsclient/vtsclient_grpc.go b/vtsclient/vtsclient_grpc.go index 7e206df4..e512f6d8 100644 --- a/vtsclient/vtsclient_grpc.go +++ b/vtsclient/vtsclient_grpc.go @@ -80,11 +80,11 @@ func (o *GRPC) GetServiceState( return c.GetServiceState(ctx, in, opts...) } -func (o *GRPC) AddSwComponents( +func (o *GRPC) AddRefValues( ctx context.Context, - in *proto.AddSwComponentsRequest, + in *proto.AddRefValuesRequest, opts ...grpc.CallOption, -) (*proto.AddSwComponentsResponse, error) { +) (*proto.AddRefValuesResponse, error) { if err := o.EnsureConnection(); err != nil { return nil, NewNoConnectionError("AddSwComponents", err) } @@ -94,7 +94,7 @@ func (o *GRPC) AddSwComponents( return nil, ErrNoClient } - return c.AddSwComponents(ctx, in, opts...) + return c.AddRefValues(ctx, in, opts...) } func (o *GRPC) AddTrustAnchor(