[WIP] Working on Provisioning Plugin for Realm

Signed-off-by: Yogesh Deshpande <[email protected]>

scheme/cca-realm/Makefile

@@ -0,0 +1,9 @@
+
+ifndef COMBINED_PLUGINS
+  SUBDIR += endorsement-handler
+else
+  SUBDIR += combined
+endif
+
+include ../../../mk/common.mk
+include ../../../mk/subdir.mk

scheme/cca-realm/endorsement_handler.go

@@ -0,0 +1,35 @@
+// Copyright 2022-2024 Contributors to the Veraison project.
+// SPDX-License-Identifier: Apache-2.0
+package cca_realm
+
+import (
+	"github.com/veraison/services/handler"
+	"github.com/veraison/services/scheme/common"
+	"github.com/veraison/services/scheme/common/arm"
+)
+
+type EndorsementHandler struct{}
+
+func (o EndorsementHandler) Init(params handler.EndorsementHandlerParams) error {
+	return nil // no-op
+}
+
+func (o EndorsementHandler) Close() error {
+	return nil // no-op
+}
+
+func (o EndorsementHandler) GetName() string {
+	return "unsigned-corim (CCA realm profile)"
+}
+
+func (o EndorsementHandler) GetAttestationScheme() string {
+	return SchemeName
+}
+
+func (o EndorsementHandler) GetSupportedMediaTypes() []string {
+	return EndorsementMediaTypes
+}
+
+func (o EndorsementHandler) Decode(data []byte) (*handler.EndorsementHandlerResponse, error) {
+	return common.UnsignedCorimDecoder(data, &arm.Extractor{Scheme: SchemeName})
+}

scheme/cca-realm/plugin/combined/Makefile

@@ -0,0 +1,11 @@
+# Copyright 2024 Contributors to the Veraison project.
+# SPDX-License-Identifier: Apache-2.0
+
+PLUGIN := ../../../bin/cca-realm.plugin
+GOPKG := github.com/veraison/services/scheme/cca-realm
+SRCS := main.go
+
+include ../../../../mk/common.mk
+include ../../../../mk/plugin.mk
+include ../../../../mk/lint.mk
+include ../../../../mk/test.mk

scheme/cca-realm/plugin/combined/main.go

@@ -0,0 +1,14 @@
+// Copyright 2024 Contributors to the Veraison project.
+// SPDX-License-Identifier: Apache-2.0
+package main
+
+import (
+	"github.com/veraison/services/handler"
+	"github.com/veraison/services/plugin"
+	scheme "github.com/veraison/services/scheme/cca-realm"
+)
+
+func main() {
+	handler.RegisterEndorsementHandler(&scheme.EndorsementHandler{})
+	plugin.Serve()
+}

scheme/cca-realm/plugin/endorsement-handler/Makefile

@@ -0,0 +1,11 @@
+# Copyright 2024 Contributors to the Veraison project.
+# SPDX-License-Identifier: Apache-2.0
+
+PLUGIN := ../../../bin/cca-realm-endorsement-handler.plugin
+GOPKG := github.com/veraison/services/scheme/cca-realm
+SRCS := main.go
+
+include ../../../../mk/common.mk
+include ../../../../mk/plugin.mk
+include ../../../../mk/lint.mk
+include ../../../../mk/test.mk

scheme/cca-realm/plugin/endorsement-handler/main.go

@@ -0,0 +1,14 @@
+// Copyright 2022-2024 Contributors to the Veraison project.
+// SPDX-License-Identifier: Apache-2.0
+package main
+
+import (
+	"github.com/veraison/services/handler"
+	"github.com/veraison/services/plugin"
+	scheme "github.com/veraison/services/scheme/cca-realm"
+)
+
+func main() {
+	handler.RegisterEndorsementHandler(&scheme.EndorsementHandler{})
+	plugin.Serve()
+}

scheme/cca-realm/plugin/store-handler/Makefile

@@ -0,0 +1,11 @@
+# Copyright 2024 Contributors to the Veraison project.
+# SPDX-License-Identifier: Apache-2.0
+
+PLUGIN := ../../../bin/cca-realm-store-handler.plugin
+GOPKG := github.com/veraison/services/scheme/cca-realm
+SRCS := main.go
+
+include ../../../../mk/common.mk
+include ../../../../mk/plugin.mk
+include ../../../../mk/lint.mk
+include ../../../../mk/test.mk

scheme/cca-realm/plugin/store-handler/main.go

@@ -0,0 +1,14 @@
+// Copyright 2024 Contributors to the Veraison project.
+// SPDX-License-Identifier: Apache-2.0
+package main
+
+import (
+	"github.com/veraison/services/handler"
+	"github.com/veraison/services/plugin"
+	scheme "github.com/veraison/services/scheme/cca-realm"
+)
+
+func main() {
+	handler.RegisterStoreHandler(&scheme.StoreHandler{})
+	plugin.Serve()
+}

scheme/cca-realm/scheme.go

@@ -0,0 +1,11 @@
+// Copyright 2024 Contributors to the Veraison project.
+// SPDX-License-Identifier: Apache-2.0
+package cca_realm
+
+const SchemeName = "CCA_REALM"
+
+var (
+	EndorsementMediaTypes = []string{
+		"application/corim-unsigned+cbor; profile=http://arm.com/cca/realm/1",
+	}
+)

scheme/cca-realm/store_handler.go

@@ -0,0 +1,45 @@
+// Copyright 2024 Contributors to the Veraison project.
+// SPDX-License-Identifier: Apache-2.0
+
+package cca_realm
+
+import (
+	"github.com/veraison/services/handler"
+	"github.com/veraison/services/proto"
+	"github.com/veraison/services/scheme/common/arm"
+)
+
+type StoreHandler struct{}
+
+func (s StoreHandler) GetName() string {
+	return "cca-realm-store-handler"
+}
+
+func (s StoreHandler) GetAttestationScheme() string {
+	return SchemeName
+}
+
+func (s StoreHandler) GetSupportedMediaTypes() []string {
+	return nil
+}
+
+func (s StoreHandler) SynthKeysFromRefValue(
+	tenantID string,
+	refVal *handler.Endorsement,
+) ([]string, error) {
+	return arm.SynthKeysFromRefValue(SchemeName, tenantID, refVal)
+
+}
+
+func (s StoreHandler) SynthKeysFromTrustAnchor(tenantID string, ta *handler.Endorsement) ([]string, error) {
+
+	return arm.SynthKeysFromTrustAnchors(SchemeName, tenantID, ta)
+}
+
+func (s StoreHandler) GetTrustAnchorIDs(token *proto.AttestationToken) ([]string, error) {
+	ta, err := arm.GetTrustAnchorID(SchemeName, token)
+	if err != nil {
+		return []string{""}, err
+	}
+	return []string{ta}, nil
+}