[WIP] Add Realm Plugin Context

Signed-off-by: Yogesh Deshpande <[email protected]>

scheme/cca-realm/corim_extractor.go

@@ -16,55 +16,59 @@ func (o CorimExtractor) RefValExtractor(
 	rv comid.ReferenceValue,
 ) ([]*handler.Endorsement, error) {
 	var classAttrs ClassAttributes
+	var instAttrs InstanceAttributes
 
 	if err := classAttrs.FromEnvironment(rv.Environment); err != nil {
 		return nil, fmt.Errorf("could not extract Realm class attributes: %w", err)
 	}
 
-	rvs := make([]*handler.Endorsement, 0, len(rv.Measurements))
+	if err := instAttrs.FromEnvironment(rv.Environment); err != nil {
+		return nil, fmt.Errorf("could not extract Realm instance attributes: %w", err)
+	}
 
-	for i, m := range rv.Measurements {
+	// Each measurement is encoded in a measurement-map of a CoMID
+	// reference-triple-record.  Since a measurement-map can encode one or more
+	// measurements, a single reference-triple-record can carry as many
+	// measurements as needed. However for Realm Instance, only one measurement
+	// record is set, with both the "rim" & "rem" measurements carried in an
+	// integrity register
+	refVals := make([]*handler.Endorsement, 0, len(rv.Measurements))
 
-		d := m.Val.Digests
+	if len(refVals) == 0 {
+		return nil, fmt.Errorf("no measurements found")
+	}
 
-		if d == nil {
-			return nil, fmt.Errorf("measurement value has no digests")
-		}
-		if len(*d) != 1 {
-			return nil, fmt.Errorf("expecting exactly one digest")
+	var refVal *handler.Endorsement
+	for _, m := range rv.Measurements {
+		var rAttr RealmAttributes
+		if err := rAttr.FromMeasurement(m); err != nil {
+			return nil, fmt.Errorf("unable to extract realm reference attributes from measurement: %w", err)
 		}
-		algID := (*d)[0].AlgIDToString()
-		measurementValue := (*d)[0].HashValue
-
-		attrs, err := makeRefValAttrs(&classAttrs, algID, measurementValue)
+		refAttrs, err := makeRefValAttrs(&classAttrs, &instAttrs, &rAttr)
 		if err != nil {
-			return nil, fmt.Errorf("measurement[%d].digest[%d]: %w", i, j, err)
+			return nil, fmt.Errorf("unable to make reference attributes: %w", err)
 		}
-
-		rv := &handler.Endorsement{
-			Scheme:     SchemeName,
+		refVal = &handler.Endorsement{
+			Scheme:     "CCA_REALM",
 			Type:       handler.EndorsementType_REFERENCE_VALUE,
-			Attributes: attrs,
+			Attributes: refAttrs,
 		}
-
-		rvs = append(rvs, rv)
-
-	}
-
-	if len(rvs) == 0 {
-		return nil, fmt.Errorf("no measurements found")
+		refVals = append(refVals, refVal)
 	}
-
-	return rvs, nil
+	return refVals, nil
 }
 
-func makeRefValAttrs(cAttr *ClassAttributes, algID string, digest []byte) (json.RawMessage, error) {
+func makeRefValAttrs(cAttr *ClassAttributes, iAttr *InstanceAttributes, rAttr *RealmAttributes) (json.RawMessage, error) {
 
 	var attrs = map[string]interface{}{
 		"CCA_REALM.vendor":      cAttr.Vendor,
 		"CCA_REALM-id":          cAttr.UUID,
-		"CCA_REALM.hash-alg-id": algID,
-		"CCA_REALM.measurement": digest,
+		"CCA_REALM.hash-alg-id": rAttr.HashAlgID,
+		"CCA_REALM.rim":         rAttr.Rim,
+		"CCA_REALM.rem0":        rAttr.Rem[0],
+		"CCA_REALM.rem1":        rAttr.Rem[1],
+		"CCA_REALM.rem2":        rAttr.Rem[2],
+		"CCA_REALM.rem3":        rAttr.Rem[3],
 	}
 	data, err := json.Marshal(attrs)
 	if err != nil {
@@ -76,6 +80,5 @@ func makeRefValAttrs(cAttr *ClassAttributes, algID string, digest []byte) (json.
 func (o CorimExtractor) TaExtractor(
 	avk comid.AttestVerifKey,
 ) (*handler.Endorsement, error) {
-
 	return nil, fmt.Errorf("cca realm endorsements does not have a Trust Anchor")
 }

scheme/cca-realm/realmattributes.go

@@ -0,0 +1,16 @@
+// Copyright 2024 Contributors to the Veraison project.
+// SPDX-License-Identifier: Apache-2.0
+package cca_realm
+
+import "github.com/veraison/corim/comid"
+
+type RealmAttributes struct {
+	Rim       []byte
+	Rem       [4][]byte
+	HashAlgID string
+}
+
+func (o *RealmAttributes) FromMeasurement(m comid.Measurement) error {
+
+	return nil
+}