From 1874dcdac11ae933d815423ae97444f8358993e7 Mon Sep 17 00:00:00 2001 From: Yogesh Deshpande Date: Tue, 23 Apr 2024 11:02:58 -0400 Subject: [PATCH] [WIP] Add Realm Plugin Context Signed-off-by: Yogesh Deshpande --- scheme/cca-realm/corim_extractor.go | 63 +++++++++++++++-------------- scheme/cca-realm/realmattributes.go | 16 ++++++++ 2 files changed, 49 insertions(+), 30 deletions(-) create mode 100644 scheme/cca-realm/realmattributes.go diff --git a/scheme/cca-realm/corim_extractor.go b/scheme/cca-realm/corim_extractor.go index 2a1c2c5e..d4a208c5 100644 --- a/scheme/cca-realm/corim_extractor.go +++ b/scheme/cca-realm/corim_extractor.go @@ -16,55 +16,59 @@ func (o CorimExtractor) RefValExtractor( rv comid.ReferenceValue, ) ([]*handler.Endorsement, error) { var classAttrs ClassAttributes + var instAttrs InstanceAttributes if err := classAttrs.FromEnvironment(rv.Environment); err != nil { return nil, fmt.Errorf("could not extract Realm class attributes: %w", err) } - rvs := make([]*handler.Endorsement, 0, len(rv.Measurements)) + if err := instAttrs.FromEnvironment(rv.Environment); err != nil { + return nil, fmt.Errorf("could not extract Realm instance attributes: %w", err) + } - for i, m := range rv.Measurements { + // Each measurement is encoded in a measurement-map of a CoMID + // reference-triple-record. Since a measurement-map can encode one or more + // measurements, a single reference-triple-record can carry as many + // measurements as needed. However for Realm Instance, only one measurement + // record is set, with both the "rim" & "rem" measurements carried in an + // integrity register + refVals := make([]*handler.Endorsement, 0, len(rv.Measurements)) - d := m.Val.Digests + if len(refVals) == 0 { + return nil, fmt.Errorf("no measurements found") + } - if d == nil { - return nil, fmt.Errorf("measurement value has no digests") - } - if len(*d) != 1 { - return nil, fmt.Errorf("expecting exactly one digest") + var refVal *handler.Endorsement + for _, m := range rv.Measurements { + var rAttr RealmAttributes + if err := rAttr.FromMeasurement(m); err != nil { + return nil, fmt.Errorf("unable to extract realm reference attributes from measurement: %w", err) } - algID := (*d)[0].AlgIDToString() - measurementValue := (*d)[0].HashValue - - attrs, err := makeRefValAttrs(&classAttrs, algID, measurementValue) + refAttrs, err := makeRefValAttrs(&classAttrs, &instAttrs, &rAttr) if err != nil { - return nil, fmt.Errorf("measurement[%d].digest[%d]: %w", i, j, err) + return nil, fmt.Errorf("unable to make reference attributes: %w", err) } - - rv := &handler.Endorsement{ - Scheme: SchemeName, + refVal = &handler.Endorsement{ + Scheme: "CCA_REALM", Type: handler.EndorsementType_REFERENCE_VALUE, - Attributes: attrs, + Attributes: refAttrs, } - - rvs = append(rvs, rv) - - } - - if len(rvs) == 0 { - return nil, fmt.Errorf("no measurements found") + refVals = append(refVals, refVal) } - - return rvs, nil + return refVals, nil } -func makeRefValAttrs(cAttr *ClassAttributes, algID string, digest []byte) (json.RawMessage, error) { +func makeRefValAttrs(cAttr *ClassAttributes, iAttr *InstanceAttributes, rAttr *RealmAttributes) (json.RawMessage, error) { var attrs = map[string]interface{}{ "CCA_REALM.vendor": cAttr.Vendor, "CCA_REALM-id": cAttr.UUID, - "CCA_REALM.hash-alg-id": algID, - "CCA_REALM.measurement": digest, + "CCA_REALM.hash-alg-id": rAttr.HashAlgID, + "CCA_REALM.rim": rAttr.Rim, + "CCA_REALM.rem0": rAttr.Rem[0], + "CCA_REALM.rem1": rAttr.Rem[1], + "CCA_REALM.rem2": rAttr.Rem[2], + "CCA_REALM.rem3": rAttr.Rem[3], } data, err := json.Marshal(attrs) if err != nil { @@ -76,6 +80,5 @@ func makeRefValAttrs(cAttr *ClassAttributes, algID string, digest []byte) (json. func (o CorimExtractor) TaExtractor( avk comid.AttestVerifKey, ) (*handler.Endorsement, error) { - return nil, fmt.Errorf("cca realm endorsements does not have a Trust Anchor") } diff --git a/scheme/cca-realm/realmattributes.go b/scheme/cca-realm/realmattributes.go new file mode 100644 index 00000000..6e190589 --- /dev/null +++ b/scheme/cca-realm/realmattributes.go @@ -0,0 +1,16 @@ +// Copyright 2024 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 +package cca_realm + +import "github.com/veraison/corim/comid" + +type RealmAttributes struct { + Rim []byte + Rem [4][]byte + HashAlgID string +} + +func (o *RealmAttributes) FromMeasurement(m comid.Measurement) error { + + return nil +}