[WIP] Work on Introducing Store handlers

Signed-off-by: Yogesh Deshpande <[email protected]>

handler/ievidencehandler.go

@@ -1,4 +1,4 @@
-// Copyright 2021-2023 Contributors to the Veraison project.
+// Copyright 2021-2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 package handler
 

handler/plugin.go

@@ -19,3 +19,10 @@ func RegisterEvidenceHandler(i IEvidenceHandler) {
 		panic(err)
 	}
 }
+
+func RegisterStoreHandler(i IStoreHandler) {
+	err := plugin.RegisterImplementation("store-handler", i, StoreHandlerRPC)
+	if err != nil {
+		panic(err)
+	}
+}

scheme/cca-ssd-platform/evidence_handler_test.go

@@ -12,71 +12,9 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/veraison/ear"
-	"github.com/veraison/services/handler"
 	"github.com/veraison/services/proto"
 )
 
-var testNonce = []byte{
-	0x41, 0x42, 0x41, 0x42, 0x41, 0x42, 0x41, 0x42,
-	0x41, 0x42, 0x41, 0x42, 0x41, 0x42, 0x41, 0x42,
-	0x41, 0x42, 0x41, 0x42, 0x41, 0x42, 0x41, 0x42,
-	0x41, 0x42, 0x41, 0x42, 0x41, 0x42, 0x41, 0x42,
-	0x41, 0x42, 0x41, 0x42, 0x41, 0x42, 0x41, 0x42,
-	0x41, 0x42, 0x41, 0x42, 0x41, 0x42, 0x41, 0x42,
-	0x41, 0x42, 0x41, 0x42, 0x41, 0x42, 0x41, 0x42,
-	0x41, 0x42, 0x41, 0x42, 0x41, 0x42, 0x41, 0x42,
-}
-
-func Test_GetTrustAnchorIDs_ok(t *testing.T) {
-	tokenBytes, err := os.ReadFile("test/cca-token.cbor")
-	require.NoError(t, err)
-
-	token := proto.AttestationToken{
-		TenantId: "1",
-		Data:     tokenBytes,
-		Nonce:    testNonce,
-	}
-
-	expectedTaID := []string{"CCA_SSD_PLATFORM://1/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=/AQICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC"}
-
-	scheme := &EvidenceHandler{}
-
-	taID, err := scheme.GetTrustAnchorIDs(&token)
-	require.NoError(t, err)
-	assert.Equal(t, expectedTaID, taID)
-}
-
-func Test_SynthKeysFromTrustAnchor_ok(t *testing.T) {
-	endorsementsBytes, err := os.ReadFile("test/ta-endorsements.json")
-	require.NoError(t, err)
-
-	var endors handler.Endorsement
-	err = json.Unmarshal(endorsementsBytes, &endors)
-	require.NoError(t, err)
-	expectedKey := "CCA_SSD_PLATFORM://1/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=/Ac7rrnuJJ6MiflMDz14PH3s0u1Qq1yUKwD+83jbsLxUI"
-
-	scheme := &EvidenceHandler{}
-	key_list, err := scheme.SynthKeysFromTrustAnchor("1", &endors)
-	require.NoError(t, err)
-	assert.Equal(t, expectedKey, key_list[0])
-
-}
-
-func Test_SynthKeysFromRefValue_ok(t *testing.T) {
-	endorsementsBytes, err := os.ReadFile("test/refval-endorsements.json")
-	require.NoError(t, err)
-
-	var endors handler.Endorsement
-	err = json.Unmarshal(endorsementsBytes, &endors)
-	require.NoError(t, err)
-	expectedKey := "CCA_SSD_PLATFORM://1/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
-
-	scheme := &EvidenceHandler{}
-	key_list, err := scheme.SynthKeysFromRefValue("1", &endors)
-	require.NoError(t, err)
-	assert.Equal(t, expectedKey, key_list[0])
-}
-
 func Test_AppraiseEvidence_ok(t *testing.T) { // nolint: dupl
 	extractedBytes, err := os.ReadFile("test/extracted.json")
 	require.NoError(t, err)

scheme/cca-ssd-platform/plugin/Makefile

@@ -2,6 +2,7 @@
 ifndef COMBINED_PLUGINS
   SUBDIR += endorsement-handler
   SUBDIR += evidence-handler
+  SUBDIR += store-handler
 else
   SUBDIR += combined
 endif

scheme/cca-ssd-platform/plugin/combined/main.go

@@ -11,5 +11,6 @@ import (
 func main() {
 	handler.RegisterEndorsementHandler(&scheme.EndorsementHandler{})
 	handler.RegisterEvidenceHandler(&scheme.EvidenceHandler{})
+	handler.RegisterStoreHandler(&scheme.StoreHandler{})
 	plugin.Serve()
 }

scheme/cca-ssd-platform/plugin/store-handler/Makefile

@@ -0,0 +1,11 @@
+# Copyright 2021 Contributors to the Veraison project.
+# SPDX-License-Identifier: Apache-2.0
+
+PLUGIN := ../../../bin/cca-store-handler.plugin
+GOPKG := github.com/veraison/services/scheme/cca-ssd-platform
+SRCS := main.go
+
+include ../../../../mk/common.mk
+include ../../../../mk/plugin.mk
+include ../../../../mk/lint.mk
+include ../../../../mk/test.mk

scheme/cca-ssd-platform/plugin/store-handler/main.go

@@ -0,0 +1,14 @@
+// Copyright 2024 Contributors to the Veraison project.
+// SPDX-License-Identifier: Apache-2.0
+package main
+
+import (
+	"github.com/veraison/services/handler"
+	"github.com/veraison/services/plugin"
+	scheme "github.com/veraison/services/scheme/cca-ssd-platform"
+)
+
+func main() {
+	handler.RegisterStoreHandler(&scheme.StoreHandler{})
+	plugin.Serve()
+}

scheme/cca-ssd-platform/store_handler.go

@@ -0,0 +1,45 @@
+// Copyright 2021-2023 Contributors to the Veraison project.
+// SPDX-License-Identifier: Apache-2.0
+
+package cca_ssd_platform
+
+import (
+	"github.com/veraison/services/handler"
+	"github.com/veraison/services/proto"
+	"github.com/veraison/services/scheme/common/arm"
+)
+
+type StoreHandler struct{}
+
+func (s StoreHandler) GetName() string {
+	return "cca-store-handler"
+}
+
+func (s StoreHandler) GetAttestationScheme() string {
+	return SchemeName
+}
+
+func (s StoreHandler) GetSupportedMediaTypes() []string {
+	return nil
+}
+
+func (s StoreHandler) SynthKeysFromRefValue(
+	tenantID string,
+	refVal *handler.Endorsement,
+) ([]string, error) {
+	return arm.SynthKeysFromRefValue(SchemeName, tenantID, refVal)
+
+}
+
+func (s StoreHandler) SynthKeysFromTrustAnchor(tenantID string, ta *handler.Endorsement) ([]string, error) {
+
+	return arm.SynthKeysFromTrustAnchors(SchemeName, tenantID, ta)
+}
+
+func (s StoreHandler) GetTrustAnchorIDs(token *proto.AttestationToken) ([]string, error) {
+	ta, err := arm.GetTrustAnchorID(SchemeName, token)
+	if err != nil {
+		return []string{""}, err
+	}
+	return []string{ta}, nil
+}

scheme/cca-ssd-platform/store_handler_test.go

@@ -0,0 +1,77 @@
+// Copyright 2021-2023 Contributors to the Veraison project.
+// SPDX-License-Identifier: Apache-2.0
+
+package cca_ssd_platform
+
+import (
+	"encoding/json"
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/veraison/services/handler"
+	"github.com/veraison/services/proto"
+)
+
+var testNonce = []byte{
+	0x41, 0x42, 0x41, 0x42, 0x41, 0x42, 0x41, 0x42,
+	0x41, 0x42, 0x41, 0x42, 0x41, 0x42, 0x41, 0x42,
+	0x41, 0x42, 0x41, 0x42, 0x41, 0x42, 0x41, 0x42,
+	0x41, 0x42, 0x41, 0x42, 0x41, 0x42, 0x41, 0x42,
+	0x41, 0x42, 0x41, 0x42, 0x41, 0x42, 0x41, 0x42,
+	0x41, 0x42, 0x41, 0x42, 0x41, 0x42, 0x41, 0x42,
+	0x41, 0x42, 0x41, 0x42, 0x41, 0x42, 0x41, 0x42,
+	0x41, 0x42, 0x41, 0x42, 0x41, 0x42, 0x41, 0x42,
+}
+
+func Test_GetTrustAnchorIDs_ok(t *testing.T) {
+	tokenBytes, err := os.ReadFile("test/cca-token.cbor")
+	require.NoError(t, err)
+
+	token := proto.AttestationToken{
+		TenantId: "1",
+		Data:     tokenBytes,
+		Nonce:    testNonce,
+	}
+
+	expectedTaID := []string{"CCA_SSD_PLATFORM://1/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=/AQICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC"}
+
+	scheme := &StoreHandler{}
+
+	taID, err := scheme.GetTrustAnchorIDs(&token)
+	require.NoError(t, err)
+	assert.Equal(t, expectedTaID, taID)
+}
+
+func Test_SynthKeysFromTrustAnchor_ok(t *testing.T) {
+	endorsementsBytes, err := os.ReadFile("test/ta-endorsements.json")
+	require.NoError(t, err)
+
+	var endors handler.Endorsement
+	err = json.Unmarshal(endorsementsBytes, &endors)
+	require.NoError(t, err)
+	expectedKey := "CCA_SSD_PLATFORM://1/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=/Ac7rrnuJJ6MiflMDz14PH3s0u1Qq1yUKwD+83jbsLxUI"
+
+	scheme := &StoreHandler{}
+	key_list, err := scheme.SynthKeysFromTrustAnchor("1", &endors)
+	require.NoError(t, err)
+	assert.Equal(t, expectedKey, key_list[0])
+
+}
+
+func Test_SynthKeysFromRefValue_ok(t *testing.T) {
+	endorsementsBytes, err := os.ReadFile("test/refval-endorsements.json")
+	require.NoError(t, err)
+
+	var endors handler.Endorsement
+	err = json.Unmarshal(endorsementsBytes, &endors)
+	require.NoError(t, err)
+	expectedKey := "CCA_SSD_PLATFORM://1/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
+
+	scheme := &StoreHandler{}
+	key_list, err := scheme.SynthKeysFromRefValue("1", &endors)
+	require.NoError(t, err)
+	assert.Equal(t, expectedKey, key_list[0])
+}

scheme/parsec-cca/evidence_handler_test.go

@@ -12,28 +12,9 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/veraison/ear"
-	"github.com/veraison/services/handler"
 	"github.com/veraison/services/proto"
 )
 
-func Test_GetTrustAnchorIDs_ok(t *testing.T) {
-	tokenBytes, err := os.ReadFile("test/evidence/evidence.cbor")
-	require.NoError(t, err)
-
-	token := proto.AttestationToken{
-		TenantId: "1",
-		Data:     tokenBytes,
-	}
-
-	expectedTaID := "PARSEC_CCA://1/f0VMRgIBAQAAAAAAAAAAAAMAPgABAAAAUFgAAAAAAAA=/AQcGBQQDAgEADw4NDAsKCQgXFhUUExIREB8eHRwbGhkY"
-
-	handler := &EvidenceHandler{}
-
-	taIDs, err := handler.GetTrustAnchorIDs(&token)
-	require.NoError(t, err)
-	assert.Equal(t, expectedTaID, taIDs[0])
-}
-
 func Test_ExtractClaims_ok(t *testing.T) {
 	tokenBytes, err := os.ReadFile("test/evidence/evidence.cbor")
 	require.NoError(t, err)
@@ -206,37 +187,6 @@ func Test_AppraiseEvidence_ok(t *testing.T) {
 	assert.Equal(t, attestation.TrustVector.Configuration, ear.ApprovedConfigClaim)
 }
 
-func Test_SynthKeysFromTrustAnchor_ok(t *testing.T) {
-	endorsementsBytes, err := os.ReadFile("test/evidence/ta_endorsements.json")
-	require.NoError(t, err)
-
-	var endors handler.Endorsement
-	err = json.Unmarshal(endorsementsBytes, &endors)
-	require.NoError(t, err)
-	expectedKey := "PARSEC_CCA://1/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=/Ac7rrnuJJ6MiflMDz14PH3s0u1Qq1yUKwD+83jbsLxUI"
-
-	scheme := &EvidenceHandler{}
-	key_list, err := scheme.SynthKeysFromTrustAnchor("1", &endors)
-	require.NoError(t, err)
-	assert.Equal(t, expectedKey, key_list[0])
-
-}
-
-func Test_SynthKeysFromRefValue_ok(t *testing.T) {
-	endorsementsBytes, err := os.ReadFile("test/evidence/refval_endorsement.json")
-	require.NoError(t, err)
-
-	var endors handler.Endorsement
-	err = json.Unmarshal(endorsementsBytes, &endors)
-	require.NoError(t, err)
-	expectedKey := "PARSEC_CCA://1/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
-
-	scheme := &EvidenceHandler{}
-	key_list, err := scheme.SynthKeysFromRefValue("1", &endors)
-	require.NoError(t, err)
-	assert.Equal(t, expectedKey, key_list[0])
-}
-
 func Test_GetName_ok(t *testing.T) {
 	scheme := &EvidenceHandler{}
 	expectedName := "parsec-cca-evidence-handler"

scheme/parsec-cca/plugin/Makefile

@@ -4,6 +4,7 @@
 ifndef COMBINED_PLUGINS
   SUBDIR += endorsement-handler
   SUBDIR += evidence-handler
+  SUBDIR += store-handler
 else
   SUBDIR += combined
 endif

scheme/parsec-cca/plugin/combined/main.go

@@ -11,5 +11,6 @@ import (
 func main() {
 	handler.RegisterEndorsementHandler(&scheme.EndorsementHandler{})
 	handler.RegisterEvidenceHandler(&scheme.EvidenceHandler{})
+	handler.RegisterStoreHandler(&scheme.StoreHandler{})
 	plugin.Serve()
 }

scheme/parsec-cca/plugin/store-handler/Makefile

@@ -0,0 +1,11 @@
+# Copyright 2021 Contributors to the Veraison project.
+# SPDX-License-Identifier: Apache-2.0
+
+PLUGIN := ../../../bin/parsec-cca-store-handler.plugin
+GOPKG := github.com/veraison/services/scheme/parsec-cca
+SRCS := main.go
+
+include ../../../../mk/common.mk
+include ../../../../mk/plugin.mk
+include ../../../../mk/lint.mk
+include ../../../../mk/test.mk

scheme/parsec-cca/plugin/store-handler/main.go

@@ -0,0 +1,14 @@
+// Copyright 2024 Contributors to the Veraison project.
+// SPDX-License-Identifier: Apache-2.0
+package main
+
+import (
+	"github.com/veraison/services/handler"
+	"github.com/veraison/services/plugin"
+	scheme "github.com/veraison/services/scheme/parsec-cca"
+)
+
+func main() {
+	handler.RegisterStoreHandler(&scheme.StoreHandler{})
+	plugin.Serve()
+}