Aligh Interface to handle multiple TAID and RefValID

Signed-off-by: Yogesh Deshpande <[email protected]>
veraison · Dec 10, 2023 · 4279f78 · 4279f78
1 parent 1c05045
commit 4279f78
Show file tree

Hide file tree

Showing 10 changed files with 61 additions and 61 deletions.
diff --git a/proto/evidence.pb.go b/proto/evidence.pb.go
diff --git a/proto/evidence.proto b/proto/evidence.proto
@@ -7,7 +7,7 @@ option go_package = "github.com/veraison/services/proto";
 
 message EvidenceContext {
   string tenant_id = 1 [json_name = "tenant-id"];
-  repeated string trust_anchor_id = 2 [json_name = "trust-anchor-id"];
-  repeated string reference_id = 3 [json_name = "reference-id"];
+  repeated string trust_anchor_ids = 2 [json_name = "trust-anchor-ids"];
+  repeated string reference_ids = 3 [json_name = "reference-ids"];
   google.protobuf.Struct evidence = 5;
 }
diff --git a/scheme/cca-ssd-platform/test/extracted.json b/scheme/cca-ssd-platform/test/extracted.json
@@ -52,7 +52,7 @@
 	    "cca-realm-public-key-hash-algo-id": "sha-512"
 	  }
   },
-  "reference-id": ["CCA_SSD_PLATFORM://1/BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=/AQcGBQQDAgEADw4NDAsKCQgXFhUUExIREB8eHRwbGhkY"],
-  "trust-anchor-id": ["CCA_SSD_PLATFORM://1/BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=/"],
+  "reference-ids": ["CCA_SSD_PLATFORM://1/BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=/AQcGBQQDAgEADw4NDAsKCQgXFhUUExIREB8eHRwbGhkY"],
+  "trust-anchor-ids": ["CCA_SSD_PLATFORM://1/BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=/"],
   "tenant-id": "1"
 }
diff --git a/scheme/parsec-cca/test/evidence/extracted.json b/scheme/parsec-cca/test/evidence/extracted.json
@@ -46,7 +46,7 @@
             "nonce": "AAECAwQFBgc="
         }
     },
-    "reference-id": ["PARSEC_CCA://0/f0VMRgIBAQAAAAAAAAAAAAMAPgABAAAAUFgAAAAAAAA="],
-    "trust-anchor-id": ["PARSEC_CCA://1/f0VMRgIBAQAAAAAAAAAAAAMAPgABAAAAUFgAAAAAAAA=/AQcGBQQDAgEADw4NDAsKCQgXFhUUExIREB8eHRwbGhkY"],
+    "reference-ids": ["PARSEC_CCA://0/f0VMRgIBAQAAAAAAAAAAAAMAPgABAAAAUFgAAAAAAAA="],
+    "trust-anchor-ids": ["PARSEC_CCA://1/f0VMRgIBAQAAAAAAAAAAAAMAPgABAAAAUFgAAAAAAAA=/AQcGBQQDAgEADw4NDAsKCQgXFhUUExIREB8eHRwbGhkY"],
     "tenant-id": "1"
 }
diff --git a/scheme/parsec-tpm/test/evidence/extracted.json b/scheme/parsec-tpm/test/evidence/extracted.json
@@ -14,7 +14,7 @@
       "tpmVer": "2.0"
     }
   },
-  "reference-id": ["PARSEC_TPM://1/YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE="],
-  "trust-anchor-id": ["PARSEC_TPM://1/AagIEsUMYDNxd1p5UuAACkxJGfJf9rcUZ/oyRFHDcAxn"],
+  "reference-ids": ["PARSEC_TPM://1/YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE="],
+  "trust-anchor-ids": ["PARSEC_TPM://1/AagIEsUMYDNxd1p5UuAACkxJGfJf9rcUZ/oyRFHDcAxn"],
   "tenant-id": "1"
 }
diff --git a/scheme/parsec-tpm/test/evidence/matched_extracted.json b/scheme/parsec-tpm/test/evidence/matched_extracted.json
@@ -14,7 +14,7 @@
       "tpmVer": "2.0"
     }
   },
-  "reference-id": ["PARSEC_TPM://1/YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE="],
-  "trust-anchor-id": ["PARSEC_TPM://1/AagIEsUMYDNxd1p5UuAACkxJGfJf9rcUZ/oyRFHDcAxn"],
+  "reference-ids": ["PARSEC_TPM://1/YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE="],
+  "trust-anchor-ids": ["PARSEC_TPM://1/AagIEsUMYDNxd1p5UuAACkxJGfJf9rcUZ/oyRFHDcAxn"],
   "tenant-id": "1"
 }
diff --git a/scheme/psa-iot/test/extracted.json b/scheme/psa-iot/test/extracted.json
@@ -35,7 +35,7 @@
       }
     ]
   },
-  "reference-id": ["PSA_IOT://1/BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=/AQcGBQQDAgEADw4NDAsKCQgXFhUUExIREB8eHRwbGhkY"],
-  "trust-anchor-id": ["PSA_IOT://1/BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=/"],
+  "reference-ids": ["PSA_IOT://1/BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=/AQcGBQQDAgEADw4NDAsKCQgXFhUUExIREB8eHRwbGhkY"],
+  "trust-anchor-ids": ["PSA_IOT://1/BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=/"],
   "tenant-id": "1"
 }
diff --git a/scheme/tpm-enacttrust/evidence_handler_test.go b/scheme/tpm-enacttrust/evidence_handler_test.go
@@ -27,7 +27,7 @@ func Test_DecodeAttestationData_ok(t *testing.T) {
 	assert.Equal(t, uint64(0x7), decoded.AttestationData.FirmwareVersion)
 }
 
-func Test_GetTrustAnchorID_ok(t *testing.T) {
+func Test_GetTrustAnchorIds_ok(t *testing.T) {
 	data, err := os.ReadFile("test/tokens/basic.token")
 	require.NoError(t, err)
 
@@ -119,10 +119,10 @@ func Test_GetAttestation(t *testing.T) {
 	require.NoError(t, err)
 
 	evidenceContext := &proto.EvidenceContext{
-		TenantId:      "0",
-		TrustAnchorId: []string{"TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1"},
-		ReferenceId:   []string{"TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1"},
-		Evidence:      evStruct,
+		TenantId:       "0",
+		TrustAnchorIds: []string{"TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1"},
+		ReferenceIds:   []string{"TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1"},
+		Evidence:       evStruct,
 	}
 
 	refvalBytes, err := os.ReadFile("test/refval.json")

diff --git a/vts/policymanager/policymanager_test.go b/vts/policymanager/policymanager_test.go
@@ -38,10 +38,10 @@ func TestPolicyMgr_getPolicy_not_found(t *testing.T) {
 	appraisal := &appraisal.Appraisal{
 		Scheme: "TPM_ENACTTRUST",
 		EvidenceContext: &proto.EvidenceContext{
-			TenantId:      "0",
-			TrustAnchorId: []string{"TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1"},
-			ReferenceId:   []string{"TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1"},
-			Evidence:      evStruct,
+			TenantId:       "0",
+			TrustAnchorIds: []string{"TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1"},
+			ReferenceIds:   []string{"TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1"},
+			Evidence:       evStruct,
 		},
 	}
 
@@ -73,10 +73,10 @@ func TestPolicyMgr_getPolicy_OK(t *testing.T) {
 	appraisal := &appraisal.Appraisal{
 		Scheme: "TPM_ENACTTRUST",
 		EvidenceContext: &proto.EvidenceContext{
-			TenantId:      "0",
-			TrustAnchorId: []string{"TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1"},
-			ReferenceId:   []string{"TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1"},
-			Evidence:      evStruct,
+			TenantId:       "0",
+			TrustAnchorIds: []string{"TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1"},
+			ReferenceIds:   []string{"TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1"},
+			Evidence:       evStruct,
 		},
 	}
 
@@ -121,10 +121,10 @@ func TestPolicyMgr_Evaluate_OK(t *testing.T) {
 		Return([]string{`{"uuid": "7df7714e-aa04-4638-bcbf-434b1dd720f1", "active": true}`}, nil)
 
 	ec := &proto.EvidenceContext{
-		TenantId:      "0",
-		TrustAnchorId: []string{"TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1"},
-		ReferenceId:   []string{"TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1"},
-		Evidence:      evStruct,
+		TenantId:       "0",
+		TrustAnchorIds: []string{"TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1"},
+		ReferenceIds:   []string{"TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1"},
+		Evidence:       evStruct,
 	}
 	endorsements := []string{"h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc="}
 	ar := ear.NewAttestationResult("test", "test", "test")
@@ -167,10 +167,10 @@ func TestPolicyMgr_Evaluate_NOK(t *testing.T) {
 		Return([]string{`{"uuid": "7df7714e-aa04-4638-bcbf-434b1dd720f1", "active": true}`}, nil)
 
 	ec := &proto.EvidenceContext{
-		TenantId:      "0",
-		TrustAnchorId: []string{"TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1"},
-		ReferenceId:   []string{"TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1"},
-		Evidence:      evStruct,
+		TenantId:       "0",
+		TrustAnchorIds: []string{"TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1"},
+		ReferenceIds:   []string{"TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1"},
+		Evidence:       evStruct,
 	}
 	endorsements := []string{"h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc="}
 	ar := ear.NewAttestationResult("test", "test", "test")

diff --git a/vts/trustedservices/trustedservices_grpc.go b/vts/trustedservices/trustedservices_grpc.go
@@ -335,11 +335,11 @@ func (o *GRPC) GetAttestation(
 		return o.finalize(appraisal, err)
 	}
 
-	ta, err := o.getTrustAnchor(appraisal.EvidenceContext.TrustAnchorId)
+	ta, err := o.getTrustAnchor(appraisal.EvidenceContext.TrustAnchorIds)
 	if err != nil {
 		if errors.Is(err, kvstore.ErrKeyNotFound) {
 			err = handlermod.BadEvidence("no trust anchor for %s",
-				appraisal.EvidenceContext.TrustAnchorId)
+				appraisal.EvidenceContext.TrustAnchorIds)
 			appraisal.SetAllClaims(ear.CryptoValidationFailedClaim)
 			appraisal.AddPolicyClaim("problem", "no trust anchor for evidence")
 		}
@@ -360,14 +360,14 @@ func (o *GRPC) GetAttestation(
 		return o.finalize(appraisal, err)
 	}
 
-	appraisal.EvidenceContext.ReferenceId = extracted.ReferenceIDs
+	appraisal.EvidenceContext.ReferenceIds = extracted.ReferenceIDs
 
 	o.logger.Debugw("constructed evidence context",
-		"software-id", appraisal.EvidenceContext.ReferenceId,
-		"trust-anchor-id", appraisal.EvidenceContext.TrustAnchorId)
+		"software-id", appraisal.EvidenceContext.ReferenceIds,
+		"trust-anchor-id", appraisal.EvidenceContext.TrustAnchorIds)
 
 	var tendorsements []string
-	for _, reference := range appraisal.EvidenceContext.ReferenceId {
+	for _, reference := range appraisal.EvidenceContext.ReferenceIds {
 
 		endorsements, err := o.EnStore.Get(reference)
 		if err != nil && !errors.Is(err, kvstore.ErrKeyNotFound) {
@@ -416,7 +416,7 @@ func (c *GRPC) initEvidenceContext(
 	var err error
 
 	appraisal := appraisal.New(token.TenantId, token.Nonce, handler.GetAttestationScheme())
-	appraisal.EvidenceContext.TrustAnchorId, err = handler.GetTrustAnchorIDs(token)
+	appraisal.EvidenceContext.TrustAnchorIds, err = handler.GetTrustAnchorIDs(token)
 
 	if errors.Is(err, handlermod.BadEvidenceError{}) {
 		appraisal.SetAllClaims(ear.CryptoValidationFailedClaim)