From 433c1e311fb9c7cd1bf1f76550cda8d31874cfb3 Mon Sep 17 00:00:00 2001
From: Yogesh Deshpande <yogesh.deshpande@arm.com>
Date: Wed, 16 Oct 2024 19:22:35 +0100
Subject: [PATCH] Parsec-TPM and Parsec-CCA and CCA Unit tests

Signed-off-by: Yogesh Deshpande <yogesh.deshpande@arm.com>
---
 .../common/cca/platform/cca_ssd_extractor.go  |  75 +++++++++---------
 scheme/common/cca/realm/realm_extractor.go    |  35 ++++----
 ...orimParsecCcaComidParsecCcaMultRefVal.cbor | Bin 1026 -> 787 bytes
 ...CorimParsecCcaComidParsecCcaRefValOne.cbor | Bin 407 -> 408 bytes
 scheme/parsec-tpm/corim_extractor.go          |  43 +++++-----
 .../src/ComidParsecTpmPcrsNoDigests.json      |  18 +++--
 ...signedCorimMiniComidParsecTpmPcrsGood.cbor | Bin 391 -> 368 bytes
 ...nedCorimMiniComidParsecTpmPcrsNoClass.cbor | Bin 425 -> 385 bytes
 ...dCorimMiniComidParsecTpmPcrsNoDigests.cbor | Bin 187 -> 188 bytes
 ...ignedCorimMiniComidParsecTpmPcrsNoPCR.cbor | Bin 387 -> 364 bytes
 ...mMiniComidParsecTpmPcrsUnknownPCRType.cbor | Bin 427 -> 404 bytes
 scheme/psa-iot/corim_extractor.go             |   2 +-
 12 files changed, 88 insertions(+), 85 deletions(-)

diff --git a/scheme/common/cca/platform/cca_ssd_extractor.go b/scheme/common/cca/platform/cca_ssd_extractor.go
index d11fe895..07079dc6 100644
--- a/scheme/common/cca/platform/cca_ssd_extractor.go
+++ b/scheme/common/cca/platform/cca_ssd_extractor.go
@@ -20,7 +20,7 @@ type CcaSsdExtractor struct {
 func (o CcaSsdExtractor) RefValExtractor(rvs comid.ValueTriples) ([]*handler.Endorsement, error) {
 	refVals := make([]*handler.Endorsement, 0, len(rvs.Values))
 
-	for i, rv := range rvs.Values {
+	for _, rv := range rvs.Values {
 		var classAttrs platform.ClassAttributes
 		var refVal *handler.Endorsement
 		var err error
@@ -28,49 +28,50 @@ func (o CcaSsdExtractor) RefValExtractor(rvs comid.ValueTriples) ([]*handler.End
 		if err := classAttrs.FromEnvironment(rv.Environment); err != nil {
 			return nil, fmt.Errorf("could not extract PSA class attributes: %w", err)
 		}
+		for i, m := range rv.Measurements.Values {
+			if m.Key == nil {
+				return nil, fmt.Errorf("measurement key is not set at index %d ", i)
+			}
 
-		if rv.Measurement.Key == nil {
-			return nil, fmt.Errorf("measurement key is not present")
-		}
+			if !m.Key.IsSet() {
+				return nil, fmt.Errorf("measurement key is not set")
+			}
 
-		if !rv.Measurement.Key.IsSet() {
-			return nil, fmt.Errorf("measurement key is not set")
-		}
+			// Check which MKey is present and then decide which extractor to invoke
+			switch m.Key.Type() {
+			case comid.PSARefValIDType:
+				var swCompAttrs platform.SwCompAttributes
 
-		// Check which MKey is present and then decide which extractor to invoke
-		switch rv.Measurement.Key.Type() {
-		case comid.PSARefValIDType:
-			var swCompAttrs platform.SwCompAttributes
-
-			refVal, err = o.extractMeasurement(
-				&swCompAttrs,
-				rv.Measurement,
-				classAttrs,
-			)
-			if err != nil {
+				refVal, err = o.extractMeasurement(
+					&swCompAttrs,
+					m,
+					classAttrs,
+				)
+				if err != nil {
+					return nil, fmt.Errorf(
+						"unable to extract measurement at index %d, %w",
+						i,
+						err,
+					)
+				}
+			case comid.CCAPlatformConfigIDType:
+				var ccaPlatformConfigID CCAPlatformConfigID
+				refVal, err = o.extractMeasurement(
+					&ccaPlatformConfigID,
+					m,
+					classAttrs,
+				)
+				if err != nil {
+					return nil, fmt.Errorf("unable to extract measurement: %w", err)
+				}
+			default:
 				return nil, fmt.Errorf(
-					"unable to extract measurement at index %d, %w",
-					i,
-					err,
+					"unknown measurement key: %T",
+					reflect.TypeOf(m.Key),
 				)
 			}
-		case comid.CCAPlatformConfigIDType:
-			var ccaPlatformConfigID CCAPlatformConfigID
-			refVal, err = o.extractMeasurement(
-				&ccaPlatformConfigID,
-				rv.Measurement,
-				classAttrs,
-			)
-			if err != nil {
-				return nil, fmt.Errorf("unable to extract measurement: %w", err)
-			}
-		default:
-			return nil, fmt.Errorf(
-				"unknown measurement key: %T",
-				reflect.TypeOf(rv.Measurement.Key),
-			)
+			refVals = append(refVals, refVal)
 		}
-		refVals = append(refVals, refVal)
 	}
 
 	if len(refVals) == 0 {
diff --git a/scheme/common/cca/realm/realm_extractor.go b/scheme/common/cca/realm/realm_extractor.go
index c9e55f89..76719f78 100644
--- a/scheme/common/cca/realm/realm_extractor.go
+++ b/scheme/common/cca/realm/realm_extractor.go
@@ -40,24 +40,25 @@ func (o RealmExtractor) RefValExtractor(rvs comid.ValueTriples) ([]*handler.Endo
 				err,
 			)
 		}
-
-		if err := rAttr.FromMeasurement(rv.Measurement); err != nil {
-			return nil, fmt.Errorf(
-				"unable to extract realm reference attributes from measurement: %w",
-				err,
-			)
-		}
-		refAttrs, err := makeRefValAttrs(&classAttrs, &rAttr)
-		if err != nil {
-			return nil, fmt.Errorf("unable to make reference attributes: %w", err)
-		}
-		refVal = &handler.Endorsement{
-			Scheme:     o.Scheme,
-			Type:       handler.EndorsementType_REFERENCE_VALUE,
-			SubType:    rAttr.GetRefValType(),
-			Attributes: refAttrs,
+		for _, m := range rv.Measurements.Values {
+			if err := rAttr.FromMeasurement(m); err != nil {
+				return nil, fmt.Errorf(
+					"unable to extract realm reference attributes from measurement: %w",
+					err,
+				)
+			}
+			refAttrs, err := makeRefValAttrs(&classAttrs, &rAttr)
+			if err != nil {
+				return nil, fmt.Errorf("unable to make reference attributes: %w", err)
+			}
+			refVal = &handler.Endorsement{
+				Scheme:     o.Scheme,
+				Type:       handler.EndorsementType_REFERENCE_VALUE,
+				SubType:    rAttr.GetRefValType(),
+				Attributes: refAttrs,
+			}
+			refVals = append(refVals, refVal)
 		}
-		refVals = append(refVals, refVal)
 	}
 
 	if len(refVals) == 0 {
diff --git a/scheme/parsec-cca/test/corim/unsignedCorimParsecCcaComidParsecCcaMultRefVal.cbor b/scheme/parsec-cca/test/corim/unsignedCorimParsecCcaComidParsecCcaMultRefVal.cbor
index 9758a45139c3425f2df79d3a72f239b67ac60e19..0473c3965cb178967d87cd34aa3e7b57bf5eff58 100644
GIT binary patch
delta 40
wcmZqTn9MdojEPBaqJ%GF<KzQOHjJ$k7sX7rVvL%6fiY%s22;f5KTK?l0R9aP4*&oF

delta 48
xcmbQt*2FPEjEPxxqJ%GF>%=shiHl=E<o_rjIXRLM#F@O6F#<?!=4E1I1OSv*5R?D_

diff --git a/scheme/parsec-cca/test/corim/unsignedCorimParsecCcaComidParsecCcaRefValOne.cbor b/scheme/parsec-cca/test/corim/unsignedCorimParsecCcaComidParsecCcaRefValOne.cbor
index 1ab37cd489c6b66152a3b9fbe042f7d0edaa24f7..0be90b1e646c3bfd64a1b8904a96858cc0145352 100644
GIT binary patch
delta 16
YcmbQvJcD_H7~__S;$4i56Bm9104|LNZ2$lO

delta 14
WcmbQiJe_%h7~|%N;$0ILeFFd_`vvO&

diff --git a/scheme/parsec-tpm/corim_extractor.go b/scheme/parsec-tpm/corim_extractor.go
index 5958ae18..10fb8b76 100644
--- a/scheme/parsec-tpm/corim_extractor.go
+++ b/scheme/parsec-tpm/corim_extractor.go
@@ -19,40 +19,39 @@ func (o CorimExtractor) RefValExtractor(
 	rvs comid.ValueTriples,
 ) ([]*handler.Endorsement, error) {
 	refVals := make([]*handler.Endorsement, 0, len(rvs.Values))
-
-	for i, rv := range rvs.Values {
+	for _, rv := range rvs.Values {
 		var id ID
-
 		if err := id.FromEnvironment(rv.Environment); err != nil {
 			return nil, fmt.Errorf(
 				"could not extract id from ref-val environment: %w",
 				err,
 			)
 		}
-
-		pcr, err := extractPCR(rv.Measurement)
-		if err != nil {
-			return nil, fmt.Errorf("could not extract PCR: %w", err)
-		}
-
-		digests, err := extractDigests(rv.Measurement)
-		if err != nil {
-			return nil, fmt.Errorf("measurement[%d]: %w", i, err)
-		}
-
-		for j, digest := range digests {
-			attrs, err := makeRefValAttrs(id.class, pcr, digest)
+		for i, m := range rv.Measurements.Values {
+			var refval *handler.Endorsement
+			pcr, err := extractPCR(m)
 			if err != nil {
-				return nil, fmt.Errorf("measurement[%d].digest[%d]: %w", i, j, err)
+				return nil, fmt.Errorf("could not extract PCR: %w", err)
 			}
 
-			rv := &handler.Endorsement{
-				Scheme:     SchemeName,
-				Type:       handler.EndorsementType_REFERENCE_VALUE,
-				Attributes: attrs,
+			digests, err := extractDigests(m)
+			if err != nil {
+				return nil, fmt.Errorf("measurement[%d]: %w", i, err)
 			}
 
-			refVals = append(refVals, rv)
+			for j, digest := range digests {
+				attrs, err := makeRefValAttrs(id.class, pcr, digest)
+				if err != nil {
+					return nil, fmt.Errorf("measurement[%d].digest[%d]: %w", i, j, err)
+				}
+
+				refval = &handler.Endorsement{
+					Scheme:     SchemeName,
+					Type:       handler.EndorsementType_REFERENCE_VALUE,
+					Attributes: attrs,
+				}
+			}
+			refVals = append(refVals, refval)
 		}
 	}
 
diff --git a/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsNoDigests.json b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsNoDigests.json
index 498bd325..11e0fab8 100644
--- a/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsNoDigests.json
+++ b/scheme/parsec-tpm/test/corim/src/ComidParsecTpmPcrsNoDigests.json
@@ -24,15 +24,17 @@
             }
           }
         },
-        "measurement": {
-          "key": {
-            "type": "uint",
-            "value": 0
-          },
-          "value": {
-            "serial-number": "1234"
+        "measurements": [
+         {
+            "key": {
+              "type": "uint",
+              "value": 0
+            },
+            "value": {
+              "serial-number": "1234"
+            }
           }
-        }
+        ]
       }
     ]
   }
diff --git a/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsGood.cbor b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsGood.cbor
index 6c3ee245a2958a7bf2b1de1f8c7c9efea75f0a7f..af7704968abd90aaae1ea5867c4a156c703bccb9 100644
GIT binary patch
delta 24
gcmZo?{=hUroKbV4L?C11#D@}$O%t2qC;sdM0A-*FVE_OC

delta 68
zcmeys)XqFXoY7&TM4)6-(?W)Y3^!B*&dT$Js{M51-Ff5t--m@2H4~fTC2-0;>H`3_
CH6FkK

diff --git a/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsNoClass.cbor b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsNoClass.cbor
index 12157714c3e1fcd9dfc4065123d7a8cadb19ba76..e3c5cf1970e004f247f266647b28cd06cfbc56ee 100644
GIT binary patch
delta 25
hcmZ3<+{ipZoY88cL?C11#4Jt5riqi|CrdN-0RUom2lfB}

delta 25
ecmZo<UdcQ`oH1#lL?C0+#4OE;Q{qA7=RN>y4+)k4

diff --git a/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsNoDigests.cbor b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsNoDigests.cbor
index 42c253fc89cd48561a7f3b910b4f3080cceed7bd..855125790ba2b991367a6c662ad2fe2d630be5e3 100644
GIT binary patch
delta 16
XcmdnZxQB6q7-QK)@hry1iH%kOE~5o^

delta 14
VcmdnPxSMf;7-Q)~@vMnWRsbbM1oZ#_

diff --git a/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsNoPCR.cbor b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsNoPCR.cbor
index 890396d75b34714b3ad0642bfbd59f2ea4aa9ddf..47b070d79ee99f73e9353b67db19b1855df2475b 100644
GIT binary patch
delta 24
gcmZo>e#10DoKbb6L?C11#QPGAO%t19Cw}h%0Azv*O#lD@

delta 68
zcmaFE)XY3VoY7{YM4)6-(?W)Y3^!B*&dT$Js{M51-Ff5t--m@2H4~d-C2-0;=m7w-
C=^m~C

diff --git a/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsUnknownPCRType.cbor b/scheme/parsec-tpm/test/corim/unsignedCorimMiniComidParsecTpmPcrsUnknownPCRType.cbor
index 93422612177a7f58a0f57699aad3c9f7732f76d4..c8b7314f33845bd1c1ecccc8eb603241ebdf632c 100644
GIT binary patch
delta 45
zcmV+|0Mh@f1C#@h7XeL?7*QI5f}sGR0N5o^%^wa`CizAUx!Cvp;c<9;f{}u8lM4Z$
Dg8&k;

delta 68
zcmbQjyqbA}IAh90i9pGwriBa(8E&WsoR#MbRr~42yYt5PzYhy5Y9=-pO5l|HvH$?G
CBp%}c

diff --git a/scheme/psa-iot/corim_extractor.go b/scheme/psa-iot/corim_extractor.go
index 4ca678e7..185ec7da 100644
--- a/scheme/psa-iot/corim_extractor.go
+++ b/scheme/psa-iot/corim_extractor.go
@@ -62,8 +62,8 @@ func (o CorimExtractor) RefValExtractor(rvs comid.ValueTriples) ([]*handler.Endo
 			default:
 				return nil, fmt.Errorf("unknown measurement key: %T", reflect.TypeOf(m.Key))
 			}
+			refVals = append(refVals, refVal)
 		}
-		refVals = append(refVals, refVal)
 	}
 
 	if len(refVals) == 0 {