Further work

Signed-off-by: Yogesh Deshpande <[email protected]>
veraison · May 28, 2024 · 5a009f3 · 5a009f3
1 parent f36a66b
commit 5a009f3
Show file tree

Hide file tree

Showing 4 changed files with 97 additions and 47 deletions.
diff --git a/scheme/cca/store_handler.go b/scheme/cca/store_handler.go
@@ -4,11 +4,8 @@
 package cca
 
 import (
-	"fmt"
-
 	"github.com/veraison/services/handler"
 	"github.com/veraison/services/proto"
-	"github.com/veraison/services/scheme/common"
 	"github.com/veraison/services/scheme/common/arm"
 )
 
@@ -52,19 +49,5 @@ func (s StoreHandler) GetRefValueIDs(
 	trustAnchors []string,
 	claims map[string]interface{},
 ) ([]string, error) {
-	platformClaimsMap, ok := claims["platform"].(map[string]interface{})
-	if !ok {
-		return nil, fmt.Errorf("claims to do not contain platform map: %v", claims)
-	}
-
-	platformClaims, err := common.MapToClaims(platformClaimsMap)
-	if err != nil {
-		return nil, err
-	}
-
-	return []string{arm.RefValLookupKey(
-		SchemeName,
-		tenantID,
-		arm.MustImplIDString(platformClaims),
-	)}, nil
+	return arm.GetReferenceIDs(SchemeName, tenantID, claims)
 }
diff --git a/scheme/common/arm/handlers.go b/scheme/common/arm/handlers.go
@@ -51,6 +51,27 @@ func SynthKeysFromRefValue(scheme string, tenantID string,
 	refVal *handler.Endorsement,
 ) ([]string, error) {
 
+	switch scheme {
+	case "PSA_IOT", "PARSEC_CCA":
+		return synthKeysForPlatform(scheme, tenantID, refVal)
+	case "CCA_SSD":
+		switch refVal.SubScheme {
+		case "CCA_SSD_PLATFORM":
+			return synthKeysForPlatform(scheme, tenantID, refVal)
+		case "CCA_REALM":
+			return synthKeysForCcaRealm(refVal.SubScheme, tenantID, refVal)
+		default:
+			return nil, fmt.Errorf("invalid subscheme: %s, for Scheme: %s", refVal.SubScheme, refVal.Scheme)
+		}
+	default:
+		return nil, fmt.Errorf("invalid Scheme: %s", refVal.Scheme)
+	}
+}
+
+func synthKeysForPlatform(scheme string, tenantID string,
+	refVal *handler.Endorsement,
+) ([]string, error) {
+
 	implID, err := common.GetImplID(scheme, refVal.Attributes)
 	if err != nil {
 		return nil, fmt.Errorf("unable to synthesize reference value: %w", err)
@@ -60,7 +81,80 @@ func SynthKeysFromRefValue(scheme string, tenantID string,
 	log.Debugf("Scheme %s Plugin Reference Value Look Up Key= %s\n", scheme, lookupKey)
 
 	return []string{lookupKey}, nil
+}
+
+func synthKeysForCcaRealm(subscheme string, tenantID string,
+	refVal *handler.Endorsement,
+) ([]string, error) {
+
+	return nil, nil
+}
+
+func GetReferenceIDs(
+	scheme string,
+	tenantID string,
+	claims map[string]interface{},
+) ([]string, error) {
+	switch scheme {
+	case "PSA_IOT", "PARSEC_CCA":
+		return getPlatformReferenceIDs(scheme, tenantID, claims)
+	case "CCA_SSD":
+		pids, err := getPlatformReferenceIDs(scheme, tenantID, claims)
+		if err != nil {
+			return nil, fmt.Errorf("unable to get cca platform reference IDs: %w", err)
+		}
+		rids, err := getRealmReferenceIDs(scheme, tenantID, claims)
+		if err != nil {
+			return nil, fmt.Errorf("unable to get cca realm reference IDs: %w", err)
+		}
+		return append(pids, rids...), nil
+	}
+	return nil, nil
+}
+
+func getPlatformReferenceIDs(
+	scheme string,
+	tenantID string,
+	claims map[string]interface{},
+) ([]string, error) {
+	platformClaimsMap, ok := claims["cca.platform"].(map[string]interface{})
+	if !ok {
+		return nil, fmt.Errorf("claims do not contain platform map: %v", claims)
+	}
+
+	platformClaims, err := common.MapToClaims(platformClaimsMap)
+	if err != nil {
+		return nil, err
+	}
 
+	return []string{RefValLookupKey(
+		scheme,
+		tenantID,
+		MustImplIDString(platformClaims),
+	)}, nil
+}
+
+func getRealmReferenceIDs(
+	scheme string,
+	tenantID string,
+	claims map[string]interface{},
+) ([]string, error) {
+	realmClaimsMap, ok := claims["cca.realm"].(map[string]interface{})
+	if !ok {
+		return nil, fmt.Errorf("claims do not contain realm map: %v", claims)
+	}
+
+	realmClaims, err := common.MapToClaims(realmClaimsMap)
+	if err != nil {
+		return nil, err
+	}
+
+	// TO DO Correct this implementation
+	return []string{RefValLookupKey(
+		scheme,
+		tenantID,
+		MustImplIDString(realmClaims),
+	)}, nil
 }
 
 func SynthKeysFromTrustAnchors(scheme string, tenantID string,

diff --git a/scheme/parsec-cca/store_handler.go b/scheme/parsec-cca/store_handler.go
@@ -3,11 +3,8 @@
 package parsec_cca
 
 import (
-	"fmt"
-
 	"github.com/veraison/services/handler"
 	"github.com/veraison/services/proto"
-	"github.com/veraison/services/scheme/common"
 	"github.com/veraison/services/scheme/common/arm"
 )
 
@@ -51,19 +48,5 @@ func (s StoreHandler) GetRefValueIDs(
 	trustAnchors []string,
 	claims map[string]interface{},
 ) ([]string, error) {
-	platformClaimsMap, ok := claims["cca.platform"].(map[string]interface{})
-	if !ok {
-		return nil, fmt.Errorf("claims to do not contain patform map: %v", claims)
-	}
-
-	platformClaims, err := common.MapToClaims(platformClaimsMap)
-	if err != nil {
-		return nil, err
-	}
-
-	return []string{arm.RefValLookupKey(
-		SchemeName,
-		tenantID,
-		arm.MustImplIDString(platformClaims),
-	)}, nil
+	return arm.GetReferenceIDs(SchemeName, tenantID, claims)
 }
diff --git a/scheme/psa-iot/store_handler.go b/scheme/psa-iot/store_handler.go
@@ -6,7 +6,6 @@ package psa_iot
 import (
 	"github.com/veraison/services/handler"
 	"github.com/veraison/services/proto"
-	"github.com/veraison/services/scheme/common"
 	"github.com/veraison/services/scheme/common/arm"
 )
 
@@ -49,14 +48,5 @@ func (s StoreHandler) GetRefValueIDs(
 	trustAnchors []string,
 	claims map[string]interface{},
 ) ([]string, error) {
-	psaClaims, err := common.MapToClaims(claims)
-	if err != nil {
-		return nil, err
-	}
-
-	return []string{arm.RefValLookupKey(
-		SchemeName,
-		tenantID,
-		arm.MustImplIDString(psaClaims),
-	)}, nil
+	return arm.GetReferenceIDs(SchemeName, tenantID, claims)
 }