From 5f206844e329ddd3a056b91803b9e8ba9d485141 Mon Sep 17 00:00:00 2001 From: Yogesh Deshpande Date: Fri, 31 May 2024 19:01:09 +0100 Subject: [PATCH] [WIP] Realm Verification bits Signed-off-by: Yogesh Deshpande --- scheme/cca/cca_platform.go | 76 +++++++++++ scheme/cca/cca_realm.go | 20 +++ scheme/cca/evidence_handler.go | 119 ++++++++---------- scheme/cca/evidence_handler_test.go | 6 +- scheme/cca/iSubAttester.go | 13 ++ scheme/cca/test/endorsements.json | 10 +- .../cca/test/mismatch-cfg-endorsements.json | 10 +- .../test/mismatch-refval-endorsements.json | 10 +- scheme/cca/test/mult-endorsements.json | 6 +- 9 files changed, 181 insertions(+), 89 deletions(-) create mode 100644 scheme/cca/cca_platform.go create mode 100644 scheme/cca/cca_realm.go create mode 100644 scheme/cca/iSubAttester.go diff --git a/scheme/cca/cca_platform.go b/scheme/cca/cca_platform.go new file mode 100644 index 00000000..eec03fe5 --- /dev/null +++ b/scheme/cca/cca_platform.go @@ -0,0 +1,76 @@ +// Copyright 2024 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 + +package cca + +import ( + "github.com/veraison/ear" + "github.com/veraison/psatoken" + "github.com/veraison/services/handler" + "github.com/veraison/services/log" + "github.com/veraison/services/scheme/common" + "github.com/veraison/services/scheme/common/arm" +) + +type Cca_platform_attester struct { +} + +func (Cca_platform_attester) PerformAppraisal( + appraisal *ear.Appraisal, + evidence map[string]interface{}, + endorsements []handler.Endorsement, +) error { + claims, err := common.MapToClaims(evidence["platform"].(map[string]interface{})) + if err != nil { + return err + } + + // once the signature on the token is verified, we can claim the HW is + // authentic + appraisal.TrustVector.Hardware = ear.GenuineHardwareClaim + + rawLifeCycle, err := claims.GetSecurityLifeCycle() + if err != nil { + return handler.BadEvidence(err) + } + + lifeCycle := psatoken.CcaLifeCycleToState(rawLifeCycle) + if lifeCycle == psatoken.CcaStateSecured || + lifeCycle == psatoken.CcaStateNonCcaPlatformDebug { + appraisal.TrustVector.InstanceIdentity = ear.TrustworthyInstanceClaim + appraisal.TrustVector.RuntimeOpaque = ear.ApprovedRuntimeClaim + appraisal.TrustVector.StorageOpaque = ear.HwKeysEncryptedSecretsClaim + } else { + appraisal.TrustVector.InstanceIdentity = ear.UntrustworthyInstanceClaim + appraisal.TrustVector.RuntimeOpaque = ear.VisibleMemoryRuntimeClaim + appraisal.TrustVector.StorageOpaque = ear.UnencryptedSecretsClaim + } + + swComps := arm.FilterRefVal(endorsements, "CCA.sw-component") + match := arm.MatchSoftware(SchemeName, claims, swComps) + if match { + appraisal.TrustVector.Executables = ear.ApprovedRuntimeClaim + log.Debug("matchSoftware Success") + + } else { + appraisal.TrustVector.Executables = ear.UnrecognizedRuntimeClaim + log.Debug("matchSoftware Failed") + } + + platformConfig := arm.FilterRefVal(endorsements, "CCA.platform-config") + match = arm.MatchPlatformConfig(SchemeName, claims, platformConfig) + + if match { + appraisal.TrustVector.Configuration = ear.ApprovedConfigClaim + log.Debug("matchPlatformConfig Success") + + } else { + appraisal.TrustVector.Configuration = ear.UnsafeConfigClaim + log.Debug("matchPlatformConfig Failed") + } + appraisal.UpdateStatusFromTrustVector() + + appraisal.VeraisonAnnotatedEvidence = &evidence + + return nil +} diff --git a/scheme/cca/cca_realm.go b/scheme/cca/cca_realm.go new file mode 100644 index 00000000..b2379e2a --- /dev/null +++ b/scheme/cca/cca_realm.go @@ -0,0 +1,20 @@ +// Copyright 2024 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 + +package cca + +import ( + "github.com/veraison/ear" + "github.com/veraison/services/handler" +) + +type Cca_realm_attester struct { +} + +func (Cca_realm_attester) PerformAppraisal( + appraisal *ear.Appraisal, + ev map[string]interface{}, + endorsements []handler.Endorsement) error { + + return nil +} diff --git a/scheme/cca/evidence_handler.go b/scheme/cca/evidence_handler.go index 41050c04..a6acaf0d 100644 --- a/scheme/cca/evidence_handler.go +++ b/scheme/cca/evidence_handler.go @@ -10,8 +10,7 @@ import ( "fmt" "github.com/veraison/ccatoken" - "github.com/veraison/ear" - "github.com/veraison/psatoken" + ar "github.com/veraison/ear" "github.com/veraison/services/handler" "github.com/veraison/services/log" "github.com/veraison/services/proto" @@ -114,86 +113,70 @@ func (s EvidenceHandler) ValidateEvidenceIntegrity( func (s EvidenceHandler) AppraiseEvidence( ec *proto.EvidenceContext, endorsementsStrings []string, -) (*ear.AttestationResult, error) { +) (*ar.AttestationResult, error) { var endorsements []handler.Endorsement // nolint:prealloc + var err error + subSchemes := []string{"CCA_SSD_PLATFORM", "CCA_REALM"} + result := handler.CreateAttestationResult(subSchemes[0]) + + for _, subscheme := range subSchemes { + endorsements, err = filterEndorsements(subscheme, endorsementsStrings) + if err != nil { + return nil, err + } + appraisal, err := createSubMod(subscheme, result) + if err != nil { + return nil, err + } + + subAttester, err := getSubAttester(subscheme) + if err != nil { + return nil, err + } + err = subAttester.PerformAppraisal(appraisal, ec.Evidence.AsMap(), endorsements) + if err != nil { + return nil, err + } + } - result := handler.CreateAttestationResult(SchemeName) + return result, err +} +func filterEndorsements(subscheme string, endorsementsStrings []string) ([]handler.Endorsement, error) { + var endorsements []handler.Endorsement for i, e := range endorsementsStrings { var endorsement handler.Endorsement if err := json.Unmarshal([]byte(e), &endorsement); err != nil { return nil, fmt.Errorf("could not decode endorsement at index %d: %w", i, err) } - - endorsements = append(endorsements, endorsement) + if endorsement.SubScheme == subscheme { + endorsements = append(endorsements, endorsement) + } } - - err := populateAttestationResult(result, ec.Evidence.AsMap(), endorsements) - - // TO DO: Handle Unprocessed evidence when new Attestation Result interface - // is ready. Please see issue #105 - return result, err + return endorsements, nil } -func populateAttestationResult( - result *ear.AttestationResult, - evidence map[string]interface{}, - endorsements []handler.Endorsement, -) error { - claims, err := common.MapToClaims(evidence["platform"].(map[string]interface{})) - if err != nil { - return err +func getSubAttester(subscheme string) (ISubAttester, error) { + switch subscheme { + case "CCA_SSD_PLATFORM": + return &Cca_platform_attester{}, nil + case "CCA_REALM": + return &Cca_realm_attester{}, nil + default: + return nil, fmt.Errorf("invalid scheme: %s", subscheme) } +} - appraisal := result.Submods[SchemeName] - - // once the signature on the token is verified, we can claim the HW is - // authentic - appraisal.TrustVector.Hardware = ear.GenuineHardwareClaim - - rawLifeCycle, err := claims.GetSecurityLifeCycle() - if err != nil { - return handler.BadEvidence(err) - } - - lifeCycle := psatoken.CcaLifeCycleToState(rawLifeCycle) - if lifeCycle == psatoken.CcaStateSecured || - lifeCycle == psatoken.CcaStateNonCcaPlatformDebug { - appraisal.TrustVector.InstanceIdentity = ear.TrustworthyInstanceClaim - appraisal.TrustVector.RuntimeOpaque = ear.ApprovedRuntimeClaim - appraisal.TrustVector.StorageOpaque = ear.HwKeysEncryptedSecretsClaim - } else { - appraisal.TrustVector.InstanceIdentity = ear.UntrustworthyInstanceClaim - appraisal.TrustVector.RuntimeOpaque = ear.VisibleMemoryRuntimeClaim - appraisal.TrustVector.StorageOpaque = ear.UnencryptedSecretsClaim - } - - swComps := arm.FilterRefVal(endorsements, "CCA.sw-component") - match := arm.MatchSoftware(SchemeName, claims, swComps) - if match { - appraisal.TrustVector.Executables = ear.ApprovedRuntimeClaim - log.Debug("matchSoftware Success") - - } else { - appraisal.TrustVector.Executables = ear.UnrecognizedRuntimeClaim - log.Debug("matchSoftware Failed") +func createSubMod(submodname string, ear *ar.AttestationResult) (*ar.Appraisal, error) { + submod, ok := ear.Submods[submodname] + if submod == nil { + log.Debugf("SUBMOD IS NIL for subMod= %s", submodname) } - - platformConfig := arm.FilterRefVal(endorsements, "CCA.platform-config") - match = arm.MatchPlatformConfig(SchemeName, claims, platformConfig) - - if match { - appraisal.TrustVector.Configuration = ear.ApprovedConfigClaim - log.Debug("matchPlatformConfig Success") - - } else { - appraisal.TrustVector.Configuration = ear.UnsafeConfigClaim - log.Debug("matchPlatformConfig Failed") + if !ok { + log.Debugf("createSubMod IS NOT OK FOR SCHEME= %s", submodname) + submod = &ar.Appraisal{} + ear.Submods[submodname] = submod } - appraisal.UpdateStatusFromTrustVector() - - appraisal.VeraisonAnnotatedEvidence = &evidence - - return nil + return submod, nil } diff --git a/scheme/cca/evidence_handler_test.go b/scheme/cca/evidence_handler_test.go index e69dacc0..03cc6dba 100644 --- a/scheme/cca/evidence_handler_test.go +++ b/scheme/cca/evidence_handler_test.go @@ -34,7 +34,7 @@ func Test_AppraiseEvidence_ok(t *testing.T) { // nolint: dupl result, err := scheme.AppraiseEvidence(&ec, endorsemementsArray) require.NoError(t, err) - attestation := result.Submods["CCA"] + attestation := result.Submods["CCA_SSD_PLATFORM"] assert.Equal(t, ear.TrustTierAffirming, *attestation.Status) assert.Equal(t, attestation.TrustVector.Executables, ear.ApprovedRuntimeClaim) @@ -60,7 +60,7 @@ func Test_AppraiseEvidence_mismatch_refval_meas(t *testing.T) { // nolint: dupl result, err := scheme.AppraiseEvidence(&ec, endorsemementsArray) require.NoError(t, err) - attestation := result.Submods["CCA"] + attestation := result.Submods["CCA_SSD_PLATFORM"] assert.Equal(t, ear.TrustTierWarning, *attestation.Status) assert.Equal(t, attestation.TrustVector.Executables, ear.UnrecognizedRuntimeClaim) @@ -86,7 +86,7 @@ func Test_AppraiseEvidence_mismatch_refval_cfg(t *testing.T) { // nolint: dupl result, err := scheme.AppraiseEvidence(&ec, endorsemementsArray) require.NoError(t, err) - attestation := result.Submods["CCA"] + attestation := result.Submods["CCA_SSD_PLATFORM"] assert.Equal(t, ear.TrustTierWarning, *attestation.Status) assert.Equal(t, attestation.TrustVector.Executables, ear.ApprovedRuntimeClaim) diff --git a/scheme/cca/iSubAttester.go b/scheme/cca/iSubAttester.go new file mode 100644 index 00000000..673b8c11 --- /dev/null +++ b/scheme/cca/iSubAttester.go @@ -0,0 +1,13 @@ +// Copyright 2024 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 + +package cca + +import ( + "github.com/veraison/ear" + "github.com/veraison/services/handler" +) + +type ISubAttester interface { + PerformAppraisal(*ear.Appraisal, map[string]interface{}, []handler.Endorsement) error +} diff --git a/scheme/cca/test/endorsements.json b/scheme/cca/test/endorsements.json index 6b769f94..0f74d1b7 100644 --- a/scheme/cca/test/endorsements.json +++ b/scheme/cca/test/endorsements.json @@ -1,7 +1,7 @@ [ -"{\"scheme\":\"CCA\",\"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.sw-component\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.measurement-desc\":\"sha-256\",\"CCA.measurement-type\":\"BL\",\"CCA.measurement-value\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.version\":\"3.4.2\"}}", -"{\"scheme\":\"CCA\",\"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.sw-component\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.measurement-desc\":\"sha-256\",\"CCA.measurement-type\":\"M1\",\"CCA.measurement-value\":\"CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.version\":\"1.2.0\"}}", -"{\"scheme\":\"CCA\",\"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.sw-component\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.measurement-desc\":\"sha-256\",\"CCA.measurement-type\":\"M2\",\"CCA.measurement-value\":\"DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.version\":\"1.2.3\"}}", -"{\"scheme\":\"CCA\",\"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.sw-component\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.measurement-desc\":\"sha-256\",\"CCA.measurement-type\":\"M3\",\"CCA.measurement-value\":\"EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.version\":\"1.0.0\"}}", -"{\"scheme\":\"CCA\",\"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.platform-config\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.platform-config-label\": \"platform-config-label\",\"CCA.platform-config-id\": \"AQID\"}}" +"{\"scheme\":\"CCA\", \"subscheme\": \"CCA_SSD_PLATFORM\", \"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.sw-component\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.measurement-desc\":\"sha-256\",\"CCA.measurement-type\":\"BL\",\"CCA.measurement-value\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.version\":\"3.4.2\"}}", +"{\"scheme\":\"CCA\",\"subscheme\": \"CCA_SSD_PLATFORM\", \"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.sw-component\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.measurement-desc\":\"sha-256\",\"CCA.measurement-type\":\"M1\",\"CCA.measurement-value\":\"CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.version\":\"1.2.0\"}}", +"{\"scheme\":\"CCA\",\"subscheme\": \"CCA_SSD_PLATFORM\", \"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.sw-component\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.measurement-desc\":\"sha-256\",\"CCA.measurement-type\":\"M2\",\"CCA.measurement-value\":\"DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.version\":\"1.2.3\"}}", +"{\"scheme\":\"CCA\",\"subscheme\": \"CCA_SSD_PLATFORM\", \"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.sw-component\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.measurement-desc\":\"sha-256\",\"CCA.measurement-type\":\"M3\",\"CCA.measurement-value\":\"EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.version\":\"1.0.0\"}}", +"{\"scheme\":\"CCA\",\"subscheme\": \"CCA_SSD_PLATFORM\", \"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.platform-config\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.platform-config-label\": \"platform-config-label\",\"CCA.platform-config-id\": \"AQID\"}}" ] \ No newline at end of file diff --git a/scheme/cca/test/mismatch-cfg-endorsements.json b/scheme/cca/test/mismatch-cfg-endorsements.json index 16891dfa..d4255e79 100644 --- a/scheme/cca/test/mismatch-cfg-endorsements.json +++ b/scheme/cca/test/mismatch-cfg-endorsements.json @@ -1,7 +1,7 @@ [ -"{\"scheme\":\"CCA\",\"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.sw-component\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.measurement-desc\":\"sha-256\",\"CCA.measurement-type\":\"BL\",\"CCA.measurement-value\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.version\":\"3.4.2\"}}", -"{\"scheme\":\"CCA\",\"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.sw-component\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.measurement-desc\":\"sha-256\",\"CCA.measurement-type\":\"M1\",\"CCA.measurement-value\":\"CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.version\":\"1.2.0\"}}", -"{\"scheme\":\"CCA\",\"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.sw-component\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.measurement-desc\":\"sha-256\",\"CCA.measurement-type\":\"M2\",\"CCA.measurement-value\":\"DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.version\":\"1.2.3\"}}", -"{\"scheme\":\"CCA\",\"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.sw-component\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.measurement-desc\":\"sha-256\",\"CCA.measurement-type\":\"M3\",\"CCA.measurement-value\":\"EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.version\":\"1.0.0\"}}", -"{\"scheme\":\"CCA\",\"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.platform-config\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.platform-config-label\": \"platform-config-label\",\"CCA.platform-config-id\": \"ACID\"}}" +"{\"scheme\":\"CCA\", \"subscheme\": \"CCA_SSD_PLATFORM\", \"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.sw-component\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.measurement-desc\":\"sha-256\",\"CCA.measurement-type\":\"BL\",\"CCA.measurement-value\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.version\":\"3.4.2\"}}", +"{\"scheme\":\"CCA\", \"subscheme\": \"CCA_SSD_PLATFORM\", \"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.sw-component\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.measurement-desc\":\"sha-256\",\"CCA.measurement-type\":\"M1\",\"CCA.measurement-value\":\"CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.version\":\"1.2.0\"}}", +"{\"scheme\":\"CCA\", \"subscheme\": \"CCA_SSD_PLATFORM\", \"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.sw-component\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.measurement-desc\":\"sha-256\",\"CCA.measurement-type\":\"M2\",\"CCA.measurement-value\":\"DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.version\":\"1.2.3\"}}", +"{\"scheme\":\"CCA\", \"subscheme\": \"CCA_SSD_PLATFORM\", \"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.sw-component\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.measurement-desc\":\"sha-256\",\"CCA.measurement-type\":\"M3\",\"CCA.measurement-value\":\"EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.version\":\"1.0.0\"}}", +"{\"scheme\":\"CCA\", \"subscheme\": \"CCA_SSD_PLATFORM\", \"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.platform-config\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.platform-config-label\": \"platform-config-label\",\"CCA.platform-config-id\": \"ACID\"}}" ] \ No newline at end of file diff --git a/scheme/cca/test/mismatch-refval-endorsements.json b/scheme/cca/test/mismatch-refval-endorsements.json index aad4ad0a..c1da819a 100644 --- a/scheme/cca/test/mismatch-refval-endorsements.json +++ b/scheme/cca/test/mismatch-refval-endorsements.json @@ -1,7 +1,7 @@ [ -"{\"scheme\":\"CCA\",\"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.sw-component\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.measurement-desc\":\"sha-256\",\"CCA.measurement-type\":\"BL\",\"CCA.measurement-value\":\"AwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.version\":\"3.4.2\"}}", -"{\"scheme\":\"CCA\",\"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.sw-component\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.measurement-desc\":\"sha-256\",\"CCA.measurement-type\":\"M1\",\"CCA.measurement-value\":\"CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.version\":\"1.2.0\"}}", -"{\"scheme\":\"CCA\",\"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.sw-component\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.measurement-desc\":\"sha-256\",\"CCA.measurement-type\":\"M2\",\"CCA.measurement-value\":\"DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.version\":\"1.2.3\"}}", -"{\"scheme\":\"CCA\",\"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.sw-component\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.measurement-desc\":\"sha-256\",\"CCA.measurement-type\":\"M3\",\"CCA.measurement-value\":\"EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.version\":\"1.0.0\"}}", -"{\"scheme\":\"CCA\",\"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.platform-config\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.platform-config-label\": \"platform-config-label\",\"CCA.platform-config-id\": \"AQID\"}}" +"{\"scheme\":\"CCA\", \"subscheme\": \"CCA_SSD_PLATFORM\", \"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.sw-component\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.measurement-desc\":\"sha-256\",\"CCA.measurement-type\":\"BL\",\"CCA.measurement-value\":\"AwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.version\":\"3.4.2\"}}", +"{\"scheme\":\"CCA\", \"subscheme\": \"CCA_SSD_PLATFORM\", \"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.sw-component\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.measurement-desc\":\"sha-256\",\"CCA.measurement-type\":\"M1\",\"CCA.measurement-value\":\"CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.version\":\"1.2.0\"}}", +"{\"scheme\":\"CCA\", \"subscheme\": \"CCA_SSD_PLATFORM\", \"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.sw-component\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.measurement-desc\":\"sha-256\",\"CCA.measurement-type\":\"M2\",\"CCA.measurement-value\":\"DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.version\":\"1.2.3\"}}", +"{\"scheme\":\"CCA\", \"subscheme\": \"CCA_SSD_PLATFORM\", \"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.sw-component\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.measurement-desc\":\"sha-256\",\"CCA.measurement-type\":\"M3\",\"CCA.measurement-value\":\"EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\"CCA.version\":\"1.0.0\"}}", +"{\"scheme\":\"CCA\", \"subscheme\": \"CCA_SSD_PLATFORM\", \"type\":\"REFERENCE_VALUE\",\"subType\": \"CCA.platform-config\",\"attributes\":{\"CCA.hw-model\":\"RoadRunner\",\"CCA.hw-vendor\":\"ACME\",\"CCA.impl-id\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\",\"CCA.platform-config-label\": \"platform-config-label\",\"CCA.platform-config-id\": \"AQID\"}}" ] \ No newline at end of file diff --git a/scheme/cca/test/mult-endorsements.json b/scheme/cca/test/mult-endorsements.json index 34f32641..86647bcf 100644 --- a/scheme/cca/test/mult-endorsements.json +++ b/scheme/cca/test/mult-endorsements.json @@ -1,5 +1,5 @@ [ - "{\n\"scheme\":\"CCA\",\n\"type\":\"REFERENCE_VALUE\",\n\"subType\":\"CCA.sw-component\",\n\"attributes\":{\n \"CCA.hw-model\":\"RoadRunner\",\n \"CCA.hw-vendor\":\"ACME\",\n \"CCA.impl-id\":\"76543210fedcba9817161514131211101f1e1d1c1b1a1918\",\n \"CCA.measurement-desc\":\"sha-256\",\n \"CCA.measurement-type\":\"BL\",\n \"CCA.measurement-value\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\n \"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\n \"CCA.version\":\"3.4.2\"\n }\n }", - "\n{\n \"scheme\":\"CCA\",\n \"type\":\"REFERENCE_VALUE\",\n \"attributes\":{\n \"CCA.hw-model\":\"RoadRunner\",\n \"CCA.hw-vendor\":\"ACME\",\n \"CCA.impl-id\":\"76543210fedcba9817161514131211101f1e1d1c1b1a1918\",\n \"CCA.measurement-desc\":\"sha-256\",\n \"CCA.measurement-type\":\"M1\",\n \"CCA.measurement-value\":\"CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\n \"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\n \"CCA.version\":\"1.2.0\"}\n }\n ", - "\n {\n \"scheme\":\"CCA\",\n \"type\":\"REFERENCE_VALUE\",\n\"subType\":\"CCA.sw-component\",\n, \"attributes\":{\n \"CCA.hw-model\":\"RoadRunner\",\n \"CCA.hw-vendor\":\"ACME\",\n \"CCA.impl-id\":\"76543210fedcba9817161514131211101f1e1d1c1b1a1918\",\n \"CCA.measurement-desc\":\"sha-256\",\n \"CCA.measurement-type\":\"M2\",\n \"CCA.measurement-value\":\"DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\n \"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\n \"CCA.version\":\"1.2.3\"}\n }\n " + "{\n\"scheme\":\"CCA\", \"subscheme\": \"CCA_SSD_PLATFORM\", \n\"type\":\"REFERENCE_VALUE\",\n\"subType\":\"CCA.sw-component\",\n\"attributes\":{\n \"CCA.hw-model\":\"RoadRunner\",\n \"CCA.hw-vendor\":\"ACME\",\n \"CCA.impl-id\":\"76543210fedcba9817161514131211101f1e1d1c1b1a1918\",\n \"CCA.measurement-desc\":\"sha-256\",\n \"CCA.measurement-type\":\"BL\",\n \"CCA.measurement-value\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\n \"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\n \"CCA.version\":\"3.4.2\"\n }\n }", + "\n{\n \"scheme\":\"CCA\", \"subscheme\": \"CCA_SSD_PLATFORM\", \n \"type\":\"REFERENCE_VALUE\",\n \"attributes\":{\n \"CCA.hw-model\":\"RoadRunner\",\n \"CCA.hw-vendor\":\"ACME\",\n \"CCA.impl-id\":\"76543210fedcba9817161514131211101f1e1d1c1b1a1918\",\n \"CCA.measurement-desc\":\"sha-256\",\n \"CCA.measurement-type\":\"M1\",\n \"CCA.measurement-value\":\"CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\n \"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\n \"CCA.version\":\"1.2.0\"}\n }\n ", + "\n {\n \"scheme\":\"CCA\", \"subscheme\": \"CCA_SSD_PLATFORM\", \n \"type\":\"REFERENCE_VALUE\",\n\"subType\":\"CCA.sw-component\",\n, \"attributes\":{\n \"CCA.hw-model\":\"RoadRunner\",\n \"CCA.hw-vendor\":\"ACME\",\n \"CCA.impl-id\":\"76543210fedcba9817161514131211101f1e1d1c1b1a1918\",\n \"CCA.measurement-desc\":\"sha-256\",\n \"CCA.measurement-type\":\"M2\",\n \"CCA.measurement-value\":\"DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\n \"CCA.signer-id\":\"BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=\",\n \"CCA.version\":\"1.2.3\"}\n }\n " ] \ No newline at end of file