diff --git a/go.mod b/go.mod index b5bc7633..7887053f 100644 --- a/go.mod +++ b/go.mod @@ -30,7 +30,7 @@ require ( github.com/tbaehler/gin-keycloak v1.5.0 github.com/veraison/ccatoken v1.1.0 github.com/veraison/cmw v0.1.0 - github.com/veraison/corim v1.1.2-0.20230912171018-eeb7bd486d3c + github.com/veraison/corim v1.1.2-0.20231201124143-c98741c914fc github.com/veraison/dice v0.0.1 github.com/veraison/ear v1.1.3-0.20231130183426-c7759f6f0da6 github.com/veraison/eat v0.0.0-20220117140849-ddaf59d69f53 diff --git a/go.sum b/go.sum index de91c6eb..247752a6 100644 --- a/go.sum +++ b/go.sum @@ -1069,6 +1069,8 @@ github.com/veraison/cmw v0.1.0 h1:vD6tBlGPROCW/HlDcG1jh+XUJi5ihrjXatKZBjrv8mU= github.com/veraison/cmw v0.1.0/go.mod h1:WoBrlgByc6C1FeHhdze1/bQx1kv5d1sWKO5ezEf4Hs4= github.com/veraison/corim v1.1.2-0.20230912171018-eeb7bd486d3c h1:do1Yj0d4uq+Sd4PusgE8pfLfSKejJfaWukyjYTi8Ro0= github.com/veraison/corim v1.1.2-0.20230912171018-eeb7bd486d3c/go.mod h1:Vn9+tCyN2ljpQxYvM6rwu3hNqdVbWrdQ9hqMa1Jfxb0= +github.com/veraison/corim v1.1.2-0.20231201124143-c98741c914fc h1:MWuahPPqlbrFGDPT5jgf+gKUYFuj7mGu8qk/xJeKToU= +github.com/veraison/corim v1.1.2-0.20231201124143-c98741c914fc/go.mod h1:Vn9+tCyN2ljpQxYvM6rwu3hNqdVbWrdQ9hqMa1Jfxb0= github.com/veraison/dice v0.0.1 h1:dOm7ByDN/r4WlDsGkEUXzdPMXgTvAPTAksQ8+BwBrD4= github.com/veraison/dice v0.0.1/go.mod h1:QPMLc5LVMj08VZ+HNMYk4XxWoVYGAUBVm8Rd5V1hzxs= github.com/veraison/ear v1.1.3-0.20231130164136-ea589b65f3bf h1:hZUe1o0rpGQz67rQyMsXp4SneKQUhveKXDNlkZ461nQ= diff --git a/scheme/cca-realm/classattributes.go b/scheme/cca-realm/classattributes.go new file mode 100644 index 00000000..d0cbba87 --- /dev/null +++ b/scheme/cca-realm/classattributes.go @@ -0,0 +1,51 @@ +// Copyright 2022-2023 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 +package cca_realm + +import ( + "fmt" + + "github.com/veraison/corim/comid" +) + +type ClassAttributes struct { + UUID string + Vendor string + Model string +} + +// extract mandatory ImplID and optional vendor & model +func (o *ClassAttributes) FromEnvironment(e comid.Environment) error { + class := e.Class + + if class == nil { + return fmt.Errorf("expecting class in environment") + } + + classID := class.ClassID + + if classID == nil { + return fmt.Errorf("expecting class-id in class") + } + + uuID, err := classID.GetUUID() + if err != nil { + return fmt.Errorf("could not extract uu-id from class-id: %w", err) + } + + if err := uuID.Valid(); err != nil { + return fmt.Errorf("no valid uu-id: %w", err) + } + + o.UUID = uuID.String() + + if class.Vendor != nil { + o.Vendor = *class.Vendor + } + + if class.Model != nil { + o.Model = *class.Model + } + + return nil +} diff --git a/scheme/cca-realm/corim_extractor.go b/scheme/cca-realm/corim_extractor.go new file mode 100644 index 00000000..df204cdd --- /dev/null +++ b/scheme/cca-realm/corim_extractor.go @@ -0,0 +1,82 @@ +// Copyright 2023 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 +package cca_realm + +import ( + "encoding/json" + "fmt" + + "github.com/veraison/corim/comid" + "github.com/veraison/services/handler" +) + +type CorimExtractor struct{} + +func (o CorimExtractor) RefValExtractor( + rv comid.ReferenceValue, +) ([]*handler.Endorsement, error) { + var classAttrs ClassAttributes + + if err := classAttrs.FromEnvironment(rv.Environment); err != nil { + return nil, fmt.Errorf("could not extract Realm class attributes: %w", err) + } + + rvs := make([]*handler.Endorsement, 0, len(rv.Measurements)) + + for i, m := range rv.Measurements { + + d := m.Val.Digests + + if d == nil { + return nil, fmt.Errorf("measurement value has no digests") + } + if len(*d) != 1 { + return nil, fmt.Errorf("expecting exactly one digest") + } + algID := (*d)[0].AlgIDToString() + measurementValue := (*d)[0].HashValue + + attrs, err := makeRefValAttrs(&classAttrs, algID, measurementValue) + if err != nil { + return nil, fmt.Errorf("measurement[%d].digest[%d]: %w", i, j, err) + } + + rv := &handler.Endorsement{ + Scheme: SchemeName, + Type: handler.EndorsementType_REFERENCE_VALUE, + Attributes: attrs, + } + + rvs = append(rvs, rv) + + } + + if len(rvs) == 0 { + return nil, fmt.Errorf("no measurements found") + } + + return rvs, nil +} + +func makeRefValAttrs(cAttr *ClassAttributes, algID string, digest []byte) (json.RawMessage, error) { + + var attrs = map[string]interface{}{ + "cca-realm.vendor": cAttr.Vendor, + "cca-realm.model": cAttr.Model, + "cca-realm-id": cAttr.UUID, + "cca-realm.alg-id": algID, + "cca-realm.measurement": digest, + } + data, err := json.Marshal(attrs) + if err != nil { + return nil, fmt.Errorf("unable to marshal reference value attributes: %w", err) + } + return data, nil +} + +func (o CorimExtractor) TaExtractor( + avk comid.AttestVerifKey, +) (*handler.Endorsement, error) { + + return nil, fmt.Errorf("cca realm endorsements does not have a Trust Anchor") +} diff --git a/scheme/cca-realm/endorsement_handler.go b/scheme/cca-realm/endorsement_handler.go index a32ea38d..9c866f57 100644 --- a/scheme/cca-realm/endorsement_handler.go +++ b/scheme/cca-realm/endorsement_handler.go @@ -4,6 +4,7 @@ package cca_realm import ( "github.com/veraison/services/handler" + "github.com/veraison/services/scheme/common" ) type EndorsementHandler struct{} @@ -29,5 +30,5 @@ func (o EndorsementHandler) GetSupportedMediaTypes() []string { } func (o EndorsementHandler) Decode(data []byte) (*handler.EndorsementHandlerResponse, error) { - return nil, nil + return common.UnsignedCorimDecoder(data, &CorimExtractor{}) }