Skip to content

Commit

Permalink
Add Store Interface handler
Browse files Browse the repository at this point in the history
Fixes #138

Signed-off-by: Yogesh Deshpande <[email protected]>
  • Loading branch information
yogeshbdeshpande committed Mar 14, 2024
1 parent 8e55820 commit 7b34538
Show file tree
Hide file tree
Showing 73 changed files with 1,152 additions and 495 deletions.
2 changes: 2 additions & 0 deletions auth/problem.go
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
// Copyright 2024 Contributors to the Veraison project.
// SPDX-License-Identifier: Apache-2.0
package auth

import (
Expand Down
4 changes: 4 additions & 0 deletions builtin/schemes.gen.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,13 @@ import (
var plugins = []plugin.IPluggable{
&scheme1.EvidenceHandler{},
&scheme1.EndorsementHandler{},
&scheme1.StoreHandler{},
&scheme2.EvidenceHandler{},
&scheme2.StoreHandler{},
&scheme3.EvidenceHandler{},
&scheme3.EndorsementHandler{},
&scheme3.StoreHandler{},
&scheme4.EvidenceHandler{},
&scheme4.EndorsementHandler{},
&scheme4.StoreHandler{},
}
2 changes: 2 additions & 0 deletions end-to-end/input/corim-src/build-endorsements.sh
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
#!/bin/bash
# Copyright 2024 Contributors to the Veraison project.
# SPDX-License-Identifier: Apache-2.0
set -e

TEMP_DIR=/tmp/veraison-end-to-end
Expand Down
6 changes: 3 additions & 3 deletions handler/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
This package defines [`IEvidenceHandler`](ievidencehandler.go) and
[`IEndorsementHandler`](iendorsementhandler.go) [pluggable](../plugin/README.md)
This package defines [`IEvidenceHandler`](ievidencehandler.go),
[`IEndorsementHandler`](iendorsementhandler.go) and [`IStoreHandler`](istorehandler.go) [pluggable](../plugin/README.md)
interfaces and associated RPC channels. These are used to add new attestation
scheme to Veraison services. Additionally, the package defines a [couple
of wrappers](plugin.go) around `plugin.RegisterImplementation` for registering
implementations of these two interfaces.
implementations of these three interfaces.
2 changes: 1 addition & 1 deletion handler/endorsement.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2023 Contributors to the Veraison project.
// Copyright 2024 Contributors to the Veraison project.
// SPDX-License-Identifier: Apache-2.0
package handler

Expand Down
2 changes: 1 addition & 1 deletion handler/endorsement_rpc.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2022-2023 Contributors to the Veraison project.
// Copyright 2022-2024 Contributors to the Veraison project.
// SPDX-License-Identifier: Apache-2.0
package handler

Expand Down
2 changes: 1 addition & 1 deletion handler/error.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2023 Contributors to the Veraison project.
// Copyright 2024 Contributors to the Veraison project.
// SPDX-License-Identifier: Apache-2.0
package handler

Expand Down
2 changes: 1 addition & 1 deletion handler/error_test.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2023 Contributors to the Veraison project.
// Copyright 2024 Contributors to the Veraison project.
// SPDX-License-Identifier: Apache-2.0
package handler

Expand Down
122 changes: 1 addition & 121 deletions handler/evidence_rpc.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2022-2023 Contributors to the Veraison project.
// Copyright 2022-2024 Contributors to the Veraison project.
// SPDX-License-Identifier: Apache-2.0
package handler

Expand Down Expand Up @@ -45,59 +45,6 @@ func (s *RPCServer) GetSupportedMediaTypes(args interface{}, resp *[]string) err
return nil
}

type SynthKeysArgs struct {
TenantID string
EndorsementJSON []byte
}

func (s *RPCServer) SynthKeysFromRefValue(args SynthKeysArgs, resp *[]string) error {
var (
err error
swComp Endorsement
)

err = json.Unmarshal(args.EndorsementJSON, &swComp)
if err != nil {
return fmt.Errorf("unmarshaling software component: %w", err)
}

*resp, err = s.Impl.SynthKeysFromRefValue(args.TenantID, &swComp)

return err
}

func (s *RPCServer) SynthKeysFromTrustAnchor(args SynthKeysArgs, resp *[]string) error {
var (
err error
ta Endorsement
)

err = json.Unmarshal(args.EndorsementJSON, &ta)
if err != nil {
return fmt.Errorf("unmarshaling trust anchor: %w", err)
}

*resp, err = s.Impl.SynthKeysFromTrustAnchor(args.TenantID, &ta)

return err
}

func (s *RPCServer) GetTrustAnchorIDs(data []byte, resp *[]string) error {
var (
err error
token proto.AttestationToken
)

err = json.Unmarshal(data, &token)
if err != nil {
return fmt.Errorf("unmarshaling attestation token: %w", err)
}

*resp, err = s.Impl.GetTrustAnchorIDs(&token)

return err
}

type ExtractClaimsArgs struct {
Token []byte
TrustAnchors []string
Expand Down Expand Up @@ -216,73 +163,6 @@ func (s *RPCClient) GetSupportedMediaTypes() []string {
return resp
}

func (s *RPCClient) SynthKeysFromRefValue(tenantID string, swComp *Endorsement) ([]string, error) {
var (
err error
resp []string
args SynthKeysArgs
)

args.TenantID = tenantID

args.EndorsementJSON, err = json.Marshal(swComp)
if err != nil {
return nil, fmt.Errorf("marshaling software component: %w", err)
}

err = s.client.Call("Plugin.SynthKeysFromRefValue", args, &resp)
if err != nil {
err = ParseError(err)
return nil, fmt.Errorf("Plugin.SynthKeysFromRefValue RPC call failed: %w", err) // nolint
}

return resp, nil
}

func (s *RPCClient) SynthKeysFromTrustAnchor(tenantID string, ta *Endorsement) ([]string, error) {
var (
err error
resp []string
args SynthKeysArgs
)

args.TenantID = tenantID

args.EndorsementJSON, err = json.Marshal(ta)
if err != nil {
return nil, fmt.Errorf("marshaling trust anchor: %w", err)
}

err = s.client.Call("Plugin.SynthKeysFromTrustAnchor", args, &resp)
if err != nil {
err = ParseError(err)
return nil, fmt.Errorf("Plugin.SynthKeysFromTrustAnchor RPC call failed: %w", err) // nolint
}

return resp, nil
}

func (s *RPCClient) GetTrustAnchorIDs(token *proto.AttestationToken) ([]string, error) {
var (
err error
data []byte
resp []string
)

data, err = json.Marshal(token)
if err != nil {
return []string{""}, fmt.Errorf("marshaling token: %w", err)
}

err = s.client.Call("Plugin.GetTrustAnchorIDs", data, &resp)
if err != nil {
err = ParseError(err)
return []string{""}, fmt.Errorf("Plugin.GetTrustAnchorIDs RPC call failed: %w", err) // nolint
}

return resp, nil
}

func (s *RPCClient) ExtractEvidence(token *proto.AttestationToken, trustAnchors []string) (*ExtractedClaims, error) {
var (
err error
Expand Down
2 changes: 1 addition & 1 deletion handler/idecoder_manager.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2022-2023 Contributors to the Veraison project.
// Copyright 2022-2024 Contributors to the Veraison project.
// SPDX-License-Identifier: Apache-2.0
package handler

Expand Down
2 changes: 1 addition & 1 deletion handler/iendorsementhandler.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2022-2023 Contributors to the Veraison project.
// Copyright 2022-2024 Contributors to the Veraison project.
// SPDX-License-Identifier: Apache-2.0
package handler

Expand Down
19 changes: 3 additions & 16 deletions handler/ievidencehandler.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2021-2023 Contributors to the Veraison project.
// Copyright 2021-2024 Contributors to the Veraison project.
// SPDX-License-Identifier: Apache-2.0
package handler

Expand All @@ -10,15 +10,10 @@ import (

// IEvidenceHandler defines the interface to functionality for working with
// attestation scheme specific evidence tokens. This includes validating token
// integrity, and extracting an appraising claims.
// integrity, extracting and appraising claims.
type IEvidenceHandler interface {
plugin.IPluggable

// GetTrustAnchorIDs returns an array of trust anchor identifiers used
// to retrieve the trust anchors associated with this token. The trust anchors may be necessary to validate the
// entire token and/or extract its claims (if it is encrypted).
GetTrustAnchorIDs(token *proto.AttestationToken) ([]string, error)

// ExtractClaims parses the attestation token and returns claims
// extracted therefrom.
ExtractClaims(
Expand Down Expand Up @@ -48,20 +43,12 @@ type IEvidenceHandler interface {
endorsementsStrings []string,
) error

// AppraiseEvidence evaluates the specified EvidenceContext against
// AppraiseEvidence evaluates the specified EvidenceContext against
// the specified endorsements, and returns an AttestationResult.
AppraiseEvidence(
ec *proto.EvidenceContext,
endorsements []string,
) (*ear.AttestationResult, error)

// SynthKeysFromRefValue synthesizes lookup key(s) for the
// provided reference value endorsement.
SynthKeysFromRefValue(tenantID string, refVal *Endorsement) ([]string, error)

// SynthKeysFromTrustAnchor synthesizes lookup key(s) for the provided
// trust anchor.
SynthKeysFromTrustAnchor(tenantID string, ta *Endorsement) ([]string, error)
}

// ExtractedClaims contains a map of claims extracted from an attestation
Expand Down
29 changes: 29 additions & 0 deletions handler/istorehandler.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
// Copyright 2024 Contributors to the Veraison project.
// SPDX-License-Identifier: Apache-2.0
package handler

import (
"github.com/veraison/services/plugin"
"github.com/veraison/services/proto"
)

// IStoreHandler defines the interface to functionality for working with
// attestation scheme specific store interfaces. This includes extracting
// Trust Anchor IDs from attestation token, and synthesizing,
// Reference Value and TrustAnchor Keys from supplied endorsements
type IStoreHandler interface {
plugin.IPluggable

// GetTrustAnchorIDs returns an array of trust anchor identifiers used
// to retrieve the trust anchors associated with this token. The trust anchors may be necessary to validate the
// entire token and/or extract its claims (if it is encrypted).
GetTrustAnchorIDs(token *proto.AttestationToken) ([]string, error)

// SynthKeysFromRefValue synthesizes lookup key(s) for the
// provided reference value endorsement.
SynthKeysFromRefValue(tenantID string, refVal *Endorsement) ([]string, error)

// SynthKeysFromTrustAnchor synthesizes lookup key(s) for the provided
// trust anchor.
SynthKeysFromTrustAnchor(tenantID string, ta *Endorsement) ([]string, error)
}
9 changes: 8 additions & 1 deletion handler/plugin.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2022-2023 Contributors to the Veraison project.
// Copyright 2022-2024 Contributors to the Veraison project.
// SPDX-License-Identifier: Apache-2.0
package handler

Expand All @@ -19,3 +19,10 @@ func RegisterEvidenceHandler(i IEvidenceHandler) {
panic(err)
}
}

func RegisterStoreHandler(i IStoreHandler) {
err := plugin.RegisterImplementation("store-handler", i, StoreHandlerRPC)
if err != nil {
panic(err)
}
}
2 changes: 1 addition & 1 deletion handler/result.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2023 Contributors to the Veraison project.
// Copyright 2024 Contributors to the Veraison project.
// SPDX-License-Identifier: Apache-2.0
package handler

Expand Down
Loading

0 comments on commit 7b34538

Please sign in to comment.