[WIP] Further work on Plugin

Signed-off-by: Yogesh Deshpande <[email protected]>
veraison · Apr 29, 2024 · 8081088 · 8081088
1 parent 1874dcd
commit 8081088
Show file tree

Hide file tree

Showing 4 changed files with 78 additions and 6 deletions.
diff --git a/go.mod b/go.mod
@@ -29,7 +29,7 @@ require (
 	github.com/tbaehler/gin-keycloak v1.5.0
 	github.com/veraison/ccatoken v1.1.0
 	github.com/veraison/cmw v0.1.0
-	github.com/veraison/corim v1.1.2
+	github.com/veraison/corim v1.1.3-0.20240429160003-7b04d8b96e76
 	github.com/veraison/dice v0.0.1
 	github.com/veraison/ear v1.1.2
 	github.com/veraison/eat v0.0.0-20220117140849-ddaf59d69f53

diff --git a/go.sum b/go.sum
@@ -625,6 +625,7 @@ github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9
 github.com/hashicorp/go-plugin v1.4.4 h1:NVdrSdFRt3SkZtNckJ6tog7gbpRrcbOjQi/rgF7JYWQ=
 github.com/hashicorp/go-plugin v1.4.4/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s=
 github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
+github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
 github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
 github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
 github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
@@ -1063,8 +1064,10 @@ github.com/veraison/ccatoken v1.1.0 h1:U0Z5fOQRsdz3ksvvxVzTITczo+kfRxIlkWahJNP6I
 github.com/veraison/ccatoken v1.1.0/go.mod h1:qh/KBwsrhPyGJqttlh8PU56wt1rPkUCX9A3ZAA/53Nc=
 github.com/veraison/cmw v0.1.0 h1:vD6tBlGPROCW/HlDcG1jh+XUJi5ihrjXatKZBjrv8mU=
 github.com/veraison/cmw v0.1.0/go.mod h1:WoBrlgByc6C1FeHhdze1/bQx1kv5d1sWKO5ezEf4Hs4=
-github.com/veraison/corim v1.1.2 h1:JIk6ZK/OzKEb0FJUFHSnmkn67yyGy+5NChYax0bwttA=
-github.com/veraison/corim v1.1.2/go.mod h1:yoN6+vVQJgzS926nheCbJi68SvOlN0CpiPuTxYSe5FU=
+github.com/veraison/corim v1.1.3-0.20240423112400-92efbf346d05 h1:UDu2uBWhd17Hx+NqvvaXVjApk3PwbkDt+K7H0Xy+RKY=
+github.com/veraison/corim v1.1.3-0.20240423112400-92efbf346d05/go.mod h1:yoN6+vVQJgzS926nheCbJi68SvOlN0CpiPuTxYSe5FU=
+github.com/veraison/corim v1.1.3-0.20240429160003-7b04d8b96e76 h1:kB1KvHDnKO7YubQ0Bs3DMjZrC2r9JmaXCDfzeGJCEb0=
+github.com/veraison/corim v1.1.3-0.20240429160003-7b04d8b96e76/go.mod h1:yoN6+vVQJgzS926nheCbJi68SvOlN0CpiPuTxYSe5FU=
 github.com/veraison/dice v0.0.1 h1:dOm7ByDN/r4WlDsGkEUXzdPMXgTvAPTAksQ8+BwBrD4=
 github.com/veraison/dice v0.0.1/go.mod h1:QPMLc5LVMj08VZ+HNMYk4XxWoVYGAUBVm8Rd5V1hzxs=
 github.com/veraison/ear v1.1.2 h1:Xs41FqAG8IyJaceqNFcX2+nf51Et1uyhmCJV8SZqw/8=

diff --git a/scheme/cca-realm/corim_extractor.go b/scheme/cca-realm/corim_extractor.go
@@ -58,18 +58,22 @@ func (o CorimExtractor) RefValExtractor(
 	return refVals, nil
 }
 
-func makeRefValAttrs(cAttr *ClassAttributes, iAttr *InstanceAttributes, rAttr *RealmAttributes) (json.RawMessage, error) {
+func makeRefValAttrs(cAttr *ClassAttributes,
+	iAttr *InstanceAttributes,
+	rAttr *RealmAttributes) (json.RawMessage, error) {
 
 	var attrs = map[string]interface{}{
 		"CCA_REALM.vendor":      cAttr.Vendor,
-		"CCA_REALM-id":          cAttr.UUID,
+		"CCA_REALM-class-id":    cAttr.UUID,
+		"CCA_REALM-instance-id": rAttr.Rim,
 		"CCA_REALM.hash-alg-id": rAttr.HashAlgID,
 		"CCA_REALM.rim":         rAttr.Rim,
 		"CCA_REALM.rem0":        rAttr.Rem[0],
 		"CCA_REALM.rem1":        rAttr.Rem[1],
 		"CCA_REALM.rem2":        rAttr.Rem[2],
 		"CCA_REALM.rem3":        rAttr.Rem[3],
 	}
+
 	data, err := json.Marshal(attrs)
 	if err != nil {
 		return nil, fmt.Errorf("unable to marshal reference value attributes: %w", err)

diff --git a/scheme/cca-realm/realmattributes.go b/scheme/cca-realm/realmattributes.go
@@ -2,7 +2,13 @@
 // SPDX-License-Identifier: Apache-2.0
 package cca_realm
 
-import "github.com/veraison/corim/comid"
+import (
+	"errors"
+	"fmt"
+	"strings"
+
+	"github.com/veraison/corim/comid"
+)
 
 type RealmAttributes struct {
 	Rim       []byte
@@ -11,6 +17,65 @@ type RealmAttributes struct {
 }
 
 func (o *RealmAttributes) FromMeasurement(m comid.Measurement) error {
+	if err := o.extractRegisterIndexes(m.Val.IntegrityRegisters); err != nil {
+		return fmt.Errorf("extracting measurement: %w", err)
+	}
+
+	return nil
+}
+
+func (o *RealmAttributes) extractRealmDigest(digests comid.Digests) (algID string, hash []byte, err error) {
 
+	if err := digests.Valid(); err != nil {
+		return "", nil, fmt.Errorf("invalid digest: %v", err)
+	}
+	if len(digests) != 1 {
+		return "", nil, fmt.Errorf("invalid number %d for digest", len(digests))
+	}
+
+	return digests[0].AlgIDToString(), digests[0].HashValue, nil
+}
+
+func (o *RealmAttributes) extractRegisterIndexes(r *comid.IntegrityRegisters) error {
+	for k, val := range r.M {
+		a, d, err := o.extractRealmDigest(val)
+		if err != nil {
+			return errors.New("unable to extract digest for ")
+		}
+		switch t := k.(type) {
+		case string:
+			key := strings.ToLower(t)
+			if !o.isCompatibleAlgID(a) {
+				return fmt.Errorf("incompatible AlgID %s for key %s", a, key)
+			}
+			switch key {
+			case "rim":
+				o.HashAlgID = a
+				o.Rim = d
+			case "rem0":
+				o.Rem[0] = d
+			case "rem1":
+				o.Rem[1] = d
+			case "rem2":
+				o.Rem[2] = d
+			case "rem3":
+				o.Rem[3] = d
+			default:
+				return fmt.Errorf("unexpected register index: %s", key)
+			}
+		default:
+			return fmt.Errorf("unexpected type for index: %T", t)
+		}
+	}
 	return nil
 }
+
+func (o RealmAttributes) isCompatibleAlgID(HashAlgID string) bool {
+	compatible := true
+	if o.HashAlgID != "" {
+		if HashAlgID != o.HashAlgID {
+			compatible = false
+		}
+	}
+	return compatible
+}