[WIP] Futher work

Signed-off-by: Yogesh Deshpande <[email protected]>

builtin/schemes.gen.go

@@ -12,9 +12,13 @@ import (
 var plugins = []plugin.IPluggable{
 	&scheme1.EvidenceHandler{},
 	&scheme1.EndorsementHandler{},
+	&scheme1.StoreHandler{},
 	&scheme2.EvidenceHandler{},
+	&scheme2.StoreHandler{},
 	&scheme3.EvidenceHandler{},
 	&scheme3.EndorsementHandler{},
+	&scheme3.StoreHandler{},
 	&scheme4.EvidenceHandler{},
 	&scheme4.EndorsementHandler{},
+	&scheme4.StoreHandler{},
 }

handler/README.md

@@ -1,6 +1,6 @@
-This package defines [`IEvidenceHandler`](ievidencehandler.go) and
-[`IEndorsementHandler`](iendorsementhandler.go) [pluggable](../plugin/README.md)
+This package defines [`IEvidenceHandler`](ievidencehandler.go), 
+[`IEndorsementHandler`](iendorsementhandler.go) and [`IStoreHandler`](istorehandler.go) [pluggable](../plugin/README.md)
 interfaces and associated RPC channels. These are used to add new attestation
 scheme to Veraison services. Additionally, the package defines a [couple
 of wrappers](plugin.go) around `plugin.RegisterImplementation` for registering
-implementations of these two interfaces.
+implementations of these three interfaces.

scheme/psa-iot/plugin/combined/main.go

@@ -1,4 +1,4 @@
-// Copyright 2022-2023 Contributors to the Veraison project.
+// Copyright 2022-2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 package main
 

scheme/psa-iot/store_handler.go

@@ -12,7 +12,7 @@ import (
 type StoreHandler struct{}
 
 func (s StoreHandler) GetName() string {
-	return "cca-store-handler"
+	return "psa-store-handler"
 }
 
 func (s StoreHandler) GetAttestationScheme() string {

scheme/riot/plugin/store-handler/Makefile

@@ -1,8 +1,8 @@
-# Copyright 2021 Contributors to the Veraison project.
+# Copyright 2024 Contributors to the Veraison project.
 # SPDX-License-Identifier: Apache-2.0
 
-PLUGIN := ../../../bin/cca-store-handler.plugin
-GOPKG := github.com/veraison/services/scheme/cca-ssd-platform
+PLUGIN := ../../../bin/riot.plugin
+GOPKG := github.com/veraison/services/scheme/riot
 SRCS := main.go
 
 include ../../../../mk/common.mk

scheme/tpm-enacttrust/evidence_handler.go

@@ -1,4 +1,4 @@
-// Copyright 2021-2023 Contributors to the Veraison project.
+// Copyright 2021-2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 package tpm_enacttrust
 
@@ -32,44 +32,6 @@ func (s EvidenceHandler) GetSupportedMediaTypes() []string {
 	return EvidenceMediaTypes
 }
 
-func (s EvidenceHandler) SynthKeysFromRefValue(
-	tenantID string,
-	swComp *handler.Endorsement,
-) ([]string, error) {
-	return synthKeysFromAttrs("software component", tenantID, swComp.Attributes)
-}
-
-func (s EvidenceHandler) SynthKeysFromTrustAnchor(tenantID string, ta *handler.Endorsement) ([]string, error) {
-	return synthKeysFromAttrs("trust anchor", tenantID, ta.Attributes)
-}
-
-func (s EvidenceHandler) GetTrustAnchorIDs(token *proto.AttestationToken) ([]string, error) {
-	supported := false
-	for _, mt := range EvidenceMediaTypes {
-		if token.MediaType == mt {
-			supported = true
-			break
-		}
-	}
-
-	if !supported {
-		err := handler.BadEvidence(
-			"wrong media type: expect %q, but found %q",
-			strings.Join(EvidenceMediaTypes, ", "),
-			token.MediaType,
-		)
-		return []string{""}, err
-	}
-
-	var decoded Token
-
-	if err := decoded.Decode(token.Data); err != nil {
-		return nil, handler.BadEvidence(err)
-	}
-
-	return []string{tpmEnactTrustLookupKey(token.TenantId, decoded.NodeId.String())}, nil
-}
-
 func (s EvidenceHandler) ExtractClaims(
 	token *proto.AttestationToken,
 	trustAnchors []string,

scheme/tpm-enacttrust/evidence_handler_test.go

@@ -1,4 +1,4 @@
-// Copyright 2022-2023 Contributors to the Veraison project.
+// Copyright 2022-2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 package tpm_enacttrust
 
@@ -27,23 +27,6 @@ func Test_DecodeAttestationData_ok(t *testing.T) {
 	assert.Equal(t, uint64(0x7), decoded.AttestationData.FirmwareVersion)
 }
 
-func Test_GetTrustAnchorIds_ok(t *testing.T) {
-	data, err := os.ReadFile("test/tokens/basic.token")
-	require.NoError(t, err)
-
-	ta := proto.AttestationToken{
-		TenantId:  "0",
-		MediaType: "application/vnd.enacttrust.tpm-evidence",
-		Data:      data,
-	}
-
-	var s EvidenceHandler
-
-	taIDs, err := s.GetTrustAnchorIDs(&ta)
-	require.NoError(t, err)
-	assert.Equal(t, "TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1", taIDs[0])
-}
-
 func readPublicKeyBytes(path string) ([]byte, error) {
 	buf, err := os.ReadFile(path)
 	if err != nil {

scheme/tpm-enacttrust/plugin/Makefile

@@ -2,6 +2,7 @@
 ifndef COMBINED_PLUGINS
   SUBDIR += endorsement-handler
   SUBDIR += evidence-handler
+  SUBDIR += store-handler
 else
   SUBDIR += combined
 endif

scheme/tpm-enacttrust/plugin/combined/main.go

@@ -1,4 +1,4 @@
-// Copyright 2022-2023 Contributors to the Veraison project.
+// Copyright 2022-2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 package main
 
@@ -11,5 +11,6 @@ import (
 func main() {
 	handler.RegisterEndorsementHandler(&scheme.EndorsementHandler{})
 	handler.RegisterEvidenceHandler(&scheme.EvidenceHandler{})
+	handler.RegisterStoreHandler(&scheme.StoreHandler{})
 	plugin.Serve()
 }

scheme/tpm-enacttrust/plugin/store-handler/Makefile

@@ -0,0 +1,11 @@
+# Copyright 2024 Contributors to the Veraison project.
+# SPDX-License-Identifier: Apache-2.0
+
+PLUGIN := ../../../bin/tpm-enacttrust-store-handler.plugin
+GOPKG := github.com/veraison/services/scheme/tpm-enacttrust
+SRCS := main.go
+
+include ../../../../mk/common.mk
+include ../../../../mk/plugin.mk
+include ../../../../mk/lint.mk
+include ../../../../mk/test.mk

scheme/tpm-enacttrust/plugin/store-handler/main.go

@@ -0,0 +1,14 @@
+// Copyright 2022-2024 Contributors to the Veraison project.
+// SPDX-License-Identifier: Apache-2.0
+package main
+
+import (
+	"github.com/veraison/services/handler"
+	"github.com/veraison/services/plugin"
+	scheme "github.com/veraison/services/scheme/tpm-enacttrust"
+)
+
+func main() {
+	handler.RegisterStoreHandler(&scheme.StoreHandler{})
+	plugin.Serve()
+}

scheme/tpm-enacttrust/store_handler.go

@@ -0,0 +1,64 @@
+// Copyright 2021-2024 Contributors to the Veraison project.
+// SPDX-License-Identifier: Apache-2.0
+
+package tpm_enacttrust
+
+import (
+	"strings"
+
+	"github.com/veraison/services/handler"
+	"github.com/veraison/services/proto"
+)
+
+type StoreHandler struct {
+}
+
+func (s StoreHandler) GetName() string {
+	return "tpm-enacttrust-store-handler"
+}
+
+func (s StoreHandler) GetAttestationScheme() string {
+	return SchemeName
+}
+
+func (s StoreHandler) GetSupportedMediaTypes() []string {
+	return nil
+}
+
+func (s StoreHandler) GetTrustAnchorIDs(token *proto.AttestationToken) ([]string, error) {
+	supported := false
+	for _, mt := range EvidenceMediaTypes {
+		if token.MediaType == mt {
+			supported = true
+			break
+		}
+	}
+
+	if !supported {
+		err := handler.BadEvidence(
+			"wrong media type: expect %q, but found %q",
+			strings.Join(EvidenceMediaTypes, ", "),
+			token.MediaType,
+		)
+		return []string{""}, err
+	}
+
+	var decoded Token
+
+	if err := decoded.Decode(token.Data); err != nil {
+		return nil, handler.BadEvidence(err)
+	}
+
+	return []string{tpmEnactTrustLookupKey(token.TenantId, decoded.NodeId.String())}, nil
+}
+
+func (s StoreHandler) SynthKeysFromRefValue(
+	tenantID string,
+	swComp *handler.Endorsement,
+) ([]string, error) {
+	return synthKeysFromAttrs("software component", tenantID, swComp.Attributes)
+}
+
+func (s StoreHandler) SynthKeysFromTrustAnchor(tenantID string, ta *handler.Endorsement) ([]string, error) {
+	return synthKeysFromAttrs("trust anchor", tenantID, ta.Attributes)
+}

scheme/tpm-enacttrust/store_handler_test.go

@@ -0,0 +1,29 @@
+// Copyright 2022-2024 Contributors to the Veraison project.
+// SPDX-License-Identifier: Apache-2.0
+package tpm_enacttrust
+
+import (
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"github.com/veraison/services/proto"
+)
+
+func Test_GetTrustAnchorIds_ok(t *testing.T) {
+	data, err := os.ReadFile("test/tokens/basic.token")
+	require.NoError(t, err)
+
+	ta := proto.AttestationToken{
+		TenantId:  "0",
+		MediaType: "application/vnd.enacttrust.tpm-evidence",
+		Data:      data,
+	}
+
+	var s StoreHandler
+
+	taIDs, err := s.GetTrustAnchorIDs(&ta)
+	require.NoError(t, err)
+	assert.Equal(t, "TPM_ENACTTRUST://0/7df7714e-aa04-4638-bcbf-434b1dd720f1", taIDs[0])
+}

vts/cmd/vts-service/main.go

@@ -1,4 +1,4 @@
-// Copyright 2022-2023 Contributors to the Veraison project.
+// Copyright 2022-2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 package main
 

vts/trustedservices/itrustedservices.go

@@ -1,4 +1,4 @@
-// Copyright 2022-2023 Contributors to the Veraison project.
+// Copyright 2022-2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 package trustedservices
 

vts/trustedservices/trustedservices_grpc.go

@@ -1,4 +1,4 @@
-// Copyright 2022-2023 Contributors to the Veraison project.
+// Copyright 2022-2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 package trustedservices