Add Realm Negative Tests

Signed-off-by: Yogesh Deshpande <[email protected]>
veraison · Apr 30, 2024 · 91caf7b · 91caf7b
1 parent a790b0a
commit 91caf7b
Show file tree

Hide file tree

Showing 8 changed files with 334 additions and 12 deletions.
diff --git a/scheme/cca-realm/classattributes.go b/scheme/cca-realm/classattributes.go
@@ -3,9 +3,11 @@
 package cca_realm
 
 import (
+	"errors"
 	"fmt"
 
 	"github.com/veraison/corim/comid"
+	"github.com/veraison/services/log"
 )
 
 type ClassAttributes struct {
@@ -18,28 +20,32 @@ func (o *ClassAttributes) FromEnvironment(e comid.Environment) error {
 	class := e.Class
 
 	if class == nil {
-		return fmt.Errorf("expecting class in environment")
+		log.Debug("no class in the environment")
+		return nil
 	}
 
 	classID := class.ClassID
 
 	if classID == nil {
-		return fmt.Errorf("expecting class-id in class")
+		log.Debug("no classID in the environment")
 	}
+	if classID != nil {
+		uuID, err := classID.GetUUID()
+		if err != nil {
+			return fmt.Errorf("could not extract uu-id from class-id: %w", err)
+		}
 
-	uuID, err := classID.GetUUID()
-	if err != nil {
-		return fmt.Errorf("could not extract uu-id from class-id: %w", err)
-	}
+		if err := uuID.Valid(); err != nil {
+			return fmt.Errorf("no valid uu-id: %w", err)
+		}
 
-	if err := uuID.Valid(); err != nil {
-		return fmt.Errorf("no valid uu-id: %w", err)
+		o.UUID = uuID.String()
 	}
 
-	o.UUID = uuID.String()
-
 	if class.Vendor != nil {
 		o.Vendor = *class.Vendor
+	} else {
+		return errors.New("class is neither UUID or Vendor Name")
 	}
 
 	return nil

diff --git a/scheme/cca-realm/corim_test_vectors.go b/scheme/cca-realm/corim_test_vectors.go
@@ -24,3 +24,76 @@ a52d95136a1354db7a4dd57b1b26be0d3da71d9eb23986b34ba615abf651
 2f7265616c6d2f3104a200c11a61ce480001c11a695467800581a3006941
 434d45204c74642e01d8206c61636d652e6578616d706c65028101
 `
+
+// automatically generated from:
+// comidCcaRealmNoClass.json and corimCcaRealm.json
+var unsignedCorimcomidCcaRealmNoClass = `
+a500505c57e8f446cd421b91c908cf93e13cfc01815901c3d901faa40065
+656e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a30074
+576f726b6c6f616420436c69656e74204c74642e01d820781e6874747073
+3a2f2f776f726b6c6f6164636c69656e742e6578616d706c650283000102
+04a1008182a101d9023058304284b5694ca6c0d2cf4789a0b95ac8025c81
+8de52304364be7cd2981b2d2edc685b322277ec25819962413d8c9b2c1f5
+81a101a10ea56372696d81820758304284b5694ca6c0d2cf4789a0b95ac8
+025c818de52304364be7cd2981b2d2edc685b322277ec25819962413d8c9
+b2c1f56472656d3081820758302107bbe761fca52d95136a1354db7a4dd5
+7b1b26be0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a
+786472656d3181820758302507bbe761fca52d95136a1354db7a4dd57b1b
+26be0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a7864
+72656d3281820758303107bbe761fca52d95136a1354db7a4dd57b1b26be
+0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a78647265
+6d3381820758303507bbe761fca52d95136a1354db7a4dd57b1b26be0d3d
+a71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a780381781a68
+7474703a2f2f61726d2e636f6d2f6363612f7265616c6d2f3104a200c11a
+61ce480001c11a695467800581a3006941434d45204c74642e01d8206c61
+636d652e6578616d706c65028101
+`
+
+// automatically generated from:
+// comidCcaRealmNoInstance.json and corimCcaRealm.json
+var unsignedCorimcomidCcaRealmNoInstance = `
+a500505c57e8f446cd421b91c908cf93e13cfc01815901b8d901faa40065
+656e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a30074
+576f726b6c6f616420436c69656e74204c74642e01d820781e6874747073
+3a2f2f776f726b6c6f6164636c69656e742e6578616d706c650283000102
+04a1008182a100a200d82550cd1f0e5526f9460db9d8f7fde171787c0173
+576f726b6c6f616420436c69656e74204c746481a101a10ea56372696d81
+820758304284b5694ca6c0d2cf4789a0b95ac8025c818de52304364be7cd
+2981b2d2edc685b322277ec25819962413d8c9b2c1f56472656d30818207
+58302107bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb239
+86b34ba615abf6514cf35e5a9ea55a032d068a786472656d318182075830
+2507bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb23986b3
+4ba615abf6514cf35e5a9ea55a032d068a786472656d3281820758303107
+bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb23986b34ba6
+15abf6514cf35e5a9ea55a032d068a786472656d3381820758303507bbe7
+61fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb23986b34ba615ab
+f6514cf35e5a9ea55a032d068a780381781a687474703a2f2f61726d2e63
+6f6d2f6363612f7265616c6d2f3104a200c11a61ce480001c11a69546780
+0581a3006941434d45204c74642e01d8206c61636d652e6578616d706c65
+028101
+`
+
+// automatically generated from:
+// comidCcaRealmInvalidInstance.json and corimCcaRealm.json
+var unsignedCorimcomidCcaRealmInvalidInstance = `
+a500505c57e8f446cd421b91c908cf93e13cfc01815901dfd901faa40065
+656e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a30074
+576f726b6c6f616420436c69656e74204c74642e01d820781e6874747073
+3a2f2f776f726b6c6f6164636c69656e742e6578616d706c650283000102
+04a1008182a200a200d82550cd1f0e5526f9460db9d8f7fde171787c0173
+576f726b6c6f616420436c69656e74204c746401d90226582101ceebae7b
+8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f150881a1
+01a10ea56372696d81820758304284b5694ca6c0d2cf4789a0b95ac8025c
+818de52304364be7cd2981b2d2edc685b322277ec25819962413d8c9b2c1
+f56472656d3081820758302107bbe761fca52d95136a1354db7a4dd57b1b
+26be0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a7864
+72656d3181820758302507bbe761fca52d95136a1354db7a4dd57b1b26be
+0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a78647265
+6d3281820758303107bbe761fca52d95136a1354db7a4dd57b1b26be0d3d
+a71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a786472656d33
+81820758303507bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d
+9eb23986b34ba615abf6514cf35e5a9ea55a032d068a780381781a687474
+703a2f2f61726d2e636f6d2f6363612f7265616c6d2f3104a200c11a61ce
+480001c11a695467800581a3006941434d45204c74642e01d8206c61636d
+652e6578616d706c65028101
+`
diff --git a/scheme/cca-realm/endorsement_handler_test.go b/scheme/cca-realm/endorsement_handler_test.go
@@ -12,6 +12,7 @@ import (
 func TestDecoder_Decode_OK(t *testing.T) {
 	tvs := []string{
 		unsignedCorimcomidCcaRealm,
+		unsignedCorimcomidCcaRealmNoClass,
 	}
 
 	d := &EndorsementHandler{}
@@ -23,6 +24,32 @@ func TestDecoder_Decode_OK(t *testing.T) {
 	}
 }
 
+func TestDecoder_Decode_negative_tests(t *testing.T) {
+	tvs := []struct {
+		desc        string
+		input       string
+		expectedErr string
+	}{
+		{
+			desc:        "no realm instance identity in corim",
+			input:       unsignedCorimcomidCcaRealmNoInstance,
+			expectedErr: "bad software component in CoMID at index 0: could not extract Realm instance attributes: expecting instance in environment",
+		},
+		{
+			desc:        "invalid instance identity in corim",
+			input:       unsignedCorimcomidCcaRealmInvalidInstance,
+			expectedErr: "bad software component in CoMID at index 0: could not extract Realm instance attributes: expecting instance as bytes for CCA Realm",
+		},
+	}
+
+	for _, tv := range tvs {
+		data := comid.MustHexDecode(t, tv.input)
+		d := &EndorsementHandler{}
+		_, err := d.Decode(data)
+		assert.EqualError(t, err, tv.expectedErr)
+	}
+}
+
 func TestDecoder_GetAttestationScheme(t *testing.T) {
 	d := &EndorsementHandler{}
 

diff --git a/scheme/cca-realm/instanceattributes.go b/scheme/cca-realm/instanceattributes.go
@@ -20,7 +20,7 @@ func (o *InstanceAttributes) FromEnvironment(e comid.Environment) error {
 	}
 
 	if e.Instance.Type() != "bytes" {
-		return errors.New("expecting instance as bytes for CCA Realment")
+		return errors.New("expecting instance as bytes for CCA Realm")
 	}
 	b := e.Instance.Bytes()
 

diff --git a/scheme/cca-realm/test/corim/build-test-vectors.sh b/scheme/cca-realm/test/corim/build-test-vectors.sh
@@ -26,7 +26,9 @@ CORIM_TEMPLATE="corimCcaRealm.json"
 
 COMID_TEMPLATES=
 COMID_TEMPLATES="${COMID_TEMPLATES} comidCcaRealm"
-
+COMID_TEMPLATES="${COMID_TEMPLATES} comidCcaRealmNoClass"
+COMID_TEMPLATES="${COMID_TEMPLATES} comidCcaRealmNoInstance"
+COMID_TEMPLATES="${COMID_TEMPLATES} comidCcaRealmInvalidInstance"
 
 TV_DOT_GO=${TV_DOT_GO?must be set in the environment.}
 

diff --git a/scheme/cca-realm/test/corim/comidCcaRealmInvalidInstance.json b/scheme/cca-realm/test/corim/comidCcaRealmInvalidInstance.json
@@ -0,0 +1,75 @@
+{
+    "lang": "en-GB",
+    "tag-identity": {
+        "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16",
+        "version": 0
+    },
+    "entities": [
+        {
+            "name": "Workload Client Ltd.",
+            "regid": "https://workloadclient.example",
+            "roles": [
+                "tagCreator",
+                "creator",
+                "maintainer"
+            ]
+        }
+    ],
+    "triples": {
+        "reference-values": [
+            {
+                "environment": {
+                    "class": {
+                        "id": {
+                            "type": "uuid",
+                            "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C"
+                        },
+                        "vendor": "Workload Client Ltd"
+                    },
+                    "instance": {
+                        "type": "ueid",
+                        "value": "Ac7rrnuJJ6MiflMDz14PH3s0u1Qq1yUKwD+83jbsLxUI"
+                    }
+                },
+                "measurements": [
+                    {
+                        "value": {
+                            "integrity-registers": {
+                                "rim": {
+                                    "key-type": "text",
+                                    "value": [
+                                        "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1"
+                                    ]
+                                },
+                                "rem0": {
+                                    "key-type": "text",
+                                    "value": [
+                                        "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4"
+                                    ]
+                                },
+                                "rem1": {
+                                    "key-type": "text",
+                                    "value": [
+                                        "sha-384;JQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4"
+                                    ]
+                                },
+                                "rem2": {
+                                    "key-type": "text",
+                                    "value": [
+                                        "sha-384;MQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4"
+                                    ]
+                                },
+                                "rem3": {
+                                    "key-type": "text",
+                                    "value": [
+                                        "sha-384;NQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                ]
+            }
+        ]
+    }
+}
diff --git a/scheme/cca-realm/test/corim/comidCcaRealmNoClass.json b/scheme/cca-realm/test/corim/comidCcaRealmNoClass.json
@@ -0,0 +1,68 @@
+{
+    "lang": "en-GB",
+    "tag-identity": {
+        "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16",
+        "version": 0
+    },
+    "entities": [
+        {
+            "name": "Workload Client Ltd.",
+            "regid": "https://workloadclient.example",
+            "roles": [
+                "tagCreator",
+                "creator",
+                "maintainer"
+            ]
+        }
+    ],
+    "triples": {
+        "reference-values": [
+            {
+                "environment": {
+                    "instance": {
+                        "type": "bytes",
+                        "value": "QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1"
+                    }
+                },
+                "measurements": [
+                    {
+                        "value": {
+                            "integrity-registers": {
+                                "rim": {
+                                    "key-type": "text",
+                                    "value": [
+                                        "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1"
+                                    ]
+                                },
+                                "rem0": {
+                                    "key-type": "text",
+                                    "value": [
+                                        "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4"
+                                    ]
+                                },
+                                "rem1": {
+                                    "key-type": "text",
+                                    "value": [
+                                        "sha-384;JQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4"
+                                    ]
+                                },
+                                "rem2": {
+                                    "key-type": "text",
+                                    "value": [
+                                        "sha-384;MQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4"
+                                    ]
+                                },
+                                "rem3": {
+                                    "key-type": "text",
+                                    "value": [
+                                        "sha-384;NQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                ]
+            }
+        ]
+    }
+}