From 91caf7b3bfde9c9a3796ac9cbb13132f6fc9eeec Mon Sep 17 00:00:00 2001 From: Yogesh Deshpande Date: Tue, 30 Apr 2024 14:55:33 -0400 Subject: [PATCH] Add Realm Negative Tests Signed-off-by: Yogesh Deshpande --- scheme/cca-realm/classattributes.go | 26 ++++--- scheme/cca-realm/corim_test_vectors.go | 73 ++++++++++++++++++ scheme/cca-realm/endorsement_handler_test.go | 27 +++++++ scheme/cca-realm/instanceattributes.go | 2 +- .../test/corim/build-test-vectors.sh | 4 +- .../corim/comidCcaRealmInvalidInstance.json | 75 +++++++++++++++++++ .../test/corim/comidCcaRealmNoClass.json | 68 +++++++++++++++++ .../test/corim/comidCcaRealmNoInstance.json | 71 ++++++++++++++++++ 8 files changed, 334 insertions(+), 12 deletions(-) create mode 100644 scheme/cca-realm/test/corim/comidCcaRealmInvalidInstance.json create mode 100644 scheme/cca-realm/test/corim/comidCcaRealmNoClass.json create mode 100644 scheme/cca-realm/test/corim/comidCcaRealmNoInstance.json diff --git a/scheme/cca-realm/classattributes.go b/scheme/cca-realm/classattributes.go index addcb79f..6e79aa0c 100644 --- a/scheme/cca-realm/classattributes.go +++ b/scheme/cca-realm/classattributes.go @@ -3,9 +3,11 @@ package cca_realm import ( + "errors" "fmt" "github.com/veraison/corim/comid" + "github.com/veraison/services/log" ) type ClassAttributes struct { @@ -18,28 +20,32 @@ func (o *ClassAttributes) FromEnvironment(e comid.Environment) error { class := e.Class if class == nil { - return fmt.Errorf("expecting class in environment") + log.Debug("no class in the environment") + return nil } classID := class.ClassID if classID == nil { - return fmt.Errorf("expecting class-id in class") + log.Debug("no classID in the environment") } + if classID != nil { + uuID, err := classID.GetUUID() + if err != nil { + return fmt.Errorf("could not extract uu-id from class-id: %w", err) + } - uuID, err := classID.GetUUID() - if err != nil { - return fmt.Errorf("could not extract uu-id from class-id: %w", err) - } + if err := uuID.Valid(); err != nil { + return fmt.Errorf("no valid uu-id: %w", err) + } - if err := uuID.Valid(); err != nil { - return fmt.Errorf("no valid uu-id: %w", err) + o.UUID = uuID.String() } - o.UUID = uuID.String() - if class.Vendor != nil { o.Vendor = *class.Vendor + } else { + return errors.New("class is neither UUID or Vendor Name") } return nil diff --git a/scheme/cca-realm/corim_test_vectors.go b/scheme/cca-realm/corim_test_vectors.go index 5b81ba6d..e7d743d3 100644 --- a/scheme/cca-realm/corim_test_vectors.go +++ b/scheme/cca-realm/corim_test_vectors.go @@ -24,3 +24,76 @@ a52d95136a1354db7a4dd57b1b26be0d3da71d9eb23986b34ba615abf651 2f7265616c6d2f3104a200c11a61ce480001c11a695467800581a3006941 434d45204c74642e01d8206c61636d652e6578616d706c65028101 ` + +// automatically generated from: +// comidCcaRealmNoClass.json and corimCcaRealm.json +var unsignedCorimcomidCcaRealmNoClass = ` +a500505c57e8f446cd421b91c908cf93e13cfc01815901c3d901faa40065 +656e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a30074 +576f726b6c6f616420436c69656e74204c74642e01d820781e6874747073 +3a2f2f776f726b6c6f6164636c69656e742e6578616d706c650283000102 +04a1008182a101d9023058304284b5694ca6c0d2cf4789a0b95ac8025c81 +8de52304364be7cd2981b2d2edc685b322277ec25819962413d8c9b2c1f5 +81a101a10ea56372696d81820758304284b5694ca6c0d2cf4789a0b95ac8 +025c818de52304364be7cd2981b2d2edc685b322277ec25819962413d8c9 +b2c1f56472656d3081820758302107bbe761fca52d95136a1354db7a4dd5 +7b1b26be0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a +786472656d3181820758302507bbe761fca52d95136a1354db7a4dd57b1b +26be0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a7864 +72656d3281820758303107bbe761fca52d95136a1354db7a4dd57b1b26be +0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a78647265 +6d3381820758303507bbe761fca52d95136a1354db7a4dd57b1b26be0d3d +a71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a780381781a68 +7474703a2f2f61726d2e636f6d2f6363612f7265616c6d2f3104a200c11a +61ce480001c11a695467800581a3006941434d45204c74642e01d8206c61 +636d652e6578616d706c65028101 +` + +// automatically generated from: +// comidCcaRealmNoInstance.json and corimCcaRealm.json +var unsignedCorimcomidCcaRealmNoInstance = ` +a500505c57e8f446cd421b91c908cf93e13cfc01815901b8d901faa40065 +656e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a30074 +576f726b6c6f616420436c69656e74204c74642e01d820781e6874747073 +3a2f2f776f726b6c6f6164636c69656e742e6578616d706c650283000102 +04a1008182a100a200d82550cd1f0e5526f9460db9d8f7fde171787c0173 +576f726b6c6f616420436c69656e74204c746481a101a10ea56372696d81 +820758304284b5694ca6c0d2cf4789a0b95ac8025c818de52304364be7cd +2981b2d2edc685b322277ec25819962413d8c9b2c1f56472656d30818207 +58302107bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb239 +86b34ba615abf6514cf35e5a9ea55a032d068a786472656d318182075830 +2507bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb23986b3 +4ba615abf6514cf35e5a9ea55a032d068a786472656d3281820758303107 +bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb23986b34ba6 +15abf6514cf35e5a9ea55a032d068a786472656d3381820758303507bbe7 +61fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb23986b34ba615ab +f6514cf35e5a9ea55a032d068a780381781a687474703a2f2f61726d2e63 +6f6d2f6363612f7265616c6d2f3104a200c11a61ce480001c11a69546780 +0581a3006941434d45204c74642e01d8206c61636d652e6578616d706c65 +028101 +` + +// automatically generated from: +// comidCcaRealmInvalidInstance.json and corimCcaRealm.json +var unsignedCorimcomidCcaRealmInvalidInstance = ` +a500505c57e8f446cd421b91c908cf93e13cfc01815901dfd901faa40065 +656e2d474201a1005043bbe37f2e614b33aed353cff1428b160281a30074 +576f726b6c6f616420436c69656e74204c74642e01d820781e6874747073 +3a2f2f776f726b6c6f6164636c69656e742e6578616d706c650283000102 +04a1008182a200a200d82550cd1f0e5526f9460db9d8f7fde171787c0173 +576f726b6c6f616420436c69656e74204c746401d90226582101ceebae7b +8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f150881a1 +01a10ea56372696d81820758304284b5694ca6c0d2cf4789a0b95ac8025c +818de52304364be7cd2981b2d2edc685b322277ec25819962413d8c9b2c1 +f56472656d3081820758302107bbe761fca52d95136a1354db7a4dd57b1b +26be0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a7864 +72656d3181820758302507bbe761fca52d95136a1354db7a4dd57b1b26be +0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a78647265 +6d3281820758303107bbe761fca52d95136a1354db7a4dd57b1b26be0d3d +a71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a786472656d33 +81820758303507bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d +9eb23986b34ba615abf6514cf35e5a9ea55a032d068a780381781a687474 +703a2f2f61726d2e636f6d2f6363612f7265616c6d2f3104a200c11a61ce +480001c11a695467800581a3006941434d45204c74642e01d8206c61636d +652e6578616d706c65028101 +` diff --git a/scheme/cca-realm/endorsement_handler_test.go b/scheme/cca-realm/endorsement_handler_test.go index 5349df5a..dc9f8f8a 100644 --- a/scheme/cca-realm/endorsement_handler_test.go +++ b/scheme/cca-realm/endorsement_handler_test.go @@ -12,6 +12,7 @@ import ( func TestDecoder_Decode_OK(t *testing.T) { tvs := []string{ unsignedCorimcomidCcaRealm, + unsignedCorimcomidCcaRealmNoClass, } d := &EndorsementHandler{} @@ -23,6 +24,32 @@ func TestDecoder_Decode_OK(t *testing.T) { } } +func TestDecoder_Decode_negative_tests(t *testing.T) { + tvs := []struct { + desc string + input string + expectedErr string + }{ + { + desc: "no realm instance identity in corim", + input: unsignedCorimcomidCcaRealmNoInstance, + expectedErr: "bad software component in CoMID at index 0: could not extract Realm instance attributes: expecting instance in environment", + }, + { + desc: "invalid instance identity in corim", + input: unsignedCorimcomidCcaRealmInvalidInstance, + expectedErr: "bad software component in CoMID at index 0: could not extract Realm instance attributes: expecting instance as bytes for CCA Realm", + }, + } + + for _, tv := range tvs { + data := comid.MustHexDecode(t, tv.input) + d := &EndorsementHandler{} + _, err := d.Decode(data) + assert.EqualError(t, err, tv.expectedErr) + } +} + func TestDecoder_GetAttestationScheme(t *testing.T) { d := &EndorsementHandler{} diff --git a/scheme/cca-realm/instanceattributes.go b/scheme/cca-realm/instanceattributes.go index b61e20e5..4bc0cb0b 100644 --- a/scheme/cca-realm/instanceattributes.go +++ b/scheme/cca-realm/instanceattributes.go @@ -20,7 +20,7 @@ func (o *InstanceAttributes) FromEnvironment(e comid.Environment) error { } if e.Instance.Type() != "bytes" { - return errors.New("expecting instance as bytes for CCA Realment") + return errors.New("expecting instance as bytes for CCA Realm") } b := e.Instance.Bytes() diff --git a/scheme/cca-realm/test/corim/build-test-vectors.sh b/scheme/cca-realm/test/corim/build-test-vectors.sh index 41547fab..b64aba04 100755 --- a/scheme/cca-realm/test/corim/build-test-vectors.sh +++ b/scheme/cca-realm/test/corim/build-test-vectors.sh @@ -26,7 +26,9 @@ CORIM_TEMPLATE="corimCcaRealm.json" COMID_TEMPLATES= COMID_TEMPLATES="${COMID_TEMPLATES} comidCcaRealm" - +COMID_TEMPLATES="${COMID_TEMPLATES} comidCcaRealmNoClass" +COMID_TEMPLATES="${COMID_TEMPLATES} comidCcaRealmNoInstance" +COMID_TEMPLATES="${COMID_TEMPLATES} comidCcaRealmInvalidInstance" TV_DOT_GO=${TV_DOT_GO?must be set in the environment.} diff --git a/scheme/cca-realm/test/corim/comidCcaRealmInvalidInstance.json b/scheme/cca-realm/test/corim/comidCcaRealmInvalidInstance.json new file mode 100644 index 00000000..f451e5be --- /dev/null +++ b/scheme/cca-realm/test/corim/comidCcaRealmInvalidInstance.json @@ -0,0 +1,75 @@ +{ + "lang": "en-GB", + "tag-identity": { + "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", + "version": 0 + }, + "entities": [ + { + "name": "Workload Client Ltd.", + "regid": "https://workloadclient.example", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "uuid", + "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" + }, + "vendor": "Workload Client Ltd" + }, + "instance": { + "type": "ueid", + "value": "Ac7rrnuJJ6MiflMDz14PH3s0u1Qq1yUKwD+83jbsLxUI" + } + }, + "measurements": [ + { + "value": { + "integrity-registers": { + "rim": { + "key-type": "text", + "value": [ + "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" + ] + }, + "rem0": { + "key-type": "text", + "value": [ + "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem1": { + "key-type": "text", + "value": [ + "sha-384;JQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem2": { + "key-type": "text", + "value": [ + "sha-384;MQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem3": { + "key-type": "text", + "value": [ + "sha-384;NQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + } + } + } + } + ] + } + ] + } +} \ No newline at end of file diff --git a/scheme/cca-realm/test/corim/comidCcaRealmNoClass.json b/scheme/cca-realm/test/corim/comidCcaRealmNoClass.json new file mode 100644 index 00000000..9324d73e --- /dev/null +++ b/scheme/cca-realm/test/corim/comidCcaRealmNoClass.json @@ -0,0 +1,68 @@ +{ + "lang": "en-GB", + "tag-identity": { + "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", + "version": 0 + }, + "entities": [ + { + "name": "Workload Client Ltd.", + "regid": "https://workloadclient.example", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "instance": { + "type": "bytes", + "value": "QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" + } + }, + "measurements": [ + { + "value": { + "integrity-registers": { + "rim": { + "key-type": "text", + "value": [ + "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" + ] + }, + "rem0": { + "key-type": "text", + "value": [ + "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem1": { + "key-type": "text", + "value": [ + "sha-384;JQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem2": { + "key-type": "text", + "value": [ + "sha-384;MQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem3": { + "key-type": "text", + "value": [ + "sha-384;NQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + } + } + } + } + ] + } + ] + } +} \ No newline at end of file diff --git a/scheme/cca-realm/test/corim/comidCcaRealmNoInstance.json b/scheme/cca-realm/test/corim/comidCcaRealmNoInstance.json new file mode 100644 index 00000000..0e32cc81 --- /dev/null +++ b/scheme/cca-realm/test/corim/comidCcaRealmNoInstance.json @@ -0,0 +1,71 @@ +{ + "lang": "en-GB", + "tag-identity": { + "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", + "version": 0 + }, + "entities": [ + { + "name": "Workload Client Ltd.", + "regid": "https://workloadclient.example", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "uuid", + "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" + }, + "vendor": "Workload Client Ltd" + } + }, + "measurements": [ + { + "value": { + "integrity-registers": { + "rim": { + "key-type": "text", + "value": [ + "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1" + ] + }, + "rem0": { + "key-type": "text", + "value": [ + "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem1": { + "key-type": "text", + "value": [ + "sha-384;JQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem2": { + "key-type": "text", + "value": [ + "sha-384;MQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + }, + "rem3": { + "key-type": "text", + "value": [ + "sha-384;NQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4" + ] + } + } + } + } + ] + } + ] + } +} \ No newline at end of file