Major file refactor

Signed-off-by: Yogesh Deshpande <[email protected]>

scheme/cca/endorsement_handler.go

@@ -1,11 +1,11 @@
-// Copyright 2022-2023 Contributors to the Veraison project.
+// Copyright 2022-2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 package cca
 
 import (
 	"github.com/veraison/services/handler"
 	"github.com/veraison/services/scheme/common"
-	cca "github.com/veraison/services/scheme/common/arm/cca"
+	arm "github.com/veraison/services/scheme/common/arm"
 )
 
 type EndorsementHandler struct{}
@@ -31,5 +31,5 @@ func (o EndorsementHandler) GetSupportedMediaTypes() []string {
 }
 
 func (o EndorsementHandler) Decode(data []byte) (*handler.EndorsementHandlerResponse, error) {
-	return common.UnsignedCorimDecoder(data, &cca.CcaExtractor{Scheme: SchemeName})
+	return common.UnsignedCorimDecoder(data, &arm.CcaExtractor{Scheme: SchemeName})
 }

scheme/cca/plugin/endorsement-handler/main.go

@@ -1,4 +1,4 @@
-// Copyright 2022-2023 Contributors to the Veraison project.
+// Copyright 2022-2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 package main
 

scheme/cca/plugin/evidence-handler/main.go

@@ -1,4 +1,4 @@
-// Copyright 2023 Contributors to the Veraison project.
+// Copyright 2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 package main
 

scheme/cca/scheme.go

@@ -1,4 +1,4 @@
-// Copyright 2023 Contributors to the Veraison project.
+// Copyright 2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 package cca
 
@@ -7,6 +7,7 @@ const SchemeName = "CCA_SSD"
 var (
 	EndorsementMediaTypes = []string{
 		"application/corim-unsigned+cbor; profile=http://arm.com/cca/ssd/1",
+		"application/corim-unsigned+cbor; profile=http://arm.com/cca/realm/1",
 	}
 
 	EvidenceMediaTypes = []string{

scheme/cca/test_vectors.go

@@ -1,4 +1,4 @@
-// Copyright 2022-2023 Contributors to the Veraison project.
+// Copyright 2022-2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 package cca
 

scheme/common/arm/Makefile

@@ -1,8 +1,6 @@
 # Copyright 2024 Contributors to the Veraison project.
 # SPDX-License-Identifier: Apache-2.0
 
-SUBDIR := cca
-SUBDIR += psa
 
 include ../../../mk/common.mk
 include ../../../mk/lint.mk

scheme/common/arm/cca/cca_extractor.go → scheme/common/arm/cca_extractor.go

@@ -1,6 +1,6 @@
 // Copyright 2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
-package cca
+package arm
 
 import (
 	"errors"

scheme/common/arm/cca/cca_realm_attributes.go → scheme/common/arm/cca_realm_attributes.go

@@ -1,6 +1,6 @@
 // Copyright 2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
-package cca
+package arm
 
 import (
 	"errors"

scheme/common/arm/cca/cca_realm_extractor.go → scheme/common/arm/cca_realm_extractor.go

@@ -1,6 +1,6 @@
 // Copyright 2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
-package cca
+package arm
 
 import (
 	"encoding/json"
@@ -17,8 +17,8 @@ type CcaRealmExtractor struct {
 }
 
 func (o CcaRealmExtractor) RefValExtractor(rv comid.ReferenceValue) ([]*handler.Endorsement, error) {
-	var classAttrs ClassAttributes
-	var instAttrs InstanceAttributes
+	var classAttrs RealmClassAttributes
+	var instAttrs RealmInstanceAttributes
 
 	if (o.Profile == "") || (o.Profile != "http://arm.com/cca/realm/1") {
 		return nil, fmt.Errorf("incorrect profile: %s for Scheme: %s", o.Profile, o.Scheme)
@@ -70,8 +70,8 @@ func (o *CcaRealmExtractor) TaExtractor(comid.AttestVerifKey) (*handler.Endorsem
 	return nil, fmt.Errorf("cca realm endorsements does not have a Trust Anchor")
 }
 
-func makeRefValAttrs(cAttr *ClassAttributes,
-	iAttr *InstanceAttributes,
+func makeRefValAttrs(cAttr *RealmClassAttributes,
+	iAttr *RealmInstanceAttributes,
 	rAttr *RealmAttributes) (json.RawMessage, error) {
 
 	var attrs = map[string]interface{}{
@@ -82,25 +82,26 @@ func makeRefValAttrs(cAttr *ClassAttributes,
 	if rAttr.Rpv != nil {
 		attrs["CCA_REALM.realm-personalization-value"] = *rAttr.Rpv
 	}
-	if cAttr.Vendor != nil {
-		attrs["CCA_REALM.vendor"] = *cAttr.Vendor
-	}
-	if cAttr.UUID != nil {
-		attrs["CCA_REALM.class-id"] = *cAttr.UUID
-	}
-	if rAttr.Rem[0] != nil {
-		attrs["CCA_REALM.rem0"] = *rAttr.Rem[0]
-	}
-	if rAttr.Rem[1] != nil {
-		attrs["CCA_REALM.rem1"] = *rAttr.Rem[1]
-	}
-	if rAttr.Rem[2] != nil {
-		attrs["CCA_REALM.rem2"] = *rAttr.Rem[2]
-	}
-	if rAttr.Rem[3] != nil {
-		attrs["CCA_REALM.rem3"] = *rAttr.Rem[3]
-	}
-
+	/*
+		if cAttr.Vendor != nil {
+			attrs["CCA_REALM.vendor"] = *cAttr.Vendor
+		}
+		if cAttr.UUID != nil {
+			attrs["CCA_REALM.class-id"] = *cAttr.UUID
+		}
+		if rAttr.Rem[0] != nil {
+			attrs["CCA_REALM.rem0"] = *rAttr.Rem[0]
+		}
+		if rAttr.Rem[1] != nil {
+			attrs["CCA_REALM.rem1"] = *rAttr.Rem[1]
+		}
+		if rAttr.Rem[2] != nil {
+			attrs["CCA_REALM.rem2"] = *rAttr.Rem[2]
+		}
+		if rAttr.Rem[3] != nil {
+			attrs["CCA_REALM.rem3"] = *rAttr.Rem[3]
+		}
+	*/
 	data, err := json.Marshal(attrs)
 	if err != nil {
 		return nil, fmt.Errorf("unable to marshal reference value attributes: %w", err)

scheme/common/arm/cca/cca_ssd_extractor.go → scheme/common/arm/cca_ssd_extractor.go

@@ -1,6 +1,6 @@
 // Copyright 2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
-package cca
+package arm
 
 import (
 	"encoding/json"
@@ -10,7 +10,6 @@ import (
 
 	"github.com/veraison/corim/comid"
 	"github.com/veraison/services/handler"
-	"github.com/veraison/services/scheme/common/arm"
 )
 
 type CcaSsdExtractor struct {
@@ -20,12 +19,8 @@ type CcaSsdExtractor struct {
 }
 
 func (o CcaSsdExtractor) RefValExtractor(rv comid.ReferenceValue) ([]*handler.Endorsement, error) {
-	var classAttrs arm.ClassAttributes
-	/*
-		if (o.Profile == "") || (o.Profile != "http://arm.com/cca/ssd/1") {
-			return nil, fmt.Errorf("incorrect profile: %s for Scheme: %s", o.Profile, o.Scheme)
-		}
-	*/
+	var classAttrs ClassAttributes
+
 	if err := classAttrs.FromEnvironment(rv.Environment); err != nil {
 		return nil, fmt.Errorf("could not extract PSA class attributes: %w", err)
 	}
@@ -51,7 +46,7 @@ func (o CcaSsdExtractor) RefValExtractor(rv comid.ReferenceValue) ([]*handler.En
 		// Check which MKey is present and then decide which extractor to invoke
 		switch m.Key.Type() {
 		case comid.PSARefValIDType:
-			var swCompAttrs arm.SwCompAttributes
+			var swCompAttrs SwCompAttributes
 
 			refVal, err = o.extractMeas(&swCompAttrs, m, classAttrs)
 			if err != nil {
@@ -77,9 +72,9 @@ func (o CcaSsdExtractor) RefValExtractor(rv comid.ReferenceValue) ([]*handler.En
 }
 
 func (o CcaSsdExtractor) extractMeas(
-	obj arm.MeasurementExtractor,
+	obj MeasurementExtractor,
 	m comid.Measurement,
-	class arm.ClassAttributes,
+	class ClassAttributes,
 ) (*handler.Endorsement, error) {
 	if err := obj.FromMeasurement(m); err != nil {
 		return nil, err
@@ -101,13 +96,13 @@ func (o CcaSsdExtractor) extractMeas(
 
 func (o CcaSsdExtractor) TaExtractor(avk comid.AttestVerifKey) (*handler.Endorsement, error) {
 	// extract implementation ID
-	var classAttrs arm.ClassAttributes
+	var classAttrs ClassAttributes
 	if err := classAttrs.FromEnvironment(avk.Environment); err != nil {
 		return nil, fmt.Errorf("could not extract PSA class attributes: %w", err)
 	}
 
 	// extract instance ID
-	var instanceAttrs arm.InstanceAttributes
+	var instanceAttrs InstanceAttributes
 	if err := instanceAttrs.FromEnvironment(avk.Environment); err != nil {
 		return nil, fmt.Errorf("could not extract PSA instance-id: %w", err)
 	}
@@ -138,8 +133,8 @@ func (o CcaSsdExtractor) TaExtractor(avk comid.AttestVerifKey) (*handler.Endorse
 }
 
 func makeTaAttrs(
-	i arm.InstanceAttributes,
-	c arm.ClassAttributes,
+	i InstanceAttributes,
+	c ClassAttributes,
 	key *comid.CryptoKey,
 	subscheme string,
 ) (json.RawMessage, error) {

scheme/common/arm/cca/ccaplatformconfigid.go → scheme/common/arm/ccaplatformconfigid.go

@@ -1,13 +1,12 @@
 // Copyright 2022-2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
-package cca
+package arm
 
 import (
 	"encoding/json"
 	"fmt"
 
 	"github.com/veraison/corim/comid"
-	"github.com/veraison/services/scheme/common/arm"
 )
 
 type CCAPlatformConfigID struct {
@@ -40,7 +39,7 @@ func (o CCAPlatformConfigID) GetRefValType() string {
 
 // For CCAPlatformConfigID object, scheme argument is not strictly required, but is required for other
 // usage of the same interface
-func (o CCAPlatformConfigID) MakeRefAttrs(c arm.ClassAttributes, scheme string) (json.RawMessage, error) {
+func (o CCAPlatformConfigID) MakeRefAttrs(c ClassAttributes, scheme string) (json.RawMessage, error) {
 	refAttrs := map[string]interface{}{
 		scheme + ".impl-id":               c.ImplID,
 		scheme + ".platform-config-label": o.Label,

scheme/common/arm/classattributes.go

@@ -1,4 +1,4 @@
-// Copyright 2022-2023 Contributors to the Veraison project.
+// Copyright 2022-2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 package arm
 

scheme/common/arm/handlers.go

@@ -59,7 +59,7 @@ func SynthKeysFromRefValue(scheme string, tenantID string,
 		case "CCA_SSD_PLATFORM":
 			return synthKeysForPlatform(scheme, tenantID, refVal)
 		case "CCA_REALM":
-			return synthKeysForCcaRealm(refVal.SubScheme, tenantID, refVal)
+			return SynthKeysForCcaRealm(refVal.SubScheme, tenantID, refVal)
 		default:
 			return nil, fmt.Errorf("invalid subscheme: %s, for Scheme: %s", refVal.SubScheme, refVal.Scheme)
 		}
@@ -83,13 +83,6 @@ func synthKeysForPlatform(scheme string, tenantID string,
 	return []string{lookupKey}, nil
 }
 
-func synthKeysForCcaRealm(subscheme string, tenantID string,
-	refVal *handler.Endorsement,
-) ([]string, error) {
-
-	return nil, nil
-}
-
 func GetReferenceIDs(
 	scheme string,
 	tenantID string,
@@ -103,7 +96,7 @@ func GetReferenceIDs(
 		if err != nil {
 			return nil, fmt.Errorf("unable to get cca platform reference IDs: %w", err)
 		}
-		rids, err := getRealmReferenceIDs(scheme, tenantID, claims)
+		rids, err := GetRealmReferenceIDs(scheme, tenantID, claims)
 		if err != nil {
 			return nil, fmt.Errorf("unable to get cca realm reference IDs: %w", err)
 		}
@@ -134,29 +127,6 @@ func getPlatformReferenceIDs(
 	)}, nil
 }
 
-func getRealmReferenceIDs(
-	scheme string,
-	tenantID string,
-	claims map[string]interface{},
-) ([]string, error) {
-	realmClaimsMap, ok := claims["cca.realm"].(map[string]interface{})
-	if !ok {
-		return nil, fmt.Errorf("claims do not contain realm map: %v", claims)
-	}
-
-	realmClaims, err := common.MapToClaims(realmClaimsMap)
-	if err != nil {
-		return nil, err
-	}
-
-	// TO DO Correct this implementation
-	return []string{RefValLookupKey(
-		scheme,
-		tenantID,
-		MustImplIDString(realmClaims),
-	)}, nil
-}
-
 func SynthKeysFromTrustAnchors(scheme string, tenantID string,
 	ta *handler.Endorsement,
 ) ([]string, error) {

scheme/common/arm/cca/realm_classattributes.go → scheme/common/arm/realm_classattributes.go

@@ -1,6 +1,6 @@
 // Copyright 2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
-package cca
+package arm
 
 import (
 	"errors"
@@ -10,13 +10,13 @@ import (
 	"github.com/veraison/services/log"
 )
 
-type ClassAttributes struct {
+type RealmClassAttributes struct {
 	UUID   *string
 	Vendor *string
 }
 
 // extract class variables from environment
-func (o *ClassAttributes) FromEnvironment(e comid.Environment) error {
+func (o *RealmClassAttributes) FromEnvironment(e comid.Environment) error {
 	class := e.Class
 
 	if class == nil {