diff --git a/README.md b/README.md index 34910a97..36397097 100644 --- a/README.md +++ b/README.md @@ -115,3 +115,4 @@ More details about the VTS can be found under [VTS](https://github.com/veraison/ The key-values store is the Veraison Storage Layer. It is used to store both Endorsements and Trust Anchors. KV Store details can be found under [kvstore](https://github.com/veraison/services/tree/migration/kvstore#kv-store) + diff --git a/go.mod b/go.mod index eb723323..2738be6e 100644 --- a/go.mod +++ b/go.mod @@ -15,6 +15,7 @@ require ( github.com/hashicorp/go-hclog v1.2.0 github.com/hashicorp/go-plugin v1.4.4 github.com/jellydator/ttlcache/v3 v3.0.0 + github.com/json-iterator/go v1.1.12 github.com/lestrrat-go/jwx/v2 v2.0.11 github.com/mattn/go-sqlite3 v1.14.14 github.com/mitchellh/mapstructure v1.5.0 @@ -22,13 +23,14 @@ require ( github.com/open-policy-agent/opa v0.43.1 github.com/petar-dambovaliev/aho-corasick v0.0.0-20211021192214-5ab2d9280aa9 github.com/spf13/afero v1.9.2 + github.com/spf13/cobra v1.6.1 github.com/spf13/jwalterweatherman v1.1.0 github.com/spf13/viper v1.13.0 github.com/stretchr/testify v1.8.4 github.com/tbaehler/gin-keycloak v1.5.0 github.com/veraison/ccatoken v1.1.0 github.com/veraison/cmw v0.1.0 - github.com/veraison/corim v1.0.0 + github.com/veraison/corim v1.1.2-0.20230904093201-6df0917f7caf github.com/veraison/dice v0.0.1 github.com/veraison/ear v1.1.0 github.com/veraison/eat v0.0.0-20220117140849-ddaf59d69f53 @@ -41,27 +43,16 @@ require ( gopkg.in/square/go-jose.v2 v2.6.0 ) -require ( - github.com/bytedance/sonic v1.9.1 // indirect - github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect - github.com/gabriel-vasile/mimetype v1.4.2 // indirect - github.com/golang/glog v1.0.0 // indirect - github.com/klauspost/cpuid/v2 v2.2.4 // indirect - github.com/patrickmn/go-cache v2.1.0+incompatible // indirect - github.com/segmentio/asm v1.2.0 // indirect - github.com/twitchyliquid64/golang-asm v0.15.1 // indirect - golang.org/x/arch v0.3.0 // indirect - golang.org/x/oauth2 v0.4.0 // indirect - google.golang.org/appengine v1.6.7 // indirect -) - require ( github.com/OneOfOne/xxhash v1.2.8 // indirect github.com/agnivade/levenshtein v1.0.1 // indirect + github.com/bytedance/sonic v1.9.1 // indirect + github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect github.com/fsnotify/fsnotify v1.5.4 // indirect github.com/fxamacker/cbor/v2 v2.4.0 // indirect + github.com/gabriel-vasile/mimetype v1.4.2 // indirect github.com/ghodss/yaml v1.0.0 // indirect github.com/gin-contrib/sse v0.1.0 // indirect github.com/go-playground/locales v0.14.1 // indirect @@ -69,11 +60,13 @@ require ( github.com/go-playground/validator/v10 v10.14.0 // indirect github.com/gobwas/glob v0.2.3 // indirect github.com/goccy/go-json v0.10.2 // indirect + github.com/golang/glog v1.0.0 // indirect github.com/golang/protobuf v1.5.2 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb // indirect github.com/huandu/xstrings v1.3.3 // indirect - github.com/json-iterator/go v1.1.12 // indirect + github.com/inconshreveable/mousetrap v1.0.1 // indirect + github.com/klauspost/cpuid/v2 v2.2.4 // indirect github.com/leodido/go-urn v1.2.4 // indirect github.com/lestrrat-go/blackmagic v1.0.1 // indirect github.com/lestrrat-go/httpcc v1.0.1 // indirect @@ -87,30 +80,39 @@ require ( github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/oklog/run v1.0.0 // indirect + github.com/patrickmn/go-cache v2.1.0+incompatible // indirect github.com/pelletier/go-toml v1.9.5 // indirect github.com/pelletier/go-toml/v2 v2.0.8 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 // indirect + github.com/segmentio/asm v1.2.0 // indirect github.com/spf13/cast v1.5.0 // indirect - github.com/spf13/pflag v1.0.5 github.com/subosito/gotenv v1.4.1 // indirect + github.com/twitchyliquid64/golang-asm v0.15.1 // indirect github.com/ugorji/go/codec v1.2.11 // indirect github.com/vektah/gqlparser/v2 v2.4.6 // indirect - github.com/veraison/go-cose v1.1.1-0.20230623043903-afdd177c3434 - github.com/veraison/swid v1.1.0 github.com/x448/float16 v0.8.4 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/yashtewari/glob-intersection v0.1.0 // indirect - go.uber.org/atomic v1.10.0 // indirect - go.uber.org/multierr v1.8.0 // indirect - golang.org/x/crypto v0.12.0 // indirect + golang.org/x/arch v0.3.0 // indirect golang.org/x/net v0.10.0 // indirect + golang.org/x/oauth2 v0.4.0 // indirect golang.org/x/sync v0.1.0 // indirect golang.org/x/sys v0.11.0 // indirect + google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) + +require ( + github.com/spf13/pflag v1.0.5 + github.com/veraison/go-cose v1.1.1-0.20230623043903-afdd177c3434 + github.com/veraison/swid v1.1.0 + go.uber.org/atomic v1.10.0 // indirect + go.uber.org/multierr v1.8.0 // indirect + golang.org/x/crypto v0.12.0 +) diff --git a/go.sum b/go.sum index bd70ad09..998b2ee8 100644 --- a/go.sum +++ b/go.sum @@ -672,6 +672,8 @@ github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= +github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/intel/goresctrl v0.2.0/go.mod h1:+CZdzouYFn5EsxgqAQTEzMfwKwuc0fVdMrT9FCCAVRQ= github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA= github.com/j-keck/arping v1.0.2/go.mod h1:aJbELhR92bSk7tp79AWM/ftfc90EfEi2bQJrbBFOsPw= @@ -1029,6 +1031,8 @@ github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSW github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk= github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM= +github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= +github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= @@ -1102,8 +1106,8 @@ github.com/veraison/ccatoken v1.1.0 h1:U0Z5fOQRsdz3ksvvxVzTITczo+kfRxIlkWahJNP6I github.com/veraison/ccatoken v1.1.0/go.mod h1:qh/KBwsrhPyGJqttlh8PU56wt1rPkUCX9A3ZAA/53Nc= github.com/veraison/cmw v0.1.0 h1:vD6tBlGPROCW/HlDcG1jh+XUJi5ihrjXatKZBjrv8mU= github.com/veraison/cmw v0.1.0/go.mod h1:WoBrlgByc6C1FeHhdze1/bQx1kv5d1sWKO5ezEf4Hs4= -github.com/veraison/corim v1.0.0 h1:B2eCyqHXq/Efv349WJCMO27EEcriS5sHWSpR9Bt68t4= -github.com/veraison/corim v1.0.0/go.mod h1:wbdOh5ixkxV1X+wRFh4lmxc6K8nd0PtKsmY4ze/E+VE= +github.com/veraison/corim v1.1.2-0.20230904093201-6df0917f7caf h1:RhPiC0Y/1G3yHGQjDafTciPe7ClynuO2VmXYAkN5TTI= +github.com/veraison/corim v1.1.2-0.20230904093201-6df0917f7caf/go.mod h1:PLvHMHlOYjO3VvSFxSDTOHJl1iIo5HRQS8EWJMgsfLg= github.com/veraison/dice v0.0.1 h1:dOm7ByDN/r4WlDsGkEUXzdPMXgTvAPTAksQ8+BwBrD4= github.com/veraison/dice v0.0.1/go.mod h1:QPMLc5LVMj08VZ+HNMYk4XxWoVYGAUBVm8Rd5V1hzxs= github.com/veraison/ear v1.1.0 h1:vndGaFiG/qqcoIXyTteJ8D9Tf1aGzhds8ufAaUfArgM= @@ -1118,7 +1122,6 @@ github.com/veraison/parsec v0.1.0 h1:522DLNUeWFtO+nMRglKs/aevzw9T3Om51G9FzU5wZWU github.com/veraison/parsec v0.1.0/go.mod h1:Pk/rDokqUqwJ9ZEi49OrxY1yAmvicviWcqK+wxhKusU= github.com/veraison/psatoken v1.2.0 h1:PeHy6YUbhFE9Z9xaQBoAMpMWUEqSHrF2JgfcwMTmFIA= github.com/veraison/psatoken v1.2.0/go.mod h1:2tHLoYMOIS4V4mO8MJT4VstRtpO50FLmhoOR35FyIr4= -github.com/veraison/swid v1.0.0/go.mod h1:d5jt76uMNbTfQ+f2qU4Lt8RvWOTsv6PFgstIM1QdMH0= github.com/veraison/swid v1.1.0 h1:jEf/jobG6j7r9W9HSj2jDi1IGGs7aMKyDgfGEMxQ6is= github.com/veraison/swid v1.1.0/go.mod h1:d5jt76uMNbTfQ+f2qU4Lt8RvWOTsv6PFgstIM1QdMH0= github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= @@ -1250,7 +1253,6 @@ golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g= golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= @@ -1512,9 +1514,9 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -1534,8 +1536,8 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc= golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= diff --git a/utils/README.md b/utils/README.md new file mode 100644 index 00000000..c13e1588 --- /dev/null +++ b/utils/README.md @@ -0,0 +1,5 @@ +# Utilities + +The `utils` directory contains various utilities. +Currently only gen-corim is present. This utility enables quick generation of Endorsements from the Evidence. +Please see the [README.md](gen-corim/README.md) inside gen-corim for a more detailed explanation. \ No newline at end of file diff --git a/utils/gen-corim/README.md b/utils/gen-corim/README.md new file mode 100644 index 00000000..4a1f1881 --- /dev/null +++ b/utils/gen-corim/README.md @@ -0,0 +1,45 @@ +# CoRIM Generation + +## Preconditions + +>>Note: the below assumes both the [evcli](https://github.com/veraison/evcli) and the [cocli](https://github.com/veraison/corim/tree/main/cocli) tools are installed on the system. + +## Installing and configuring + +To install the `gen-corim` command, do: + +``` +$ go install github.com/veraison/services/gen-corim@latest +``` + +## Usage + +``` +$ gen-corim psa evidence.cbor key.json [--template-dir=templates] [--corim-file=endorsements/output.cbor] +``` + +On success, you should see something like this printed to stdout: + +``` +>> generated "endorsements/output.cbor" using "evidence.cbor" +``` +### Supplied Arguments +### Attestation Scheme + +The attestation scheme to be used. The only attestation schemes supported by this service are `psa` and `cca`. + +#### Evidence File + +CBOR-encoded evidence token to be used. + +### Key File + +Public key material needed to verify the evidence. The key file is expected be in [jwk](https://openid.net/specs/draft-jones-json-web-key-03.html) format. + +### Template Directory (Optional) + +The directory containing the CoMID and CoRIM templates via the `--template-dir` switch (abbrev. `-t`). If this flag is not set the path for the template directory will default to `templates` within the current working directory. The template directory must exist and must contain files named `comid-template.json` and `corim-template.json` which contain the respective templates. Some examples of CoMID and CoRIM JSON templates can be found in the [data/templates](data/templates) folder. + +### Output File (Optional) + +If you wish to specify the name and path of the produced endorsement then pass this via the `corim-file` switch (abbrev. `-c`). If this flag is not set then the produced endorsement will be saved in the current working directory under the file name `psa-endorsements.cbor` or `cca-endorsements.cbor` depending on the attestation scheme used. diff --git a/utils/gen-corim/cmd/gen-corim.go b/utils/gen-corim/cmd/gen-corim.go new file mode 100644 index 00000000..8343adaf --- /dev/null +++ b/utils/gen-corim/cmd/gen-corim.go @@ -0,0 +1,400 @@ +// Copyright 2023 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 + +package cmd + +import ( + "bytes" + "crypto" + "crypto/x509" + "encoding/pem" + "errors" + "fmt" + "os" + "os/exec" + + "github.com/lestrrat-go/jwx/v2/jwk" + "github.com/spf13/cobra" + "github.com/veraison/ccatoken" + "github.com/veraison/corim/comid" + "github.com/veraison/eat" + "github.com/veraison/psatoken" +) + +var ( + genCorimAttestationScheme *string + genCorimEvidenceFile *string + genCorimKeyFile *string + genCorimCorimFile *string + genCorimTemplateDir *string +) + +var rootCmd = NewRootCmd() + +func NewRootCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "gen-corim ", + Short: "generate CoRIM from supplied evidence", + Long: `generate CoRIM from supplied evidence + + Generate CoRIM from evidence token (evidence.cbor), attestation scheme to use (only schemes supported + by ths tool are psa and cca), key material needed to verify the evidence (key.json) and templates + supplied in the template directory. + Save it to the current working directory with default file name. + + gen-corim scheme evidence.cbor key.json \ + --template-dir=directory + + Generate CoRIM from evidence token (evidence.cbor), attestation scheme to use (only schemes supported + by ths tool are psa and cca), key material needed to verify the evidence (key.json) and templates + supplied in the template directory. + Save it as target file name (endorsements.cbor) + + gen-corim scheme evidence.cbor key.json \ + --template-dir=directory \ + --corim-file=endorsements.cbor + + Note: the CoMID and CoRIM templates within the template directory must be named comid-template.json + and corim-template.json respectively + `, + Version: "0.0.1", + Args: cobra.ExactArgs(3), + RunE: func(cmd *cobra.Command, args []string) error { + genCorimAttestationScheme = &args[0] + genCorimEvidenceFile = &args[1] + genCorimKeyFile = &args[2] + if err := checkGenCorimArgs(); err != nil { + return err + } + err := generate(genCorimAttestationScheme, genCorimEvidenceFile, genCorimKeyFile, genCorimCorimFile, genCorimTemplateDir) + if err != nil { + return err + } + return nil + }, + SilenceUsage: true, + SilenceErrors: true, + } + + genCorimCorimFile = cmd.Flags().StringP("corim-file", "c", "", "name of the generated CoRIM file") + + genCorimTemplateDir = cmd.Flags().StringP("template-dir", "t", "templates", "path of directory containing the comid and corim templates") + + return cmd +} + +// checkGenCorimArgs checks that the arguments are non-empty and that the relevent filepaths exist +func checkGenCorimArgs() error { + + if *genCorimAttestationScheme != "psa" && *genCorimAttestationScheme != "cca" { + return fmt.Errorf("unsupported attestation scheme %s, only psa and cca are supported", *genCorimAttestationScheme) + } + + if _, err := os.Stat(*genCorimTemplateDir); errors.Is(err, os.ErrNotExist) { + return errors.New("template directory does not exist") + } + + if _, err := os.Stat(*genCorimTemplateDir + "/comid-template.json"); errors.Is(err, os.ErrNotExist) { + return errors.New("file `comid-template.json` is missing from template directory") + } + + if _, err := os.Stat(*genCorimTemplateDir + "/corim-template.json"); errors.Is(err, os.ErrNotExist) { + return errors.New("file `corim-template.json` is missing from template directory") + } + + return nil +} + +func Execute() { + cobra.CheckErr(rootCmd.Execute()) +} + +func generate(attestation_scheme *string, evidence_file *string, key_file *string, corim_file *string, template_dir *string) error { + + dir, err := CreateTemporaryDirectory() + if err != nil { + return err + } + + //validate evidence cryptographically and write to a file + evcli_cmd := exec.Command("evcli", *attestation_scheme, "check", "--token="+*evidence_file, "--key="+*key_file, "--claims="+dir+"/output-evidence-claims.json") + if err = evcli_cmd.Run(); err != nil { + _ = os.RemoveAll(dir) + return fmt.Errorf("error verifying evidence token: %w", err) + } + + comidClaims, err := GetComidClaimsFromTemplate(*template_dir) + if err != nil { + _ = os.RemoveAll(dir) + return err + } + + evidenceClaims, err := GetEvidenceClaims(*attestation_scheme, *evidence_file) + if err != nil { + _ = os.RemoveAll(dir) + return err + } + + schemeClaims, err := GetSchemeClaimsFromEvidenceClaims(evidenceClaims, *attestation_scheme == "cca") + if err != nil { + _ = os.RemoveAll(dir) + return err + } + + measurements := GetMeasurementsFromComponents(schemeClaims.swComponents, schemeClaims.config, *attestation_scheme == "cca") + + //creating a new reference value containing the measurements and the implementation ID from the evidence token + class := comid.NewClassImplID(schemeClaims.implID) + + refVal := comid.ReferenceValue{ + Environment: comid.Environment{Class: class}, + Measurements: measurements, + } + + //replacing the reference values from the template with the created reference value + referenceValues := append(*new([]comid.ReferenceValue), refVal) + comidClaims.Triples.ReferenceValues = &referenceValues + + keys, err := CreateVerifKeysFromJWK(*key_file) + if err != nil { + _ = os.RemoveAll(dir) + return err + } + + instance := comid.NewInstance() + instance.SetUEID(schemeClaims.instID) + + verifKey := comid.AttestVerifKey{ + Environment: comid.Environment{ + Class: class, + Instance: instance, + }, + VerifKeys: keys, + } + + attestVerifKey := append(*new([]comid.AttestVerifKey), verifKey) + comidClaims.Triples.AttestVerifKeys = &attestVerifKey + + err = CreateComidFromClaims(comidClaims, dir) + if err != nil { + _ = os.RemoveAll(dir) + return err + } + + //creating a CoRIM from the CoMID and the provided template + if *corim_file == "" { + *corim_file = *attestation_scheme + "-endorsements.cbor" + } + + corim_cmd := exec.Command("cocli", "corim", "create", "--template="+*template_dir+"/corim-template.json", "--comid="+dir+"/comid-claims.cbor", "--output="+*corim_file) + + if err := corim_cmd.Run(); err != nil { + _ = os.RemoveAll(dir) + return fmt.Errorf("error thrown by cocli corim create: %w", err) + } + + _ = os.RemoveAll(dir) + + fmt.Println(`>> generated "` + *corim_file + `" using "` + *evidence_file + `"`) + + return nil +} + +func convertJwkToPEM(fileName string) (pemKey string, err error) { + var buf bytes.Buffer + // fileName is the name of the file as string type where the JWK is stored + keyJWK, err := os.ReadFile(fileName) + if err != nil { + return "", fmt.Errorf("error loading verifying key from %s: %w", fileName, err) + } + pkey, err := PubKeyFromJWK(keyJWK) + if err != nil { + return "", fmt.Errorf("error loading verifying key from %s: %w", fileName, err) + } + pubBytes2, err := x509.MarshalPKIXPublicKey(pkey) + if err != nil { + return "", fmt.Errorf("failed to marshal public key: %w", err) + } + block := &pem.Block{ + Type: "PUBLIC KEY", + Bytes: pubBytes2, + } + if err := pem.Encode(&buf, block); err != nil { + return "", fmt.Errorf("failed to pem encode: %w", err) + } + keyStr := buf.String() + return keyStr, nil +} + +// PubKeyFromJWK extracts a crypto.PublicKey from the supplied JSON Web Key +func PubKeyFromJWK(rawJWK []byte) (crypto.PublicKey, error) { + var pKey crypto.PublicKey + err := jwk.ParseRawKey(rawJWK, &pKey) + if err != nil { + return nil, fmt.Errorf("%w", err) + } + return pKey, nil +} + +// GenComidClaimsFromTemplate reads in the corim template structure and checks the validity +func GetComidClaimsFromTemplate(template_dir string) (*comid.Comid, error) { + content, err := os.ReadFile(template_dir + "/comid-template.json") + if err != nil { + return nil, fmt.Errorf("error reading comid template: %w", err) + } + + comidClaims := comid.NewComid() + err = comidClaims.FromJSON(content) + if err != nil { + return nil, fmt.Errorf("error umarshalling comid template: %w", err) + } + + err = comidClaims.Valid() + if err != nil { + return nil, fmt.Errorf("error validating comid template: %w", err) + } + + return comidClaims, nil +} + +// GetMeasurementsFromComponents creates a new measurements list to hold the measurements extracted from the evidence token +func GetMeasurementsFromComponents(swComponents []psatoken.SwComponent, config []byte, isCca bool) comid.Measurements { + measurements := comid.NewMeasurements() + + for _, component := range swComponents { + refValID := comid.NewPSARefValID(*component.SignerID) + refValID.SetLabel(*component.MeasurementType) + refValID.SetVersion(*component.Version) + measurement := comid.NewPSAMeasurement(*refValID) + measurement.AddDigest(1, *component.MeasurementValue) + measurements.AddMeasurement(measurement) + } + + //adding cca specific measurement + if isCca { + configID := comid.CCAPlatformConfigID("cfg v1.0.0") + measurement := comid.NewCCAPlatCfgMeasurement(configID).SetRawValueBytes(config, []byte{}) + measurements.AddMeasurement(measurement) + } + + return *measurements +} + +// GetEvidenceClaims reads in the evidence token and extracts the claims +func GetEvidenceClaims(attestation_scheme string, evidence_file string) (psatoken.IClaims, error) { + content, err := os.ReadFile(evidence_file) + if err != nil { + return nil, fmt.Errorf("error reading the evidence token: %w", err) + } + + var evidenceClaims psatoken.IClaims + + if attestation_scheme == "psa" { + var evidence psatoken.Evidence + + err = evidence.FromCOSE(content) + if err != nil { + return nil, fmt.Errorf("error umarshalling evidence token: %w", err) + } + + evidenceClaims = evidence.Claims + } else { + var evidence ccatoken.Evidence + + err = evidence.FromCBOR(content) + if err != nil { + return nil, fmt.Errorf("error umarshalling evidence token: %w", err) + } + + evidenceClaims = evidence.PlatformClaims + } + return evidenceClaims, nil +} + +// GetSchemeClaimsFromEvidenceClaims stores the key components of the the claims in the desired format +func GetSchemeClaimsFromEvidenceClaims(evidenceClaims psatoken.IClaims, isCca bool) (*SchemeClaims, error) { + swComponents, err := evidenceClaims.GetSoftwareComponents() + if err != nil { + return nil, fmt.Errorf("error extracting software components: %w", err) + } + + implIDBytes, err := evidenceClaims.GetImplID() + if err != nil { + return nil, fmt.Errorf("error extracting implementation ID: %w", err) + } + var implID comid.ImplID + copy(implID[:], implIDBytes) + + instID, err := evidenceClaims.GetInstID() + if err != nil { + return nil, fmt.Errorf("error extracting instance ID: %w", err) + } + var ueid eat.UEID = instID + + var config []byte + if isCca { + config, err = evidenceClaims.GetConfig() + if err != nil { + return nil, fmt.Errorf("error extracting configuration data: %w", err) + } + } + + return &SchemeClaims{ + swComponents: swComponents, + implID: implID, + instID: ueid, + config: config, + }, nil +} + +type SchemeClaims struct { + swComponents []psatoken.SwComponent + implID comid.ImplID + instID eat.UEID + config []byte +} + +func CreateComidFromClaims(comidClaims *comid.Comid, dir string) error { + //writing the constructed claims into a json file to be used as a CoMID template + content, err := comidClaims.ToJSON() + if err != nil { + return fmt.Errorf("error marshalling claims: %w", err) + } + os.WriteFile(dir+"/comid-claims.json", content, 0664) + + //creating a CoMID from the constructed template + comid_cmd := exec.Command("cocli", "comid", "create", "--template="+dir+"/comid-claims.json", "--output-dir="+dir) + if err := comid_cmd.Run(); err != nil { + return fmt.Errorf("error thrown by cocli comid create: %w", err) + } + + return nil +} + +// CreateTemporaryDirectory creates a temporary directory to store the intermediate files +func CreateTemporaryDirectory() (string, error) { + wd, err := os.Getwd() + if err != nil { + return "", fmt.Errorf("error finding working directory: %w", err) + } + + dir, err := os.MkdirTemp(wd, "gen-corim_data") + if err != nil { + return "", fmt.Errorf("error creating temporary directory: %w", err) + } + + return dir, nil +} + +// CreateVerifKeysFromJWK extracts the key data from the key file and uses it to overwrite the AttestVerifKeys triple +func CreateVerifKeysFromJWK(key_file string) (comid.VerifKeys, error) { + key_data, err := convertJwkToPEM(key_file) + if err != nil { + return nil, err + } + key := comid.NewVerifKey() + key.SetKey(key_data) + keys := comid.NewVerifKeys() + keys.AddVerifKey(key) + return *keys, nil +} diff --git a/utils/gen-corim/cmd/gen-corim_test.go b/utils/gen-corim/cmd/gen-corim_test.go new file mode 100644 index 00000000..a6e652d7 --- /dev/null +++ b/utils/gen-corim/cmd/gen-corim_test.go @@ -0,0 +1,279 @@ +// Copyright 2021 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 + +package cmd + +import ( + "os" + "testing" + + "github.com/stretchr/testify/assert" +) + +func Test_RootCmd_unknown_argument(t *testing.T) { + cmd := NewRootCmd() + + args := []string{"--unknown-argument=val"} + cmd.SetArgs(args) + + err := cmd.Execute() + assert.EqualError(t, err, "unknown flag: --unknown-argument") +} + +func Test_RootCmd_with_two_args(t *testing.T) { + cmd := NewRootCmd() + + args := []string{"../data/corims/psa-evidence.cbor", + "../data/keys/es256.json", + } + cmd.SetArgs((args)) + + err := cmd.Execute() + assert.EqualError(t, err, "accepts 3 arg(s), received 2") +} + +func Test_RootCmd_invalid_attestation_scheme(t *testing.T) { + cmd := NewRootCmd() + + args := []string{"invalid-scheme", + "../data/corims/psa-evidence.cbor", + "../data/keys/es256.json", + "--template-dir=../data/templates/psa", + } + cmd.SetArgs((args)) + + err := cmd.Execute() + assert.EqualError(t, err, "unsupported attestation scheme invalid-scheme, only psa and cca are supported") +} + +func Test_RootCmd_psa_runs(t *testing.T) { + + cmd := NewRootCmd() + + args := []string{"psa", + "../data/corims/psa-evidence.cbor", + "../data/keys/es256.json", + "--template-dir=../data/templates/psa", + } + cmd.SetArgs((args)) + + err := cmd.Execute() + assert.NoError(t, err) + os.Remove("psa-endorsements.cbor") +} + +func Test_RootCmd_cca_runs(t *testing.T) { + + cmd := NewRootCmd() + + args := []string{"cca", + "../data/corims/cca-evidence.cbor", + "../data/keys/es256.json", + "--template-dir=../data/templates/psa", + } + cmd.SetArgs((args)) + + err := cmd.Execute() + assert.NoError(t, err) + os.Remove("cca-endorsements.cbor") +} + +func Test_RootCmd_with_output(t *testing.T) { + + cmd := NewRootCmd() + + args := []string{"psa", + "../data/corims/psa-evidence.cbor", + "../data/keys/es256.json", + "--template-dir=../data/templates/psa", + "--corim-file=../data/corims/test-target.cbor", + } + cmd.SetArgs((args)) + + os.Remove("../data/corims/test-target.cbor") + + err := cmd.Execute() + assert.NoError(t, err) + assert.FileExists(t, "../data/corims/test-target.cbor") + os.Remove("../data/corims/test-target.cbor") +} + +func Test_RootCmd_Execute(t *testing.T) { + + *genCorimTemplateDir = "../data/templates/psa" + *genCorimCorimFile = "" + + os.Args = []string{"gen-corim", "psa", "../data/corims/psa-evidence.cbor", "../data/keys/es256.json"} + + Execute() + os.Remove("psa-endorsements.cbor") +} + +func Test_RootCmd_with_wrong_key(t *testing.T) { + + cmd := NewRootCmd() + + args := []string{"psa", + "../data/corims/psa-evidence.cbor", + "../data/keys/ec256.json", + "--template-dir=../data/templates/psa", + } + cmd.SetArgs((args)) + + err := cmd.Execute() + assert.Error(t, err) +} + +func Test_RootCmd_with_wrong_scheme(t *testing.T) { + + cmd := NewRootCmd() + + args := []string{"psa", + "../data/corims/cca-evidence.cbor", + "../data/keys/es256.json", + "--template-dir=../data/templates/cca", + } + cmd.SetArgs((args)) + + err := cmd.Execute() + assert.Error(t, err) +} + +func Test_RootCmd_with_bad_evidence(t *testing.T) { + + cmd := NewRootCmd() + + args := []string{"psa", + "../data/corims/bad-evidence.cbor", + "../data/keys/es256.json", + "--template-dir=../data/templates/psa", + } + cmd.SetArgs((args)) + + err := cmd.Execute() + assert.Error(t, err) +} + +func Test_RootCmd_with_bad_output_path(t *testing.T) { + + cmd := NewRootCmd() + + args := []string{"psa", + "../data/corims/psa-evidence.cbor", + "../data/keys/es256.json", + "--template-dir=../data/templates/psa", + "--corim-file=../data/", + } + cmd.SetArgs((args)) + + err := cmd.Execute() + assert.Error(t, err) +} + +func Test_RootCmd_with_no_template_dir(t *testing.T) { + + cmd := NewRootCmd() + + args := []string{"psa", + "../data/corims/psa-evidence.cbor", + "../data/keys/es256.json", + } + cmd.SetArgs((args)) + + err := cmd.Execute() + assert.EqualError(t, err, "template directory does not exist") +} + +func Test_RootCmd_with_bad_template_dir_path(t *testing.T) { + + cmd := NewRootCmd() + + args := []string{"psa", + "../data/corims/psa-evidence.cbor", + "../data/keys/es256.json", + "--template-dir=../data/not-exist", + } + cmd.SetArgs((args)) + + err := cmd.Execute() + assert.EqualError(t, err, "template directory does not exist") +} + +func Test_RootCmd_with_missing_comid_template(t *testing.T) { + + cmd := NewRootCmd() + + args := []string{"psa", + "../data/corims/psa-evidence.cbor", + "../data/keys/es256.json", + "--template-dir=../data/templates/psa/error-templates/just-corim", + } + cmd.SetArgs((args)) + + err := cmd.Execute() + assert.EqualError(t, err, "file `comid-template.json` is missing from template directory") +} + +func Test_RootCmd_with_missing_corim_template(t *testing.T) { + + cmd := NewRootCmd() + + args := []string{"psa", + "../data/corims/psa-evidence.cbor", + "../data/keys/es256.json", + "--template-dir=../data/templates/psa/error-templates/just-comid", + } + cmd.SetArgs((args)) + + err := cmd.Execute() + assert.EqualError(t, err, "file `corim-template.json` is missing from template directory") +} + +func Test_RootCmd_with_bad_comid_template(t *testing.T) { + + cmd := NewRootCmd() + + args := []string{"psa", + "../data/corims/psa-evidence.cbor", + "../data/keys/es256.json", + "--template-dir=../data/templates/psa/error-templates/bad-comid", + } + cmd.SetArgs((args)) + + err := cmd.Execute() + assert.Error(t, err) +} + +func Test_RootCmd_with_bad_corim_template(t *testing.T) { + + cmd := NewRootCmd() + + args := []string{"psa", + "../data/corims/psa-evidence.cbor", + "../data/keys/es256.json", + "--template-dir=../data/templates/psa/error-templates/bad-corim", + } + cmd.SetArgs((args)) + + err := cmd.Execute() + assert.Error(t, err) +} + +func Test_PubKeyFromJWK_with_bad_key(t *testing.T) { + _, err := PubKeyFromJWK(nil) + assert.Error(t, err) +} + +func Test_convertJwkToPEM_with_bad_path(t *testing.T) { + _, err := convertJwkToPEM("") + assert.Error(t, err) +} + +func Test_convertJwkToPEM_with_pub_key(t *testing.T) { + _, err := convertJwkToPEM("../data/keys/ec256.json") + assert.Error(t, err) +} +func Test_convertJwkToPEM_with_bad_file(t *testing.T) { + _, err := convertJwkToPEM("../data/templates/comid-claims-template.json") + assert.Error(t, err) +} diff --git a/utils/gen-corim/data/corims/bad-evidence.cbor b/utils/gen-corim/data/corims/bad-evidence.cbor new file mode 100644 index 00000000..e69de29b diff --git a/utils/gen-corim/data/corims/cca-evidence.cbor b/utils/gen-corim/data/corims/cca-evidence.cbor new file mode 100644 index 00000000..b5c55e59 Binary files /dev/null and b/utils/gen-corim/data/corims/cca-evidence.cbor differ diff --git a/utils/gen-corim/data/corims/psa-evidence.cbor b/utils/gen-corim/data/corims/psa-evidence.cbor new file mode 100644 index 00000000..1d81048e Binary files /dev/null and b/utils/gen-corim/data/corims/psa-evidence.cbor differ diff --git a/utils/gen-corim/data/keys/ec256.json b/utils/gen-corim/data/keys/ec256.json new file mode 100644 index 00000000..ba43680e --- /dev/null +++ b/utils/gen-corim/data/keys/ec256.json @@ -0,0 +1,7 @@ +{ + "kty": "EC", + "crv": "P-256", + "x": "MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", + "y": "4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", + "d": "870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE" +} \ No newline at end of file diff --git a/utils/gen-corim/data/keys/es256.json b/utils/gen-corim/data/keys/es256.json new file mode 100644 index 00000000..cd905bbe --- /dev/null +++ b/utils/gen-corim/data/keys/es256.json @@ -0,0 +1,8 @@ +{ + "kty": "EC", + "crv": "P-256", + "x": "MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", + "y": "4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", + "use": "enc", + "kid": "1" +} \ No newline at end of file diff --git a/utils/gen-corim/data/templates/cca/comid-template.json b/utils/gen-corim/data/templates/cca/comid-template.json new file mode 100644 index 00000000..4cb54197 --- /dev/null +++ b/utils/gen-corim/data/templates/cca/comid-template.json @@ -0,0 +1,20 @@ +{ + "lang": "en-GB", + "tag-identity": { + "id": "43bbe37f-2e61-4b33-aed3-53cff1428b16" + }, + "entities": [ + { + "name": "ACME Ltd.", + "regid": "https://acme.example", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [] + } +} \ No newline at end of file diff --git a/utils/gen-corim/data/templates/cca/corim-template.json b/utils/gen-corim/data/templates/cca/corim-template.json new file mode 100644 index 00000000..98fa9c5a --- /dev/null +++ b/utils/gen-corim/data/templates/cca/corim-template.json @@ -0,0 +1,25 @@ +{ + "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc", + "dependent-rims": [ + { + "href": "https://parent.example/rims/ccb3aa85-61b4-40f1-848e-02ad6e8a254b", + "thumbprint": "sha-256:5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXU=" + } + ], + "profiles": [ + "http://arm.com/cca/ssd/1" + ], + "validity": { + "not-before": "2021-12-31T00:00:00Z", + "not-after": "2025-12-31T00:00:00Z" + }, + "entities": [ + { + "name": "ACME Ltd.", + "regid": "acme.example", + "roles": [ + "manifestCreator" + ] + } + ] +} \ No newline at end of file diff --git a/utils/gen-corim/data/templates/psa/comid-template.json b/utils/gen-corim/data/templates/psa/comid-template.json new file mode 100644 index 00000000..4cb54197 --- /dev/null +++ b/utils/gen-corim/data/templates/psa/comid-template.json @@ -0,0 +1,20 @@ +{ + "lang": "en-GB", + "tag-identity": { + "id": "43bbe37f-2e61-4b33-aed3-53cff1428b16" + }, + "entities": [ + { + "name": "ACME Ltd.", + "regid": "https://acme.example", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [] + } +} \ No newline at end of file diff --git a/utils/gen-corim/data/templates/psa/corim-template.json b/utils/gen-corim/data/templates/psa/corim-template.json new file mode 100644 index 00000000..59446fb9 --- /dev/null +++ b/utils/gen-corim/data/templates/psa/corim-template.json @@ -0,0 +1,25 @@ +{ + "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc", + "dependent-rims": [ + { + "href": "https://parent.example/rims/ccb3aa85-61b4-40f1-848e-02ad6e8a254b", + "thumbprint": "sha-256:5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXU=" + } + ], + "profiles": [ + "http://arm.com/psa/iot/1" + ], + "validity": { + "not-before": "2021-12-31T00:00:00Z", + "not-after": "2025-12-31T00:00:00Z" + }, + "entities": [ + { + "name": "ACME Ltd.", + "regid": "acme.example", + "roles": [ + "manifestCreator" + ] + } + ] +} \ No newline at end of file diff --git a/utils/gen-corim/data/templates/psa/error-templates/bad-comid/comid-template.json b/utils/gen-corim/data/templates/psa/error-templates/bad-comid/comid-template.json new file mode 100644 index 00000000..0e526515 --- /dev/null +++ b/utils/gen-corim/data/templates/psa/error-templates/bad-comid/comid-template.json @@ -0,0 +1,18 @@ +{ + "lang": "en-GB", + "tag-identity": { + "id": "43bbe37f-2e61-4b33-aed3-53cff1428b16" + }, + "entities": [ + { + "name": "ACME Ltd.", + "regid": "https://acme.example", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ], + "error": "error" + } + ] +} \ No newline at end of file diff --git a/utils/gen-corim/data/templates/psa/error-templates/bad-comid/corim-template.json b/utils/gen-corim/data/templates/psa/error-templates/bad-comid/corim-template.json new file mode 100644 index 00000000..59446fb9 --- /dev/null +++ b/utils/gen-corim/data/templates/psa/error-templates/bad-comid/corim-template.json @@ -0,0 +1,25 @@ +{ + "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc", + "dependent-rims": [ + { + "href": "https://parent.example/rims/ccb3aa85-61b4-40f1-848e-02ad6e8a254b", + "thumbprint": "sha-256:5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXU=" + } + ], + "profiles": [ + "http://arm.com/psa/iot/1" + ], + "validity": { + "not-before": "2021-12-31T00:00:00Z", + "not-after": "2025-12-31T00:00:00Z" + }, + "entities": [ + { + "name": "ACME Ltd.", + "regid": "acme.example", + "roles": [ + "manifestCreator" + ] + } + ] +} \ No newline at end of file diff --git a/utils/gen-corim/data/templates/psa/error-templates/bad-corim/comid-template.json b/utils/gen-corim/data/templates/psa/error-templates/bad-corim/comid-template.json new file mode 100644 index 00000000..4cb54197 --- /dev/null +++ b/utils/gen-corim/data/templates/psa/error-templates/bad-corim/comid-template.json @@ -0,0 +1,20 @@ +{ + "lang": "en-GB", + "tag-identity": { + "id": "43bbe37f-2e61-4b33-aed3-53cff1428b16" + }, + "entities": [ + { + "name": "ACME Ltd.", + "regid": "https://acme.example", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [] + } +} \ No newline at end of file diff --git a/utils/gen-corim/data/templates/psa/error-templates/bad-corim/corim-template.json b/utils/gen-corim/data/templates/psa/error-templates/bad-corim/corim-template.json new file mode 100644 index 00000000..221b7da2 --- /dev/null +++ b/utils/gen-corim/data/templates/psa/error-templates/bad-corim/corim-template.json @@ -0,0 +1,25 @@ +{ + "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc", + "dependent-rims": [ + { + "href": "https://parent.example/rims/ccb3aa85-61b4-40f1-848e-02ad6e8a254b", + "thumbprint": "sha-256:5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXU=" + } + ], + "profiles": [ + "http://arm.com/psa/iot/1" + ], + "validity": { + "not-before": "error", + "not-after": "2025-12-31T00:00:00Z" + }, + "entities": [ + { + "name": "ACME Ltd.", + "regid": "acme.example", + "roles": [ + "manifestCreator" + ] + } + ] +} \ No newline at end of file diff --git a/utils/gen-corim/data/templates/psa/error-templates/just-comid/comid-template.json b/utils/gen-corim/data/templates/psa/error-templates/just-comid/comid-template.json new file mode 100644 index 00000000..4cb54197 --- /dev/null +++ b/utils/gen-corim/data/templates/psa/error-templates/just-comid/comid-template.json @@ -0,0 +1,20 @@ +{ + "lang": "en-GB", + "tag-identity": { + "id": "43bbe37f-2e61-4b33-aed3-53cff1428b16" + }, + "entities": [ + { + "name": "ACME Ltd.", + "regid": "https://acme.example", + "roles": [ + "tagCreator", + "creator", + "maintainer" + ] + } + ], + "triples": { + "reference-values": [] + } +} \ No newline at end of file diff --git a/utils/gen-corim/data/templates/psa/error-templates/just-corim/corim-template.json b/utils/gen-corim/data/templates/psa/error-templates/just-corim/corim-template.json new file mode 100644 index 00000000..59446fb9 --- /dev/null +++ b/utils/gen-corim/data/templates/psa/error-templates/just-corim/corim-template.json @@ -0,0 +1,25 @@ +{ + "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc", + "dependent-rims": [ + { + "href": "https://parent.example/rims/ccb3aa85-61b4-40f1-848e-02ad6e8a254b", + "thumbprint": "sha-256:5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXU=" + } + ], + "profiles": [ + "http://arm.com/psa/iot/1" + ], + "validity": { + "not-before": "2021-12-31T00:00:00Z", + "not-after": "2025-12-31T00:00:00Z" + }, + "entities": [ + { + "name": "ACME Ltd.", + "regid": "acme.example", + "roles": [ + "manifestCreator" + ] + } + ] +} \ No newline at end of file diff --git a/utils/gen-corim/main.go b/utils/gen-corim/main.go new file mode 100644 index 00000000..1146be8f --- /dev/null +++ b/utils/gen-corim/main.go @@ -0,0 +1,12 @@ +// Copyright 2021 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 + +package main + +import ( + "github.com/veraison/services/utils/gen-corim/cmd" +) + +func main() { + cmd.Execute() +}