Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce Store handler interface #211

Merged
merged 4 commits into from
Mar 20, 2024
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ jobs:
runs-on: ubuntu-latest
env:
GO111MODULE: on
CI_PIPELINE: true
steps:
- uses: actions/setup-go@v3
with:
Expand Down Expand Up @@ -39,4 +40,4 @@ jobs:
- name: Run tests
run: |
go version
make -w test
make -w test CI_PIPELINE=${{ env.CI_PIPELINE }}
2 changes: 2 additions & 0 deletions auth/problem.go
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
// Copyright 2024 Contributors to the Veraison project.
// SPDX-License-Identifier: Apache-2.0
package auth

import (
Expand Down
4 changes: 4 additions & 0 deletions builtin/schemes.gen.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,13 @@ import (
var plugins = []plugin.IPluggable{
&scheme1.EvidenceHandler{},
&scheme1.EndorsementHandler{},
&scheme1.StoreHandler{},
&scheme2.EvidenceHandler{},
&scheme2.StoreHandler{},
&scheme3.EvidenceHandler{},
&scheme3.EndorsementHandler{},
&scheme3.StoreHandler{},
&scheme4.EvidenceHandler{},
&scheme4.EndorsementHandler{},
&scheme4.StoreHandler{},
}
2 changes: 2 additions & 0 deletions end-to-end/input/corim-src/build-endorsements.sh
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
#!/bin/bash
# Copyright 2024 Contributors to the Veraison project.
# SPDX-License-Identifier: Apache-2.0
set -e

TEMP_DIR=/tmp/veraison-end-to-end
Expand Down
6 changes: 3 additions & 3 deletions handler/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
This package defines [`IEvidenceHandler`](ievidencehandler.go) and
[`IEndorsementHandler`](iendorsementhandler.go) [pluggable](../plugin/README.md)
This package defines [`IEvidenceHandler`](ievidencehandler.go),
[`IEndorsementHandler`](iendorsementhandler.go) and [`IStoreHandler`](istorehandler.go) [pluggable](../plugin/README.md)
interfaces and associated RPC channels. These are used to add new attestation
scheme to Veraison services. Additionally, the package defines a [couple
of wrappers](plugin.go) around `plugin.RegisterImplementation` for registering
implementations of these two interfaces.
implementations of these three interfaces.
2 changes: 1 addition & 1 deletion handler/endorsement.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2023 Contributors to the Veraison project.
// Copyright 2024 Contributors to the Veraison project.
// SPDX-License-Identifier: Apache-2.0
package handler

Expand Down
2 changes: 1 addition & 1 deletion handler/endorsement_rpc.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2022-2023 Contributors to the Veraison project.
// Copyright 2022-2024 Contributors to the Veraison project.
// SPDX-License-Identifier: Apache-2.0
package handler

Expand Down
2 changes: 1 addition & 1 deletion handler/error.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2023 Contributors to the Veraison project.
// Copyright 2024 Contributors to the Veraison project.
// SPDX-License-Identifier: Apache-2.0
yogeshbdeshpande marked this conversation as resolved.
Show resolved Hide resolved
package handler

Expand Down
2 changes: 1 addition & 1 deletion handler/error_test.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2023 Contributors to the Veraison project.
// Copyright 2024 Contributors to the Veraison project.
// SPDX-License-Identifier: Apache-2.0
package handler

Expand Down
122 changes: 1 addition & 121 deletions handler/evidence_rpc.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2022-2023 Contributors to the Veraison project.
// Copyright 2022-2024 Contributors to the Veraison project.
// SPDX-License-Identifier: Apache-2.0
package handler

Expand Down Expand Up @@ -45,59 +45,6 @@ func (s *RPCServer) GetSupportedMediaTypes(args interface{}, resp *[]string) err
return nil
}

type SynthKeysArgs struct {
TenantID string
EndorsementJSON []byte
}

func (s *RPCServer) SynthKeysFromRefValue(args SynthKeysArgs, resp *[]string) error {
var (
err error
swComp Endorsement
)

err = json.Unmarshal(args.EndorsementJSON, &swComp)
if err != nil {
return fmt.Errorf("unmarshaling software component: %w", err)
}

*resp, err = s.Impl.SynthKeysFromRefValue(args.TenantID, &swComp)

return err
}

func (s *RPCServer) SynthKeysFromTrustAnchor(args SynthKeysArgs, resp *[]string) error {
var (
err error
ta Endorsement
)

err = json.Unmarshal(args.EndorsementJSON, &ta)
if err != nil {
return fmt.Errorf("unmarshaling trust anchor: %w", err)
}

*resp, err = s.Impl.SynthKeysFromTrustAnchor(args.TenantID, &ta)

return err
}

func (s *RPCServer) GetTrustAnchorIDs(data []byte, resp *[]string) error {
var (
err error
token proto.AttestationToken
)

err = json.Unmarshal(data, &token)
if err != nil {
return fmt.Errorf("unmarshaling attestation token: %w", err)
}

*resp, err = s.Impl.GetTrustAnchorIDs(&token)

return err
}

type ExtractClaimsArgs struct {
Token []byte
TrustAnchors []string
Expand Down Expand Up @@ -216,73 +163,6 @@ func (s *RPCClient) GetSupportedMediaTypes() []string {
return resp
}

func (s *RPCClient) SynthKeysFromRefValue(tenantID string, swComp *Endorsement) ([]string, error) {
var (
err error
resp []string
args SynthKeysArgs
)

args.TenantID = tenantID

args.EndorsementJSON, err = json.Marshal(swComp)
if err != nil {
return nil, fmt.Errorf("marshaling software component: %w", err)
}

err = s.client.Call("Plugin.SynthKeysFromRefValue", args, &resp)
if err != nil {
err = ParseError(err)
return nil, fmt.Errorf("Plugin.SynthKeysFromRefValue RPC call failed: %w", err) // nolint
}

return resp, nil
}

func (s *RPCClient) SynthKeysFromTrustAnchor(tenantID string, ta *Endorsement) ([]string, error) {
var (
err error
resp []string
args SynthKeysArgs
)

args.TenantID = tenantID

args.EndorsementJSON, err = json.Marshal(ta)
if err != nil {
return nil, fmt.Errorf("marshaling trust anchor: %w", err)
}

err = s.client.Call("Plugin.SynthKeysFromTrustAnchor", args, &resp)
if err != nil {
err = ParseError(err)
return nil, fmt.Errorf("Plugin.SynthKeysFromTrustAnchor RPC call failed: %w", err) // nolint
}

return resp, nil
}

func (s *RPCClient) GetTrustAnchorIDs(token *proto.AttestationToken) ([]string, error) {
var (
err error
data []byte
resp []string
)

data, err = json.Marshal(token)
if err != nil {
return []string{""}, fmt.Errorf("marshaling token: %w", err)
}

err = s.client.Call("Plugin.GetTrustAnchorIDs", data, &resp)
if err != nil {
err = ParseError(err)
return []string{""}, fmt.Errorf("Plugin.GetTrustAnchorIDs RPC call failed: %w", err) // nolint
}

return resp, nil
}

func (s *RPCClient) ExtractEvidence(token *proto.AttestationToken, trustAnchors []string) (*ExtractedClaims, error) {
var (
err error
Expand Down
2 changes: 1 addition & 1 deletion handler/idecoder_manager.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2022-2023 Contributors to the Veraison project.
// Copyright 2022-2024 Contributors to the Veraison project.
// SPDX-License-Identifier: Apache-2.0
package handler

Expand Down
2 changes: 1 addition & 1 deletion handler/iendorsementhandler.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2022-2023 Contributors to the Veraison project.
// Copyright 2022-2024 Contributors to the Veraison project.
// SPDX-License-Identifier: Apache-2.0
package handler

Expand Down
19 changes: 3 additions & 16 deletions handler/ievidencehandler.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2021-2023 Contributors to the Veraison project.
// Copyright 2021-2024 Contributors to the Veraison project.
// SPDX-License-Identifier: Apache-2.0
package handler

Expand All @@ -10,15 +10,10 @@ import (

// IEvidenceHandler defines the interface to functionality for working with
// attestation scheme specific evidence tokens. This includes validating token
// integrity, and extracting an appraising claims.
// integrity, extracting and appraising claims.
type IEvidenceHandler interface {
plugin.IPluggable

// GetTrustAnchorIDs returns an array of trust anchor identifiers used
// to retrieve the trust anchors associated with this token. The trust anchors may be necessary to validate the
// entire token and/or extract its claims (if it is encrypted).
GetTrustAnchorIDs(token *proto.AttestationToken) ([]string, error)

// ExtractClaims parses the attestation token and returns claims
// extracted therefrom.
ExtractClaims(
Expand Down Expand Up @@ -48,20 +43,12 @@ type IEvidenceHandler interface {
endorsementsStrings []string,
) error

// AppraiseEvidence evaluates the specified EvidenceContext against
// AppraiseEvidence evaluates the specified EvidenceContext against
// the specified endorsements, and returns an AttestationResult.
AppraiseEvidence(
ec *proto.EvidenceContext,
endorsements []string,
) (*ear.AttestationResult, error)

// SynthKeysFromRefValue synthesizes lookup key(s) for the
// provided reference value endorsement.
SynthKeysFromRefValue(tenantID string, refVal *Endorsement) ([]string, error)

// SynthKeysFromTrustAnchor synthesizes lookup key(s) for the provided
// trust anchor.
SynthKeysFromTrustAnchor(tenantID string, ta *Endorsement) ([]string, error)
}

// ExtractedClaims contains a map of claims extracted from an attestation
Expand Down
29 changes: 29 additions & 0 deletions handler/istorehandler.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
// Copyright 2024 Contributors to the Veraison project.
// SPDX-License-Identifier: Apache-2.0
package handler

import (
"github.com/veraison/services/plugin"
"github.com/veraison/services/proto"
)

// IStoreHandler defines the interfaces for creating and obtaining keys
// to access objects in the Veraison storage layer.
// This includes obtaining Trust Anchor IDs from evidence and synthesizing
// Reference Value and TrustAnchor keys from endorsements
type IStoreHandler interface {
plugin.IPluggable

// GetTrustAnchorIDs returns an array of trust anchor identifiers used
// to retrieve the trust anchors associated with this token. The trust anchors may be necessary to validate the
// entire token and/or extract its claims (if it is encrypted).
GetTrustAnchorIDs(token *proto.AttestationToken) ([]string, error)

// SynthKeysFromRefValue synthesizes lookup key(s) for the
// provided reference value endorsement.
SynthKeysFromRefValue(tenantID string, refVal *Endorsement) ([]string, error)

// SynthKeysFromTrustAnchor synthesizes lookup key(s) for the provided
// trust anchor.
SynthKeysFromTrustAnchor(tenantID string, ta *Endorsement) ([]string, error)
}
yogeshbdeshpande marked this conversation as resolved.
Show resolved Hide resolved
9 changes: 8 additions & 1 deletion handler/plugin.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2022-2023 Contributors to the Veraison project.
// Copyright 2022-2024 Contributors to the Veraison project.
// SPDX-License-Identifier: Apache-2.0
package handler

Expand All @@ -19,3 +19,10 @@ func RegisterEvidenceHandler(i IEvidenceHandler) {
panic(err)
}
}

func RegisterStoreHandler(i IStoreHandler) {
err := plugin.RegisterImplementation("store-handler", i, StoreHandlerRPC)
if err != nil {
panic(err)
}
}
2 changes: 1 addition & 1 deletion handler/result.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2023 Contributors to the Veraison project.
// Copyright 2024 Contributors to the Veraison project.
// SPDX-License-Identifier: Apache-2.0
package handler

Expand Down
Loading
Loading