Skip to content

Commit

Permalink
Add a seperate function for adding extensions
Browse files Browse the repository at this point in the history
Signed-off-by: Yogesh Deshpande <[email protected]>
  • Loading branch information
yogeshbdeshpande committed Dec 4, 2024
1 parent 34256f3 commit 55f9884
Show file tree
Hide file tree
Showing 4 changed files with 101 additions and 36 deletions.
106 changes: 84 additions & 22 deletions comid/tdx-profile/example_seam_refval_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ package tdx

import (
"fmt"
"log"

"github.com/veraison/corim/comid"
"github.com/veraison/corim/corim"
Expand Down Expand Up @@ -57,19 +58,11 @@ func Example_encode_tdx_seam_refval_without_profile() {
}

// Set the Extensions now
measurement.Val.Extensions.Set("tcbdate", "123")
measurement.Val.Extensions.Set("isvprodid", 1)
measurement.Val.Extensions.Set("isvsvn", 10)
measurement.Val.Extensions.Set("tcbEvalNum", 11)
measurement.Val.Extensions.Set("attributes", []byte{0x01, 0x01})
setMValExtensions(measurement.Val)

d := comid.NewDigests()
d.AddDigest(swid.Sha256, comid.MustHexDecode(nil, "e45b72f5c0c0b572db4d8d3ab7e97f368ff74e62347a824decb67a84e5224d75"))
d.AddDigest(swid.Sha256, comid.MustHexDecode(nil, "e45b72f5c0c0b572db4d8d3ab7e97f368ff74e62347a824decb67a84e5224d75e45b72f5c0c0b572db4d8d3ab7e97f36"))

measurement.Val.Extensions.Set("mrsigner", d)
refVal.Measurements.Add(measurement)
coMID.Triples.AddReferenceValue(*refVal)

err = coMID.Valid()
if err != nil {
fmt.Printf("coMID is not Valid :%s", err.Error())
Expand All @@ -91,20 +84,23 @@ func Example_encode_tdx_seam_refval_without_profile() {

// Output:
//a301a1005043bbe37f2e614b33aed353cff1428b200281a30065494e54454c01d8207168747470733a2f2f696e74656c2e636f6d028301000204a1008182a100a300d86f4c6086480186f84d01020304050171496e74656c20436f72706f726174696f6e02675444585345414d81a101a100a20065312e322e330101
// {"tag-identity":{"id":"43bbe37f-2e61-4b33-aed3-53cff1428b20"},"entities":[{"name":"INTEL","regid":"https://intel.com","roles":["creator","tagCreator","maintainer"]}],"triples":{"reference-values":[{"environment":{"class":{"id":{"type":"oid","value":"2.16.840.1.113741.1.2.3.4.5"},"vendor":"Intel Corporation","model":"TDXSEAM"}},"measurements":[{"value":{"version":{"value":"1.2.3","scheme":"multipartnumeric"}}}]}]}}
}

// Same Effect of Failure Unable to Register Extensions with Profile as well!!!
// In Example: Example_encode_tdx_seam_refval_with_profile() the Extensions are NOT Encoded in CBOR AND JSON Correctly!
// This example is ONE WITH PROFILE
func Example_encode_tdx_seam_refval_with_profile() {
profID, err := eat.NewProfile("http://intel.com/test-profile")

profID, err := eat.NewProfile("http://intel.com/tdx-profile")
if err != nil {
fmt.Printf("Unable to get new Profile")
}

extMap := extensions.NewMap().
Add(comid.ExtReferenceValue, &MvalExtensions{})
err = corim.RegisterProfile(profID, extMap)

myprofile, found := corim.GetProfile(profID)
if !found {
fmt.Printf("Profile NOT Found")
Expand Down Expand Up @@ -133,21 +129,66 @@ func Example_encode_tdx_seam_refval_with_profile() {
if err != nil {
fmt.Printf("\n Measurement Validation Failed: %s \n", err.Error())
}
setMValExtensions(measurement.Val)
refVal.Measurements.Add(measurement)
coMID.Triples.AddReferenceValue(*refVal)
err = coMID.Valid()
if err != nil {
fmt.Printf("coMID is not Valid :%s", err.Error())
}

// Set the Extensions now
measurement.Val.Extensions.Set("tcbdate", "123")
measurement.Val.Extensions.Set("isvprodid", 1)
measurement.Val.Extensions.Set("isvsvn", 10)
measurement.Val.Extensions.Set("tcbEvalNum", 11)
measurement.Val.Extensions.Set("attributes", []byte{0x01, 0x01})
cbor, err := coMID.ToCBOR()
if err == nil {
fmt.Printf("%x\n", cbor)
} else {
fmt.Printf("\n To CBOR Failed: %s \n", err.Error())
}

d := comid.NewDigests()
d.AddDigest(swid.Sha256, comid.MustHexDecode(nil, "e45b72f5c0c0b572db4d8d3ab7e97f368ff74e62347a824decb67a84e5224d75"))
d.AddDigest(swid.Sha256, comid.MustHexDecode(nil, "e45b72f5c0c0b572db4d8d3ab7e97f368ff74e62347a824decb67a84e5224d75e45b72f5c0c0b572db4d8d3ab7e97f36"))
json, err := coMID.ToJSON()
if err == nil {
fmt.Printf("%s\n", string(json))
} else {
fmt.Printf("\n To JSON Failed \n")
}

// Output:
//a301a1005043bbe37f2e614b33aed353cff1428b200281a30065494e54454c01d8207168747470733a2f2f696e74656c2e636f6d028301000204a1008182a100a300d86f4c6086480186f84d01020304050171496e74656c20436f72706f726174696f6e02675444585345414d81a101a100a20065312e322e330101
// {"tag-identity":{"id":"43bbe37f-2e61-4b33-aed3-53cff1428b20"},"entities":[{"name":"INTEL","regid":"https://intel.com","roles":["creator","tagCreator","maintainer"]}],"triples":{"reference-values":[{"environment":{"class":{"id":{"type":"oid","value":"2.16.840.1.113741.1.2.3.4.5"},"vendor":"Intel Corporation","model":"TDXSEAM"}},"measurements":[{"value":{"version":{"value":"1.2.3","scheme":"multipartnumeric"}}}]}]}}
}

// In Example: Example_encode_tdx_seam_refval_without_profile() the Extensions are NOT Encoded in CBOR AND JSON Correctly!
// This example is WITHOUT PROFILE
func Example_encode_tdx_seam_refval_direct() {
refVal := &comid.ValueTriple{}
measurement := &comid.Measurement{}
refVal.Environment = comid.Environment{
Class: comid.NewClassOID(TestOID).
SetVendor("Intel Corporation").
SetModel("TDXSEAM"),
}

extMap := extensions.NewMap().Add(comid.ExtMval, &MvalExtensions{})
coMID := comid.NewComid().
SetTagIdentity("43BBE37F-2E61-4B33-AED3-53CFF1428B20", 0).
AddEntity("INTEL", &TestRegID, comid.RoleCreator, comid.RoleTagCreator, comid.RoleMaintainer)

if err := measurement.Val.RegisterExtensions(extMap); err != nil {
log.Fatal("could not register refval extensions")
}

// Bug: Needs Mandatory setting of a minimum of one value, apart from Extensions
measurement.Val.Ver = comid.NewVersion()
measurement.Val.Ver.SetVersion("1.2.3")
measurement.Val.Ver.SetScheme(1)
err := measurement.Val.Ver.Valid()
if err != nil {
fmt.Printf("\n Measurement Validation Failed: %s \n", err.Error())
}
setMValExtensions(measurement.Val)

measurement.Val.Extensions.Set("mrsigner", d)
refVal.Measurements.Add(measurement)
coMID.Triples.AddReferenceValue(*refVal)

err = coMID.Valid()
if err != nil {
fmt.Printf("coMID is not Valid :%s", err.Error())
Expand All @@ -166,6 +207,27 @@ func Example_encode_tdx_seam_refval_with_profile() {
} else {
fmt.Printf("\n To JSON Failed \n")
}

// Output:
// a301a1005043bbe37f2e614b33aed353cff1428b200281a30065494e54454c01d8207168747470733a2f2f696e74656c2e636f6d028301000204a1008182a100a300d86f4c6086480186f84d01020304050171496e74656c20436f72706f726174696f6e02675444585345414d81a101a100a20065312e322e330101
//a301a1005043bbe37f2e614b33aed353cff1428b200281a30065494e54454c01d8207168747470733a2f2f696e74656c2e636f6d028301000204a1008182a100a300d86f4c6086480186f84d01020304050171496e74656c20436f72706f726174696f6e02675444585345414d81a101a100a20065312e322e330101
// {"tag-identity":{"id":"43bbe37f-2e61-4b33-aed3-53cff1428b20"},"entities":[{"name":"INTEL","regid":"https://intel.com","roles":["creator","tagCreator","maintainer"]}],"triples":{"reference-values":[{"environment":{"class":{"id":{"type":"oid","value":"2.16.840.1.113741.1.2.3.4.5"},"vendor":"Intel Corporation","model":"TDXSEAM"}},"measurements":[{"value":{"version":{"value":"1.2.3","scheme":"multipartnumeric"}}}]}]}}
}

func setMValExtensions(val comid.Mval) {
tcbDate := tdate("123")
isvProdID := teeIsvProdID([]byte{0x01, 0x01})
svn := teeSVN(10)
teeTcbEvalNum := teeTcbEvalNum(11)
teeAttr := teeAttributes([]byte{0x01, 0x01})
val.Extensions.Set("tcbdate", &tcbDate)

Check failure on line 222 in comid/tdx-profile/example_seam_refval_test.go

View workflow job for this annotation

GitHub Actions / Lint

Error return value of `val.Extensions.Set` is not checked (errcheck)
val.Extensions.Extensions.Set("isvprodid", &isvProdID)

Check failure on line 223 in comid/tdx-profile/example_seam_refval_test.go

View workflow job for this annotation

GitHub Actions / Lint

Error return value of `val.Extensions.Extensions.Set` is not checked (errcheck)
val.Extensions.Extensions.Set("isvsvn", &svn)

Check failure on line 224 in comid/tdx-profile/example_seam_refval_test.go

View workflow job for this annotation

GitHub Actions / Lint

Error return value of `val.Extensions.Extensions.Set` is not checked (errcheck)
val.Extensions.Extensions.Set("tcbevalnum", &teeTcbEvalNum)

Check failure on line 225 in comid/tdx-profile/example_seam_refval_test.go

View workflow job for this annotation

GitHub Actions / Lint

Error return value of `val.Extensions.Extensions.Set` is not checked (errcheck)
val.Extensions.Extensions.Set("attributes", &teeAttr)

Check failure on line 226 in comid/tdx-profile/example_seam_refval_test.go

View workflow job for this annotation

GitHub Actions / Lint

Error return value of `val.Extensions.Extensions.Set` is not checked (errcheck)

d := comid.NewDigests()
d.AddDigest(swid.Sha256, comid.MustHexDecode(nil, "e45b72f5c0c0b572db4d8d3ab7e97f368ff74e62347a824decb67a84e5224d75"))
d.AddDigest(swid.Sha384, comid.MustHexDecode(nil, "e45b72f5c0c0b572db4d8d3ab7e97f368ff74e62347a824decb67a84e5224d75e45b72f5c0c0b572db4d8d3ab7e97f36"))

val.Extensions.Set("mrsigner", d)

Check failure on line 232 in comid/tdx-profile/example_seam_refval_test.go

View workflow job for this annotation

GitHub Actions / Lint

Error return value of `val.Extensions.Set` is not checked (errcheck)
}
26 changes: 13 additions & 13 deletions comid/tdx-profile/mval_extensions.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ import (

"github.com/veraison/corim/comid"
"github.com/veraison/corim/corim"
"github.com/veraison/corim/extensions"
"github.com/veraison/eat"
)

Expand All @@ -16,17 +15,17 @@ import (
// the struct containing the extensions
type MvalExtensions struct {
// a string field extension
TcbDate *tdate `cbor:"-72,keyasint,omitempty" json:"tcbdate,omitempty"`
IsvSVN *teeSVN `cbor:"-73,keyasint,omitempty" json:"isvsvn,omitempty"`
PCEID *pceID `cbor:"-80,keyasint,omitempty" json:"pceid,omitempty"`
MiscSelect *teeMiscSelect `cbor:"-81,keyasint,omitempty" json:"miscselect,omitempty"`
Attributes *teeAtttributes `cbor:"-82,keyasint,omitempty" json:"attributes,omitempty"`
MrSigner *teeDigest `cbor:"-84,keyasint,omitempty" json:"mrsigner,omitempty"`
IsvProdID *teeIsvProdID `cbor:"-85,keyasint,omitempty" json:"isvprodid,omitempty"`
TcbEvalNum *teeTcbEvalNum `cbor:"-86,keyasint,omitempty" json:"tcbevalnum,omitempty"`
TcbStatus *teeTcbStatus `cbor:"-88,keyasint,omitempty" json:"tcbstatus,omitempty"`
AdvisoryIDs *teeAdvisoryID `cbor:"-89,keyasint,omitempty" json:"advisoryids,omitempty"`
Epoch *epochSeconds `cbor:"-90, keyasint,omitempty" json:"epoch,omitempty"`
TcbDate *tdate `cbor:"-72,keyasint,omitempty" json:"tcbdate,omitempty"`
IsvSVN *teeSVN `cbor:"-73,keyasint,omitempty" json:"isvsvn,omitempty"`
PCEID *pceID `cbor:"-80,keyasint,omitempty" json:"pceid,omitempty"`
MiscSelect *teeMiscSelect `cbor:"-81,keyasint,omitempty" json:"miscselect,omitempty"`
Attributes *teeAttributes `cbor:"-82,keyasint,omitempty" json:"attributes,omitempty"`
MrSigner *teeDigest `cbor:"-84,keyasint,omitempty" json:"mrsigner,omitempty"`
IsvProdID *teeIsvProdID `cbor:"-85,keyasint,omitempty" json:"isvprodid,omitempty"`
TcbEvalNum *teeTcbEvalNum `cbor:"-86,keyasint,omitempty" json:"tcbevalnum,omitempty"`
TcbStatus *teeTcbStatus `cbor:"-88,keyasint,omitempty" json:"tcbstatus,omitempty"`
AdvisoryIDs *teeAdvisoryID `cbor:"-89,keyasint,omitempty" json:"advisoryids,omitempty"`
Epoch *epochSeconds `cbor:"-90, keyasint,omitempty" json:"epoch,omitempty"`

TeeCryptoKeys *[]teeCryptoKey `cbor:"-91, keyasint,omitempty" json:"teecryptokeys,omitempty"`
TeeTCBCompSvn *teeTcbCompSvn `cbor:"-125, keyasint,omitempty" json:"teetcbcompsvn,omitempty"`
Expand All @@ -38,6 +37,7 @@ type MvalExtensions struct {
// danger with that is if the your profile ID clashes with another profile,
// which should not happen if it a registered PEN or a URL containing a domain
// that you own.
/*
func init() {
profileID, err := eat.NewProfile("http://intel.com/tdx-profile")
if err != nil {
Expand All @@ -56,7 +56,7 @@ func init() {
panic(err)
}
}

*/
// Now Create CoMID using extensions
func Example_profile_marshal() {
profileID, err := eat.NewProfile("http://intel.com/tdx-profile")
Expand Down
2 changes: 1 addition & 1 deletion comid/tdx-profile/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ type teeTcbCompSvn [16][16]teeSVN

type teeMiscSelect maskType

type teeAtttributes maskType
type teeAttributes maskType

type teeIsvProdID []byte

Expand Down
3 changes: 3 additions & 0 deletions extensions/extensions.go
Original file line number Diff line number Diff line change
Expand Up @@ -357,7 +357,10 @@ func (o *Extensions) GetStringMapString(name string) (map[string]string, error)

func (o *Extensions) Set(name string, value any) error {
if o.IMapValue == nil {
fmt.Printf("YOGESH: Extension NOT Found %s", name)
return fmt.Errorf("%w: %s", ErrExtensionNotFound, name)
} else {

Check failure on line 362 in extensions/extensions.go

View workflow job for this annotation

GitHub Actions / Lint

indent-error-flow: if block ends with a return statement, so drop this else and outdent its block (revive)
fmt.Printf("\nYOGESH: Extension Found \n%s", name)
}

extType := reflect.TypeOf(o.IMapValue)
Expand Down

0 comments on commit 55f9884

Please sign in to comment.