-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Yogesh Deshpande <[email protected]>
- Loading branch information
1 parent
078aa8b
commit ad21e62
Showing
6 changed files
with
291 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
package tdx | ||
|
||
import "github.com/veraison/corim/comid" | ||
|
||
func Example_tdx_pce_refval() { | ||
comid := comid.Comid{} | ||
|
||
if err := comid.FromJSON([]byte(TDXPCERefValTemplate)); err != nil { | ||
panic(err) | ||
} | ||
|
||
if err := comid.Valid(); err != nil { | ||
panic(err) | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
package tdx | ||
|
||
import "github.com/veraison/corim/comid" | ||
|
||
func Example_tdx_qe_refval() { | ||
comid := comid.Comid{} | ||
|
||
if err := comid.FromJSON([]byte(TDXQERefValTemplate)); err != nil { | ||
panic(err) | ||
} | ||
|
||
if err := comid.Valid(); err != nil { | ||
panic(err) | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
package tdx | ||
|
||
import "github.com/veraison/corim/comid" | ||
|
||
func Example_tdx_seam_refval() { | ||
comid := comid.Comid{} | ||
|
||
if err := comid.FromJSON([]byte(TDXSeamRefValJSONTemplate)); err != nil { | ||
panic(err) | ||
} | ||
|
||
if err := comid.Valid(); err != nil { | ||
panic(err) | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
package tdx | ||
|
||
import ( | ||
"encoding/hex" | ||
"fmt" | ||
"log" | ||
|
||
"github.com/veraison/corim/comid" | ||
"github.com/veraison/corim/corim" | ||
"github.com/veraison/corim/extensions" | ||
"github.com/veraison/eat" | ||
) | ||
|
||
// the struct containing the extensions | ||
type MvalExtensions struct { | ||
// a string field extension | ||
TcbDate *tdate `cbor:"-72,keyasint,omitempty" json:"tcbdate,omitempty"` | ||
IsvSVN *teeSVN `cbor:"-73,keyasint,omitempty" json:"isvsvn,omitempty"` | ||
PCEID *pceID `cbor:"-80,keyasint,omitempty" json:"pceid,omitempty"` | ||
MiscSelect *teeMiscSelect `cbor:"-81,keyasint,omitempty" json:"miscselect,omitempty"` | ||
Attributes *teeAtttributes `cbor:"-82,keyasint,omitempty" json:"attributes,omitempty"` | ||
MrSigner *teeDigest `cbor:"-84,keyasint,omitempty" json:"mrsigner,omitempty"` | ||
IsvProdID *teeIsvProdID `cbor:"-85,keyasint,omitempty" json:"isvprodid,omitempty"` | ||
TcbEvalNum *teeTcbEvalNum `cbor:"-86,keyasint,omitempty" json:"tcbevalnum,omitempty"` | ||
TcbStatus *teeTcbStatus `cbor:"-88,keyasint,omitempty" json:"tcbstatus,omitempty"` | ||
AdvisoryIDs *teeAdvisoryID `cbor:"-89,keyasint,omitempty" json:"advisoryids,omitempty"` | ||
Epoch *epochSeconds `cbor:"-90, keyasint,omitempty" json:"epoch,omitempty"` | ||
|
||
TeeCryptoKeys *[]teeCryptoKey `cbor:"-91, keyasint,omitempty" json:"teecryptokeys,omitempty"` | ||
TeeTCBCompSvn *teeTcbCompSvn `cbor:"-125, keyasint,omitempty" json:"teetcbcompsvn,omitempty"` | ||
} | ||
|
||
// Registering the profile inside init() in the same file where it is defined | ||
// ensures that the profile will always be available, and you don't need to | ||
// remember to register it at the time you want to use it. The only potential | ||
// danger with that is if the your profile ID clashes with another profile, | ||
// which should not happen if it a registered PEN or a URL containing a domain | ||
// that you own. | ||
func init() { | ||
profileID, err := eat.NewProfile("http://intel.com/tdx-profile") | ||
if err != nil { | ||
panic(err) // will not error, as the hard-coded string above is valid | ||
} | ||
|
||
// DO WE HAVE TO HAVE ALL EXTENSIONS UNDER ONE MAP OR I CAN REPEAT THE SAME STATEMENT | ||
// UNDER TWo extMap statements and call RegisterProfile twice? | ||
extMap := extensions.NewMap(). | ||
Add(comid.ExtReferenceValue, &MvalExtensions{}). | ||
Add(comid.ExtEndorsedValue, &MvalExtensions{}) | ||
|
||
if err := corim.RegisterProfile(profileID, extMap); err != nil { | ||
// will not error, assuming our profile ID is unique, and we've | ||
// correctly set up the extensions Map above | ||
panic(err) | ||
} | ||
} | ||
|
||
// Now Create CoMID using extensions | ||
func Example_profile_marshal() { | ||
profileID, err := eat.NewProfile("http://intel.com/tdx-profile") | ||
if err != nil { | ||
panic(err) | ||
} | ||
|
||
profile, ok := corim.GetProfile(profileID) | ||
if !ok { | ||
log.Fatalf("profile %v not found", profileID) | ||
} | ||
myCorim := profile.GetUnsignedCorim() | ||
myComid := profile.GetComid().SetLanguage("english") | ||
var refVal comid.ValueTriple | ||
refVal.Measurements.Values[0].Val.Extensions.Set("tcbdate", "123") | ||
|
||
myComid.Triples.ReferenceValues.Add(&refVal) | ||
|
||
myCorim.AddComid(*myComid) | ||
|
||
buf, err := myCorim.ToCBOR() | ||
if err != nil { | ||
log.Fatalf("could not encode CoRIM: %v", err) | ||
} | ||
|
||
fmt.Printf("corim: %v", hex.EncodeToString(buf)) | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,157 @@ | ||
package tdx | ||
|
||
var ( | ||
TDXPCERefValTemplate = `{ | ||
"lang": "en-GB", | ||
"tag-identity": { | ||
"id": "43BBE37F-2E61-4B33-AED3-53CFF1428B17", | ||
"version": 0 | ||
}, | ||
"entities": [ | ||
{ | ||
"name": "INTEL", | ||
"regid": "https://intel.com", | ||
"roles": [ | ||
"tagCreator", | ||
"creator", | ||
"maintainer" | ||
] | ||
} | ||
], | ||
"triples": { | ||
"reference-values": [ | ||
{ | ||
"environment": { | ||
"class": { | ||
"id": { | ||
"type": "oid", | ||
"value": "2.16.840.1.113741.1.2.3.4.4" | ||
}, | ||
"vendor": "Intel Corporation", | ||
"model": "0123456789ABCDEF" | ||
} | ||
}, | ||
"measurements": [ | ||
{ | ||
"value": { | ||
"attributes": "AwM=", | ||
"tcbevalnum": 5, | ||
"pceid": "0000" | ||
}, | ||
"authorized-by": { | ||
"type": "pkix-base64-key", | ||
"value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----" | ||
} | ||
} | ||
] | ||
} | ||
] | ||
} | ||
} | ||
` | ||
TDXQERefValTemplate = `{ | ||
"lang": "en-GB", | ||
"tag-identity": { | ||
"id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", | ||
"version": 0 | ||
}, | ||
"entities": [ | ||
{ | ||
"name": "INTEL", | ||
"regid": "https://intel.com", | ||
"roles": [ | ||
"tagCreator", | ||
"creator", | ||
"maintainer" | ||
] | ||
} | ||
], | ||
"triples": { | ||
"reference-values": [ | ||
{ | ||
"environment": { | ||
"class": { | ||
"id": { | ||
"type": "uuid", | ||
"value": "DD6661F0-0928-4401-966B-589EA74E3272" | ||
}, | ||
"vendor": "Intel Corporation", | ||
"model": "TDX QE TCB" | ||
} | ||
}, | ||
"measurements": [ | ||
{ | ||
"value": { | ||
"attributes": "AwM=", | ||
"tcbevalnum": 11, | ||
"mrsigner": [ | ||
"sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=", | ||
"sha-512:oxT8LcZjrnpra8Z4dZQFc5bms/VpzVD9XdtNG7r9K2qjFPwtxmOuemtrxnh1lAVzluaz9WnNUP1d200buv0rag==" | ||
], | ||
"isvprodid": 1 | ||
}, | ||
"authorized-by": { | ||
"type": "pkix-base64-key", | ||
"value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----" | ||
} | ||
} | ||
] | ||
} | ||
] | ||
} | ||
} | ||
` | ||
TDXSeamRefValJSONTemplate = ` { | ||
"lang": "en-GB", | ||
"tag-identity": { | ||
"id": "43BBE37F-2E61-4B33-AED3-53CFF1428B20", | ||
"version": 0 | ||
}, | ||
"entities": [ | ||
{ | ||
"name": "INTEL", | ||
"regid": "https://intel.com", | ||
"roles": [ | ||
"tagCreator", | ||
"creator", | ||
"maintainer" | ||
] | ||
} | ||
], | ||
"triples": { | ||
"reference-values": [ | ||
{ | ||
"environment": { | ||
"class": { | ||
"id": { | ||
"type": "oid", | ||
"value": "2.16.840.1.113741.1.2.3.4.5" | ||
}, | ||
"vendor": "Intel Corporation", | ||
"model": "TDX SEAM" | ||
} | ||
}, | ||
"measurements": [ | ||
{ | ||
"value": { | ||
"isvprodid": 1, | ||
"isvsvn": 10, | ||
"attributes": "AwM=", | ||
"tcbevalnum": 11, | ||
"mrsigner": [ | ||
"sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=", | ||
"sha-512:oxT8LcZjrnpra8Z4dZQFc5bms/VpzVD9XdtNG7r9K2qjFPwtxmOuemtrxnh1lAVzluaz9WnNUP1d200buv0rag==" | ||
] | ||
}, | ||
"authorized-by": { | ||
"type": "pkix-base64-key", | ||
"value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----" | ||
} | ||
} | ||
] | ||
} | ||
] | ||
} | ||
} | ||
` | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters