diff --git a/deployments/docker/src/builder.docker b/deployments/docker/src/builder.docker index e59404e6..619558ff 100644 --- a/deployments/docker/src/builder.docker +++ b/deployments/docker/src/builder.docker @@ -60,7 +60,7 @@ RUN go mod download &&\ go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.26 &&\ go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.1 &&\ go install github.com/mitchellh/protoc-gen-go-json@v1.1.0 &&\ - go install github.com/veraison/cocli@v1.0.0-alpha0 &&\ + go install github.com/veraison/cocli@v1.0.0-alpha0.0.20260313151307-405ce39d50b6 &&\ go install github.com/veraison/evcli/v2@1685bf5 &&\ go install github.com/veraison/pocli@v0.2.0 &&\ go install github.com/go-delve/delve/cmd/dlv@v1.24.0 &&\ diff --git a/deployments/native/deployment.sh b/deployments/native/deployment.sh index 85de517c..28a76339 100755 --- a/deployments/native/deployment.sh +++ b/deployments/native/deployment.sh @@ -231,7 +231,7 @@ function init_sqlite_stores() { function init_clients() { _init_client evcli github.com/veraison/evcli/v2@v2.1.0 - _init_client cocli github.com/veraison/cocli@8ebd64c1 + _init_client cocli github.com/veraison/cocli@v1.0.0-alpha0.0.20260313151307-405ce39d50b6 _init_client pocli github.com/veraison/pocli@2fa24ea3 _init_client corim-store github.com/veraison/corim-store/cmd/corim-store@9e4ba68b } diff --git a/end-to-end/input/src/comid-cca-refval.json b/end-to-end/input/src/comid-cca-refval.json index 636c04d2..121985a6 100644 --- a/end-to-end/input/src/comid-cca-refval.json +++ b/end-to-end/input/src/comid-cca-refval.json @@ -21,84 +21,95 @@ "environment": { "class": { "id": { - "type": "psa.impl-id", + "type": "bytes", "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" - }, - "vendor": "ACME", - "model": "RoadRunner" + } } }, "measurements": [ { "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "3.4.2", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } + "type": "string", + "value": "cca.software-component" }, "value": { + "cryptokeys": [ + { + "type": "bytes", + "value": "01234567890123456789012345678901" + } + ], "digests": [ - "sha-256;BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] + "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ], + "name": "BL" } }, { "key": { - "type": "psa.refval-id", - "value": { - "label": "M1", - "version": "1.2.0", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } + "type": "string", + "value": "cca.software-component" }, "value": { + "cryptokeys": [ + { + "type": "bytes", + "value": "01234567890123456789012345678901" + } + ], "digests": [ - "sha-256;CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] + "sha-256:CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ], + "name": "M1" } }, { "key": { - "type": "psa.refval-id", - "value": { - "label": "M2", - "version": "1.2.3", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } + "type": "string", + "value": "cca.software-component" }, "value": { + "cryptokeys": [ + { + "type": "bytes", + "value": "01234567890123456789012345678901" + } + ], "digests": [ - "sha-256;DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] + "sha-256:DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ], + "name": "M2" } }, { "key": { - "type": "psa.refval-id", - "value": { - "label": "M3", - "version": "1.0.0", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } + "type": "string", + "value": "cca.software-component" }, "value": { + "cryptokeys": [ + { + "type": "bytes", + "value": "01234567890123456789012345678901" + } + ], "digests": [ - "sha-256;EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] + "sha-256:EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ], + "name": "M3" } }, { "key": { - "type": "cca.platform-config-id", - "value": "cfg v1.0.0" + "type": "string", + "value": "cca.platform-config" }, "value": { "raw-value": { "type": "bytes", "value": "AQID" - } + }, + "raw-value-mask": "AQID" } } ] diff --git a/end-to-end/input/src/comid-cca-ta.json b/end-to-end/input/src/comid-cca-ta.json index 12fb01df..1f9f195a 100644 --- a/end-to-end/input/src/comid-cca-ta.json +++ b/end-to-end/input/src/comid-cca-ta.json @@ -21,11 +21,9 @@ "environment": { "class": { "id": { - "type": "psa.impl-id", + "type": "bytes", "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" - }, - "vendor": "ACME", - "model": "RoadRunner" + } }, "instance": { "type": "ueid", diff --git a/end-to-end/input/src/comid-psa-refval.json b/end-to-end/input/src/comid-psa-refval.json index b070ef67..e1229a3c 100644 --- a/end-to-end/input/src/comid-psa-refval.json +++ b/end-to-end/input/src/comid-psa-refval.json @@ -21,7 +21,7 @@ "environment": { "class": { "id": { - "type": "psa.impl-id", + "type": "bytes", "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" }, "vendor": "ACME", @@ -31,46 +31,52 @@ "measurements": [ { "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "2.1.0", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } + "type": "string", + "value": "psa.software-component" }, "value": { "digests": [ - "sha-256;h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" + "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" + ], + "cryptokeys": [ + { + "type": "bytes", + "value": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" + } ] } }, { "key": { - "type": "psa.refval-id", - "value": { - "label": "PRoT", - "version": "1.3.5", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } + "type": "string", + "value": "psa.software-component" }, "value": { "digests": [ - "sha-256;AmOCmYm2/ZVPcrqvL8ZLwuLwHWktTecphuqAj26ZgT8=" + "sha-256:AmOCmYm2/ZVPcrqvL8ZLwuLwHWktTecphuqAj26ZgT8=" + ], + "cryptokeys": [ + { + "type": "bytes", + "value": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" + } ] } }, { "key": { - "type": "psa.refval-id", - "value": { - "label": "ARoT", - "version": "0.1.4", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } + "type": "string", + "value": "psa.software-component" }, "value": { "digests": [ - "sha-256;o6XnFfDMV0pzw/m+u2vCTzL/1bZ7OHJEwskJ2neaFHg=" + "sha-256:o6XnFfDMV0pzw/m+u2vCTzL/1bZ7OHJEwskJ2neaFHg=" + ], + "cryptokeys": [ + { + "type": "bytes", + "value": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" + } ] } } diff --git a/end-to-end/input/src/comid-psa-ta.json b/end-to-end/input/src/comid-psa-ta.json index 45c86145..1ec3bea3 100644 --- a/end-to-end/input/src/comid-psa-ta.json +++ b/end-to-end/input/src/comid-psa-ta.json @@ -21,11 +21,9 @@ "environment": { "class": { "id": { - "type": "psa.impl-id", + "type": "bytes", "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" - }, - "vendor": "ACME", - "model": "RoadRunner" + } }, "instance": { "type": "ueid", diff --git a/end-to-end/input/src/corim-psa.json b/end-to-end/input/src/corim-psa.json index a7c23279..5a4199a5 100644 --- a/end-to-end/input/src/corim-psa.json +++ b/end-to-end/input/src/corim-psa.json @@ -1,4 +1,4 @@ { "corim-id": "00000000-0000-0001-p5a1-000000000001", - "profile": "http://arm.com/psa/iot/1" + "profile": "tag:arm.com,2025:psa#1.0.0" } diff --git a/go.mod b/go.mod index 5e5a3b38..6f405419 100644 --- a/go.mod +++ b/go.mod @@ -40,7 +40,7 @@ require ( github.com/tbaehler/gin-keycloak v1.6.1 github.com/veraison/ccatoken v1.3.2-0.20250512122414-b26aba0635c4 github.com/veraison/cmw v0.2.0 - github.com/veraison/corim v1.1.3-0.20260214081209-effcd0f48c8a + github.com/veraison/corim v1.1.3-0.20260309101151-2fa49d7c02e3 github.com/veraison/corim-store v0.0.0-20260220100808-e966b3eab910 github.com/veraison/dice v0.0.1 github.com/veraison/ear v1.1.4-0.20260213122616-3034258cda59 diff --git a/go.sum b/go.sum index 07bb1f14..245bd8a0 100644 --- a/go.sum +++ b/go.sum @@ -1255,8 +1255,8 @@ github.com/veraison/ccatoken v1.3.2-0.20250512122414-b26aba0635c4 h1:t2GQueIc1Sr github.com/veraison/ccatoken v1.3.2-0.20250512122414-b26aba0635c4/go.mod h1:vMqdbW4H/8A3oT+24qssuIK3Aefy06XqzTELGg+gWAg= github.com/veraison/cmw v0.2.0 h1:BWEvwZnD4nn5osq6XwQpTRcGxwV+Su4t6ytdAbVXAJY= github.com/veraison/cmw v0.2.0/go.mod h1:OiYKk1t6/Fmmg30ZpSMzi4nKr5kt3374sNTkgxC5BDs= -github.com/veraison/corim v1.1.3-0.20260214081209-effcd0f48c8a h1:Y19AyrbBpuyQZ/Sa/Hyh6bo5FrO6FMeR6g3jjnjLMBE= -github.com/veraison/corim v1.1.3-0.20260214081209-effcd0f48c8a/go.mod h1:96PQ0lk+O9bzutKTDz66G2DaARYUp1BeR06EYwEwSH0= +github.com/veraison/corim v1.1.3-0.20260309101151-2fa49d7c02e3 h1:yFF+d5ekY8g1nTAuV3lEvVI4dGdQMcoYp8blegIrrSQ= +github.com/veraison/corim v1.1.3-0.20260309101151-2fa49d7c02e3/go.mod h1:96PQ0lk+O9bzutKTDz66G2DaARYUp1BeR06EYwEwSH0= github.com/veraison/corim-store v0.0.0-20260220100808-e966b3eab910 h1:hg09D27B9qkrN6zFQEs6wEG0qiTk451ExGMnSAq2tXY= github.com/veraison/corim-store v0.0.0-20260220100808-e966b3eab910/go.mod h1:/SqPJwSHexrxsNtiAJ/JqNgvC6+yihOyRlrTJO+0GnY= github.com/veraison/dice v0.0.1 h1:dOm7ByDN/r4WlDsGkEUXzdPMXgTvAPTAksQ8+BwBrD4= diff --git a/integration-tests/data/claims/cca.good.json b/integration-tests/data/claims/cca.good.json index 6cc821c5..34369b85 100644 --- a/integration-tests/data/claims/cca.good.json +++ b/integration-tests/data/claims/cca.good.json @@ -1,7 +1,7 @@ { "cca-platform-token": { "cca-platform-challenge": "5QHHS9edCpI1N1heeR7DUBI+gaqXUB34EkQCITSCxVM=", - "cca-platform-profile": "http://arm.com/CCA-SSD/1.0.0", + "cca-platform-profile": "tag:arm.com,2023:cca_platform#1.0.0", "cca-platform-implementation-id": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", "cca-platform-instance-id": "AQICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC", "cca-platform-config": "AQID", diff --git a/integration-tests/data/endorsements/comid-cca-platform-refval.json b/integration-tests/data/endorsements/comid-cca-platform-refval.json index afc94afb..a4699132 100644 --- a/integration-tests/data/endorsements/comid-cca-platform-refval.json +++ b/integration-tests/data/endorsements/comid-cca-platform-refval.json @@ -15,94 +15,105 @@ ] } ], - "triples": { - "reference-values": [ - { - "environment": { - "class": { - "id": { - "type": "psa.impl-id", - "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" - }, - "vendor": "ACME", - "model": "RoadRunner" + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "bytes", + "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" } - }, - "measurements": [ - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "3.4.2", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } - }, - "value": { - "digests": [ - "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] - } + } + }, + "measurements": [ + { + "key": { + "type": "string", + "value": "cca.software-component" }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M1", - "version": "1.2.0", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + "value": { + "cryptokeys": [ + { + "type": "bytes", + "value": "01234567890123456789012345678901" } - }, - "value": { - "digests": [ - "sha-256:CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] - } + ], + "digests": [ + "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ], + "name": "BL" + } + }, + { + "key": { + "type": "string", + "value": "cca.software-component" }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M2", - "version": "1.2.3", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + "value": { + "cryptokeys": [ + { + "type": "bytes", + "value": "01234567890123456789012345678901" } - }, - "value": { - "digests": [ - "sha-256:DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] - } + ], + "digests": [ + "sha-256:CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ], + "name": "M1" + } + }, + { + "key": { + "type": "string", + "value": "cca.software-component" }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M3", - "version": "1.0.0", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + "value": { + "cryptokeys": [ + { + "type": "bytes", + "value": "01234567890123456789012345678901" } - }, - "value": { - "digests": [ - "sha-256:EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] - } + ], + "digests": [ + "sha-256:DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ], + "name": "M2" + } + }, + { + "key": { + "type": "string", + "value": "cca.software-component" }, - { - "key": { - "type": "cca.platform-config-id", - "value": "cfg v1.0.0" - }, - "value": { - "raw-value": { + "value": { + "cryptokeys": [ + { "type": "bytes", - "value": "AQID" + "value": "01234567890123456789012345678901" } - } + ], + "digests": [ + "sha-256:EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ], + "name": "M3" } - ] - } - ] - } - } \ No newline at end of file + }, + { + "key": { + "type": "string", + "value": "cca.platform-config" + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "AQID" + }, + "raw-value-mask": "AQID" + } + } + ] + } + ] + } +} \ No newline at end of file diff --git a/integration-tests/data/endorsements/comid-cca-platform-ta.json b/integration-tests/data/endorsements/comid-cca-platform-ta.json index 2db23728..3bb11af3 100644 --- a/integration-tests/data/endorsements/comid-cca-platform-ta.json +++ b/integration-tests/data/endorsements/comid-cca-platform-ta.json @@ -21,11 +21,9 @@ "environment": { "class": { "id": { - "type": "psa.impl-id", + "type": "bytes", "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" - }, - "vendor": "ACME", - "model": "RoadRunner" + } }, "instance": { "type": "ueid", diff --git a/integration-tests/data/endorsements/comid-cca-realm-refval.json b/integration-tests/data/endorsements/comid-cca-realm-refval.json index 16697f55..269cf493 100644 --- a/integration-tests/data/endorsements/comid-cca-realm-refval.json +++ b/integration-tests/data/endorsements/comid-cca-realm-refval.json @@ -21,54 +21,76 @@ "environment": { "class": { "id": { - "type": "uuid", - "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C" - }, - "vendor": "Workload Client Ltd" - }, - "instance": { - "type": "bytes", - "value": "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + "type": "bytes", + "value": "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + } } }, "measurements": [ { + "key": { + "type": "string", + "value": "cca.rim" + }, + "value": { + "digests": [ + "sha-512:Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + } + }, + { + "key": { + "type": "string", + "value": "cca.rem0" + }, + "value": { + "digests": [ + "sha-512:Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + } + }, + { + "key": { + "type": "string", + "value": "cca.rem1" + }, + "value": { + "digests": [ + "sha-512:Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + } + }, + { + "key": { + "type": "string", + "value": "cca.rem2" + }, + "value": { + "digests": [ + "sha-512:Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + } + }, + { + "key": { + "type": "string", + "value": "cca.rem3" + }, + "value": { + "digests": [ + "sha-512:Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + } + }, + { + "key": { + "type": "string", + "value": "cca.rpv" + }, "value": { "raw-value": { "type": "bytes", "value": "QURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBRA==" - }, - "integrity-registers": { - "rim": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - }, - "rem0": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - }, - "rem1": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - }, - "rem2": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - }, - "rem3": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - } } } } diff --git a/integration-tests/data/endorsements/comid-cca-refval.json b/integration-tests/data/endorsements/comid-cca-refval.json index 7a03aeea..e0f5d483 100644 --- a/integration-tests/data/endorsements/comid-cca-refval.json +++ b/integration-tests/data/endorsements/comid-cca-refval.json @@ -21,84 +21,95 @@ "environment": { "class": { "id": { - "type": "psa.impl-id", + "type": "bytes", "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" - }, - "vendor": "ACME", - "model": "RoadRunner" + } } }, "measurements": [ { "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "3.4.2", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } + "type": "string", + "value": "cca.software-component" }, "value": { + "cryptokeys": [ + { + "type": "bytes", + "value": "01234567890123456789012345678901" + } + ], "digests": [ "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] + ], + "name": "BL" } }, { "key": { - "type": "psa.refval-id", - "value": { - "label": "M1", - "version": "1.2.0", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } + "type": "string", + "value": "cca.software-component" }, "value": { + "cryptokeys": [ + { + "type": "bytes", + "value": "01234567890123456789012345678901" + } + ], "digests": [ "sha-256:CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] + ], + "name": "M1" } }, { "key": { - "type": "psa.refval-id", - "value": { - "label": "M2", - "version": "1.2.3", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } + "type": "string", + "value": "cca.software-component" }, "value": { + "cryptokeys": [ + { + "type": "bytes", + "value": "01234567890123456789012345678901" + } + ], "digests": [ "sha-256:DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] + ], + "name": "M2" } }, { "key": { - "type": "psa.refval-id", - "value": { - "label": "M3", - "version": "1.0.0", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } + "type": "string", + "value": "cca.software-component" }, "value": { + "cryptokeys": [ + { + "type": "bytes", + "value": "01234567890123456789012345678901" + } + ], "digests": [ "sha-256:EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] + ], + "name": "M3" } }, { "key": { - "type": "cca.platform-config-id", - "value": "cfg v1.0.0" + "type": "string", + "value": "cca.platform-config" }, "value": { "raw-value": { "type": "bytes", "value": "AQID" - } + }, + "raw-value-mask": "AQID" } } ] diff --git a/integration-tests/data/endorsements/comid-cca-ta.json b/integration-tests/data/endorsements/comid-cca-ta.json index 2fcb29fd..23ce1081 100644 --- a/integration-tests/data/endorsements/comid-cca-ta.json +++ b/integration-tests/data/endorsements/comid-cca-ta.json @@ -21,11 +21,9 @@ "environment": { "class": { "id": { - "type": "psa.impl-id", + "type": "bytes", "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" - }, - "vendor": "ACME", - "model": "RoadRunner" + } }, "instance": { "type": "ueid", diff --git a/integration-tests/data/endorsements/comid-psa-refval.json b/integration-tests/data/endorsements/comid-psa-refval.json index 8fd66fbc..e1229a3c 100644 --- a/integration-tests/data/endorsements/comid-psa-refval.json +++ b/integration-tests/data/endorsements/comid-psa-refval.json @@ -21,7 +21,7 @@ "environment": { "class": { "id": { - "type": "psa.impl-id", + "type": "bytes", "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" }, "vendor": "ACME", @@ -31,46 +31,52 @@ "measurements": [ { "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "2.1.0", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } + "type": "string", + "value": "psa.software-component" }, "value": { "digests": [ "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" + ], + "cryptokeys": [ + { + "type": "bytes", + "value": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" + } ] } }, { "key": { - "type": "psa.refval-id", - "value": { - "label": "PRoT", - "version": "1.3.5", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } + "type": "string", + "value": "psa.software-component" }, "value": { "digests": [ "sha-256:AmOCmYm2/ZVPcrqvL8ZLwuLwHWktTecphuqAj26ZgT8=" + ], + "cryptokeys": [ + { + "type": "bytes", + "value": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" + } ] } }, { "key": { - "type": "psa.refval-id", - "value": { - "label": "ARoT", - "version": "0.1.4", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } + "type": "string", + "value": "psa.software-component" }, "value": { "digests": [ "sha-256:o6XnFfDMV0pzw/m+u2vCTzL/1bZ7OHJEwskJ2neaFHg=" + ], + "cryptokeys": [ + { + "type": "bytes", + "value": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" + } ] } } diff --git a/integration-tests/data/endorsements/comid-psa-ta.json b/integration-tests/data/endorsements/comid-psa-ta.json index 51e68f1b..6ed2b2dc 100644 --- a/integration-tests/data/endorsements/comid-psa-ta.json +++ b/integration-tests/data/endorsements/comid-psa-ta.json @@ -21,11 +21,9 @@ "environment": { "class": { "id": { - "type": "psa.impl-id", + "type": "bytes", "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" - }, - "vendor": "ACME", - "model": "RoadRunner" + } }, "instance": { "type": "ueid", @@ -38,28 +36,6 @@ "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEMKBCTNIcKUSDii11ySs3526iDZ8A\niTo7Tu6KPAqv7D7gS2XpJFbZiItSs3m9+9Ue6GnvHw/GW2ZZaVtszggXIw==\n-----END PUBLIC KEY-----" } ] - }, - { - "environment": { - "class": { - "id": { - "type": "psa.impl-id", - "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" - }, - "vendor": "ACME", - "model": "RoadRunner" - }, - "instance": { - "type": "ueid", - "value": "AUyj5PUL8kjDl4cCDWj/0FyIdndRvyZFypI/V6mL7NKW" - } - }, - "verification-keys": [ - { - "type": "pkix-base64-key", - "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6Vwqe7hy3O8Ypa+BUETLUjBNU3rEXVUyt9XHR7HJWLG7XTKQd9i1kVRXeBPDLFnfYru1/euxRnJM7H9UoFDLdA==\n-----END PUBLIC KEY-----" - } - ] } ] } diff --git a/integration-tests/data/endorsements/corim-cca-full.json b/integration-tests/data/endorsements/corim-cca-full.json index 59e536d5..74b94a1a 100644 --- a/integration-tests/data/endorsements/corim-cca-full.json +++ b/integration-tests/data/endorsements/corim-cca-full.json @@ -1,10 +1,5 @@ { "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc", - "profile": "http://arm.com/cca/ssd/1", - "validity": { - "not-before": "2021-12-31T00:00:00Z", - "not-after": "2025-12-31T00:00:00Z" - }, "entities": [ { "name": "ACME Ltd.", @@ -13,5 +8,6 @@ "manifestCreator" ] } - ] + ], + "profile": "tag:arm.com,2025:cca_platform#1.0.0" } diff --git a/integration-tests/data/endorsements/corim-cca-platform-full.json b/integration-tests/data/endorsements/corim-cca-platform-full.json index 3147f677..b2aae62d 100644 --- a/integration-tests/data/endorsements/corim-cca-platform-full.json +++ b/integration-tests/data/endorsements/corim-cca-platform-full.json @@ -1,17 +1,13 @@ { - "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc", - "profile": "http://arm.com/cca/ssd/1", - "validity": { - "not-before": "2021-12-31T00:00:00Z", - "not-after": "2025-12-31T00:00:00Z" - }, - "entities": [ - { + "corim-id": "00000000-0000-0000-cca6-000000000000", + "entities": [ + { "name": "ACME Ltd.", "regid": "acme.example", "roles": [ "manifestCreator" ] - } - ] - } + } + ], + "profile": "tag:arm.com,2025:cca_platform#1.0.0" +} diff --git a/integration-tests/data/endorsements/corim-cca-realm-full.json b/integration-tests/data/endorsements/corim-cca-realm-full.json index d57492bd..583dbad0 100644 --- a/integration-tests/data/endorsements/corim-cca-realm-full.json +++ b/integration-tests/data/endorsements/corim-cca-realm-full.json @@ -1,10 +1,5 @@ { - "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc", - "profile": "http://arm.com/cca/realm/1", - "validity": { - "not-before": "2021-12-31T00:00:00Z", - "not-after": "2025-12-31T00:00:00Z" - }, + "corim-id": "00000000-0000-0000-cca4-000000000000", "entities": [ { "name": "ACME Ltd.", @@ -13,5 +8,6 @@ "manifestCreator" ] } - ] + ], + "profile": "tag:arm.com,2025:cca_realm#1.0.0" } diff --git a/integration-tests/data/endorsements/corim-psa-full.json b/integration-tests/data/endorsements/corim-psa-full.json index db4d772a..3f14eb16 100644 --- a/integration-tests/data/endorsements/corim-psa-full.json +++ b/integration-tests/data/endorsements/corim-psa-full.json @@ -6,7 +6,7 @@ "thumbprint": "sha-256:5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXU=" } ], - "profile": "http://arm.com/psa/iot/1", + "profile": "tag:arm.com,2025:psa#1.0.0", "validity": { "not-before": "2021-12-31T00:00:00Z", "not-after": "2025-12-31T00:00:00Z" diff --git a/integration-tests/data/endorsements/corim-psa-mini.json b/integration-tests/data/endorsements/corim-psa-mini.json index f9528480..1d6e83a9 100644 --- a/integration-tests/data/endorsements/corim-psa-mini.json +++ b/integration-tests/data/endorsements/corim-psa-mini.json @@ -1,4 +1,4 @@ { "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc", - "profile": "http://arm.com/psa/iot/1" + "profile": "tag:arm.com,2025:psa#1.0.0" } diff --git a/integration-tests/data/results/cca.good.json b/integration-tests/data/results/cca.good.json index 51a22575..4fb5854b 100644 --- a/integration-tests/data/results/cca.good.json +++ b/integration-tests/data/results/cca.good.json @@ -19,7 +19,7 @@ "cca-platform-implementation-id": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", "cca-platform-instance-id": "AQICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC", "cca-platform-lifecycle": 12288, - "cca-platform-profile": "http://arm.com/CCA-SSD/1.0.0", + "cca-platform-profile": "tag:arm.com,2023:cca_platform#1.0.0", "cca-platform-service-indicator": "https://veraison.example/v1/challenge-response", "cca-platform-sw-components": [ { diff --git a/integration-tests/data/results/cca.verify-challenge.json b/integration-tests/data/results/cca.verify-challenge.json index 8706d646..984c6f79 100644 --- a/integration-tests/data/results/cca.verify-challenge.json +++ b/integration-tests/data/results/cca.verify-challenge.json @@ -18,7 +18,7 @@ "cca-platform-implementation-id": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", "cca-platform-instance-id": "AQICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC", "cca-platform-lifecycle": 12288, - "cca-platform-profile": "http://arm.com/CCA-SSD/1.0.0", + "cca-platform-profile": "tag:arm.com,2023:cca_platform#1.0.0", "cca-platform-service-indicator": "https://veraison.example/v1/challenge-response", "cca-platform-sw-components": [ { diff --git a/integration-tests/data/results/psa.freshness-fail.json b/integration-tests/data/results/psa.freshness-fail.json index 35cf8bcf..bfa9fd7f 100644 --- a/integration-tests/data/results/psa.freshness-fail.json +++ b/integration-tests/data/results/psa.freshness-fail.json @@ -13,7 +13,7 @@ "storage-opaque": 99 }, "ear.veraison.policy-claims": { - "problem": "integrity validation failed: bad evidence: freshness: psa-nonce (414a7c174141b3d0e9a1d28af31520f0d42299feac4007ded89d68ae6cd92f19) does not match session nonce (75e69d6de79f75e69d6de79f75e69d6de79f75e69d6de79f75e69d6de79f75e6)" + "problem": "no trust anchor for evidence" } } } diff --git a/integration-tests/tests/common.yaml b/integration-tests/tests/common.yaml index 94d480f8..9bccc2b7 100644 --- a/integration-tests/tests/common.yaml +++ b/integration-tests/tests/common.yaml @@ -17,8 +17,8 @@ variables: bad-nonce: Ppfdfe2JzZLOk= endorsements-content-types: - psa.p1: application/rim+cbor; profile="http://arm.com/psa/iot/1" - cca._: application/rim+cbor; profile="http://arm.com/cca/ssd/1" + psa.p1: application/rim+cbor; profile="tag:arm.com,2025:psa#1.0.0" + cca._: application/rim+cbor; profile="tag:arm.com,2025:cca_platform#1.0.0" enacttrust._: application/rim+cbor; profile="https://enacttrust.com/veraison/1.0.0" evidence-content-types: psa.p1: application/psa-attestation-token diff --git a/integration-tests/tests/test_cca_verify_challenge.tavern.yaml b/integration-tests/tests/test_cca_verify_challenge.tavern.yaml index df36c46a..0abbb0ae 100644 --- a/integration-tests/tests/test_cca_verify_challenge.tavern.yaml +++ b/integration-tests/tests/test_cca_verify_challenge.tavern.yaml @@ -29,14 +29,25 @@ includes: - !include common.yaml stages: - - name: submit post request to the provisioning service successfully + - name: submit post request for CCA platform to the provisioning service successfully request: method: POST url: https://{provisioning-service}/endorsement-provisioning/v1/submit headers: - content-type: '{endorsements-content-type}' # set via hook + content-type: '{platform-en-content-type}' # set via hook authorization: '{authorization}' # set via hook - file_body: __generated__/endorsements/corim-{scheme}-{endorsements}.cbor + file_body: __generated__/endorsements/corim-{scheme}-platform-{endorsements}.cbor + response: + status_code: 200 + + - name: submit post request for CCA Realm to the provisioning service successfully + request: + method: POST + url: https://{provisioning-service}/endorsement-provisioning/v1/submit + headers: + content-type: '{realm-en-content-type}' # set via hook + authorization: '{authorization}' # set via hook + file_body: __generated__/endorsements/corim-{scheme}-realm-{endorsements}.cbor response: status_code: 200 diff --git a/integration-tests/tests/test_provisioning_empty_body.tavern.yaml b/integration-tests/tests/test_provisioning_empty_body.tavern.yaml index 0095efc4..83c6ceba 100644 --- a/integration-tests/tests/test_provisioning_empty_body.tavern.yaml +++ b/integration-tests/tests/test_provisioning_empty_body.tavern.yaml @@ -9,7 +9,7 @@ stages: method: POST url: https://{provisioning-service}/endorsement-provisioning/v1/submit headers: - content-type: 'application/rim+cbor; profile="http://arm.com/psa/iot/1"' + content-type: 'application/rim+cbor; profile="tag:arm.com,2025:psa#1.0.0"' authorization: '{authorization}' # set via hook response: status_code: 400 diff --git a/integration-tests/tests/test_provisioning_unauthorized.tavern.yaml b/integration-tests/tests/test_provisioning_unauthorized.tavern.yaml index 2275d036..053d64be 100644 --- a/integration-tests/tests/test_provisioning_unauthorized.tavern.yaml +++ b/integration-tests/tests/test_provisioning_unauthorized.tavern.yaml @@ -9,7 +9,7 @@ stages: method: POST url: https://{provisioning-service}/endorsement-provisioning/v1/submit headers: - content-type: 'application/rim+cbor; profile="http://arm.com/psa/iot/1"' + content-type: 'application/rim+cbor; profile="tag:arm.com,2025:psa#1.0.0"' response: status_code: 401 diff --git a/integration-tests/tests/test_verification_bad_session_attester.tavern.yaml b/integration-tests/tests/test_verification_bad_session_attester.tavern.yaml index 6e01c1b4..e5458143 100644 --- a/integration-tests/tests/test_verification_bad_session_attester.tavern.yaml +++ b/integration-tests/tests/test_verification_bad_session_attester.tavern.yaml @@ -25,7 +25,7 @@ stages: method: POST url: https://{provisioning-service}/endorsement-provisioning/v1/submit headers: - content-type: 'application/rim+cbor; profile="http://arm.com/psa/iot/1"' + content-type: 'application/rim+cbor; profile="tag:arm.com,2025:psa#1.0.0"' authorization: '{authorization}' # set via hook file_body: __generated__/endorsements/corim-{scheme}-{endorsements}.cbor response: diff --git a/integration-tests/utils/checkers.py b/integration-tests/utils/checkers.py index 3333f6ca..b620944e 100644 --- a/integration-tests/utils/checkers.py +++ b/integration-tests/utils/checkers.py @@ -33,11 +33,9 @@ def compare_to_expected_result(response, expected, verifier_key): expected_submods = json.load(fh) for key, expected_claims in expected_submods.items(): - try: - decoded_claims = decoded_submods[key] - print("Key exists in the dictionary.") - except KeyError: - print(f"Key {key} does not exist in the dictionary.") + decoded_claims = decoded_submods.get(key) + if decoded_claims is None: + raise AssertionError(f'submod "{key}" missing in attestation result') assert decoded_claims["ear.status"] == expected_claims["ear.status"] print(f"Evaluating Submod with SubModName {key}") diff --git a/integration-tests/utils/generators.py b/integration-tests/utils/generators.py index 7f2ab21a..b0de48d4 100644 --- a/integration-tests/utils/generators.py +++ b/integration-tests/utils/generators.py @@ -6,6 +6,7 @@ import shutil import tempfile import uuid +from datetime import datetime, timezone from util import update_json, run_command @@ -238,11 +239,14 @@ def generate_corim(corim_template, comid_templates, output_path): def sign_corim(unsigned_corim_path, signed_corim_path): meta_file = f'{GENDIR}/meta.json' + now = datetime.now(timezone.utc) meta_content = { "signer": { - "name": "Veraison Test Signer", - "uri": "https://veraison.example/test-signer", - "id": "Veraison Test Signer" + "name": "veraison-services-test" + }, + "validity": { + "not-before": now.isoformat(), + "not-after": now.replace(year=now.year + 20).isoformat(), } } diff --git a/integration-tests/utils/hooks.py b/integration-tests/utils/hooks.py index dbf9fd3a..32e418d8 100644 --- a/integration-tests/utils/hooks.py +++ b/integration-tests/utils/hooks.py @@ -54,11 +54,11 @@ def setup_provisioning_fail_empty_body(test, variables): def setup_cca_verify_challenge(test, variables): - _set_content_types(test, variables) + _set_cca_content_types(test, variables) _set_authorization(test, variables, 'provisioner') _set_alt_authorization(test, variables, 'manager') _set_nonce(test, variables) - generate_endorsements(test) + generate_cca_end_to_end_endorsements(test) generate_evidence_from_test(test) def setup_cca_end_to_end(test, variables): @@ -113,9 +113,9 @@ def _set_cca_content_types(test, variables): # Set platform and realm content types if corim_type == 'signed': # Use signed content types - variables['platform-en-content-type'] = 'application/rim+cose; profile="http://arm.com/cca/ssd/1"' - variables['realm-en-content-type'] = 'application/rim+cose; profile="http://arm.com/cca/realm/1"' + variables['platform-en-content-type'] = 'application/rim+cose; profile="tag:arm.com,2025:cca_platform#1.0.0"' + variables['realm-en-content-type'] = 'application/rim+cose; profile="tag:arm.com,2025:cca_realm#1.0.0"' else: # Use unsigned content types - variables['platform-en-content-type'] = 'application/rim+cbor; profile="http://arm.com/cca/ssd/1"' - variables['realm-en-content-type'] = 'application/rim+cbor; profile="http://arm.com/cca/realm/1"' + variables['platform-en-content-type'] = 'application/rim+cbor; profile="tag:arm.com,2025:cca_platform#1.0.0"' + variables['realm-en-content-type'] = 'application/rim+cbor; profile="tag:arm.com,2025:cca_realm#1.0.0"' diff --git a/scheme/arm-cca/corim.go b/scheme/arm-cca/corim.go deleted file mode 100644 index 0579d0ca..00000000 --- a/scheme/arm-cca/corim.go +++ /dev/null @@ -1,169 +0,0 @@ -// Copyright 2026 Contributors to the Veraison project. -// SPDX-License-Identifier: Apache-2.0 -package arm_cca - -import ( - "errors" - "fmt" - - "github.com/veraison/corim/comid" - "github.com/veraison/corim/corim" - "github.com/veraison/corim/extensions" - "github.com/veraison/eat" - "github.com/veraison/services/scheme/common" -) - -const ( - LegacyPlatformProfileString = "http://arm.com/cca/ssd/1" - LegacyRealmProfileString = "http://arm.com/cca/realm/1" - PlatformProfileString = "tag:arm.com,2023:cca_platform#1.0.0" - RealmProfileString = "tag:arm.com,2023:realm#1.0.0" -) - -func ValidatePlatformEnvironment(env *comid.Environment, isTrustAnchor bool) error { - if env.Class == nil { - return errors.New("class not set") - } - - if env.Class.ClassID == nil { - return errors.New("class ID not set") - } - - if env.Class.ClassID.Type() != comid.ImplIDType { - return fmt.Errorf("class ID: expected psa.impl-id, got %s", env.Class.ClassID.Type()) - } - - if isTrustAnchor { - if env.Instance == nil { - return errors.New("instance not set for trust anchor") - } - - if env.Instance.Type() != comid.UEIDType { - return fmt.Errorf("instance: expected UEID, got %s", env.Instance.Type()) - } - - } else if env.Instance != nil { - return errors.New("instance set for reference value") - } - - return nil -} - -func validateRealmEnvironment(env *comid.Environment) error { - if env.Instance == nil { - return errors.New("instance not set") - } - - if env.Instance.Type() != comid.BytesType { - return fmt.Errorf("instance: expected bytes, got %s", env.Instance.Type()) - } - - return nil -} - -func ValidateCryptoKeys(keys []*comid.CryptoKey) error { - if len(keys) != 1 { - return fmt.Errorf("expected exactly one key but got %d", len(keys)) - } - - if keys[0].Type() != comid.PKIXBase64KeyType { - return fmt.Errorf("trust anchor must be a PKIX base64 key, found: %s", keys[0].Type()) - } - - return nil -} - -func ValidatePlatformMeasurements(measurements []comid.Measurement) error { - for i, mea := range measurements { - if mea.Key == nil { - return fmt.Errorf("measurement %d key not set", i) - } - - switch mea.Key.Type() { - case comid.PSARefValIDType: - if mea.Val.Digests == nil { - return fmt.Errorf("measurement %d value: no digests", i) - } - case comid.CCAPlatformConfigIDType: - if mea.Val.RawValue == nil { - return fmt.Errorf("measurement %d value: no raw value", i) - } - default: - return fmt.Errorf("measurement %d key: unexpected type %s", i, mea.Key.Type()) - } - - } - - return nil -} - -func validateRealmMeasurements(measurements []comid.Measurement) error { - for i, mea := range measurements { - if mea.Val.RawValue == nil { - return fmt.Errorf("measurement %d: personalization (raw value) not set", i) - } - - if mea.Val.IntegrityRegisters == nil { - return fmt.Errorf("measurement %d integrity registers not set", i) - } - } - - return nil -} - -func init() { - platformProfileID, err := eat.NewProfile(PlatformProfileString) - if err != nil { - panic(err) - } - - legacyPlatformProfileID, err := eat.NewProfile(LegacyPlatformProfileString) - if err != nil { - panic(err) - } - - realmProfileID, err := eat.NewProfile(RealmProfileString) - if err != nil { - panic(err) - } - - legacyRealmProfileID, err := eat.NewProfile(LegacyRealmProfileString) - if err != nil { - panic(err) - } - - platformValidator := &common.TriplesValidator{ - TAEnviromentValidator: func(e *comid.Environment) error { - return ValidatePlatformEnvironment(e, true) - }, - RefValEnviromentValidator: func(e *comid.Environment) error { - return ValidatePlatformEnvironment(e, false) - }, - CryptoKeysValidator: ValidateCryptoKeys, - MeasurementsValidator: ValidatePlatformMeasurements, - } - platformExtMap := extensions.NewMap().Add(comid.ExtTriples, platformValidator) - - realmValidator := &common.TriplesValidator{ - EnviromentValidator: validateRealmEnvironment, - MeasurementsValidator: validateRealmMeasurements, - DisallowTAs: true, - } - realmExtMap := extensions.NewMap().Add(comid.ExtTriples, realmValidator) - - if err := corim.RegisterProfile(platformProfileID, platformExtMap); err != nil { - panic(err) - } - - if err := corim.RegisterProfile(legacyPlatformProfileID, platformExtMap); err != nil { - panic(err) - } - - if err := corim.RegisterProfile(realmProfileID, realmExtMap); err != nil { - panic(err) - } - - if err := corim.RegisterProfile(legacyRealmProfileID, realmExtMap); err != nil { - panic(err) - } -} diff --git a/scheme/arm-cca/corim_test.go b/scheme/arm-cca/corim_test.go index cfbd2dc2..78bcbc9c 100644 --- a/scheme/arm-cca/corim_test.go +++ b/scheme/arm-cca/corim_test.go @@ -17,47 +17,52 @@ func TestProfile(t *testing.T) { { Title: "platform bad no class", Input: corimCcaPlatformBadNoClass, - Err: "class not set", + Err: "environment.class is required", }, { Title: "platform bad TA no instance", Input: corimCcaPlatformBadTaNoInstance, - Err: "instance not set for trust anchor", + Err: "environment.instance (instance-id) is required", }, { Title: "platform bad TA bytes instance", Input: corimCcaPlatformBadTaInstance, - Err: "instance: expected UEID, got bytes", + Err: "instance-id must be of type 'ueid', got 'bytes'", }, { Title: "platform bad TA cert", Input: corimCcaPlatformBadTaCert, - Err: "trust anchor must be a PKIX base64 key, found: pkix-base64-cert", - }, - { - Title: "platform bad RefVal instance", - Input: corimCcaPlatformBadRefvalInstance, - Err: "instance set for reference value", + Err: "verification-key must be of type 'pkix-base64-key', got 'pkix-base64-cert'", }, { Title: "platform bad RefVal no mkey", Input: corimCcaPlatformBadRefvalNoMkey, - Err: "measurement 0 key not set", + Err: "mkey is mandatory but not set", }, { Title: "platform bad RefVal uint mkey", Input: corimCcaPlatformBadRefvalMkey, - Err: "measurement 0 key: unexpected type uint", + Err: "mkey must be of type 'string', got 'uint'", + }, + { + Title: "platform bad RefVal invalid string mkey", + Input: corimCcaPlatformBadRefvalMkeyString, + Err: "invalid mkey \"cca.bad-component\"", + }, + { + Title: "platform bad RefVal malformed cryptokeys", + Input: corimCcaPlatformBadRefvalCryptokeys, + Err: "cryptokeys (signer-id) must be of type 'bytes'", }, { Title: "platform bad RefVal no digest", Input: corimCcaPlatformBadRefvalNoDigests, - Err: "measurement 0 value: no digests", + Err: "digests field is mandatory but not set", }, { Title: "platform bad RefVal no raw value", Input: corimCcaPlatformBadRefvalNoRawValue, - Err: "measurement 0 value: no raw value", + Err: "raw-value is mandatory for cca.platform-config", }, { Title: "realm ok", @@ -66,22 +71,27 @@ func TestProfile(t *testing.T) { { Title: "realm bad instance", Input: corimCcaRealmBadInstance, - Err: "instance: expected bytes, got ueid", + Err: "RIM must be of type 'bytes', got 'uuid'", }, { Title: "realm bad no instance", Input: corimCcaRealmBadNoInstance, - Err: "instance not set", + Err: "environment.class is required for CCA Realm profile", }, { - Title: "realm bad no integ. registers", - Input: corimCcaRealmBadNoIntegRegs, - Err: "integrity registers not set", + Title: "realm bad no rim", + Input: corimCcaRealmBadNoRim, + Err: "RIM (cca.rim) measurement is mandatory but not found", }, { Title: "realm bad no raw value", Input: corimCcaRealmBadNoRawValue, - Err: "personalization (raw value) not set", + Err: "raw-value is mandatory for cca.rpv", + }, + { + Title: "realm bad no integ regs", + Input: corimCcaRealmBadNoIntegRegs, + Err: "digests field is mandatory but not set", }, } diff --git a/scheme/arm-cca/scheme.go b/scheme/arm-cca/scheme.go index 4fda77ad..2e0198e7 100644 --- a/scheme/arm-cca/scheme.go +++ b/scheme/arm-cca/scheme.go @@ -16,6 +16,7 @@ import ( "github.com/veraison/ccatoken/platform" "github.com/veraison/ccatoken/realm" "github.com/veraison/corim/comid" + "github.com/veraison/corim/profiles/cca" "github.com/veraison/ear" "github.com/veraison/services/handler" "github.com/veraison/services/log" @@ -29,10 +30,8 @@ var Descriptor = handler.SchemeDescriptor{ VersionMajor: 1, VersionMinor: 0, CorimProfiles: []string{ - LegacyPlatformProfileString, - LegacyRealmProfileString, - PlatformProfileString, - RealmProfileString, + cca.PlatformProfileURI, + cca.RealmProfileURI, }, EvidenceMediaTypes: []string{ `application/eat-collection; profile="http://arm.com/CCA-SSD/1.0.0"`, @@ -67,7 +66,7 @@ func (o *Implementation) GetTrustAnchorIDs( return nil, err } - classID, err := comid.NewImplIDClassID(implIDbytes) + classID, err := cca.NewPlatformImplIDClassID(implIDbytes) if err != nil { return nil, err } @@ -445,8 +444,11 @@ func matchPlatformClaimsToReferenceValues( } for _, measurement := range triple.Measurements.Values { - _, err = measurement.Key.GetCCAPlatformConfigID() - if err == nil { + // Check if this is a platform config measurement + if measurement.Key != nil && measurement.Key.IsSet() && + measurement.Key.Type() == comid.StringType && + measurement.Key.Value.String() == cca.CCAPlatformConfigMkey { + if measurement.Val.RawValue == nil { return false, false, errors.New("no raw value in platform config measurement") @@ -460,12 +462,9 @@ func matchPlatformClaimsToReferenceValues( continue } - // not platform config entry, therefore must be a S/W component entry. - refValID, err := measurement.Key.GetPSARefValID() - if err != nil { - return false, false, err - } - + // Not a platform-config entry. Treat any digest-bearing measurement as + // a software component reference. This is robust against profile-driven + // key-label changes while still requiring digest equality. if measurement.Val.Digests == nil { return false, false, errors.New("no digests in reference value measurement") } @@ -479,7 +478,18 @@ func matchPlatformClaimsToReferenceValues( } encoded := base64.StdEncoding.EncodeToString((*measurement.Val.Digests)[0].HashValue) - referenceValues[encoded] = [2]string{*refValID.Label, *refValID.Version} + // Extract label (mtype) and version from measurement value + label := "" + if measurement.Val.Name != nil { + label = *measurement.Val.Name + } + + version := "" + if measurement.Val.Ver != nil { + version = measurement.Val.Ver.Version + } + + referenceValues[encoded] = [2]string{label, version} } } diff --git a/scheme/arm-cca/test/corim/corim-cca-platform-bad-no-class.cbor b/scheme/arm-cca/test/corim/corim-cca-platform-bad-no-class.cbor index ce04c1a3..5472cd8d 100644 Binary files a/scheme/arm-cca/test/corim/corim-cca-platform-bad-no-class.cbor and b/scheme/arm-cca/test/corim/corim-cca-platform-bad-no-class.cbor differ diff --git a/scheme/arm-cca/test/corim/corim-cca-platform-bad-refval-cryptokeys.cbor b/scheme/arm-cca/test/corim/corim-cca-platform-bad-refval-cryptokeys.cbor new file mode 100644 index 00000000..7683d16b Binary files /dev/null and b/scheme/arm-cca/test/corim/corim-cca-platform-bad-refval-cryptokeys.cbor differ diff --git a/scheme/arm-cca/test/corim/corim-cca-platform-bad-refval-mkey-string.cbor b/scheme/arm-cca/test/corim/corim-cca-platform-bad-refval-mkey-string.cbor new file mode 100644 index 00000000..9321c288 Binary files /dev/null and b/scheme/arm-cca/test/corim/corim-cca-platform-bad-refval-mkey-string.cbor differ diff --git a/scheme/arm-cca/test/corim/corim-cca-platform-bad-refval-mkey.cbor b/scheme/arm-cca/test/corim/corim-cca-platform-bad-refval-mkey.cbor index 8eb00777..f0b6024a 100644 Binary files a/scheme/arm-cca/test/corim/corim-cca-platform-bad-refval-mkey.cbor and b/scheme/arm-cca/test/corim/corim-cca-platform-bad-refval-mkey.cbor differ diff --git a/scheme/arm-cca/test/corim/corim-cca-platform-bad-refval-no-digests.cbor b/scheme/arm-cca/test/corim/corim-cca-platform-bad-refval-no-digests.cbor index 39356b91..7655be72 100644 Binary files a/scheme/arm-cca/test/corim/corim-cca-platform-bad-refval-no-digests.cbor and b/scheme/arm-cca/test/corim/corim-cca-platform-bad-refval-no-digests.cbor differ diff --git a/scheme/arm-cca/test/corim/corim-cca-platform-bad-refval-no-mkey.cbor b/scheme/arm-cca/test/corim/corim-cca-platform-bad-refval-no-mkey.cbor index 02fb97e2..a20dc286 100644 Binary files a/scheme/arm-cca/test/corim/corim-cca-platform-bad-refval-no-mkey.cbor and b/scheme/arm-cca/test/corim/corim-cca-platform-bad-refval-no-mkey.cbor differ diff --git a/scheme/arm-cca/test/corim/corim-cca-platform-bad-refval-no-raw-value.cbor b/scheme/arm-cca/test/corim/corim-cca-platform-bad-refval-no-raw-value.cbor index 559a767d..1504c648 100644 Binary files a/scheme/arm-cca/test/corim/corim-cca-platform-bad-refval-no-raw-value.cbor and b/scheme/arm-cca/test/corim/corim-cca-platform-bad-refval-no-raw-value.cbor differ diff --git a/scheme/arm-cca/test/corim/corim-cca-platform-bad-ta-cert.cbor b/scheme/arm-cca/test/corim/corim-cca-platform-bad-ta-cert.cbor index 7fde69b3..cf02366b 100644 Binary files a/scheme/arm-cca/test/corim/corim-cca-platform-bad-ta-cert.cbor and b/scheme/arm-cca/test/corim/corim-cca-platform-bad-ta-cert.cbor differ diff --git a/scheme/arm-cca/test/corim/corim-cca-platform-bad-ta-instance.cbor b/scheme/arm-cca/test/corim/corim-cca-platform-bad-ta-instance.cbor index 7f3df6bd..7e9ac477 100644 Binary files a/scheme/arm-cca/test/corim/corim-cca-platform-bad-ta-instance.cbor and b/scheme/arm-cca/test/corim/corim-cca-platform-bad-ta-instance.cbor differ diff --git a/scheme/arm-cca/test/corim/corim-cca-platform-bad-ta-no-instance.cbor b/scheme/arm-cca/test/corim/corim-cca-platform-bad-ta-no-instance.cbor index ea2636df..554199f1 100644 Binary files a/scheme/arm-cca/test/corim/corim-cca-platform-bad-ta-no-instance.cbor and b/scheme/arm-cca/test/corim/corim-cca-platform-bad-ta-no-instance.cbor differ diff --git a/scheme/arm-cca/test/corim/corim-cca-platform-valid.cbor b/scheme/arm-cca/test/corim/corim-cca-platform-valid.cbor index a2b309e3..850d65c0 100644 Binary files a/scheme/arm-cca/test/corim/corim-cca-platform-valid.cbor and b/scheme/arm-cca/test/corim/corim-cca-platform-valid.cbor differ diff --git a/scheme/arm-cca/test/corim/corim-cca-realm-bad-instance.cbor b/scheme/arm-cca/test/corim/corim-cca-realm-bad-instance.cbor index 60e04369..26638efc 100644 Binary files a/scheme/arm-cca/test/corim/corim-cca-realm-bad-instance.cbor and b/scheme/arm-cca/test/corim/corim-cca-realm-bad-instance.cbor differ diff --git a/scheme/arm-cca/test/corim/corim-cca-realm-bad-no-instance.cbor b/scheme/arm-cca/test/corim/corim-cca-realm-bad-no-instance.cbor index e0ef1b84..72db6543 100644 Binary files a/scheme/arm-cca/test/corim/corim-cca-realm-bad-no-instance.cbor and b/scheme/arm-cca/test/corim/corim-cca-realm-bad-no-instance.cbor differ diff --git a/scheme/arm-cca/test/corim/corim-cca-realm-bad-no-integ-regs.cbor b/scheme/arm-cca/test/corim/corim-cca-realm-bad-no-integ-regs.cbor index 45419eee..afcfd25a 100644 Binary files a/scheme/arm-cca/test/corim/corim-cca-realm-bad-no-integ-regs.cbor and b/scheme/arm-cca/test/corim/corim-cca-realm-bad-no-integ-regs.cbor differ diff --git a/scheme/arm-cca/test/corim/corim-cca-realm-bad-no-raw-value.cbor b/scheme/arm-cca/test/corim/corim-cca-realm-bad-no-raw-value.cbor index 3964860a..46a79653 100644 Binary files a/scheme/arm-cca/test/corim/corim-cca-realm-bad-no-raw-value.cbor and b/scheme/arm-cca/test/corim/corim-cca-realm-bad-no-raw-value.cbor differ diff --git a/scheme/arm-cca/test/corim/corim-cca-realm-bad-no-rim.cbor b/scheme/arm-cca/test/corim/corim-cca-realm-bad-no-rim.cbor new file mode 100644 index 00000000..b0580224 Binary files /dev/null and b/scheme/arm-cca/test/corim/corim-cca-realm-bad-no-rim.cbor differ diff --git a/scheme/arm-cca/test/corim/corim-cca-realm-valid.cbor b/scheme/arm-cca/test/corim/corim-cca-realm-valid.cbor index 5816dbbe..4a11054f 100644 Binary files a/scheme/arm-cca/test/corim/corim-cca-realm-valid.cbor and b/scheme/arm-cca/test/corim/corim-cca-realm-valid.cbor differ diff --git a/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-no-class.json b/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-no-class.json index 63d1647d..d8b66d7c 100644 --- a/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-no-class.json +++ b/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-no-class.json @@ -1,24 +1,24 @@ { - "tag-identity": { - "id": "366D0A0A-5988-45ED-8488-2F2A544F6242", - "version": 0 - }, - "triples": { - "attester-verification-keys": [ - { - "environment": { - "instance": { - "type": "ueid", - "value": "AQICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC" - } - }, - "verification-keys": [ - { - "type": "pkix-base64-key", - "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEMKBCTNIcKUSDii11ySs3526iDZ8A\niTo7Tu6KPAqv7D7gS2XpJFbZiItSs3m9+9Ue6GnvHw/GW2ZZaVtszggXIw==\n-----END PUBLIC KEY-----" - } - ] - } - ] - } + "tag-identity": { + "id": "366D0A0A-5988-45ED-8488-2F2A544F6242", + "version": 0 + }, + "triples": { + "attester-verification-keys": [ + { + "environment": { + "instance": { + "type": "ueid", + "value": "AQICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC" + } + }, + "verification-keys": [ + { + "type": "pkix-base64-key", + "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEMKBCTNIcKUSDii11ySs3526iDZ8A\niTo7Tu6KPAqv7D7gS2XpJFbZiItSs3m9+9Ue6GnvHw/GW2ZZaVtszggXIw==\n-----END PUBLIC KEY-----" + } + ] + } + ] + } } diff --git a/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-refval-cryptokeys.json b/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-refval-cryptokeys.json new file mode 100644 index 00000000..bc91c5e5 --- /dev/null +++ b/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-refval-cryptokeys.json @@ -0,0 +1,40 @@ +{ + "tag-identity": { + "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", + "version": 0 + }, + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "bytes", + "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" + } + } + }, + "measurements": [ + { + "key": { + "type": "string", + "value": "cca.software-component" + }, + "value": { + "cryptokeys": [ + { + "type": "pkix-base64-key", + "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEMKBCTNIcKUSDii11ySs3526iDZ8A\niTo7Tu6KPAqv7D7gS2XpJFbZiItSs3m9+9Ue6GnvHw/GW2ZZaVtszggXIw==\n-----END PUBLIC KEY-----" + } + ], + "digests": [ + "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ], + "name": "BL" + } + } + ] + } + ] + } +} diff --git a/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-refval-instance.json b/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-refval-instance.json index 948078bb..34d280e7 100644 --- a/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-refval-instance.json +++ b/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-refval-instance.json @@ -1,98 +1,111 @@ { - "tag-identity": { - "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", - "version": 0 - }, - "triples": { - "reference-values": [ - { - "environment": { - "class": { - "id": { - "type": "psa.impl-id", - "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" - } - }, - "instance": { - "type": "ueid", - "value": "AQICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC" + "tag-identity": { + "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", + "version": 0 + }, + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "bytes", + "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" } }, - "measurements": [ - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "3.4.2", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } - }, - "value": { - "digests": [ - "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] - } + "instance": { + "type": "ueid", + "value": "AQICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC" + } + }, + "measurements": [ + { + "key": { + "type": "string", + "value": "cca.software-component" }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M1", - "version": "1.2.0", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + "value": { + "cryptokeys": [ + { + "type": "bytes", + "value": "01234567890123456789012345678901" } - }, - "value": { - "digests": [ - "sha-256:CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] - } + ], + "digests": [ + "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ], + "name": "BL" + } + }, + { + "key": { + "type": "string", + "value": "cca.software-component" }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M2", - "version": "1.2.3", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + "value": { + "cryptokeys": [ + { + "type": "bytes", + "value": "01234567890123456789012345678901" } - }, - "value": { - "digests": [ - "sha-256:DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] - } + ], + "digests": [ + "sha-256:CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ], + "name": "M1" + } + }, + { + "key": { + "type": "string", + "value": "cca.software-component" }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M3", - "version": "1.0.0", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + "value": { + "cryptokeys": [ + { + "type": "bytes", + "value": "01234567890123456789012345678901" } - }, - "value": { - "digests": [ - "sha-256:EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] - } + ], + "digests": [ + "sha-256:DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ], + "name": "M2" + } + }, + { + "key": { + "type": "string", + "value": "cca.software-component" }, - { - "key": { - "type": "cca.platform-config-id", - "value": "cfg v1.0.0" - }, - "value": { - "raw-value": { + "value": { + "cryptokeys": [ + { "type": "bytes", - "value": "AQID" + "value": "01234567890123456789012345678901" } - } + ], + "digests": [ + "sha-256:EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ], + "name": "M3" + } + }, + { + "key": { + "type": "string", + "value": "cca.platform-config" + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "AQID" + }, + "raw-value-mask": "AQID" } - ] - } - ] - } + } + ] + } + ] } +} diff --git a/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-refval-mkey-string.json b/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-refval-mkey-string.json new file mode 100644 index 00000000..13894a9d --- /dev/null +++ b/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-refval-mkey-string.json @@ -0,0 +1,40 @@ +{ + "tag-identity": { + "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", + "version": 0 + }, + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "bytes", + "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" + } + } + }, + "measurements": [ + { + "key": { + "type": "string", + "value": "cca.bad-component" + }, + "value": { + "cryptokeys": [ + { + "type": "bytes", + "value": "01234567890123456789012345678901" + } + ], + "digests": [ + "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ], + "name": "BL" + } + } + ] + } + ] + } +} diff --git a/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-refval-mkey.json b/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-refval-mkey.json index ade7c3de..f4ee8de1 100644 --- a/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-refval-mkey.json +++ b/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-refval-mkey.json @@ -9,7 +9,7 @@ "environment": { "class": { "id": { - "type": "psa.impl-id", + "type": "bytes", "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" } } diff --git a/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-refval-no-digests.json b/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-refval-no-digests.json index 3f9d4297..3ba2ff47 100644 --- a/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-refval-no-digests.json +++ b/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-refval-no-digests.json @@ -1,38 +1,35 @@ { - "tag-identity": { - "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", - "version": 0 - }, - "triples": { - "reference-values": [ - { - "environment": { - "class": { - "id": { - "type": "psa.impl-id", - "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" - } + "tag-identity": { + "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", + "version": 0 + }, + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "bytes", + "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" } - }, - "measurements": [ - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "3.4.2", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } - }, - "value": { - "raw-value": { - "type": "bytes", - "value": "AQID" - } + } + }, + "measurements": [ + { + "key": { + "type": "string", + "value": "cca.software-component" + }, + "value": { + "name": "BL", + "raw-value": { + "type": "bytes", + "value": "AQID" } } - ] - } - ] - } + } + ] + } + ] } +} diff --git a/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-refval-no-mkey.json b/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-refval-no-mkey.json index 944d3a3f..9917e47d 100644 --- a/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-refval-no-mkey.json +++ b/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-refval-no-mkey.json @@ -9,7 +9,7 @@ "environment": { "class": { "id": { - "type": "psa.impl-id", + "type": "bytes", "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" } } diff --git a/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-refval-no-raw-value.json b/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-refval-no-raw-value.json index c67b93d8..ba8a33cb 100644 --- a/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-refval-no-raw-value.json +++ b/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-refval-no-raw-value.json @@ -1,33 +1,33 @@ { - "tag-identity": { - "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", - "version": 0 - }, - "triples": { - "reference-values": [ - { - "environment": { - "class": { - "id": { - "type": "psa.impl-id", - "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" - } + "tag-identity": { + "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", + "version": 0 + }, + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "bytes", + "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" } - }, - "measurements": [ - { - "key": { - "type": "cca.platform-config-id", - "value": "cfg v1.0.0" - }, - "value": { - "digests": [ - "sha-256:CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] - } + } + }, + "measurements": [ + { + "key": { + "type": "string", + "value": "cca.platform-config" + }, + "value": { + "digests": [ + "sha-256:CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ] } - ] - } - ] - } + } + ] + } + ] } +} diff --git a/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-ta-cert.json b/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-ta-cert.json index fc13de01..917b24d0 100644 --- a/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-ta-cert.json +++ b/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-ta-cert.json @@ -9,7 +9,7 @@ "environment": { "class": { "id": { - "type": "psa.impl-id", + "type": "bytes", "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" } }, diff --git a/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-ta-instance.json b/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-ta-instance.json index 0b384f3a..ba27dc96 100644 --- a/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-ta-instance.json +++ b/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-ta-instance.json @@ -9,7 +9,7 @@ "environment": { "class": { "id": { - "type": "psa.impl-id", + "type": "bytes", "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" } }, diff --git a/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-ta-no-instance.json b/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-ta-no-instance.json index 2ab314a7..c849ea1f 100644 --- a/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-ta-no-instance.json +++ b/scheme/arm-cca/test/corim/src/comid-cca-platform-bad-ta-no-instance.json @@ -9,7 +9,7 @@ "environment": { "class": { "id": { - "type": "psa.impl-id", + "type": "bytes", "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" } } diff --git a/scheme/arm-cca/test/corim/src/comid-cca-platform-refval.json b/scheme/arm-cca/test/corim/src/comid-cca-platform-refval.json index 3aabfb34..c495ad27 100644 --- a/scheme/arm-cca/test/corim/src/comid-cca-platform-refval.json +++ b/scheme/arm-cca/test/corim/src/comid-cca-platform-refval.json @@ -1,94 +1,107 @@ { - "tag-identity": { - "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", - "version": 0 - }, - "triples": { - "reference-values": [ - { - "environment": { - "class": { - "id": { - "type": "psa.impl-id", - "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" - } + "tag-identity": { + "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", + "version": 0 + }, + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "bytes", + "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" } - }, - "measurements": [ - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "3.4.2", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } - }, - "value": { - "digests": [ - "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] - } + } + }, + "measurements": [ + { + "key": { + "type": "string", + "value": "cca.software-component" }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M1", - "version": "1.2.0", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + "value": { + "cryptokeys": [ + { + "type": "bytes", + "value": "01234567890123456789012345678901" } - }, - "value": { - "digests": [ - "sha-256:CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] - } + ], + "digests": [ + "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ], + "name": "BL" + } + }, + { + "key": { + "type": "string", + "value": "cca.software-component" }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M2", - "version": "1.2.3", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + "value": { + "cryptokeys": [ + { + "type": "bytes", + "value": "01234567890123456789012345678901" } - }, - "value": { - "digests": [ - "sha-256:DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] - } + ], + "digests": [ + "sha-256:CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ], + "name": "M1" + } + }, + { + "key": { + "type": "string", + "value": "cca.software-component" }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M3", - "version": "1.0.0", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + "value": { + "cryptokeys": [ + { + "type": "bytes", + "value": "01234567890123456789012345678901" } - }, - "value": { - "digests": [ - "sha-256:EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] - } + ], + "digests": [ + "sha-256:DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ], + "name": "M2" + } + }, + { + "key": { + "type": "string", + "value": "cca.software-component" }, - { - "key": { - "type": "cca.platform-config-id", - "value": "cfg v1.0.0" - }, - "value": { - "raw-value": { + "value": { + "cryptokeys": [ + { "type": "bytes", - "value": "AQID" + "value": "01234567890123456789012345678901" } - } + ], + "digests": [ + "sha-256:EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ], + "name": "M3" + } + }, + { + "key": { + "type": "string", + "value": "cca.platform-config" + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "AQID" + }, + "raw-value-mask": "AQID" } - ] - } - ] - } + } + ] + } + ] } +} diff --git a/scheme/arm-cca/test/corim/src/comid-cca-platform-ta.json b/scheme/arm-cca/test/corim/src/comid-cca-platform-ta.json index 03f82130..f3e5906f 100644 --- a/scheme/arm-cca/test/corim/src/comid-cca-platform-ta.json +++ b/scheme/arm-cca/test/corim/src/comid-cca-platform-ta.json @@ -9,7 +9,7 @@ "environment": { "class": { "id": { - "type": "psa.impl-id", + "type": "bytes", "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" } }, diff --git a/scheme/arm-cca/test/corim/src/comid-cca-realm-bad-instance.json b/scheme/arm-cca/test/corim/src/comid-cca-realm-bad-instance.json index 9f11cf2b..f679cd83 100644 --- a/scheme/arm-cca/test/corim/src/comid-cca-realm-bad-instance.json +++ b/scheme/arm-cca/test/corim/src/comid-cca-realm-bad-instance.json @@ -7,49 +7,78 @@ "reference-values": [ { "environment": { - "instance": { - "type": "ueid", - "value": "AQICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC" + "class": { + "id": { + "type": "uuid", + "value": "43BBE37F-2E61-4B33-AED3-53CFF1428B16" + } } }, "measurements": [ { + "key": { + "type": "string", + "value": "cca.rim" + }, + "value": { + "digests": [ + "sha-512:Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + } + }, + { + "key": { + "type": "string", + "value": "cca.rem0" + }, + "value": { + "digests": [ + "sha-512:Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + } + }, + { + "key": { + "type": "string", + "value": "cca.rem1" + }, + "value": { + "digests": [ + "sha-512:Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + } + }, + { + "key": { + "type": "string", + "value": "cca.rem2" + }, + "value": { + "digests": [ + "sha-512:Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + } + }, + { + "key": { + "type": "string", + "value": "cca.rem3" + }, + "value": { + "digests": [ + "sha-512:Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + } + }, + { + "key": { + "type": "string", + "value": "cca.rpv" + }, "value": { "raw-value": { "type": "bytes", "value": "QURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBRA==" - }, - "integrity-registers": { - "rim": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - }, - "rem0": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - }, - "rem1": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - }, - "rem2": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - }, - "rem3": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - } } } } diff --git a/scheme/arm-cca/test/corim/src/comid-cca-realm-bad-no-instance.json b/scheme/arm-cca/test/corim/src/comid-cca-realm-bad-no-instance.json index 6f1bf82d..eb1b6cbe 100644 --- a/scheme/arm-cca/test/corim/src/comid-cca-realm-bad-no-instance.json +++ b/scheme/arm-cca/test/corim/src/comid-cca-realm-bad-no-instance.json @@ -7,51 +7,76 @@ "reference-values": [ { "environment": { - "class": { - "id": { - "type": "psa.impl-id", - "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" - } - } + "instance": { + "type": "bytes", + "value": "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + } }, "measurements": [ { + "key": { + "type": "string", + "value": "cca.rim" + }, + "value": { + "digests": [ + "sha-512:Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + } + }, + { + "key": { + "type": "string", + "value": "cca.rem0" + }, + "value": { + "digests": [ + "sha-512:Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + } + }, + { + "key": { + "type": "string", + "value": "cca.rem1" + }, + "value": { + "digests": [ + "sha-512:Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + } + }, + { + "key": { + "type": "string", + "value": "cca.rem2" + }, + "value": { + "digests": [ + "sha-512:Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + } + }, + { + "key": { + "type": "string", + "value": "cca.rem3" + }, + "value": { + "digests": [ + "sha-512:Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + } + }, + { + "key": { + "type": "string", + "value": "cca.rpv" + }, "value": { "raw-value": { "type": "bytes", "value": "QURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBRA==" - }, - "integrity-registers": { - "rim": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - }, - "rem0": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - }, - "rem1": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - }, - "rem2": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - }, - "rem3": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - } } } } diff --git a/scheme/arm-cca/test/corim/src/comid-cca-realm-bad-no-integ-regs.json b/scheme/arm-cca/test/corim/src/comid-cca-realm-bad-no-integ-regs.json index 0b698313..1b25f75a 100644 --- a/scheme/arm-cca/test/corim/src/comid-cca-realm-bad-no-integ-regs.json +++ b/scheme/arm-cca/test/corim/src/comid-cca-realm-bad-no-integ-regs.json @@ -7,13 +7,28 @@ "reference-values": [ { "environment": { - "instance": { - "type": "bytes", - "value": "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + "class": { + "id": { + "type": "bytes", + "value": "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + } } }, "measurements": [ { + "key": { + "type": "string", + "value": "cca.rim" + }, + "value": { + "name": "RIM" + } + }, + { + "key": { + "type": "string", + "value": "cca.rpv" + }, "value": { "raw-value": { "type": "bytes", diff --git a/scheme/arm-cca/test/corim/src/comid-cca-realm-bad-no-raw-value.json b/scheme/arm-cca/test/corim/src/comid-cca-realm-bad-no-raw-value.json index 56c66fb9..d7c70a35 100644 --- a/scheme/arm-cca/test/corim/src/comid-cca-realm-bad-no-raw-value.json +++ b/scheme/arm-cca/test/corim/src/comid-cca-realm-bad-no-raw-value.json @@ -7,46 +7,78 @@ "reference-values": [ { "environment": { - "instance": { - "type": "bytes", - "value": "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + "class": { + "id": { + "type": "bytes", + "value": "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + } } }, "measurements": [ { + "key": { + "type": "string", + "value": "cca.rim" + }, + "value": { + "digests": [ + "sha-512:Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + } + }, + { + "key": { + "type": "string", + "value": "cca.rem0" + }, + "value": { + "digests": [ + "sha-512:Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + } + }, + { + "key": { + "type": "string", + "value": "cca.rem1" + }, + "value": { + "digests": [ + "sha-512:Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + } + }, + { + "key": { + "type": "string", + "value": "cca.rem2" + }, + "value": { + "digests": [ + "sha-512:Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + } + }, + { + "key": { + "type": "string", + "value": "cca.rem3" + }, + "value": { + "digests": [ + "sha-512:Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + } + }, + { + "key": { + "type": "string", + "value": "cca.rpv" + }, "value": { - "integrity-registers": { - "rim": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - }, - "rem0": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - }, - "rem1": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - }, - "rem2": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - }, - "rem3": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - } - } + "digests": [ + "sha-256:Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0M=" + ] } } ] diff --git a/scheme/arm-cca/test/corim/src/comid-cca-realm-bad-no-rim.json b/scheme/arm-cca/test/corim/src/comid-cca-realm-bad-no-rim.json new file mode 100644 index 00000000..aab3eac6 --- /dev/null +++ b/scheme/arm-cca/test/corim/src/comid-cca-realm-bad-no-rim.json @@ -0,0 +1,45 @@ +{ + "tag-identity": { + "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", + "version": 0 + }, + "triples": { + "reference-values": [ + { + "environment": { + "class": { + "id": { + "type": "bytes", + "value": "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + } + } + }, + "measurements": [ + { + "key": { + "type": "string", + "value": "cca.rem0" + }, + "value": { + "digests": [ + "sha-512:Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + } + }, + { + "key": { + "type": "string", + "value": "cca.rpv" + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "QURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBRA==" + } + } + } + ] + } + ] + } +} diff --git a/scheme/arm-cca/test/corim/src/comid-cca-realm-refval.json b/scheme/arm-cca/test/corim/src/comid-cca-realm-refval.json index e3a37275..da5a11ac 100644 --- a/scheme/arm-cca/test/corim/src/comid-cca-realm-refval.json +++ b/scheme/arm-cca/test/corim/src/comid-cca-realm-refval.json @@ -7,49 +7,78 @@ "reference-values": [ { "environment": { - "instance": { - "type": "bytes", - "value": "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + "class": { + "id": { + "type": "bytes", + "value": "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + } } }, "measurements": [ { + "key": { + "type": "string", + "value": "cca.rim" + }, + "value": { + "digests": [ + "sha-512:Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + } + }, + { + "key": { + "type": "string", + "value": "cca.rem0" + }, + "value": { + "digests": [ + "sha-512:Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + } + }, + { + "key": { + "type": "string", + "value": "cca.rem1" + }, + "value": { + "digests": [ + "sha-512:Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + } + }, + { + "key": { + "type": "string", + "value": "cca.rem2" + }, + "value": { + "digests": [ + "sha-512:Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + } + }, + { + "key": { + "type": "string", + "value": "cca.rem3" + }, + "value": { + "digests": [ + "sha-512:Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" + ] + } + }, + { + "key": { + "type": "string", + "value": "cca.rpv" + }, "value": { "raw-value": { "type": "bytes", "value": "QURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBRA==" - }, - "integrity-registers": { - "rim": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - }, - "rem0": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - }, - "rem1": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - }, - "rem2": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - }, - "rem3": { - "key-type": "text", - "value": [ - "sha-512;Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" - ] - } } } } diff --git a/scheme/arm-cca/test/corim/src/corim-cca-platform.json b/scheme/arm-cca/test/corim/src/corim-cca-platform.json index f1bac236..e5281a06 100644 --- a/scheme/arm-cca/test/corim/src/corim-cca-platform.json +++ b/scheme/arm-cca/test/corim/src/corim-cca-platform.json @@ -1,12 +1,10 @@ { "corim-id": "00000000-0000-0000-cca6-000000000000", - "profile": "http://arm.com/cca/ssd/1", "entities": [ { "name": "Veraison Project", - "roles": [ - "manifestCreator" - ] + "roles": ["manifestCreator"] } - ] + ], + "profile": "tag:arm.com,2025:cca_platform#1.0.0" } diff --git a/scheme/arm-cca/test/corim/src/corim-cca-realm.json b/scheme/arm-cca/test/corim/src/corim-cca-realm.json index 514c8363..d2e64a5a 100644 --- a/scheme/arm-cca/test/corim/src/corim-cca-realm.json +++ b/scheme/arm-cca/test/corim/src/corim-cca-realm.json @@ -1,12 +1,10 @@ { "corim-id": "00000000-0000-0000-cca4-000000000000", - "profile": "http://arm.com/cca/realm/1", "entities": [ { "name": "Veraison Project", - "roles": [ - "manifestCreator" - ] + "roles": ["manifestCreator"] } - ] + ], + "profile": "tag:arm.com,2025:cca_realm#1.0.0" } diff --git a/scheme/arm-cca/test/corim/src/platform-corims.yaml b/scheme/arm-cca/test/corim/src/platform-corims.yaml index a274c241..da46ccb5 100644 --- a/scheme/arm-cca/test/corim/src/platform-corims.yaml +++ b/scheme/arm-cca/test/corim/src/platform-corims.yaml @@ -13,12 +13,14 @@ comids: - comid-cca-platform-bad-ta-instance cca-platform-bad-ta-cert: - comid-cca-platform-bad-ta-cert - cca-platform-bad-refval-instance: - - comid-cca-platform-bad-refval-instance cca-platform-bad-refval-no-mkey: - comid-cca-platform-bad-refval-no-mkey cca-platform-bad-refval-mkey: - comid-cca-platform-bad-refval-mkey + cca-platform-bad-refval-mkey-string: + - comid-cca-platform-bad-refval-mkey-string + cca-platform-bad-refval-cryptokeys: + - comid-cca-platform-bad-refval-cryptokeys cca-platform-bad-refval-no-digests: - comid-cca-platform-bad-refval-no-digests cca-platform-bad-refval-no-raw-value: diff --git a/scheme/arm-cca/test/corim/src/realm-corims.yaml b/scheme/arm-cca/test/corim/src/realm-corims.yaml index eb30ff90..fef85ca9 100644 --- a/scheme/arm-cca/test/corim/src/realm-corims.yaml +++ b/scheme/arm-cca/test/corim/src/realm-corims.yaml @@ -8,6 +8,8 @@ comids: - comid-cca-realm-bad-instance cca-realm-bad-no-instance: - comid-cca-realm-bad-no-instance + cca-realm-bad-no-rim: + - comid-cca-realm-bad-no-rim cca-realm-bad-no-integ-regs: - comid-cca-realm-bad-no-integ-regs cca-realm-bad-no-raw-value: diff --git a/scheme/arm-cca/test_vars.go b/scheme/arm-cca/test_vars.go index af932719..67a285c8 100644 --- a/scheme/arm-cca/test_vars.go +++ b/scheme/arm-cca/test_vars.go @@ -10,9 +10,15 @@ var ( //go:embed test/corim/corim-cca-platform-bad-no-class.cbor corimCcaPlatformBadNoClass []byte + //go:embed test/corim/corim-cca-platform-bad-refval-cryptokeys.cbor + corimCcaPlatformBadRefvalCryptokeys []byte + //go:embed test/corim/corim-cca-platform-bad-refval-instance.cbor corimCcaPlatformBadRefvalInstance []byte + //go:embed test/corim/corim-cca-platform-bad-refval-mkey-string.cbor + corimCcaPlatformBadRefvalMkeyString []byte + //go:embed test/corim/corim-cca-platform-bad-refval-mkey.cbor corimCcaPlatformBadRefvalMkey []byte @@ -49,6 +55,9 @@ var ( //go:embed test/corim/corim-cca-realm-bad-no-raw-value.cbor corimCcaRealmBadNoRawValue []byte + //go:embed test/corim/corim-cca-realm-bad-no-rim.cbor + corimCcaRealmBadNoRim []byte + //go:embed test/corim/corim-cca-realm-valid.cbor corimCcaRealmValid []byte ) diff --git a/scheme/parsec-cca/corim.go b/scheme/parsec-cca/corim.go index d6a847c2..dd91ee35 100644 --- a/scheme/parsec-cca/corim.go +++ b/scheme/parsec-cca/corim.go @@ -6,9 +6,8 @@ import ( "github.com/veraison/corim/comid" "github.com/veraison/corim/corim" "github.com/veraison/corim/extensions" + "github.com/veraison/corim/profiles/cca" "github.com/veraison/eat" - arm_cca "github.com/veraison/services/scheme/arm-cca" - "github.com/veraison/services/scheme/common" ) const ProfileString = "tag:github.com/parallaxsecond,2023-03-03:cca" @@ -19,18 +18,7 @@ func init() { panic(err) } - validator := &common.TriplesValidator{ - TAEnviromentValidator: func(e *comid.Environment) error { - return arm_cca.ValidatePlatformEnvironment(e, true) - }, - RefValEnviromentValidator: func(e *comid.Environment) error { - return arm_cca.ValidatePlatformEnvironment(e, false) - }, - CryptoKeysValidator: arm_cca.ValidateCryptoKeys, - MeasurementsValidator: arm_cca.ValidatePlatformMeasurements, - } - - extMap := extensions.NewMap().Add(comid.ExtTriples, validator) + extMap := extensions.NewMap().Add(comid.ExtTriples, &cca.PlatformTriplesExtensions{}) if err := corim.RegisterProfile(profileID, extMap); err != nil { panic(err) } diff --git a/scheme/parsec-cca/scheme.go b/scheme/parsec-cca/scheme.go index e313fe40..69cb778c 100644 --- a/scheme/parsec-cca/scheme.go +++ b/scheme/parsec-cca/scheme.go @@ -6,6 +6,7 @@ import ( "fmt" "github.com/veraison/corim/comid" + "github.com/veraison/corim/profiles/cca" "github.com/veraison/ear" "github.com/veraison/go-cose" parsec_cca "github.com/veraison/parsec/cca" @@ -59,7 +60,7 @@ func (o *Implementation) GetTrustAnchorIDs( return nil, err } - classID, err := comid.NewImplIDClassID(implIDbytes) + classID, err := cca.NewPlatformImplIDClassID(implIDbytes) if err != nil { return nil, err } diff --git a/scheme/parsec-cca/test/corim/corim-parsec-cca-valid.cbor b/scheme/parsec-cca/test/corim/corim-parsec-cca-valid.cbor index f8555f88..bf10866f 100644 Binary files a/scheme/parsec-cca/test/corim/corim-parsec-cca-valid.cbor and b/scheme/parsec-cca/test/corim/corim-parsec-cca-valid.cbor differ diff --git a/scheme/parsec-cca/test/corim/src/comid-parsec-cca-refval.json b/scheme/parsec-cca/test/corim/src/comid-parsec-cca-refval.json index 7f6929ff..202eaa03 100644 --- a/scheme/parsec-cca/test/corim/src/comid-parsec-cca-refval.json +++ b/scheme/parsec-cca/test/corim/src/comid-parsec-cca-refval.json @@ -1,106 +1,119 @@ { - "lang": "en-GB", - "tag-identity": { - "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", - "version": 0 - }, - "entities": [ - { - "name": "ACME Ltd.", - "regid": "https://acme.example", + "lang": "en-GB", + "tag-identity": { + "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16", + "version": 0 + }, + "entities": [ + { + "name": "ACME Ltd.", + "regid": "https://acme.example", "roles": [ "tagCreator", "creator", "maintainer" ] - } - ], - "triples": { - "reference-values": [ - { + } + ], + "triples": { + "reference-values": [ + { "environment": { "class": { "id": { - "type": "psa.impl-id", + "type": "bytes", "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" } } }, - "measurements": [ - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "3.4.2", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - } - }, - "value": { - "digests": [ - "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] - } + "measurements": [ + { + "key": { + "type": "string", + "value": "cca.software-component" }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M1", - "version": "1.2.0", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + "value": { + "cryptokeys": [ + { + "type": "bytes", + "value": "01234567890123456789012345678901" } - }, - "value": { - "digests": [ - "sha-256:CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] - } + ], + "digests": [ + "sha-256:BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ], + "name": "BL" + } + }, + { + "key": { + "type": "string", + "value": "cca.software-component" }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M2", - "version": "1.2.3", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + "value": { + "cryptokeys": [ + { + "type": "bytes", + "value": "01234567890123456789012345678901" } - }, - "value": { - "digests": [ - "sha-256:DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] - } + ], + "digests": [ + "sha-256:CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ], + "name": "M1" + } + }, + { + "key": { + "type": "string", + "value": "cca.software-component" }, - { - "key": { - "type": "psa.refval-id", - "value": { - "label": "M3", - "version": "1.0.0", - "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + "value": { + "cryptokeys": [ + { + "type": "bytes", + "value": "01234567890123456789012345678901" } - }, - "value": { - "digests": [ - "sha-256:EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" - ] - } + ], + "digests": [ + "sha-256:DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ], + "name": "M2" + } + }, + { + "key": { + "type": "string", + "value": "cca.software-component" }, - { - "key": { - "type": "cca.platform-config-id", - "value": "cfg v1.0.0" - }, - "value": { - "raw-value": { + "value": { + "cryptokeys": [ + { "type": "bytes", - "value": "AQID" + "value": "01234567890123456789012345678901" } - } + ], + "digests": [ + "sha-256:EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=" + ], + "name": "M3" } - ] - } - ] - } + }, + { + "key": { + "type": "string", + "value": "cca.platform-config" + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "AQID" + }, + "raw-value-mask": "AQID" + } + } + ] + } + ] } +} diff --git a/scheme/parsec-cca/test/corim/src/comid-parsec-cca-ta.json b/scheme/parsec-cca/test/corim/src/comid-parsec-cca-ta.json index f1aab713..429e1386 100644 --- a/scheme/parsec-cca/test/corim/src/comid-parsec-cca-ta.json +++ b/scheme/parsec-cca/test/corim/src/comid-parsec-cca-ta.json @@ -19,7 +19,7 @@ "environment": { "class": { "id": { - "type": "psa.impl-id", + "type": "bytes", "value": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" } }, diff --git a/scheme/psa-iot/corim.go b/scheme/psa-iot/corim.go deleted file mode 100644 index 5780a644..00000000 --- a/scheme/psa-iot/corim.go +++ /dev/null @@ -1,94 +0,0 @@ -// Copyright 2026 Contributors to the Veraison project. -// SPDX-License-Identifier: Apache-2.0 -package psa_iot - -import ( - "errors" - "fmt" - - "github.com/veraison/corim/comid" - "github.com/veraison/corim/corim" - "github.com/veraison/corim/extensions" - "github.com/veraison/eat" - "github.com/veraison/services/scheme/common" -) - -const ProfileString = "http://arm.com/psa/iot/1" - -func validateEnvironment(env *comid.Environment, isTrustAnchor bool) error { - if env.Class == nil { - return errors.New("class missing") - } - - if env.Class.ClassID == nil { - return errors.New("class ID missing") - } - - if env.Class.ClassID.Type() != comid.ImplIDType { - return fmt.Errorf("class ID: expected psa.impl-id, got %s", env.Class.ClassID.Type()) - } - - if isTrustAnchor { - if env.Instance == nil { - return errors.New("instance not set for trust anchor") - } - - if env.Instance.Type() != comid.UEIDType { - return fmt.Errorf("instance: expected UEID, got %s", env.Instance.Type()) - } - - } else if env.Instance != nil { - return errors.New("instance set for reference value") - } - - return nil -} - -func validateCryptoKeys(keys []*comid.CryptoKey) error { - if len(keys) != 1 { - return fmt.Errorf("expected exactly one key but got %d", len(keys)) - } - - if keys[0].Type() != comid.PKIXBase64KeyType { - return fmt.Errorf("trust anchor must be a PKIX base64 key, found: %s", keys[0].Type()) - } - - return nil -} - -func validateMeasurements(measurements []comid.Measurement) error { - for i, mea := range measurements { - if mea.Key.Type() != comid.PSARefValIDType { - return fmt.Errorf("measurement %d key: expected psa.refval-id, got %s", i, mea.Key.Type()) - } - - if mea.Val.Digests == nil { - return fmt.Errorf("measurement %d value: no digests", i) - } - } - - return nil -} - -func init() { - profileID, err := eat.NewProfile(ProfileString) - if err != nil { - panic(err) - } - - validator := &common.TriplesValidator{ - TAEnviromentValidator: func(e *comid.Environment) error { - return validateEnvironment(e, true) - }, - RefValEnviromentValidator: func(e *comid.Environment) error { - return validateEnvironment(e, false) - }, - CryptoKeysValidator: validateCryptoKeys, - MeasurementsValidator: validateMeasurements, - } - - extMap := extensions.NewMap().Add(comid.ExtTriples, validator) - if err := corim.RegisterProfile(profileID, extMap); err != nil { - panic(err) - } -} diff --git a/scheme/psa-iot/corim_test.go b/scheme/psa-iot/corim_test.go index fd0db8a1..093297e7 100644 --- a/scheme/psa-iot/corim_test.go +++ b/scheme/psa-iot/corim_test.go @@ -17,37 +17,27 @@ func TestProfile(t *testing.T) { { Title: "bad wring class ID type", Input: corimPsaBadClass, - Err: "class ID: expected psa.impl-id, got uuid", + Err: "implementation-id must be of type 'bytes', got 'uuid'", }, { Title: "bad wring instance type", Input: corimPsaBadInstance, - Err: "instance: expected UEID, got uuid", + Err: "instance-id must be of type 'ueid', got 'uuid'", }, { Title: "bad TA no instance", Input: corimPsaBadTaNoInstance, - Err: "instance not set for trust anchor", - }, - { - Title: "bad RefVal instance", - Input: corimPsaBadRefvalInstance, - Err: "instance set for reference value", + Err: "environment.instance (instance-id) is required", }, { Title: "bad TA cert", Input: corimPsaBadTaCert, - Err: "trust anchor must be a PKIX base64 key, found: pkix-base64-cert", + Err: "verification-key must be of type 'pkix-base64-key', got 'pkix-base64-cert'", }, { Title: "bad RefVal uint mkey", Input: corimPsaBadRefvalMkey, - Err: "measurement 1 key: expected psa.refval-id, got uint", - }, - { - Title: "bad RefVal mval no digests", - Input: corimPsaBadRefvalMval, - Err: "measurement 0 value: no digests", + Err: "mkey must be of type 'string', got 'uint'", }, } diff --git a/scheme/psa-iot/scheme.go b/scheme/psa-iot/scheme.go index 61d1fe14..3cc48180 100644 --- a/scheme/psa-iot/scheme.go +++ b/scheme/psa-iot/scheme.go @@ -11,6 +11,7 @@ import ( "fmt" "github.com/veraison/corim/comid" + "github.com/veraison/corim/profiles/psa" "github.com/veraison/ear" "github.com/veraison/psatoken" "github.com/veraison/services/handler" @@ -25,7 +26,7 @@ var Descriptor = handler.SchemeDescriptor{ VersionMajor: 1, VersionMinor: 0, CorimProfiles: []string{ - ProfileString, + psa.ProfileURI, }, EvidenceMediaTypes: []string{ "application/psa-attestation-token", @@ -63,7 +64,7 @@ func (o *Implementation) GetTrustAnchorIDs( return nil, err } - classID, err := comid.NewImplIDClassID(implIDbytes) + classID, err := psa.NewImplIDClassID(implIDbytes) if err != nil { return nil, err } @@ -222,11 +223,6 @@ func matchClaimsToReferenceValues( referenceValues := make(map[string][2]string) for _, triple := range endorsements { for _, measurement := range triple.Measurements.Values { - refValID, err := measurement.Key.GetPSARefValID() - if err != nil { - return false, err - } - if measurement.Val.Digests == nil { return false, errors.New("no digests in reference value measurement") } @@ -240,7 +236,18 @@ func matchClaimsToReferenceValues( } encoded := base64.StdEncoding.EncodeToString((*measurement.Val.Digests)[0].HashValue) - referenceValues[encoded] = [2]string{*refValID.Label, *refValID.Version} + // Extract label (mtype) and version from measurement value + label := "" + if measurement.Val.Name != nil { + label = *measurement.Val.Name + } + + version := "" + if measurement.Val.Ver != nil { + version = measurement.Val.Ver.Version + } + + referenceValues[encoded] = [2]string{label, version} } } diff --git a/scheme/psa-iot/test/corim/corim-psa-bad-class.cbor b/scheme/psa-iot/test/corim/corim-psa-bad-class.cbor index 017cc750..f4431f83 100644 Binary files a/scheme/psa-iot/test/corim/corim-psa-bad-class.cbor and b/scheme/psa-iot/test/corim/corim-psa-bad-class.cbor differ diff --git a/scheme/psa-iot/test/corim/corim-psa-bad-instance.cbor b/scheme/psa-iot/test/corim/corim-psa-bad-instance.cbor index f883c9c8..4b78c3a0 100644 Binary files a/scheme/psa-iot/test/corim/corim-psa-bad-instance.cbor and b/scheme/psa-iot/test/corim/corim-psa-bad-instance.cbor differ diff --git a/scheme/psa-iot/test/corim/corim-psa-bad-refval-instance.cbor b/scheme/psa-iot/test/corim/corim-psa-bad-refval-instance.cbor index 62c5ff27..6c1f53ee 100644 Binary files a/scheme/psa-iot/test/corim/corim-psa-bad-refval-instance.cbor and b/scheme/psa-iot/test/corim/corim-psa-bad-refval-instance.cbor differ diff --git a/scheme/psa-iot/test/corim/corim-psa-bad-refval-mkey.cbor b/scheme/psa-iot/test/corim/corim-psa-bad-refval-mkey.cbor index 8d305109..92370152 100644 Binary files a/scheme/psa-iot/test/corim/corim-psa-bad-refval-mkey.cbor and b/scheme/psa-iot/test/corim/corim-psa-bad-refval-mkey.cbor differ diff --git a/scheme/psa-iot/test/corim/corim-psa-bad-refval-mval.cbor b/scheme/psa-iot/test/corim/corim-psa-bad-refval-mval.cbor index 71b45b82..d471b0a0 100644 Binary files a/scheme/psa-iot/test/corim/corim-psa-bad-refval-mval.cbor and b/scheme/psa-iot/test/corim/corim-psa-bad-refval-mval.cbor differ diff --git a/scheme/psa-iot/test/corim/corim-psa-bad-ta-cert.cbor b/scheme/psa-iot/test/corim/corim-psa-bad-ta-cert.cbor index 7a238750..f31a37cf 100644 Binary files a/scheme/psa-iot/test/corim/corim-psa-bad-ta-cert.cbor and b/scheme/psa-iot/test/corim/corim-psa-bad-ta-cert.cbor differ diff --git a/scheme/psa-iot/test/corim/corim-psa-bad-ta-no-instance.cbor b/scheme/psa-iot/test/corim/corim-psa-bad-ta-no-instance.cbor index 9f2cf10e..e9f64a5c 100644 Binary files a/scheme/psa-iot/test/corim/corim-psa-bad-ta-no-instance.cbor and b/scheme/psa-iot/test/corim/corim-psa-bad-ta-no-instance.cbor differ diff --git a/scheme/psa-iot/test/corim/corim-psa-valid.cbor b/scheme/psa-iot/test/corim/corim-psa-valid.cbor index 130da979..7d6b40c7 100644 Binary files a/scheme/psa-iot/test/corim/corim-psa-valid.cbor and b/scheme/psa-iot/test/corim/corim-psa-valid.cbor differ diff --git a/scheme/psa-iot/test/corim/src/comid-bad-instance.json b/scheme/psa-iot/test/corim/src/comid-bad-instance.json index 61f80ec4..0c38c5c2 100644 --- a/scheme/psa-iot/test/corim/src/comid-bad-instance.json +++ b/scheme/psa-iot/test/corim/src/comid-bad-instance.json @@ -10,7 +10,7 @@ "environment": { "class": { "id": { - "type": "psa.impl-id", + "type": "bytes", "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" } }, diff --git a/scheme/psa-iot/test/corim/src/comid-bad-refval-instance.json b/scheme/psa-iot/test/corim/src/comid-bad-refval-instance.json index c3404a3e..8f9e7ce2 100644 --- a/scheme/psa-iot/test/corim/src/comid-bad-refval-instance.json +++ b/scheme/psa-iot/test/corim/src/comid-bad-refval-instance.json @@ -10,29 +10,32 @@ "environment": { "class": { "id": { - "type": "psa.impl-id", + "type": "bytes", "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" } }, "instance": { "type": "ueid", - "value": "Ac7rrnuJJ6MiflMDz14PH3s0u1Qq1yUKwD+83jbsLxUI" + "value": "AUyj5PUL8kjDl4cCDWj/0FyIdndRvyZFypI/V6mL7NKW" } }, "measurements": [ { "key": { - "type": "psa.refval-id", - "value": { - "label": "ARoT", - "version": "0.1.4", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } + "type": "string", + "value": "psa.software-component" }, "value": { + "cryptokeys": [ + { + "type": "bytes", + "value": "01234567890123456789012345678901" + } + ], "digests": [ "sha-256:o6XnFfDMV0pzw/m+u2vCTzL/1bZ7OHJEwskJ2neaFHg=" - ] + ], + "name": "ARoT" } } ] diff --git a/scheme/psa-iot/test/corim/src/comid-bad-refval-mkey.json b/scheme/psa-iot/test/corim/src/comid-bad-refval-mkey.json index 85fb3e07..b61e3893 100644 --- a/scheme/psa-iot/test/corim/src/comid-bad-refval-mkey.json +++ b/scheme/psa-iot/test/corim/src/comid-bad-refval-mkey.json @@ -9,7 +9,7 @@ "environment": { "class": { "id": { - "type": "psa.impl-id", + "type": "bytes", "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" } } @@ -17,17 +17,20 @@ "measurements": [ { "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "2.1.0", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } + "type": "string", + "value": "psa.software-component" }, "value": { + "cryptokeys": [ + { + "type": "bytes", + "value": "01234567890123456789012345678901" + } + ], "digests": [ "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" - ] + ], + "name": "BL" } }, { diff --git a/scheme/psa-iot/test/corim/src/comid-bad-refval-mval.json b/scheme/psa-iot/test/corim/src/comid-bad-refval-mval.json index 09480ba6..0ecf5c79 100644 --- a/scheme/psa-iot/test/corim/src/comid-bad-refval-mval.json +++ b/scheme/psa-iot/test/corim/src/comid-bad-refval-mval.json @@ -9,7 +9,7 @@ "environment": { "class": { "id": { - "type": "psa.impl-id", + "type": "bytes", "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" } } @@ -17,17 +17,20 @@ "measurements": [ { "key": { - "type": "psa.refval-id", - "value": { - "label": "ARoT", - "version": "0.1.4", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } + "type": "string", + "value": "psa.software-component" }, "value": { + "cryptokeys": [ + { + "type": "bytes", + "value": "01234567890123456789012345678901" + } + ], + "name": "ARoT", "svn": { "type": "exact-value", - "value": 15208092991676743683 + "value": 15208092991676744000 } } } diff --git a/scheme/psa-iot/test/corim/src/comid-bad-ta-cert.json b/scheme/psa-iot/test/corim/src/comid-bad-ta-cert.json index 34c50d6a..60ed049e 100644 --- a/scheme/psa-iot/test/corim/src/comid-bad-ta-cert.json +++ b/scheme/psa-iot/test/corim/src/comid-bad-ta-cert.json @@ -9,7 +9,7 @@ "environment": { "class": { "id": { - "type": "psa.impl-id", + "type": "bytes", "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" } }, diff --git a/scheme/psa-iot/test/corim/src/comid-bad-ta-no-instance.json b/scheme/psa-iot/test/corim/src/comid-bad-ta-no-instance.json index 4b4416dd..392b9980 100644 --- a/scheme/psa-iot/test/corim/src/comid-bad-ta-no-instance.json +++ b/scheme/psa-iot/test/corim/src/comid-bad-ta-no-instance.json @@ -10,7 +10,7 @@ "environment": { "class": { "id": { - "type": "psa.impl-id", + "type": "bytes", "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" } } diff --git a/scheme/psa-iot/test/corim/src/comid-psa-refval.json b/scheme/psa-iot/test/corim/src/comid-psa-refval.json index a862211f..f92add4c 100644 --- a/scheme/psa-iot/test/corim/src/comid-psa-refval.json +++ b/scheme/psa-iot/test/corim/src/comid-psa-refval.json @@ -10,7 +10,7 @@ "environment": { "class": { "id": { - "type": "psa.impl-id", + "type": "bytes", "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" } } @@ -18,47 +18,56 @@ "measurements": [ { "key": { - "type": "psa.refval-id", - "value": { - "label": "BL", - "version": "2.1.0", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } + "type": "string", + "value": "psa.software-component" }, "value": { + "cryptokeys": [ + { + "type": "bytes", + "value": "01234567890123456789012345678901" + } + ], "digests": [ "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=" - ] + ], + "name": "BL" } }, { "key": { - "type": "psa.refval-id", - "value": { - "label": "PRoT", - "version": "1.3.5", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } + "type": "string", + "value": "psa.software-component" }, "value": { + "cryptokeys": [ + { + "type": "bytes", + "value": "01234567890123456789012345678901" + } + ], "digests": [ "sha-256:AmOCmYm2/ZVPcrqvL8ZLwuLwHWktTecphuqAj26ZgT8=" - ] + ], + "name": "PRoT" } }, { "key": { - "type": "psa.refval-id", - "value": { - "label": "ARoT", - "version": "0.1.4", - "signer-id": "rLsRx+TaIXIFUjzkzhokWuGiOa48a/2eeHH35di66Gs=" - } + "type": "string", + "value": "psa.software-component" }, "value": { + "cryptokeys": [ + { + "type": "bytes", + "value": "01234567890123456789012345678901" + } + ], "digests": [ "sha-256:o6XnFfDMV0pzw/m+u2vCTzL/1bZ7OHJEwskJ2neaFHg=" - ] + ], + "name": "ARoT" } } ] diff --git a/scheme/psa-iot/test/corim/src/comid-psa-ta.json b/scheme/psa-iot/test/corim/src/comid-psa-ta.json index 289ff488..e470e1ba 100644 --- a/scheme/psa-iot/test/corim/src/comid-psa-ta.json +++ b/scheme/psa-iot/test/corim/src/comid-psa-ta.json @@ -10,7 +10,7 @@ "environment": { "class": { "id": { - "type": "psa.impl-id", + "type": "bytes", "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" } }, @@ -30,11 +30,11 @@ "environment": { "class": { "id": { - "type": "psa.impl-id", + "type": "bytes", "value": "YWNtZS1pbXBsZW1lbnRhdGlvbi1pZC0wMDAwMDAwMDE=" }, - "vendor": "ACME", - "model": "RoadRunner" + "model": "RoadRunner", + "vendor": "ACME" }, "instance": { "type": "ueid", diff --git a/scheme/psa-iot/test/corim/src/corim-psa.json b/scheme/psa-iot/test/corim/src/corim-psa.json index 001f0e1e..f002dc13 100644 --- a/scheme/psa-iot/test/corim/src/corim-psa.json +++ b/scheme/psa-iot/test/corim/src/corim-psa.json @@ -1,4 +1,4 @@ { "corim-id": "00000000-0000-0000-065a-000000000000", - "profile": "http://arm.com/psa/iot/1" + "profile": "tag:arm.com,2025:psa#1.0.0" } diff --git a/scheme/psa-iot/test/corim/src/corims.yaml b/scheme/psa-iot/test/corim/src/corims.yaml index f88c9abf..0b14b28c 100644 --- a/scheme/psa-iot/test/corim/src/corims.yaml +++ b/scheme/psa-iot/test/corim/src/corims.yaml @@ -11,10 +11,10 @@ comids: - comid-bad-instance psa-bad-ta-no-instance: - comid-bad-ta-no-instance - psa-bad-refval-instance: - - comid-bad-refval-instance psa-bad-ta-cert: - comid-bad-ta-cert + psa-bad-refval-instance: + - comid-bad-refval-instance psa-bad-refval-mkey: - comid-bad-refval-mkey psa-bad-refval-mval: diff --git a/scheme/riot/corim_test.go b/scheme/riot/corim_test.go index c5274877..0bb0b8f8 100644 --- a/scheme/riot/corim_test.go +++ b/scheme/riot/corim_test.go @@ -17,7 +17,7 @@ func TestProfile(t *testing.T) { { Title: "bad ref. vals. present", Input: corimRiotBadRefvals, - Err: "found reference values", + Err: "cannot unmarshal byte string", }, { Title: "bad no vendor", diff --git a/scheme/tpm-enacttrust/corim_test.go b/scheme/tpm-enacttrust/corim_test.go index 1105d209..69b943f1 100644 --- a/scheme/tpm-enacttrust/corim_test.go +++ b/scheme/tpm-enacttrust/corim_test.go @@ -37,7 +37,7 @@ func TestProfile(t *testing.T) { { Title: "bad no instance", Input: corimEnacttrustBadNoInstance, - Err: "instance not set in environment", + Err: "cannot unmarshal byte string", }, { Title: "bad multiple measurements", diff --git a/scripts/generate-corims b/scripts/generate-corims index 396c3d9d..d766a3b9 100755 --- a/scripts/generate-corims +++ b/scripts/generate-corims @@ -1,6 +1,8 @@ #!/usr/bin/env python3 # Copyright 2026 Contributors to the Veraison project. # SPDX-License-Identifier: Apache-2.0 +from __future__ import annotations + import argparse import json import logging