Realm Reference Values

Signed-off-by: Yogesh Deshpande <yogesh.deshpande@arm.com>

Author: yogeshbdeshpande

cocli/data/comid/templates/comid-cca-realm-refval.json

@@ -0,0 +1,60 @@
+{
+    "lang": "en-GB",
+    "tag-identity": {
+        "id": "43BBE37F-2E61-4B33-AED3-53CFF1428B16",
+        "version": 0
+    },
+    "entities": [
+        {
+            "name": "Workload Client Ltd.",
+            "regid": "https://workloadclient.example",
+            "roles": [
+                "tagCreator",
+                "creator",
+                "maintainer"
+            ]
+        }
+    ],
+    "triples": {
+        "reference-values": [
+            {
+                "environment": {
+                    "class": {
+                        "id": {
+                            "type": "uuid",
+                            "value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C"
+                        },
+                        "vendor": "Workload Client Ltd"
+                    },
+                    "instance": {
+                        "type": "bytes",
+                        "value": "5Fty9cDAtXI="
+                    }
+                },
+                "measurements": [
+                    {
+                        "value": {
+                            "integrity-registers": {
+                                "rim": {
+                                    "key_type": "text",
+                                    "Value": [
+                                        "sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1"
+                                    ]
+                                },
+                                "rem": {
+                                    "key_type": "text",
+                                    "Value": [
+                                        "sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4",
+                                        "sha-384;JQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4",
+                                        "sha-384;MQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4",
+                                        "sha-384;NQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                ]
+            }
+        ]
+    }
+}

cocli/data/corim/templates/corim-cca-realm.json

@@ -0,0 +1,25 @@
+{
+    "corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc",
+    "dependent-rims": [
+        {
+            "href": "https://parent.example/rims/ccb3aa85-61b4-40f1-848e-02ad6e8a254b",
+            "thumbprint": "sha-256:5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXU="
+        }
+    ],
+    "profiles": [
+        "http://arm.com/cca/realm/1"
+    ],
+    "validity": {
+        "not-before": "2021-12-31T00:00:00Z",
+        "not-after": "2025-12-31T00:00:00Z"
+    },
+    "entities": [
+        {
+            "name": "ACME Ltd.",
+            "regid": "acme.example",
+            "roles": [
+                "manifestCreator"
+            ]
+        }
+    ]
+}

comid/example_cca_realm_refval_test.go

@@ -0,0 +1,194 @@
+// Copyright 2024 Contributors to the Veraison project.
+// SPDX-License-Identifier: Apache-2.0
+
+package comid
+
+import (
+	"fmt"
+	"strings"
+)
+
+func Example_cca_realm_refval() {
+	comid := Comid{}
+
+	if err := comid.FromJSON([]byte(CCARealmRefValJSONTemplate)); err != nil {
+		panic(err)
+	}
+
+	if err := comid.Valid(); err != nil {
+		panic(err)
+	}
+
+	if err := extractRealmRefVals(&comid); err != nil {
+		panic(err)
+	}
+	// output:
+	// ClassID: cd1f0e5526f9460db9d8f7fde171787c
+	// Vendor: Workload Client Ltd
+	// InstanceID: e45b72f5c0c0b572
+	// Index: rim
+	// Alg: sha-384
+	// Digest: 4284b5694ca6c0d2cf4789a0b95ac8025c818de52304364be7cd2981b2d2edc685b322277ec25819962413d8c9b2c1f5
+	// Index: rem
+	// Alg: sha-384
+	// Digest: 2107bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a78
+	// Alg: sha-384
+	// Digest: 2507bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a78
+	// Alg: sha-384
+	// Digest: 3107bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a78
+	// Alg: sha-384
+	// Digest: 3507bbe761fca52d95136a1354db7a4dd57b1b26be0d3da71d9eb23986b34ba615abf6514cf35e5a9ea55a032d068a78
+
+}
+
+func extractRealmRefVals(c *Comid) error {
+	if c.Triples.ReferenceValues == nil {
+		return fmt.Errorf("no reference values triples")
+	}
+
+	for i, rv := range *c.Triples.ReferenceValues {
+		if err := extractRealmRefVal(rv); err != nil {
+			return fmt.Errorf("bad Realm reference value at index %d: %w", i, err)
+		}
+	}
+
+	return nil
+}
+
+func extractRealmRefVal(rv ReferenceValue) error {
+	class := rv.Environment.Class
+	instance := rv.Environment.Instance
+
+	if err := extractRealmClass(class); err != nil {
+		return fmt.Errorf("extracting uuid: %w", err)
+	}
+
+	if err := extractRealmInstanceID(instance); err != nil {
+		return fmt.Errorf("extracting realm instanceID: %w", err)
+	}
+
+	measurements := rv.Measurements
+
+	if err := extractMeasurements(measurements); err != nil {
+		return fmt.Errorf("extracting measurements: %w", err)
+	}
+
+	return nil
+}
+
+func extractMeasurements(m Measurements) error {
+	if len(m) == 0 {
+		return fmt.Errorf("no measurements")
+	}
+
+	for i, m := range m {
+		if err := extractMeasurement(m); err != nil {
+			return fmt.Errorf("extracting measurement at index %d: %w", i, err)
+		}
+	}
+
+	return nil
+}
+
+func extractMeasurement(m Measurement) error {
+	if err := extractIntegrityRegisters(m.Val.IntegrityRegisters); err != nil {
+		return fmt.Errorf("extracting digest: %w", err)
+	}
+
+	return nil
+}
+
+func extractRealmClass(c *Class) error {
+	if c == nil {
+		return fmt.Errorf("no class")
+	}
+
+	classID := c.ClassID
+
+	if classID == nil {
+		return fmt.Errorf("no class-id")
+	}
+
+	if classID.Type() != "uuid" {
+		return fmt.Errorf("class id is not a uuid")
+	}
+
+	fmt.Printf("ClassID: %x\n", classID.Bytes())
+
+	if c.Vendor != nil {
+		fmt.Printf("Vendor: %s\n", c.GetVendor())
+	}
+	return nil
+}
+
+func extractRealmInstanceID(i *Instance) error {
+	if i == nil {
+		return fmt.Errorf("no instance")
+	}
+
+	if i.Type() != "bytes" {
+		return fmt.Errorf("instance id is not bytes")
+	}
+
+	fmt.Printf("InstanceID: %x\n", i.Bytes())
+
+	return nil
+}
+
+func extractIntegrityRegisters(r *IntegrityRegisters) error {
+	if r == nil {
+		return fmt.Errorf("no integrity registers")
+	}
+
+	keys, err := extractRegisterIndex(r)
+	if err != nil {
+		return fmt.Errorf("unable to extract register index: %v", err)
+	}
+
+	for _, k := range keys {
+		d, ok := r.m[k]
+		if !ok {
+			return fmt.Errorf("unable to locate register index for: %s", k)
+		}
+		fmt.Printf("Index: %s\n", k)
+		if err := extractRealmDigests(d); err != nil {
+			return fmt.Errorf("invalid Digests for key: %s, %v", k, err)
+		}
+	}
+
+	return nil
+}
+
+func extractRealmDigests(digests Digests) error {
+
+	if err := digests.Valid(); err != nil {
+		return fmt.Errorf("invalid digest: %v", err)
+	}
+	for _, d := range digests {
+		fmt.Printf("Alg: %s\n", d.AlgIDToString())
+		fmt.Printf("Digest: %x\n", d.HashValue)
+	}
+
+	return nil
+}
+
+func extractRegisterIndex(r *IntegrityRegisters) ([]string, error) {
+	var keys [2]string
+	for k := range r.m {
+		switch t := k.(type) {
+		case string:
+			key := strings.ToLower(t)
+			switch key {
+			case "rim":
+				keys[0] = key
+			case "rem":
+				keys[1] = key
+			default:
+				return nil, fmt.Errorf("unexpected register index: %s", key)
+			}
+		default:
+			return nil, fmt.Errorf("unexpected type for index: %T", t)
+		}
+	}
+	return keys[:], nil
+}

comid/measurement.go

@@ -355,7 +355,8 @@ func (o Mval) Valid() error {
 		o.IPAddr == nil &&
 		o.SerialNumber == nil &&
 		o.UEID == nil &&
-		o.UUID == nil {
+		o.UUID == nil &&
+		o.IntegrityRegisters == nil {
 		return fmt.Errorf("no measurement value set")
 	}
 

comid/test_vars.go

@@ -439,4 +439,64 @@ var (
 	}
 }
 `
+	CCARealmRefValJSONTemplate = `{
+	"lang": "en-GB",
+	"tag-identity": {
+	"id": "99019224-57AA-44BC-BEF8-D36BDD6BD035",
+	"version": 0
+},
+"entities": [
+	{
+		"name": "Workload Client Ltd.",
+		"regid": "https://workloadclient.example",
+		"roles": [
+			"tagCreator",
+			"creator",
+			"maintainer"
+		]
+	}
+],
+"triples": {
+	"reference-values": [
+		{
+			"environment": {
+				"class": {
+					"id": {
+						"type": "uuid",
+						"value": "CD1F0E55-26F9-460D-B9D8-F7FDE171787C"
+					},
+					"vendor": "Workload Client Ltd"
+				},
+				"instance": {
+					"type": "bytes",
+					"value": "5Fty9cDAtXI="
+				}
+			},
+			"measurements": [
+				{
+					"value": {
+						"integrity-registers": {
+							"rim": {
+								"key_type": "text",
+								"Value": [
+									"sha-384;QoS1aUymwNLPR4mguVrIAlyBjeUjBDZL580pgbLS7caFsyInfsJYGZYkE9jJssH1"
+								]
+							},
+							"rem": {
+								"key_type": "text",
+								"Value": [
+									"sha-384;IQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4",
+									"sha-384;JQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4",
+									"sha-384;MQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4",
+									"sha-384;NQe752H8pS2VE2oTVNt6TdV7Gya+DT2nHZ6yOYazS6YVq/ZRTPNeWp6lWgMtBop4"
+								]
+							}
+						}
+					}
+				}
+			]
+		}
+	]
+}
+}`
 )