Skip to content

Commit

Permalink
treewide: refactoring
Browse files Browse the repository at this point in the history
renamed variables.

Signed-off-by: Simon Ott <[email protected]>
  • Loading branch information
smo4201 committed Aug 7, 2024
1 parent 127c156 commit abdada1
Show file tree
Hide file tree
Showing 9 changed files with 46 additions and 61 deletions.
29 changes: 13 additions & 16 deletions attestationreport/attestationreport.go
Original file line number Diff line number Diff line change
Expand Up @@ -82,17 +82,14 @@ type Validity struct {
NotAfter string `json:"notAfter" cbor:"1,keyasint"`
}

// DetailedMeasurement represents the digests of a measurement, e.g., of a single PCR.
//
// If the type is 'PCR Summary', Summary is the final PCR value.
//
// If the type is 'PCR Eventlog', Events contains a list of the extends that lead to the final
// PCR value. The list is retrieved by the prover, e.g., from the TPM binary bios measurements
// list or the IMA runtime measurements list.
//
// If the type is 'SW Eventlog', Events contains a list of digests that have been recorded as
// SW measurements
type DetailedMeasurement struct {
// Artifact represents the digests of a measurement, e.g., of a single PCR.
// If the type is 'PCR Summary', Summary is the final PCR value.
// If the type is 'PCR Eventlog', Events contains a list of the extends that lead to the final
// PCR value. The list is retrieved by the prover, e.g., from the TPM binary bios measurements
// list or the IMA runtime measurements list.
// If the type is 'SW Eventlog', Events contains a list of digests that have been recorded as
// SW measurements
type Artifact struct {
Type string `json:"type" cbor:"0,keyasint"` // PCR Summary, PCR Eventlog, SW Eventlog
Pcr *int `json:"pcr,omitempty" cbor:"1,keyasint"`
Summary HexByte `json:"summary,omitempty" cbor:"2,keyasint,omitempty"` // Either summary
Expand All @@ -115,11 +112,11 @@ type CtrData struct {
// elements of type 'TPM Measurement', 'SNP Measurement', 'TDX Measurement',
// 'SGX Measurement', 'IAS Measurement' or 'SW Measurement'
type Measurement struct {
Type string `json:"type" cbor:"0,keyasint"`
Evidence []byte `json:"evidence,omitempty" cbor:"1,keyasint"`
Certs [][]byte `json:"certs,omitempty" cbor:"3,keyasint"`
Signature []byte `json:"signature,omitempty" cbor:"2,keyasint,omitempty"`
Details []DetailedMeasurement `json:"details,omitempty" cbor:"4,keyasint,omitempty"`
Type string `json:"type" cbor:"0,keyasint"`
Evidence []byte `json:"evidence,omitempty" cbor:"1,keyasint"`
Certs [][]byte `json:"certs,omitempty" cbor:"3,keyasint"`
Signature []byte `json:"signature,omitempty" cbor:"2,keyasint,omitempty"`
Artifacts []Artifact `json:"details,omitempty" cbor:"4,keyasint,omitempty"`
}

type SnpPolicy struct {
Expand Down
2 changes: 1 addition & 1 deletion attestationreport/json.go
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ func (s JsonSerializer) Unmarshal(data []byte, v any) error {
// Sign signs data with the specified driver 'signer' (to enale hardware-based signatures)
func (s JsonSerializer) Sign(data []byte, signer Driver) ([]byte, error) {

log.Trace("Signing data length %v", len(data))
log.Tracef("Signing data length %v", len(data))

// This allows the signer to ensure mutual access for signing, if required
signer.Lock()
Expand Down
10 changes: 5 additions & 5 deletions swdriver/swdriver.go
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,7 @@ func (s *Sw) Measure(nonce []byte) (ar.Measurement, error) {
return ar.Measurement{}, fmt.Errorf("failed to unmarshal measurement list: %w", err)
}

dm := ar.DetailedMeasurement{
dm := ar.Artifact{
Type: "SW Eventlog",
}

Expand All @@ -164,10 +164,10 @@ func (s *Sw) Measure(nonce []byte) (ar.Measurement, error) {
}

m := ar.Measurement{
Type: "SW Measurement",
Evidence: evidence,
Details: []ar.DetailedMeasurement{dm},
Certs: internal.WriteCertsDer(s.certChain),
Type: "SW Measurement",
Evidence: evidence,
Artifacts: []ar.Artifact{dm},
Certs: internal.WriteCertsDer(s.certChain),
}

log.Warnf("EVI: %v", base64.StdEncoding.EncodeToString(evidence))
Expand Down
8 changes: 4 additions & 4 deletions tpmdriver/tpmdriver.go
Original file line number Diff line number Diff line change
Expand Up @@ -225,7 +225,7 @@ func (t *Tpm) Measure(nonce []byte) (ar.Measurement, error) {
log.Tracef("Collected %v binary bios measurements", len(biosMeasurements))
}

hashChain := make([]ar.DetailedMeasurement, len(t.Pcrs))
hashChain := make([]ar.Artifact, len(t.Pcrs))
for i, num := range t.Pcrs {

events := make([]ar.MeasureEvent, 0)
Expand All @@ -248,7 +248,7 @@ func (t *Tpm) Measure(nonce []byte) (ar.Measurement, error) {
}
}

pcrMeasurement := ar.DetailedMeasurement{}
pcrMeasurement := ar.Artifact{}
pcrMeasurement.Pcr = new(int)
*pcrMeasurement.Pcr = num

Expand Down Expand Up @@ -337,10 +337,10 @@ func (t *Tpm) Measure(nonce []byte) (ar.Measurement, error) {
Evidence: quote.Quote,
Signature: quote.Signature,
Certs: internal.WriteCertsDer(t.MeasuringCerts),
Details: hashChain,
Artifacts: hashChain,
}

for _, elem := range tm.Details {
for _, elem := range tm.Artifacts {
if elem.Type == "PCR Summary" {
log.Tracef("PCR%v: %v", *elem.Pcr, hex.EncodeToString(elem.Summary))
} else if elem.Type == "PCR Eventlog" {
Expand Down
2 changes: 1 addition & 1 deletion verify/iat_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,7 @@ func Test_verifyIasMeasurements(t *testing.T) {

for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
_, got := verifyIasMeasurements(*tt.args.IasM, tt.args.nonce, tt.args.referenceValues, []*x509.Certificate{tt.args.ca})
_, got := verifyIasMeasurements(*tt.args.IasM, tt.args.nonce, []*x509.Certificate{tt.args.ca}, tt.args.referenceValues)
if got != tt.want {
t.Errorf("verifyIasMeasurements() error = %v, wantErr %v", got, tt.want)
return
Expand Down
4 changes: 2 additions & 2 deletions verify/sw.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ func verifySwMeasurements(swMeasurement ar.Measurement, nonce []byte, cas []*x50
// Check that reference values are reflected by mandatory measurements
for _, v := range refVals {
found := false
for _, swm := range swMeasurement.Details {
for _, swm := range swMeasurement.Artifacts {
for _, event := range swm.Events {
if bytes.Equal(event.Sha256, v.Sha256) {
found = true
Expand All @@ -84,7 +84,7 @@ func verifySwMeasurements(swMeasurement ar.Measurement, nonce []byte, cas []*x50
}

// Check that every measurement is reflected by a reference value
for _, swm := range swMeasurement.Details {
for _, swm := range swMeasurement.Artifacts {
for _, event := range swm.Events {
found := false
for _, ref := range refVals {
Expand Down
10 changes: 5 additions & 5 deletions verify/tpm.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,13 +73,13 @@ func verifyTpmMeasurements(tpmM ar.Measurement, nonce []byte, cas []*x509.Certif

// together then compare
sum := make([]byte, 0)
for i := range tpmM.Details {
if tpmM.Details[i].Pcr == nil {
for i := range tpmM.Artifacts {
if tpmM.Artifacts[i].Pcr == nil {
log.Tracef("PCR not specified")
result.Summary.SetErr(ar.PcrNotSpecified)
return result, false
}
pcr := *tpmM.Details[i].Pcr
pcr := *tpmM.Artifacts[i].Pcr
_, ok := calculatedPcrs[pcr]
if !ok {
continue
Expand Down Expand Up @@ -145,7 +145,7 @@ func recalculatePcrs(measurement ar.Measurement, referenceValues []ar.ReferenceV
calculatedPcrs := make(map[int][]byte)

// Iterate over the provided measurement
for _, measuredPcr := range measurement.Details {
for _, measuredPcr := range measurement.Artifacts {

pcrResult := ar.DigestResult{
Pcr: measuredPcr.Pcr,
Expand Down Expand Up @@ -310,7 +310,7 @@ func recalculatePcrs(measurement ar.Measurement, referenceValues []ar.ReferenceV

// Check if measurement contains the reference value PCR
foundPcr := false
for _, measuredPcr := range measurement.Details {
for _, measuredPcr := range measurement.Artifacts {

if measuredPcr.Pcr == nil {
log.Trace("PCR not specified")
Expand Down
28 changes: 14 additions & 14 deletions verify/tpm_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ func Test_verifyTpmMeasurements(t *testing.T) {
Evidence: validQuote,
Signature: validSignature,
Certs: validTpmCertChain,
Details: validSummaryHashChain,
Artifacts: validSummaryHashChain,
},
nonce: validTpmNonce,
referenceValues: validReferenceValues,
Expand All @@ -66,7 +66,7 @@ func Test_verifyTpmMeasurements(t *testing.T) {
Evidence: validQuote,
Signature: validSignature,
Certs: validTpmCertChain,
Details: validHashChain,
Artifacts: validHashChain,
},
nonce: validTpmNonce,
referenceValues: validReferenceValues,
Expand All @@ -83,7 +83,7 @@ func Test_verifyTpmMeasurements(t *testing.T) {
Evidence: validQuote,
Signature: validSignature,
Certs: validTpmCertChain,
Details: validSummaryHashChain,
Artifacts: validSummaryHashChain,
},
nonce: invalidTpmNonce,
referenceValues: validReferenceValues,
Expand All @@ -100,7 +100,7 @@ func Test_verifyTpmMeasurements(t *testing.T) {
Evidence: validQuote,
Signature: invalidSignature,
Certs: validTpmCertChain,
Details: validSummaryHashChain,
Artifacts: validSummaryHashChain,
},
nonce: validTpmNonce,
referenceValues: validReferenceValues,
Expand All @@ -117,7 +117,7 @@ func Test_verifyTpmMeasurements(t *testing.T) {
Evidence: validQuote,
Signature: validSignature,
Certs: validTpmCertChain,
Details: invalidSummaryHashChain,
Artifacts: invalidSummaryHashChain,
},
nonce: validTpmNonce,
referenceValues: validReferenceValues,
Expand All @@ -134,7 +134,7 @@ func Test_verifyTpmMeasurements(t *testing.T) {
Evidence: validQuote,
Signature: validSignature,
Certs: validTpmCertChain,
Details: invalidHashChain,
Artifacts: invalidHashChain,
},
nonce: validTpmNonce,
referenceValues: validReferenceValues,
Expand All @@ -151,7 +151,7 @@ func Test_verifyTpmMeasurements(t *testing.T) {
Evidence: validQuote,
Signature: invalidSignature,
Certs: validTpmCertChain,
Details: validSummaryHashChain,
Artifacts: validSummaryHashChain,
},
nonce: validTpmNonce,
referenceValues: invalidReferenceValues,
Expand All @@ -168,7 +168,7 @@ func Test_verifyTpmMeasurements(t *testing.T) {
Evidence: validQuote,
Signature: validSignature,
Certs: validTpmCertChain,
Details: validSummaryHashChain,
Artifacts: validSummaryHashChain,
},
nonce: validTpmNonce,
referenceValues: validReferenceValues,
Expand All @@ -185,7 +185,7 @@ func Test_verifyTpmMeasurements(t *testing.T) {
Evidence: validQuote,
Signature: validSignature,
Certs: invalidTpmCertChain,
Details: validSummaryHashChain,
Artifacts: validSummaryHashChain,
},
nonce: validTpmNonce,
referenceValues: validReferenceValues,
Expand All @@ -200,7 +200,7 @@ func Test_verifyTpmMeasurements(t *testing.T) {

for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, got1 := verifyTpmMeasurements(*tt.args.tpmM, tt.args.nonce, tt.args.referenceValues, tt.args.cas)
got, got1 := verifyTpmMeasurements(*tt.args.tpmM, tt.args.nonce, tt.args.cas, tt.args.referenceValues)
if got1 != tt.want1 {
t.Errorf("verifyTpmMeasurements() --GOT1-- = %v, --WANT1-- %v", got1, tt.want1)
}
Expand Down Expand Up @@ -249,7 +249,7 @@ var (

invalidSignature, _ = hex.DecodeString("0014000b0100740e077a77ff6ac21754d036f751f5f8ec5ec59448aab05bb5fd2b5d81df58bde3550d855ecf16cd25e36b5688122cfaac1a86ab94954b81d49a1b7fc7648ad26b8b808ce846fe7fd49355d2461d049904e97aa687749d55510f09b7c8610b95b6d557ebdaa25a19bfa1663f236419a1a8d974dd05b14de7f28fbce0a54c3ac428a9cf7f0752cc290580ff8d63e33050c0f53582ae24fe4d30792da71d5ef93581e3371147ed4732a0c0c0461489b1b64b1f28dd5153dbc674f04a21e279833433eabec1642cd386fdca6e52b583b2c914ebcd3c7a334214dc5e7c02880b033e321cb261ed6044785e70599d269511f83a20ee45034f0803d623763d461ce763")

validSummaryHashChain = []ar.DetailedMeasurement{
validSummaryHashChain = []ar.Artifact{
{
Type: "PCR Summary",
Pcr: ptr(1),
Expand All @@ -262,7 +262,7 @@ var (
},
}

invalidSummaryHashChain = []ar.DetailedMeasurement{
invalidSummaryHashChain = []ar.Artifact{
{
Type: "PCR Summary",
Pcr: ptr(1),
Expand All @@ -275,7 +275,7 @@ var (
},
}

validHashChain = []ar.DetailedMeasurement{
validHashChain = []ar.Artifact{
{
Type: "PCR Eventlog",
Pcr: ptr(1),
Expand Down Expand Up @@ -304,7 +304,7 @@ var (
},
}

invalidHashChain = []ar.DetailedMeasurement{
invalidHashChain = []ar.Artifact{
{
Type: "PCR Eventlog",
Pcr: ptr(1),
Expand Down
14 changes: 1 addition & 13 deletions verify/verify_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -313,17 +313,6 @@ func TestVerify(t *testing.T) {
},
want: ar.VerificationResult{Success: true},
},
{
name: "Nonce mismatch",
args: args{
serializer: ar.JsonSerializer{},
rtmManifest: validRtmManifest,
osManifest: validOsManifest,
deviceDescription: validDeviceDescription,
nonce: []byte{},
},
want: ar.VerificationResult{Success: false},
},
{
// expected aggregated CertificationLevel in Manifests for
// empty measurement is max. 1 (here CertificationLevel = 3)
Expand Down Expand Up @@ -412,8 +401,7 @@ func TestVerify(t *testing.T) {
log.Trace("Generating a Sample Report")

ar := ar.AttestationReport{
Type: "Attestation Report",
Nonce: tt.args.nonce,
Type: "Attestation Report",
}

// Preparation: create signed manifests and deviceDescription
Expand Down

0 comments on commit abdada1

Please sign in to comment.