treewide: allow omitting metadata

Allow omitting the location of metadata in the configs.
The CMC can only work as verifier in this case, not
as prover.

Signed-off-by: Simon Ott <[email protected]>

.gitignore

@@ -4,6 +4,7 @@
 
 cmcd/cmcd
 testtool/testtool
+testtool/ca.pem
 est/estserver/estserver
 **/nonce
 **/attestation-report

attestationreport/attestationreport.go

@@ -22,6 +22,7 @@ import (
 	"crypto/x509"
 	"encoding/hex"
 	"encoding/json"
+	"errors"
 	"fmt"
 
 	"github.com/Fraunhofer-AISEC/cmc/internal"
@@ -339,14 +340,19 @@ type ArPacked struct {
 // format or CBOR COSE tokens. Takes a list of measurers providing a method
 // for collecting  the measurements from a hardware or software interface
 func Generate(nonce []byte, metadata [][]byte, measurers []Driver, s Serializer) ([]byte, error) {
+
+	if s == nil {
+		return nil, errors.New("serializer not specified")
+	}
+
 	// Create attestation report object which will be filled with the attestation
 	// data or sent back incomplete in case errors occur
 	ar := ArPacked{
 		Type: "Attestation Report",
 	}
 
 	if len(nonce) > 32 {
-		return nil, fmt.Errorf("Generate Attestation Report: Nonce exceeds maximum length of 32 bytes")
+		return nil, fmt.Errorf("nonce exceeds maximum length of 32 bytes")
 	}
 	ar.Nonce = nonce
 

cmc/metadata.go

@@ -36,6 +36,12 @@ import (
 
 func GetMetadata(paths []string, cache string) ([][]byte, ar.Serializer, error) {
 
+	if paths == nil {
+		log.Trace("No metadata specified via config. Will only work as verifier")
+		var s ar.Serializer
+		return nil, s, nil
+	}
+
 	metadata := make([][]byte, 0)
 	fails := 0
 

cmcd/coap.go

@@ -118,6 +118,12 @@ func Attest(w mux.ResponseWriter, r *mux.Message) {
 		return
 	}
 
+	if Cmc.Metadata == nil {
+		sendCoapError(w, r, codes.InternalServerError,
+			"Metadata not specified. Can work only as verifier")
+		return
+	}
+
 	log.Debug("Prover: Generating Attestation Report with nonce: ", hex.EncodeToString(req.Nonce))
 
 	report, err := ar.Generate(req.Nonce, Cmc.Metadata, Cmc.Drivers, Cmc.Serializer)

cmcd/grpc.go

@@ -80,14 +80,22 @@ func (wrapper GrpcServerWrapper) Serve(addr string, cmc *cmc.Cmc) error {
 
 func (s *GrpcServer) Attest(ctx context.Context, in *api.AttestationRequest) (*api.AttestationResponse, error) {
 
-	log.Info("Prover: Generating Attestation Report with nonce: ", hex.EncodeToString(in.Nonce))
+	log.Debug("Prover: Received gRPC attestation request")
 
 	if len(s.cmc.Drivers) == 0 {
 		return &api.AttestationResponse{
 			Status: api.Status_FAIL,
 		}, errors.New("no valid signers configured")
 	}
 
+	if s.cmc.Metadata == nil {
+		return &api.AttestationResponse{
+			Status: api.Status_FAIL,
+		}, errors.New("metadata not specified. Can work only as verifier")
+	}
+
+	log.Info("Prover: Generating Attestation Report with nonce: ", hex.EncodeToString(in.Nonce))
+
 	report, err := ar.Generate(in.Nonce, s.cmc.Metadata, s.cmc.Drivers, s.cmc.Serializer)
 	if err != nil {
 		return &api.AttestationResponse{

cmcd/socket.go

@@ -100,13 +100,18 @@ func handleIncoming(conn net.Conn, cmc *cmc.Cmc) {
 
 func attest(conn net.Conn, payload []byte, cmc *cmc.Cmc) {
 
-	log.Debug("Prover: Received attestation request")
+	log.Debug("Prover: Received socket attestation request")
 
 	if len(cmc.Drivers) == 0 {
 		api.SendError(conn, "no valid signers configured")
 		return
 	}
 
+	if cmc.Metadata == nil {
+		api.SendError(conn, "Metadata not specified. Can work only as verifier")
+		return
+	}
+
 	req := new(api.AttestationRequest)
 	err := cbor.Unmarshal(payload, req)
 	if err != nil {

testtool/libapi.go

@@ -52,6 +52,10 @@ func (a LibApi) generate(c *config) {
 		a.cmc = cmc
 	}
 
+	if a.cmc.Metadata == nil {
+		log.Fatalf("Metadata not specified. Can work only as verifier")
+	}
+
 	// Generate random nonce
 	nonce := make([]byte, 8)
 	_, err := rand.Read(nonce)