Add PCE test case

Signed-off-by: Yogesh Deshpande <[email protected]>
veraison · Jan 16, 2025 · 60fc059 · 60fc059
1 parent e74d471
commit 60fc059
Show file tree

Hide file tree

Showing 4 changed files with 155 additions and 6 deletions.
diff --git a/comid/tdx-profile/example_pce_refval_test.go b/comid/tdx-profile/example_pce_refval_test.go
@@ -3,7 +3,13 @@
 
 package tdx
 
-import "github.com/veraison/corim/comid"
+import (
+	"fmt"
+
+	"github.com/veraison/corim/comid"
+	"github.com/veraison/corim/corim"
+	"github.com/veraison/eat"
+)
 
 func Example_tdx_pce_refval() {
 	comid := comid.Comid{}
@@ -17,3 +23,145 @@ func Example_tdx_pce_refval() {
 	}
 
 }
+
+// Example_decode_PCE_JSON decodes the TDX Provisioning Certification Enclave Measurement Extensions from the given JSON Template
+func Example_decode_PCE_JSON() {
+	profileID, err := eat.NewProfile("http://intel.com/tdx-profile")
+	if err != nil {
+		panic(err) // will not error, as the hard-coded string above is valid
+	}
+	profile, found := corim.GetProfile(profileID)
+	if !found {
+		fmt.Printf("CoRIM Profile NOT FOUND")
+		return
+	}
+
+	coMID := profile.GetComid()
+	if err := coMID.FromJSON([]byte(TDXPCERefValTemplate)); err != nil {
+		panic(err)
+	}
+
+	if err := coMID.Valid(); err != nil {
+		panic(err)
+	}
+
+	if err := extractPCERefVals(coMID); err != nil {
+		panic(err)
+	}
+
+	//output
+	// OID: 2.16.840.1.113741.1.2.3.4.1
+	// Vendor: Intel Corporation
+	// Model: TDX QE TCB
+	// miscselect: c0000000fbff0000
+	// tcbEvalNum: 11
+	// IsvProdID: 0303
+	// CryptoKey Type: pkix-base64-key
+	// CryptoKey Value: -----BEGIN PUBLIC KEY-----
+	// MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==
+	// -----END PUBLIC KEY-----
+}
+
+func extractPCERefVals(c *comid.Comid) error {
+	if c.Triples.ReferenceValues == nil {
+		return fmt.Errorf("no reference values triples")
+	}
+
+	for i, rv := range c.Triples.ReferenceValues.Values {
+		if err := extractPCERefVal(rv); err != nil {
+			return fmt.Errorf("bad PSA reference value at index %d: %w", i, err)
+		}
+	}
+
+	return nil
+}
+
+func extractPCERefVal(rv comid.ValueTriple) error {
+	class := rv.Environment.Class
+
+	if err := extractClassElements(class); err != nil {
+		return fmt.Errorf("extracting class: %w", err)
+	}
+
+	measurements := rv.Measurements
+	if err := extractPCEMeasurements(measurements); err != nil {
+		return fmt.Errorf("extracting measurements: %w", err)
+	}
+
+	return nil
+}
+
+func extractPCEMeasurements(m comid.Measurements) error {
+	if len(m.Values) == 0 {
+		return fmt.Errorf("no measurements")
+	}
+	for i, m := range m.Values {
+		if err := decodePCEMValExtensions(m); err != nil {
+			return fmt.Errorf("extracting measurement at index %d: %w", i, err)
+		}
+
+		if m.AuthorizedBy != nil {
+			err := decodeAuthorisedBy(m)
+			if err != nil {
+				return fmt.Errorf("extracting measurement at index %d: %w", i, err)
+			}
+		}
+	}
+	return nil
+}
+
+func decodePCEMValExtensions(m comid.Measurement) error {
+	val, err := m.Val.Extensions.Get("instanceid")
+	if err != nil {
+		return fmt.Errorf("failed to decode instanceid from measurement extensions")
+	}
+	i, ok := val.(*teeInstanceID)
+	if !ok {
+		fmt.Printf("val was not pointer to teeInstanceID")
+	}
+	instanceID := *i
+	fmt.Printf("\ninstanceid: %d", instanceID)
+
+	val, err = m.Val.Extensions.Get("tcbcompsvn")
+	if err != nil {
+		return fmt.Errorf("failed to decode tcbcompsvn from measurement extensions")
+	}
+
+	tD, ok := val.(*teeTcbCompSvn)
+	if !ok {
+		fmt.Printf("val was not pointer to tcbcompsvn")
+	}
+
+	val, err = m.Val.Extensions.Get("pceid")
+	if err != nil {
+		return fmt.Errorf("failed to decode tcbevalnum from measurement extensions")
+	}
+	t, ok := val.(*pceID)
+	if !ok {
+		fmt.Printf("val was not pointer to teeTcbEvalNum")
+	}
+	pceID := *t
+	fmt.Printf("\npceID: %s", pceID)
+
+	err = extractSVN(tD)
+	if err != nil {
+		return fmt.Errorf("unable to extract TEE Digest: %w", err)
+	}
+	return nil
+}
+
+func extractSVN(s *teeTcbCompSvn) error {
+	if s == nil {
+		return fmt.Errorf("no TEE TCB Comp SVN")
+	}
+
+	if len(*s) > 16 {
+		return fmt.Errorf("computed SVN cannot be greater than 16")
+	}
+
+	for i, svn := range *s {
+		fmt.Printf("\n SVN[%d]: %d", i, svn)
+	}
+
+	return nil
+}
diff --git a/comid/tdx-profile/example_qe_refval_test.go b/comid/tdx-profile/example_qe_refval_test.go
@@ -11,7 +11,7 @@ import (
 	"github.com/veraison/eat"
 )
 
-// Example_decode_JSON decodes the TDX Measurement Extensions from the given JSON Template
+// Example_decode_QE_JSON decodes the TDX Quoting Enclave Measurement Extensions from the given JSON Template
 func Example_decode_QE_JSON() {
 	profileID, err := eat.NewProfile("http://intel.com/tdx-profile")
 	if err != nil {

diff --git a/comid/tdx-profile/mval_extensions.go b/comid/tdx-profile/mval_extensions.go
@@ -15,6 +15,7 @@ type MvalExtensions struct {
 	// a string field extension
 	TcbDate     *tdate         `cbor:"-72,keyasint,omitempty" json:"tcbdate,omitempty"`
 	IsvSVN      *teeSVN        `cbor:"-73,keyasint,omitempty" json:"isvsvn,omitempty"`
+	InstanceID  *teeInstanceID `cbor:"-77,keyasint,omitempty" json:"instanceid,omitempty"`
 	PCEID       *pceID         `cbor:"-80,keyasint,omitempty" json:"pceid,omitempty"`
 	MiscSelect  *teeMiscSelect `cbor:"-81,keyasint,omitempty" json:"miscselect,omitempty"`
 	Attributes  *teeAttributes `cbor:"-82,keyasint,omitempty" json:"attributes,omitempty"`
@@ -26,7 +27,7 @@ type MvalExtensions struct {
 	Epoch       *epochSeconds  `cbor:"-90, keyasint,omitempty" json:"epoch,omitempty"`
 
 	TeeCryptoKeys *[]teeCryptoKey `cbor:"-91, keyasint,omitempty" json:"teecryptokeys,omitempty"`
-	TeeTCBCompSvn *teeTcbCompSvn  `cbor:"-125, keyasint,omitempty" json:"teetcbcompsvn,omitempty"`
+	TCBCompSvn    *teeTcbCompSvn  `cbor:"-125, keyasint,omitempty" json:"tcbcompsvn,omitempty"`
 }
 
 // Registering the profile inside init() in the same file where it is defined

diff --git a/comid/tdx-profile/test_vars.go b/comid/tdx-profile/test_vars.go
@@ -28,7 +28,7 @@ var (
           "class": {
             "id": {
               "type": "oid",
-              "value": "2.16.840.1.113741.1.2.3.4.4"
+              "value": "2.16.840.1.113741.1.2.3.4.6"
             },
             "vendor": "Intel Corporation",
             "model": "0123456789ABCDEF"
@@ -37,8 +37,8 @@ var (
         "measurements": [
           {
             "value": {
-              "attributes": "AwM=",
-              "tcbevalnum": 5,
+              "instanceid": 0,
+              "tcbcompsvn": [10, 10, 2, 2, 2, 1, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0],
               "pceid": "0000"
             },
             "authorized-by": {