Add isvprod-id as a typechoice

Signed-off-by: Yogesh Deshpande <[email protected]>
veraison · Jan 21, 2025 · d0b1d5b · d0b1d5b
1 parent 5671628
commit d0b1d5b
Show file tree

Hide file tree

Showing 5 changed files with 228 additions and 12 deletions.
diff --git a/comid/tdx-profile/cbor.go b/comid/tdx-profile/cbor.go
@@ -0,0 +1,32 @@
+package tdx
+
+import cbor "github.com/fxamacker/cbor/v2"
+
+var (
+	em, emError = initCBOREncMode()
+	dm, dmError = initCBORDecMode()
+)
+
+func initCBOREncMode() (en cbor.EncMode, err error) {
+	encOpt := cbor.EncOptions{
+		IndefLength: cbor.IndefLengthForbidden,
+		TimeTag:     cbor.EncTagRequired,
+	}
+	return encOpt.EncMode()
+}
+
+func initCBORDecMode() (dm cbor.DecMode, err error) {
+	decOpt := cbor.DecOptions{
+		IndefLength: cbor.IndefLengthForbidden,
+	}
+	return decOpt.DecMode()
+}
+
+func init() {
+	if emError != nil {
+		panic(emError)
+	}
+	if dmError != nil {
+		panic(dmError)
+	}
+}
diff --git a/comid/tdx-profile/example_seam_refval_test.go b/comid/tdx-profile/example_seam_refval_test.go
@@ -103,7 +103,7 @@ func Example_encode_tdx_seam_refval_without_profile() {
 
 	// Output:
 	// a301a1005043bbe37f2e614b33aed353cff1428b200281a30065494e54454c01d8207168747470733a2f2f696e74656c2e636f6d028301000204a1008182a100a300d86f4c6086480186f84d01020304050171496e74656c20436f72706f726174696f6e02675444585345414d81a101a638476331323338480a385142010138538282015820e45b72f5c0c0b572db4d8d3ab7e97f368ff74e62347a824decb67a84e5224d7582075830e45b72f5c0c0b572db4d8d3ab7e97f368ff74e62347a824decb67a84e5224d75e45b72f5c0c0b572db4d8d3ab7e97f36385442010138550b
-	// {"tag-identity":{"id":"43bbe37f-2e61-4b33-aed3-53cff1428b20"},"entities":[{"name":"INTEL","regid":"https://intel.com","roles":["creator","tagCreator","maintainer"]}],"triples":{"reference-values":[{"environment":{"class":{"id":{"type":"oid","value":"2.16.840.1.113741.1.2.3.4.5"},"vendor":"Intel Corporation","model":"TDXSEAM"}},"measurements":[{"value":{"tcbdate":"123","isvsvn":10,"attributes":"AQE=","mrsigner":["sha-256;5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXU=","sha-384;5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXXkW3L1wMC1cttNjTq36X82"],"isvprodid":"AQE=","tcbevalnum":11}}]}]}}
+	// {"tag-identity":{"id":"43bbe37f-2e61-4b33-aed3-53cff1428b20"},"entities":[{"name":"INTEL","regid":"https://intel.com","roles":["creator","tagCreator","maintainer"]}],"triples":{"reference-values":[{"environment":{"class":{"id":{"type":"oid","value":"2.16.840.1.113741.1.2.3.4.5"},"vendor":"Intel Corporation","model":"TDXSEAM"}},"measurements":[{"value":{"tcbdate":"123","isvsvn":10,"attributes":"AQE=","mrsigner":["sha-256;5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXU=","sha-384;5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXXkW3L1wMC1cttNjTq36X82"],"isvprodid":{"type":"bytes","value":"AQE="},"tcbevalnum":11}}]}]}}
 }
 
 func Example_encode_tdx_seam_refval_with_profile() {
@@ -161,7 +161,7 @@ func Example_encode_tdx_seam_refval_with_profile() {
 
 	// Output:
 	// a301a1005043bbe37f2e614b33aed353cff1428b200281a30065494e54454c01d8207168747470733a2f2f696e74656c2e636f6d028301000204a1008182a100a300d86f4c6086480186f84d01020304050171496e74656c20436f72706f726174696f6e02675444585345414d81a101a638476331323338480a385142010138538282015820e45b72f5c0c0b572db4d8d3ab7e97f368ff74e62347a824decb67a84e5224d7582075830e45b72f5c0c0b572db4d8d3ab7e97f368ff74e62347a824decb67a84e5224d75e45b72f5c0c0b572db4d8d3ab7e97f36385442010138550b
-	// {"tag-identity":{"id":"43bbe37f-2e61-4b33-aed3-53cff1428b20"},"entities":[{"name":"INTEL","regid":"https://intel.com","roles":["creator","tagCreator","maintainer"]}],"triples":{"reference-values":[{"environment":{"class":{"id":{"type":"oid","value":"2.16.840.1.113741.1.2.3.4.5"},"vendor":"Intel Corporation","model":"TDXSEAM"}},"measurements":[{"value":{"tcbdate":"123","isvsvn":10,"attributes":"AQE=","mrsigner":["sha-256;5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXU=","sha-384;5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXXkW3L1wMC1cttNjTq36X82"],"isvprodid":"AQE=","tcbevalnum":11}}]}]}}
+	// {"tag-identity":{"id":"43bbe37f-2e61-4b33-aed3-53cff1428b20"},"entities":[{"name":"INTEL","regid":"https://intel.com","roles":["creator","tagCreator","maintainer"]}],"triples":{"reference-values":[{"environment":{"class":{"id":{"type":"oid","value":"2.16.840.1.113741.1.2.3.4.5"},"vendor":"Intel Corporation","model":"TDXSEAM"}},"measurements":[{"value":{"tcbdate":"123","isvsvn":10,"attributes":"AQE=","mrsigner":["sha-256;5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXU=","sha-384;5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXXkW3L1wMC1cttNjTq36X82"],"isvprodid":{"type":"bytes","value":"AQE="},"tcbevalnum":11}}]}]}}
 }
 
 func Example_encode_tdx_seam_refval_direct() {
@@ -210,12 +210,12 @@ func Example_encode_tdx_seam_refval_direct() {
 
 	// Output:
 	//a301a1005043bbe37f2e614b33aed353cff1428b200281a30065494e54454c01d8207168747470733a2f2f696e74656c2e636f6d028301000204a1008182a100a300d86f4c6086480186f84d01020304050171496e74656c20436f72706f726174696f6e02675444585345414d81a101a638476331323338480a385142010138538282015820e45b72f5c0c0b572db4d8d3ab7e97f368ff74e62347a824decb67a84e5224d7582075830e45b72f5c0c0b572db4d8d3ab7e97f368ff74e62347a824decb67a84e5224d75e45b72f5c0c0b572db4d8d3ab7e97f36385442010138550b
-	// {"tag-identity":{"id":"43bbe37f-2e61-4b33-aed3-53cff1428b20"},"entities":[{"name":"INTEL","regid":"https://intel.com","roles":["creator","tagCreator","maintainer"]}],"triples":{"reference-values":[{"environment":{"class":{"id":{"type":"oid","value":"2.16.840.1.113741.1.2.3.4.5"},"vendor":"Intel Corporation","model":"TDXSEAM"}},"measurements":[{"value":{"tcbdate":"123","isvsvn":10,"attributes":"AQE=","mrsigner":["sha-256;5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXU=","sha-384;5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXXkW3L1wMC1cttNjTq36X82"],"isvprodid":"AQE=","tcbevalnum":11}}]}]}}
+	// {"tag-identity":{"id":"43bbe37f-2e61-4b33-aed3-53cff1428b20"},"entities":[{"name":"INTEL","regid":"https://intel.com","roles":["creator","tagCreator","maintainer"]}],"triples":{"reference-values":[{"environment":{"class":{"id":{"type":"oid","value":"2.16.840.1.113741.1.2.3.4.5"},"vendor":"Intel Corporation","model":"TDXSEAM"}},"measurements":[{"value":{"tcbdate":"123","isvsvn":10,"attributes":"AQE=","mrsigner":["sha-256;5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXU=","sha-384;5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXXkW3L1wMC1cttNjTq36X82"],"isvprodid":{"type":"bytes","value":"AQE="},"tcbevalnum":11}}]}]}}
 }
 
 func setTDXSeamMvalExtensions(val *comid.Mval) error {
 	tcbDate := tdate("123")
-	isvProdID := teeIsvProdID([]byte{0x01, 0x01})
+
 	svn := teeSVN(10)
 	teeTcbEvNum := teeTcbEvalNum(11)
 	teeAttr := teeAttributes([]byte{0x01, 0x01})
@@ -224,7 +224,9 @@ func setTDXSeamMvalExtensions(val *comid.Mval) error {
 	if err != nil {
 		return fmt.Errorf("unable to set tcbDate %w", err)
 	}
-	err = val.Extensions.Extensions.Set("isvprodid", &isvProdID)
+	r := []byte{0x01, 0x01}
+	isvProdID := NewISVProdID(r)
+	err = val.Extensions.Extensions.Set("isvprodid", isvProdID)
 	if err != nil {
 		return fmt.Errorf("unable to set isvprodid %w", err)
 	}
@@ -268,12 +270,23 @@ func decodeMValExtensions(m comid.Measurement) error {
 	if err != nil {
 		return fmt.Errorf("failed to decode isvprodid from measurement extensions")
 	}
-	tS, ok := val.(*teeIsvProdID)
+	tS, ok := val.(*TeeIsvProdID)
 	if !ok {
-		fmt.Printf("val was not pointer to teeIsvProdID")
+		fmt.Printf("val was not pointer to TeeIsvProdID")
+	}
+	if (*tS).IsBytesIsvProdID() {
+		b, err := tS.GetBytesIsvProdID()
+		if err != nil {
+			return fmt.Errorf("failed to decode isvprodid: %w", err)
+		}
+		fmt.Printf("\nIsvProdID: %x", b)
+	} else if (*tS).IsUintIsvProdID() {
+		b, err := tS.GetUintIsvProdID()
+		if err != nil {
+			return fmt.Errorf("failed to decode isvprodid: %w", err)
+		}
+		fmt.Printf("\nIsvProdID: %d", b)
 	}
-
-	fmt.Printf("\nIsvProdID: %x", *tS)
 
 	val, err = m.Val.Extensions.Get("isvsvn")
 	if err != nil {

diff --git a/comid/tdx-profile/isvproid.go b/comid/tdx-profile/isvproid.go
@@ -0,0 +1,165 @@
+package tdx
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"github.com/fxamacker/cbor/v2"
+	"github.com/veraison/corim/encoding"
+)
+
+// TeeIsvProdID stores an ISV Product Identifier. The supported formats are uint and variable-length bytes.
+type TeeIsvProdID struct {
+	Value interface{}
+}
+
+func NewISVProdID(val interface{}) *TeeIsvProdID {
+	switch t := val.(type) {
+	case uint, uint64:
+		return &TeeIsvProdID{Value: t}
+	case []byte:
+		return &TeeIsvProdID{Value: t}
+	default:
+		return nil
+	}
+}
+
+func (o *TeeIsvProdID) SetISVProdID(val interface{}) error {
+	switch t := val.(type) {
+	case uint, uint64:
+		o.Value = val
+	case []byte:
+		o.Value = val
+	case int:
+		if t < 0 {
+			return fmt.Errorf("unsupported negative ISVProdID: %d", t)
+		}
+		o.Value = val
+	default:
+		return fmt.Errorf("unsupported ISVProdID type: %T", t)
+	}
+	return nil
+}
+
+func (o TeeIsvProdID) Valid() error {
+	if o.Value == nil {
+		return fmt.Errorf("empty IsvProdID")
+	}
+	switch t := o.Value.(type) {
+	case uint, uint64:
+		return nil
+	case []byte:
+		if len(t) == 0 {
+			return fmt.Errorf("empty IsvProdID")
+		}
+	case int:
+		if t < 0 {
+			return fmt.Errorf("unsupported negative ISVProdID: %d", t)
+		}
+	}
+	return nil
+}
+
+func (o TeeIsvProdID) GetUintIsvProdID() (uint, error) {
+	switch t := o.Value.(type) {
+	case uint64:
+		return uint(t), nil
+	case uint:
+		return t, nil
+	default:
+		return 0, fmt.Errorf("ISVProdID type is: %T", t)
+	}
+}
+
+func (o TeeIsvProdID) GetBytesIsvProdID() ([]byte, error) {
+	switch t := o.Value.(type) {
+	case []byte:
+		if len(t) == 0 {
+			return nil, fmt.Errorf("ISVProdID type is of zero length")
+		}
+		return t, nil
+	default:
+		return nil, fmt.Errorf("ISVProdID type is: %T", t)
+	}
+}
+func (o TeeIsvProdID) IsBytesIsvProdID() bool {
+	switch t := o.Value.(type) {
+	case []byte:
+		return true
+	default:
+		fmt.Printf("ISVProdID type is: %T\n", t)
+		return false
+	}
+}
+
+func (o TeeIsvProdID) IsUintIsvProdID() bool {
+	switch t := o.Value.(type) {
+	case uint64, uint:
+		return true
+	default:
+		fmt.Printf("ISVProdID type is: %T\n", t)
+		return false
+	}
+}
+
+func (o TeeIsvProdID) MarshalJSON() ([]byte, error) {
+
+	if o.Valid() != nil {
+		return nil, fmt.Errorf("invalid ISVProdID")
+	}
+	var (
+		v   encoding.TypeAndValue
+		b   []byte
+		err error
+	)
+	switch t := o.Value.(type) {
+	case uint, uint64, int:
+		b, err = json.Marshal(t)
+		if err != nil {
+			return nil, err
+		}
+		v = encoding.TypeAndValue{Type: "uint", Value: b}
+	case []byte:
+		b, err = json.Marshal(t)
+		if err != nil {
+			return nil, err
+		}
+		v = encoding.TypeAndValue{Type: "bytes", Value: b}
+	default:
+		return nil, fmt.Errorf("unknown type %T for ISVProdID", t)
+	}
+	return json.Marshal(v)
+}
+
+func (o *TeeIsvProdID) UnmarshalJSON(data []byte) error {
+	var v encoding.TypeAndValue
+
+	if err := json.Unmarshal(data, &v); err != nil {
+		return err
+	}
+
+	switch v.Type {
+	case "uint":
+		var x uint
+		if err := json.Unmarshal(v.Value, &x); err != nil {
+			return fmt.Errorf(
+				"cannot unmarshal TeeIsvProdID of type uint: %w", err)
+		}
+		o.Value = x
+	case "bytes":
+		var x []byte
+		if err := json.Unmarshal(v.Value, &x); err != nil {
+			return fmt.Errorf(
+				"cannot unmarshal TeeIsvProdID of type bytes: %w", err)
+		}
+		o.Value = x
+	}
+	return nil
+}
+func (o TeeIsvProdID) MarshalCBOR() ([]byte, error) {
+	return cbor.Marshal(o.Value)
+}
+
+func (o *TeeIsvProdID) UnmarshalCBOR(data []byte) error {
+	return cbor.Unmarshal(data, &o.Value)
+}
diff --git a/comid/tdx-profile/mval_extensions.go b/comid/tdx-profile/mval_extensions.go
@@ -20,7 +20,7 @@ type MValExtensions struct {
 	MiscSelect  *teeMiscSelect `cbor:"-81,keyasint,omitempty" json:"miscselect,omitempty"`
 	Attributes  *teeAttributes `cbor:"-82,keyasint,omitempty" json:"attributes,omitempty"`
 	MrSigner    *teeDigest     `cbor:"-84,keyasint,omitempty" json:"mrsigner,omitempty"`
-	IsvProdID   *teeIsvProdID  `cbor:"-85,keyasint,omitempty" json:"isvprodid,omitempty"`
+	IsvProdID   *TeeIsvProdID  `cbor:"-85,keyasint,omitempty" json:"isvprodid,omitempty"`
 	TcbEvalNum  *teeTcbEvalNum `cbor:"-86,keyasint,omitempty" json:"tcbevalnum,omitempty"`
 	TcbStatus   *teeTcbStatus  `cbor:"-88,keyasint,omitempty" json:"tcbstatus,omitempty"`
 	AdvisoryIDs *teeAdvisoryID `cbor:"-89,keyasint,omitempty" json:"advisoryids,omitempty"`

diff --git a/comid/tdx-profile/test_vars.go b/comid/tdx-profile/test_vars.go
@@ -91,7 +91,10 @@ var (
                 "sha-256:h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=",
                 "sha-512:oxT8LcZjrnpra8Z4dZQFc5bms/VpzVD9XdtNG7r9K2qjFPwtxmOuemtrxnh1lAVzluaz9WnNUP1d200buv0rag=="
               ],
-              "isvprodid": "AwM="
+            "isvprodid": {
+              "type": "bytes",
+              "value": "AwM="
+              }
             },
             "authorized-by": {
               "type": "pkix-base64-key",
@@ -137,7 +140,10 @@ var (
         "measurements": [
           {
             "value": {
-              "isvprodid": "AwM=",
+              "isvprodid": {
+              "type": "bytes",
+              "value": "AwM="
+              },
               "isvsvn": 10,
               "attributes": "8AoL",
               "tcbevalnum": 11,