Add more tests for QE Reference Values

Signed-off-by: Yogesh Deshpande <[email protected]>

comid/tdx-profile/example_qe_refval_test.go

@@ -4,11 +4,14 @@
 package tdx
 
 import (
+	_ "embed"
 	"fmt"
 
 	"github.com/veraison/corim/comid"
 	"github.com/veraison/corim/corim"
+	"github.com/veraison/corim/extensions"
 	"github.com/veraison/eat"
+	"github.com/veraison/swid"
 )
 
 // Example_decode_QE_JSON decodes the TDX Quoting Enclave Measurement Extensions from the given JSON Template
@@ -165,3 +168,135 @@ func decodeQEMValExtensions(m comid.Measurement) error {
 	}
 	return nil
 }
+
+func Example_encode_tdx_QE_refval_without_profile() {
+	refVal := &comid.ValueTriple{}
+	measurement := &comid.Measurement{}
+	refVal.Environment = comid.Environment{
+		Class: comid.NewClassOID(TestOID).
+			SetVendor("Intel Corporation").
+			SetModel("0123456789ABCDEF"), // From irim-qe-cend.diag, CPUID[0x01].EAX.FMSP & 0x0FFF0FF0
+	}
+
+	extMap := extensions.NewMap().
+		Add(comid.ExtReferenceValue, &MValExtensions{})
+
+	coMID := comid.NewComid().
+		SetTagIdentity("43BBE37F-2E61-4B33-AED3-53CFF1428B20", 0).
+		AddEntity("INTEL", &TestRegID, comid.RoleCreator, comid.RoleTagCreator, comid.RoleMaintainer)
+
+	refVal.Measurements.Add(measurement)
+	coMID.Triples.AddReferenceValue(*refVal)
+	if err := coMID.RegisterExtensions(extMap); err != nil {
+		panic(err)
+	}
+
+	if err := setTDXQEMvalExtensions(&coMID.Triples.ReferenceValues.Values[0].Measurements.Values[0].Val); err != nil {
+		panic(err)
+	}
+	if err := coMID.Valid(); err != nil {
+		panic(err)
+	}
+
+	cbor, err := coMID.ToCBOR()
+	if err == nil {
+		fmt.Printf("%x\n", cbor)
+	} else {
+		fmt.Printf("To CBOR failed \n")
+	}
+
+	json, err := coMID.ToJSON()
+	if err == nil {
+		fmt.Printf("%s\n", string(json))
+	} else {
+		fmt.Printf("To JSON failed \n")
+	}
+
+	// Output:
+	// a301a1005043bbe37f2e614b33aed353cff1428b200281a30065494e54454c01d8207168747470733a2f2f696e74656c2e636f6d028301000204a1008182a100a300d86f4c6086480186f84d01020304050171496e74656c20436f72706f726174696f6e02703031323334353637383941424344454681a101a438480a385046c000fbff000038538282015820e45b72f5c0c0b572db4d8d3ab7e97f368ff74e62347a824decb67a84e5224d7582075830e45b72f5c0c0b572db4d8d3ab7e97f368ff74e62347a824decb67a84e5224d75e45b72f5c0c0b572db4d8d3ab7e97f3638550b
+	// {"tag-identity":{"id":"43bbe37f-2e61-4b33-aed3-53cff1428b20"},"entities":[{"name":"INTEL","regid":"https://intel.com","roles":["creator","tagCreator","maintainer"]}],"triples":{"reference-values":[{"environment":{"class":{"id":{"type":"oid","value":"2.16.840.1.113741.1.2.3.4.5"},"vendor":"Intel Corporation","model":"0123456789ABCDEF"}},"measurements":[{"value":{"isvsvn":10,"miscselect":"wAD7/wAA","mrsigner":["sha-256;5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXU=","sha-384;5Fty9cDAtXLbTY06t+l/No/3TmI0eoJN7LZ6hOUiTXXkW3L1wMC1cttNjTq36X82"],"tcbevalnum":11}}]}]}}
+}
+
+func setTDXQEMvalExtensions(val *comid.Mval) error {
+	svn := teeSVN(10)
+	teeTcbEvNum := teeTcbEvalNum(11)
+	teeMiscSel := teeMiscSelect([]byte{0xC0, 0x00, 0xFB, 0xFF, 0x00, 0x00}) // Taken from irim-qe-ref.diag
+	// Taken below from irim-qe-ref.diag
+	r := 1
+	isvProdID := NewISVProdID(r)
+	err := val.Extensions.Extensions.Set("isvprodid", isvProdID)
+	if err != nil {
+		return fmt.Errorf("unable to set isvprodid %w", err)
+	}
+	err = val.Extensions.Extensions.Set("isvsvn", &svn)
+	if err != nil {
+		return fmt.Errorf("unable to set isvsvn %w", err)
+	}
+	err = val.Extensions.Extensions.Set("tcbevalnum", &teeTcbEvNum)
+	if err != nil {
+		return fmt.Errorf("unable to set tcbevalnum %w", err)
+	}
+	err = val.Extensions.Extensions.Set("miscselect", &teeMiscSel)
+	if err != nil {
+		return fmt.Errorf("unable to set miscselect %w", err)
+	}
+
+	d := comid.NewDigests()
+	d.AddDigest(swid.Sha256, comid.MustHexDecode(nil, "e45b72f5c0c0b572db4d8d3ab7e97f368ff74e62347a824decb67a84e5224d75"))
+	d.AddDigest(swid.Sha384, comid.MustHexDecode(nil, "e45b72f5c0c0b572db4d8d3ab7e97f368ff74e62347a824decb67a84e5224d75e45b72f5c0c0b572db4d8d3ab7e97f36"))
+
+	err = val.Extensions.Set("mrsigner", d)
+	if err != nil {
+		return fmt.Errorf("unable to set mrsigner %w", err)
+	}
+	return nil
+}
+
+var (
+	// test cases are based on diag files here:
+	// https://github.com/ietf-rats-wg/draft-ietf-rats-corim/tree/main/cddl/examples
+
+	//go:embed testcases/comid_qe_refval.cbor
+	testComid2 []byte
+)
+
+func Example_decode_QE_CBOR() {
+	profileID, err := eat.NewProfile("http://intel.com/tdx-profile")
+	if err != nil {
+		panic(err) // will not error, as the hard-coded string above is valid
+	}
+	profile, found := corim.GetProfile(profileID)
+	if !found {
+		fmt.Printf("CoRIM Profile NOT FOUND")
+		return
+	}
+
+	coMID := profile.GetComid()
+
+	if err := coMID.FromCBOR(testComid2); err != nil {
+		panic(err)
+	}
+	if err := coMID.Valid(); err != nil {
+		panic(err)
+	}
+
+	if err := extractQERefVals(coMID); err != nil {
+		panic(err)
+	}
+
+	// output:
+	// OID: 2.16.840.1.113741.1.2.3.4.1
+	// Vendor: Intel Corporation
+	// Model: SGX QE TCB
+	// miscselect: a0b0c0d000000000
+	// tcbEvalNum: 11
+	// IsvProdID: 1
+	// Digest Alg: 1
+	// Digest Value: a314fc2dc663ae7a6b6bc6787594057396e6b3f569cd50fd5ddb4d1bbafd2b6a
+	// Digest Alg: 8
+	// Digest Value: a314fc2dc663ae7a6b6bc6787594057396e6b3f569cd50fd5ddb4d1bbafd2b6aa314fc2dc663ae7a6b6bc6787594057396e6b3f569cd50fd5ddb4d1bbafd2b6a
+	// CryptoKey Type: pkix-base64-key
+	// CryptoKey Value: -----BEGIN PUBLIC KEY-----
+	// MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==
+	// -----END PUBLIC KEY-----
+}

comid/tdx-profile/isvproid.go

@@ -83,21 +83,19 @@ func (o IsvProdID) GetBytesIsvProdID() ([]byte, error) {
 	}
 }
 func (o IsvProdID) IsBytesIsvProdID() bool {
-	switch t := o.Value.(type) {
+	switch o.Value.(type) {
 	case []byte:
 		return true
 	default:
-		fmt.Printf("ISVProdID type is: %T\n", t)
 		return false
 	}
 }
 
 func (o IsvProdID) IsUintIsvProdID() bool {
-	switch t := o.Value.(type) {
+	switch o.Value.(type) {
 	case uint64, uint:
 		return true
 	default:
-		fmt.Printf("ISVProdID type is: %T\n", t)
 		return false
 	}
 }

comid/tdx-profile/testcases/src/comid_qe_refval.diag

@@ -0,0 +1,44 @@
+/ concise-mid-tag / {
+  / comid.tag-identity / 1 : {
+    / comid.tag-id / 0 : "Sample SGX QE reference tag"
+  },
+  / comid.entity / 2 : [ {
+    / comid.entity-name / 0 : "INTEL",
+    / comid.reg-id / 1 : 32("https://intel.com"),
+    / comid.role / 2 : [ 0 ] / tag-creator /
+  } ],
+  / comid.triples / 4 : {
+    / comid.reference-triples / 0 : [ [
+      / environment-map / {
+        / comid.class / 0 : {
+          / comid.class-id / 0 :
+            / tagged-oid-type / 111(
+              h'6086480186F84D0102030401' / 2.16.840.1.113741.1.2.3.4.1 - <OID-for-SGX-QE-TCB>/
+            ),
+          / comid.vendor / 1 : "Intel Corporation",
+          / comid.model / 2 : "SGX QE TCB"
+        }
+      },
+      [
+        / measurement-map / {
+          / comid.mval / 1 : {
+              / comid.miscselect / -81 :h'A0B0C0D000000000',
+              / comid.isvprodid / -85 : 1,
+              / comid.mrsigner / -84 : [ 
+                [
+                / alg-id / 1, / sha256 /
+                / digest / h'A314FC2DC663AE7A6B6BC6787594057396E6B3F569CD50FD5DDB4D1BBAFD2B6A'
+                ],
+                [
+                / alg-id / 8, / sha384 /
+                / digest / h'a314fc2dc663ae7a6b6bc6787594057396e6b3f569cd50fd5ddb4d1bbafd2b6aa314fc2dc663ae7a6b6bc6787594057396e6b3f569cd50fd5ddb4d1bbafd2b6a'
+                ]
+              ],
+              /comid.tcbevalnum / -86 : 11
+          },
+          / authorized-by / 2: 554("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----")
+        }
+      ]
+    ] ]
+  }
+}

comid/tdx-profile/types.go

@@ -32,4 +32,4 @@ type teeInstanceID uint
 
 type teeCryptoKey comid.CryptoKey
 
-type teeAdvisoryID setType
+type teeAdvisoryID []string