diff --git a/.github/workflows/ci-go-cover.yml b/.github/workflows/ci-go-cover.yml index e12f837..f904665 100644 --- a/.github/workflows/ci-go-cover.yml +++ b/.github/workflows/ci-go-cover.yml @@ -26,7 +26,7 @@ jobs: steps: - uses: actions/setup-go@v3 with: - go-version: "1.19" + go-version: "1.22" - name: Checkout code uses: actions/checkout@v2 - name: Install mockgen diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bd032bd..4607b5f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,7 +14,7 @@ jobs: steps: - uses: actions/setup-go@v3 with: - go-version: "1.19" + go-version: "1.22" - name: Checkout code uses: actions/checkout@v2 with: diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml index e15bbad..1fd4d20 100644 --- a/.github/workflows/linters.yml +++ b/.github/workflows/linters.yml @@ -10,7 +10,7 @@ jobs: steps: - uses: actions/setup-go@v3 with: - go-version: "1.19" + go-version: "1.22" - name: Checkout code uses: actions/checkout@v2 - name: Install golangci-lint diff --git a/README-CCA.md b/README-CCA.md index efe3d5e..758c002 100644 --- a/README-CCA.md +++ b/README-CCA.md @@ -64,7 +64,7 @@ In such case, the claim set is printed to stdout in JSON format: ```json { "cca-platform-token": { - "cca-platform-profile": "http://arm.com/CCA-SSD/1.0.0", + "cca-platform-profile": "tag:arm.com,2023:cca_platform#1.0.0", "cca-platform-challenge": "Bea1iETGoM0ZOCBpuv2w5JRmKjrc+P3hFHjpM5Ua8XkP9d5ceOPbESPaCiB6i2ZVbgoi8Z7mS9wviZU7azJVXw==", "cca-platform-implementation-id": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", "cca-platform-instance-id": "AQICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC", @@ -127,7 +127,7 @@ The claim set is printed to stdout in JSON format: ```json { "cca-platform-token": { - "cca-platform-profile": "http://arm.com/CCA-SSD/1.0.0", + "cca-platform-profile": "tag:arm.com,2023:cca_platform#1.0.0", "cca-platform-challenge": "Bea1iETGoM0ZOCBpuv2w5JRmKjrc+P3hFHjpM5Ua8XkP9d5ceOPbESPaCiB6i2ZVbgoi8Z7mS9wviZU7azJVXw==", "cca-platform-implementation-id": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", "cca-platform-instance-id": "AQICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC", diff --git a/cmd/cca/README.md b/cmd/cca/README.md index b59633d..beb6be9 100644 --- a/cmd/cca/README.md +++ b/cmd/cca/README.md @@ -15,7 +15,7 @@ ```json { - "cca-platform-profile": "http://arm.com/CCA-SSD/1.0.0", + "cca-platform-profile": "tag:arm.com,2023:cca_platform#1.0.0", "cca-platform-challenge": "AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQE=", "cca-platform-implementation-id": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", "cca-platform-instance-id": "AQICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC", diff --git a/cmd/cca/common.go b/cmd/cca/common.go index b23c850..2ae92b6 100644 --- a/cmd/cca/common.go +++ b/cmd/cca/common.go @@ -9,7 +9,8 @@ import ( "github.com/spf13/afero" "github.com/veraison/ccatoken" - "github.com/veraison/psatoken" + "github.com/veraison/ccatoken/platform" + "github.com/veraison/ccatoken/realm" ) func loadCCAClaimsFromFile(fs afero.Fs, fn string, validate bool) (*ccatoken.Evidence, error) { @@ -18,21 +19,14 @@ func loadCCAClaimsFromFile(fs afero.Fs, fn string, validate bool) (*ccatoken.Evi return nil, err } - var e ccatoken.Evidence if validate { - if err := e.UnmarshalJSON(buf); err != nil { - return nil, err - } - } else { - if err := e.UnmarshalUnvalidatedJSON(buf); err != nil { - return nil, err - } + return ccatoken.DecodeAndValidateEvidenceFromJSON(buf) } - return &e, nil + return ccatoken.DecodeEvidenceFromJSON(buf) } -func loadUnValidatedCCAClaimsFromFile(fs afero.Fs, fn string) (psatoken.IClaims, ccatoken.IClaims, error) { +func loadUnValidatedCCAClaimsFromFile(fs afero.Fs, fn string) (platform.IClaims, realm.IClaims, error) { var c ccatoken.JSONCollection buf, err := afero.ReadFile(fs, fn) @@ -45,18 +39,17 @@ func loadUnValidatedCCAClaimsFromFile(fs afero.Fs, fn string) (psatoken.IClaims, } // platform - p := &psatoken.CcaPlatformClaims{} - - if err := json.Unmarshal(c.PlatformToken, &p); err != nil { + p, err := platform.DecodeClaimsFromJSON(c.PlatformToken) + if err != nil { return nil, nil, fmt.Errorf("unmarshaling platform claims: %w", err) } // realm - r := &ccatoken.RealmClaims{} - - if err := json.Unmarshal(c.RealmToken, &r); err != nil { + r, err := realm.DecodeClaimsFromJSON(c.RealmToken) + if err != nil { return nil, nil, fmt.Errorf("unmarshaling realm claims: %w", err) } + return p, r, nil } @@ -66,11 +59,5 @@ func loadTokenFromFile(fs afero.Fs, fn string) (*ccatoken.Evidence, error) { return nil, err } - e := ccatoken.Evidence{} - - if err = e.FromCBOR(buf); err != nil { - return nil, err - } - - return &e, nil + return ccatoken.DecodeAndValidateEvidenceFromCBOR(buf) } diff --git a/cmd/cca/create.go b/cmd/cca/create.go index 6ca3d9b..70aa463 100644 --- a/cmd/cca/create.go +++ b/cmd/cca/create.go @@ -78,10 +78,10 @@ with iak.jwk and rak.jwk and save the result to my.cbor: var b []byte if validate { - b, err = evidence.Sign(pSigner, rSigner) + b, err = evidence.ValidateAndSign(pSigner, rSigner) } else { - b, err = evidence.SignUnvalidated(pSigner, rSigner) + b, err = evidence.Sign(pSigner, rSigner) } if err != nil { diff --git a/cmd/cca/create_test.go b/cmd/cca/create_test.go index 149d7cf..4c4ca7b 100644 --- a/cmd/cca/create_test.go +++ b/cmd/cca/create_test.go @@ -245,7 +245,7 @@ func Test_CreateCmd_claims_invalid(t *testing.T) { }, ) - expectedErr := `error loading CCA claims from claims.json: unmarshaling CCA claims: missing platform claims` + expectedErr := `error loading CCA claims from claims.json: claims not set in evidence` err = cmd.Execute() assert.EqualError(t, err, expectedErr) diff --git a/cmd/cca/test_common.go b/cmd/cca/test_common.go index 2bb1237..26e40f7 100644 --- a/cmd/cca/test_common.go +++ b/cmd/cca/test_common.go @@ -37,7 +37,7 @@ var ( testInvalidCCAClaims = []byte(`{}`) testValidCCAClaims = []byte(`{ "cca-platform-token": { - "cca-platform-profile": "http://arm.com/CCA-SSD/1.0.0", + "cca-platform-profile": "tag:arm.com,2023:cca_platform#1.0.0", "cca-platform-implementation-id": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", "cca-platform-instance-id": "AQICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC", "cca-platform-config": "AQID", @@ -62,13 +62,13 @@ var ( "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" ], "cca-realm-hash-algo-id": "sha-256", - "cca-realm-public-key": "BIL70TKptcOWh5+7FTQNkFCXjlXHnVJ5oroOlYVPN+IM0vZPO3K1cLvXc+7iznaEJe31Re2+if+v4OlrvUbicPIHlsRIuY2vRqdk0nRC5ubthPjOyBfm7ManHTo959Z+zQ==", - "cca-realm-public-key-hash-algo-id": "sha-512" + "cca-realm-public-key": "pAECIAIhWDB2+YgJG+WF7UGAGuz6uFhUjGMFfhaw5nYSC70NL5wp4FbF1BoBMOucIVF4mdwjFGsiWDAo4bBivT6ksxX9IZ8cu1KMtudMpJvhZ3NzT2GhymEDGyu/PZGPL5T/xCKOUJGVRK4=", + "cca-realm-public-key-hash-algo-id": "sha-256" } }`) testValidCCAClaimsNoNonce = []byte(`{ "cca-platform-token": { - "cca-platform-profile": "http://arm.com/CCA-SSD/1.0.0", + "cca-platform-profile": "tag:arm.com,2023:cca_platform#1.0.0", "cca-platform-implementation-id": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", "cca-platform-instance-id": "AQICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC", "cca-platform-config": "AQID", @@ -92,8 +92,8 @@ var ( "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" ], "cca-realm-hash-algo-id": "sha-256", - "cca-realm-public-key": "BIL70TKptcOWh5+7FTQNkFCXjlXHnVJ5oroOlYVPN+IM0vZPO3K1cLvXc+7iznaEJe31Re2+if+v4OlrvUbicPIHlsRIuY2vRqdk0nRC5ubthPjOyBfm7ManHTo959Z+zQ==", - "cca-realm-public-key-hash-algo-id": "sha-512" + "cca-realm-public-key": "pAECIAIhWDB2+YgJG+WF7UGAGuz6uFhUjGMFfhaw5nYSC70NL5wp4FbF1BoBMOucIVF4mdwjFGsiWDAo4bBivT6ksxX9IZ8cu1KMtudMpJvhZ3NzT2GhymEDGyu/PZGPL5T/xCKOUJGVRK4=", + "cca-realm-public-key-hash-algo-id": "sha-256" } }`) testSessionURI = "http://veraison.example/challenge-response/v1" diff --git a/cmd/cca/verify_as.go b/cmd/cca/verify_as.go index 173c325..e26131a 100644 --- a/cmd/cca/verify_as.go +++ b/cmd/cca/verify_as.go @@ -11,7 +11,7 @@ import ( var verifyValidArgs = []string{"attester", "relying-party"} -const CCATokenMediaType = `application/eat-collection; profile="http://arm.com/CCA-SSD/1.0.0"` +const CCATokenMediaType = `application/eat-collection; profile="tag:arm.com,2023:cca_platform#1.0.0"` var verifyAsCmd = &cobra.Command{ Use: "verify-as", diff --git a/cmd/cca/verify_as_attester.go b/cmd/cca/verify_as_attester.go index 8bc4ded..32c2657 100644 --- a/cmd/cca/verify_as_attester.go +++ b/cmd/cca/verify_as_attester.go @@ -14,14 +14,15 @@ import ( "github.com/spf13/viper" "github.com/veraison/apiclient/verification" "github.com/veraison/ccatoken" + "github.com/veraison/ccatoken/platform" + "github.com/veraison/ccatoken/realm" "github.com/veraison/evcli/v2/common" - "github.com/veraison/go-cose" - "github.com/veraison/psatoken" + cose "github.com/veraison/go-cose" ) type attesterEvidenceBuilder struct { - Pclaims psatoken.IClaims - Rclaims ccatoken.IClaims + Pclaims platform.IClaims + Rclaims realm.IClaims Psigner cose.Signer Rsigner cose.Signer } @@ -185,7 +186,7 @@ func (eb attesterEvidenceBuilder) BuildEvidence(nonce []byte, accept []string) ( return nil, "", fmt.Errorf("setting claims: %w", err) } - cwt, err := evidence.Sign(eb.Psigner, eb.Rsigner) + cwt, err := evidence.ValidateAndSign(eb.Psigner, eb.Rsigner) if err != nil { return nil, "", fmt.Errorf("signature failed: %w", err) } diff --git a/cmd/cca/verify_as_relyingparty.go b/cmd/cca/verify_as_relyingparty.go index 6db0996..3fb3cea 100644 --- a/cmd/cca/verify_as_relyingparty.go +++ b/cmd/cca/verify_as_relyingparty.go @@ -55,9 +55,8 @@ previous invocation to "evcli cca create" command. return err } - var e ccatoken.Evidence - - if err = e.FromCBOR(token); err != nil { + e, err := ccatoken.DecodeAndValidateEvidenceFromCBOR(token) + if err != nil { return fmt.Errorf("ingesting %s: %v", *relyingPartyTokenFile, err) } diff --git a/cmd/psa/common.go b/cmd/psa/common.go index 7f48d60..cdeaa78 100644 --- a/cmd/psa/common.go +++ b/cmd/psa/common.go @@ -4,9 +4,6 @@ package psa import ( - "encoding/json" - "fmt" - "github.com/spf13/afero" "github.com/veraison/psatoken" ) @@ -17,13 +14,7 @@ func loadTokenFromFile(fs afero.Fs, fn string) (*psatoken.Evidence, error) { return nil, err } - e := &psatoken.Evidence{} - err = e.FromCOSE(buf) - if err != nil { - return nil, err - } - - return e, nil + return psatoken.DecodeAndValidateEvidenceFromCOSE(buf) } func loadClaimsFromFile(fs afero.Fs, fn string, validate bool) (psatoken.IClaims, error) { @@ -36,35 +27,8 @@ func loadClaimsFromFile(fs afero.Fs, fn string, validate bool) (psatoken.IClaims } func claimsFromJSON(j []byte, validate bool) (psatoken.IClaims, error) { - var ( - err1, err2 error - p2 psatoken.P2Claims - p1 psatoken.P1Claims - ) - - err2 = json.Unmarshal(j, &p2) - if err2 == nil { - if validate { - err2 = p2.Validate() - if err2 == nil { - return &p2, nil - } - } else { - return &p2, nil - } - } - - err1 = json.Unmarshal(j, &p1) - if err1 == nil { - if validate { - err1 = p1.Validate() - if err1 == nil { - return &p1, nil - } - } else { - return &p1, nil - } + if validate { + return psatoken.DecodeAndValidateClaimsFromJSON(j) } - - return nil, fmt.Errorf("p1 error: (%v) and p2 error: (%v)", err1, err2) + return psatoken.DecodeClaimsFromJSON(j) } diff --git a/cmd/psa/create.go b/cmd/psa/create.go index 7e608f3..0087405 100644 --- a/cmd/psa/create.go +++ b/cmd/psa/create.go @@ -90,9 +90,9 @@ Note that the default profile is http://arm.com/psa/2.0.0. var cwt []byte if validate { - cwt, err = evidence.Sign(signer) + cwt, err = evidence.ValidateAndSign(signer) } else { - cwt, err = evidence.SignUnvalidated(signer) + cwt, err = evidence.Sign(signer) } if err != nil { return fmt.Errorf("signature failed: %w", err) @@ -124,7 +124,7 @@ Note that the default profile is http://arm.com/psa/2.0.0. ) createTokenProfile = cmd.Flags().StringP( - "profile", "p", psatoken.PsaProfile2, "name of the PSA profile to use", + "profile", "p", psatoken.Profile2Name, "name of the PSA profile to use", ) allowInvalidClaims = cmd.Flags().BoolP( @@ -142,13 +142,13 @@ func checkProfile(profile *string) error { } switch *profile { - case psatoken.PsaProfile1, psatoken.PsaProfile2: + case psatoken.Profile1Name, psatoken.Profile2Name: return nil } return fmt.Errorf( "wrong profile %s: allowed profiles are %s and %s", - *profile, psatoken.PsaProfile2, psatoken.PsaProfile1, + *profile, psatoken.Profile2Name, psatoken.Profile1Name, ) } diff --git a/cmd/psa/verify_as_attester.go b/cmd/psa/verify_as_attester.go index 8191110..d3f396d 100644 --- a/cmd/psa/verify_as_attester.go +++ b/cmd/psa/verify_as_attester.go @@ -14,7 +14,7 @@ import ( "github.com/spf13/viper" "github.com/veraison/apiclient/verification" "github.com/veraison/evcli/v2/common" - "github.com/veraison/go-cose" + cose "github.com/veraison/go-cose" "github.com/veraison/psatoken" ) @@ -195,7 +195,7 @@ func (eb attesterEvidenceBuilder) BuildEvidence(nonce []byte, accept []string) ( return nil, "", fmt.Errorf("setting claims: %w", err) } - cwt, err := evidence.Sign(eb.Signer) + cwt, err := evidence.ValidateAndSign(eb.Signer) if err != nil { return nil, "", fmt.Errorf("signature failed: %w", err) } diff --git a/cmd/psa/verify_as_attester_test.go b/cmd/psa/verify_as_attester_test.go index 7ff2737..b19a07e 100644 --- a/cmd/psa/verify_as_attester_test.go +++ b/cmd/psa/verify_as_attester_test.go @@ -76,8 +76,7 @@ func Test_AttesterCmd_claims_invalid(t *testing.T) { "--key=es256.jwk", }, ) - comErr := `(json: cannot unmarshal array into Go value of type psatoken.` - expectedErr := `p1 error: ` + comErr + `P1Claims)` + ` and p2 error: ` + comErr + `P2Claims)` + expectedErr := `json: cannot unmarshal array into Go value of type map[string]interface {}` err = cmd.Execute() assert.EqualError(t, err, expectedErr) diff --git a/cmd/psa/verify_as_relyingparty.go b/cmd/psa/verify_as_relyingparty.go index ff4bf08..982445d 100644 --- a/cmd/psa/verify_as_relyingparty.go +++ b/cmd/psa/verify_as_relyingparty.go @@ -55,9 +55,8 @@ previous invocation to "evcli psa create". return err } - var e psatoken.Evidence - - if err = e.FromCOSE(token); err != nil { + e, err := psatoken.DecodeAndValidateEvidenceFromCOSE(token) + if err != nil { return err } diff --git a/common/common.go b/common/common.go index 9c1f029..fe44ace 100644 --- a/common/common.go +++ b/common/common.go @@ -16,14 +16,13 @@ import ( "github.com/lestrrat-go/jwx/v2/jwk" "github.com/spf13/afero" - "github.com/veraison/go-cose" + cose "github.com/veraison/go-cose" ) var Fs = afero.NewOsFs() func getAlgAndKeyFromJWK(rawJWK []byte) (cose.Algorithm, crypto.Signer, error) { var ( - crv elliptic.Curve alg cose.Algorithm sKey crypto.Signer ) @@ -39,7 +38,7 @@ func getAlgAndKeyFromJWK(rawJWK []byte) (cose.Algorithm, crypto.Signer, error) { switch v := sKey.(type) { case *ecdsa.PrivateKey: - crv = v.Curve + crv := v.Curve if crv == elliptic.P256() { alg = cose.AlgorithmES256 break diff --git a/go.mod b/go.mod index 4800ad8..e35da0f 100644 --- a/go.mod +++ b/go.mod @@ -1,25 +1,26 @@ module github.com/veraison/evcli/v2 -go 1.19 +go 1.22 require ( github.com/golang/mock v1.6.0 github.com/lestrrat-go/jwx/v2 v2.0.21 github.com/spf13/afero v1.8.2 github.com/spf13/cobra v1.4.0 + github.com/spf13/pflag v1.0.5 github.com/spf13/viper v1.11.0 github.com/stretchr/testify v1.9.0 github.com/veraison/apiclient v0.3.1-0.20240827095125-ab8774ee8e6d - github.com/veraison/ccatoken v1.2.0 - github.com/veraison/go-cose v1.1.0 - github.com/veraison/psatoken v1.2.0 + github.com/veraison/ccatoken v1.3.1 + github.com/veraison/go-cose v1.3.0 + github.com/veraison/psatoken v1.2.1-0.20240719122628-26fe500fd5d4 ) require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect github.com/fsnotify/fsnotify v1.5.1 // indirect - github.com/fxamacker/cbor/v2 v2.4.0 // indirect + github.com/fxamacker/cbor/v2 v2.5.0 // indirect github.com/goccy/go-json v0.10.2 // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/hashicorp/hcl v1.0.0 // indirect @@ -38,7 +39,6 @@ require ( github.com/segmentio/asm v1.2.0 // indirect github.com/spf13/cast v1.4.1 // indirect github.com/spf13/jwalterweatherman v1.1.0 // indirect - github.com/spf13/pflag v1.0.5 // indirect github.com/subosito/gotenv v1.2.0 // indirect github.com/veraison/cmw v0.1.0 // indirect github.com/veraison/eat v0.0.0-20220117140849-ddaf59d69f53 // indirect diff --git a/go.sum b/go.sum index 082cf0d..e5b2132 100644 --- a/go.sum +++ b/go.sum @@ -66,6 +66,8 @@ github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5 github.com/fxamacker/cbor/v2 v2.2.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo= github.com/fxamacker/cbor/v2 v2.4.0 h1:ri0ArlOR+5XunOP8CRUowT0pSJOwhW098ZCUyskZD88= github.com/fxamacker/cbor/v2 v2.4.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo= +github.com/fxamacker/cbor/v2 v2.5.0 h1:oHsG0V/Q6E/wqTS2O1Cozzsy69nqCiguo5Q1a1ADivE= +github.com/fxamacker/cbor/v2 v2.5.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -220,6 +222,8 @@ github.com/veraison/apiclient v0.3.1-0.20240827095125-ab8774ee8e6d h1:o94WuvA9Aj github.com/veraison/apiclient v0.3.1-0.20240827095125-ab8774ee8e6d/go.mod h1:LCXFZ3D/tJ3HLAOHUg8bnAKGvgTl53e1ntwdwjVbQ5A= github.com/veraison/ccatoken v1.2.0 h1:vwZDeaM39LkNne5xFxeqevuAmxjhiSDTBGyd8Jg682Q= github.com/veraison/ccatoken v1.2.0/go.mod h1:HzEj02zAn/iKYsgZTJQcUbNok4lhqdpaeAjAEeYlTPk= +github.com/veraison/ccatoken v1.3.1 h1:zUHXr2mPprxMYv5Mm2mumxzQZ3I9wy7QGayXqa9Rv/E= +github.com/veraison/ccatoken v1.3.1/go.mod h1:vMqdbW4H/8A3oT+24qssuIK3Aefy06XqzTELGg+gWAg= github.com/veraison/cmw v0.1.0 h1:vD6tBlGPROCW/HlDcG1jh+XUJi5ihrjXatKZBjrv8mU= github.com/veraison/cmw v0.1.0/go.mod h1:WoBrlgByc6C1FeHhdze1/bQx1kv5d1sWKO5ezEf4Hs4= github.com/veraison/eat v0.0.0-20210331113810-3da8a4dd42ff/go.mod h1:+kxt8iuFiVvKRs2VQ1Ho7bbAScXAB/kHFFuP5Biw19I= @@ -228,8 +232,12 @@ github.com/veraison/eat v0.0.0-20220117140849-ddaf59d69f53/go.mod h1:+kxt8iuFiVv github.com/veraison/go-cose v1.0.0-rc.1/go.mod h1:7ziE85vSq4ScFTg6wyoMXjucIGOf4JkFEZi/an96Ct4= github.com/veraison/go-cose v1.1.0 h1:AalPS4VGiKavpAzIlBjrn7bhqXiXi4jbMYY/2+UC+4o= github.com/veraison/go-cose v1.1.0/go.mod h1:7ziE85vSq4ScFTg6wyoMXjucIGOf4JkFEZi/an96Ct4= +github.com/veraison/go-cose v1.3.0 h1:2/H5w8kdSpQJyVtIhx8gmwPJ2uSz1PkyWFx0idbd7rk= +github.com/veraison/go-cose v1.3.0/go.mod h1:df09OV91aHoQWLmy1KsDdYiagtXgyAwAl8vFeFn1gMc= github.com/veraison/psatoken v1.2.0 h1:PeHy6YUbhFE9Z9xaQBoAMpMWUEqSHrF2JgfcwMTmFIA= github.com/veraison/psatoken v1.2.0/go.mod h1:2tHLoYMOIS4V4mO8MJT4VstRtpO50FLmhoOR35FyIr4= +github.com/veraison/psatoken v1.2.1-0.20240719122628-26fe500fd5d4 h1:N7qg7vDF2mUg7I+8AoU+ieJ20cgcShwFHXHkV5b2YAA= +github.com/veraison/psatoken v1.2.1-0.20240719122628-26fe500fd5d4/go.mod h1:6+WZzXr0ACXYiUAJJqTaCxW43gY2+gEaCoVNdDv3+Bw= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= diff --git a/misc/cca-claims-bad-norealm.json b/misc/cca-claims-bad-norealm.json index 0a5d6dd..ee7ac49 100644 --- a/misc/cca-claims-bad-norealm.json +++ b/misc/cca-claims-bad-norealm.json @@ -1,6 +1,6 @@ { "cca-platform-token": { - "cca-platform-profile": "http://arm.com/CCA-SSD/1.0.0", + "cca-platform-profile": "tag:arm.com,2023:cca_platform#1.0.0", "cca-platform-implementation-id": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", "cca-platform-instance-id": "AQICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC", "cca-platform-config": "AQID", diff --git a/misc/cca-claims-without-realm-challenge.json b/misc/cca-claims-without-realm-challenge.json index 1b9d092..998fb18 100644 --- a/misc/cca-claims-without-realm-challenge.json +++ b/misc/cca-claims-without-realm-challenge.json @@ -1,10 +1,11 @@ { "cca-platform-token": { - "cca-platform-profile": "http://arm.com/CCA-SSD/1.0.0", + "cca-platform-profile": "tag:arm.com,2023:cca_platform#1.0.0", "cca-platform-implementation-id": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", "cca-platform-instance-id": "AQICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC", "cca-platform-config": "AQID", "cca-platform-lifecycle": 12288, + "cca-platform-challenge": "DSLgiphGkFhIYxgoNIm9s28J2+/rGGTfQz+m5U6i1xE=", "cca-platform-sw-components": [ { "measurement-description": "TF-M_SHA256MemPreXIP", @@ -45,7 +46,7 @@ "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" ], "cca-realm-hash-algo-id": "sha-256", - "cca-realm-public-key": "BIL70TKptcOWh5+7FTQNkFCXjlXHnVJ5oroOlYVPN+IM0vZPO3K1cLvXc+7iznaEJe31Re2+if+v4OlrvUbicPIHlsRIuY2vRqdk0nRC5ubthPjOyBfm7ManHTo959Z+zQ==", - "cca-realm-public-key-hash-algo-id": "sha-512" + "cca-realm-public-key": "pAECIAIhWDB2+YgJG+WF7UGAGuz6uFhUjGMFfhaw5nYSC70NL5wp4FbF1BoBMOucIVF4mdwjFGsiWDAo4bBivT6ksxX9IZ8cu1KMtudMpJvhZ3NzT2GhymEDGyu/PZGPL5T/xCKOUJGVRK4=", + "cca-realm-public-key-hash-algo-id": "sha-256" } } diff --git a/misc/cca-claims.json b/misc/cca-claims.json index f5655d1..a7e2840 100644 --- a/misc/cca-claims.json +++ b/misc/cca-claims.json @@ -1,10 +1,11 @@ { "cca-platform-token": { - "cca-platform-profile": "http://arm.com/CCA-SSD/1.0.0", + "cca-platform-profile": "tag:arm.com,2023:cca_platform#1.0.0", "cca-platform-implementation-id": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", "cca-platform-instance-id": "AQICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC", "cca-platform-config": "AQID", "cca-platform-lifecycle": 12288, + "cca-platform-challenge": "DSLgiphGkFhIYxgoNIm9s28J2+/rGGTfQz+m5U6i1xE=", "cca-platform-sw-components": [ { "measurement-value": "AwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM=", @@ -25,7 +26,7 @@ "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==" ], "cca-realm-hash-algo-id": "sha-256", - "cca-realm-public-key": "BIL70TKptcOWh5+7FTQNkFCXjlXHnVJ5oroOlYVPN+IM0vZPO3K1cLvXc+7iznaEJe31Re2+if+v4OlrvUbicPIHlsRIuY2vRqdk0nRC5ubthPjOyBfm7ManHTo959Z+zQ==", - "cca-realm-public-key-hash-algo-id": "sha-512" + "cca-realm-public-key": "pCACIVgwgvvRMqm1w5aHn7sVNA2QUJeOVcedUnmiug6VhU834gzS9k87crVwu9dz7uLOdoQlIlgw7fVF7b6J/6/g6Wu9RuJw8geWxEi5ja9Gp2TSdELm5u2E+M7IF+bsxqcdOj3n1n7NAQI=", + "cca-realm-public-key-hash-algo-id": "sha-256" } } diff --git a/misc/ec384-pub.diag b/misc/ec384-pub.diag new file mode 100644 index 0000000..48aa726 --- /dev/null +++ b/misc/ec384-pub.diag @@ -0,0 +1,6 @@ +{ + -1: 2, + -2: h'82fbd132a9b5c396879fbb15340d9050978e55c79d5279a2ba0e95854f37e20cd2f64f3b72b570bbd773eee2ce768425', + -3: h'edf545edbe89ffafe0e96bbd46e270f20796c448b98daf46a764d27442e6e6ed84f8cec817e6ecc6a71d3a3de7d67ecd', + 1: 2 +}