diff --git a/examples/cmw/README.md b/examples/cmw/README.md new file mode 100644 index 0000000..37a5d40 --- /dev/null +++ b/examples/cmw/README.md @@ -0,0 +1,71 @@ +# CMW Example Files + +This directory contains example Conceptual Message Wrapper (CMW) files for testing and development purposes with RATSD. + +## File Overview + +- **`basic-mock-tsm.json`** - Simple mock TSM attester example with minimal required fields +- **`mock-tsm-with-privilege.json`** - Mock TSM attester with privilege level specified +- **`tsm-report-basic.json`** - Basic TSM report attester example +- **`multi-attester.json`** - Example showing both mock-tsm and tsm-report attesters in one CMW +- **`tsm-cbor-format.json`** - TSM report using CBOR content type instead of JSON + +## CMW Structure + +All CMW files follow this basic structure: + +```json +{ + "__cmwc_t": "tag:github.com,2025:veraison/ratsd/cmw", + "": [ + "", + + ] +} +``` + +## Available Attesters + +### mock-tsm +- **Content Type**: `application/vnd.veraison.configfs-tsm+json` +- **Required Fields**: `auxblob`, `outblob` +- **Optional Fields**: `provider`, `privilege_level` (0-3) + +### tsm-report +- **Content Types**: + - `application/vnd.veraison.configfs-tsm+json` (JSON format) + - `application/vnd.veraison.configfs-tsm+cbor` (CBOR format) +- **Required Fields**: `auxblob`, `outblob` +- **Optional Fields**: `provider`, `privilege_level` (0-3) + +## Usage with RATSD + +These files can be used for testing RATSD in mock mode or as reference for understanding the expected CMW format. + +### Testing with curl + +```bash +# Basic query (returns all available attesters) +curl -X POST http://localhost:8895/ratsd/chares \ + -H "Content-type: application/vnd.veraison.chares+json" \ + -d '{"nonce": "TUlEQk5IMjhpaW9pc2pQeXh4eHh4eHh4eHh4eHh4eHhNSURCTkgyOGlpb2lzalB5eHh4eHh4eHh4eHh4eHh4eA"}' + +# Query with specific attester selection +curl -X POST http://localhost:8895/ratsd/chares \ + -H "Content-type: application/vnd.veraison.chares+json" \ + -d '{ + "nonce": "TUlEQk5IMjhpaW9pc2pQeXh4eHh4eHh4eHh4eHh4eHhNSURCTkgyOGlpb2lzalB5eHh4eHh4eHh4eHh4eHh4eA", + "attester-selection": { + "mock-tsm": { + "privilege_level": "3" + } + } + }' +``` + +## Notes + +- All `auxblob` and `outblob` values are base64-encoded +- The examples use fake/placeholder data for demonstration purposes +- For CBOR format, the evidence data itself is base64-encoded CBOR +- Privilege levels range from 0 (lowest) to 3 (highest) diff --git a/examples/cmw/basic-mock-tsm.json b/examples/cmw/basic-mock-tsm.json new file mode 100644 index 0000000..6af2029 --- /dev/null +++ b/examples/cmw/basic-mock-tsm.json @@ -0,0 +1,11 @@ +{ + "__cmwc_t": "tag:github.com,2025:veraison/ratsd/cmw", + "mock-tsm": [ + "application/vnd.veraison.configfs-tsm+json", + { + "auxblob": "YVhWNFlteHZZZw==", + "outblob": "cHJpdmlsZWdlLWxldmVsLWJhc2ljLW1vY2stdHNtLWV4YW1wbGUtZGF0YQ==", + "provider": "mock-hardware" + } + ] +} diff --git a/examples/cmw/mock-tsm-with-privilege.json b/examples/cmw/mock-tsm-with-privilege.json new file mode 100644 index 0000000..d993414 --- /dev/null +++ b/examples/cmw/mock-tsm-with-privilege.json @@ -0,0 +1,12 @@ +{ + "__cmwc_t": "tag:github.com,2025:veraison/ratsd/cmw", + "mock-tsm": [ + "application/vnd.veraison.configfs-tsm+json", + { + "auxblob": "bW9jay10c20tYXV4LWRhdGE=", + "outblob": "cHJpdmlsZWdlLWxldmVsLXRocmVlLW1vY2stdHNtLWV4YW1wbGUtZGF0YQ==", + "provider": "secure-enclave", + "privilege_level": "3" + } + ] +} diff --git a/examples/cmw/multi-attester.json b/examples/cmw/multi-attester.json new file mode 100644 index 0000000..0c8f841 --- /dev/null +++ b/examples/cmw/multi-attester.json @@ -0,0 +1,21 @@ +{ + "__cmwc_t": "tag:github.com,2025:veraison/ratsd/cmw", + "mock-tsm": [ + "application/vnd.veraison.configfs-tsm+json", + { + "auxblob": "bW9jay10c20tYXV4", + "outblob": "bW9jay10c20tb3V0YmxvYi1kYXRhLWZvci1tdWx0aS1hdHRlc3Rlci1leGFtcGxl", + "provider": "mock-hardware", + "privilege_level": "1" + } + ], + "tsm-report": [ + "application/vnd.veraison.configfs-tsm+json", + { + "auxblob": "dHNtLXJlcG9ydC1hdXgtbXVsdGk=", + "outblob": "dHNtLXJlcG9ydC1vdXRibG9iLWRhdGEtZm9yLW11bHRpLWF0dGVzdGVyLWV4YW1wbGUtd2l0aC1ib3RoLWF0dGVzdGVycy1wcmVzZW50", + "provider": "real-tsm", + "privilege_level": "2" + } + ] +} diff --git a/examples/cmw/privilege-level-3.json b/examples/cmw/privilege-level-3.json new file mode 100644 index 0000000..4f48c60 --- /dev/null +++ b/examples/cmw/privilege-level-3.json @@ -0,0 +1,13 @@ +{ + "__cmwc_t": "tag:github.com,2025:veraison/ratsd/cmw", + "mock-tsm": [ + "application/vnd.veraison.configfs-tsm+json", + { + "auxblob": "cHJpdmlsZWdlLWxldmVsLXRlc3QtYXV4", + "outblob": "cHJpdmlsZWdlLWxldmVsLXRlc3Qtb3V0YmxvYi13aXRoLW1heGltdW0tc2VjdXJpdHktcHJpdmlsZWdlLWxldmVsLTM=", + "provider": "secure-enclave", + "privilege_level": "3", + "description": "Maximum privilege level for secure operations" + } + ] +} diff --git a/examples/cmw/test-examples.sh b/examples/cmw/test-examples.sh new file mode 100644 index 0000000..3418cc8 --- /dev/null +++ b/examples/cmw/test-examples.sh @@ -0,0 +1,83 @@ +#!/bin/bash + +# Test script for CMW examples +# This script validates that the example CMW files are properly formatted + +echo "Testing CMW Example Files..." +echo "================================" + +EXAMPLES_DIR="$(dirname "$0")" +FAILED_TESTS=0 + +# Function to test JSON validity +test_json_validity() { + local file="$1" + echo -n "Testing $file... " + + if jq empty "$file" 2>/dev/null; then + echo "✓ Valid JSON" + else + echo "✗ Invalid JSON" + ((FAILED_TESTS++)) + fi +} + +# Function to test CMW structure +test_cmw_structure() { + local file="$1" + echo -n "Testing CMW structure in $file... " + + # Check for required __cmwc_t field + if jq -e '.__cmwc_t == "tag:github.com,2025:veraison/ratsd/cmw"' "$file" >/dev/null 2>&1; then + echo "✓ Valid CMW structure" + else + echo "✗ Invalid CMW structure" + ((FAILED_TESTS++)) + fi +} + +# Function to test base64 fields +test_base64_fields() { + local file="$1" + echo -n "Testing base64 fields in $file... " + + # Extract all auxblob and outblob values and test if they're valid base64 + local base64_valid=true + + while IFS= read -r blob; do + if [[ -n "$blob" ]]; then + if ! echo "$blob" | base64 -d >/dev/null 2>&1; then + base64_valid=false + break + fi + fi + done < <(jq -r '.. | select(type == "object") | select(has("auxblob")) | .auxblob, .outblob' "$file" 2>/dev/null) + + if $base64_valid; then + echo "✓ Valid base64 encoding" + else + echo "✗ Invalid base64 encoding" + ((FAILED_TESTS++)) + fi +} + +# Test all JSON files in the directory +for file in "$EXAMPLES_DIR"/*.json; do + if [[ -f "$file" ]]; then + echo + echo "Testing $(basename "$file"):" + test_json_validity "$file" + test_cmw_structure "$file" + test_base64_fields "$file" + fi +done + +echo +echo "================================" +if [[ $FAILED_TESTS -eq 0 ]]; then + echo "All tests passed! ✓" + exit 0 +else + echo "$FAILED_TESTS test(s) failed! ✗" + exit 1 +fi diff --git a/examples/cmw/tsm-cbor-format.json b/examples/cmw/tsm-cbor-format.json new file mode 100644 index 0000000..e07b475 --- /dev/null +++ b/examples/cmw/tsm-cbor-format.json @@ -0,0 +1,7 @@ +{ + "__cmwc_t": "tag:github.com,2025:veraison/ratsd/cmw", + "tsm-report": [ + "application/vnd.veraison.configfs-tsm+cbor", + "pGNhdXhqQ0JPUi1hdXgtZGF0YWZvdXRibG9ieFpDQk9SLWVuY29kZWQtdHNtLXJlcG9ydC1kYXRhLWZvci1yYXRzZC1leGFtcGxlLXB1cnBvc2VzLW9ubHktbm90LXJlYWwtZGF0YWhwcm92aWRlcmx0c20tY2Jvci1oYXJkd2FyZW9wcml2aWxlZ2VfbGV2ZWxhMw==" + ] +} diff --git a/examples/cmw/tsm-report-basic.json b/examples/cmw/tsm-report-basic.json new file mode 100644 index 0000000..84f7af0 --- /dev/null +++ b/examples/cmw/tsm-report-basic.json @@ -0,0 +1,12 @@ +{ + "__cmwc_t": "tag:github.com,2025:veraison/ratsd/cmw", + "tsm-report": [ + "application/vnd.veraison.configfs-tsm+json", + { + "auxblob": "dHNtLXJlcG9ydC1hdXg=", + "outblob": "dHNtLXJlcG9ydC1vdXRibG9iLWRhdGEtZXhhbXBsZS1mb3ItcmF0c2QtZGVtb25zdHJhdGlvbi1wdXJwb3Nlcy1vbmx5LXRoaXMtaXMtbm90LWEtcmVhbC10c20tcmVwb3J0LWJ1dC1hLXNhbXBsZS1mb3ItdGVzdGluZw==", + "provider": "tsm-hardware", + "privilege_level": "0" + } + ] +}