From c96f36ba090b4a0836e287221a8f78d84fbf861e Mon Sep 17 00:00:00 2001 From: Kallal Mukherjee Date: Thu, 2 Oct 2025 02:51:57 +0000 Subject: [PATCH 1/2] fix: Remove compatibility code and align all tests with multiple authorized-by keys Addresses reviewer feedback from setrofim in PR #219: - Remove unnecessary compatibility implementation as CoRIM spec is in draft - Align all tests and examples with current implementation instead of maintaining compatibility Core Changes: - comid/measurement.go: Changed AuthorizedBy from *CryptoKey to *CryptoKeys (arrays) - comid/cryptokeys.go: Added String() method returning array representation - coev/coswid_evidence.go: Updated AuthorizedBy to use CryptoKeys - coserv/quads.go: Updated authorities to use CryptoKeys arrays Test Data Updates: - Updated all JSON templates to use array format for authorized-by - Updated diagnostic files (.diag) to use CBOR array syntax [554(...)] - Regenerated all CBOR test files using cbor-diag tool - Updated expected test outputs to show 'CryptoKeys: [...]' format Testing: - All packages now pass tests: comid, comid/tdx, coev, coev/tdx, coserv - Supports multiple authorized-by keys as required by issue #195 - No backward compatibility - clean implementation for draft spec Fixes #195 Signed-off-by: Kallal Mukherjee --- coev/coswid_evidence.go | 6 ++-- coev/example_test.go | 10 +++--- coev/tdx/example_pce_test.go | 5 ++- coev/tdx/example_qe_test.go | 10 +++--- coev/tdx/example_seam_test.go | 5 ++- coev/tdx/test_vars.go | 10 +++--- coev/tdx/testcases/ce-pce-evidence.cbor | Bin 291 -> 292 bytes coev/tdx/testcases/ce-qe-evidence.cbor | Bin 414 -> 415 bytes coev/tdx/testcases/ce-seam-evidence.cbor | Bin 389 -> 390 bytes coev/tdx/testcases/src/ce-pce-evidence.diag | 4 ++- coev/tdx/testcases/src/ce-qe-evidence.diag | 4 ++- coev/tdx/testcases/src/ce-seam-evidence.diag | 2 +- comid/cryptokeys.go | 17 ++++++++++ comid/measurement.go | 6 ++-- comid/tdx/example_pce_refval_test.go | 10 +++--- comid/tdx/example_qe_refval_test.go | 10 +++--- comid/tdx/example_seam_refval_test.go | 10 +++--- comid/tdx/test_common_methods.go | 8 +++-- comid/tdx/test_vars.go | 30 +++++++++++------- comid/tdx/testcases/comid_pce_refval.cbor | Bin 462 -> 463 bytes comid/tdx/testcases/comid_qe_refval.cbor | Bin 497 -> 498 bytes comid/tdx/testcases/comid_seam_refval.cbor | Bin 476 -> 477 bytes comid/tdx/testcases/src/comid_pce_refval.diag | 4 ++- comid/tdx/testcases/src/comid_qe_refval.diag | 4 ++- .../tdx/testcases/src/comid_seam_refval.diag | 2 +- comid/testcases/regen-from-src.sh | 0 coserv/quads.go | 4 +-- coserv/resultset_test.go | 2 +- coserv/test_common.go | 2 +- 29 files changed, 96 insertions(+), 69 deletions(-) mode change 100644 => 100755 comid/testcases/regen-from-src.sh diff --git a/coev/coswid_evidence.go b/coev/coswid_evidence.go index 323f4618..1aecd7eb 100644 --- a/coev/coswid_evidence.go +++ b/coev/coswid_evidence.go @@ -10,9 +10,9 @@ import ( // CoSWIDEvidenceMap is the Map to carry CoSWID Evidence type CoSWIDEvidenceMap struct { - TagID *swid.TagID `cbor:"0,keyasint,omitempty" json:"tagId,omitempty"` - Evidence swid.Evidence `cbor:"1,keyasint,omitempty" json:"evidence,omitempty"` - AuthorizedBy *comid.CryptoKey `cbor:"2,keyasint,omitempty" json:"authorized-by,omitempty"` + TagID *swid.TagID `cbor:"0,keyasint,omitempty" json:"tagId,omitempty"` + Evidence swid.Evidence `cbor:"1,keyasint,omitempty" json:"evidence,omitempty"` + AuthorizedBy *comid.CryptoKeys `cbor:"2,keyasint,omitempty" json:"authorized-by,omitempty"` } type CoSWIDEvidence []CoSWIDEvidenceMap diff --git a/coev/example_test.go b/coev/example_test.go index e00d717a..3c8f3038 100644 --- a/coev/example_test.go +++ b/coev/example_test.go @@ -298,10 +298,12 @@ func Example_decode_JSON() { "raw-value-mask": "/////w==", "mac-addr": "02:00:5e:10:00:00:00:02" }, - "authorized-by": { - "type": "pkix-base64-key", - "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----" - } + "authorized-by": [ + { + "type": "pkix-base64-key", + "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----" + } + ] } ] } diff --git a/coev/tdx/example_pce_test.go b/coev/tdx/example_pce_test.go index f91f35cf..19c7bfc2 100644 --- a/coev/tdx/example_pce_test.go +++ b/coev/tdx/example_pce_test.go @@ -213,10 +213,9 @@ func Example_decode_PCE_Evidence_CBOR() { // ISVSVN: 0 // ISVSVN: 0 // ISVSVN: 0 - // CryptoKey Type: pkix-base64-key - // CryptoKey Value: -----BEGIN PUBLIC KEY----- + // CryptoKeys: [-----BEGIN PUBLIC KEY----- // MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg== - // -----END PUBLIC KEY----- + // -----END PUBLIC KEY-----] } func ExtractPceEvidence(ce *coev.TaggedConciseEvidence) error { diff --git a/coev/tdx/example_qe_test.go b/coev/tdx/example_qe_test.go index fea5a6b3..e7415f9e 100644 --- a/coev/tdx/example_qe_test.go +++ b/coev/tdx/example_qe_test.go @@ -48,10 +48,9 @@ func Example_decode_QE_Evidence_JSON() { // TEE TCB Status = UpToDate // Tee AdvisoryID = INTEL-SA-00078 // Tee AdvisoryID = INTEL-SA-00079 - // CryptoKey Type: pkix-base64-key - // CryptoKey Value: -----BEGIN PUBLIC KEY----- + // CryptoKeys: [-----BEGIN PUBLIC KEY----- // MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg== - // -----END PUBLIC KEY----- + // -----END PUBLIC KEY-----] } func Example_encode_tdx_qe_evidence_without_profile() { @@ -201,10 +200,9 @@ func Example_decode_QE_Evidence_CBOR() { // TEE TCB Status = UpToDate // Tee AdvisoryID = INTEL-SA-00078 // Tee AdvisoryID = INTEL-SA-00079 - // CryptoKey Type: pkix-base64-key - // CryptoKey Value: -----BEGIN PUBLIC KEY----- + // CryptoKeys: [-----BEGIN PUBLIC KEY----- // MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg== - // -----END PUBLIC KEY----- + // -----END PUBLIC KEY-----] } func ExtractQeEvidence(ce *coev.TaggedConciseEvidence) error { diff --git a/coev/tdx/example_seam_test.go b/coev/tdx/example_seam_test.go index 874f2ab5..0cdf66b4 100644 --- a/coev/tdx/example_seam_test.go +++ b/coev/tdx/example_seam_test.go @@ -196,10 +196,9 @@ func Example_decode_CBOR() { // mrsigner Digest Value: e45b72f5c0c0b572db4d8d3ab7e97f368ff74e62347a824decb67a84e5224d75 // mrsigner Digest Alg: 7 // mrsigner Digest Value: e45b72f5c0c0b572db4d8d3ab7e97f368ff74e62347a824decb67a84e5224d75e45b72f5c0c0b572db4d8d3ab7e97f36 - // CryptoKey Type: pkix-base64-key - // CryptoKey Value: -----BEGIN PUBLIC KEY----- + // CryptoKeys: [-----BEGIN PUBLIC KEY----- // MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg== - // -----END PUBLIC KEY----- + // -----END PUBLIC KEY-----] } func ExtractSeamEvidence(ce *coev.TaggedConciseEvidence) error { diff --git a/coev/tdx/test_vars.go b/coev/tdx/test_vars.go index 3428d03b..61c8d057 100644 --- a/coev/tdx/test_vars.go +++ b/coev/tdx/test_vars.go @@ -72,10 +72,12 @@ var ( ] } }, - "authorized-by": { - "type": "pkix-base64-key", - "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----" - } + "authorized-by": [ + { + "type": "pkix-base64-key", + "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----" + } + ] } ] } diff --git a/coev/tdx/testcases/ce-pce-evidence.cbor b/coev/tdx/testcases/ce-pce-evidence.cbor index 50a2e1fe3620e41236c020e861729684e4db5abd..2b61284b59356f03afef6e84beab58e79ac63a49 100644 GIT binary patch delta 11 ScmZ3?w1jCw9%JLgysZEj#RPx= delta 9 QcmZ3&w3ul^-o*T^01_+%{{R30 diff --git a/coev/tdx/testcases/ce-qe-evidence.cbor b/coev/tdx/testcases/ce-qe-evidence.cbor index dc7eceddacc18dcd67322f4ee9913caad4cfd3a2..145aee395f14daca6743954957e2e54e2a2f729c 100644 GIT binary patch delta 11 TcmbQoJfC^OOUA~DFSh~!97_dm delta 9 RcmbQwJdb(8%ZabH0ss`u1nmF- diff --git a/coev/tdx/testcases/ce-seam-evidence.cbor b/coev/tdx/testcases/ce-seam-evidence.cbor index 7efc39545e39ffab21b4351fd96f721da43a2c6e..b9436f17b12f1c2816f287d6af4784a2b0a0d39f 100644 GIT binary patch delta 11 ScmZo=ZeyNsfw6Jog{=S?j|B<< delta 9 QcmZo;Ze^ZuVdBND01~DIi2wiq diff --git a/coev/tdx/testcases/src/ce-pce-evidence.diag b/coev/tdx/testcases/src/ce-pce-evidence.diag index f64182fd..24940824 100644 --- a/coev/tdx/testcases/src/ce-pce-evidence.diag +++ b/coev/tdx/testcases/src/ce-pce-evidence.diag @@ -36,7 +36,9 @@ ], / pceid / -80 : "0000" }, - / authorized-by / 2 : 554("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----") + / authorized-by / 2 : [ + 554("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----") + ] } ] ] diff --git a/coev/tdx/testcases/src/ce-qe-evidence.diag b/coev/tdx/testcases/src/ce-qe-evidence.diag index 23e6e37f..d1eca9f0 100644 --- a/coev/tdx/testcases/src/ce-qe-evidence.diag +++ b/coev/tdx/testcases/src/ce-qe-evidence.diag @@ -30,7 +30,9 @@ "UpToDate" ] }, - / authorized-by / 2 : 554("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----") + / authorized-by / 2 : [ + 554("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----") + ] } ] ] diff --git a/coev/tdx/testcases/src/ce-seam-evidence.diag b/coev/tdx/testcases/src/ce-seam-evidence.diag index 8df2ae74..7604785d 100644 --- a/coev/tdx/testcases/src/ce-seam-evidence.diag +++ b/coev/tdx/testcases/src/ce-seam-evidence.diag @@ -27,7 +27,7 @@ ], / tcb-eval-num / -86 : 11 }, - 2 : 554("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----") + 2 : [554("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----")] } ] ] diff --git a/comid/cryptokeys.go b/comid/cryptokeys.go index 98e9bd1e..7ecfa994 100644 --- a/comid/cryptokeys.go +++ b/comid/cryptokeys.go @@ -35,3 +35,20 @@ func (o CryptoKeys) Valid() error { } return nil } + +// String returns a string representation of all CryptoKeys +func (o CryptoKeys) String() string { + if len(o) == 0 { + return "[]" + } + + result := "[" + for i, key := range o { + if i > 0 { + result += ", " + } + result += key.String() + } + result += "]" + return result +} diff --git a/comid/measurement.go b/comid/measurement.go index ff105e09..eaf296cf 100644 --- a/comid/measurement.go +++ b/comid/measurement.go @@ -493,9 +493,9 @@ func (o Mval) Valid() error { // Measurement stores a measurement-map with CBOR and JSON serializations. type Measurement struct { - Key *Mkey `cbor:"0,keyasint,omitempty" json:"key,omitempty"` - Val Mval `cbor:"1,keyasint" json:"value"` - AuthorizedBy *CryptoKey `cbor:"2,keyasint,omitempty" json:"authorized-by,omitempty"` + Key *Mkey `cbor:"0,keyasint,omitempty" json:"key,omitempty"` + Val Mval `cbor:"1,keyasint" json:"value"` + AuthorizedBy *CryptoKeys `cbor:"2,keyasint,omitempty" json:"authorized-by,omitempty"` } func NewMeasurement(val any, typ string) (*Measurement, error) { diff --git a/comid/tdx/example_pce_refval_test.go b/comid/tdx/example_pce_refval_test.go index 7938d452..1712f21a 100644 --- a/comid/tdx/example_pce_refval_test.go +++ b/comid/tdx/example_pce_refval_test.go @@ -76,10 +76,9 @@ func Example_decode_PCE_JSON() { // SVN Value: 10 // SVN Operator: greater_or_equal // SVN Value: 10 - // CryptoKey Type: pkix-base64-key - // CryptoKey Value: -----BEGIN PUBLIC KEY----- + // CryptoKeys: [-----BEGIN PUBLIC KEY----- // MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg== - // -----END PUBLIC KEY----- + // -----END PUBLIC KEY-----] } func extractPCERefVals(c *comid.Comid) error { @@ -166,10 +165,9 @@ func Example_decode_PCE_CBOR() { // SVN Value: 0 // SVN Operator: greater_or_equal // SVN Value: 0 - // CryptoKey Type: pkix-base64-key - // CryptoKey Value: -----BEGIN PUBLIC KEY----- + // CryptoKeys: [-----BEGIN PUBLIC KEY----- // MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg== - // -----END PUBLIC KEY----- + // -----END PUBLIC KEY-----] } func Example_encode_tdx_pce_refval_with_profile() { diff --git a/comid/tdx/example_qe_refval_test.go b/comid/tdx/example_qe_refval_test.go index d5761bde..cb8bf605 100644 --- a/comid/tdx/example_qe_refval_test.go +++ b/comid/tdx/example_qe_refval_test.go @@ -58,10 +58,9 @@ func Example_decode_QE_JSON() { // Tee AdvisoryID = SA-00078 // Tee AdvisoryID = SA-00077 // Tee AdvisoryID = SA-00079 - // CryptoKey Type: pkix-base64-key - // CryptoKey Value: -----BEGIN PUBLIC KEY----- + // CryptoKeys: [-----BEGIN PUBLIC KEY----- // MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg== - // -----END PUBLIC KEY----- + // -----END PUBLIC KEY-----] } func extractQERefVals(c *comid.Comid) error { @@ -174,8 +173,7 @@ func Example_decode_QE_CBOR() { // TeeAdvisory Operator: member // Tee AdvisoryID = INTEL-SA-00078 // Tee AdvisoryID = INTEL-SA-00079 - // CryptoKey Type: pkix-base64-key - // CryptoKey Value: -----BEGIN PUBLIC KEY----- + // CryptoKeys: [-----BEGIN PUBLIC KEY----- // MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg== - // -----END PUBLIC KEY----- + // -----END PUBLIC KEY-----] } diff --git a/comid/tdx/example_seam_refval_test.go b/comid/tdx/example_seam_refval_test.go index 5c332b87..34c3604e 100644 --- a/comid/tdx/example_seam_refval_test.go +++ b/comid/tdx/example_seam_refval_test.go @@ -58,10 +58,9 @@ func Example_decode_JSON() { // mrsigner Digest Value: 87428fc522803d31065e7bce3cf03fe475096631e5e07bbd7a0fde60c4cf25c7 // mrsigner Digest Alg: 8 // mrsigner Digest Value: a314fc2dc663ae7a6b6bc6787594057396e6b3f569cd50fd5ddb4d1bbafd2b6aa314fc2dc663ae7a6b6bc6787594057396e6b3f569cd50fd5ddb4d1bbafd2b6a - // CryptoKey Type: pkix-base64-key - // CryptoKey Value: -----BEGIN PUBLIC KEY----- + // CryptoKeys: [-----BEGIN PUBLIC KEY----- // MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg== - // -----END PUBLIC KEY----- + // -----END PUBLIC KEY-----] } func Example_encode_tdx_seam_refval_without_profile() { @@ -268,10 +267,9 @@ func Example_decode_CBOR() { // mrsigner Digest Value: a314fc2dc663ae7a6b6bc6787594057396e6b3f569cd50fd5ddb4d1bbafd2b6a // mrsigner Digest Alg: 8 // mrsigner Digest Value: a314fc2dc663ae7a6b6bc6787594057396e6b3f569cd50fd5ddb4d1bbafd2b6aa314fc2dc663ae7a6b6bc6787594057396e6b3f569cd50fd5ddb4d1bbafd2b6a - // CryptoKey Type: pkix-base64-key - // CryptoKey Value: -----BEGIN PUBLIC KEY----- + // CryptoKeys: [-----BEGIN PUBLIC KEY----- // MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg== - // -----END PUBLIC KEY----- + // -----END PUBLIC KEY-----] } diff --git a/comid/tdx/test_common_methods.go b/comid/tdx/test_common_methods.go index 921c8e32..f6f3de4e 100644 --- a/comid/tdx/test_common_methods.go +++ b/comid/tdx/test_common_methods.go @@ -136,11 +136,13 @@ func extractTeeTcbEvalNum(tcbEvalNum *TeeTcbEvalNumber) error { } func decodeAuthorisedBy(m *comid.Measurement) error { + if m.AuthorizedBy == nil { + return fmt.Errorf("no authorized-by keys") + } if err := m.AuthorizedBy.Valid(); err != nil { - return fmt.Errorf("invalid cryptokey: %w", err) + return fmt.Errorf("invalid cryptokeys: %w", err) } - fmt.Printf("\nCryptoKey Type: %s", m.AuthorizedBy.Type()) - fmt.Printf("\nCryptoKey Value: %s", m.AuthorizedBy.String()) + fmt.Printf("\nCryptoKeys: %s", m.AuthorizedBy.String()) return nil } diff --git a/comid/tdx/test_vars.go b/comid/tdx/test_vars.go index e047dc90..f6ea0d3e 100644 --- a/comid/tdx/test_vars.go +++ b/comid/tdx/test_vars.go @@ -215,10 +215,12 @@ const ( ], "pceid": "0000" }, - "authorized-by": { - "type": "pkix-base64-key", - "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----" - } + "authorized-by": [ + { + "type": "pkix-base64-key", + "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----" + } + ] } ] } @@ -305,10 +307,12 @@ const ( } } }, - "authorized-by": { - "type": "pkix-base64-key", - "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----" - } + "authorized-by": [ + { + "type": "pkix-base64-key", + "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----" + } + ] } ] } @@ -394,10 +398,12 @@ const ( } } }, - "authorized-by": { - "type": "pkix-base64-key", - "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----" - } + "authorized-by": [ + { + "type": "pkix-base64-key", + "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----" + } + ] } ] } diff --git a/comid/tdx/testcases/comid_pce_refval.cbor b/comid/tdx/testcases/comid_pce_refval.cbor index fc6ef7f2bad595fe88584347c6c974f3fba0abf1..4d33c132df7e5e8da0fe013c2338cc1fde0e4541 100644 GIT binary patch delta 13 UcmX@de4crOBqL+vWJ$)Y03d<{QUCw| delta 11 ScmX@le2#g8B;#Z$#;pJuAOq0= diff --git a/comid/tdx/testcases/comid_qe_refval.cbor b/comid/tdx/testcases/comid_qe_refval.cbor index a25455535445bfd2a70e0ed903be00e11038d23f..e2586a3be299c5013790b5a22aa41a6ad3929667 100644 GIT binary patch delta 13 Ucmey!{E2yk4I^XYWE;k<03}NV-T(jq delta 11 Scmeyw{E>Ns4dY~6#;pJy7X)1Z diff --git a/comid/tdx/testcases/comid_seam_refval.cbor b/comid/tdx/testcases/comid_seam_refval.cbor index cbf4287108c470711ce42d01dd15781f3fa6a770..6e4dbebf101df61b5a3139c7db0d238bf30f07fc 100644 GIT binary patch delta 13 Ucmcb^e3yBHIwND_WOc@^03vJziU0rr delta 11 Scmcc1e2001I^$#w#;pJvwgd?P diff --git a/comid/tdx/testcases/src/comid_pce_refval.diag b/comid/tdx/testcases/src/comid_pce_refval.diag index f6dd910a..62415a0e 100644 --- a/comid/tdx/testcases/src/comid_pce_refval.diag +++ b/comid/tdx/testcases/src/comid_pce_refval.diag @@ -43,7 +43,9 @@ ], / pceid / -80 : "0000" }, - / authorized-by / 2: 554("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----") + / authorized-by / 2: [ + 554("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----") + ] } ] ] ] diff --git a/comid/tdx/testcases/src/comid_qe_refval.diag b/comid/tdx/testcases/src/comid_qe_refval.diag index 090c72be..d3d19e56 100644 --- a/comid/tdx/testcases/src/comid_qe_refval.diag +++ b/comid/tdx/testcases/src/comid_qe_refval.diag @@ -40,7 +40,9 @@ / advisory-ids / -89 : 60021([ /member/ 6, [ "INTEL-SA-00078", "INTEL-SA-00079" ]]), / tcbstatus / -88 : 60021([ /member/ 6, [ "UpToDate" ]]) }, - / authorized-by / 2: 554("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----") + / authorized-by / 2: [ + 554("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----") + ] } ] ] ] diff --git a/comid/tdx/testcases/src/comid_seam_refval.diag b/comid/tdx/testcases/src/comid_seam_refval.diag index 6f51a828..5ebf23a1 100644 --- a/comid/tdx/testcases/src/comid_seam_refval.diag +++ b/comid/tdx/testcases/src/comid_seam_refval.diag @@ -47,7 +47,7 @@ ]), / tcb-eval-num / -86 : 60010([ / op.ge / 2, 11 ]) }, - 2: 554("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----") + 2: [554("-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFn0taoAwR3PmrKkYLtAsD9o05KSM6mbgfNCgpuL0g6VpTHkZl73wk5BDxoV7n+Oeee0iIqkW3HMZT3ETiniJdg==\n-----END PUBLIC KEY-----")] } ] ] ] diff --git a/comid/testcases/regen-from-src.sh b/comid/testcases/regen-from-src.sh old mode 100644 new mode 100755 diff --git a/coserv/quads.go b/coserv/quads.go index e8af8096..ad5eb2ec 100644 --- a/coserv/quads.go +++ b/coserv/quads.go @@ -6,11 +6,11 @@ package coserv import "github.com/veraison/corim/comid" type RefValQuad struct { - Authorities *[]comid.CryptoKey `cbor:"1,keyasint"` + Authorities *comid.CryptoKeys `cbor:"1,keyasint"` RVTriple *comid.ValueTriple `cbor:"2,keyasint"` } type AKQuad struct { - Authorities *[]comid.CryptoKey `cbor:"1,keyasint"` + Authorities *comid.CryptoKeys `cbor:"1,keyasint"` AKTriple *comid.KeyTriple `cbor:"2,keyasint"` } diff --git a/coserv/resultset_test.go b/coserv/resultset_test.go index 746b6b9f..96e831e3 100644 --- a/coserv/resultset_test.go +++ b/coserv/resultset_test.go @@ -17,7 +17,7 @@ func TestResultSet_AddAttestationKeys(t *testing.T) { require.NoError(t, err) akq := AKQuad{ - Authorities: &[]comid.CryptoKey{*authority}, + Authorities: comid.NewCryptoKeys().Add(authority), AKTriple: &comid.KeyTriple{ Environment: comid.Environment{ Class: comid.NewClassBytes(testBytes), diff --git a/coserv/test_common.go b/coserv/test_common.go index 73dcda3f..44b9783e 100644 --- a/coserv/test_common.go +++ b/coserv/test_common.go @@ -161,7 +161,7 @@ func exampleReferenceValuesResultSet(t *testing.T) *ResultSet { require.NoError(t, err) rvq := RefValQuad{ - Authorities: &[]comid.CryptoKey{*authority}, + Authorities: comid.NewCryptoKeys().Add(authority), RVTriple: &refval, } From 31dafe41b6c79c6c7a89631128103a4a614e5845 Mon Sep 17 00:00:00 2001 From: Kallal Mukherjee Date: Thu, 2 Oct 2025 17:26:34 +0000 Subject: [PATCH 2/2] fix: correct gofmt formatting issues - Remove extra blank line in comid/cryptokeys.go line 44 - Fix struct field alignment in coserv/quads.go - Resolves failing lint job 51776361051 --- comid/cryptokeys.go | 2 +- coserv/quads.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/comid/cryptokeys.go b/comid/cryptokeys.go index 7ecfa994..099eb1d6 100644 --- a/comid/cryptokeys.go +++ b/comid/cryptokeys.go @@ -41,7 +41,7 @@ func (o CryptoKeys) String() string { if len(o) == 0 { return "[]" } - + result := "[" for i, key := range o { if i > 0 { diff --git a/coserv/quads.go b/coserv/quads.go index ad5eb2ec..69a29cad 100644 --- a/coserv/quads.go +++ b/coserv/quads.go @@ -6,11 +6,11 @@ package coserv import "github.com/veraison/corim/comid" type RefValQuad struct { - Authorities *comid.CryptoKeys `cbor:"1,keyasint"` + Authorities *comid.CryptoKeys `cbor:"1,keyasint"` RVTriple *comid.ValueTriple `cbor:"2,keyasint"` } type AKQuad struct { Authorities *comid.CryptoKeys `cbor:"1,keyasint"` - AKTriple *comid.KeyTriple `cbor:"2,keyasint"` + AKTriple *comid.KeyTriple `cbor:"2,keyasint"` }