add lookup keys synthesisers

Signed-off-by: Thomas Fossati <[email protected]>
veraison · Apr 5, 2023 · 930c146 · 930c146
1 parent 410d41e
commit 930c146
Showing 1 changed file with 24 additions and 10 deletions.
diff --git a/scheme/parsec-tpm/evidence_handler.go b/scheme/parsec-tpm/evidence_handler.go
@@ -16,6 +16,11 @@ import (
 	"github.com/veraison/services/scheme/common"
 )
 
+const (
+	ScopeTrustAnchor = "trust anchor"
+	ScopeRefValues   = "ref values"
+)
+
 type EvidenceHandler struct{}
 
 func (s EvidenceHandler) GetName() string {
@@ -30,12 +35,12 @@ func (s EvidenceHandler) GetSupportedMediaTypes() []string {
 	return EvidenceMediaTypes
 }
 
-func (s EvidenceHandler) SynthKeysFromRefValue(tenantID string, swComp *proto.Endorsement) ([]string, error) {
-	return nil, errors.New("TODO(tho)")
+func (s EvidenceHandler) SynthKeysFromRefValue(tenantID string, refVals *proto.Endorsement) ([]string, error) {
+	return synthKeysFromParts(ScopeRefValues, tenantID, refVals.GetAttributes())
 }
 
 func (s EvidenceHandler) SynthKeysFromTrustAnchor(tenantID string, ta *proto.Endorsement) ([]string, error) {
-	return synthKeysFromParts("trust anchor", tenantID, ta.GetAttributes())
+	return synthKeysFromParts(ScopeTrustAnchor, tenantID, ta.GetAttributes())
 }
 
 func (s EvidenceHandler) GetTrustAnchorID(token *proto.AttestationToken) (string, error) {
@@ -66,21 +71,30 @@ func synthKeysFromParts(scope, tenantID string, parts *structpb.Struct) ([]strin
 		return nil, fmt.Errorf("unable to synthesize %s abs-path: %w", scope, err)
 	}
 
-	instance, err = common.GetMandatoryPathSegment("tpm-parsec.instance-id", fields)
-	if err != nil {
-		return nil, fmt.Errorf("unable to synthesize %s abs-path: %w", scope, err)
+	if scope == ScopeTrustAnchor {
+		instance, err = common.GetMandatoryPathSegment("parsec-tpm.instance-id", fields)
+		if err != nil {
+			return nil, fmt.Errorf("unable to synthesize %s abs-path: %w", scope, err)
+		}
 	}
 
-	class, err = common.GetMandatoryPathSegment("tpm-parsec.class-id", fields)
+	class, err = common.GetMandatoryPathSegment("parsec-tpm.class-id", fields)
 	if err != nil {
 		return nil, fmt.Errorf("unable to synthesize %s abs-path: %w", scope, err)
 	}
 
-	return []string{parsecTpmLookupKey(tenantID, class, instance)}, nil
+	return []string{parsecTpmLookupKey(scope, tenantID, class, instance)}, nil
 }
 
-func parsecTpmLookupKey(tenantID, class, instance string) string {
-	absPath := []string{class, instance}
+func parsecTpmLookupKey(scope, tenantID, class, instance string) string {
+	var absPath []string
+
+	switch scope {
+	case ScopeTrustAnchor:
+		absPath = []string{class, instance}
+	case ScopeRefValues:
+		absPath = []string{class}
+	}
 
 	u := url.URL{
 		Scheme: SchemeName,