First draft of Unprocessed Evidence!

Signed-off-by: Yogesh Deshpande <yogesh.deshpande@arm.com>
veraison · Nov 30, 2023 · 8e88d74 · 8e88d74
1 parent 6dc8e80
commit 8e88d74
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 13 deletions.
diff --git a/ear.go b/ear.go
@@ -28,6 +28,7 @@ type AttestationResult struct {
 	IssuedAt    *int64                `json:"iat"`
 	Nonce       *string               `json:"eat_nonce,omitempty"`
 	Submods     map[string]*Appraisal `json:"submods"`
+	UPEvidence  *UnprocessedEvidence  `json:"ear.up-evidence"`
 
 	AttestationResultExtensions
 }
@@ -170,6 +171,9 @@ func (o AttestationResult) validate() error {
 		}
 	}
 
+	if o.UPEvidence == nil {
+		missing = append(missing, "'up-evidence'")
+	}
 	if len(missing) == 0 && len(invalid) == 0 {
 		return nil
 	}

diff --git a/ear_test.go b/ear_test.go
@@ -39,14 +39,15 @@ var (
 		Build:     &testVidBuild,
 		Developer: &testVidDeveloper,
 	}
-	testProfile            = EatProfile
-	testUnsupportedProfile = "1.2.3.4.5"
-	testNonce              = "0123456789abcdef"
-	testBadNonce           = "1337"
-	testEvidenceID         = "405e0c3127e455ebc22361210b43ca9499ca80d3f6b1dc79b89fa35290cee3d9"
-	testEvidence           = []byte("evidence")
-	testTeeName            = "aws-nitro"
-
+	testProfile                             = EatProfile
+	testUnsupportedProfile                  = "1.2.3.4.5"
+	testNonce                               = "0123456789abcdef"
+	testBadNonce                            = "1337"
+	testEvidenceID                          = "405e0c3127e455ebc22361210b43ca9499ca80d3f6b1dc79b89fa35290cee3d9"
+	testEvidence                            = []byte("evidence")
+	testTeeName                             = "aws-nitro"
+	testUpEvMt                              = "application/eat-cwt"
+	testUpEvData                            = []byte("upevidence")
 	testAttestationResultsWithVeraisonExtns = AttestationResult{
 		IssuedAt:   &testIAT,
 		VerifierID: &testVerifierID,
@@ -82,13 +83,13 @@ func TestToJSON_fail(t *testing.T) {
 	}{
 		{
 			ar:       AttestationResult{},
-			expected: `missing mandatory 'eat_profile', 'iat', 'verifier-id', 'submods' (at least one appraisal must be present)`,
+			expected: `missing mandatory 'eat_profile', 'iat', 'verifier-id', 'submods' (at least one appraisal must be present), 'up-evidence'`,
 		},
 		{
 			ar: AttestationResult{
 				Submods: map[string]*Appraisal{},
 			},
-			expected: `missing mandatory 'eat_profile', 'iat', 'verifier-id', 'submods' (at least one appraisal must be present)`,
+			expected: `missing mandatory 'eat_profile', 'iat', 'verifier-id', 'submods' (at least one appraisal must be present), 'up-evidence'`,
 		},
 		{
 			ar: AttestationResult{
@@ -97,7 +98,7 @@ func TestToJSON_fail(t *testing.T) {
 					"test": {},
 				},
 			},
-			expected: `missing mandatory 'eat_profile', 'verifier-id'; invalid value(s) for submods[test]: missing mandatory 'ear.status'`,
+			expected: `missing mandatory 'eat_profile', 'verifier-id', 'up-evidence'; invalid value(s) for submods[test]: missing mandatory 'ear.status'`,
 		},
 		{
 			ar: AttestationResult{
@@ -106,7 +107,7 @@ func TestToJSON_fail(t *testing.T) {
 					"test": {Status: &testTrustTier},
 				},
 			},
-			expected: `missing mandatory 'iat', 'verifier-id'`,
+			expected: `missing mandatory 'iat', 'verifier-id', 'up-evidence'`,
 		},
 		{
 			ar: AttestationResult{
@@ -115,7 +116,7 @@ func TestToJSON_fail(t *testing.T) {
 					"test": {Status: &testTrustTier},
 				},
 			},
-			expected: `missing mandatory 'iat', 'verifier-id'; invalid value(s) for eat_profile (1.2.3.4.5)`,
+			expected: `missing mandatory 'iat', 'verifier-id', 'up-evidence'; invalid value(s) for eat_profile (1.2.3.4.5)`,
 		},
 		{
 			ar: AttestationResult{
@@ -126,6 +127,7 @@ func TestToJSON_fail(t *testing.T) {
 				Submods: map[string]*Appraisal{
 					"test": {Status: &testTrustTier},
 				},
+				UPEvidence: &UnprocessedEvidence{MediaType: &testUpEvMt, Data: &testUpEvData},
 			},
 			expected: `invalid value(s) for eat_nonce (4 bytes)`,
 		},

diff --git a/up_evidence.go b/up_evidence.go
@@ -0,0 +1,32 @@
+// Copyright 2023 Contributors to the Veraison project.
+// SPDX-License-Identifier: Apache-2.0
+
+package ear
+
+import "fmt"
+
+// UnprocessedEvidence contains the details of Evidence
+// which te Verifier could not Appraise
+type UnprocessedEvidence struct {
+	// Build uniquely identifies the software build running the verifier.
+	MediaType *string `json:"media_type"`
+	// Developer uniquely identifies the organizational unit responsible
+	// for this build.
+	Data *[]byte `json:"data"`
+}
+
+func (o *UnprocessedEvidence) SetMediaType(mt *string) error {
+	if *mt == "" {
+		return fmt.Errorf("nil mt string")
+	}
+	o.MediaType = mt
+	return nil
+}
+
+func (o *UnprocessedEvidence) SetEvidence(data *[]byte) error {
+	if len(*data) == 0 {
+		return fmt.Errorf("nil data supplied")
+	}
+	o.Data = data
+	return nil
+}