Feat(profile/psa): extract and consolidate PSA profile package and removes PSA/CCA-specific types from COMID #253
Conversation
abhiraj-ku
force-pushed
the
impl-id-sign-id-ver
branch
2 times, most recently
from
e8cb9a4 to
2554414
Compare
…pe TaggedBytes Signed-off-by: Abhishek kumar <[email protected]>
Signed-off-by: Abhishek kumar <[email protected]>
…ckage Signed-off-by: Abhishek kumar <[email protected]>
abhiraj-ku
force-pushed
the
impl-id-sign-id-ver
branch
from
2554414 to
45a470e
Compare
thomas-fossati
left a comment
thomas-fossati
left a comment
There was a problem hiding this comment.
Looks great. Thanks for all your careful work!
I was expecting this PR to contain the PSA-08 implementation and was a little disoriented at first. I now understand that this is a significant restructuring of the existing logic (pre-08), and I'm looking forward to seeing the next steps!
Could you please fix the organisation of the commits and the messages? (In particular, I believe there are no new features here, so the feat label should not be used in the headings.
|
Hey Thomas, thanks for the review! You’re right, this PR is focused on restructuring existing logic, not new features. I’ll clean up the commit messages and squash/rewrite the commit history accordingly. |
profiles/psa/implid.go
Outdated
| @@ -0,0 +1,122 @@ | |||
| // Copyright 2021-2024 Contributors to the Veraison project. | |||
There was a problem hiding this comment.
The Headers in all files should be reflected upto 2026, now!
There was a problem hiding this comment.
ok i'll fix this and amend with psa commit
|
Started reviewing, will finish by end of day today! |
Ok,sure |
profiles/psa/psa.go
Outdated
| } | ||
|
|
||
| // Register PSA-specific ClassID factory (psa.impl-id) | ||
| // CBOR tag 560 is already registered for TaggedBytes in comid/cbor.go |
There was a problem hiding this comment.
@abhiraj-ku I do not see the tag 560 been applied as you are NOT instantiating ImplID as Tagged Bytes in the Methoid NewImplIDClassID).
yogeshbdeshpande
left a comment
yogeshbdeshpande
left a comment
There was a problem hiding this comment.
The new Interface functions for Instatiating ClassID using ImplID needs to be re-written to claim that TaggedBytes are used instead:
| for i := range implID { | ||
| implID[i] = byte(i) | ||
| } | ||
| class := comid.NewClassBytes(implID) |
There was a problem hiding this comment.
This approach should be used when instantiating ClassID using Implementation ID
yogeshbdeshpande
left a comment
yogeshbdeshpande
left a comment
There was a problem hiding this comment.
see further comments...
setrofim
left a comment
setrofim
left a comment
There was a problem hiding this comment.
A note on commit messages:
- do not capitalize the classification tag, so
featnotFeat(note: you generally should capilize the initial word of the title, but classification tags are an exception, in the same way as you wouldn't capilize a variable name (if it's not capitalized in code) even if its the first word in a sentence.) - Keep the commit message titles (i.e. the inital line of the message) short, and use the commit body to fully describe the change, rather than trying to put everything into the commit title. (note: the common advice is the 50/72 rule, i.e. the title should be at most 50 characters, and the commit body should be formatted to 72-column lines.
comid/classid.go
Outdated
| } | ||
| } | ||
|
|
||
| type IClassIDValue interface { |
There was a problem hiding this comment.
Why was this moved below SetUUID and GetUUID mothod definitions? Please revert to the original location.
comid/classid.go
Outdated
| // RegisterClassIDFactory registers a new IClassIDValue factory without registering | ||
| // a CBOR tag. Use this when the underlying CBOR tag is already registered (e.g., for | ||
| // profile-specific types that reuse existing CBOR tags). | ||
| func RegisterClassIDFactory(factory IClassIDFactory) error { |
There was a problem hiding this comment.
This doesn't seem right. A CBOR tag identifies the type. You cannot have the same tag map to different types. And a profile cannot "re-use" a tag for a different type. This will cause problems.
There was a problem hiding this comment.
Agreed—one tag must map to one type. The factory was a leftover from exploring profile conveniences; I’ve removed it and will push the fix with the other requested changes
comid/cryptokeys_test.go
Outdated
| Add(MustNewPKIXBase64Key(TestECPubKey)) | ||
|
|
||
| result := keys.String() | ||
| assert.Contains(t, result, "[") |
There was a problem hiding this comment.
I'm not sure what these asserts are testing? Since all the inputs are known, you should be comparing to the exact expected output, not just that output features square brackets.
comid/ueid_test.go
Outdated
| } | ||
| } | ||
|
|
||
| func Test_UEID_Empty(t *testing.T) { |
There was a problem hiding this comment.
| func Test_UEID_Empty(t *testing.T) { | |
| func TestUEID_Empty(t *testing.T) { |
corim/unsignedcorim_test.go
Outdated
| // NOTE: Test skipped because CBOR test files contain PSA-specific types (tag 601) | ||
| // that are now registered only in profiles/psa, not in the base comid package. | ||
| // TODO: Regenerate CBOR test files using generic types (UUID, bytes, etc.) | ||
| t.Skip("Test uses PSA-specific CBOR tags in test data; regenerate with generic types") |
There was a problem hiding this comment.
Instead of skipping, you should update the offending inputs to not include the now-obsolete types (since which just need a valid CoRIM for this, you can replace them with any valid alteranative, e.g. a UUID instead of PSA ImplID).
|
|
||
| var decoded UnsignedCorim | ||
| err = decoded.FromJSON(jsonData) | ||
| assert.NoError(t, err) |
There was a problem hiding this comment.
In addition to making sure that there is no error, you should also check to make sure that decoded is what you expect (i.e. you can do this by comparing some if its fields to the equivalents inside valid)
profiles/psa/implid.go
Outdated
| "github.com/veraison/corim/comid" | ||
| ) | ||
|
|
||
| const ImplIDType = "psa.impl-id" |
There was a problem hiding this comment.
You should be getting rid of this type. The implementation ID should now be represented by TaggedBytes, not a custom type. The addtional validation should be done as on top of the type via the validation methods (which you are already doing).
This also means yo do not need the (broken) factory registration function above.
profiles/psa/psa.go
Outdated
|
|
||
| // TriplesExtensions carries PSA-specific fields and constraints for Triples | ||
| type TriplesExtensions struct { | ||
| PsaSwRelTriples *PsaSwRelTriples `cbor:"5,keyasint,omitempty" json:"psa-swrel-triples,omitempty"` |
There was a problem hiding this comment.
Why is this field necessary? You should not be defining any extension fields -- you just want the extension for its validation methods. (Also, code point 5 clashes with domain-membership-triple-record define by the CoRIM draft).
abhiraj-ku
force-pushed
the
impl-id-sign-id-ver
branch
from
45a470e to
e668332
Compare
comid/classid.go
Outdated
| // The exact encoding is <CLASS_ID_TYPE> dependent. For the base implementation | ||
| // types it is |
There was a problem hiding this comment.
| // The exact encoding is <CLASS_ID_TYPE> dependent. For the base implementation | |
| // types it is | |
| // The exact encoding is <CLASS_ID_TYPE> dependent. |
| tv := MustHexDecode(t, "d90258582061636d652d696d706c656d656e746174696f6e2d69642d303030303030303031") | ||
|
|
||
| expected := b64TestImplID() | ||
| tv := MustHexDecode(t, "d90230582061636d652d696d706c656d656e746174696f6e2d69642d303030303030303031") |
There was a problem hiding this comment.
When the Implementation ID goes in the profile section of the corim repo, then the ImplID based ClassID test should also go their.
comid/example_psa_refval_test.go
Outdated
| @@ -2,150 +2,3 @@ | |||
| // SPDX-License-Identifier: Apache-2.0 | |||
|
|
|||
| package comid | |||
There was a problem hiding this comment.
I think, you forgot to delete the file, but just left a file with package comid.
Please check and delete this file completely.
comid/measurement.go
Outdated
| } | ||
|
|
||
| // IMkeyFactory defines the signature for the factory functions that may be | ||
| // registred using RegisterMkeyType to provide a new implementation of the |
There was a problem hiding this comment.
| // registred using RegisterMkeyType to provide a new implementation of the | |
| // registered using RegisterMkeyType to provide a new implementation of the |
yogeshbdeshpande
left a comment
yogeshbdeshpande
left a comment
There was a problem hiding this comment.
some more comments- will complete the review by end of the day today!!!
corim/example_profile_test.go
Outdated
| // ----- end of profile definition ----- | ||
| // The following code demonstrates how the profile might be used. | ||
|
|
||
| // NOTE: Example_profile_unmarshal has been temporarily disabled because the test |
There was a problem hiding this comment.
Either create a github issue to track this pending work, or make sure you correct this before the submission of this Pull Request. Either way it is fine...
There was a problem hiding this comment.
i think i need to replace PSA-specific types in the yaml test data with generic types(uuid for ex) that don't require separate registration, then regenerate the CBOR test files , right?
Yes essentially the old changes need to be removed and the current newly introduced types need to replace the same and then re-generate the CBOR from yaml files
corim/profiles_test.go
Outdated
| } | ||
|
|
||
| func TestProfileManifest_Marshaling_UnMarshaling(t *testing.T) { | ||
| // NOTE: This test is skipped because it uses test data containing PSA-specific |
There was a problem hiding this comment.
Same comment, either create a new issue to complete the work or ensure this is complete and re-submit for the review!!
yogeshbdeshpande
left a comment
yogeshbdeshpande
left a comment
There was a problem hiding this comment.
Completed review, some comments have been left for you to review.
Rest all Looks Good to me.
Once you complete these minor comments, I will Approve!!!!
yogeshbdeshpande
left a comment
yogeshbdeshpande
left a comment
There was a problem hiding this comment.
see my response!!!
corim/example_profile_test.go
Outdated
| // ----- end of profile definition ----- | ||
| // The following code demonstrates how the profile might be used. | ||
|
|
||
| // NOTE: Example_profile_unmarshal has been temporarily disabled because the test |
There was a problem hiding this comment.
i think i need to replace PSA-specific types in the yaml test data with generic types(uuid for ex) that don't require separate registration, then regenerate the CBOR test files , right?
Yes essentially the old changes need to be removed and the current newly introduced types need to replace the same and then re-generate the CBOR from yaml files
feat(profiles/psa): extract and consolidate PSA logic into profile package Signed-off-by: Abhishek kumar <[email protected]>
abhiraj-ku
force-pushed
the
impl-id-sign-id-ver
branch
from
e668332 to
99eab24
Compare
|
@yogeshbdeshpande please check, i have pushed the changes |
yogeshbdeshpande
left a comment
yogeshbdeshpande
left a comment
There was a problem hiding this comment.
LGTM! I have reviewed the changes and thanks for incorporating comments!
setrofim
left a comment
setrofim
left a comment
There was a problem hiding this comment.
Also minor nit: the "update class-ID tag from 600 to 560 in test fixtures" should be fixed-up into the prior commit. Test updates should be part of the same commit that necessitates them. (the title also lacks the conventional commits category tag)
| @@ -69,16 +54,15 @@ func TestClassID_UnmarshalCBOR_UUID_OK(t *testing.T) { | |||
| } | |||
|
|
|||
| func TestClassID_UnmarshalCBOR_ImplID_OK(t *testing.T) { | |||
There was a problem hiding this comment.
This test should probably re named
| func TestClassID_UnmarshalCBOR_ImplID_OK(t *testing.T) { | |
| func TestClassID_UnmarshalCBOR_bytes_OK(t *testing.T) { |
| @@ -1,9 +1,10 @@ | |||
| // Copyright 2023 Contributors to the Veraison project. | |||
| // Copyright 2026 Contributors to the Veraison project. | |||
There was a problem hiding this comment.
| // Copyright 2026 Contributors to the Veraison project. | |
| // Copyright 2023-2026 Contributors to the Veraison project. |
|
|
||
| // RegisterMkeyFactory registers a new IMKeyValue factory without registering | ||
| // a CBOR tag. Use this when the underlying CBOR tag is already registered. | ||
| func RegisterMkeyFactory(factory IMkeyFactory) error { |
There was a problem hiding this comment.
As stated in the earlier review, this should not exist. Registration of an new extension type must always be accompanied by a tag, otherwise CBOR decoding wont work.
(this should also not be necessary for this pull request, as you should not be registering any new key types).
| @@ -1,4 +1,4 @@ | |||
| // Copyright 2024 Contributors to the Veraison project. | |||
| // Copyright 2026 Contributors to the Veraison project. | |||
There was a problem hiding this comment.
| // Copyright 2026 Contributors to the Veraison project. | |
| // Copyright 2024-2026 Contributors to the Veraison project. |
| @@ -1,4 +1,4 @@ | |||
| // Copyright 2024 Contributors to the Veraison project. | |||
| // Copyright 2026 Contributors to the Veraison project. | |||
There was a problem hiding this comment.
| // Copyright 2026 Contributors to the Veraison project. | |
| // Copyright 2024-2026 Contributors to the Veraison project. |
| if nb := len(t); nb != ImplIDSize { | ||
| return nil, fmt.Errorf("bad psa.impl-id: got %d bytes, want %d", nb, ImplIDSize) | ||
| } | ||
| implIDBytes = make([]byte, ImplIDSize) |
There was a problem hiding this comment.
You don't need to be doing this inside every case -- you can just initialize the implIDBytes once at the beginning of the function, since it's always initialized to a 32-byte buffer, regardless of val
|
|
||
| // Register PSA-specific Mkey type (psa.refval-id) with CBOR tag 601 | ||
| // This registers both the CBOR tag and the factory | ||
| if err := comid.RegisterMkeyType(PSARefValIDTag, NewMkeyPSARefvalID); err != nil { |
There was a problem hiding this comment.
No. You should not be registering a new type here. I'm not sure where you're getting this from?
Section 3.3 of the spec states that the value of the mkey MUST be "psa.software-component", i.e. it's a string (which is one of the standard CoRIM types for mkey) with a specific value. This is something you should be validating as part of your ValidTriples below, but you don't need to be registering a type for it.
| func (o TriplesExtensions) ValidTriples(triples *comid.Triples) error { | ||
| // Validate Reference Values (Section 3.3) | ||
| if triples.ReferenceValues != nil { | ||
| refVals := (*extensions.Collection[comid.ValueTriple, *comid.ValueTriple])(triples.ReferenceValues) |
There was a problem hiding this comment.
This shouldn't be necessary. The for loop can just be for i, refVal := range triples.ReferenceValues.Values {
| } | ||
|
|
||
| // Access the Measurements collection | ||
| measurements := (*extensions.Collection[comid.Measurement, *comid.Measurement])(&refVal.Measurements) |
There was a problem hiding this comment.
again, this is not necessary, you can just directly use refVal.Measurements.Values
There was a problem hiding this comment.
I think you should be able to just completely get rid of this.
4 participants
This PR consolidates PSA logic into the profiles package and removes PSA/CCA-specific COMID types to simplify and generalize the implementation. It reduces profile-specific coupling, and updates test fixtures accordingly, improving maintainability and extensibility for future profiles.