Add attester-specific option support to MockTSM

MockTSM now takes the support of options, only privilege_level is
supported at this time. The schema is defined as the following:

mocktsm:{"privilege_level": "$level"}. Replace $level with number 0-3

Signed-off-by: Ian Chin Wang <[email protected]>

Author: cowbon

attesters/mocktsm/mocktsm.go

@@ -3,7 +3,9 @@
 package mocktsm
 
 import (
+	"encoding/json"
 	"fmt"
+	"strconv"
 
 	"github.com/google/go-configfs-tsm/configfs/configfsi"
 	"github.com/google/go-configfs-tsm/configfs/faketsm"
@@ -77,6 +79,25 @@ func (m *MockPlugin) GetEvidence(in *compositor.EvidenceIn) *compositor.Evidence
 		GetAuxBlob: true,
 	}
 
+	options := make(map[string]string)
+	if len(in.Options) > 0 {
+		if err := json.Unmarshal(in.Options, &options); err != nil {
+			errMsg := fmt.Errorf(
+				"failed to parse %s: %v", in.Options, err)
+			return getEvidenceError(errMsg)
+		}
+	}
+
+	if privlevel, ok := options["privilege_level"]; ok {
+		level, err := strconv.Atoi(privlevel)
+		if err != nil || level < 0 {
+			errMsg := fmt.Errorf("privilege_level %s is invalid",
+			privlevel)
+			return getEvidenceError(errMsg)
+		}
+		req.Privilege = &report.Privilege{Level: uint(level)}
+	}
+
 	resp, err := report.Get(m.client, req)
 	if err != nil {
 		errMsg := fmt.Errorf("failed to get mock TSM report: %v", err)

attesters/mocktsm/mocktsm_test.go

@@ -74,7 +74,7 @@ func Test_GetEvidence_invalid_format(t *testing.T) {
 	assert.Equal(t, expected, p.GetEvidence(in))
 }
 
-func Test_GetEvidence(t *testing.T) {
+func Test_GetEvidence_No_Options(t *testing.T) {
 	inblob := []byte(validNonceStr)
 	in := &compositor.EvidenceIn{
 		ContentType: string(mediaType),
@@ -97,3 +97,58 @@ func Test_GetEvidence(t *testing.T) {
 
 	assert.Equal(t, expected, p.GetEvidence(in))
 }
+
+func TestGetEvidence_With_Invalid_Options(t *testing.T) {
+	tests := []struct{name, params, msg string} {
+		{"privilege level not integer", `{"privilege_level": "invalid"}`,
+		"privilege_level invalid is invalid"},
+		{"privilege level less than zero", `{"privilege_level": "-20"}`,
+		"privilege_level -20 is invalid"},
+		{"invalid json", `{"privilege_level"}`,
+		`failed to parse {"privilege_level"}: invalid character '}' after object key`},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			inblob := []byte(validNonceStr)
+			in := &compositor.EvidenceIn{
+				ContentType: string(mediaType),
+				Nonce:       inblob,
+				Options:     []byte(tt.params),
+			}
+
+			expected := &compositor.EvidenceOut{
+				Status: &compositor.Status{
+					Result: false,
+					Error:  tt.msg,
+				},
+			}
+
+			assert.Equal(t, expected, p.GetEvidence(in))
+		})
+	}
+}
+
+func Test_GetEvidence_With_Valid_Privilege_level(t *testing.T) {
+	inblob := []byte(validNonceStr)
+	in := &compositor.EvidenceIn{
+		ContentType: string(mediaType),
+		Nonce:       inblob,
+		Options:     []byte(`{"privilege_level": "1"}`),
+	}
+
+	expectedOutblob := fmt.Sprintf("privlevel: 1\ninblob: %s", hex.EncodeToString(inblob))
+	out := &tokens.TSMReport {
+		Provider: "fake\n",
+		OutBlob:  []byte(expectedOutblob),
+		AuxBlob:  []byte("auxblob"),
+	}
+
+	outEncoded, _ := out.ToJSON()
+
+	expected := &compositor.EvidenceOut{
+		Status:   statusSucceeded,
+		Evidence: outEncoded,
+	}
+
+	assert.Equal(t, expected, p.GetEvidence(in))
+}