diff --git a/verification/client/abi.go b/verification/client/abi.go index 6021c3e6..1e50f09d 100644 --- a/verification/client/abi.go +++ b/verification/client/abi.go @@ -275,10 +275,10 @@ type DPEABI[CurveParameter Curve, Digest DigestAlgorithm, Cert DPECertificate] s Flags uint32 } -// DPEABI256 is a client that implements DPE_PROFILE_IROT_P256_SHA256 +// DPEABI256Min is a client that implements DPE_PROFILE_IROT_P256_SHA256 type DPEABI256Min = DPEABI[NISTP256Parameter, SHA256Digest, DPEMinCertificate] -// DPEABI384 is a client that implements DPE_PROFILE_IROT_P384_SHA384 +// DPEABI384Min is a client that implements DPE_PROFILE_IROT_P384_SHA384 type DPEABI384Min = DPEABI[NISTP384Parameter, SHA384Digest, DPEMinCertificate] // DPEABI256 is a client that implements DPE_PROFILE_IROT_P256_SHA256 @@ -555,7 +555,7 @@ func (c *DPEABI[_, Digest, DPECertificate]) DeriveContextABI(cmd *DeriveContextR } } -// RotateContextHandleABI calls DPE RotateContextHandle command. +// RotateContextABI calls DPE RotateContextHandle command. func (c *DPEABI[_, Digest, _]) RotateContextABI(cmd *RotateContextHandleCmd) (*RotatedContextHandle, error) { var respStruct RotatedContextHandle diff --git a/verification/client/profile.go b/verification/client/profile.go index f03bfdde..78511872 100644 --- a/verification/client/profile.go +++ b/verification/client/profile.go @@ -11,13 +11,13 @@ import ( type Profile uint32 const ( - // ProfileIrotMinP256SHA256 is NIST P-256, SHA-256 "minimal profile" + // ProfileMinP256SHA256 is NIST P-256, SHA-256 "minimal profile" ProfileMinP256SHA256 Profile = 1 - // ProfileIrotMinP384SHA384 is NIST P-384, SHA-384 "minimal" profile + // ProfileMinP384SHA384 is NIST P-384, SHA-384 "minimal" profile ProfileMinP384SHA384 Profile = 2 - // ProfileIrotMinP256SHA256 is NIST P-256, SHA-256 "minimal profile" + // ProfileP256SHA256 is NIST P-256, SHA-256 "minimal profile" ProfileP256SHA256 Profile = 3 - // ProfileIrotP384SHA384 is NIST P-384, SHA-384 "minimal" profile + // ProfileP384SHA384 is NIST P-384, SHA-384 "minimal" profile ProfileP384SHA384 Profile = 4 ) @@ -72,6 +72,7 @@ type Curve interface { Bytes() []byte } +// CurveIntLen returns the length of the curve. func CurveIntLen[C Curve]() int { return reflect.TypeOf((*C)(nil)).Elem().Len() } @@ -105,12 +106,14 @@ type DPEMinCertificate [2046]byte // DPEFullCertificate represents a certificate for the DPE full iRoT profiles type DPEFullCertificate [6144]byte +// DPECertificate is a type constraint for DPE certificates. type DPECertificate interface { DPEMinCertificate | DPEFullCertificate Bytes() []byte } +// CertLen returns the length of the certificate. func CertLen[C DPECertificate]() int { return reflect.TypeOf((*C)(nil)).Elem().Len() } @@ -125,6 +128,7 @@ func (c DPEFullCertificate) Bytes() []byte { return c[:] } +// NewDigest creates a new digest value from a byte slice. func NewDigest[D DigestAlgorithm](b []byte) (D, error) { var d D switch tmp := any(&d).(type) { @@ -139,6 +143,7 @@ func NewDigest[D DigestAlgorithm](b []byte) (D, error) { return d, nil } +// DigestLen returns the length of the digest. func DigestLen[D DigestAlgorithm]() int { return reflect.TypeOf((*D)(nil)).Elem().Len() } diff --git a/verification/sim/transport.go b/verification/sim/transport.go index 3aaf51a5..b9417787 100644 --- a/verification/sim/transport.go +++ b/verification/sim/transport.go @@ -43,6 +43,7 @@ type DpeSimulator struct { client.Transport } +// NewSimulator creates a new DpeSimulator instance. func NewSimulator(exe string, support client.Support) DpeSimulator { return DpeSimulator{exePath: exe, supports: support} } diff --git a/verification/testing/certifyKey.go b/verification/testing/certifyKey.go index 56adb61b..15c27097 100644 --- a/verification/testing/certifyKey.go +++ b/verification/testing/certifyKey.go @@ -132,7 +132,7 @@ func TestCertifyKeySimulation(d client.TestDPEInstance, c client.DPEClient, t *t testCertifyKey(d, c, t, true) } -// Testclient.CertifyKeyCsr tests calling CeritifyKey with type = CSR +// TestCertifyKeyCsr tests calling CeritifyKey with type = CSR func TestCertifyKeyCsr(d client.TestDPEInstance, c client.DPEClient, t *testing.T) { ctx := getInitialContextHandle(d, c, t, false) diff --git a/verification/testing/deriveContext.go b/verification/testing/deriveContext.go index b5b84eb1..e583c758 100644 --- a/verification/testing/deriveContext.go +++ b/verification/testing/deriveContext.go @@ -14,6 +14,7 @@ import ( "github.com/chipsalliance/caliptra-dpe/verification/client" ) +// TestDeriveContext tests calling DeriveContext with different arguments. func TestDeriveContext(d client.TestDPEInstance, c client.DPEClient, t *testing.T) { var resp *client.DeriveContextResp @@ -73,6 +74,7 @@ func TestDeriveContext(d client.TestDPEInstance, c client.DPEClient, t *testing. handle = &resp.NewContextHandle } +// TestDeriveContextCdiExport tests calling DeriveContext with CdiExport flag set. func TestDeriveContextCdiExport(d client.TestDPEInstance, c client.DPEClient, t *testing.T) { var resp *client.DeriveContextResp @@ -125,7 +127,7 @@ func TestDeriveContextCdiExport(d client.TestDPEInstance, c client.DPEClient, t validateLeafCertChain(t, certChain, leafCert) } -// Validates DerivedChild command with ChangeLocality flag. +// TestChangeLocality validates DerivedChild command with ChangeLocality flag. func TestChangeLocality(d client.TestDPEInstance, c client.DPEClient, t *testing.T) { if !d.HasLocalityControl() { t.Skip("WARNING: DPE target does not have control over locality. Skipping this test...") @@ -169,7 +171,7 @@ func TestChangeLocality(d client.TestDPEInstance, c client.DPEClient, t *testing d.SetLocality(prevLocality) } -// Checks whether the DeriveContext input flags - InternalDiceInfo, InternalInputInfo are supported +// TestInternalInputFlags checks whether the DeriveContext input flags - InternalDiceInfo, InternalInputInfo are supported // while creating child contexts when these features are supported in DPE profile. func TestInternalInputFlags(d client.TestDPEInstance, c client.DPEClient, t *testing.T) { var resp *client.DeriveContextResp @@ -206,7 +208,7 @@ func TestInternalInputFlags(d client.TestDPEInstance, c client.DPEClient, t *tes } } -// Checks the privilege escalation of child +// TestPrivilegesEscalation checks the privilege escalation of child // When commands try to make use of features that are unsupported by child context, they fail. func TestPrivilegesEscalation(d client.TestDPEInstance, c client.DPEClient, t *testing.T) { var err error @@ -251,7 +253,7 @@ func TestPrivilegesEscalation(d client.TestDPEInstance, c client.DPEClient, t *t } } -// Checks whether the number of derived contexts (TCI nodes) are limited by MAX_TCI_NODES attribute of the profile +// TestMaxTCIs Checks whether the number of derived contexts (TCI nodes) are limited by MAX_TCI_NODES attribute of the profile func TestMaxTCIs(d client.TestDPEInstance, c client.DPEClient, t *testing.T) { var resp *client.DeriveContextResp @@ -303,6 +305,7 @@ func TestMaxTCIs(d client.TestDPEInstance, c client.DPEClient, t *testing.T) { } } +// TestDeriveContextSimulation tests calling DeriveContext in simulation context func TestDeriveContextSimulation(d client.TestDPEInstance, c client.DPEClient, t *testing.T) { if !d.HasLocalityControl() { t.Skip("WARNING: DPE target does not have control over locality, DeriveContext in Simulation mode cannot be tested without this support. Skipping this test...") diff --git a/verification/testing/verification.go b/verification/testing/verification.go index cedbe9b2..e7ead54d 100644 --- a/verification/testing/verification.go +++ b/verification/testing/verification.go @@ -42,7 +42,7 @@ var CertifyKeyTestCase = TestCase{ "CertifyKey", TestCertifyKey, []string{"AutoInit", "X509"}, } -// client.CertifyKeyCsrTestCase tests CertifyKey with type = CSR +// CertifyKeyCsrTestCase tests CertifyKey with type = CSR var CertifyKeyCsrTestCase = TestCase{ "CertifyKeyCsr", TestCertifyKeyCsr, []string{"AutoInit", "Csr"}, } @@ -112,7 +112,7 @@ var DeriveContextTestCase = TestCase{ "DeriveContext", TestDeriveContext, []string{"AutoInit", "RetainParentContext"}, } -// TestDeriveContextCdiExport tests DeriveContext +// TestDeriveContextCdiExportTestCase tests DeriveContext var TestDeriveContextCdiExportTestCase = TestCase{ "DeriveContextCdiExport", TestDeriveContextCdiExport, []string{"CdiExport"}, } @@ -170,6 +170,7 @@ var AllTestCases = []TestCase{ WrongLocalityTestCase, } +// IrreversibleTestCases contains test cases that are not reversible. var IrreversibleTestCases = []TestCase{ DeriveContextTestCase, DeriveContextLocalityTestCase,