Merge pull request #15 from deeglaze/consistent_product

Change variables to be more consistent with AMD's docs

Author: deeglaze

README.md

@@ -27,7 +27,7 @@ This function creates a file descriptor to the `/dev/sev-guest` device and
 returns an object that has methods encapsulating commands to the device. When
 done, remember to `Close()` the device.
 
-### `func GetExtendedReport(d Device, userData [64]byte) (*pb.Attestation, error)`
+### `func GetExtendedReport(d Device, reportData [64]byte) (*pb.Attestation, error)`
 
 This function takes an object implementing the `Device` interface (e.g., a
 `LinuxDevice`) and returns the protocol buffer representation of the attestation
@@ -91,7 +91,7 @@ This type contains three fields:
     certificate revocation list (CRL) and check for revocations.
 *   `Getter HTTPSGetter`: must be non-`nil` if `CheckRevocations` is true.
 *   `TrustedRoots map[string][]*AMDRootCerts`: if `nil`, uses the library's embedded certificates.
-     Maps a platform name to all allowed root certifications for that platform (e.g., Milan).
+     Maps a product name to all allowed root certifications for that product (e.g., Milan).
 
 The `HTTPSGetter` interface consists of a single method `Get(url string)
 ([]byte, error)` that should return the body of the HTTPS response.
@@ -101,7 +101,7 @@ The `HTTPSGetter` interface consists of a single method `Get(url string)
 
 This type has 6 fields, the first 3 of which are mandatory:
 
-*   `Platform string`: the name of the platform this bundle is for (e.g., `"Milan"`).
+*   `Product string`: the name of the product this bundle is for (e.g., `"Milan"`).
 *   `AskX509 *x509.Certificate`: an X.509 representation of the AMD SEV Signer intermediate key (ASK)'s certificate.
 *   `ArkX509 *x509.Certificate`: an X.509 representation of the AMD SEV Root key (ARK)'s certificate.
 *   `AskSev *abi.AskCert`: if non-`nil`, will cross-check with
@@ -134,7 +134,7 @@ fields of an attestation report.
 
 The fields that either can be skipped or must match the given value exactly are:
 
-*   `UserData` for the `REPORT_DATA` field
+*   `ReportData` for the `REPORT_DATA` field
 *   `HostData` for the `HOST_DATA` field
 *   `ImageID` for the `IMAGE_ID` field
 *   `FamilyID` for the `FAMILY_ID` field

client/client.go

@@ -46,12 +46,12 @@ func message(d Device, command uintptr, req *labi.SnpUserGuestRequest) error {
 
 // GetRawReportAtVmpl requests for an attestation report at the given VMPL that incorporates the
 // given user data.
-func GetRawReportAtVmpl(d Device, userData [64]byte, vmpl int) ([]byte, error) {
+func GetRawReportAtVmpl(d Device, reportData [64]byte, vmpl int) ([]byte, error) {
 	var snpReportRsp labi.SnpReportRespABI
 	userGuestReq := labi.SnpUserGuestRequest{
 		ReqData: &labi.SnpReportReqABI{
-			UserData: userData,
-			Vmpl:     uint32(vmpl),
+			ReportData: reportData,
+			Vmpl:       uint32(vmpl),
 		},
 		RespData: &snpReportRsp,
 	}
@@ -62,35 +62,35 @@ func GetRawReportAtVmpl(d Device, userData [64]byte, vmpl int) ([]byte, error) {
 }
 
 // GetRawReport requests for an attestation report at VMPL0 that incorporates the given user data.
-func GetRawReport(d Device, userData [64]byte) ([]byte, error) {
-	return GetRawReportAtVmpl(d, userData, 0)
+func GetRawReport(d Device, reportData [64]byte) ([]byte, error) {
+	return GetRawReportAtVmpl(d, reportData, 0)
 }
 
 // GetReportAtVmpl gets an attestation report at the given VMPL into its protobuf representation.
-func GetReportAtVmpl(d Device, userData [64]byte, vmpl int) (*pb.Report, error) {
-	data, err := GetRawReportAtVmpl(d, userData, vmpl)
+func GetReportAtVmpl(d Device, reportData [64]byte, vmpl int) (*pb.Report, error) {
+	data, err := GetRawReportAtVmpl(d, reportData, vmpl)
 	if err != nil {
 		return nil, err
 	}
 	return abi.ReportToProto(data)
 }
 
 // GetReport gets an attestation report at VMPL0 into its protobuf representation.
-func GetReport(d Device, userData [64]byte) (*pb.Report, error) {
-	return GetReportAtVmpl(d, userData, 0)
+func GetReport(d Device, reportData [64]byte) (*pb.Report, error) {
+	return GetReportAtVmpl(d, reportData, 0)
 }
 
-// getExtendedReportIn issues a GetExtendedReport command to the sev-guest driver with userData
+// getExtendedReportIn issues a GetExtendedReport command to the sev-guest driver with reportData
 // input and certs as a destination for certificate data. If certs is empty, this function returns
 // the expected size of certs as its second result value. If certs is non-empty, this function
-// returns the signed attestation report containing userData and the certificate chain for the
+// returns the signed attestation report containing reportData and the certificate chain for the
 // report's endorsement key.
-func getExtendedReportIn(d Device, userData [64]byte, vmpl int, certs []byte) ([]byte, uint32, error) {
+func getExtendedReportIn(d Device, reportData [64]byte, vmpl int, certs []byte) ([]byte, uint32, error) {
 	var snpReportRsp labi.SnpReportRespABI
 	snpExtReportReq := labi.SnpExtendedReportReq{
 		Data: labi.SnpReportReqABI{
-			UserData: userData,
-			Vmpl:     uint32(vmpl),
+			ReportData: reportData,
+			Vmpl:       uint32(vmpl),
 		},
 		Certs:       certs,
 		CertsLength: uint32(len(certs)),
@@ -122,13 +122,13 @@ func queryCertificateLength(d Device, vmpl int) (uint32, error) {
 
 // GetRawExtendedReportAtVmpl requests for an attestation report that incorporates the given user
 // data at the given VMPL, and additional key certificate information.
-func GetRawExtendedReportAtVmpl(d Device, userData [64]byte, vmpl int) ([]byte, []byte, error) {
+func GetRawExtendedReportAtVmpl(d Device, reportData [64]byte, vmpl int) ([]byte, []byte, error) {
 	length, err := queryCertificateLength(d, vmpl)
 	if err != nil {
 		return nil, nil, fmt.Errorf("error querying certificate length: %v", err)
 	}
 	certs := make([]byte, length)
-	report, _, err := getExtendedReportIn(d, userData, vmpl, certs)
+	report, _, err := getExtendedReportIn(d, reportData, vmpl, certs)
 	if err != nil {
 		return nil, nil, err
 	}
@@ -137,13 +137,13 @@ func GetRawExtendedReportAtVmpl(d Device, userData [64]byte, vmpl int) ([]byte,
 
 // GetRawExtendedReport requests for an attestation report that incorporates the given user data,
 // and additional key certificate information.
-func GetRawExtendedReport(d Device, userData [64]byte) ([]byte, []byte, error) {
-	return GetRawExtendedReportAtVmpl(d, userData, 0)
+func GetRawExtendedReport(d Device, reportData [64]byte) ([]byte, []byte, error) {
+	return GetRawExtendedReportAtVmpl(d, reportData, 0)
 }
 
 // GetExtendedReportAtVmpl gets an extended attestation report at the given VMPL into a structured type.
-func GetExtendedReportAtVmpl(d Device, userData [64]byte, vmpl int) (*pb.Attestation, error) {
-	reportBytes, certBytes, err := GetRawExtendedReportAtVmpl(d, userData, vmpl)
+func GetExtendedReportAtVmpl(d Device, reportData [64]byte, vmpl int) (*pb.Attestation, error) {
+	reportBytes, certBytes, err := GetRawExtendedReportAtVmpl(d, reportData, vmpl)
 	if err != nil {
 		return nil, err
 	}
@@ -161,8 +161,8 @@ func GetExtendedReportAtVmpl(d Device, userData [64]byte, vmpl int) (*pb.Attesta
 }
 
 // GetExtendedReport gets an extended attestation report at VMPL0 into a structured type.
-func GetExtendedReport(d Device, userData [64]byte) (*pb.Attestation, error) {
-	return GetExtendedReportAtVmpl(d, userData, 0)
+func GetExtendedReport(d Device, reportData [64]byte) (*pb.Attestation, error) {
+	return GetExtendedReportAtVmpl(d, reportData, 0)
 }
 
 // GuestFieldSelect represents which guest-provided information will be mixed into a derived key.

client/linuxabi/linux_abi.go

@@ -108,8 +108,8 @@ func (err SevEsErr) Error() string {
 // SnpReportReqABI is Linux's sev-guest ioctl abi for sending a GET_REPORT request. See
 // include/uapi/linux/sev-guest.h
 type SnpReportReqABI struct {
-	// UserData to be included in the report
-	UserData [64]uint8
+	// ReportData to be included in the report
+	ReportData [64]uint8
 
 	// Vmpl is the SEV-SNP VMPL level to be included in the report.
 	// The kernel must have access to the corresponding VMPCK.

kds/kds.go

@@ -339,9 +339,9 @@ func VcekCertificateExtensions(cert *x509.Certificate) (*VcekExtensions, error)
 	return extensions, nil
 }
 
-// ParsePlatformCertChain returns the DER-formatted certificates represented by the body
-// of the PlatformCertChain (cert_chain) endpoint, ASK and ARK in that order.
-func ParsePlatformCertChain(pems []byte) ([]byte, []byte, error) {
+// ParseProductCertChain returns the DER-formatted certificates represented by the body
+// of the ProductCertChain (cert_chain) endpoint, ASK and ARK in that order.
+func ParseProductCertChain(pems []byte) ([]byte, []byte, error) {
 	checkForm := func(name string, b *pem.Block) error {
 		if b == nil {
 			return fmt.Errorf("could not find %s PEM block", name)
@@ -365,23 +365,23 @@ func ParsePlatformCertChain(pems []byte) ([]byte, []byte, error) {
 	return askBlock.Bytes, arkBlock.Bytes, nil
 }
 
-// platformBaseURL returns the base URL for all certificate queries within a particular platform.
-func platformBaseURL(name string) string {
+// productBaseURL returns the base URL for all certificate queries within a particular product.
+func productBaseURL(name string) string {
 	return fmt.Sprintf("%s/vcek/v1/%s", kdsBaseURL, name)
 }
 
-// PlatformCertChainURL returns the AMD KDS URL for retrieving the ARK and ASK
-// certificates on the given platform in PEM format.
-func PlatformCertChainURL(platform string) string {
-	return fmt.Sprintf("%s/cert_chain", platformBaseURL(platform))
+// ProductCertChainURL returns the AMD KDS URL for retrieving the ARK and ASK
+// certificates on the given product in PEM format.
+func ProductCertChainURL(product string) string {
+	return fmt.Sprintf("%s/cert_chain", productBaseURL(product))
 }
 
-// VCEKCertURL returns the AMD KDS URL for retrieving the VCEK on a given platform
+// VCEKCertURL returns the AMD KDS URL for retrieving the VCEK on a given product
 // at a given TCB version. The hwid is the CHIP_ID field in an attestation report.
-func VCEKCertURL(platform string, hwid []byte, tcb TCBVersion) string {
+func VCEKCertURL(product string, hwid []byte, tcb TCBVersion) string {
 	parts := DecomposeTCBVersion(tcb)
 	return fmt.Sprintf("%s/%s?blSPL=%d&teeSPL=%d&snpSPL=%d&ucodeSPL=%d",
-		platformBaseURL(platform),
+		productBaseURL(product),
 		hex.EncodeToString(hwid),
 		parts.BlSpl,
 		parts.TeeSpl,

testing/mocks.go

@@ -32,11 +32,11 @@ type GetReportResponse struct {
 
 // Device represents a sev-guest driver implementation with pre-programmed responses to commands.
 type Device struct {
-	isOpen      bool
-	UserDataRsp map[string]interface{}
-	Keys        map[string][]byte
-	Certs       []byte
-	Signer      *AmdSigner
+	isOpen        bool
+	ReportDataRsp map[string]interface{}
+	Keys          map[string][]byte
+	Certs         []byte
+	Signer        *AmdSigner
 }
 
 // Open changes the mock device's state to open.
@@ -58,9 +58,9 @@ func (d *Device) Close() error {
 }
 
 func (d *Device) getReport(req *labi.SnpReportReqABI, rsp *labi.SnpReportRespABI, fwErr *uint64) (uintptr, error) {
-	mockRspI, ok := d.UserDataRsp[hex.EncodeToString(req.UserData[:])]
+	mockRspI, ok := d.ReportDataRsp[hex.EncodeToString(req.ReportData[:])]
 	if !ok {
-		return 0, fmt.Errorf("test error: no response for %v", req.UserData)
+		return 0, fmt.Errorf("test error: no response for %v", req.ReportData)
 	}
 	mockRsp, ok := mockRspI.(*GetReportResponse)
 	if !ok {

testing/test_cases.go

@@ -24,10 +24,10 @@ import (
 	labi "github.com/google/go-sev-guest/client/linuxabi"
 )
 
-// userZeros defines a UserData example that is all zeros
+// userZeros defines a ReportData example that is all zeros
 var userZeros [64]byte
 
-// userZeros1 defines a UserData example that is all zeros except the last byte is 1.
+// userZeros1 defines a ReportData example that is all zeros except the last byte is 1.
 var userZeros1 = [64]byte{
 	0, 0, 0, 0, 0, 0, 0, 0,
 	0, 0, 0, 0, 0, 0, 0, 0,
@@ -38,7 +38,7 @@ var userZeros1 = [64]byte{
 	0, 0, 0, 0, 0, 0, 0, 0,
 	0, 0, 0, 0, 0, 0, 0, 1}
 
-// userZeros11 defines a UserData example that is all zeros except the last 2 bytes are both 1.
+// userZeros11 defines a ReportData example that is all zeros except the last 2 bytes are both 1.
 var userZeros11 = [64]byte{
 	0, 0, 0, 0, 0, 0, 0, 0,
 	0, 0, 0, 0, 0, 0, 0, 0,
@@ -91,15 +91,15 @@ var oneReport = `
 // We can't sign the report with AMD keys, and verification isn't the client's responsibility, so
 // we keep the signature zeros.
 // Similarly, we leave the randomly-generated fields zero.
-func TestRawReport(userData [64]byte) [labi.SnpReportRespReportSize]byte {
+func TestRawReport(reportData [64]byte) [labi.SnpReportRespReportSize]byte {
 	var r [labi.SnpReportRespReportSize]byte
 	// Set Version to 2
 	binary.LittleEndian.PutUint32(r[0x00:0x04], 2)
 	binary.LittleEndian.PutUint64(r[0x08:0x10], abi.SnpPolicyToBytes(abi.SnpPolicy{Debug: true}))
 	// Signature algorithm ECC P-384 with SHA-384 is encoded as 1.
 	binary.LittleEndian.PutUint32(r[0x34:0x38], 1)
 	// Place user data in its report location.
-	copy(r[0x50:0x90], userData[:])
+	copy(r[0x50:0x90], reportData[:])
 	return r
 }
 
@@ -178,9 +178,9 @@ func TcDevice(tcs []TestCase, opts *DeviceOptions) (*Device, error) {
 		}
 	}
 	return &Device{
-		UserDataRsp: responses,
-		Certs:       certs,
-		Signer:      signer,
-		Keys:        opts.Keys,
+		ReportDataRsp: responses,
+		Certs:         certs,
+		Signer:        signer,
+		Keys:          opts.Keys,
 	}, nil
 }

validate/validate.go

@@ -34,8 +34,8 @@ import (
 type Options struct {
 	// GuestPolicy is the maximum of acceptable guest policies.
 	GuestPolicy abi.SnpPolicy
-	// UserData is the expected REPORT_DATA field. Must be nil or 64 bytes long. Not checked if nil.
-	UserData []byte
+	// ReportData is the expected REPORT_DATA field. Must be nil or 64 bytes long. Not checked if nil.
+	ReportData []byte
 	// HostData is the expected HOST_DATA field. Must be nil or 32 bytes long. Not checked if nil.
 	HostData []byte
 	// ImageID is the expected IMAGE_ID field. Must be nil or 16 bytes long. Not checked if nil.
@@ -139,7 +139,7 @@ func validateByteField(option, field string, size int, given, required []byte) e
 
 func validateVerbatimFields(report *spb.Report, options *Options) error {
 	return multierr.Combine(
-		validateByteField("UserData", "REPORT_DATA", abi.ReportDataSize, report.GetReportData(), options.UserData),
+		validateByteField("ReportData", "REPORT_DATA", abi.ReportDataSize, report.GetReportData(), options.ReportData),
 		validateByteField("HostData", "HOST_DATA", abi.HostDataSize, report.GetHostData(), options.HostData),
 		validateByteField("FamilyID", "FAMILY_ID", abi.FamilyIDSize, report.GetFamilyId(), options.FamilyID),
 		validateByteField("ImageID", "IMAGE_ID", abi.ImageIDSize, report.GetImageId(), options.ImageID),