From 8f32fbc0bce13c025c1b64395745c5fc92271266 Mon Sep 17 00:00:00 2001 From: Samuele Pedroni Date: Mon, 20 Apr 2020 09:26:18 +0200 Subject: [PATCH 1/3] Expect ModelGrade.Code to be measured asserts.ModelGrade is growing a Code method to give us a fixed size bit representation convenient for measuring, expect the use of that drive-by: make the series values in the tests more realistic --- snapmodel_policy.go | 37 +++----------------------- snapmodel_policy_test.go | 56 ++++++++++++++++++++-------------------- 2 files changed, 31 insertions(+), 62 deletions(-) diff --git a/snapmodel_policy.go b/snapmodel_policy.go index 459a266f..0249e157 100644 --- a/snapmodel_policy.go +++ b/snapmodel_policy.go @@ -23,7 +23,6 @@ import ( "encoding/base64" "encoding/binary" "errors" - "fmt" "github.com/canonical/go-tpm2" "github.com/snapcore/snapd/asserts" @@ -31,28 +30,6 @@ import ( "golang.org/x/xerrors" ) -const ( - modelGradeUnset uint8 = iota - modelGradeSecured - modelGradeSigned - modelGradeDangerous -) - -func modelGradeEnum(grade asserts.ModelGrade) (uint8, error) { - switch grade { - case asserts.ModelGradeUnset: - return modelGradeUnset, nil - case asserts.ModelSecured: - return modelGradeSecured, nil - case asserts.ModelSigned: - return modelGradeSigned, nil - case asserts.ModelDangerous: - return modelGradeDangerous, nil - default: - return modelGradeUnset, fmt.Errorf("unknown grade: %v", grade) - } -} - // SnapModelProfileParams provides the parameters to AddSnapModelProfile. type SnapModelProfileParams struct { // PCRAlgorithm is the algorithm for which to compute PCR digests for. TPMs compliant with the "TCG PC Client Platform TPM Profile @@ -80,12 +57,8 @@ type SnapModelProfileParams struct { // digest2 = H(digest1 || model) // digestModel = H(digest2 || series || grade) // The signing key digest algorithm is encoded in little-endian format, and the sign-key-sha3-384 field is hashed in decoded (binary) -// form. The brand-id, model and series fields are hashed without null terminators. The grade field is encoded as a single byte with -// the following conversion: -// "unset": 0 -// "secured": 1 -// "signed": 2 -// "dangerous": 3 +// form. The brand-id, model and series fields are hashed without null terminators. The grade field is encoded as the 32 bits from asserts.ModelGrade.Code. +// // Separate extend operations are used because brand-id, model and series are variable length. // // The PCR index that snap-bootstrap measures the model to can be specified via the PCRIndex field of params. @@ -124,14 +97,10 @@ func AddSnapModelProfile(profile *PCRProtectionProfile, params *SnapModelProfile h.Write([]byte(model.Model())) digest = h.Sum(nil) - grade, err := modelGradeEnum(model.Grade()) - if err != nil { - return xerrors.Errorf("cannot detemine grade of model: %w", err) - } h = params.PCRAlgorithm.NewHash() h.Write(digest) h.Write([]byte(model.Series())) - h.Write([]byte{grade}) + binary.Write(h, binary.LittleEndian, model.Grade().Code()) subProfiles = append(subProfiles, NewPCRProtectionProfile().ExtendPCR(params.PCRAlgorithm, params.PCRIndex, h.Sum(nil))) } diff --git a/snapmodel_policy_test.go b/snapmodel_policy_test.go index 402103c0..dd5dfb19 100644 --- a/snapmodel_policy_test.go +++ b/snapmodel_policy_test.go @@ -95,7 +95,7 @@ func (s *snapModelProfileTest) TestAddSnapModelProfile1(c *C) { Models: []*asserts.Model{ s.makeMockCore20ModelAssertion(c, map[string]interface{}{ "authority-id": "fake-brand", - "series": "20", + "series": "16", "brand-id": "fake-brand", "model": "fake-model", "grade": "secured", @@ -105,7 +105,7 @@ func (s *snapModelProfileTest) TestAddSnapModelProfile1(c *C) { values: []tpm2.PCRValues{ { tpm2.HashAlgorithmSHA256: { - 12: decodeHexString(c, "c97cc440a039c990927565d6818f6f23734bbeed2951ed5d7bf1bd5ec5b04e8c"), + 12: decodeHexString(c, "bd7851fd994a7f899364dbc96a95dffeaa250cd7ea33b4b6c313866169e779bc"), }, }, }, @@ -121,7 +121,7 @@ func (s *snapModelProfileTest) TestAddSnapModelProfile2(c *C) { Models: []*asserts.Model{ s.makeMockCore20ModelAssertion(c, map[string]interface{}{ "authority-id": "fake-brand", - "series": "20", + "series": "16", "brand-id": "fake-brand", "model": "fake-model", "grade": "secured", @@ -131,7 +131,7 @@ func (s *snapModelProfileTest) TestAddSnapModelProfile2(c *C) { values: []tpm2.PCRValues{ { tpm2.HashAlgorithmSHA256: { - 12: decodeHexString(c, "7712e7ef0dfff33588e0157d88c0400d5029e1293d05d4975ab88279f4ce6266"), + 12: decodeHexString(c, "df0c79fd31951f47b547a2914427159d52a870ed368a9dfd29fc08f28c341b6d"), }, }, }, @@ -147,7 +147,7 @@ func (s *snapModelProfileTest) TestAddSnapModelProfile3(c *C) { Models: []*asserts.Model{ s.makeMockCore20ModelAssertion(c, map[string]interface{}{ "authority-id": "other-brand", - "series": "20", + "series": "16", "brand-id": "other-brand", "model": "fake-model", "grade": "secured", @@ -157,7 +157,7 @@ func (s *snapModelProfileTest) TestAddSnapModelProfile3(c *C) { values: []tpm2.PCRValues{ { tpm2.HashAlgorithmSHA256: { - 12: decodeHexString(c, "bdf8ad6741193f3e99cfb4cf0588d06f57a095746b7844a9245857c83829ab08"), + 12: decodeHexString(c, "d2fd13d3097d7cf75c8f14f790f6a41e27e8925664b2324e73a749aa30971594"), }, }, }, @@ -173,7 +173,7 @@ func (s *snapModelProfileTest) TestAddSnapModelProfile4(c *C) { Models: []*asserts.Model{ s.makeMockCore20ModelAssertion(c, map[string]interface{}{ "authority-id": "fake-brand", - "series": "20", + "series": "16", "brand-id": "fake-brand", "model": "other-model", "grade": "secured", @@ -183,7 +183,7 @@ func (s *snapModelProfileTest) TestAddSnapModelProfile4(c *C) { values: []tpm2.PCRValues{ { tpm2.HashAlgorithmSHA256: { - 12: decodeHexString(c, "cd497d89f48ae1329f8a4b1fe7ddedaaf52f370c4f1dc8e631efd73be2663f41"), + 12: decodeHexString(c, "7135fd41c92f097075cc21eefd6797498544fd329b3bf996654885ebf83bb2de"), }, }, }, @@ -199,7 +199,7 @@ func (s *snapModelProfileTest) TestAddSnapModelProfile5(c *C) { Models: []*asserts.Model{ s.makeMockCore20ModelAssertion(c, map[string]interface{}{ "authority-id": "fake-brand", - "series": "18", + "series": "28", "brand-id": "fake-brand", "model": "fake-model", "grade": "secured", @@ -209,7 +209,7 @@ func (s *snapModelProfileTest) TestAddSnapModelProfile5(c *C) { values: []tpm2.PCRValues{ { tpm2.HashAlgorithmSHA256: { - 12: decodeHexString(c, "6ab237c7d0855618765533137849477a759453e9a89c39f90ad23f5604aef601"), + 12: decodeHexString(c, "62242d713e406f862ca35be37777b6932bfdcd8b766a99ce408c8c3bce68b2fe"), }, }, }, @@ -225,7 +225,7 @@ func (s *snapModelProfileTest) TestAddSnapModelProfile6(c *C) { Models: []*asserts.Model{ s.makeMockCore20ModelAssertion(c, map[string]interface{}{ "authority-id": "fake-brand", - "series": "20", + "series": "16", "brand-id": "fake-brand", "model": "fake-model", "grade": "secured", @@ -235,7 +235,7 @@ func (s *snapModelProfileTest) TestAddSnapModelProfile6(c *C) { values: []tpm2.PCRValues{ { tpm2.HashAlgorithmSHA1: { - 12: decodeHexString(c, "cbb043790386b031b5e40c3aa46b65479159f0a1"), + 12: decodeHexString(c, "aa6839aca24500a572aea54bf5b23912abf8ed42"), }, }, }, @@ -251,7 +251,7 @@ func (s *snapModelProfileTest) TestAddSnapModelProfile7(c *C) { Models: []*asserts.Model{ s.makeMockCore20ModelAssertion(c, map[string]interface{}{ "authority-id": "fake-brand", - "series": "20", + "series": "16", "brand-id": "fake-brand", "model": "fake-model", "grade": "secured", @@ -261,7 +261,7 @@ func (s *snapModelProfileTest) TestAddSnapModelProfile7(c *C) { values: []tpm2.PCRValues{ { tpm2.HashAlgorithmSHA256: { - 14: decodeHexString(c, "c97cc440a039c990927565d6818f6f23734bbeed2951ed5d7bf1bd5ec5b04e8c"), + 14: decodeHexString(c, "bd7851fd994a7f899364dbc96a95dffeaa250cd7ea33b4b6c313866169e779bc"), }, }, }, @@ -277,14 +277,14 @@ func (s *snapModelProfileTest) TestAddSnapModelProfile8(c *C) { Models: []*asserts.Model{ s.makeMockCore20ModelAssertion(c, map[string]interface{}{ "authority-id": "fake-brand", - "series": "20", + "series": "16", "brand-id": "fake-brand", "model": "fake-model", "grade": "secured", }, "Jv8_JiHiIzJVcO9M55pPdqSDWUvuhfDIBJUS-3VW7F_idjix7Ffn5qMxB21ZQuij"), s.makeMockCore20ModelAssertion(c, map[string]interface{}{ "authority-id": "fake-brand", - "series": "20", + "series": "16", "brand-id": "fake-brand", "model": "other-model", "grade": "secured", @@ -294,12 +294,12 @@ func (s *snapModelProfileTest) TestAddSnapModelProfile8(c *C) { values: []tpm2.PCRValues{ { tpm2.HashAlgorithmSHA256: { - 12: decodeHexString(c, "c97cc440a039c990927565d6818f6f23734bbeed2951ed5d7bf1bd5ec5b04e8c"), + 12: decodeHexString(c, "bd7851fd994a7f899364dbc96a95dffeaa250cd7ea33b4b6c313866169e779bc"), }, }, { tpm2.HashAlgorithmSHA256: { - 12: decodeHexString(c, "cd497d89f48ae1329f8a4b1fe7ddedaaf52f370c4f1dc8e631efd73be2663f41"), + 12: decodeHexString(c, "7135fd41c92f097075cc21eefd6797498544fd329b3bf996654885ebf83bb2de"), }, }, }, @@ -318,14 +318,14 @@ func (s *snapModelProfileTest) TestAddSnapModelProfile9(c *C) { Models: []*asserts.Model{ s.makeMockCore20ModelAssertion(c, map[string]interface{}{ "authority-id": "fake-brand", - "series": "20", + "series": "16", "brand-id": "fake-brand", "model": "fake-model", "grade": "secured", }, "Jv8_JiHiIzJVcO9M55pPdqSDWUvuhfDIBJUS-3VW7F_idjix7Ffn5qMxB21ZQuij"), s.makeMockCore20ModelAssertion(c, map[string]interface{}{ "authority-id": "fake-brand", - "series": "20", + "series": "16", "brand-id": "fake-brand", "model": "other-model", "grade": "secured", @@ -336,13 +336,13 @@ func (s *snapModelProfileTest) TestAddSnapModelProfile9(c *C) { { tpm2.HashAlgorithmSHA256: { 7: makePCRDigestFromEvents(tpm2.HashAlgorithmSHA256, "foo"), - 12: decodeHexString(c, "5d49397e8137997214ec3b32fb0632c207b76b30e8b2595aaca7006ddb49ab65"), + 12: decodeHexString(c, "3089d679b1cda31c76fe57e6cf0c3eb35c221acde76a678c3c4771ee9b99a8c9"), }, }, { tpm2.HashAlgorithmSHA256: { 7: makePCRDigestFromEvents(tpm2.HashAlgorithmSHA256, "foo"), - 12: decodeHexString(c, "81723abe417d707e308dab720ecb00ae543931993175851d7356d46cecd46fef"), + 12: decodeHexString(c, "cb7a1cf1afbc73e0e4348f771cf7475e7ec278549af042e2617e717ca38d3416"), }, }, }, @@ -350,8 +350,8 @@ func (s *snapModelProfileTest) TestAddSnapModelProfile9(c *C) { } func (s *snapModelProfileTest) TestAddSnapModelProfile10(c *C) { - // Test that there aren't contatenation issues with brand-id/model/series - ie, "fake-brand,fake-model,20" should - // be different to "fake-bran,dfake-mode,l20". + // Test that there aren't contatenation issues with brand-id/model/series - ie, "fake-brand,fake-model,16" should + // be different to "fake-bran,dfake-mode,l16". s.testAddSnapModelProfile(c, &testAddSnapModelProfileData{ params: &SnapModelProfileParams{ PCRAlgorithm: tpm2.HashAlgorithmSHA256, @@ -359,7 +359,7 @@ func (s *snapModelProfileTest) TestAddSnapModelProfile10(c *C) { Models: []*asserts.Model{ s.makeMockCore20ModelAssertion(c, map[string]interface{}{ "authority-id": "fake-bran", - "series": "l20", + "series": "l16", "brand-id": "fake-bran", "model": "dfake-model", "grade": "secured", @@ -369,7 +369,7 @@ func (s *snapModelProfileTest) TestAddSnapModelProfile10(c *C) { values: []tpm2.PCRValues{ { tpm2.HashAlgorithmSHA256: { - 12: decodeHexString(c, "28f90b2f338afc3064cc5a06af4ebf61f6f6f2e181057a5ea4350b90b3f417bd"), + 12: decodeHexString(c, "b6dfa17679ea768de6430c531da07e2f926320a1ec577c2edd97d4757dc6e45f"), }, }, }, @@ -385,7 +385,7 @@ func (s *snapModelProfileTest) TestAddSnapModelProfile11(c *C) { Models: []*asserts.Model{ s.makeMockCore20ModelAssertion(c, map[string]interface{}{ "authority-id": "fake-brand", - "series": "20", + "series": "16", "brand-id": "fake-brand", "model": "fake-model", "grade": "dangerous", @@ -395,7 +395,7 @@ func (s *snapModelProfileTest) TestAddSnapModelProfile11(c *C) { values: []tpm2.PCRValues{ { tpm2.HashAlgorithmSHA256: { - 12: decodeHexString(c, "e644cdf6668fa8c675dddc21bdfdd0887381d9719faf1e44e882c3d34cc2bb5a"), + 12: decodeHexString(c, "27db1fa15c2fd09361f6812bca72c3285e889dd20fcfbbe509e153b302046820"), }, }, }, From 8f2260440a8230549de5aec4f08849309bfb3216 Mon Sep 17 00:00:00 2001 From: Samuele Pedroni Date: Mon, 20 Apr 2020 21:53:05 +0200 Subject: [PATCH 2/3] update vendor.json now that ModelGrade.Code has landed in snapd --- vendor/vendor.json | 130 +++++++++++++++++++++++---------------------- 1 file changed, 67 insertions(+), 63 deletions(-) diff --git a/vendor/vendor.json b/vendor/vendor.json index 3a8d5df6..06be50cf 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -60,158 +60,162 @@ { "checksumSHA1": "2oDnNscNh8PCY1SXlMEf8DZbQzQ=", "path": "github.com/snapcore/snapd/arch", - "revision": "da480b74dc895a6cbc02d7f00f3a38529fd5fd29", - "revisionTime": "2020-02-12T13:56:49Z" + "revision": "cba748d1244e6861a5e407f7abe90fb2f76b6f80", + "revisionTime": "2020-04-20T18:59:55Z" }, { - "checksumSHA1": "eLrXwgWW73OWXLajqFBkkWBMoNM=", + "checksumSHA1": "jgludPPsAFSrXo5BMucAcj7A8gY=", "path": "github.com/snapcore/snapd/asserts", - "revision": "85d045458ea5a9b9eb01ed67c3ffbbf59ff4c8a0", - "revisionTime": "2020-04-15T14:21:00Z" + "revision": "cba748d1244e6861a5e407f7abe90fb2f76b6f80", + "revisionTime": "2020-04-20T18:59:55Z" }, { - "checksumSHA1": "dgVsGNzbHyFKJ57G677B0ks2ldw=", + "path": "github.com/snapcore/snapd/asserts/internal", + "revision": "" + }, + { + "checksumSHA1": "3Db7Lb2ueEX1hc6WoIM79lk6lbM=", "path": "github.com/snapcore/snapd/cmd/cmdutil", - "revision": "3cf189a768580bcf3ea3397361566be1a6e04bc5", - "revisionTime": "2020-02-28T13:54:56Z" + "revision": "cba748d1244e6861a5e407f7abe90fb2f76b6f80", + "revisionTime": "2020-04-20T18:59:55Z" }, { - "checksumSHA1": "6PRXZHxlsEroi+D/iIchWdqljGs=", + "checksumSHA1": "tMdCPTwArfTM0Z0MpKxIfkbUmO4=", "path": "github.com/snapcore/snapd/dirs", - "revision": "3cf189a768580bcf3ea3397361566be1a6e04bc5", - "revisionTime": "2020-02-28T13:54:56Z" + "revision": "cba748d1244e6861a5e407f7abe90fb2f76b6f80", + "revisionTime": "2020-04-20T18:59:55Z" }, { - "checksumSHA1": "jjwlakdjAiyQx1bBW00spWFruA4=", + "checksumSHA1": "r1kWpKwr6tgQczLNgyJJU3fueZE=", "path": "github.com/snapcore/snapd/httputil", - "revision": "da480b74dc895a6cbc02d7f00f3a38529fd5fd29", - "revisionTime": "2020-02-12T13:56:49Z" + "revision": "cba748d1244e6861a5e407f7abe90fb2f76b6f80", + "revisionTime": "2020-04-20T18:59:55Z" }, { "checksumSHA1": "4Ie673xc3PJbxsnujxe8bCifr4I=", "path": "github.com/snapcore/snapd/i18n", - "revision": "3cf189a768580bcf3ea3397361566be1a6e04bc5", - "revisionTime": "2020-02-28T13:54:56Z" + "revision": "cba748d1244e6861a5e407f7abe90fb2f76b6f80", + "revisionTime": "2020-04-20T18:59:55Z" }, { "checksumSHA1": "F8KzaQ2JCF/jAEKWcA8SGYBd7bk=", "path": "github.com/snapcore/snapd/logger", - "revision": "da480b74dc895a6cbc02d7f00f3a38529fd5fd29", - "revisionTime": "2020-02-12T13:56:49Z" + "revision": "cba748d1244e6861a5e407f7abe90fb2f76b6f80", + "revisionTime": "2020-04-20T18:59:55Z" }, { "checksumSHA1": "d09E/bfjOHPFE0emxHDWa25o8rc=", "path": "github.com/snapcore/snapd/metautil", - "revision": "3cf189a768580bcf3ea3397361566be1a6e04bc5", - "revisionTime": "2020-02-28T13:54:56Z" + "revision": "cba748d1244e6861a5e407f7abe90fb2f76b6f80", + "revisionTime": "2020-04-20T18:59:55Z" }, { - "checksumSHA1": "0ueeNSDWS9eGgIZmXYP6ZNB/98k=", + "checksumSHA1": "wtg8UKbHVL8qRZ8ggQb+cDQlVNo=", "path": "github.com/snapcore/snapd/osutil", - "revision": "1ca48cd75c9bfdf73fe8f1f45419f7cdad267638", - "revisionTime": "2020-03-26T10:31:06Z" + "revision": "cba748d1244e6861a5e407f7abe90fb2f76b6f80", + "revisionTime": "2020-04-20T18:59:55Z" }, { "checksumSHA1": "uviyHf48hcnZN/cGKNUxmvqLISQ=", "path": "github.com/snapcore/snapd/osutil/mount", - "revision": "255cfaa1f5991a2d20232d57be6c4349338bbffa", - "revisionTime": "2020-03-30T18:40:30Z" + "revision": "cba748d1244e6861a5e407f7abe90fb2f76b6f80", + "revisionTime": "2020-04-20T18:59:55Z" }, { "checksumSHA1": "EYRtD9fNCHSSnWkkZSNTAB63IhQ=", "path": "github.com/snapcore/snapd/osutil/sys", - "revision": "1ca48cd75c9bfdf73fe8f1f45419f7cdad267638", - "revisionTime": "2020-03-26T10:31:06Z" + "revision": "cba748d1244e6861a5e407f7abe90fb2f76b6f80", + "revisionTime": "2020-04-20T18:59:55Z" }, { - "checksumSHA1": "K+/WBhBSI4CZvjQCYEIM7WUksYE=", + "checksumSHA1": "1LtMtOxaLmu0tGueD4kzOVgUpjs=", "path": "github.com/snapcore/snapd/randutil", - "revision": "da480b74dc895a6cbc02d7f00f3a38529fd5fd29", - "revisionTime": "2020-02-12T13:56:49Z" + "revision": "cba748d1244e6861a5e407f7abe90fb2f76b6f80", + "revisionTime": "2020-04-20T18:59:55Z" }, { - "checksumSHA1": "Utnd1T1xQmGqqPd1jumHeK8YtdE=", + "checksumSHA1": "CtpWGDbGNLv+/eGYtTC9UlZPuQE=", "path": "github.com/snapcore/snapd/release", - "revision": "da480b74dc895a6cbc02d7f00f3a38529fd5fd29", - "revisionTime": "2020-02-12T13:56:49Z" + "revision": "cba748d1244e6861a5e407f7abe90fb2f76b6f80", + "revisionTime": "2020-04-20T18:59:55Z" }, { - "checksumSHA1": "5hTOcq3eOOy9u3EjivHgO4Z1uag=", + "checksumSHA1": "HkMOOna80MQh9z0VJO1gVYSlicQ=", "path": "github.com/snapcore/snapd/sandbox/apparmor", - "revision": "da480b74dc895a6cbc02d7f00f3a38529fd5fd29", - "revisionTime": "2020-02-12T13:56:49Z" + "revision": "cba748d1244e6861a5e407f7abe90fb2f76b6f80", + "revisionTime": "2020-04-20T18:59:55Z" }, { - "checksumSHA1": "vDorfoNJyyYUol4dVrEdNjKjZl0=", + "checksumSHA1": "4vA1HfsUqsC3IODAqoJEKTt3j/M=", "path": "github.com/snapcore/snapd/sandbox/cgroup", - "revision": "da480b74dc895a6cbc02d7f00f3a38529fd5fd29", - "revisionTime": "2020-02-12T13:56:49Z" + "revision": "cba748d1244e6861a5e407f7abe90fb2f76b6f80", + "revisionTime": "2020-04-20T18:59:55Z" }, { "checksumSHA1": "f01gqazrvoATUzX2njKnzd+c1O0=", "path": "github.com/snapcore/snapd/snap", - "revision": "1ca48cd75c9bfdf73fe8f1f45419f7cdad267638", - "revisionTime": "2020-03-26T10:31:06Z" + "revision": "cba748d1244e6861a5e407f7abe90fb2f76b6f80", + "revisionTime": "2020-04-20T18:59:55Z" }, { "checksumSHA1": "o5TwzS0cwJNV8HNIIZrRfZPANLU=", "path": "github.com/snapcore/snapd/snap/channel", - "revision": "85d045458ea5a9b9eb01ed67c3ffbbf59ff4c8a0", - "revisionTime": "2020-04-15T14:21:00Z" + "revision": "cba748d1244e6861a5e407f7abe90fb2f76b6f80", + "revisionTime": "2020-04-20T18:59:55Z" }, { - "checksumSHA1": "oxw0r23JHi+xZgzBDLnJLESkZPk=", + "checksumSHA1": "bvtO/K0/j2AzLlIVIoTSMMKoWdg=", "path": "github.com/snapcore/snapd/snap/naming", - "revision": "1ca48cd75c9bfdf73fe8f1f45419f7cdad267638", - "revisionTime": "2020-03-26T10:31:06Z" + "revision": "cba748d1244e6861a5e407f7abe90fb2f76b6f80", + "revisionTime": "2020-04-20T18:59:55Z" }, { "checksumSHA1": "vm3N9KUtggnspT4hGPd3Nw3yTHM=", "path": "github.com/snapcore/snapd/snap/snapdir", - "revision": "1ca48cd75c9bfdf73fe8f1f45419f7cdad267638", - "revisionTime": "2020-03-26T10:31:06Z" + "revision": "cba748d1244e6861a5e407f7abe90fb2f76b6f80", + "revisionTime": "2020-04-20T18:59:55Z" }, { "checksumSHA1": "Nls67Y45Thmm2FvrUIyJD9ol/G4=", "path": "github.com/snapcore/snapd/snap/squashfs", - "revision": "1ca48cd75c9bfdf73fe8f1f45419f7cdad267638", - "revisionTime": "2020-03-26T10:31:06Z" + "revision": "cba748d1244e6861a5e407f7abe90fb2f76b6f80", + "revisionTime": "2020-04-20T18:59:55Z" }, { - "checksumSHA1": "O/P8dXD7Y65X/PyJFaPzl7I/E9E=", + "checksumSHA1": "mdfRqW8vKSoyVONzofJ7ZG/8rLw=", "path": "github.com/snapcore/snapd/snapdenv", - "revision": "1ca48cd75c9bfdf73fe8f1f45419f7cdad267638", - "revisionTime": "2020-03-26T10:31:06Z" + "revision": "cba748d1244e6861a5e407f7abe90fb2f76b6f80", + "revisionTime": "2020-04-20T18:59:55Z" }, { "checksumSHA1": "nv9pDBzs9U3Q/scdzoyWbcNOcW4=", "path": "github.com/snapcore/snapd/spdx", - "revision": "3cf189a768580bcf3ea3397361566be1a6e04bc5", - "revisionTime": "2020-02-28T13:54:56Z" + "revision": "cba748d1244e6861a5e407f7abe90fb2f76b6f80", + "revisionTime": "2020-04-20T18:59:55Z" }, { "checksumSHA1": "AxDnGd+bLjj9MSRHdKac2N9yQRw=", "path": "github.com/snapcore/snapd/strutil", - "revision": "da480b74dc895a6cbc02d7f00f3a38529fd5fd29", - "revisionTime": "2020-02-12T13:56:49Z" + "revision": "cba748d1244e6861a5e407f7abe90fb2f76b6f80", + "revisionTime": "2020-04-20T18:59:55Z" }, { "checksumSHA1": "gwLER4MDLp8vaTXkUFarvfl5DXM=", "path": "github.com/snapcore/snapd/testutil", - "revision": "255cfaa1f5991a2d20232d57be6c4349338bbffa", - "revisionTime": "2020-03-30T18:40:30Z" + "revision": "cba748d1244e6861a5e407f7abe90fb2f76b6f80", + "revisionTime": "2020-04-20T18:59:55Z" }, { "checksumSHA1": "leL+WTjj2xj4V+wbm76CXw2Eo/c=", "path": "github.com/snapcore/snapd/timeout", - "revision": "3cf189a768580bcf3ea3397361566be1a6e04bc5", - "revisionTime": "2020-02-28T13:54:56Z" + "revision": "cba748d1244e6861a5e407f7abe90fb2f76b6f80", + "revisionTime": "2020-04-20T18:59:55Z" }, { "checksumSHA1": "d7Uh5DAb5V1dL6tuUALM/Fnyzuc=", "path": "github.com/snapcore/snapd/timeutil", - "revision": "3cf189a768580bcf3ea3397361566be1a6e04bc5", - "revisionTime": "2020-02-28T13:54:56Z" + "revision": "cba748d1244e6861a5e407f7abe90fb2f76b6f80", + "revisionTime": "2020-04-20T18:59:55Z" }, { "checksumSHA1": "zJybXQZcPAht+soLp/ozc9q5teE=", From edff5efbea9207a5f6542832d8c97064577bf63a Mon Sep 17 00:00:00 2001 From: Samuele Pedroni Date: Mon, 20 Apr 2020 22:45:08 +0200 Subject: [PATCH 3/3] clarify that ModelGrade.Code() is encoded in little-endian format --- snapmodel_policy.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snapmodel_policy.go b/snapmodel_policy.go index 0249e157..4ade3b07 100644 --- a/snapmodel_policy.go +++ b/snapmodel_policy.go @@ -57,7 +57,7 @@ type SnapModelProfileParams struct { // digest2 = H(digest1 || model) // digestModel = H(digest2 || series || grade) // The signing key digest algorithm is encoded in little-endian format, and the sign-key-sha3-384 field is hashed in decoded (binary) -// form. The brand-id, model and series fields are hashed without null terminators. The grade field is encoded as the 32 bits from asserts.ModelGrade.Code. +// form. The brand-id, model and series fields are hashed without null terminators. The grade field is encoded as the 32 bits from asserts.ModelGrade.Code in little-endian format. // // Separate extend operations are used because brand-id, model and series are variable length. //