Draft: Compare changes for Humble integration

sros2/sros2/keystore/_permission.py

@@ -49,7 +49,8 @@ def create_permission(
 def extend_permission_with_pcr(
         keystore_path: pathlib.Path,
         identity: str,
-        pcr_identifier: str,
+        system_identifier: str,
+        config_identifier: str,
         subject: str
 ):
     relative_path = os.path.normpath(identity.lstrip('/'))
@@ -58,48 +59,36 @@ def extend_permission_with_pcr(
     permissions_path = key_dir.joinpath('permissions.xml')
 
     tpm_dir = _keystore.get_keystore_tpm_dir(keystore_path)
-    tpm_pcr_id_dir = tpm_dir.joinpath(_TPM_PCR_SELECTIONS_DIR).joinpath(pcr_identifier)
+    tpm_system_dir = tpm_dir.joinpath(system_identifier)
 
-    tpm_pcr_values_path = tpm_pcr_id_dir.joinpath("pcr_values.yaml")
-    tpm_pcr_selection_path = tpm_pcr_id_dir.joinpath("pcr_selection.txt")
+    # Create XML elements to add to the permission.xml
+    pcr_selection_children = []
+    config_found = False
 
-    if not tpm_pcr_values_path.is_file():
-        return # TODO: Error handling
+    for _, dirs, _ in os.walk(tpm_system_dir):
+        for config_dir in dirs:
+            config_path = tpm_system_dir.joinpath(config_dir)
+            tpm_pcr_values_path = config_path.joinpath("pcr_values.yaml")
+            tpm_pcr_selection_path = config_path.joinpath("pcr_selection.txt")
 
-    with open(tpm_pcr_values_path, "r") as f:
-        pcr_values_data = f.read().splitlines()
+            if (not tpm_pcr_values_path.is_file()) or (not tpm_pcr_selection_path.is_file()):
+                continue
 
-    # Copy pcr_selection.txt into the enclave
-    shutil.copy(tpm_pcr_selection_path, key_tpm_dir)
+            with open(tpm_pcr_values_path, "r") as f:
+                pcr_values_data = f.read().splitlines()
+                pcr_selection_children.append(*_create_permission_xml_for_value(pcr_values_data))
 
-    active_bank = None
-    current_data = ""
+            # Copy pcr_selection.txt into the enclave
+            if config_dir == config_identifier:
+                shutil.copy(tpm_pcr_selection_path, key_tpm_dir)
+                config_found = True
 
-    # Create XML elements to add to the permission.xml
-    pcr_selection_children = []
+        break
 
-    for line in pcr_values_data:
-        if line.strip().startswith("s"): # All TPM banks hash algorithms start with s
-            bank = line.replace(":", "").strip()
-            if active_bank and current_data:
-                xml_element = etree.Element("pcr_selection", bank=active_bank)
-                xml_element.text = "\n" + current_data
-                pcr_selection_children.append(xml_element)
+    if not config_found:
+        raise sros2.errors.SystemConfigNotFound(config_identifier, system_identifier)
 
 
-            active_bank = bank
-            current_data = ""
-        elif line.startswith(" "):
-            data = line.strip()
-            if active_bank:
-                current_data += data + "\n"
-        else:
-            pass
-
-    if current_data:
-        xml_element = etree.Element("pcr_selection", bank=active_bank)
-        xml_element.text = "\n" + current_data
-        pcr_selection_children.append(xml_element)
 
     tree = etree.parse(permissions_path)
     root = tree.getroot()
@@ -125,6 +114,7 @@ def extend_permission_with_pcr(
         _keystore.get_keystore_public_dir(keystore_path), 'permissions_ca.cert.pem')
     keystore_permissions_ca_key_path = os.path.join(
         _keystore.get_keystore_private_dir(keystore_path), 'permissions_ca.key.pem')
+
     _utilities.create_smime_signed_file(
         keystore_permissions_ca_cert_path,
         keystore_permissions_ca_key_path,
@@ -183,3 +173,33 @@ def create_permission_file(path: pathlib.Path, domain_id, policy_element) -> Non
 
     with open(path, 'wb') as f:
         f.write(etree.tostring(permissions_xml, pretty_print=True))
+
+def _create_permission_xml_for_value(pcr_value: list) -> etree.Element:
+    active_bank = None
+    current_data = ""
+    pcr_selection_children = []
+
+    for line in pcr_value:
+        if line.strip().startswith("s"): # All TPM banks hash algorithms start with s
+            bank = line.replace(":", "").strip()
+            if active_bank and current_data:
+                xml_element = etree.Element("pcr_selection", bank=active_bank)
+                xml_element.text = "\n" + current_data
+                pcr_selection_children.append(xml_element)
+
+
+            active_bank = bank
+            current_data = ""
+        elif line.startswith(" "):
+            data = line.strip()
+            if active_bank:
+                current_data += data + "\n"
+        else:
+            pass
+
+    if current_data:
+        xml_element = etree.Element("pcr_selection", bank=active_bank)
+        xml_element.text = "\n" + current_data
+        pcr_selection_children.append(xml_element)
+
+    return pcr_selection_children
\ No newline at end of file