Change UserData to ReportData for consistency

The REPORT_DATA field is for users to supply their own data to include with the report, but the naming inconsistency with AMD's documentation is too confusing to make the name difference worth keeping. Signed-off-by: Dionna Glaze <[email protected]>
google · Sep 29, 2022 · 75f1654 · 75f1654
1 parent 01b2e0a
commit 75f1654
Show file tree

Hide file tree

Showing 7 changed files with 61 additions and 61 deletions.
diff --git a/README.md b/README.md
@@ -27,7 +27,7 @@ This function creates a file descriptor to the `/dev/sev-guest` device and
 returns an object that has methods encapsulating commands to the device. When
 done, remember to `Close()` the device.
 
-### `func GetExtendedReport(d Device, userData [64]byte) (*pb.Attestation, error)`
+### `func GetExtendedReport(d Device, reportData [64]byte) (*pb.Attestation, error)`
 
 This function takes an object implementing the `Device` interface (e.g., a
 `LinuxDevice`) and returns the protocol buffer representation of the attestation
@@ -134,7 +134,7 @@ fields of an attestation report.
 
 The fields that either can be skipped or must match the given value exactly are:
 
-*   `UserData` for the `REPORT_DATA` field
+*   `ReportData` for the `REPORT_DATA` field
 *   `HostData` for the `HOST_DATA` field
 *   `ImageID` for the `IMAGE_ID` field
 *   `FamilyID` for the `FAMILY_ID` field

diff --git a/client/client.go b/client/client.go
@@ -46,12 +46,12 @@ func message(d Device, command uintptr, req *labi.SnpUserGuestRequest) error {
 
 // GetRawReportAtVmpl requests for an attestation report at the given VMPL that incorporates the
 // given user data.
-func GetRawReportAtVmpl(d Device, userData [64]byte, vmpl int) ([]byte, error) {
+func GetRawReportAtVmpl(d Device, reportData [64]byte, vmpl int) ([]byte, error) {
 	var snpReportRsp labi.SnpReportRespABI
 	userGuestReq := labi.SnpUserGuestRequest{
 		ReqData: &labi.SnpReportReqABI{
-			UserData: userData,
-			Vmpl:     uint32(vmpl),
+			ReportData: reportData,
+			Vmpl:       uint32(vmpl),
 		},
 		RespData: &snpReportRsp,
 	}
@@ -62,35 +62,35 @@ func GetRawReportAtVmpl(d Device, userData [64]byte, vmpl int) ([]byte, error) {
 }
 
 // GetRawReport requests for an attestation report at VMPL0 that incorporates the given user data.
-func GetRawReport(d Device, userData [64]byte) ([]byte, error) {
-	return GetRawReportAtVmpl(d, userData, 0)
+func GetRawReport(d Device, reportData [64]byte) ([]byte, error) {
+	return GetRawReportAtVmpl(d, reportData, 0)
 }
 
 // GetReportAtVmpl gets an attestation report at the given VMPL into its protobuf representation.
-func GetReportAtVmpl(d Device, userData [64]byte, vmpl int) (*pb.Report, error) {
-	data, err := GetRawReportAtVmpl(d, userData, vmpl)
+func GetReportAtVmpl(d Device, reportData [64]byte, vmpl int) (*pb.Report, error) {
+	data, err := GetRawReportAtVmpl(d, reportData, vmpl)
 	if err != nil {
 		return nil, err
 	}
 	return abi.ReportToProto(data)
 }
 
 // GetReport gets an attestation report at VMPL0 into its protobuf representation.
-func GetReport(d Device, userData [64]byte) (*pb.Report, error) {
-	return GetReportAtVmpl(d, userData, 0)
+func GetReport(d Device, reportData [64]byte) (*pb.Report, error) {
+	return GetReportAtVmpl(d, reportData, 0)
 }
 
-// getExtendedReportIn issues a GetExtendedReport command to the sev-guest driver with userData
+// getExtendedReportIn issues a GetExtendedReport command to the sev-guest driver with reportData
 // input and certs as a destination for certificate data. If certs is empty, this function returns
 // the expected size of certs as its second result value. If certs is non-empty, this function
-// returns the signed attestation report containing userData and the certificate chain for the
+// returns the signed attestation report containing reportData and the certificate chain for the
 // report's endorsement key.
-func getExtendedReportIn(d Device, userData [64]byte, vmpl int, certs []byte) ([]byte, uint32, error) {
+func getExtendedReportIn(d Device, reportData [64]byte, vmpl int, certs []byte) ([]byte, uint32, error) {
 	var snpReportRsp labi.SnpReportRespABI
 	snpExtReportReq := labi.SnpExtendedReportReq{
 		Data: labi.SnpReportReqABI{
-			UserData: userData,
-			Vmpl:     uint32(vmpl),
+			ReportData: reportData,
+			Vmpl:       uint32(vmpl),
 		},
 		Certs:       certs,
 		CertsLength: uint32(len(certs)),
@@ -122,13 +122,13 @@ func queryCertificateLength(d Device, vmpl int) (uint32, error) {
 
 // GetRawExtendedReportAtVmpl requests for an attestation report that incorporates the given user
 // data at the given VMPL, and additional key certificate information.
-func GetRawExtendedReportAtVmpl(d Device, userData [64]byte, vmpl int) ([]byte, []byte, error) {
+func GetRawExtendedReportAtVmpl(d Device, reportData [64]byte, vmpl int) ([]byte, []byte, error) {
 	length, err := queryCertificateLength(d, vmpl)
 	if err != nil {
 		return nil, nil, fmt.Errorf("error querying certificate length: %v", err)
 	}
 	certs := make([]byte, length)
-	report, _, err := getExtendedReportIn(d, userData, vmpl, certs)
+	report, _, err := getExtendedReportIn(d, reportData, vmpl, certs)
 	if err != nil {
 		return nil, nil, err
 	}
@@ -137,13 +137,13 @@ func GetRawExtendedReportAtVmpl(d Device, userData [64]byte, vmpl int) ([]byte,
 
 // GetRawExtendedReport requests for an attestation report that incorporates the given user data,
 // and additional key certificate information.
-func GetRawExtendedReport(d Device, userData [64]byte) ([]byte, []byte, error) {
-	return GetRawExtendedReportAtVmpl(d, userData, 0)
+func GetRawExtendedReport(d Device, reportData [64]byte) ([]byte, []byte, error) {
+	return GetRawExtendedReportAtVmpl(d, reportData, 0)
 }
 
 // GetExtendedReportAtVmpl gets an extended attestation report at the given VMPL into a structured type.
-func GetExtendedReportAtVmpl(d Device, userData [64]byte, vmpl int) (*pb.Attestation, error) {
-	reportBytes, certBytes, err := GetRawExtendedReportAtVmpl(d, userData, vmpl)
+func GetExtendedReportAtVmpl(d Device, reportData [64]byte, vmpl int) (*pb.Attestation, error) {
+	reportBytes, certBytes, err := GetRawExtendedReportAtVmpl(d, reportData, vmpl)
 	if err != nil {
 		return nil, err
 	}
@@ -161,8 +161,8 @@ func GetExtendedReportAtVmpl(d Device, userData [64]byte, vmpl int) (*pb.Attesta
 }
 
 // GetExtendedReport gets an extended attestation report at VMPL0 into a structured type.
-func GetExtendedReport(d Device, userData [64]byte) (*pb.Attestation, error) {
-	return GetExtendedReportAtVmpl(d, userData, 0)
+func GetExtendedReport(d Device, reportData [64]byte) (*pb.Attestation, error) {
+	return GetExtendedReportAtVmpl(d, reportData, 0)
 }
 
 // GuestFieldSelect represents which guest-provided information will be mixed into a derived key.

diff --git a/client/linuxabi/linux_abi.go b/client/linuxabi/linux_abi.go
@@ -108,8 +108,8 @@ func (err SevEsErr) Error() string {
 // SnpReportReqABI is Linux's sev-guest ioctl abi for sending a GET_REPORT request. See
 // include/uapi/linux/sev-guest.h
 type SnpReportReqABI struct {
-	// UserData to be included in the report
-	UserData [64]uint8
+	// ReportData to be included in the report
+	ReportData [64]uint8
 
 	// Vmpl is the SEV-SNP VMPL level to be included in the report.
 	// The kernel must have access to the corresponding VMPCK.

diff --git a/testing/mocks.go b/testing/mocks.go
@@ -32,11 +32,11 @@ type GetReportResponse struct {
 
 // Device represents a sev-guest driver implementation with pre-programmed responses to commands.
 type Device struct {
-	isOpen      bool
-	UserDataRsp map[string]interface{}
-	Keys        map[string][]byte
-	Certs       []byte
-	Signer      *AmdSigner
+	isOpen        bool
+	ReportDataRsp map[string]interface{}
+	Keys          map[string][]byte
+	Certs         []byte
+	Signer        *AmdSigner
 }
 
 // Open changes the mock device's state to open.
@@ -58,9 +58,9 @@ func (d *Device) Close() error {
 }
 
 func (d *Device) getReport(req *labi.SnpReportReqABI, rsp *labi.SnpReportRespABI, fwErr *uint64) (uintptr, error) {
-	mockRspI, ok := d.UserDataRsp[hex.EncodeToString(req.UserData[:])]
+	mockRspI, ok := d.ReportDataRsp[hex.EncodeToString(req.ReportData[:])]
 	if !ok {
-		return 0, fmt.Errorf("test error: no response for %v", req.UserData)
+		return 0, fmt.Errorf("test error: no response for %v", req.ReportData)
 	}
 	mockRsp, ok := mockRspI.(*GetReportResponse)
 	if !ok {

diff --git a/testing/test_cases.go b/testing/test_cases.go
@@ -24,10 +24,10 @@ import (
 	labi "github.com/google/go-sev-guest/client/linuxabi"
 )
 
-// userZeros defines a UserData example that is all zeros
+// userZeros defines a ReportData example that is all zeros
 var userZeros [64]byte
 
-// userZeros1 defines a UserData example that is all zeros except the last byte is 1.
+// userZeros1 defines a ReportData example that is all zeros except the last byte is 1.
 var userZeros1 = [64]byte{
 	0, 0, 0, 0, 0, 0, 0, 0,
 	0, 0, 0, 0, 0, 0, 0, 0,
@@ -38,7 +38,7 @@ var userZeros1 = [64]byte{
 	0, 0, 0, 0, 0, 0, 0, 0,
 	0, 0, 0, 0, 0, 0, 0, 1}
 
-// userZeros11 defines a UserData example that is all zeros except the last 2 bytes are both 1.
+// userZeros11 defines a ReportData example that is all zeros except the last 2 bytes are both 1.
 var userZeros11 = [64]byte{
 	0, 0, 0, 0, 0, 0, 0, 0,
 	0, 0, 0, 0, 0, 0, 0, 0,
@@ -91,15 +91,15 @@ var oneReport = `
 // We can't sign the report with AMD keys, and verification isn't the client's responsibility, so
 // we keep the signature zeros.
 // Similarly, we leave the randomly-generated fields zero.
-func TestRawReport(userData [64]byte) [labi.SnpReportRespReportSize]byte {
+func TestRawReport(reportData [64]byte) [labi.SnpReportRespReportSize]byte {
 	var r [labi.SnpReportRespReportSize]byte
 	// Set Version to 2
 	binary.LittleEndian.PutUint32(r[0x00:0x04], 2)
 	binary.LittleEndian.PutUint64(r[0x08:0x10], abi.SnpPolicyToBytes(abi.SnpPolicy{Debug: true}))
 	// Signature algorithm ECC P-384 with SHA-384 is encoded as 1.
 	binary.LittleEndian.PutUint32(r[0x34:0x38], 1)
 	// Place user data in its report location.
-	copy(r[0x50:0x90], userData[:])
+	copy(r[0x50:0x90], reportData[:])
 	return r
 }
 
@@ -178,9 +178,9 @@ func TcDevice(tcs []TestCase, opts *DeviceOptions) (*Device, error) {
 		}
 	}
 	return &Device{
-		UserDataRsp: responses,
-		Certs:       certs,
-		Signer:      signer,
-		Keys:        opts.Keys,
+		ReportDataRsp: responses,
+		Certs:         certs,
+		Signer:        signer,
+		Keys:          opts.Keys,
 	}, nil
 }
diff --git a/validate/validate.go b/validate/validate.go
@@ -34,8 +34,8 @@ import (
 type Options struct {
 	// GuestPolicy is the maximum of acceptable guest policies.
 	GuestPolicy abi.SnpPolicy
-	// UserData is the expected REPORT_DATA field. Must be nil or 64 bytes long. Not checked if nil.
-	UserData []byte
+	// ReportData is the expected REPORT_DATA field. Must be nil or 64 bytes long. Not checked if nil.
+	ReportData []byte
 	// HostData is the expected HOST_DATA field. Must be nil or 32 bytes long. Not checked if nil.
 	HostData []byte
 	// ImageID is the expected IMAGE_ID field. Must be nil or 16 bytes long. Not checked if nil.
@@ -139,7 +139,7 @@ func validateByteField(option, field string, size int, given, required []byte) e
 
 func validateVerbatimFields(report *spb.Report, options *Options) error {
 	return multierr.Combine(
-		validateByteField("UserData", "REPORT_DATA", abi.ReportDataSize, report.GetReportData(), options.UserData),
+		validateByteField("ReportData", "REPORT_DATA", abi.ReportDataSize, report.GetReportData(), options.ReportData),
 		validateByteField("HostData", "HOST_DATA", abi.HostDataSize, report.GetHostData(), options.HostData),
 		validateByteField("FamilyID", "FAMILY_ID", abi.FamilyIDSize, report.GetFamilyId(), options.FamilyID),
 		validateByteField("ImageID", "IMAGE_ID", abi.ImageIDSize, report.GetImageId(), options.ImageID),

diff --git a/validate/validate_test.go b/validate/validate_test.go
@@ -265,7 +265,7 @@ func TestValidateSnpAttestation(t *testing.T) {
 	}
 	tests := []testCase{
 		{
-			name: "just userData",
+			name: "just reportData",
 			attestation: func() *spb.Attestation {
 				report, err := sg.GetReport(device0, nonce0s1)
 				if err != nil {
@@ -278,13 +278,13 @@ func TestValidateSnpAttestation(t *testing.T) {
 						VcekCert: sign0.Vcek.Raw,
 					}}
 			}(),
-			opts: &Options{UserData: nonce0s1[:], GuestPolicy: abi.SnpPolicy{Debug: true}},
+			opts: &Options{ReportData: nonce0s1[:], GuestPolicy: abi.SnpPolicy{Debug: true}},
 		},
 		{
 			name:        "deep check",
 			attestation: attestation12345,
 			opts: &Options{
-				UserData:               nonce12345[:],
+				ReportData:             nonce12345[:],
 				GuestPolicy:            abi.SnpPolicy{Debug: true, SMT: true},
 				PlatformInfo:           &abi.SnpPlatformInfo{SMTEnabled: true},
 				Measurement:            measurement,
@@ -306,7 +306,7 @@ func TestValidateSnpAttestation(t *testing.T) {
 			name:        "Minimum TCB checked",
 			attestation: attestation12345,
 			opts: &Options{
-				UserData:     nonce12345[:],
+				ReportData:   nonce12345[:],
 				GuestPolicy:  abi.SnpPolicy{Debug: true, SMT: true},
 				PlatformInfo: &abi.SnpPlatformInfo{SMTEnabled: true},
 				MinimumTCB:   kds.TCBParts{UcodeSpl: 0xff, SnpSpl: 0x05, BlSpl: 0x02},
@@ -317,7 +317,7 @@ func TestValidateSnpAttestation(t *testing.T) {
 			name:        "Minimum build checked",
 			attestation: attestation12345,
 			opts: &Options{
-				UserData:     nonce12345[:],
+				ReportData:   nonce12345[:],
 				GuestPolicy:  abi.SnpPolicy{Debug: true, SMT: true},
 				PlatformInfo: &abi.SnpPlatformInfo{SMTEnabled: true},
 				MinimumBuild: 3,
@@ -328,7 +328,7 @@ func TestValidateSnpAttestation(t *testing.T) {
 			name:        "Minimum version checked",
 			attestation: attestation12345,
 			opts: &Options{
-				UserData:       nonce12345[:],
+				ReportData:     nonce12345[:],
 				GuestPolicy:    abi.SnpPolicy{Debug: true, SMT: true},
 				PlatformInfo:   &abi.SnpPlatformInfo{SMTEnabled: true},
 				MinimumVersion: 0xff00,
@@ -339,7 +339,7 @@ func TestValidateSnpAttestation(t *testing.T) {
 			name:        "Author key checked",
 			attestation: attestation54321,
 			opts: &Options{
-				UserData:         nonce54321[:],
+				ReportData:       nonce54321[:],
 				GuestPolicy:      abi.SnpPolicy{Debug: true, SMT: true},
 				PlatformInfo:     &abi.SnpPlatformInfo{SMTEnabled: true},
 				RequireAuthorKey: true,
@@ -352,7 +352,7 @@ func TestValidateSnpAttestation(t *testing.T) {
 			name:        "PlatformInfo checked",
 			attestation: attestation54321,
 			opts: &Options{
-				UserData:     nonce54321[:],
+				ReportData:   nonce54321[:],
 				GuestPolicy:  abi.SnpPolicy{Debug: true, SMT: true},
 				PlatformInfo: &abi.SnpPlatformInfo{},
 			},
@@ -362,7 +362,7 @@ func TestValidateSnpAttestation(t *testing.T) {
 			name:        "Requiring IDBlock requires trust",
 			attestation: attestation12345,
 			opts: &Options{
-				UserData:       nonce12345[:],
+				ReportData:     nonce12345[:],
 				GuestPolicy:    abi.SnpPolicy{Debug: true, SMT: true},
 				PlatformInfo:   &abi.SnpPlatformInfo{SMTEnabled: true},
 				RequireIDBlock: true,
@@ -375,45 +375,45 @@ func TestValidateSnpAttestation(t *testing.T) {
 			name:        "accepted provisional by build",
 			attestation: attestationb1455,
 			opts: &Options{
-				UserData:                  nonceb1455[:],
+				ReportData:                nonceb1455[:],
 				GuestPolicy:               abi.SnpPolicy{Debug: true},
 				PermitProvisionalFirmware: true,
 			},
 		},
 		{
 			name:        "rejected provisional by build",
 			attestation: attestationb1455,
-			opts:        &Options{UserData: nonceb1455[:], GuestPolicy: abi.SnpPolicy{Debug: true}},
+			opts:        &Options{ReportData: nonceb1455[:], GuestPolicy: abi.SnpPolicy{Debug: true}},
 			wantErr:     "committed build number 1 does not match the current build number 2",
 		},
 		{
 			name:        "accepted provisional by tcb",
 			attestation: attestationcb1455,
 			opts: &Options{
-				UserData:                  noncecb1455[:],
+				ReportData:                noncecb1455[:],
 				GuestPolicy:               abi.SnpPolicy{Debug: true},
 				PermitProvisionalFirmware: true,
 			},
 		},
 		{
 			name:        "rejected provisional by tcb",
 			attestation: attestationcb1455,
-			opts:        &Options{UserData: noncecb1455[:], GuestPolicy: abi.SnpPolicy{Debug: true}},
+			opts:        &Options{ReportData: noncecb1455[:], GuestPolicy: abi.SnpPolicy{Debug: true}},
 			wantErr:     "firmware's committed TCB 9270000000007f00 does not match the current TCB 9270000000007f1f",
 		},
 		{
 			name:        "accepted provisional by version",
 			attestation: attestation11355,
 			opts: &Options{
-				UserData:                  nonce11355[:],
+				ReportData:                nonce11355[:],
 				GuestPolicy:               abi.SnpPolicy{Debug: true},
 				PermitProvisionalFirmware: true,
 			},
 		},
 		{
 			name:        "rejected provisional by version",
 			attestation: attestation11355,
-			opts:        &Options{UserData: nonce11355[:], GuestPolicy: abi.SnpPolicy{Debug: true}},
+			opts:        &Options{ReportData: nonce11355[:], GuestPolicy: abi.SnpPolicy{Debug: true}},
 			wantErr:     "committed API version (1.49) does not match the current API version (1.51)",
 		},
 	}
@@ -427,7 +427,7 @@ func TestValidateSnpAttestation(t *testing.T) {
 		switch i {
 		case 0:
 			name = "REPORT_DATA"
-			opts.UserData = make([]byte, abi.ReportDataSize)
+			opts.ReportData = make([]byte, abi.ReportDataSize)
 		case 1:
 			name = "HOST_DATA"
 			opts.HostData = make([]byte, abi.HostDataSize)