Use integer consistently for productID

BUILD.md

@@ -54,7 +54,7 @@ Here is an example that has only the `SecurityVersion` and `ProductID` set:
 	"Packages": {
 		"backend": {
 			"SecurityVersion": 1,
-			"ProductID": [3]
+			"ProductID": 3
 		}
 	},
 	"Infrastructures": {
@@ -150,4 +150,12 @@ go test ./test/ -v -tags integration --args -b ../build/ -s
 
 ```bash
 go test ./test/ -v -tags integration --args -b ../build/ -s -noenclave
-```
+```
+
+### Dockerimage
+
+You can build the docker image by providing a signing key:
+
+```bash
+docker buildx build --secret id=repoaccess,src=<path to .netrc> --secret id=signingkey,src=<path to private.pem> --target release --tag ghcr.io/edgelesssys/coordinator:latest .
+```

coordinator/quote/ert.go

@@ -1,7 +1,6 @@
 package quote
 
 import (
-	"bytes"
 	"strings"
 
 	"github.com/google/go-cmp/cmp"
@@ -17,7 +16,7 @@ type PackageProperties struct {
 	// Hash of the enclave signer's public key
 	SignerID string
 	// Product ID of the package
-	ProductID []byte
+	ProductID *uint64
 	// Security version number of the package
 	SecurityVersion *uint
 }
@@ -46,7 +45,7 @@ func (required PackageProperties) IsCompliant(given PackageProperties) bool {
 	if len(required.SignerID) > 0 && !strings.EqualFold(required.SignerID, given.SignerID) {
 		return false
 	}
-	if len(required.ProductID) > 0 && !bytes.Equal(required.ProductID, given.ProductID[:len(required.ProductID)]) {
+	if required.ProductID != nil && *required.ProductID != *given.ProductID {
 		return false
 	}
 	if required.SecurityVersion != nil && *required.SecurityVersion > *given.SecurityVersion {

coordinator/quote/ertvalidator/ertvalidator.go

@@ -3,6 +3,7 @@ package ertvalidator
 import (
 	"bytes"
 	"crypto/sha256"
+	"encoding/binary"
 	"encoding/hex"
 	"fmt"
 
@@ -34,11 +35,12 @@ func (m *ERTValidator) Validate(givenQuote []byte, cert []byte, pp quote.Package
 	}
 
 	// Verify PackageProperties
+	productID := binary.LittleEndian.Uint64(report.ProductID)
 	reportedProps := quote.PackageProperties{
 		UniqueID:        hex.EncodeToString(report.UniqueID),
 		SignerID:        hex.EncodeToString(report.SignerID),
 		Debug:           report.Debug,
-		ProductID:       report.ProductID,
+		ProductID:       &productID,
 		SecurityVersion: &report.SecurityVersion,
 	}
 	if !pp.IsCompliant(reportedProps) {

docs/add-service.md

@@ -26,7 +26,7 @@ The manifest contains a section with the information used to authenticate each s
 		"backend": {
 			"UniqueID": "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
             "SignerID": "c0ffeec0ffeec0ffeec0ffeec0ffeec0ffeec0ffeec0ffeec0ffeec0ffeec0ffee",
-            "ProductID": [1337],
+            "ProductID": 1337,
             "SecurityVersion": 1,
 			"Debug": false
 		},
@@ -46,9 +46,7 @@ You'll see something like this:
 ```json
 {
     "SecurityVersion": 1,
-    "ProductID": [
-        3
-    ],
+    "ProductID": 3
     "UniqueID": "6b2822ac2585040d4b9397675d54977a71ef292ab5b3c0a6acceca26074ae585",
     "SignerID": "5826218dbe96de0d7b3b1ccf70ece51457e71e886a3d4c1f18b27576d22cdc74"
 }
@@ -61,7 +59,7 @@ You can add this directly to your `manifest.json` file like so:
 		"backend": {
 			"UniqueID": "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
             "SignerID": "c0ffeec0ffeec0ffeec0ffeec0ffeec0ffeec0ffeec0ffeec0ffeec0ffeec0ffee",
-            "ProductID": [1337],
+            "ProductID": 1337,
             "SecurityVersion": 1,
 			"Debug": false
 		},

docs/set-manifest.md

@@ -13,13 +13,13 @@ See the following manifest for example (manifest.jso
 		"backend": {
 			"UniqueID": "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
             "SignerID": "c0ffeec0ffeec0ffeec0ffeec0ffeec0ffeec0ffeec0ffeec0ffeec0ffeec0ffee",
-            "ProductID": [1337],
+            "ProductID": 1337,
             "SecurityVersion": 1,
 			"Debug": false
 		},
 		"frontend": {
 			"UniqueID": "1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100",
-			"ProductID": [42],
+			"ProductID": 42,
 			"SecurityVersion": 3,
 			"Debug": true
 		}

test/integration_test.go

@@ -6,7 +6,6 @@ import (
 	"bytes"
 	"crypto/tls"
 	"crypto/x509"
-	"encoding/binary"
 	"encoding/json"
 	"flag"
 	"fmt"
@@ -80,7 +79,7 @@ func updateManifest() {
 		SecurityVersion uint
 		UniqueID        string
 		SignerID        string
-		ProductID       []uint64
+		ProductID       uint64
 	}
 	if err := json.Unmarshal(config, &cfg); err != nil {
 		panic(err)
@@ -90,8 +89,7 @@ func updateManifest() {
 	pkg.UniqueID = cfg.UniqueID
 	pkg.SignerID = cfg.SignerID
 	pkg.SecurityVersion = &cfg.SecurityVersion
-	pkg.ProductID = make([]byte, 8)
-	binary.LittleEndian.PutUint64(pkg.ProductID, cfg.ProductID[0])
+	pkg.ProductID = &cfg.ProductID
 	manifest.Packages["backend"] = pkg
 }
 

test/manifests.go

@@ -9,7 +9,7 @@ const ManifestJSON string = `{
 		},
 		"frontend": {
 			"SignerID": "1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100",
-			"ProductID": [44],
+			"ProductID": 44,
 			"SecurityVersion": 3,
 			"Debug": true
 		}
@@ -87,12 +87,12 @@ const IntegrationManifestJSON string = `{
 		"backend": {
 			"Debug": true,
 			"SecurityVersion": 1,
-			"ProductID": [3]
+			"ProductID": 3
 		},
 		"frontend": {
 			"Debug": true,
 			"SecurityVersion": 2,
-			"ProductID": [3]
+			"ProductID": 3
 		}
 	},
 	"Infrastructures": {

tools/create_config.py

@@ -21,7 +21,7 @@ def parseSignInfo(info):
     m = re.findall(r"product_id=(\d+)", info)
     if len(m) <= 0:
         raise Exception("Couldn't find product_id in signature info")
-    config["ProductID"] = [int(m[0])]
+    config["ProductID"] = int(m[0])
 
     m = re.findall(r"mrenclave=([abcdef\d]+)", info)
     if len(m) <= 0: