Allow multiple expected measurements per register

Signed-off-by: bakhtin <a@bakhtin.net>

Author: bakhtin

README.md

@@ -225,12 +225,21 @@ Payload
 	"attestation_type": "azure-tdx",
 	"measurements": {
 		"11": {
-		    "expected": "efa43e0beff151b0f251c4abf48152382b1452b4414dbd737b4127de05ca31f7"
+		    "expected": ["efa43e0beff151b0f251c4abf48152382b1452b4414dbd737b4127de05ca31f7", "abc123..."]
 	    },
+		"4": {
+		    "expected": ["ea92ff762767eae6316794f1641c485d4846bc2b9df2eab6ba7f630ce6f4d66f"]
+	    }
   }
 }
 ```
 
+The `expected` field accepts either:
+- A list of strings (recommended): `"expected": ["value1", "value2"]` - any matching value is accepted (OR semantics)
+- A single string (legacy): `"expected": "value"` - for backwards compatibility
+
+Using a list is recommended as it allows specifying multiple valid measurement values for a single key, which is useful when multiple firmware versions or configurations should be accepted.
+
 Note that only the measurements given are expected, and any non-present will be ignored.
 
 To allow _any_ measurement, use an empty measurements field:

adapters/database/service_test.go

@@ -63,7 +63,7 @@ func TestAdminFlow(t *testing.T) {
 
 	t.Run("AdminFlow", func(t *testing.T) {
 		t.Run("add measurement", func(t *testing.T) {
-			err := dbService.AddMeasurement(context.Background(), *domain.NewMeasurement("test-measurement-1", "test-type", map[string]domain.SingleMeasurement{"test": {Expected: "0x1234"}}), false)
+			err := dbService.AddMeasurement(context.Background(), *domain.NewMeasurement("test-measurement-1", "test-type", map[string]domain.SingleMeasurement{"test": {Expected: []string{"0x1234"}}}), false)
 			require.NoError(t, err)
 		})
 		t.Run("add builder", func(t *testing.T) {

application/service.go

@@ -87,12 +87,27 @@ func validateMeasurement(measurement map[string]string, measurementTemplate []do
 	return "", domain.ErrNotFound
 }
 
-// validates that all fields from measurementTemplate are the same in measurement
+// validates that all fields from measurementTemplate are the same in measurement.
+// For each field, the measurement value must match at least one of the expected values (OR semantics).
 func checkMeasurement(measurement map[string]string, measurementTemplate domain.Measurement) bool {
 	for k, v := range measurementTemplate.Measurement {
-		if val, ok := measurement[k]; !ok || val != v.Expected {
+		val, ok := measurement[k]
+		if !ok {
+			return false
+		}
+		if !matchesAnyExpected(val, v.Expected) {
 			return false
 		}
 	}
 	return true
 }
+
+// matchesAnyExpected returns true if the value matches any of the expected values.
+func matchesAnyExpected(value string, expected []string) bool {
+	for _, exp := range expected {
+		if value == exp {
+			return true
+		}
+	}
+	return false
+}

application/service_test.go

@@ -0,0 +1,192 @@
+package application
+
+import (
+	"testing"
+
+	"github.com/flashbots/builder-hub/domain"
+	"github.com/stretchr/testify/require"
+)
+
+func TestCheckMeasurement_SingleExpectedValue(t *testing.T) {
+	template := domain.Measurement{
+		Name:            "test",
+		AttestationType: "azure-tdx",
+		Measurement: map[string]domain.SingleMeasurement{
+			"8":  {Expected: []string{"0000"}},
+			"11": {Expected: []string{"aaaa"}},
+		},
+	}
+
+	t.Run("exact match", func(t *testing.T) {
+		measurement := map[string]string{
+			"8":  "0000",
+			"11": "aaaa",
+		}
+		require.True(t, checkMeasurement(measurement, template))
+	})
+
+	t.Run("wrong value", func(t *testing.T) {
+		measurement := map[string]string{
+			"8":  "0000",
+			"11": "bbbb",
+		}
+		require.False(t, checkMeasurement(measurement, template))
+	})
+
+	t.Run("missing key", func(t *testing.T) {
+		measurement := map[string]string{
+			"8": "0000",
+		}
+		require.False(t, checkMeasurement(measurement, template))
+	})
+
+	t.Run("extra key in measurement is allowed", func(t *testing.T) {
+		measurement := map[string]string{
+			"8":  "0000",
+			"11": "aaaa",
+			"99": "extra",
+		}
+		require.True(t, checkMeasurement(measurement, template))
+	})
+}
+
+func TestCheckMeasurement_MultipleExpectedValues(t *testing.T) {
+	template := domain.Measurement{
+		Name:            "test",
+		AttestationType: "azure-tdx",
+		Measurement: map[string]domain.SingleMeasurement{
+			"8":  {Expected: []string{"0000", "1111", "2222"}},
+			"11": {Expected: []string{"aaaa", "bbbb"}},
+		},
+	}
+
+	t.Run("first expected value matches", func(t *testing.T) {
+		measurement := map[string]string{
+			"8":  "0000",
+			"11": "aaaa",
+		}
+		require.True(t, checkMeasurement(measurement, template))
+	})
+
+	t.Run("second expected value matches", func(t *testing.T) {
+		measurement := map[string]string{
+			"8":  "1111",
+			"11": "bbbb",
+		}
+		require.True(t, checkMeasurement(measurement, template))
+	})
+
+	t.Run("third expected value for key 8", func(t *testing.T) {
+		measurement := map[string]string{
+			"8":  "2222",
+			"11": "aaaa",
+		}
+		require.True(t, checkMeasurement(measurement, template))
+	})
+
+	t.Run("value not in expected list", func(t *testing.T) {
+		measurement := map[string]string{
+			"8":  "3333",
+			"11": "aaaa",
+		}
+		require.False(t, checkMeasurement(measurement, template))
+	})
+
+	t.Run("one key matches, other does not", func(t *testing.T) {
+		measurement := map[string]string{
+			"8":  "0000",
+			"11": "cccc",
+		}
+		require.False(t, checkMeasurement(measurement, template))
+	})
+}
+
+func TestValidateMeasurement(t *testing.T) {
+	templates := []domain.Measurement{
+		{
+			Name:            "template-1",
+			AttestationType: "azure-tdx",
+			Measurement: map[string]domain.SingleMeasurement{
+				"8":  {Expected: []string{"0000"}},
+				"11": {Expected: []string{"aaaa", "bbbb"}},
+			},
+		},
+		{
+			Name:            "template-2",
+			AttestationType: "azure-tdx",
+			Measurement: map[string]domain.SingleMeasurement{
+				"8":  {Expected: []string{"1111"}},
+				"11": {Expected: []string{"cccc"}},
+			},
+		},
+	}
+
+	t.Run("matches first template", func(t *testing.T) {
+		measurement := map[string]string{
+			"8":  "0000",
+			"11": "aaaa",
+		}
+		name, err := validateMeasurement(measurement, templates)
+		require.NoError(t, err)
+		require.Equal(t, "template-1", name)
+	})
+
+	t.Run("matches first template with second expected value", func(t *testing.T) {
+		measurement := map[string]string{
+			"8":  "0000",
+			"11": "bbbb",
+		}
+		name, err := validateMeasurement(measurement, templates)
+		require.NoError(t, err)
+		require.Equal(t, "template-1", name)
+	})
+
+	t.Run("matches second template", func(t *testing.T) {
+		measurement := map[string]string{
+			"8":  "1111",
+			"11": "cccc",
+		}
+		name, err := validateMeasurement(measurement, templates)
+		require.NoError(t, err)
+		require.Equal(t, "template-2", name)
+	})
+
+	t.Run("no match returns error", func(t *testing.T) {
+		measurement := map[string]string{
+			"8":  "9999",
+			"11": "zzzz",
+		}
+		_, err := validateMeasurement(measurement, templates)
+		require.ErrorIs(t, err, domain.ErrNotFound)
+	})
+}
+
+func TestMatchesAnyExpected(t *testing.T) {
+	t.Run("empty list returns false", func(t *testing.T) {
+		require.False(t, matchesAnyExpected("value", []string{}))
+	})
+
+	t.Run("single value match", func(t *testing.T) {
+		require.True(t, matchesAnyExpected("value", []string{"value"}))
+	})
+
+	t.Run("single value no match", func(t *testing.T) {
+		require.False(t, matchesAnyExpected("value", []string{"other"}))
+	})
+
+	t.Run("multiple values first match", func(t *testing.T) {
+		require.True(t, matchesAnyExpected("a", []string{"a", "b", "c"}))
+	})
+
+	t.Run("multiple values middle match", func(t *testing.T) {
+		require.True(t, matchesAnyExpected("b", []string{"a", "b", "c"}))
+	})
+
+	t.Run("multiple values last match", func(t *testing.T) {
+		require.True(t, matchesAnyExpected("c", []string{"a", "b", "c"}))
+	})
+
+	t.Run("multiple values no match", func(t *testing.T) {
+		require.False(t, matchesAnyExpected("d", []string{"a", "b", "c"}))
+	})
+}

domain/types.go

@@ -2,6 +2,7 @@
 package domain
 
 import (
+	"encoding/json"
 	"errors"
 	"net"
 
@@ -24,8 +25,52 @@ type Measurement struct {
 	Measurement     map[string]SingleMeasurement
 }
 
+// SingleMeasurement represents a single measurement with one or more expected values.
+// When multiple values are provided, any matching value is accepted (OR semantics).
 type SingleMeasurement struct {
-	Expected string `json:"expected"`
+	Expected []string
+}
+
+// UnmarshalJSON implements custom unmarshaling to support both:
+// - {"expected": "value"} (backwards compatible single string)
+// - {"expected": ["value1", "value2"]} (new list format)
+func (s *SingleMeasurement) UnmarshalJSON(data []byte) error {
+	// Try to unmarshal as object with expected field
+	var raw struct {
+		Expected json.RawMessage `json:"expected"`
+	}
+	if err := json.Unmarshal(data, &raw); err != nil {
+		return err
+	}
+
+	// Try to unmarshal expected as a string first (backwards compatibility)
+	var singleValue string
+	if err := json.Unmarshal(raw.Expected, &singleValue); err == nil {
+		s.Expected = []string{singleValue}
+		return nil
+	}
+
+	// Try to unmarshal expected as an array of strings
+	var multiValue []string
+	if err := json.Unmarshal(raw.Expected, &multiValue); err != nil {
+		return err
+	}
+	s.Expected = multiValue
+	return nil
+}
+
+// MarshalJSON implements custom marshaling to output:
+// - {"expected": "value"} when there's exactly one value (backwards compatible)
+// - {"expected": ["value1", "value2"]} when there are multiple values
+func (s SingleMeasurement) MarshalJSON() ([]byte, error) {
+	if len(s.Expected) == 1 {
+		return json.Marshal(struct {
+			Expected string `json:"expected"`
+		}{Expected: s.Expected[0]})
+	}
+	return json.Marshal(struct {
+		Expected []string `json:"expected"`
+	}{Expected: s.Expected})
 }
 
 func NewMeasurement(name, attestationType string, measurements map[string]SingleMeasurement) *Measurement {