New tee type: CCA (Confidential Compute Architecture)

Signed-off-by: Dave Chen <[email protected]>

Cargo.toml

@@ -13,7 +13,7 @@ base64 = "0.13.0"
 bincode = { version = "1.3.3", optional = true }
 ctr = { version = "0.9.2", optional = true }
 foreign-types = { version = "0.5.0", optional = true }
-kbs-types = "0.2"
+kbs-types = { git = "https://github.com/chendave/kbs-types.git", branch = "demo1.0" }
 log = "0.4.14"
 openssl = { version = "0.10", features = ["vendored"], optional = true}
 prost = { version = "0.11.0", optional = true }
@@ -39,7 +39,7 @@ rstest = "0.16.0"
 tonic-build = { version = "0.8.0", optional = true }
 
 [features]
-default = ["sample_kbc", "rust-crypto"]
+default = ["sample_kbc", "rust-crypto", "cc_kbc"]
 
 cc_kbc = ["rand", "rsa", "sha2", "reqwest"]
 all-attesters = ["tdx-attester"]

src/kbc_modules/cc_kbc/attester/cca/cca-claims-without-realm-challenge.json

@@ -0,0 +1,50 @@
+{
+  "cca-platform-token": {
+    "cca-platform-profile": "http://arm.com/CCA-SSD/1.0.0",
+    "cca-platform-implementation-id": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=",
+    "cca-platform-instance-id": "AQICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC",
+    "cca-platform-config": "AQID",
+    "cca-platform-lifecycle": 12288,
+    "cca-platform-sw-components": [
+      {
+          "measurement-type": "BL",
+          "measurement-value": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=",
+          "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=",
+          "version": "3.4.2"
+        },
+        {
+          "measurement-type": "M1",
+          "measurement-value": "CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=",
+          "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=",
+          "version": "1.2.0"
+        },
+        {
+          "measurement-type": "M2",
+          "measurement-value": "DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=",
+          "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=",
+          "version": "1.2.3"
+        },
+        {
+          "measurement-type": "M3",
+          "measurement-value": "EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=",
+          "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=",
+          "version": "1.0.0"
+      }
+  ],
+    "cca-platform-service-indicator": "https://veraison.example/v1/challenge-response",
+    "cca-platform-hash-algo-id": "sha-256"
+  },
+  "cca-realm-delegated-token": {
+    "cca-realm-personalization-value": "QURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBRA==",
+    "cca-realm-initial-measurement": "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==",
+    "cca-realm-extensible-measurements": [
+      "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==",
+      "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==",
+      "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==",
+      "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw=="
+    ],
+    "cca-realm-hash-algo-id": "sha-256",
+    "cca-realm-public-key": "BIL70TKptcOWh5+7FTQNkFCXjlXHnVJ5oroOlYVPN+IM0vZPO3K1cLvXc+7iznaEJe31Re2+if+v4OlrvUbicPIHlsRIuY2vRqdk0nRC5ubthPjOyBfm7ManHTo959Z+zQ==",
+    "cca-realm-public-key-hash-algo-id": "sha-512"
+  }
+}

src/kbc_modules/cc_kbc/attester/cca/mod.rs

@@ -0,0 +1,30 @@
+// Copyright (c) 2023 Arm Ltd.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+
+use super::Attester;
+use anyhow::*;
+use std::env;
+
+
+// If the environment variable "CCA_ATTESTER" is set,
+// the TEE platform is considered as "CCA".
+pub fn detect_platform() -> bool {
+    env::var("CCA_ATTESTER").is_ok()
+}
+
+
+#[derive(Debug, Default)]
+pub struct CCAAttester {}
+
+// NOTE: If we sign the evidence here rather by a veraison proxy (proxy to veraison verifier), we need to rustify the cbor lib to support the logic around signature.
+#[allow(unused_variables)]
+impl Attester for CCAAttester {
+    fn get_evidence(&self, data: String) -> Result<String> {
+        let s = std::include_str!("cca-claims-without-realm-challenge.json").as_bytes();
+        let evidence = String::from_utf8_lossy(s);
+        println!("evidence: {}", evidence);
+        serde_json::to_string(&evidence).map_err(|_| anyhow!("Serialize evidence failed"))
+    }
+}

src/kbc_modules/cc_kbc/attester/mod.rs

@@ -6,6 +6,7 @@
 use anyhow::*;
 
 pub mod sample;
+pub mod cca;
 
 #[cfg(feature = "tdx-attester")]
 pub mod tdx;
@@ -15,20 +16,23 @@ pub mod tdx;
 /// - Sgx: SGX TEE.
 /// - Sevsnp: SEV-SNP TEE.
 /// - Sample: A dummy TEE that used to test/demo the KBC functionalities.
+/// - CCA: Arm Confidential Compute Architecture TEE.
 #[derive(Debug, EnumString, Display)]
 #[strum(ascii_case_insensitive, serialize_all = "lowercase")]
 pub enum Tee {
     Tdx,
     Sgx,
     Sevsnp,
     Sample,
+    CCA,
     Unknown,
 }
 
 impl Tee {
     pub fn to_attester(&self) -> Result<Box<dyn Attester + Send + Sync>> {
         match self {
             Tee::Sample => Ok(Box::<sample::SampleAttester>::default()),
+            Tee::CCA => Ok(Box::<cca::CCAAttester>::default()),
             #[cfg(feature = "tdx-attester")]
             Tee::Tdx => Ok(Box::<tdx::TdxAttester>::default()),
             _ => bail!("TEE is not supported!"),
@@ -45,6 +49,9 @@ pub fn detect_tee_type() -> Tee {
     if sample::detect_platform() {
         return Tee::Sample;
     }
+    if cca::detect_platform() {
+        return Tee::CCA;
+    }
     #[cfg(feature = "tdx-attester")]
     if tdx::detect_platform() {
         return Tee::Tdx;