From dc480141b3218979b373095eebca8f2109c871f7 Mon Sep 17 00:00:00 2001 From: Xynnn007 Date: Mon, 15 Jul 2024 15:17:26 +0800 Subject: [PATCH] AA: add GetTeeType API This new API is used for a caller to get current platform name. Signed-off-by: Xynnn007 --- Cargo.lock | 1 + .../attestation-agent/Cargo.toml | 1 + .../src/bin/grpc-aa/server.rs | 30 +- .../src/bin/ttrpc-aa/server.rs | 33 ++- .../ttrpc_protocol/attestation_agent.rs | 256 +++++++++++++++++- .../ttrpc_protocol/attestation_agent_ttrpc.rs | 22 ++ .../attestation-agent/src/lib.rs | 15 +- .../token_provider/aa/attestation_agent.rs | 252 ++++++++++++++++- .../aa/attestation_agent_ttrpc.rs | 22 ++ .../protos/attestation-agent.proto | 8 + 10 files changed, 610 insertions(+), 30 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index c768c1ecc..7349883c3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -289,6 +289,7 @@ dependencies = [ "config", "const_format", "env_logger 0.11.3", + "kbs-types", "kbs_protocol", "log", "prost 0.11.9", diff --git a/attestation-agent/attestation-agent/Cargo.toml b/attestation-agent/attestation-agent/Cargo.toml index 563515f89..c2e6fe824 100644 --- a/attestation-agent/attestation-agent/Cargo.toml +++ b/attestation-agent/attestation-agent/Cargo.toml @@ -23,6 +23,7 @@ config.workspace = true const_format.workspace = true env_logger = { workspace = true, optional = true } kbs_protocol = { path = "../kbs_protocol", default-features = false, optional = true } +kbs-types.workspace = true log.workspace = true prost = { workspace = true, optional = true } protobuf = { workspace = true, optional = true } diff --git a/attestation-agent/attestation-agent/src/bin/grpc-aa/server.rs b/attestation-agent/attestation-agent/src/bin/grpc-aa/server.rs index 2335eb2f8..a1e158fe7 100644 --- a/attestation-agent/attestation-agent/src/bin/grpc-aa/server.rs +++ b/attestation-agent/attestation-agent/src/bin/grpc-aa/server.rs @@ -9,8 +9,9 @@ use attestation::attestation_agent_service_server::{ }; use attestation::{ CheckInitDataRequest, CheckInitDataResponse, ExtendRuntimeMeasurementRequest, - ExtendRuntimeMeasurementResponse, GetEvidenceRequest, GetEvidenceResponse, GetTokenRequest, - GetTokenResponse, UpdateConfigurationRequest, UpdateConfigurationResponse, + ExtendRuntimeMeasurementResponse, GetEvidenceRequest, GetEvidenceResponse, GetTeeTypeRequest, + GetTeeTypeResponse, GetTokenRequest, GetTokenResponse, UpdateConfigurationRequest, + UpdateConfigurationResponse, }; use attestation_agent::{AttestationAPIs, AttestationAgent}; use log::{debug, error}; @@ -162,6 +163,31 @@ impl AttestationAgentService for AA { Result::Ok(Response::new(reply)) } + + async fn get_tee_type( + &self, + _request: Request, + ) -> Result, Status> { + let mut attestation_agent = self.inner.lock().await; + + debug!("AA (grpc): get tee type ..."); + + let tee = attestation_agent.get_tee_type(); + + let tee = serde_json::to_string(&tee) + .map_err(|e| { + error!("AA (ttrpc): get tee type failed:\n {e:?}"); + Status::internal(format!("[ERROR:{AGENT_NAME}] AA get tee type failed")) + })? + .trim_end_matches('"') + .trim_start_matches('"') + .to_string(); + debug!("AA (ttrpc): get tee type succeeded."); + + let reply = GetTeeTypeResponse { tee }; + + Result::Ok(Response::new(reply)) + } } pub async fn start_grpc_service(socket: SocketAddr, aa: AttestationAgent) -> Result<()> { diff --git a/attestation-agent/attestation-agent/src/bin/ttrpc-aa/server.rs b/attestation-agent/attestation-agent/src/bin/ttrpc-aa/server.rs index 95ba924a2..8f4f55eca 100644 --- a/attestation-agent/attestation-agent/src/bin/ttrpc-aa/server.rs +++ b/attestation-agent/attestation-agent/src/bin/ttrpc-aa/server.rs @@ -16,8 +16,8 @@ use std::sync::Arc; use crate::ttrpc_protocol::attestation_agent::{ ExtendRuntimeMeasurementRequest, ExtendRuntimeMeasurementResponse, GetEvidenceRequest, - GetEvidenceResponse, GetTokenRequest, GetTokenResponse, UpdateConfigurationRequest, - UpdateConfigurationResponse, + GetEvidenceResponse, GetTeeTypeRequest, GetTeeTypeResponse, GetTokenRequest, GetTokenResponse, + UpdateConfigurationRequest, UpdateConfigurationResponse, }; use crate::ttrpc_protocol::attestation_agent_ttrpc::{ create_attestation_agent_service, AttestationAgentService, @@ -145,6 +145,35 @@ impl AttestationAgentService for AA { let reply = UpdateConfigurationResponse::new(); ::ttrpc::Result::Ok(reply) } + + async fn get_tee_type( + &self, + _ctx: &::ttrpc::r#async::TtrpcContext, + _req: GetTeeTypeRequest, + ) -> ::ttrpc::Result { + debug!("AA (ttrpc): get tee type ..."); + + let mut attestation_agent = self.inner.lock().await; + + let tee = attestation_agent.get_tee_type(); + + let res = serde_json::to_string(&tee) + .map_err(|e| { + error!("AA (ttrpc): get tee type failed:\n {e:?}"); + let mut error_status = ::ttrpc::proto::Status::new(); + error_status.set_code(Code::INTERNAL); + error_status + .set_message(format!("[ERROR:{AGENT_NAME}] AA-KBC get tee type failed")); + ::ttrpc::Error::RpcStatus(error_status) + })? + .trim_end_matches('"') + .trim_start_matches('"') + .to_string(); + debug!("AA (ttrpc): get tee type succeeded."); + let mut reply = GetTeeTypeResponse::new(); + reply.tee = res; + ::ttrpc::Result::Ok(reply) + } } pub fn start_ttrpc_service(aa: AttestationAgent) -> Result> { diff --git a/attestation-agent/attestation-agent/src/bin/ttrpc-aa/ttrpc_protocol/attestation_agent.rs b/attestation-agent/attestation-agent/src/bin/ttrpc-aa/ttrpc_protocol/attestation_agent.rs index 6a05d14ba..69634d962 100644 --- a/attestation-agent/attestation-agent/src/bin/ttrpc-aa/ttrpc_protocol/attestation_agent.rs +++ b/attestation-agent/attestation-agent/src/bin/ttrpc-aa/ttrpc_protocol/attestation_agent.rs @@ -1,4 +1,4 @@ -// This file is generated by rust-protobuf 3.4.0. Do not edit +// This file is generated by rust-protobuf 3.5.0. Do not edit // .proto file is parsed by pure // @generated @@ -23,7 +23,7 @@ /// Generated files are compatible only with the same version /// of protobuf runtime. -const _PROTOBUF_VERSION_CHECK: () = ::protobuf::VERSION_3_4_0; +const _PROTOBUF_VERSION_CHECK: () = ::protobuf::VERSION_3_5_0; // @@protoc_insertion_point(message:attestation_agent.GetEvidenceRequest) #[derive(PartialEq,Clone,Default,Debug)] @@ -1382,6 +1382,231 @@ impl ::protobuf::reflect::ProtobufValue for UpdateConfigurationResponse { type RuntimeType = ::protobuf::reflect::rt::RuntimeTypeMessage; } +// @@protoc_insertion_point(message:attestation_agent.GetTeeTypeRequest) +#[derive(PartialEq,Clone,Default,Debug)] +pub struct GetTeeTypeRequest { + // special fields + // @@protoc_insertion_point(special_field:attestation_agent.GetTeeTypeRequest.special_fields) + pub special_fields: ::protobuf::SpecialFields, +} + +impl<'a> ::std::default::Default for &'a GetTeeTypeRequest { + fn default() -> &'a GetTeeTypeRequest { + ::default_instance() + } +} + +impl GetTeeTypeRequest { + pub fn new() -> GetTeeTypeRequest { + ::std::default::Default::default() + } + + fn generated_message_descriptor_data() -> ::protobuf::reflect::GeneratedMessageDescriptorData { + let mut fields = ::std::vec::Vec::with_capacity(0); + let mut oneofs = ::std::vec::Vec::with_capacity(0); + ::protobuf::reflect::GeneratedMessageDescriptorData::new_2::( + "GetTeeTypeRequest", + fields, + oneofs, + ) + } +} + +impl ::protobuf::Message for GetTeeTypeRequest { + const NAME: &'static str = "GetTeeTypeRequest"; + + fn is_initialized(&self) -> bool { + true + } + + fn merge_from(&mut self, is: &mut ::protobuf::CodedInputStream<'_>) -> ::protobuf::Result<()> { + while let Some(tag) = is.read_raw_tag_or_eof()? { + match tag { + tag => { + ::protobuf::rt::read_unknown_or_skip_group(tag, is, self.special_fields.mut_unknown_fields())?; + }, + }; + } + ::std::result::Result::Ok(()) + } + + // Compute sizes of nested messages + #[allow(unused_variables)] + fn compute_size(&self) -> u64 { + let mut my_size = 0; + my_size += ::protobuf::rt::unknown_fields_size(self.special_fields.unknown_fields()); + self.special_fields.cached_size().set(my_size as u32); + my_size + } + + fn write_to_with_cached_sizes(&self, os: &mut ::protobuf::CodedOutputStream<'_>) -> ::protobuf::Result<()> { + os.write_unknown_fields(self.special_fields.unknown_fields())?; + ::std::result::Result::Ok(()) + } + + fn special_fields(&self) -> &::protobuf::SpecialFields { + &self.special_fields + } + + fn mut_special_fields(&mut self) -> &mut ::protobuf::SpecialFields { + &mut self.special_fields + } + + fn new() -> GetTeeTypeRequest { + GetTeeTypeRequest::new() + } + + fn clear(&mut self) { + self.special_fields.clear(); + } + + fn default_instance() -> &'static GetTeeTypeRequest { + static instance: GetTeeTypeRequest = GetTeeTypeRequest { + special_fields: ::protobuf::SpecialFields::new(), + }; + &instance + } +} + +impl ::protobuf::MessageFull for GetTeeTypeRequest { + fn descriptor() -> ::protobuf::reflect::MessageDescriptor { + static descriptor: ::protobuf::rt::Lazy<::protobuf::reflect::MessageDescriptor> = ::protobuf::rt::Lazy::new(); + descriptor.get(|| file_descriptor().message_by_package_relative_name("GetTeeTypeRequest").unwrap()).clone() + } +} + +impl ::std::fmt::Display for GetTeeTypeRequest { + fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { + ::protobuf::text_format::fmt(self, f) + } +} + +impl ::protobuf::reflect::ProtobufValue for GetTeeTypeRequest { + type RuntimeType = ::protobuf::reflect::rt::RuntimeTypeMessage; +} + +// @@protoc_insertion_point(message:attestation_agent.GetTeeTypeResponse) +#[derive(PartialEq,Clone,Default,Debug)] +pub struct GetTeeTypeResponse { + // message fields + // @@protoc_insertion_point(field:attestation_agent.GetTeeTypeResponse.tee) + pub tee: ::std::string::String, + // special fields + // @@protoc_insertion_point(special_field:attestation_agent.GetTeeTypeResponse.special_fields) + pub special_fields: ::protobuf::SpecialFields, +} + +impl<'a> ::std::default::Default for &'a GetTeeTypeResponse { + fn default() -> &'a GetTeeTypeResponse { + ::default_instance() + } +} + +impl GetTeeTypeResponse { + pub fn new() -> GetTeeTypeResponse { + ::std::default::Default::default() + } + + fn generated_message_descriptor_data() -> ::protobuf::reflect::GeneratedMessageDescriptorData { + let mut fields = ::std::vec::Vec::with_capacity(1); + let mut oneofs = ::std::vec::Vec::with_capacity(0); + fields.push(::protobuf::reflect::rt::v2::make_simpler_field_accessor::<_, _>( + "tee", + |m: &GetTeeTypeResponse| { &m.tee }, + |m: &mut GetTeeTypeResponse| { &mut m.tee }, + )); + ::protobuf::reflect::GeneratedMessageDescriptorData::new_2::( + "GetTeeTypeResponse", + fields, + oneofs, + ) + } +} + +impl ::protobuf::Message for GetTeeTypeResponse { + const NAME: &'static str = "GetTeeTypeResponse"; + + fn is_initialized(&self) -> bool { + true + } + + fn merge_from(&mut self, is: &mut ::protobuf::CodedInputStream<'_>) -> ::protobuf::Result<()> { + while let Some(tag) = is.read_raw_tag_or_eof()? { + match tag { + 10 => { + self.tee = is.read_string()?; + }, + tag => { + ::protobuf::rt::read_unknown_or_skip_group(tag, is, self.special_fields.mut_unknown_fields())?; + }, + }; + } + ::std::result::Result::Ok(()) + } + + // Compute sizes of nested messages + #[allow(unused_variables)] + fn compute_size(&self) -> u64 { + let mut my_size = 0; + if !self.tee.is_empty() { + my_size += ::protobuf::rt::string_size(1, &self.tee); + } + my_size += ::protobuf::rt::unknown_fields_size(self.special_fields.unknown_fields()); + self.special_fields.cached_size().set(my_size as u32); + my_size + } + + fn write_to_with_cached_sizes(&self, os: &mut ::protobuf::CodedOutputStream<'_>) -> ::protobuf::Result<()> { + if !self.tee.is_empty() { + os.write_string(1, &self.tee)?; + } + os.write_unknown_fields(self.special_fields.unknown_fields())?; + ::std::result::Result::Ok(()) + } + + fn special_fields(&self) -> &::protobuf::SpecialFields { + &self.special_fields + } + + fn mut_special_fields(&mut self) -> &mut ::protobuf::SpecialFields { + &mut self.special_fields + } + + fn new() -> GetTeeTypeResponse { + GetTeeTypeResponse::new() + } + + fn clear(&mut self) { + self.tee.clear(); + self.special_fields.clear(); + } + + fn default_instance() -> &'static GetTeeTypeResponse { + static instance: GetTeeTypeResponse = GetTeeTypeResponse { + tee: ::std::string::String::new(), + special_fields: ::protobuf::SpecialFields::new(), + }; + &instance + } +} + +impl ::protobuf::MessageFull for GetTeeTypeResponse { + fn descriptor() -> ::protobuf::reflect::MessageDescriptor { + static descriptor: ::protobuf::rt::Lazy<::protobuf::reflect::MessageDescriptor> = ::protobuf::rt::Lazy::new(); + descriptor.get(|| file_descriptor().message_by_package_relative_name("GetTeeTypeResponse").unwrap()).clone() + } +} + +impl ::std::fmt::Display for GetTeeTypeResponse { + fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { + ::protobuf::text_format::fmt(self, f) + } +} + +impl ::protobuf::reflect::ProtobufValue for GetTeeTypeResponse { + type RuntimeType = ::protobuf::reflect::rt::RuntimeTypeMessage; +} + static file_descriptor_proto_data: &'static [u8] = b"\ \n\x17attestation-agent.proto\x12\x11attestation_agent\"6\n\x12GetEviden\ ceRequest\x12\x20\n\x0bRuntimeData\x18\x01\x20\x01(\x0cR\x0bRuntimeData\ @@ -1398,16 +1623,19 @@ static file_descriptor_proto_data: &'static [u8] = b"\ \n\x14CheckInitDataRequest\x12\x16\n\x06Digest\x18\x01\x20\x01(\x0cR\x06\ Digest\"\x17\n\x15CheckInitDataResponse\"4\n\x1aUpdateConfigurationReque\ st\x12\x16\n\x06config\x18\x01\x20\x01(\tR\x06config\"\x1d\n\x1bUpdateCo\ - nfigurationResponse2\xac\x04\n\x17AttestationAgentService\x12\\\n\x0bGet\ - Evidence\x12%.attestation_agent.GetEvidenceRequest\x1a&.attestation_agen\ - t.GetEvidenceResponse\x12S\n\x08GetToken\x12\".attestation_agent.GetToke\ - nRequest\x1a#.attestation_agent.GetTokenResponse\x12\x83\x01\n\x18Extend\ - RuntimeMeasurement\x122.attestation_agent.ExtendRuntimeMeasurementReques\ - t\x1a3.attestation_agent.ExtendRuntimeMeasurementResponse\x12b\n\rCheckI\ - nitData\x12'.attestation_agent.CheckInitDataRequest\x1a(.attestation_age\ - nt.CheckInitDataResponse\x12t\n\x13UpdateConfiguration\x12-.attestation_\ - agent.UpdateConfigurationRequest\x1a..attestation_agent.UpdateConfigurat\ - ionResponseb\x06proto3\ + nfigurationResponse\"\x13\n\x11GetTeeTypeRequest\"&\n\x12GetTeeTypeRespo\ + nse\x12\x10\n\x03tee\x18\x01\x20\x01(\tR\x03tee2\x87\x05\n\x17Attestatio\ + nAgentService\x12\\\n\x0bGetEvidence\x12%.attestation_agent.GetEvidenceR\ + equest\x1a&.attestation_agent.GetEvidenceResponse\x12S\n\x08GetToken\x12\ + \".attestation_agent.GetTokenRequest\x1a#.attestation_agent.GetTokenResp\ + onse\x12\x83\x01\n\x18ExtendRuntimeMeasurement\x122.attestation_agent.Ex\ + tendRuntimeMeasurementRequest\x1a3.attestation_agent.ExtendRuntimeMeasur\ + ementResponse\x12b\n\rCheckInitData\x12'.attestation_agent.CheckInitData\ + Request\x1a(.attestation_agent.CheckInitDataResponse\x12t\n\x13UpdateCon\ + figuration\x12-.attestation_agent.UpdateConfigurationRequest\x1a..attest\ + ation_agent.UpdateConfigurationResponse\x12Y\n\nGetTeeType\x12$.attestat\ + ion_agent.GetTeeTypeRequest\x1a%.attestation_agent.GetTeeTypeResponseb\ + \x06proto3\ "; /// `FileDescriptorProto` object which was a source for this generated file @@ -1425,7 +1653,7 @@ pub fn file_descriptor() -> &'static ::protobuf::reflect::FileDescriptor { file_descriptor.get(|| { let generated_file_descriptor = generated_file_descriptor_lazy.get(|| { let mut deps = ::std::vec::Vec::with_capacity(0); - let mut messages = ::std::vec::Vec::with_capacity(11); + let mut messages = ::std::vec::Vec::with_capacity(13); messages.push(GetEvidenceRequest::generated_message_descriptor_data()); messages.push(GetEvidenceResponse::generated_message_descriptor_data()); messages.push(GetTokenRequest::generated_message_descriptor_data()); @@ -1437,6 +1665,8 @@ pub fn file_descriptor() -> &'static ::protobuf::reflect::FileDescriptor { messages.push(CheckInitDataResponse::generated_message_descriptor_data()); messages.push(UpdateConfigurationRequest::generated_message_descriptor_data()); messages.push(UpdateConfigurationResponse::generated_message_descriptor_data()); + messages.push(GetTeeTypeRequest::generated_message_descriptor_data()); + messages.push(GetTeeTypeResponse::generated_message_descriptor_data()); let mut enums = ::std::vec::Vec::with_capacity(0); ::protobuf::reflect::GeneratedFileDescriptor::new_generated( file_descriptor_proto(), diff --git a/attestation-agent/attestation-agent/src/bin/ttrpc-aa/ttrpc_protocol/attestation_agent_ttrpc.rs b/attestation-agent/attestation-agent/src/bin/ttrpc-aa/ttrpc_protocol/attestation_agent_ttrpc.rs index fe912064f..baa18f5b7 100644 --- a/attestation-agent/attestation-agent/src/bin/ttrpc-aa/ttrpc_protocol/attestation_agent_ttrpc.rs +++ b/attestation-agent/attestation-agent/src/bin/ttrpc-aa/ttrpc_protocol/attestation_agent_ttrpc.rs @@ -56,6 +56,11 @@ impl AttestationAgentServiceClient { let mut cres = super::attestation_agent::UpdateConfigurationResponse::new(); ::ttrpc::async_client_request!(self, ctx, req, "attestation_agent.AttestationAgentService", "UpdateConfiguration", cres); } + + pub async fn get_tee_type(&self, ctx: ttrpc::context::Context, req: &super::attestation_agent::GetTeeTypeRequest) -> ::ttrpc::Result { + let mut cres = super::attestation_agent::GetTeeTypeResponse::new(); + ::ttrpc::async_client_request!(self, ctx, req, "attestation_agent.AttestationAgentService", "GetTeeType", cres); + } } struct GetEvidenceMethod { @@ -113,6 +118,17 @@ impl ::ttrpc::r#async::MethodHandler for UpdateConfigurationMethod { } } +struct GetTeeTypeMethod { + service: Arc>, +} + +#[async_trait] +impl ::ttrpc::r#async::MethodHandler for GetTeeTypeMethod { + async fn handler(&self, ctx: ::ttrpc::r#async::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<::ttrpc::Response> { + ::ttrpc::async_request_handler!(self, ctx, req, attestation_agent, GetTeeTypeRequest, get_tee_type); + } +} + #[async_trait] pub trait AttestationAgentService: Sync { async fn get_evidence(&self, _ctx: &::ttrpc::r#async::TtrpcContext, _: super::attestation_agent::GetEvidenceRequest) -> ::ttrpc::Result { @@ -130,6 +146,9 @@ pub trait AttestationAgentService: Sync { async fn update_configuration(&self, _ctx: &::ttrpc::r#async::TtrpcContext, _: super::attestation_agent::UpdateConfigurationRequest) -> ::ttrpc::Result { Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/attestation_agent.AttestationAgentService/UpdateConfiguration is not supported".to_string()))) } + async fn get_tee_type(&self, _ctx: &::ttrpc::r#async::TtrpcContext, _: super::attestation_agent::GetTeeTypeRequest) -> ::ttrpc::Result { + Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/attestation_agent.AttestationAgentService/GetTeeType is not supported".to_string()))) + } } pub fn create_attestation_agent_service(service: Arc>) -> HashMap { @@ -152,6 +171,9 @@ pub fn create_attestation_agent_service(service: Arc); + methods.insert("GetTeeType".to_string(), + Box::new(GetTeeTypeMethod{service: service.clone()}) as Box); + ret.insert("attestation_agent.AttestationAgentService".to_string(), ::ttrpc::r#async::Service{ methods, streams }); ret } diff --git a/attestation-agent/attestation-agent/src/lib.rs b/attestation-agent/attestation-agent/src/lib.rs index 0f6c35155..8d3a3ef92 100644 --- a/attestation-agent/attestation-agent/src/lib.rs +++ b/attestation-agent/attestation-agent/src/lib.rs @@ -6,6 +6,7 @@ use anyhow::{Context, Result}; use async_trait::async_trait; use attester::{detect_tee_type, BoxedAttester}; +use kbs_types::Tee; use std::{io::Write, str::FromStr}; use tokio::sync::Mutex; @@ -70,6 +71,8 @@ pub trait AttestationAPIs { /// Check the initdata binding async fn check_init_data(&mut self, init_data: &[u8]) -> Result; + + fn get_tee_type(&mut self) -> Tee; } /// Attestation agent to provide attestation service. @@ -77,6 +80,7 @@ pub struct AttestationAgent { config: Config, attester: BoxedAttester, eventlog: Mutex, + tee: Tee, } impl AttestationAgent { @@ -111,14 +115,15 @@ impl AttestationAgent { } }; - let tee_type = detect_tee_type(); - let attester: BoxedAttester = tee_type.try_into()?; + let tee = detect_tee_type(); + let attester: BoxedAttester = tee.try_into()?; let eventlog = Mutex::new(EventLog::new()?); Ok(AttestationAgent { config, attester, eventlog, + tee, }) } @@ -216,4 +221,10 @@ impl AttestationAPIs for AttestationAgent { async fn check_init_data(&mut self, init_data: &[u8]) -> Result { self.attester.check_init_data(init_data).await } + + /// Get the tee type of current platform. If no platform is detected, + /// `Sample` will be returned. + fn get_tee_type(&mut self) -> Tee { + self.tee + } } diff --git a/attestation-agent/kbs_protocol/src/token_provider/aa/attestation_agent.rs b/attestation-agent/kbs_protocol/src/token_provider/aa/attestation_agent.rs index 4ff9523cd..69634d962 100644 --- a/attestation-agent/kbs_protocol/src/token_provider/aa/attestation_agent.rs +++ b/attestation-agent/kbs_protocol/src/token_provider/aa/attestation_agent.rs @@ -1382,6 +1382,231 @@ impl ::protobuf::reflect::ProtobufValue for UpdateConfigurationResponse { type RuntimeType = ::protobuf::reflect::rt::RuntimeTypeMessage; } +// @@protoc_insertion_point(message:attestation_agent.GetTeeTypeRequest) +#[derive(PartialEq,Clone,Default,Debug)] +pub struct GetTeeTypeRequest { + // special fields + // @@protoc_insertion_point(special_field:attestation_agent.GetTeeTypeRequest.special_fields) + pub special_fields: ::protobuf::SpecialFields, +} + +impl<'a> ::std::default::Default for &'a GetTeeTypeRequest { + fn default() -> &'a GetTeeTypeRequest { + ::default_instance() + } +} + +impl GetTeeTypeRequest { + pub fn new() -> GetTeeTypeRequest { + ::std::default::Default::default() + } + + fn generated_message_descriptor_data() -> ::protobuf::reflect::GeneratedMessageDescriptorData { + let mut fields = ::std::vec::Vec::with_capacity(0); + let mut oneofs = ::std::vec::Vec::with_capacity(0); + ::protobuf::reflect::GeneratedMessageDescriptorData::new_2::( + "GetTeeTypeRequest", + fields, + oneofs, + ) + } +} + +impl ::protobuf::Message for GetTeeTypeRequest { + const NAME: &'static str = "GetTeeTypeRequest"; + + fn is_initialized(&self) -> bool { + true + } + + fn merge_from(&mut self, is: &mut ::protobuf::CodedInputStream<'_>) -> ::protobuf::Result<()> { + while let Some(tag) = is.read_raw_tag_or_eof()? { + match tag { + tag => { + ::protobuf::rt::read_unknown_or_skip_group(tag, is, self.special_fields.mut_unknown_fields())?; + }, + }; + } + ::std::result::Result::Ok(()) + } + + // Compute sizes of nested messages + #[allow(unused_variables)] + fn compute_size(&self) -> u64 { + let mut my_size = 0; + my_size += ::protobuf::rt::unknown_fields_size(self.special_fields.unknown_fields()); + self.special_fields.cached_size().set(my_size as u32); + my_size + } + + fn write_to_with_cached_sizes(&self, os: &mut ::protobuf::CodedOutputStream<'_>) -> ::protobuf::Result<()> { + os.write_unknown_fields(self.special_fields.unknown_fields())?; + ::std::result::Result::Ok(()) + } + + fn special_fields(&self) -> &::protobuf::SpecialFields { + &self.special_fields + } + + fn mut_special_fields(&mut self) -> &mut ::protobuf::SpecialFields { + &mut self.special_fields + } + + fn new() -> GetTeeTypeRequest { + GetTeeTypeRequest::new() + } + + fn clear(&mut self) { + self.special_fields.clear(); + } + + fn default_instance() -> &'static GetTeeTypeRequest { + static instance: GetTeeTypeRequest = GetTeeTypeRequest { + special_fields: ::protobuf::SpecialFields::new(), + }; + &instance + } +} + +impl ::protobuf::MessageFull for GetTeeTypeRequest { + fn descriptor() -> ::protobuf::reflect::MessageDescriptor { + static descriptor: ::protobuf::rt::Lazy<::protobuf::reflect::MessageDescriptor> = ::protobuf::rt::Lazy::new(); + descriptor.get(|| file_descriptor().message_by_package_relative_name("GetTeeTypeRequest").unwrap()).clone() + } +} + +impl ::std::fmt::Display for GetTeeTypeRequest { + fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { + ::protobuf::text_format::fmt(self, f) + } +} + +impl ::protobuf::reflect::ProtobufValue for GetTeeTypeRequest { + type RuntimeType = ::protobuf::reflect::rt::RuntimeTypeMessage; +} + +// @@protoc_insertion_point(message:attestation_agent.GetTeeTypeResponse) +#[derive(PartialEq,Clone,Default,Debug)] +pub struct GetTeeTypeResponse { + // message fields + // @@protoc_insertion_point(field:attestation_agent.GetTeeTypeResponse.tee) + pub tee: ::std::string::String, + // special fields + // @@protoc_insertion_point(special_field:attestation_agent.GetTeeTypeResponse.special_fields) + pub special_fields: ::protobuf::SpecialFields, +} + +impl<'a> ::std::default::Default for &'a GetTeeTypeResponse { + fn default() -> &'a GetTeeTypeResponse { + ::default_instance() + } +} + +impl GetTeeTypeResponse { + pub fn new() -> GetTeeTypeResponse { + ::std::default::Default::default() + } + + fn generated_message_descriptor_data() -> ::protobuf::reflect::GeneratedMessageDescriptorData { + let mut fields = ::std::vec::Vec::with_capacity(1); + let mut oneofs = ::std::vec::Vec::with_capacity(0); + fields.push(::protobuf::reflect::rt::v2::make_simpler_field_accessor::<_, _>( + "tee", + |m: &GetTeeTypeResponse| { &m.tee }, + |m: &mut GetTeeTypeResponse| { &mut m.tee }, + )); + ::protobuf::reflect::GeneratedMessageDescriptorData::new_2::( + "GetTeeTypeResponse", + fields, + oneofs, + ) + } +} + +impl ::protobuf::Message for GetTeeTypeResponse { + const NAME: &'static str = "GetTeeTypeResponse"; + + fn is_initialized(&self) -> bool { + true + } + + fn merge_from(&mut self, is: &mut ::protobuf::CodedInputStream<'_>) -> ::protobuf::Result<()> { + while let Some(tag) = is.read_raw_tag_or_eof()? { + match tag { + 10 => { + self.tee = is.read_string()?; + }, + tag => { + ::protobuf::rt::read_unknown_or_skip_group(tag, is, self.special_fields.mut_unknown_fields())?; + }, + }; + } + ::std::result::Result::Ok(()) + } + + // Compute sizes of nested messages + #[allow(unused_variables)] + fn compute_size(&self) -> u64 { + let mut my_size = 0; + if !self.tee.is_empty() { + my_size += ::protobuf::rt::string_size(1, &self.tee); + } + my_size += ::protobuf::rt::unknown_fields_size(self.special_fields.unknown_fields()); + self.special_fields.cached_size().set(my_size as u32); + my_size + } + + fn write_to_with_cached_sizes(&self, os: &mut ::protobuf::CodedOutputStream<'_>) -> ::protobuf::Result<()> { + if !self.tee.is_empty() { + os.write_string(1, &self.tee)?; + } + os.write_unknown_fields(self.special_fields.unknown_fields())?; + ::std::result::Result::Ok(()) + } + + fn special_fields(&self) -> &::protobuf::SpecialFields { + &self.special_fields + } + + fn mut_special_fields(&mut self) -> &mut ::protobuf::SpecialFields { + &mut self.special_fields + } + + fn new() -> GetTeeTypeResponse { + GetTeeTypeResponse::new() + } + + fn clear(&mut self) { + self.tee.clear(); + self.special_fields.clear(); + } + + fn default_instance() -> &'static GetTeeTypeResponse { + static instance: GetTeeTypeResponse = GetTeeTypeResponse { + tee: ::std::string::String::new(), + special_fields: ::protobuf::SpecialFields::new(), + }; + &instance + } +} + +impl ::protobuf::MessageFull for GetTeeTypeResponse { + fn descriptor() -> ::protobuf::reflect::MessageDescriptor { + static descriptor: ::protobuf::rt::Lazy<::protobuf::reflect::MessageDescriptor> = ::protobuf::rt::Lazy::new(); + descriptor.get(|| file_descriptor().message_by_package_relative_name("GetTeeTypeResponse").unwrap()).clone() + } +} + +impl ::std::fmt::Display for GetTeeTypeResponse { + fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { + ::protobuf::text_format::fmt(self, f) + } +} + +impl ::protobuf::reflect::ProtobufValue for GetTeeTypeResponse { + type RuntimeType = ::protobuf::reflect::rt::RuntimeTypeMessage; +} + static file_descriptor_proto_data: &'static [u8] = b"\ \n\x17attestation-agent.proto\x12\x11attestation_agent\"6\n\x12GetEviden\ ceRequest\x12\x20\n\x0bRuntimeData\x18\x01\x20\x01(\x0cR\x0bRuntimeData\ @@ -1398,16 +1623,19 @@ static file_descriptor_proto_data: &'static [u8] = b"\ \n\x14CheckInitDataRequest\x12\x16\n\x06Digest\x18\x01\x20\x01(\x0cR\x06\ Digest\"\x17\n\x15CheckInitDataResponse\"4\n\x1aUpdateConfigurationReque\ st\x12\x16\n\x06config\x18\x01\x20\x01(\tR\x06config\"\x1d\n\x1bUpdateCo\ - nfigurationResponse2\xac\x04\n\x17AttestationAgentService\x12\\\n\x0bGet\ - Evidence\x12%.attestation_agent.GetEvidenceRequest\x1a&.attestation_agen\ - t.GetEvidenceResponse\x12S\n\x08GetToken\x12\".attestation_agent.GetToke\ - nRequest\x1a#.attestation_agent.GetTokenResponse\x12\x83\x01\n\x18Extend\ - RuntimeMeasurement\x122.attestation_agent.ExtendRuntimeMeasurementReques\ - t\x1a3.attestation_agent.ExtendRuntimeMeasurementResponse\x12b\n\rCheckI\ - nitData\x12'.attestation_agent.CheckInitDataRequest\x1a(.attestation_age\ - nt.CheckInitDataResponse\x12t\n\x13UpdateConfiguration\x12-.attestation_\ - agent.UpdateConfigurationRequest\x1a..attestation_agent.UpdateConfigurat\ - ionResponseb\x06proto3\ + nfigurationResponse\"\x13\n\x11GetTeeTypeRequest\"&\n\x12GetTeeTypeRespo\ + nse\x12\x10\n\x03tee\x18\x01\x20\x01(\tR\x03tee2\x87\x05\n\x17Attestatio\ + nAgentService\x12\\\n\x0bGetEvidence\x12%.attestation_agent.GetEvidenceR\ + equest\x1a&.attestation_agent.GetEvidenceResponse\x12S\n\x08GetToken\x12\ + \".attestation_agent.GetTokenRequest\x1a#.attestation_agent.GetTokenResp\ + onse\x12\x83\x01\n\x18ExtendRuntimeMeasurement\x122.attestation_agent.Ex\ + tendRuntimeMeasurementRequest\x1a3.attestation_agent.ExtendRuntimeMeasur\ + ementResponse\x12b\n\rCheckInitData\x12'.attestation_agent.CheckInitData\ + Request\x1a(.attestation_agent.CheckInitDataResponse\x12t\n\x13UpdateCon\ + figuration\x12-.attestation_agent.UpdateConfigurationRequest\x1a..attest\ + ation_agent.UpdateConfigurationResponse\x12Y\n\nGetTeeType\x12$.attestat\ + ion_agent.GetTeeTypeRequest\x1a%.attestation_agent.GetTeeTypeResponseb\ + \x06proto3\ "; /// `FileDescriptorProto` object which was a source for this generated file @@ -1425,7 +1653,7 @@ pub fn file_descriptor() -> &'static ::protobuf::reflect::FileDescriptor { file_descriptor.get(|| { let generated_file_descriptor = generated_file_descriptor_lazy.get(|| { let mut deps = ::std::vec::Vec::with_capacity(0); - let mut messages = ::std::vec::Vec::with_capacity(11); + let mut messages = ::std::vec::Vec::with_capacity(13); messages.push(GetEvidenceRequest::generated_message_descriptor_data()); messages.push(GetEvidenceResponse::generated_message_descriptor_data()); messages.push(GetTokenRequest::generated_message_descriptor_data()); @@ -1437,6 +1665,8 @@ pub fn file_descriptor() -> &'static ::protobuf::reflect::FileDescriptor { messages.push(CheckInitDataResponse::generated_message_descriptor_data()); messages.push(UpdateConfigurationRequest::generated_message_descriptor_data()); messages.push(UpdateConfigurationResponse::generated_message_descriptor_data()); + messages.push(GetTeeTypeRequest::generated_message_descriptor_data()); + messages.push(GetTeeTypeResponse::generated_message_descriptor_data()); let mut enums = ::std::vec::Vec::with_capacity(0); ::protobuf::reflect::GeneratedFileDescriptor::new_generated( file_descriptor_proto(), diff --git a/attestation-agent/kbs_protocol/src/token_provider/aa/attestation_agent_ttrpc.rs b/attestation-agent/kbs_protocol/src/token_provider/aa/attestation_agent_ttrpc.rs index d6636cb89..bd1035f9d 100644 --- a/attestation-agent/kbs_protocol/src/token_provider/aa/attestation_agent_ttrpc.rs +++ b/attestation-agent/kbs_protocol/src/token_provider/aa/attestation_agent_ttrpc.rs @@ -56,6 +56,11 @@ impl AttestationAgentServiceClient { let mut cres = super::attestation_agent::UpdateConfigurationResponse::new(); ::ttrpc::async_client_request!(self, ctx, req, "attestation_agent.AttestationAgentService", "UpdateConfiguration", cres); } + + pub async fn get_tee_type(&self, ctx: ttrpc::context::Context, req: &super::attestation_agent::GetTeeTypeRequest) -> ::ttrpc::Result { + let mut cres = super::attestation_agent::GetTeeTypeResponse::new(); + ::ttrpc::async_client_request!(self, ctx, req, "attestation_agent.AttestationAgentService", "GetTeeType", cres); + } } struct GetEvidenceMethod { @@ -113,6 +118,17 @@ impl ::ttrpc::r#async::MethodHandler for UpdateConfigurationMethod { } } +struct GetTeeTypeMethod { + service: Arc>, +} + +#[async_trait] +impl ::ttrpc::r#async::MethodHandler for GetTeeTypeMethod { + async fn handler(&self, ctx: ::ttrpc::r#async::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<::ttrpc::Response> { + ::ttrpc::async_request_handler!(self, ctx, req, attestation_agent, GetTeeTypeRequest, get_tee_type); + } +} + #[async_trait] pub trait AttestationAgentService: Sync { async fn get_evidence(&self, _ctx: &::ttrpc::r#async::TtrpcContext, _: super::attestation_agent::GetEvidenceRequest) -> ::ttrpc::Result { @@ -130,6 +146,9 @@ pub trait AttestationAgentService: Sync { async fn update_configuration(&self, _ctx: &::ttrpc::r#async::TtrpcContext, _: super::attestation_agent::UpdateConfigurationRequest) -> ::ttrpc::Result { Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/attestation_agent.AttestationAgentService/UpdateConfiguration is not supported".to_string()))) } + async fn get_tee_type(&self, _ctx: &::ttrpc::r#async::TtrpcContext, _: super::attestation_agent::GetTeeTypeRequest) -> ::ttrpc::Result { + Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/attestation_agent.AttestationAgentService/GetTeeType is not supported".to_string()))) + } } pub fn create_attestation_agent_service(service: Arc>) -> HashMap { @@ -152,6 +171,9 @@ pub fn create_attestation_agent_service(service: Arc); + methods.insert("GetTeeType".to_string(), + Box::new(GetTeeTypeMethod{service: service.clone()}) as Box); + ret.insert("attestation_agent.AttestationAgentService".to_string(), ::ttrpc::r#async::Service{ methods, streams }); ret } diff --git a/attestation-agent/protos/attestation-agent.proto b/attestation-agent/protos/attestation-agent.proto index 7442670e0..665044cde 100644 --- a/attestation-agent/protos/attestation-agent.proto +++ b/attestation-agent/protos/attestation-agent.proto @@ -53,6 +53,12 @@ message UpdateConfigurationRequest { message UpdateConfigurationResponse {} +message GetTeeTypeRequest {} + +message GetTeeTypeResponse { + string tee = 1; +} + service AttestationAgentService { rpc GetEvidence(GetEvidenceRequest) returns (GetEvidenceResponse) {}; rpc GetToken(GetTokenRequest) returns (GetTokenResponse) {}; @@ -63,4 +69,6 @@ service AttestationAgentService { // a better design is implemented we can deprecate the API. // See https://github.com/kata-containers/kata-containers/issues/9468 rpc UpdateConfiguration(UpdateConfigurationRequest) returns (UpdateConfigurationResponse) {}; + + rpc GetTeeType(GetTeeTypeRequest) returns (GetTeeTypeResponse) {}; }