From 1f214a99bf202d3eaa13d88e94765e458e8ac16b Mon Sep 17 00:00:00 2001 From: Mikko Ylinen Date: Wed, 31 Jul 2024 13:04:45 +0300 Subject: [PATCH] kbs: doc: update protocol spec with the latest functionality KBS protocol version was bumped up to 0.1.1 so updating the spec accordingly. In addition, clarify the error handling of "request": also errors can happen, such as when the "request" version does not meet all the requirements. Signed-off-by: Mikko Ylinen --- kbs/docs/kbs_attestation_protocol.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/kbs/docs/kbs_attestation_protocol.md b/kbs/docs/kbs_attestation_protocol.md index 797696ee00..8a77e84b8d 100644 --- a/kbs/docs/kbs_attestation_protocol.md +++ b/kbs/docs/kbs_attestation_protocol.md @@ -70,8 +70,8 @@ The payload format of the request is as follows: ```json { - /* Attestation protocol version number used by KBC */ - "version": "0.1.0", + /* KBS protocol version number used by KBC */ + "version": "0.1.1", /* * Type of HW-TEE platforms where KBC is located, * e.g. "intel-tdx", "amd-sev-snp", etc. @@ -286,6 +286,10 @@ The authentication service is provided by the KBS through two endpoints: the attester and its attestation results with that cookie. 2. An attestation challenge for the attester to take. This is the content of the response, set to a [KBS Challenge](#challenge) JSON payload. + 3. In case of an error (such as if the KBS rejects the [KBS Request](#request) based + on `version` compatibility), an HTTP response with a 401 (`Unauthorized`) status code + together with ErrorInformation JSON payload. + 2. `/kbs/v0/attest` only accepts `POST` requests whose body is a [KBS Attestation](#attestation) JSON payload and the header contains a `Cookie` set to the value received in step 1.i. This is how the attester replies to attestation challenge received