Verifier: IBM SE add generate_challenge_extra_params

Signed-off-by: Qi Feng Huo <[email protected]>
confidential-containers · Mar 8, 2024 · abdf68f · abdf68f
1 parent 362c641
commit abdf68f
Show file tree

Hide file tree

Showing 17 changed files with 123 additions and 77 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -29,7 +29,7 @@ clap = { version = "4", features = ["derive"] }
 config = "0.13.3"
 env_logger = "0.10.0"
 hex = "0.4.3"
-kbs-types = "0.5.3" // TODO, update to pick new TEE type for IBM Secure Eexcution (SE) in https://github.com/virtee/kbs-types/blob/main/src/lib.rs#L24
+kbs-types = { git = "https://github.com/huoqifeng/kbs-types.git", branch = "s390x-se" }
 jsonwebtoken = "9"
 log = "0.4.17"
 prost = "0.11.0"

diff --git a/attestation-service/attestation-service/Cargo.toml b/attestation-service/attestation-service/Cargo.toml
@@ -13,6 +13,7 @@ az-tdx-vtpm-verifier = [ "verifier/az-tdx-vtpm-verifier" ]
 snp-verifier = [ "verifier/snp-verifier" ]
 csv-verifier = [ "verifier/csv-verifier" ]
 cca-verifier = [ "verifier/cca-verifier" ]
+se-verifier  = [ "verifier/se-verifier" ]
 
 # Only for testing and CI
 rvps-builtin = [ "reference-value-provider-service" ]

diff --git a/attestation-service/attestation-service/src/bin/grpc/mod.rs b/attestation-service/attestation-service/src/bin/grpc/mod.rs
@@ -37,6 +37,7 @@ fn to_kbs_tee(tee: GrpcTee) -> Tee {
         GrpcTee::AzSnpVtpm => Tee::AzSnpVtpm,
         GrpcTee::Cca => Tee::Cca,
         GrpcTee::AzTdxVtpm => Tee::AzTdxVtpm,
+        GrpcTee::Se => Tee::Se,
     }
 }
 

diff --git a/attestation-service/attestation-service/src/bin/restful/mod.rs b/attestation-service/attestation-service/src/bin/restful/mod.rs
@@ -62,6 +62,7 @@ fn to_tee(tee: &str) -> anyhow::Result<Tee> {
         "csv" => Tee::Csv,
         "sample" => Tee::Sample,
         "aztdxvtpm" => Tee::AzTdxVtpm,
+        "se" => Tee::Se,
         other => bail!("tee `{other} not supported`"),
     };
 

diff --git a/attestation-service/attestation-service/src/lib.rs b/attestation-service/attestation-service/src/lib.rs
@@ -240,9 +240,9 @@ impl AttestationService {
         self.rvps.verify_and_extract(message).await
     }
 
-    pub async fn generate_challenge(&self, tee: Tee, nonce: &str) -> Result<Challenge> {
+    pub async fn generate_challenge_extra_params(&self, tee: Tee) -> Result<String> {
         let verifier = verifier::to_verifier(&tee)?;
-        verifier.generate_challenge(nonce)
+        verifier.generate_challenge_extra_params().await
     }
 }
 

diff --git a/attestation-service/docs/parsed_claims.md b/attestation-service/docs/parsed_claims.md
@@ -88,3 +88,6 @@ The claim inherit the fields from the SEV-SNP claim with and additional `tpm` hi
 - `tpm.pcr{01,..,n}`: SHA256 PCR registers for the TEE's vTPM quote.
 
 Note: The TD Report and TD Quote are fetched during early boot in this TEE. Kernel, Initrd and rootfs are measured into the vTPM's registers.
+
+## IBM Secure Execution (SE)
+TBD
diff --git a/attestation-service/protos/attestation.proto b/attestation-service/protos/attestation.proto
@@ -12,6 +12,7 @@ enum Tee {
     CSV = 6;
     CCA = 7;
     AzTdxVtpm = 8;
+    Se = 9;
 }
 
 message AttestationRequest {

diff --git a/attestation-service/verifier/src/lib.rs b/attestation-service/verifier/src/lib.rs
@@ -2,7 +2,7 @@ use std::cmp::Ordering;
 
 use anyhow::*;
 use async_trait::async_trait;
-use kbs_types::{Challenge, Tee};
+use kbs_types::Tee;
 use log::warn;
 
 pub mod sample;
@@ -106,7 +106,7 @@ pub fn to_verifier(tee: &Tee) -> Result<Box<dyn Verifier + Send + Sync>> {
         Tee::Se => {
             cfg_if::cfg_if! {
                 if #[cfg(feature = "se-verifier")] {
-                    Ok(Box::<se::Se>::default() as Box<dyn Verifier + Send + Sync>)
+                    Ok(Box::<se::SeVerifier>::default() as Box<dyn Verifier + Send + Sync>)
                 } else {
                     bail!("feature `se-verifier` is not enabled for `verifier` crate.")
                 }
@@ -167,14 +167,10 @@ pub trait Verifier {
         expected_init_data_hash: &InitDataHash,
     ) -> Result<TeeEvidenceParsedClaim>;
 
-    async fn generate_challenge(
+    async fn generate_challenge_extra_params(
         &self,
-        nonce: &str) -> Result<Challenge> {
-
-        Result::Ok(Challenge {
-            nonce,
-            extra_params: String::new(),
-        })
+    ) -> Result<String> {
+        Ok(String::new())
     }
 }
 

diff --git a/attestation-service/verifier/src/se/mod.rs b/attestation-service/verifier/src/se/mod.rs
@@ -3,12 +3,11 @@
 // SPDX-License-Identifier: Apache-2.0
 //
 
+use super::*;
 use async_trait::async_trait;
 use anyhow::anyhow;
 use base64::prelude::*;
-use kbs_types::{Challenge, Tee};
 use crate::{InitDataHash, ReportData};
-use super::{TeeEvidenceParsedClaim, Verifier};
 use crate::se::seattest::FakeSeAttest;
 use crate::se::seattest::SeFakeVerifier;
 
@@ -25,38 +24,46 @@ impl Verifier for SeVerifier {
         expected_report_data: &ReportData,
         expected_init_data_hash: &InitDataHash,
     ) -> Result<TeeEvidenceParsedClaim> {
+
         verify_evidence(evidence, expected_report_data, expected_init_data_hash)
         .await
         .map_err(|e| anyhow!("Se Verifier: {:?}", e))
     }
 
-    async fn generate_challenge(&self, tee: Tee, nonce: &str) -> Result<Challenge> {
-        /// TODO replace FakeSeAttest with real crate
+    async fn generate_challenge_extra_params(
+        &self,
+    ) -> Result<String> {
+
+        // TODO replace FakeSeAttest with real crate
         let attester = FakeSeAttest::default();
 
         let hkds: Vec<String> = vec![String::new(); 2];
-        let certk = String::new();
-        let signk = String::new();
-        let arpk = String::new();
-        Result::Ok(Challenge {
-            nonce,
-            extra_params: BASE64_STANDARD.encode(attester.create(hkds, certk, signk, arpk)),
-        })
+        let certk = "cert_file_path";
+        let signk = "sign_file_path";
+        let arpk = "arpk_file_path";
+
+        let extra_params = attester.create(hkds, certk, signk, arpk)
+                            .await
+                            .context("Create SE attestation request failed: {:?}")?;
+
+        Ok(BASE64_STANDARD.encode(extra_params))
     }
 }
 
 async fn verify_evidence(
     evidence: &[u8],
-    expected_report_data: &ReportData<'_>,
-    expected_init_data_hash: &InitDataHash<'_>,
+    _expected_report_data: &ReportData<'_>,
+    _expected_init_data_hash: &InitDataHash<'_>,
 ) -> Result<TeeEvidenceParsedClaim> {
-    /// TODO replace FakeSeAttest with real crate
+    // TODO replace FakeSeAttest with real crate
     let attester = FakeSeAttest::default();
 
-    let arpk = String::new();
-    let hdr = String::new();
-    let se = attester.verify(evidence, arpk, hdr);
+    let arpk = "arpk_file_path";
+    let hdr = "hdr_file_path";
+    let se = attester.verify(evidence, arpk, hdr)
+                .await
+                .context("Verify SE attestation evidence failed: {:?}")?;
 
-    let v = serde_json::to_value(se?).context("build json value from the se evidence")?;
+    let v = serde_json::to_value(se).context("build json value from the se evidence")?;
     Ok(v as TeeEvidenceParsedClaim)
 }
diff --git a/attestation-service/verifier/src/se/seattest.rs b/attestation-service/verifier/src/se/seattest.rs
@@ -11,39 +11,39 @@ pub struct FakeSeAttest {}
 
 #[async_trait::async_trait]
 pub trait SeFakeVerifier {
-    async fn create(
+    async fn create<'a, 'b, 'c>(
         &self,
-        hkdFiles: Vec<String>,
-        certFile: &String,
-        signingFile: &String,
-        arpkFile: &String
+        _hkd_files: Vec<String>,
+        _cert_file: &'a str,
+        _signing_file: &'b str,
+        _arpk_file: &'c str,
     ) -> Result<Vec<u8>>;
 
-    async fn verify(
+    async fn verify<'a, 'b>(
         &self,
-        evidence: Vec<u8>,
-        arpkFile: &String,
-        hdr: Vec<u8>
+        _evidence: &[u8],
+        _arpk_file: &'a str,
+        _hdr_file: &'b str,
     ) -> Result<Vec<u8>>;
 }
 
 #[async_trait::async_trait]
 impl SeFakeVerifier for FakeSeAttest {
-    async fn create(
+    async fn create<'a, 'b, 'c>(
         &self,
-        hkdFiles: Vec<String>,
-        certFile: &String,
-        signingFile: &String,
-        arpkFile: &String
+        _hkd_files: Vec<String>,
+        _cert_file: &'a str,
+        _signing_file: &'b str,
+        _arpk_file: &'c str,
     ) -> Result<Vec<u8>> {
         Result::Ok(Vec::new())
     }
 
-    async fn verify(
+    async fn verify<'a, 'b>(
         &self,
-        evidence: Vec<u8>,
-        arpkFile: &String,
-        hdr: Vec<u8>
+        _evidence: &[u8],
+        _arpk_file: &'a str,
+        _hkd_files: &'b str,
     ) -> Result<Vec<u8>> {
         Result::Ok(Vec::new())
     }

diff --git a/kbs/src/api/src/attestation/coco/builtin.rs b/kbs/src/api/src/attestation/coco/builtin.rs
@@ -45,6 +45,14 @@ impl Attest for BuiltInCoCoAs {
             )
             .await
     }
+
+    async fn generate_challenge_extra_params(&self, tee: Tee) -> Result<String> {
+        self.inner
+            .read()
+            .await
+            .generate_challenge_extra_params(tee)
+            .await
+    }
 }
 
 impl BuiltInCoCoAs {

diff --git a/kbs/src/api/src/attestation/coco/grpc.rs b/kbs/src/api/src/attestation/coco/grpc.rs
@@ -39,6 +39,7 @@ fn to_grpc_tee(tee: Tee) -> GrpcTee {
         Tee::Sgx => GrpcTee::Sgx,
         Tee::Snp => GrpcTee::Snp,
         Tee::Tdx => GrpcTee::Tdx,
+        Tee::Se => GrpcTee::Se,
     }
 }
 
@@ -125,6 +126,10 @@ impl Attest for GrpcClientPool {
 
         Ok(token)
     }
+
+    async fn generate_challenge_extra_params(&self, _tee: Tee) -> Result<String> {
+        Ok(String::new())
+    }
 }
 
 pub struct GrpcManager {

diff --git a/kbs/src/api/src/attestation/intel_trust_authority/mod.rs b/kbs/src/api/src/attestation/intel_trust_authority/mod.rs
@@ -122,6 +122,10 @@ impl Attest for IntelTrustAuthority {
 
         Ok(resp_data.token.clone())
     }
+
+    async fn generate_challenge_extra_params(&self, _tee: Tee) -> Result<String> {
+        Ok(String::new())
+    }
 }
 
 impl IntelTrustAuthority {

diff --git a/kbs/src/api/src/attestation/mod.rs b/kbs/src/api/src/attestation/mod.rs
@@ -10,7 +10,7 @@ use attestation_service::config::Config as AsConfig;
 use coco::grpc::*;
 #[cfg(feature = "intel-trust-authority-as")]
 use intel_trust_authority::*;
-use kbs_types::{Challenge, Request, Tee};
+use kbs_types::Tee;
 
 #[cfg(feature = "coco-as")]
 #[allow(missing_docs)]
@@ -34,7 +34,7 @@ pub trait Attest: Send + Sync {
     async fn verify(&self, tee: Tee, nonce: &str, attestation: &str) -> Result<String>;
 
     /// generate the challenge payload to pass to attester based on Tee and nonce
-    async fn generate_challenge(&self, tee: Tee, nonce: &str) -> Result<Challenge>;
+    async fn generate_challenge_extra_params(&self, tee: Tee) -> Result<String>;
 }
 
 /// Attestation Service
@@ -93,14 +93,18 @@ impl AttestationService {
         }
     }
 
-    pub async fn generate_challenge(&self, tee: Tee, nonce: &str) -> Result<Challenge> {
+    pub async fn generate_challenge_extra_params(&self, tee: Tee) -> Result<String> {
         match self {
             #[cfg(feature = "coco-as-grpc")]
-            AttestationService::CoCoASgRPC(inner) => inner.generate_challenge(tee, nonce).await,
+            AttestationService::CoCoASgRPC(inner) => {
+                inner.generate_challenge_extra_params(tee).await
+            }
             #[cfg(any(feature = "coco-as-builtin", feature = "coco-as-builtin-no-verifier"))]
-            AttestationService::CoCoASBuiltIn(inner) => inner.generate_challenge(tee, nonce, attestation).await,
+            AttestationService::CoCoASBuiltIn(inner) => {
+                inner.generate_challenge_extra_params(tee).await
+            }
             #[cfg(feature = "intel-trust-authority-as")]
-            AttestationService::IntelTA(inner) => inner.generate_challenge(tee, nonce).await,
+            AttestationService::IntelTA(inner) => inner.generate_challenge_extra_params(tee).await,
         }
     }
 }