From 3a211ae3a71c5ecfe4dd8bf20f7e932d7e505214 Mon Sep 17 00:00:00 2001 From: Radoslav Gerganov Date: Tue, 26 Sep 2023 14:16:20 +0300 Subject: [PATCH] Refactor protobuf messages Introduce new protobuf messages which encapsulate various evidence packages which are being sent to the Certifier Service. Using separate message types for each platform is less error-prone and allows extensibility. --- certifier_service/certprotos/certifier.proto | 50 ++- include/cc_helpers.h | 5 - src/cc_helpers.cc | 307 ++++++------------- 3 files changed, 137 insertions(+), 225 deletions(-) diff --git a/certifier_service/certprotos/certifier.proto b/certifier_service/certprotos/certifier.proto index d61453675..ed4041839 100644 --- a/certifier_service/certprotos/certifier.proto +++ b/certifier_service/certprotos/certifier.proto @@ -247,15 +247,53 @@ message proof { repeated proof_step steps = 3; }; -// submitted_evidence_type is "full-vse-support" -// "platform-attestation-only" or "oe-evidence" -// or "asylo-evidence" +message vse_package { + optional bytes claim = 1; + optional bytes attestation = 2; +}; + +message gramine_package { + optional bytes platform_cert = 1; + optional bytes attestation = 2; +} + +message keystone_package { + optional bytes attestation = 1; +}; + +message islet_package { + optional bytes attestation = 1; +}; + +message sev_package { + optional bytes ark = 1; + optional bytes ask = 2; + optional bytes vcek = 3; + optional bytes attestation = 4; +}; + +message oe_package { + optional bytes cert_chain = 1; + optional bytes attestation = 2; +}; + +enum msg_purpose { + authentication = 0; + attestation = 1; +}; + message trust_request_message { optional string requesting_enclave_tag = 1; optional string providing_enclave_tag = 2; - optional string submitted_evidence_type = 3; - optional string purpose = 4; // "authentication" or "attestation" - optional evidence_package support = 5; + optional msg_purpose purpose = 3; + oneof evidence_package { + vse_package vse_pkg = 4; + gramine_package gramine_pkg = 5; + keystone_package keystone_pkg = 6; + islet_package islet_pkg = 7; + sev_package sev_pkg = 8; + oe_package oe_pkg = 9; + } }; message trust_response_message { diff --git a/include/cc_helpers.h b/include/cc_helpers.h index cc0ca652d..7d31f6292 100644 --- a/include/cc_helpers.h +++ b/include/cc_helpers.h @@ -36,11 +36,6 @@ bool open_client_socket(const string &host_name, int port, int *soc); bool open_server_socket(const string &host_name, int port, int *soc); -bool construct_platform_evidence_package(string & enclave_type, - const string & purpose, - evidence_list & list, - string & the_attestation, - evidence_package *ep); bool add_policy_key_says_platform_key_is_trusted( signed_claim_message &platform_key_is_trusted, evidence_package * ep); diff --git a/src/cc_helpers.cc b/src/cc_helpers.cc index a9ffc5d73..e53fa17b5 100644 --- a/src/cc_helpers.cc +++ b/src/cc_helpers.cc @@ -1629,7 +1629,75 @@ bool certifier::framework::certifiers::certify_domain(const string &purpose) { // Note: if you change the auth key, you must recertify in all domains - evidence_list platform_evidence; + trust_request_message request; + attestation_user_data ud; + if (purpose == "authentication") { +#ifdef DEBUG + printf("\n---In certify_domain\n"); + printf("Filling ud with public auth key:\n"); + print_key(owner_->public_auth_key_); + printf("\n"); +#endif + request.set_purpose(msg_purpose::authentication); + if (!make_attestation_user_data(owner_->enclave_type_, + owner_->public_auth_key_, + &ud)) { + printf("%s() error, line: %d, Can't make user data (1)\n", + __func__, + __LINE__); + return false; + } +#ifdef DEBUG + printf("\n---In certify me\n"); + printf("key in attestation user data:\n"); + print_key(ud.enclave_key()); + printf("\nprivate auth key:\n"); + print_key(owner_->private_auth_key_); + printf("\npublic auth key:\n"); + print_key(owner_->public_auth_key_); + printf("\n"); + printf("User data:\n"); + print_user_data(ud); + printf("\n"); +#endif + } else if (purpose == "attestation") { + request.set_purpose(msg_purpose::attestation); + if (!make_attestation_user_data(owner_->enclave_type_, + owner_->public_service_key_, + &ud)) { + printf("%s() error, line: %d, Can't make user data (1)\n", + __func__, + __LINE__); + return false; + } + } else { + printf("%s() error, line: %d, neither attestation or authorization\n", + __func__, + __LINE__); + return false; + } + + string serialized_ud; + if (!ud.SerializeToString(&serialized_ud)) { + printf("%s() error, line: %d, Can't serialize user data\n", + __func__, + __LINE__); + return false; + } + + int size_out = 16000; + byte out[size_out]; + if (!Attest(owner_->enclave_type_, + serialized_ud.size(), + (byte *)serialized_ud.data(), + &size_out, + out)) { + printf("%s() error, line: %d, Attest failed\n", __func__, __LINE__); + return false; + } + string the_attestation_str; + the_attestation_str.assign((char *)out, size_out); + printf("%s():%d: enclave_type_ = '%s', purpose_ = '%s'\n", __func__, __LINE__, @@ -1653,16 +1721,10 @@ bool certifier::framework::certifiers::certify_domain(const string &purpose) { __LINE__); return false; } - evidence *ev = platform_evidence.add_assertion(); - if (ev == nullptr) { - printf("%s() error, line %d,: Can't add to platform evidence\n", - __func__, - __LINE__); - return false; - } - ev->set_evidence_type("signed-claim"); - ev->set_serialized_evidence(str_s); - + vse_package vse_pkg; + vse_pkg.set_claim(str_s); + vse_pkg.set_attestation(the_attestation_str); + request.set_allocated_vse_pkg(&vse_pkg); #ifdef GRAMINE_CERTIFIER } else if (owner_->enclave_type_ == "gramine-enclave") { if (!gramine_platform_cert_initialized) { @@ -1671,27 +1733,28 @@ bool certifier::framework::certifiers::certify_domain(const string &purpose) { __LINE__); return false; } - evidence *ev = platform_evidence.add_assertion(); - if (ev == nullptr) { - printf("%s() error, line %d, Can't add to gramine platform evidence\n", - __func__, - __LINE__); - return false; - } - ev->set_evidence_type("cert"); - ev->set_serialized_evidence(gramine_platform_cert); + gramine_package gramine_pkg; + gramine_pkg.set_platform_cert(gramine_platform_cert); + gramine_pkg.set_attestation(the_attestation_str); + request.set_allocated_gramine_pkg(&gramine_pkg); // May add more certs later #endif #ifdef KEYSTONE_CERTIFIER } else if (owner_->enclave_type_ == "keystone-enclave") { // Todo: Add cert when it's available + keystone_package keystone_pkg; + keystone_pkg.set_attestation(the_attestation_str); + request.set_allocated_keystone_pkg(&keystone_pkg); #endif #ifdef ISLET_CERTIFIER } else if (owner_->enclave_type_ == "islet-enclave") { // Add CCA certificate + islet_package islet_pkg; + islet_pkg.set_attestation(the_attestation_str); + request.set_allocated_islet_pkg(&islet_pkg); #endif // ISLET_CERTIFIER #ifdef SEV_SNP @@ -1702,33 +1765,12 @@ bool certifier::framework::certifiers::certify_domain(const string &purpose) { __LINE__); return false; } - evidence *ev = platform_evidence.add_assertion(); - if (ev == nullptr) { - printf("%s() error, line: %d, Can't add to platform evidence\n", - __func__, - __LINE__); - return false; - } - ev->set_evidence_type("cert"); - ev->set_serialized_evidence(serialized_ark_cert); - ev = platform_evidence.add_assertion(); - if (ev == nullptr) { - printf("%s() error, line: %d, Can't add to platform evidence\n", - __func__, - __LINE__); - return false; - } - ev->set_evidence_type("cert"); - ev->set_serialized_evidence(serialized_ask_cert); - ev = platform_evidence.add_assertion(); - if (ev == nullptr) { - printf("%s() error, line: %d, Can't add to platform evidence\n", - __func__, - __LINE__); - return false; - } - ev->set_evidence_type("cert"); - ev->set_serialized_evidence(serialized_vcek_cert); + sev_package sev_pkg; + sev_pkg.set_ark(serialized_ark_cert); + sev_pkg.set_ask(serialized_ask_cert); + sev_pkg.set_vcek(serialized_vcek_cert); + sev_pkg.set_attestation(the_attestation_str); + request.set_allocated_sev_pkg(&sev_pkg); #endif #ifdef OE_CERTIFIER } else if (owner_->enclave_type_ == "oe-enclave") { @@ -1737,15 +1779,10 @@ bool certifier::framework::certifiers::certify_domain(const string &purpose) { return false; } if (pem_cert_chain != "") { - evidence *ev = platform_evidence.add_assertion(); - if (ev == nullptr) { - printf("%s() error, line: %d, Can't add to platform evidence\n", - __func__, - __LINE__); - return false; - } - ev->set_evidence_type("pem-cert-chain"); - ev->set_serialized_evidence(pem_cert_chain); + oe_package oe_pkg; + oe_pkg.set_cert_chain(pem_cert_chain); + oe_pkg.set_attestation(the_attestation_str); + request.set_allocated_oe_pkg(&oe_pkg); } #endif } else { @@ -1753,115 +1790,14 @@ bool certifier::framework::certifiers::certify_domain(const string &purpose) { return false; } - attestation_user_data ud; - if (purpose == "authentication") { -#ifdef DEBUG - printf("\n---In certify_domain\n"); - printf("Filling ud with public auth key:\n"); - print_key(owner_->public_auth_key_); - printf("\n"); -#endif - - if (!make_attestation_user_data(owner_->enclave_type_, - owner_->public_auth_key_, - &ud)) { - printf("%s() error, line: %d, Can't make user data (1)\n", - __func__, - __LINE__); - return false; - } -#ifdef DEBUG - printf("\n---In certify me\n"); - printf("key in attestation user data:\n"); - print_key(ud.enclave_key()); - printf("\nprivate auth key:\n"); - print_key(owner_->private_auth_key_); - printf("\npublic auth key:\n"); - print_key(owner_->public_auth_key_); - printf("\n"); - printf("User data:\n"); - print_user_data(ud); - printf("\n"); -#endif - } else if (purpose == "attestation") { - if (!make_attestation_user_data(owner_->enclave_type_, - owner_->public_service_key_, - &ud)) { - printf("%s() error, line: %d, Can't make user data (1)\n", - __func__, - __LINE__); - return false; - } - } else { - printf("%s() error, line: %d, neither attestation or authorization\n", - __func__, - __LINE__); - return false; - } - - string serialized_ud; - if (!ud.SerializeToString(&serialized_ud)) { - printf("%s() error, line: %d, Can't serialize user data\n", - __func__, - __LINE__); - return false; - } - - int size_out = 16000; - byte out[size_out]; - if (!Attest(owner_->enclave_type_, - serialized_ud.size(), - (byte *)serialized_ud.data(), - &size_out, - out)) { - printf("%s() error, line: %d, Attest failed\n", __func__, __LINE__); - return false; - } - string the_attestation_str; - the_attestation_str.assign((char *)out, size_out); // Get certified - trust_request_message request; trust_response_message response; // Should trust_request_message should be signed by auth key // to prevent MITM attacks? Probably not. request.set_requesting_enclave_tag("requesting-enclave"); request.set_providing_enclave_tag("providing-enclave"); - if (owner_->enclave_type_ == "application-enclave" - || owner_->enclave_type_ == "simulated-enclave") { - request.set_submitted_evidence_type("vse-attestation-package"); - } else if (owner_->enclave_type_ == "sev-enclave") { - request.set_submitted_evidence_type("sev-platform-package"); - } else if (owner_->enclave_type_ == "gramine-enclave") { - request.set_submitted_evidence_type("gramine-evidence"); - } else if (owner_->enclave_type_ == "keystone-enclave") { - request.set_submitted_evidence_type("keystone-evidence"); - } else if (owner_->enclave_type_ == "islet-enclave") { - request.set_submitted_evidence_type("islet-evidence"); - } else if (owner_->enclave_type_ == "oe-enclave") { - request.set_submitted_evidence_type("oe-evidence"); - } else { - request.set_submitted_evidence_type("vse-attestation-package"); - } - request.set_purpose(purpose); - - // Construct the evidence package - // Put initialized platform evidence and attestation in the following order: - // platform_says_attest_key_is_trusted, the_attestation - evidence_package *ep = new (evidence_package); - if (!construct_platform_evidence_package(owner_->enclave_type_, - owner_->purpose_, - platform_evidence, - the_attestation_str, - ep)) { - printf("%s() error, line: %d, construct_platform_evidence_package failed\n", - __func__, - __LINE__); - return false; - } - request.set_allocated_support(ep); - // Serialize request string serialized_request; if (!request.SerializeToString(&serialized_request)) { @@ -1954,63 +1890,6 @@ bool certifier::framework::certifiers::certify_domain(const string &purpose) { // -------------------------------------------------------------------------------------- // helpers for proofs -bool construct_platform_evidence_package(string & attesting_enclave_type, - const string & purpose, - evidence_list &platform_assertions, - string & serialized_attestation, - evidence_package *ep) { - - string pt("vse-verifier"); - string et("signed-claim"); - ep->set_prover_type(pt); - -#ifdef DEBUG - printf("construct_platform_evidence_package %d existing assertions\n", - platform_assertions.assertion_size()); - for (int i = 0; i < platform_assertions.assertion_size(); i++) { - print_evidence(platform_assertions.assertion(i)); - printf("\n"); - } -#endif - for (int i = 0; i < platform_assertions.assertion_size(); i++) { - const evidence &ev_from = platform_assertions.assertion(i); - evidence * ev_to = ep->add_fact_assertion(); - ev_to->CopyFrom(ev_from); - } - - // add attestation - evidence *ev2 = ep->add_fact_assertion(); - if ("simulated-enclave" == attesting_enclave_type - || "application-enclave" == attesting_enclave_type) { - string et2("signed-vse-attestation-report"); - ev2->set_evidence_type(et2); - } else if ("oe-enclave" == attesting_enclave_type) { - string et2("oe-attestation-report"); - ev2->set_evidence_type(et2); - } else if ("asylo-enclave" == attesting_enclave_type) { - string et2("asylo-attestation-report"); - ev2->set_evidence_type(et2); - } else if ("gramine-enclave" == attesting_enclave_type) { - string et2("gramine-attestation"); - ev2->set_evidence_type(et2); - } else if ("keystone-enclave" == attesting_enclave_type) { - string et2("keystone-attestation"); - ev2->set_evidence_type(et2); - } else if ("sev-enclave" == attesting_enclave_type) { - string et2("sev-attestation"); - ev2->set_evidence_type(et2); - } else if ("islet-enclave" == attesting_enclave_type) { - string et2("islet-attestation"); - ev2->set_evidence_type(et2); - } else { - printf("%s:%d:%s: - can't add attestation\n", __FILE__, __LINE__, __func__); - return false; - } - - ev2->set_serialized_evidence(serialized_attestation); - return true; -} - // Todo: This isn't used bool add_policy_key_says_platform_key_is_trusted( signed_claim_message &platform_key_is_trusted,