-
Notifications
You must be signed in to change notification settings - Fork 82
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Verifier: Add IBM Secure Execution verifier driver framework
Signed-off-by: Qi Feng Huo <huoqif@cn.ibm.com>
- Loading branch information
Qi Feng Huo
committed
Mar 6, 2024
1 parent
9b8ef6c
commit 362c641
Showing
11 changed files
with
182 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
// Copyright (C) Copyright IBM Corp. 2024 | ||
// | ||
// SPDX-License-Identifier: Apache-2.0 | ||
// | ||
|
||
use async_trait::async_trait; | ||
use anyhow::anyhow; | ||
use base64::prelude::*; | ||
use kbs_types::{Challenge, Tee}; | ||
use crate::{InitDataHash, ReportData}; | ||
use super::{TeeEvidenceParsedClaim, Verifier}; | ||
use crate::se::seattest::FakeSeAttest; | ||
use crate::se::seattest::SeFakeVerifier; | ||
|
||
pub mod seattest; | ||
|
||
#[derive(Debug, Default)] | ||
pub struct SeVerifier {} | ||
|
||
#[async_trait] | ||
impl Verifier for SeVerifier { | ||
async fn evaluate( | ||
&self, | ||
evidence: &[u8], | ||
expected_report_data: &ReportData, | ||
expected_init_data_hash: &InitDataHash, | ||
) -> Result<TeeEvidenceParsedClaim> { | ||
verify_evidence(evidence, expected_report_data, expected_init_data_hash) | ||
.await | ||
.map_err(|e| anyhow!("Se Verifier: {:?}", e)) | ||
} | ||
|
||
async fn generate_challenge(&self, tee: Tee, nonce: &str) -> Result<Challenge> { | ||
/// TODO replace FakeSeAttest with real crate | ||
let attester = FakeSeAttest::default(); | ||
|
||
let hkds: Vec<String> = vec![String::new(); 2]; | ||
let certk = String::new(); | ||
let signk = String::new(); | ||
let arpk = String::new(); | ||
Result::Ok(Challenge { | ||
nonce, | ||
extra_params: BASE64_STANDARD.encode(attester.create(hkds, certk, signk, arpk)), | ||
}) | ||
} | ||
} | ||
|
||
async fn verify_evidence( | ||
evidence: &[u8], | ||
expected_report_data: &ReportData<'_>, | ||
expected_init_data_hash: &InitDataHash<'_>, | ||
) -> Result<TeeEvidenceParsedClaim> { | ||
/// TODO replace FakeSeAttest with real crate | ||
let attester = FakeSeAttest::default(); | ||
|
||
let arpk = String::new(); | ||
let hdr = String::new(); | ||
let se = attester.verify(evidence, arpk, hdr); | ||
|
||
let v = serde_json::to_value(se?).context("build json value from the se evidence")?; | ||
Ok(v as TeeEvidenceParsedClaim) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
// Copyright (C) Copyright IBM Corp. 2024 | ||
// | ||
// SPDX-License-Identifier: Apache-2.0 | ||
// | ||
|
||
use anyhow::*; | ||
use async_trait; | ||
|
||
#[derive(Default)] | ||
pub struct FakeSeAttest {} | ||
|
||
#[async_trait::async_trait] | ||
pub trait SeFakeVerifier { | ||
async fn create( | ||
&self, | ||
hkdFiles: Vec<String>, | ||
certFile: &String, | ||
signingFile: &String, | ||
arpkFile: &String | ||
) -> Result<Vec<u8>>; | ||
|
||
async fn verify( | ||
&self, | ||
evidence: Vec<u8>, | ||
arpkFile: &String, | ||
hdr: Vec<u8> | ||
) -> Result<Vec<u8>>; | ||
} | ||
|
||
#[async_trait::async_trait] | ||
impl SeFakeVerifier for FakeSeAttest { | ||
async fn create( | ||
&self, | ||
hkdFiles: Vec<String>, | ||
certFile: &String, | ||
signingFile: &String, | ||
arpkFile: &String | ||
) -> Result<Vec<u8>> { | ||
Result::Ok(Vec::new()) | ||
} | ||
|
||
async fn verify( | ||
&self, | ||
evidence: Vec<u8>, | ||
arpkFile: &String, | ||
hdr: Vec<u8> | ||
) -> Result<Vec<u8>> { | ||
Result::Ok(Vec::new()) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters