Verifier: IBM SE refine for get_evidence

Signed-off-by: Qi Feng Huo <huoqif@cn.ibm.com>

Cargo.toml

@@ -29,7 +29,7 @@ clap = { version = "4", features = ["derive"] }
 config = "0.13.3"
 env_logger = "0.10.0"
 hex = "0.4.3"
-kbs-types = { git = "https://github.com/huoqifeng/kbs-types.git", branch = "s390x-se" }
+kbs-types = { git = "https://github.com/virtee/kbs-types.git", rev = "e28c20c761378b1e8f5b210c839e3c454f2ec3fb" }
 jsonwebtoken = "9"
 log = "0.4.17"
 prost = "0.11.0"

kbs/docs/kbs.yaml

@@ -212,19 +212,13 @@ components:
       required:
         - tee-pubkey
         - tee-evidence
-        - extra-params
       type: object
       properties:
         tee-pubkey:
           $ref: '#/components/schemas/PublicKey'
         tee-evidence:
           description: HW-TEE specific attestation evidence.
           type: object
-        extra-params:
-          description:
-            Freely formatted JSON object used for HW-TEE specific attestation
-            processes.
-          type: object
       description: >-
         KBS attestation challenge, sent in response to the KBC Request.
 

kbs/docs/kbs_attestation_protocol.md

@@ -147,8 +147,6 @@ evidence from the HW-TEE platform and organizes it into the following payload:
 
     /* The attestation evidence. Its format is specified by Attestation-Service. */
     "tee-evidence": {}
-    /* Extra parameters to support some special HW-TEE attestation. */
-    "extra-params": {}
 }
 ```
 > **Note:** the `/*...*/` comments are not valid in JSON, and must not be used.
@@ -180,11 +178,6 @@ Attestation-Service.
 The KBS does not parse or analyze the attestation evidence, it forwards it to
 the Attestation-Service for verification.
 
-- `extra-params`
-
-The reserved extra parameter field which is used to pass the additional
-information provided by the KBS when some specific HW-TEE needs to be attested.
-
 ## `Response`
 
 Upon successful attestation, the KBC can request resources from the KBS, by

kbs/src/api/src/attestation/coco/builtin.rs

@@ -29,7 +29,7 @@ impl Attest for BuiltInCoCoAs {
         let attestation: Attestation = serde_json::from_str(attestation)?;
 
         // TODO: align with the guest-components/kbs-protocol side.
-        let runtime_data_plaintext = json!({"tee-pubkey": attestation.tee_pubkey, "nonce": nonce, "extra-params": attestation.extra_params});
+        let runtime_data_plaintext = json!({"tee-pubkey": attestation.tee_pubkey, "nonce": nonce});
 
         self.inner
             .read()

kbs/src/api/src/attestation/coco/grpc.rs

@@ -102,7 +102,7 @@ impl Attest for GrpcClientPool {
         let attestation: Attestation = serde_json::from_str(attestation)?;
 
         // TODO: align with the guest-components/kbs-protocol side.
-        let runtime_data_plaintext = json!({"tee-pubkey": attestation.tee_pubkey, "nonce": nonce, "extra-params": attestation.extra_params});
+        let runtime_data_plaintext = json!({"tee-pubkey": attestation.tee_pubkey, "nonce": nonce});
         let runtime_data_plaintext = serde_json::to_string(&runtime_data_plaintext)
             .context("CoCo AS client: serialize runtime data failed")?;
 

kbs/tools/attest.json

@@ -4,6 +4,5 @@
     "k-mod": "my_modulus",
     "k-exp": "my_exponent"
   },
-  "tee-evidence": "my_evidence",
-  "extra-params": "my_extra_params"
+  "tee-evidence": "my_evidence"
 }

kbs/tools/client/Cargo.toml

@@ -18,7 +18,7 @@ base64.workspace = true
 clap = { version = "4.0.29", features = ["derive"] }
 env_logger.workspace = true
 jwt-simple = "0.11.4"
-kbs_protocol = { git = "https://github.com/huoqifeng/guest-components.git", rev = "cca0fcb0bae3ad0259efabbb84f3e33c986e1675", default-features = false }
+kbs_protocol = { git = "https://github.com/huoqifeng/guest-components.git", rev = "f6607ec8ae8209b2448fae24a78565445ac63bf3", default-features = false }
 log.workspace = true
 reqwest = { version = "0.11.18", default-features = false, features = ["cookies", "json"] }
 serde = { version = "1.0", features = ["derive"] }