From 417404b4fee2fed54f48bbd6e834b9507eceba25 Mon Sep 17 00:00:00 2001 From: Qi Feng Huo Date: Fri, 22 Mar 2024 13:38:18 +0800 Subject: [PATCH] Verifier: IBM SE refine for get_evidence Signed-off-by: Qi Feng Huo --- Cargo.lock | 11 +++++------ Cargo.toml | 2 +- kbs/docs/kbs.yaml | 6 ------ kbs/docs/kbs_attestation_protocol.md | 7 ------- kbs/src/api/src/attestation/coco/builtin.rs | 2 +- kbs/src/api/src/attestation/coco/grpc.rs | 2 +- kbs/tools/attest.json | 3 +-- kbs/tools/client/Cargo.toml | 2 +- 8 files changed, 10 insertions(+), 25 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0da853d90..567d77976 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -564,7 +564,7 @@ dependencies = [ [[package]] name = "attester" version = "0.1.0" -source = "git+https://github.com/huoqifeng/guest-components.git?rev=cca0fcb0bae3ad0259efabbb84f3e33c986e1675#cca0fcb0bae3ad0259efabbb84f3e33c986e1675" +source = "git+https://github.com/huoqifeng/guest-components.git?rev=f6607ec8ae8209b2448fae24a78565445ac63bf3#f6607ec8ae8209b2448fae24a78565445ac63bf3" dependencies = [ "anyhow", "async-trait", @@ -583,7 +583,6 @@ dependencies = [ "serde", "serde_json", "sev", - "sha2", "strum", "tdx-attest-rs", "tempfile", @@ -1278,7 +1277,7 @@ checksum = "7a81dae078cea95a014a339291cec439d2f232ebe854a9d672b796c6afafa9b7" [[package]] name = "crypto" version = "0.1.0" -source = "git+https://github.com/huoqifeng/guest-components.git?rev=cca0fcb0bae3ad0259efabbb84f3e33c986e1675#cca0fcb0bae3ad0259efabbb84f3e33c986e1675" +source = "git+https://github.com/huoqifeng/guest-components.git?rev=f6607ec8ae8209b2448fae24a78565445ac63bf3#f6607ec8ae8209b2448fae24a78565445ac63bf3" dependencies = [ "aes-gcm", "anyhow", @@ -2423,7 +2422,7 @@ dependencies = [ [[package]] name = "kbs-types" version = "0.5.3" -source = "git+https://github.com/huoqifeng/kbs-types.git?branch=s390x-se#271ef4bac54035fb25fa44b24e5bbca844cd057c" +source = "git+https://github.com/virtee/kbs-types.git?rev=e28c20c761378b1e8f5b210c839e3c454f2ec3fb#e28c20c761378b1e8f5b210c839e3c454f2ec3fb" dependencies = [ "serde", "serde_json", @@ -2432,7 +2431,7 @@ dependencies = [ [[package]] name = "kbs_protocol" version = "0.1.0" -source = "git+https://github.com/huoqifeng/guest-components.git?rev=cca0fcb0bae3ad0259efabbb84f3e33c986e1675#cca0fcb0bae3ad0259efabbb84f3e33c986e1675" +source = "git+https://github.com/huoqifeng/guest-components.git?rev=f6607ec8ae8209b2448fae24a78565445ac63bf3#f6607ec8ae8209b2448fae24a78565445ac63bf3" dependencies = [ "anyhow", "async-trait", @@ -3693,7 +3692,7 @@ dependencies = [ [[package]] name = "resource_uri" version = "0.1.0" -source = "git+https://github.com/huoqifeng/guest-components.git?rev=cca0fcb0bae3ad0259efabbb84f3e33c986e1675#cca0fcb0bae3ad0259efabbb84f3e33c986e1675" +source = "git+https://github.com/huoqifeng/guest-components.git?rev=f6607ec8ae8209b2448fae24a78565445ac63bf3#f6607ec8ae8209b2448fae24a78565445ac63bf3" dependencies = [ "anyhow", "serde", diff --git a/Cargo.toml b/Cargo.toml index c8d8797e7..accab6912 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -29,7 +29,7 @@ clap = { version = "4", features = ["derive"] } config = "0.13.3" env_logger = "0.10.0" hex = "0.4.3" -kbs-types = { git = "https://github.com/huoqifeng/kbs-types.git", branch = "s390x-se" } +kbs-types = { git = "https://github.com/virtee/kbs-types.git", rev = "e28c20c761378b1e8f5b210c839e3c454f2ec3fb" } jsonwebtoken = "9" log = "0.4.17" prost = "0.11.0" diff --git a/kbs/docs/kbs.yaml b/kbs/docs/kbs.yaml index b04b7b2b1..9a582e4a5 100644 --- a/kbs/docs/kbs.yaml +++ b/kbs/docs/kbs.yaml @@ -212,7 +212,6 @@ components: required: - tee-pubkey - tee-evidence - - extra-params type: object properties: tee-pubkey: @@ -220,11 +219,6 @@ components: tee-evidence: description: HW-TEE specific attestation evidence. type: object - extra-params: - description: - Freely formatted JSON object used for HW-TEE specific attestation - processes. - type: object description: >- KBS attestation challenge, sent in response to the KBC Request. diff --git a/kbs/docs/kbs_attestation_protocol.md b/kbs/docs/kbs_attestation_protocol.md index 4662aacb9..797696ee0 100644 --- a/kbs/docs/kbs_attestation_protocol.md +++ b/kbs/docs/kbs_attestation_protocol.md @@ -147,8 +147,6 @@ evidence from the HW-TEE platform and organizes it into the following payload: /* The attestation evidence. Its format is specified by Attestation-Service. */ "tee-evidence": {} - /* Extra parameters to support some special HW-TEE attestation. */ - "extra-params": {} } ``` > **Note:** the `/*...*/` comments are not valid in JSON, and must not be used. @@ -180,11 +178,6 @@ Attestation-Service. The KBS does not parse or analyze the attestation evidence, it forwards it to the Attestation-Service for verification. -- `extra-params` - -The reserved extra parameter field which is used to pass the additional -information provided by the KBS when some specific HW-TEE needs to be attested. - ## `Response` Upon successful attestation, the KBC can request resources from the KBS, by diff --git a/kbs/src/api/src/attestation/coco/builtin.rs b/kbs/src/api/src/attestation/coco/builtin.rs index 75b4cb7d4..b9d017f60 100644 --- a/kbs/src/api/src/attestation/coco/builtin.rs +++ b/kbs/src/api/src/attestation/coco/builtin.rs @@ -29,7 +29,7 @@ impl Attest for BuiltInCoCoAs { let attestation: Attestation = serde_json::from_str(attestation)?; // TODO: align with the guest-components/kbs-protocol side. - let runtime_data_plaintext = json!({"tee-pubkey": attestation.tee_pubkey, "nonce": nonce, "extra-params": attestation.extra_params}); + let runtime_data_plaintext = json!({"tee-pubkey": attestation.tee_pubkey, "nonce": nonce}); self.inner .read() diff --git a/kbs/src/api/src/attestation/coco/grpc.rs b/kbs/src/api/src/attestation/coco/grpc.rs index 78784cf20..e478df8d3 100644 --- a/kbs/src/api/src/attestation/coco/grpc.rs +++ b/kbs/src/api/src/attestation/coco/grpc.rs @@ -102,7 +102,7 @@ impl Attest for GrpcClientPool { let attestation: Attestation = serde_json::from_str(attestation)?; // TODO: align with the guest-components/kbs-protocol side. - let runtime_data_plaintext = json!({"tee-pubkey": attestation.tee_pubkey, "nonce": nonce, "extra-params": attestation.extra_params}); + let runtime_data_plaintext = json!({"tee-pubkey": attestation.tee_pubkey, "nonce": nonce}); let runtime_data_plaintext = serde_json::to_string(&runtime_data_plaintext) .context("CoCo AS client: serialize runtime data failed")?; diff --git a/kbs/tools/attest.json b/kbs/tools/attest.json index 6cad33687..dd768b3eb 100644 --- a/kbs/tools/attest.json +++ b/kbs/tools/attest.json @@ -4,6 +4,5 @@ "k-mod": "my_modulus", "k-exp": "my_exponent" }, - "tee-evidence": "my_evidence", - "extra-params": "my_extra_params" + "tee-evidence": "my_evidence" } diff --git a/kbs/tools/client/Cargo.toml b/kbs/tools/client/Cargo.toml index c2cf4bd4d..24024bd7a 100644 --- a/kbs/tools/client/Cargo.toml +++ b/kbs/tools/client/Cargo.toml @@ -18,7 +18,7 @@ base64.workspace = true clap = { version = "4.0.29", features = ["derive"] } env_logger.workspace = true jwt-simple = "0.11.4" -kbs_protocol = { git = "https://github.com/huoqifeng/guest-components.git", rev = "cca0fcb0bae3ad0259efabbb84f3e33c986e1675", default-features = false } +kbs_protocol = { git = "https://github.com/huoqifeng/guest-components.git", rev = "f6607ec8ae8209b2448fae24a78565445ac63bf3", default-features = false } log.workspace = true reqwest = { version = "0.11.18", default-features = false, features = ["cookies", "json"] } serde = { version = "1.0", features = ["derive"] }