cc-api · wenhuizhang · Feb 6, 2024 · Feb 6, 2024
diff --git a/.github/workflows/pr-check-rust.yaml b/.github/workflows/pr-check-rust.yaml
@@ -30,12 +30,10 @@ jobs:
           sudo apt update && yes | DEBIAN_FRONTEND=noninteractive sudo apt install -y libcryptsetup-dev clang protobuf-compiler protobuf-c-compiler libprotobuf-c-dev libprotobuf-c1 build-essential pkg-config libssl-dev
       - name: Run cargo check
         run: |
-          cd service/quote-server
+          cd service/ccnp-server
           cargo test
           cargo check
           cargo fmt -- --check
           cargo clippy
           cargo install --locked cargo-deny
           cargo deny check
-          cd tdx_attest
-          cargo test
diff --git a/.gitignore b/.gitignore
@@ -15,3 +15,6 @@ tools/cvm-image-rewriter/pre-stage/05-readonly-data/cloud-init/x-shellscript/01-
 tools/cvm-image-rewriter/pre-stage/07-install-mvp-guest/cloud-init/
 tools/cvm-image-rewriter/pre-stage/07-install-mvp-guest/artifacts/*
 
+service/ccnp-server/target/
+service/ccnp-server/Cargo.lock
+service/ccnp-server/.cargo
diff --git a/api/eventlog-server.proto b/api/eventlog-server.proto
diff --git a/api/measurement-server.proto b/api/measurement-server.proto
diff --git a/api/quote-server.proto b/api/quote-server.proto
diff --git a/service/quote-server/Cargo.toml → service/ccnp-server/Cargo.toml b/service/quote-server/Cargo.toml → service/ccnp-server/Cargo.toml
@@ -1,11 +1,11 @@
 [package]
-name = "quoteServer"
-version = "0.1.0"
+name = "ccnp_server"
+version = "0.3.2"
 edition = "2021"
 
 [[bin]] # Bin to run the quote server
-name = "quote_server"
-path = "src/quote_server.rs"
+name = "ccnp_server"
+path = "src/main.rs"
 
 [dependencies]
 tonic = "0.9"
@@ -16,17 +16,19 @@ anyhow = "1.0"
 async-trait = "0.1.56"
 base64 = "0.13.0"
 log = "0.4.14"
-serde_json = "1.0"
-sha2 = "0.10"
 clap = { version = "4.0.29", features = ["derive"] }
 tonic-reflection = "0.9.2"
 tonic-health = "0.9.2"
-nix = "0.26.2"
-tdx_attest = "0.1.1"
+lazy_static = "1.4.0"
+cctrusted_vm = { git="https://github.com/cc-api/cc-trusted-api" }
+cctrusted_base = { git="https://github.com/cc-api/cc-trusted-api" }
+env_logger = "0.10.1"
+regex = "1.10.3"
+serde = { version = "1.0", features = ["derive"] }
+serde_yaml = "0.9.30"
+openssl = "0.10.63"
 
 [dev-dependencies]
-tower = { version = "0.4", features = ["util"] }
-hyper = { version ="0.14.27" }
 serial_test = { version ="2.0.0" }
 
 [build-dependencies]

diff --git a/service/pod-quote/Makefile → service/ccnp-server/Makefile b/service/pod-quote/Makefile → service/ccnp-server/Makefile
@@ -10,9 +10,9 @@ DESTDIR ?= $(PREFIX)/bin
 DEBUG ?=
 
 TARGET_DIR := target
-BIN_NAME := pod_quote
+BIN_NAME := ccnp_server
 
-CARGO := /usr/local/cargo/bin/cargo
+CARGO := cargo
 
 ifdef DEBUG
     release :=

diff --git a/service/ccnp-server/README.md b/service/ccnp-server/README.md
@@ -0,0 +1,101 @@
+# CCNP Service
+
+This service will provide CC event log/CC measurement/CC report by [CC Trusted API](https://github.com/cc-api/cc-trusted-api) for remote attestation service to verify the integrity and confidentiality of the trusted computing environment and required software environment.
+
+## Start Service
+
+Run the command:
+
+```
+sudo ./ccnp_server
+[2024-02-06T02:06:18Z INFO  ccnp_server] [ccnp-server]: set sock file permissions: /run/ccnp/uds/ccnp-server.sock
+[2024-02-06T02:06:18Z INFO  ccnp_server] [ccnp-server]: staring the service...
+```
+
+## Query Information
+
+1. Query the CC report
+
+Run the command:
+
+```
+grpcurl -authority "dummy"  -plaintext -d '{ "user_data": "MTIzNDU2NzgxMjM0NTY3ODEyMzQ1Njc4MTIzNDU2NzgxMjM0NTY3ODEyMzQ1Njc4", "nonce":"IXUKoBO1UM3c1wopN4sY" }'  -unix /run/ccnp/uds/ccnp-server.sock ccnp_server_pb.ccnp.GetCcReport
+```
+
+The output looks like this:
+
+```
+{
+  "ccType": 1,
+  "ccReport": "..."
+}
+```
+
+2. Query the CC measurement
+
+Run the command:
+
+```
+grpcurl -authority "dummy"  -plaintext -d '{ "index": 0, "algo_id": 12}'  -unix /run/ccnp/uds/ccnp-server.sock ccnp_server_pb.ccnp.GetCcMeasurement
+```
+
+The output looks like:
+
+```
+{
+  "measurement": {
+    "algoId": 12,
+    "hash": "..."
+  }
+}
+```
+
+3. Query the eventlog
+
+Run the command:
+
+```
+grpcurl -authority "dummy"  -plaintext -d '{"start": 0, "count": 3}'  -unix /run/ccnp/uds/ccnp-server.sock ccnp_server_pb.ccnp.GetCcEventlog
+```
+
+The output looks like:
+
+```
+{
+  "eventLogs": [
+    {
+      "eventType": 3,
+      "digests": [
+        {
+          "algoId": 4,
+          "hash": "..."
+        }
+      ],
+      "eventSize": 33,
+      "event": "..."
+    },
+    {
+      "eventType": 2147483659,
+      "digests": [
+        {
+          "algoId": 12,
+          "hash": "..."
+        }
+      ],
+      "eventSize": 42,
+      "event": "..."
+    },
+    {
+      "eventType": 2147483658,
+      "digests": [
+        {
+          "algoId": 12,
+          "hash": "..."
+        }
+      ],
+      "eventSize": 58,
+      "event": "..."
+    }
+  ]
+}
+```
diff --git a/service/quote-server/build.rs → service/ccnp-server/build.rs b/service/quote-server/build.rs → service/ccnp-server/build.rs
@@ -7,15 +7,15 @@ use std::env;
 use std::path::PathBuf;
 
 fn main() -> Result<(), Box<dyn std::error::Error>> {
-    tonic_build::compile_protos("api/quote-server.proto")?;
+    tonic_build::compile_protos("proto/ccnp-server.proto")?;
 
     let original_out_dir = PathBuf::from(env::var("OUT_DIR")?);
     let out_dir = "./src";
 
     tonic_build::configure()
         .out_dir(out_dir)
-        .file_descriptor_set_path(original_out_dir.join("quote_server_descriptor.bin"))
-        .compile(&["api/quote-server.proto"], &["api"])?;
+        .file_descriptor_set_path(original_out_dir.join("ccnp_server_descriptor.bin"))
+        .compile(&["proto/ccnp-server.proto"], &["proto"])?;
 
     Ok(())
 }
diff --git a/service/ccnp-server/proto/ccnp-server.proto b/service/ccnp-server/proto/ccnp-server.proto
@@ -0,0 +1,81 @@
+syntax = "proto3";
+package ccnp_server_pb;
+
+message HealthCheckRequest {
+  string service = 1;
+}
+
+message HealthCheckResponse {
+  enum ServingStatus {
+    UNKNOWN = 0;
+    SERVING = 1;
+    NOT_SERVING = 2;
+    SERVICE_UNKNOWN = 3;
+  }
+  ServingStatus status = 1;
+}
+
+service ccnp {
+    rpc GetDefaultAlgorithm(GetDefaultAlgorithmRequest) returns (GetDefaultAlgorithmResponse);
+    rpc GetMeasurementCount(GetMeasurementCountRequest) returns (GetMeasurementCountResponse);
+    rpc GetCcReport (GetCcReportRequest) returns (GetCcReportResponse);
+    rpc GetCcMeasurement (GetCcMeasurementRequest) returns (GetCcMeasurementResponse) {}
+    rpc GetCcEventlog (GetCcEventlogRequest) returns (GetCcEventlogResponse) {}
+}
+
+message GetDefaultAlgorithmRequest {
+}
+
+message GetDefaultAlgorithmResponse {
+    uint32 algo_id = 1;
+}
+
+message GetMeasurementCountRequest {
+}
+
+message GetMeasurementCountResponse {
+    uint32 count = 1;
+}
+
+message GetCcReportRequest {
+    string user_data = 1;
+    string nonce = 2;
+}
+
+message GetCcReportResponse {
+    int32 cc_type = 1;
+    bytes cc_report = 2;
+}
+
+message GetCcMeasurementRequest {
+    uint32 index = 1;
+    uint32 algo_id = 2;
+}
+
+message GetCcMeasurementResponse {
+    TcgDigest measurement = 1;
+}
+
+message GetCcEventlogRequest {
+    uint32 start = 1;
+    uint32 count = 2;
+}
+
+message TcgDigest {
+    uint32  algo_id = 1;
+    bytes   hash = 2;
+}
+
+message TcgEventlog {
+    uint32 rec_num = 1;
+    uint32  imr_index = 2;
+    uint32  event_type = 3;
+    repeated TcgDigest digests = 4;
+    uint32  event_size = 5;
+    bytes   event = 6;
+    map<string, string> extra_info = 7;
+}
+
+message GetCcEventlogResponse {
+    repeated TcgEventlog event_logs = 1;
+}