kbs: ITA: Allow policy IDs in config file

If one or more policy IDs are specified in the config file, add these
to the attestation request and implicitly set `policy_must_match=true`.

```toml
[attestation_service]
type = "intel_ta"

policy_ids = ["aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa"]
```

Alternatively, specify multiple policy IDs like this:

```toml
policy_ids = [
    "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
    "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb",

    # ...

    "nnnnnnnn-nnnn-nnnn-nnnn-nnnnnnnnnnnn",
]
```

Signed-off-by: James O. D. Hunt <[email protected]>

kbs/docs/config.md

@@ -144,13 +144,14 @@ attestation. The following properties can be set.
 
 > Intel Trust Authority AS is available only when the `intel-trust-authority-as` feature is enabled.
 
-| Property                 | Type    | Description                                                                              | Required | Default |
-|--------------------------|---------|------------------------------------------------------------------------------------------|----------|---------|
-| `timeout`                | Integer | The maximum time (in minutes) between RCAR handshake's `auth` and `attest` requests      | No       | 5       |
-| `base_url`               | String  | Intel Trust Authority API URL.                                                           | Yes      | -       |
-| `api_key`                | String  | Intel Trust Authority API key.                                                           | Yes      | -       |
-| `certs_file`             | String  | URL to an Intel Trust Authority portal or path to JWKS file used for token verification. | Yes      | -       |
-| `allow_unmatched_policy` | Boolean | Determines whether to ignore the `policy_ids_unmatched` token claim.                     | No       | false   |
+| Property                 | Type         | Description                                                                              | Required | Default |
+|--------------------------|--------------|------------------------------------------------------------------------------------------|----------|---------|
+| `timeout`                | Integer      | The maximum time (in minutes) between RCAR handshake's `auth` and `attest` requests      | No       | 5       |
+| `base_url`               | String       | Intel Trust Authority API URL.                                                           | Yes      | -       |
+| `api_key`                | String       | Intel Trust Authority API key.                                                           | Yes      | -       |
+| `certs_file`             | String       | URL to an Intel Trust Authority portal or path to JWKS file used for token verification. | Yes      | -       |
+| `allow_unmatched_policy` | Boolean      | If set and `policy_ids` specified, unset the `request.policy_must_match` setting         | No       | false   |
+| `policy_ids`             | String array | List of one or more quoted and comma-separated policy IDs.                               | No       | `[]`    |
 
 Detailed [documentation](https://docs.trustauthority.intel.com).
 

kbs/src/attestation/intel_trust_authority/mod.rs

@@ -15,6 +15,7 @@ use kbs_types::{Attestation, Tee};
 use reqwest::header::{ACCEPT, CONTENT_TYPE, USER_AGENT};
 use serde::{Deserialize, Serialize};
 use serde_json::{from_value, json};
+use std::result::Result::Ok;
 use strum::{AsRefStr, Display, EnumString};
 
 const SUPPORTED_HASH_ALGORITHMS_JSON_KEY: &str = "supported-hash-algorithms";
@@ -59,18 +60,15 @@ struct AttestReqData {
     runtime_data: String,
     #[serde(skip_serializing_if = "Option::is_none")]
     user_data: Option<String>,
+    policy_ids: Vec<String>,
+    policy_must_match: bool,
 }
 
 #[derive(Deserialize, Debug)]
 struct AttestRespData {
     token: String,
 }
 
-#[derive(Deserialize, Debug)]
-struct Claims {
-    policy_ids_unmatched: Option<Vec<serde_json::Value>>,
-}
-
 #[derive(Deserialize, Debug)]
 struct ErrorResponse {
     error: String,
@@ -82,6 +80,7 @@ pub struct IntelTrustAuthorityConfig {
     pub api_key: String,
     pub certs_file: String,
     pub allow_unmatched_policy: Option<bool>,
+    pub policy_ids: Vec<String>,
 }
 
 pub struct IntelTrustAuthority {
@@ -102,6 +101,13 @@ impl Attest for IntelTrustAuthority {
         })
         .to_string();
 
+        let policy_ids = self.config.policy_ids.clone();
+
+        let policy_must_match = match policy_ids.is_empty() {
+            true => false,
+            false => !self.config.allow_unmatched_policy.unwrap_or_default(),
+        };
+
         // construct attest request data and attestation url
         let (req_data, att_url) = match tee {
             Tee::AzTdxVtpm => {
@@ -116,6 +122,8 @@ impl Attest for IntelTrustAuthority {
                     quote: STANDARD.encode(evidence.td_quote),
                     runtime_data: STANDARD.encode(hcl_report.var_data()),
                     user_data: Some(STANDARD.encode(runtime_data)),
+                    policy_ids,
+                    policy_must_match,
                 };
 
                 (req_data, att_url)
@@ -130,6 +138,8 @@ impl Attest for IntelTrustAuthority {
                     quote: evidence.quote,
                     runtime_data: STANDARD.encode(runtime_data),
                     user_data: None,
+                    policy_ids,
+                    policy_must_match,
                 };
 
                 (req_data, att_url)
@@ -186,21 +196,12 @@ impl Attest for IntelTrustAuthority {
             .await
             .context("Failed to deserialize attestation response")?;
 
-        let token = self
+        let _token = self
             .token_verifier
             .verify(resp_data.token.clone())
             .await
             .context("Failed to verify attestation token")?;
 
-        let claims = serde_json::from_value::<Claims>(token)
-            .context("Failed to deserialize attestation token claims")?;
-
-        // check unmatched policy
-        let allow = self.config.allow_unmatched_policy.unwrap_or(false);
-        if !allow && claims.policy_ids_unmatched.is_some() {
-            bail!("Evidence doesn't match policy");
-        }
-
         Ok(resp_data.token.clone())
     }
 
@@ -473,6 +474,7 @@ mod tests {
             api_key: "".into(),
             certs_file,
             allow_unmatched_policy: None,
+            policy_ids: vec![],
         };
 
         let msg = format!(

kbs/src/config.rs

@@ -80,6 +80,7 @@ impl TryFrom<&Path> for KbsConfig {
             .set_default("admin.insecure_api", DEFAULT_INSECURE_API)?
             .set_default("http_server.insecure_http", DEFAULT_INSECURE_HTTP)?
             .set_default("http_server.sockets", vec![DEFAULT_SOCKET])?
+            .set_default("attestation_service.policy_ids", Vec::<&str>::new())?
             .add_source(File::with_name(config_path.to_str().unwrap()))
             .build()?;
 
@@ -230,6 +231,7 @@ mod tests {
                         api_key: "this-is-a-key".into(),
                         certs_file: "file:///etc/ita-cert.pem".into(),
                         allow_unmatched_policy: Some(true),
+                        policy_ids: vec![],
                     }
                 ),
             timeout: crate::attestation::config::DEFAULT_TIMEOUT,
@@ -341,6 +343,7 @@ mod tests {
                         api_key: "tBfd5kKX2x9ahbodKV1...".into(),
                         certs_file: "https://portal.trustauthority.intel.com".into(),
                         allow_unmatched_policy: None,
+                        policy_ids: vec![],
                     }
                 ),
             timeout: crate::attestation::config::DEFAULT_TIMEOUT,
@@ -400,6 +403,7 @@ mod tests {
                         api_key: "tBfd5kKX2x9ahbodKV1...".into(),
                         certs_file: "https://portal.trustauthority.intel.com".into(),
                         allow_unmatched_policy: None,
+                        policy_ids: vec![],
                     }
                 ),
             timeout: crate::attestation::config::DEFAULT_TIMEOUT,