verifier: Fetch VCEK cert from KDS instead of bailing

Fetch the VCEK cert from the KDS if it is absent in the cert chain instead of just printing a bail statement stating that the VCEK is not found. Signed-off-by: Adithya Krishnan Kannan <[email protected]>
confidential-containers · Nov 4, 2024 · 557b9ab · 557b9ab
1 parent aec9296
commit 557b9ab
Show file tree

Hide file tree

Showing 4 changed files with 105 additions and 17 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -36,7 +36,7 @@ jsonwebtoken = { version = "9", default-features = false }
 log = "0.4.17"
 prost = "0.12"
 regorus = { version = "0.1.5", default-features = false, features = ["regex", "base64", "time"] }
-reqwest = { version = "0.12", default-features = false, features = ["default-tls"] }
+reqwest = { version = "0.12", default-features = false, features = ["default-tls", "blocking"] }
 rstest = "0.18.1"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0.89"

diff --git a/deps/verifier/Cargo.toml b/deps/verifier/Cargo.toml
@@ -49,6 +49,7 @@ strum.workspace = true
 veraison-apiclient = { git = "https://github.com/chendave/rust-apiclient", branch = "token", optional = true }
 ear = { git = "https://github.com/veraison/rust-ear", rev = "43f7f480d09ea2ebc03137af8fbcd70fe3df3468", optional = true }
 x509-parser = { version = "0.14.0", optional = true }
+reqwest = { version="0.12.9", features = ["blocking"] }
 
 [build-dependencies]
 shadow-rs.workspace = true

diff --git a/deps/verifier/src/snp/mod.rs b/deps/verifier/src/snp/mod.rs
@@ -19,6 +19,7 @@ use sev::firmware::guest::AttestationReport;
 use sev::firmware::host::{CertTableEntry, CertType};
 use std::sync::OnceLock;
 use x509_parser::prelude::*;
+use reqwest::{blocking::{get, Response as ReqwestResponse}, StatusCode};
 
 #[derive(Serialize, Deserialize)]
 pub struct SnpEvidence {
@@ -84,8 +85,10 @@ impl Verifier for Snp {
             cert_chain,
         } = serde_json::from_slice(evidence).context("Deserialize Quote failed.")?;
 
-        let Some(cert_chain) = cert_chain else {
-            bail!("Cert chain is unset");
+        let cert_chain = if let Some(chain) = cert_chain{
+            chain
+        } else {
+            request_endorsement_key_kds(report)?
         };
 
         verify_report_signature(&report, &cert_chain, &self.vendor_certs)?;
@@ -307,6 +310,38 @@ fn get_common_name(cert: &x509::X509) -> Result<String> {
     Ok(e.data().as_utf8()?.to_string())
 }
 
+// Function to request vcek from KDS. Return vcek in der format.
+fn request_endorsement_key_kds(
+    att_report: AttestationReport,
+) -> Result<Vec<CertTableEntry>, anyhow::Error> {
+    // KDS URL parameters
+    const KDS_CERT_SITE: &str = "https://kdsintf.amd.com";
+    const KDS_VCEK: &str = "/vcek/v1";
+    // Use attestation report to get data for URL
+    let hw_id: String = hex::encode(att_report.chip_id);
+
+    let vcek_url: String = format!(
+        "{KDS_CERT_SITE}{KDS_VCEK}/Milan/\
+        {hw_id}?blSPL={:02}&teeSPL={:02}&snpSPL={:02}&ucodeSPL={:02}",
+        att_report.reported_tcb.bootloader,
+        att_report.reported_tcb.tee,
+        att_report.reported_tcb.snp,
+        att_report.reported_tcb.microcode
+    );
+    // VCEK in DER format
+    let vcek_rsp: ReqwestResponse = get(vcek_url).context("Unable to send request for VCEK")?;
+
+    match vcek_rsp.status() {
+        StatusCode::OK => {
+            let vcek_rsp_bytes: Vec<u8> =
+                vcek_rsp.bytes().context("Unable to parse VCEK")?.to_vec();
+            let key= CertTableEntry{cert_type: CertType::VCEK, data: vcek_rsp_bytes};
+            Ok(vec![key])
+        }
+        status => Err(anyhow::anyhow!("Unable to fetch VCEK from URL: {status:?}")),
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;
@@ -482,4 +517,4 @@ mod tests {
         let vendor_certs = load_milan_cert_chain().as_ref().unwrap();
         verify_report_signature(&attestation_report, &cert_chain, vendor_certs).unwrap_err();
     }
-}
+}