Verifier: IBM SE use String but not Option for tee_parameters

Signed-off-by: Qi Feng Huo <[email protected]>
confidential-containers · Apr 24, 2024 · 5fecc02 · 5fecc02
1 parent d1adc60
commit 5fecc02
Show file tree

Hide file tree

Showing 10 changed files with 19 additions and 11 deletions.
diff --git a/attestation-service/attestation-service/src/bin/grpc/mod.rs b/attestation-service/attestation-service/src/bin/grpc/mod.rs
@@ -216,7 +216,7 @@ impl AttestationService for Arc<RwLock<AttestationServer>> {
             .read()
             .await
             .attestation_service
-            .generate_supplemental_challenge(tee, Some(request.tee_params.clone()))
+            .generate_supplemental_challenge(tee, request.tee_params.clone())
             .await
             .map_err(|e| Status::aborted(format!("Challenge: {e:?}")))?;
 

diff --git a/attestation-service/attestation-service/src/bin/restful/mod.rs b/attestation-service/attestation-service/src/bin/restful/mod.rs
@@ -189,7 +189,7 @@ pub async fn get_challenge(
     let challenge = cocoas
         .read()
         .await
-        .generate_supplemental_challenge(tee, Some(request.tee_params.clone()))
+        .generate_supplemental_challenge(tee, request.tee_params.clone())
         .await
         .context("generate challenge")?;
     Ok(HttpResponse::Ok().body(challenge))

diff --git a/attestation-service/attestation-service/src/lib.rs b/attestation-service/attestation-service/src/lib.rs
@@ -278,7 +278,7 @@ impl AttestationService {
     pub async fn generate_supplemental_challenge(
         &self,
         tee: Tee,
-        tee_parameters: Option<String>,
+        tee_parameters: String,
     ) -> Result<String> {
         let verifier = verifier::to_verifier(&tee)?;
         verifier

diff --git a/attestation-service/verifier/src/lib.rs b/attestation-service/verifier/src/lib.rs
@@ -167,9 +167,17 @@ pub trait Verifier {
         expected_init_data_hash: &InitDataHash,
     ) -> Result<TeeEvidenceParsedClaim>;
 
+    /// Generate the supplemental challenge
+    /// 
+    /// Some TEE like IBM SE need a `challenge` generated on verifier side
+    /// and pass it to attester side. This challenge is used by attester to
+    /// generate the evidence
+    ///
+    /// A optional `tee_parameters` comes from the attester side as the input.
+
     async fn generate_supplemental_challenge(
         &self,
-        _tee_parameters: Option<String>,
+        _tee_parameters: String,
     ) -> Result<String> {
         Ok(String::new())
     }

diff --git a/attestation-service/verifier/src/se/mod.rs b/attestation-service/verifier/src/se/mod.rs
@@ -29,7 +29,7 @@ impl Verifier for SeVerifier {
 
     async fn generate_supplemental_challenge(
         &self,
-        _tee_parameters: Option<String>,
+        _tee_parameters: String,
     ) -> Result<String> {
 
         // TODO replace FakeSeAttest with real IBM SE crate

diff --git a/kbs/src/api/src/attestation/coco/builtin.rs b/kbs/src/api/src/attestation/coco/builtin.rs
@@ -49,7 +49,7 @@ impl Attest for BuiltInCoCoAs {
     async fn generate_supplemental_challenge(
         &self,
         tee: Tee,
-        tee_parameters: Option<String>,
+        tee_parameters: String,
     ) -> Result<String> {
         self.inner
             .read()

diff --git a/kbs/src/api/src/attestation/coco/grpc.rs b/kbs/src/api/src/attestation/coco/grpc.rs
@@ -130,7 +130,7 @@ impl Attest for GrpcClientPool {
     async fn generate_supplemental_challenge(
         &self,
         tee: Tee,
-        tee_parameters: Option<String>,
+        tee_parameters: String,
     ) -> Result<String> {
         let req = tonic::Request::new(ChallengeRequest {
             tee: to_grpc_tee(tee).into(),

diff --git a/kbs/src/api/src/attestation/intel_trust_authority/mod.rs b/kbs/src/api/src/attestation/intel_trust_authority/mod.rs
@@ -126,7 +126,7 @@ impl Attest for IntelTrustAuthority {
     async fn generate_supplemental_challenge(
         &self,
         _tee: Tee,
-        _tee_parameters: Option<String>,
+        _tee_parameters: String,
     ) -> Result<String> {
         Ok(String::new())
     }

diff --git a/kbs/src/api/src/attestation/mod.rs b/kbs/src/api/src/attestation/mod.rs
@@ -37,7 +37,7 @@ pub trait Attest: Send + Sync {
     async fn generate_supplemental_challenge(
         &self,
         tee: Tee,
-        tee_parameters: Option<String>,
+        tee_parameters: String,
     ) -> Result<String>;
 }
 
@@ -100,7 +100,7 @@ impl AttestationService {
     pub async fn generate_supplemental_challenge(
         &self,
         tee: Tee,
-        tee_parameters: Option<String>,
+        tee_parameters: String,
     ) -> Result<String> {
         match self {
             #[cfg(feature = "coco-as-grpc")]

diff --git a/kbs/src/api/src/http/attest.rs b/kbs/src/api/src/http/attest.rs
@@ -24,7 +24,7 @@ pub(crate) async fn auth(
     debug!("Auth Request: {:?}", &request);
 
     let extra_params = attestation_service
-        .generate_supplemental_challenge(request.tee, Some(request.extra_params.clone()))
+        .generate_supplemental_challenge(request.tee, request.extra_params.clone())
         .await
         .unwrap();