Skip to content

Commit

Permalink
Merge branch 'main' into s390x-verifier fix
Browse files Browse the repository at this point in the history
Signed-off-by: Qi Feng Huo <[email protected]>
  • Loading branch information
Qi Feng Huo committed May 29, 2024
1 parent b67ad0c commit 7a82caf
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 24 deletions.
6 changes: 4 additions & 2 deletions attestation-service/attestation-service/src/bin/grpc/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,10 @@ use tonic::transport::Server;
use tonic::{Request, Response, Status};

use crate::as_api::attestation_service_server::{AttestationService, AttestationServiceServer};
use crate::as_api::{AttestationRequest, AttestationResponse, ChallengeRequest, ChallengeResponse, SetPolicyRequest,
SetPolicyResponse};
use crate::as_api::{
AttestationRequest, AttestationResponse, ChallengeRequest, ChallengeResponse, SetPolicyRequest,
SetPolicyResponse,
};

use crate::rvps_api::reference_value_provider_service_server::{
ReferenceValueProviderService, ReferenceValueProviderServiceServer,
Expand Down
10 changes: 5 additions & 5 deletions attestation-service/verifier/src/se/ibmse.rs
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ impl SeAttestationRequest {
Ok(serde_json::from_slice(request).unwrap())
}

pub fn from_str(request: &str) -> Result<Self> {
pub fn from_string(request: &str) -> Result<Self> {
Ok(serde_json::from_str(request).unwrap())
}

Expand Down Expand Up @@ -176,7 +176,7 @@ impl SeAttestationResponse {
Ok(serde_json::from_slice(response).unwrap())
}

pub fn from_str(request: &str) -> Result<Self> {
pub fn from_string(request: &str) -> Result<Self> {
Ok(serde_json::from_str(request).unwrap())
}

Expand Down Expand Up @@ -241,8 +241,8 @@ impl SeAttestationResponse {
return Err(anyhow!("Failed to verify the measurement!"));
}

let userdata = serde_json::from_slice(&self.user_data)?;
debug!("user_data: {:?}", userdata);
// let userdata = serde_json::from_slice(&self.user_data)?;
// debug!("user_data: {:?}", userdata);
// TODO check UserData.image_btph with previous saved value

let mut att_flags = AttestationFlags::default();
Expand Down Expand Up @@ -309,7 +309,7 @@ pub fn verify(response: &[u8], priv_key_file: &str) -> Result<SeAttestationClaim
// response is serialized SeAttestationResponse String bytes
let response_str = std::str::from_utf8(response)?;
debug!("SeAttestationResponse json: {:#?}", response_str);
let se_response = SeAttestationResponse::from_str(&response_str)?;
let se_response = SeAttestationResponse::from_string(response_str)?;

let claims = se_response.verify(priv_key_file)?;
debug!("claims json: {:#?}", claims);
Expand Down
6 changes: 2 additions & 4 deletions attestation-service/verifier/src/se/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -62,16 +62,14 @@ impl Verifier for SeVerifier {
let ca = String::from(SE_CERTIFICATE_ROOT_CA);
// challenge is Serialized SeAttestationRequest, attester uses it to do perform action
// attester then generates and return Serialized SeAttestationResponse
let challenge = ibmse::create(
ibmse::create(
&hkds,
&certs,
&crls,
ca,
SE_IMAGE_HEADER_FILE,
SE_MEASUREMENT_ENCR_KEY_PUBLIC,
);

challenge
)
}
}

Expand Down
28 changes: 15 additions & 13 deletions kbs/src/api/src/attestation/coco/grpc.rs
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ use tonic::transport::Channel;

use self::attestation::{
attestation_request::RuntimeData, attestation_service_client::AttestationServiceClient,
AttestationRequest, ChallengeRequest, SetPolicyRequest, Tee as GrpcTee,
AttestationRequest, ChallengeRequest, SetPolicyRequest,
};

mod attestation {
Expand All @@ -28,18 +28,19 @@ pub const DEFAULT_POOL_SIZE: u64 = 100;

pub const COCO_AS_HASH_ALGORITHM: &str = "sha384";

fn to_grpc_tee(tee: Tee) -> GrpcTee {
fn to_grpc_tee(tee: Tee) -> Option<String> {
match tee {
Tee::AzSnpVtpm => GrpcTee::AzSnpVtpm,
Tee::AzTdxVtpm => GrpcTee::AzTdxVtpm,
Tee::Cca => GrpcTee::Cca,
Tee::Csv => GrpcTee::Csv,
Tee::Sample => GrpcTee::Sample,
Tee::Sev => GrpcTee::Sev,
Tee::Sgx => GrpcTee::Sgx,
Tee::Snp => GrpcTee::Snp,
Tee::Tdx => GrpcTee::Tdx,
Tee::Se => GrpcTee::Se,
Tee::AzSnpVtpm => Some(String::from("azsnpvtpm")),
Tee::AzTdxVtpm => Some(String::from("aztdxvtpm")),
Tee::Cca => Some(String::from("cca")),
Tee::Csv => Some(String::from("csv")),
Tee::Sample => Some(String::from("sample")),
Tee::Sev => Some(String::from("sev")),
Tee::Sgx => Some(String::from("sgx")),
Tee::Snp => Some(String::from("snp")),
Tee::Tdx => Some(String::from("tdx")),
Tee::Se => Some(String::from("se")),
_ => None,
}
}

Expand Down Expand Up @@ -139,8 +140,9 @@ impl Attest for GrpcClientPool {
tee: Tee,
tee_parameters: String,
) -> Result<String> {
let grpc_tee = to_grpc_tee(tee).unwrap();
let req = tonic::Request::new(ChallengeRequest {
tee: to_grpc_tee(tee).into(),
tee: grpc_tee,
tee_params: tee_parameters,
});

Expand Down

0 comments on commit 7a82caf

Please sign in to comment.