From 1e7ba44fabbeca6feaa19739eb78b3bbc2a003fb Mon Sep 17 00:00:00 2001 From: Xynnn007 Date: Fri, 9 Aug 2024 16:12:59 +0800 Subject: [PATCH] AA: apply for initdata This commit deletes UpdateConfiguration API for AA, also adds a new cmdline parameter `--initdata` for AA to check initdata when launching. The two changes are for initdata feature. Signed-off-by: Xynnn007 --- .../attestation-agent/src/bin/grpc-aa/main.rs | 28 +- .../src/bin/grpc-aa/server.rs | 29 +- .../src/bin/ttrpc-aa/main.rs | 28 +- .../src/bin/ttrpc-aa/server.rs | 27 -- .../ttrpc_protocol/attestation_agent.rs | 255 +----------------- .../ttrpc_protocol/attestation_agent_ttrpc.rs | 22 -- .../attestation-agent/src/lib.rs | 23 +- .../token_provider/aa/attestation_agent.rs | 255 +----------------- .../aa/attestation_agent_ttrpc.rs | 22 -- .../protos/attestation-agent.proto | 12 - 10 files changed, 80 insertions(+), 621 deletions(-) diff --git a/attestation-agent/attestation-agent/src/bin/grpc-aa/main.rs b/attestation-agent/attestation-agent/src/bin/grpc-aa/main.rs index 6dce99ab4..b6f34bff0 100644 --- a/attestation-agent/attestation-agent/src/bin/grpc-aa/main.rs +++ b/attestation-agent/attestation-agent/src/bin/grpc-aa/main.rs @@ -6,7 +6,8 @@ mod server; use anyhow::*; -use attestation_agent::AttestationAgent; +use attestation_agent::{AttestationAPIs, AttestationAgent}; +use base64::Engine; use clap::Parser; use log::{debug, info}; use tokio::signal::unix::{signal, SignalKind}; @@ -35,6 +36,14 @@ struct Cli { /// `--config /etc/attestation-agent.conf` #[arg(short, long)] config_file: Option, + + /// Initdata to be verified by AA. If initdata check failed, AA will failed to launch. + /// The initdata should be base64 standard encoding. + /// + /// Example: + /// `--initdata AAAAAAAAAAAA` + #[arg(short, long)] + initdata: Option, } #[tokio::main] @@ -45,6 +54,23 @@ pub async fn main() -> Result<()> { let attestation_socket = cli.attestation_sock.parse::()?; let mut aa = AttestationAgent::new(cli.config_file.as_deref()).context("start AA")?; + if let Some(initdata) = cli.initdata { + info!("Initdata is given by parameter, try to check."); + let initdata = base64::engine::general_purpose::STANDARD + .decode(&initdata) + .context("base64 decode initdata")?; + let res = aa + .check_init_data(&initdata) + .await + .context("check initdata")?; + match res { + attester::InitdataResult::Ok => info!("Check initdata passed."), + attester::InitdataResult::Unsupported => { + info!("Platform does not support initdata checking. Jumping.") + } + } + } + aa.init().await.context("init AA")?; debug!( "Attestation gRPC service listening on: {:?}", diff --git a/attestation-agent/attestation-agent/src/bin/grpc-aa/server.rs b/attestation-agent/attestation-agent/src/bin/grpc-aa/server.rs index a1e158fe7..045ca250f 100644 --- a/attestation-agent/attestation-agent/src/bin/grpc-aa/server.rs +++ b/attestation-agent/attestation-agent/src/bin/grpc-aa/server.rs @@ -10,8 +10,7 @@ use attestation::attestation_agent_service_server::{ use attestation::{ CheckInitDataRequest, CheckInitDataResponse, ExtendRuntimeMeasurementRequest, ExtendRuntimeMeasurementResponse, GetEvidenceRequest, GetEvidenceResponse, GetTeeTypeRequest, - GetTeeTypeResponse, GetTokenRequest, GetTokenResponse, UpdateConfigurationRequest, - UpdateConfigurationResponse, + GetTeeTypeResponse, GetTokenRequest, GetTokenResponse, }; use attestation_agent::{AttestationAPIs, AttestationAgent}; use log::{debug, error}; @@ -138,32 +137,6 @@ impl AttestationAgentService for AA { Result::Ok(Response::new(reply)) } - async fn update_configuration( - &self, - request: Request, - ) -> Result, Status> { - let request = request.into_inner(); - - let mut attestation_agent = self.inner.lock().await; - - debug!("AA (grpc): update configuration ..."); - - attestation_agent - .update_configuration(&request.config) - .map_err(|e| { - error!("AA (grpc): update configuration failed:\n{e:?}"); - Status::internal(format!( - "[ERROR:{AGENT_NAME}] AA update configuration failed" - )) - })?; - - debug!("AA (grpc): update configuration successfully!"); - - let reply = UpdateConfigurationResponse {}; - - Result::Ok(Response::new(reply)) - } - async fn get_tee_type( &self, _request: Request, diff --git a/attestation-agent/attestation-agent/src/bin/ttrpc-aa/main.rs b/attestation-agent/attestation-agent/src/bin/ttrpc-aa/main.rs index 07aa7d5d5..1b045e716 100644 --- a/attestation-agent/attestation-agent/src/bin/ttrpc-aa/main.rs +++ b/attestation-agent/attestation-agent/src/bin/ttrpc-aa/main.rs @@ -5,7 +5,8 @@ use ::ttrpc::asynchronous::Server; use anyhow::*; -use attestation_agent::AttestationAgent; +use attestation_agent::{AttestationAPIs, AttestationAgent}; +use base64::Engine; use clap::{arg, command, Parser}; use const_format::concatcp; use log::{debug, info}; @@ -43,6 +44,14 @@ struct Cli { /// `--config /etc/attestation-agent.conf` #[arg(short, long)] config_file: Option, + + /// Initdata to be verified by AA. If initdata check failed, AA will failed to launch. + /// The initdata should be base64 standard encoding. + /// + /// Example: + /// `--initdata AAAAAAAAAAAA` + #[arg(short, long)] + initdata: Option, } #[tokio::main] @@ -58,6 +67,23 @@ pub async fn main() -> Result<()> { .context("clean previous attestation socket file")?; let mut aa = AttestationAgent::new(cli.config_file.as_deref()).context("start AA")?; + if let Some(initdata) = cli.initdata { + info!("Initdata is given by parameter, try to check."); + let initdata = base64::engine::general_purpose::STANDARD + .decode(&initdata) + .context("base64 decode initdata")?; + let res = aa + .check_init_data(&initdata) + .await + .context("check initdata")?; + match res { + attester::InitdataResult::Ok => info!("Check initdata passed."), + attester::InitdataResult::Unsupported => { + info!("Platform does not support initdata checking. Jumping.") + } + } + } + aa.init().await.context("init AA")?; let att = server::start_ttrpc_service(aa)?; diff --git a/attestation-agent/attestation-agent/src/bin/ttrpc-aa/server.rs b/attestation-agent/attestation-agent/src/bin/ttrpc-aa/server.rs index 8f4f55eca..8a0f66d2b 100644 --- a/attestation-agent/attestation-agent/src/bin/ttrpc-aa/server.rs +++ b/attestation-agent/attestation-agent/src/bin/ttrpc-aa/server.rs @@ -17,7 +17,6 @@ use std::sync::Arc; use crate::ttrpc_protocol::attestation_agent::{ ExtendRuntimeMeasurementRequest, ExtendRuntimeMeasurementResponse, GetEvidenceRequest, GetEvidenceResponse, GetTeeTypeRequest, GetTeeTypeResponse, GetTokenRequest, GetTokenResponse, - UpdateConfigurationRequest, UpdateConfigurationResponse, }; use crate::ttrpc_protocol::attestation_agent_ttrpc::{ create_attestation_agent_service, AttestationAgentService, @@ -120,32 +119,6 @@ impl AttestationAgentService for AA { ::ttrpc::Result::Ok(reply) } - async fn update_configuration( - &self, - _ctx: &::ttrpc::r#async::TtrpcContext, - req: UpdateConfigurationRequest, - ) -> ::ttrpc::Result { - debug!("AA (ttrpc): update configuration ..."); - - let mut attestation_agent = self.inner.lock().await; - - attestation_agent - .update_configuration(&req.config) - .map_err(|e| { - error!("AA (ttrpc): update configuration failed:\n {e:?}"); - let mut error_status = ::ttrpc::proto::Status::new(); - error_status.set_code(Code::INTERNAL); - error_status.set_message(format!( - "[ERROR:{AGENT_NAME}] AA update configuration failed" - )); - ::ttrpc::Error::RpcStatus(error_status) - })?; - - debug!("AA (ttrpc): update configuration succeeded."); - let reply = UpdateConfigurationResponse::new(); - ::ttrpc::Result::Ok(reply) - } - async fn get_tee_type( &self, _ctx: &::ttrpc::r#async::TtrpcContext, diff --git a/attestation-agent/attestation-agent/src/bin/ttrpc-aa/ttrpc_protocol/attestation_agent.rs b/attestation-agent/attestation-agent/src/bin/ttrpc-aa/ttrpc_protocol/attestation_agent.rs index 69634d962..4f95780f7 100644 --- a/attestation-agent/attestation-agent/src/bin/ttrpc-aa/ttrpc_protocol/attestation_agent.rs +++ b/attestation-agent/attestation-agent/src/bin/ttrpc-aa/ttrpc_protocol/attestation_agent.rs @@ -1157,231 +1157,6 @@ impl ::protobuf::reflect::ProtobufValue for CheckInitDataResponse { type RuntimeType = ::protobuf::reflect::rt::RuntimeTypeMessage; } -// @@protoc_insertion_point(message:attestation_agent.UpdateConfigurationRequest) -#[derive(PartialEq,Clone,Default,Debug)] -pub struct UpdateConfigurationRequest { - // message fields - // @@protoc_insertion_point(field:attestation_agent.UpdateConfigurationRequest.config) - pub config: ::std::string::String, - // special fields - // @@protoc_insertion_point(special_field:attestation_agent.UpdateConfigurationRequest.special_fields) - pub special_fields: ::protobuf::SpecialFields, -} - -impl<'a> ::std::default::Default for &'a UpdateConfigurationRequest { - fn default() -> &'a UpdateConfigurationRequest { - ::default_instance() - } -} - -impl UpdateConfigurationRequest { - pub fn new() -> UpdateConfigurationRequest { - ::std::default::Default::default() - } - - fn generated_message_descriptor_data() -> ::protobuf::reflect::GeneratedMessageDescriptorData { - let mut fields = ::std::vec::Vec::with_capacity(1); - let mut oneofs = ::std::vec::Vec::with_capacity(0); - fields.push(::protobuf::reflect::rt::v2::make_simpler_field_accessor::<_, _>( - "config", - |m: &UpdateConfigurationRequest| { &m.config }, - |m: &mut UpdateConfigurationRequest| { &mut m.config }, - )); - ::protobuf::reflect::GeneratedMessageDescriptorData::new_2::( - "UpdateConfigurationRequest", - fields, - oneofs, - ) - } -} - -impl ::protobuf::Message for UpdateConfigurationRequest { - const NAME: &'static str = "UpdateConfigurationRequest"; - - fn is_initialized(&self) -> bool { - true - } - - fn merge_from(&mut self, is: &mut ::protobuf::CodedInputStream<'_>) -> ::protobuf::Result<()> { - while let Some(tag) = is.read_raw_tag_or_eof()? { - match tag { - 10 => { - self.config = is.read_string()?; - }, - tag => { - ::protobuf::rt::read_unknown_or_skip_group(tag, is, self.special_fields.mut_unknown_fields())?; - }, - }; - } - ::std::result::Result::Ok(()) - } - - // Compute sizes of nested messages - #[allow(unused_variables)] - fn compute_size(&self) -> u64 { - let mut my_size = 0; - if !self.config.is_empty() { - my_size += ::protobuf::rt::string_size(1, &self.config); - } - my_size += ::protobuf::rt::unknown_fields_size(self.special_fields.unknown_fields()); - self.special_fields.cached_size().set(my_size as u32); - my_size - } - - fn write_to_with_cached_sizes(&self, os: &mut ::protobuf::CodedOutputStream<'_>) -> ::protobuf::Result<()> { - if !self.config.is_empty() { - os.write_string(1, &self.config)?; - } - os.write_unknown_fields(self.special_fields.unknown_fields())?; - ::std::result::Result::Ok(()) - } - - fn special_fields(&self) -> &::protobuf::SpecialFields { - &self.special_fields - } - - fn mut_special_fields(&mut self) -> &mut ::protobuf::SpecialFields { - &mut self.special_fields - } - - fn new() -> UpdateConfigurationRequest { - UpdateConfigurationRequest::new() - } - - fn clear(&mut self) { - self.config.clear(); - self.special_fields.clear(); - } - - fn default_instance() -> &'static UpdateConfigurationRequest { - static instance: UpdateConfigurationRequest = UpdateConfigurationRequest { - config: ::std::string::String::new(), - special_fields: ::protobuf::SpecialFields::new(), - }; - &instance - } -} - -impl ::protobuf::MessageFull for UpdateConfigurationRequest { - fn descriptor() -> ::protobuf::reflect::MessageDescriptor { - static descriptor: ::protobuf::rt::Lazy<::protobuf::reflect::MessageDescriptor> = ::protobuf::rt::Lazy::new(); - descriptor.get(|| file_descriptor().message_by_package_relative_name("UpdateConfigurationRequest").unwrap()).clone() - } -} - -impl ::std::fmt::Display for UpdateConfigurationRequest { - fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { - ::protobuf::text_format::fmt(self, f) - } -} - -impl ::protobuf::reflect::ProtobufValue for UpdateConfigurationRequest { - type RuntimeType = ::protobuf::reflect::rt::RuntimeTypeMessage; -} - -// @@protoc_insertion_point(message:attestation_agent.UpdateConfigurationResponse) -#[derive(PartialEq,Clone,Default,Debug)] -pub struct UpdateConfigurationResponse { - // special fields - // @@protoc_insertion_point(special_field:attestation_agent.UpdateConfigurationResponse.special_fields) - pub special_fields: ::protobuf::SpecialFields, -} - -impl<'a> ::std::default::Default for &'a UpdateConfigurationResponse { - fn default() -> &'a UpdateConfigurationResponse { - ::default_instance() - } -} - -impl UpdateConfigurationResponse { - pub fn new() -> UpdateConfigurationResponse { - ::std::default::Default::default() - } - - fn generated_message_descriptor_data() -> ::protobuf::reflect::GeneratedMessageDescriptorData { - let mut fields = ::std::vec::Vec::with_capacity(0); - let mut oneofs = ::std::vec::Vec::with_capacity(0); - ::protobuf::reflect::GeneratedMessageDescriptorData::new_2::( - "UpdateConfigurationResponse", - fields, - oneofs, - ) - } -} - -impl ::protobuf::Message for UpdateConfigurationResponse { - const NAME: &'static str = "UpdateConfigurationResponse"; - - fn is_initialized(&self) -> bool { - true - } - - fn merge_from(&mut self, is: &mut ::protobuf::CodedInputStream<'_>) -> ::protobuf::Result<()> { - while let Some(tag) = is.read_raw_tag_or_eof()? { - match tag { - tag => { - ::protobuf::rt::read_unknown_or_skip_group(tag, is, self.special_fields.mut_unknown_fields())?; - }, - }; - } - ::std::result::Result::Ok(()) - } - - // Compute sizes of nested messages - #[allow(unused_variables)] - fn compute_size(&self) -> u64 { - let mut my_size = 0; - my_size += ::protobuf::rt::unknown_fields_size(self.special_fields.unknown_fields()); - self.special_fields.cached_size().set(my_size as u32); - my_size - } - - fn write_to_with_cached_sizes(&self, os: &mut ::protobuf::CodedOutputStream<'_>) -> ::protobuf::Result<()> { - os.write_unknown_fields(self.special_fields.unknown_fields())?; - ::std::result::Result::Ok(()) - } - - fn special_fields(&self) -> &::protobuf::SpecialFields { - &self.special_fields - } - - fn mut_special_fields(&mut self) -> &mut ::protobuf::SpecialFields { - &mut self.special_fields - } - - fn new() -> UpdateConfigurationResponse { - UpdateConfigurationResponse::new() - } - - fn clear(&mut self) { - self.special_fields.clear(); - } - - fn default_instance() -> &'static UpdateConfigurationResponse { - static instance: UpdateConfigurationResponse = UpdateConfigurationResponse { - special_fields: ::protobuf::SpecialFields::new(), - }; - &instance - } -} - -impl ::protobuf::MessageFull for UpdateConfigurationResponse { - fn descriptor() -> ::protobuf::reflect::MessageDescriptor { - static descriptor: ::protobuf::rt::Lazy<::protobuf::reflect::MessageDescriptor> = ::protobuf::rt::Lazy::new(); - descriptor.get(|| file_descriptor().message_by_package_relative_name("UpdateConfigurationResponse").unwrap()).clone() - } -} - -impl ::std::fmt::Display for UpdateConfigurationResponse { - fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { - ::protobuf::text_format::fmt(self, f) - } -} - -impl ::protobuf::reflect::ProtobufValue for UpdateConfigurationResponse { - type RuntimeType = ::protobuf::reflect::rt::RuntimeTypeMessage; -} - // @@protoc_insertion_point(message:attestation_agent.GetTeeTypeRequest) #[derive(PartialEq,Clone,Default,Debug)] pub struct GetTeeTypeRequest { @@ -1621,21 +1396,17 @@ static file_descriptor_proto_data: &'static [u8] = b"\ Response\"K\n\x11InitDataPlaintext\x12\x18\n\x07Content\x18\x01\x20\x01(\ \x0cR\x07Content\x12\x1c\n\tAlgorithm\x18\x02\x20\x01(\tR\tAlgorithm\".\ \n\x14CheckInitDataRequest\x12\x16\n\x06Digest\x18\x01\x20\x01(\x0cR\x06\ - Digest\"\x17\n\x15CheckInitDataResponse\"4\n\x1aUpdateConfigurationReque\ - st\x12\x16\n\x06config\x18\x01\x20\x01(\tR\x06config\"\x1d\n\x1bUpdateCo\ - nfigurationResponse\"\x13\n\x11GetTeeTypeRequest\"&\n\x12GetTeeTypeRespo\ - nse\x12\x10\n\x03tee\x18\x01\x20\x01(\tR\x03tee2\x87\x05\n\x17Attestatio\ - nAgentService\x12\\\n\x0bGetEvidence\x12%.attestation_agent.GetEvidenceR\ - equest\x1a&.attestation_agent.GetEvidenceResponse\x12S\n\x08GetToken\x12\ - \".attestation_agent.GetTokenRequest\x1a#.attestation_agent.GetTokenResp\ - onse\x12\x83\x01\n\x18ExtendRuntimeMeasurement\x122.attestation_agent.Ex\ - tendRuntimeMeasurementRequest\x1a3.attestation_agent.ExtendRuntimeMeasur\ - ementResponse\x12b\n\rCheckInitData\x12'.attestation_agent.CheckInitData\ - Request\x1a(.attestation_agent.CheckInitDataResponse\x12t\n\x13UpdateCon\ - figuration\x12-.attestation_agent.UpdateConfigurationRequest\x1a..attest\ - ation_agent.UpdateConfigurationResponse\x12Y\n\nGetTeeType\x12$.attestat\ - ion_agent.GetTeeTypeRequest\x1a%.attestation_agent.GetTeeTypeResponseb\ - \x06proto3\ + Digest\"\x17\n\x15CheckInitDataResponse\"\x13\n\x11GetTeeTypeRequest\"&\ + \n\x12GetTeeTypeResponse\x12\x10\n\x03tee\x18\x01\x20\x01(\tR\x03tee2\ + \x91\x04\n\x17AttestationAgentService\x12\\\n\x0bGetEvidence\x12%.attest\ + ation_agent.GetEvidenceRequest\x1a&.attestation_agent.GetEvidenceRespons\ + e\x12S\n\x08GetToken\x12\".attestation_agent.GetTokenRequest\x1a#.attest\ + ation_agent.GetTokenResponse\x12\x83\x01\n\x18ExtendRuntimeMeasurement\ + \x122.attestation_agent.ExtendRuntimeMeasurementRequest\x1a3.attestation\ + _agent.ExtendRuntimeMeasurementResponse\x12b\n\rCheckInitData\x12'.attes\ + tation_agent.CheckInitDataRequest\x1a(.attestation_agent.CheckInitDataRe\ + sponse\x12Y\n\nGetTeeType\x12$.attestation_agent.GetTeeTypeRequest\x1a%.\ + attestation_agent.GetTeeTypeResponseb\x06proto3\ "; /// `FileDescriptorProto` object which was a source for this generated file @@ -1653,7 +1424,7 @@ pub fn file_descriptor() -> &'static ::protobuf::reflect::FileDescriptor { file_descriptor.get(|| { let generated_file_descriptor = generated_file_descriptor_lazy.get(|| { let mut deps = ::std::vec::Vec::with_capacity(0); - let mut messages = ::std::vec::Vec::with_capacity(13); + let mut messages = ::std::vec::Vec::with_capacity(11); messages.push(GetEvidenceRequest::generated_message_descriptor_data()); messages.push(GetEvidenceResponse::generated_message_descriptor_data()); messages.push(GetTokenRequest::generated_message_descriptor_data()); @@ -1663,8 +1434,6 @@ pub fn file_descriptor() -> &'static ::protobuf::reflect::FileDescriptor { messages.push(InitDataPlaintext::generated_message_descriptor_data()); messages.push(CheckInitDataRequest::generated_message_descriptor_data()); messages.push(CheckInitDataResponse::generated_message_descriptor_data()); - messages.push(UpdateConfigurationRequest::generated_message_descriptor_data()); - messages.push(UpdateConfigurationResponse::generated_message_descriptor_data()); messages.push(GetTeeTypeRequest::generated_message_descriptor_data()); messages.push(GetTeeTypeResponse::generated_message_descriptor_data()); let mut enums = ::std::vec::Vec::with_capacity(0); diff --git a/attestation-agent/attestation-agent/src/bin/ttrpc-aa/ttrpc_protocol/attestation_agent_ttrpc.rs b/attestation-agent/attestation-agent/src/bin/ttrpc-aa/ttrpc_protocol/attestation_agent_ttrpc.rs index baa18f5b7..1674f98df 100644 --- a/attestation-agent/attestation-agent/src/bin/ttrpc-aa/ttrpc_protocol/attestation_agent_ttrpc.rs +++ b/attestation-agent/attestation-agent/src/bin/ttrpc-aa/ttrpc_protocol/attestation_agent_ttrpc.rs @@ -52,11 +52,6 @@ impl AttestationAgentServiceClient { ::ttrpc::async_client_request!(self, ctx, req, "attestation_agent.AttestationAgentService", "CheckInitData", cres); } - pub async fn update_configuration(&self, ctx: ttrpc::context::Context, req: &super::attestation_agent::UpdateConfigurationRequest) -> ::ttrpc::Result { - let mut cres = super::attestation_agent::UpdateConfigurationResponse::new(); - ::ttrpc::async_client_request!(self, ctx, req, "attestation_agent.AttestationAgentService", "UpdateConfiguration", cres); - } - pub async fn get_tee_type(&self, ctx: ttrpc::context::Context, req: &super::attestation_agent::GetTeeTypeRequest) -> ::ttrpc::Result { let mut cres = super::attestation_agent::GetTeeTypeResponse::new(); ::ttrpc::async_client_request!(self, ctx, req, "attestation_agent.AttestationAgentService", "GetTeeType", cres); @@ -107,17 +102,6 @@ impl ::ttrpc::r#async::MethodHandler for CheckInitDataMethod { } } -struct UpdateConfigurationMethod { - service: Arc>, -} - -#[async_trait] -impl ::ttrpc::r#async::MethodHandler for UpdateConfigurationMethod { - async fn handler(&self, ctx: ::ttrpc::r#async::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<::ttrpc::Response> { - ::ttrpc::async_request_handler!(self, ctx, req, attestation_agent, UpdateConfigurationRequest, update_configuration); - } -} - struct GetTeeTypeMethod { service: Arc>, } @@ -143,9 +127,6 @@ pub trait AttestationAgentService: Sync { async fn check_init_data(&self, _ctx: &::ttrpc::r#async::TtrpcContext, _: super::attestation_agent::CheckInitDataRequest) -> ::ttrpc::Result { Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/attestation_agent.AttestationAgentService/CheckInitData is not supported".to_string()))) } - async fn update_configuration(&self, _ctx: &::ttrpc::r#async::TtrpcContext, _: super::attestation_agent::UpdateConfigurationRequest) -> ::ttrpc::Result { - Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/attestation_agent.AttestationAgentService/UpdateConfiguration is not supported".to_string()))) - } async fn get_tee_type(&self, _ctx: &::ttrpc::r#async::TtrpcContext, _: super::attestation_agent::GetTeeTypeRequest) -> ::ttrpc::Result { Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/attestation_agent.AttestationAgentService/GetTeeType is not supported".to_string()))) } @@ -168,9 +149,6 @@ pub fn create_attestation_agent_service(service: Arc); - methods.insert("UpdateConfiguration".to_string(), - Box::new(UpdateConfigurationMethod{service: service.clone()}) as Box); - methods.insert("GetTeeType".to_string(), Box::new(GetTeeTypeMethod{service: service.clone()}) as Box); diff --git a/attestation-agent/attestation-agent/src/lib.rs b/attestation-agent/attestation-agent/src/lib.rs index e5d28c9b3..f6909cd11 100644 --- a/attestation-agent/attestation-agent/src/lib.rs +++ b/attestation-agent/attestation-agent/src/lib.rs @@ -7,7 +7,7 @@ use anyhow::{bail, Context, Result}; use async_trait::async_trait; use attester::{detect_tee_type, BoxedAttester}; use kbs_types::Tee; -use std::{io::Write, str::FromStr}; +use std::str::FromStr; use tokio::sync::Mutex; pub use attester::InitdataResult; @@ -129,27 +129,6 @@ impl AttestationAgent { tee, }) } - - /// This is a workaround API for initdata in CoCo. Once - /// a better design is implemented we can deprecate the API. - /// See https://github.com/kata-containers/kata-containers/issues/9468 - pub fn update_configuration(&mut self, conf: &str) -> Result<()> { - let mut tmpfile = tempfile::NamedTempFile::new()?; - let _ = tmpfile.write(conf.as_bytes())?; - tmpfile.flush()?; - - let config = Config::try_from( - tmpfile - .path() - .as_os_str() - .to_str() - .expect("tempfile will not create non-unicode char"), - // Here we can use `expect()` because tempfile crate will generate file name - // only including numbers and alphabet (0-9, a-z, A-Z) - )?; - self.config = config; - Ok(()) - } } #[async_trait] diff --git a/attestation-agent/kbs_protocol/src/token_provider/aa/attestation_agent.rs b/attestation-agent/kbs_protocol/src/token_provider/aa/attestation_agent.rs index 69634d962..4f95780f7 100644 --- a/attestation-agent/kbs_protocol/src/token_provider/aa/attestation_agent.rs +++ b/attestation-agent/kbs_protocol/src/token_provider/aa/attestation_agent.rs @@ -1157,231 +1157,6 @@ impl ::protobuf::reflect::ProtobufValue for CheckInitDataResponse { type RuntimeType = ::protobuf::reflect::rt::RuntimeTypeMessage; } -// @@protoc_insertion_point(message:attestation_agent.UpdateConfigurationRequest) -#[derive(PartialEq,Clone,Default,Debug)] -pub struct UpdateConfigurationRequest { - // message fields - // @@protoc_insertion_point(field:attestation_agent.UpdateConfigurationRequest.config) - pub config: ::std::string::String, - // special fields - // @@protoc_insertion_point(special_field:attestation_agent.UpdateConfigurationRequest.special_fields) - pub special_fields: ::protobuf::SpecialFields, -} - -impl<'a> ::std::default::Default for &'a UpdateConfigurationRequest { - fn default() -> &'a UpdateConfigurationRequest { - ::default_instance() - } -} - -impl UpdateConfigurationRequest { - pub fn new() -> UpdateConfigurationRequest { - ::std::default::Default::default() - } - - fn generated_message_descriptor_data() -> ::protobuf::reflect::GeneratedMessageDescriptorData { - let mut fields = ::std::vec::Vec::with_capacity(1); - let mut oneofs = ::std::vec::Vec::with_capacity(0); - fields.push(::protobuf::reflect::rt::v2::make_simpler_field_accessor::<_, _>( - "config", - |m: &UpdateConfigurationRequest| { &m.config }, - |m: &mut UpdateConfigurationRequest| { &mut m.config }, - )); - ::protobuf::reflect::GeneratedMessageDescriptorData::new_2::( - "UpdateConfigurationRequest", - fields, - oneofs, - ) - } -} - -impl ::protobuf::Message for UpdateConfigurationRequest { - const NAME: &'static str = "UpdateConfigurationRequest"; - - fn is_initialized(&self) -> bool { - true - } - - fn merge_from(&mut self, is: &mut ::protobuf::CodedInputStream<'_>) -> ::protobuf::Result<()> { - while let Some(tag) = is.read_raw_tag_or_eof()? { - match tag { - 10 => { - self.config = is.read_string()?; - }, - tag => { - ::protobuf::rt::read_unknown_or_skip_group(tag, is, self.special_fields.mut_unknown_fields())?; - }, - }; - } - ::std::result::Result::Ok(()) - } - - // Compute sizes of nested messages - #[allow(unused_variables)] - fn compute_size(&self) -> u64 { - let mut my_size = 0; - if !self.config.is_empty() { - my_size += ::protobuf::rt::string_size(1, &self.config); - } - my_size += ::protobuf::rt::unknown_fields_size(self.special_fields.unknown_fields()); - self.special_fields.cached_size().set(my_size as u32); - my_size - } - - fn write_to_with_cached_sizes(&self, os: &mut ::protobuf::CodedOutputStream<'_>) -> ::protobuf::Result<()> { - if !self.config.is_empty() { - os.write_string(1, &self.config)?; - } - os.write_unknown_fields(self.special_fields.unknown_fields())?; - ::std::result::Result::Ok(()) - } - - fn special_fields(&self) -> &::protobuf::SpecialFields { - &self.special_fields - } - - fn mut_special_fields(&mut self) -> &mut ::protobuf::SpecialFields { - &mut self.special_fields - } - - fn new() -> UpdateConfigurationRequest { - UpdateConfigurationRequest::new() - } - - fn clear(&mut self) { - self.config.clear(); - self.special_fields.clear(); - } - - fn default_instance() -> &'static UpdateConfigurationRequest { - static instance: UpdateConfigurationRequest = UpdateConfigurationRequest { - config: ::std::string::String::new(), - special_fields: ::protobuf::SpecialFields::new(), - }; - &instance - } -} - -impl ::protobuf::MessageFull for UpdateConfigurationRequest { - fn descriptor() -> ::protobuf::reflect::MessageDescriptor { - static descriptor: ::protobuf::rt::Lazy<::protobuf::reflect::MessageDescriptor> = ::protobuf::rt::Lazy::new(); - descriptor.get(|| file_descriptor().message_by_package_relative_name("UpdateConfigurationRequest").unwrap()).clone() - } -} - -impl ::std::fmt::Display for UpdateConfigurationRequest { - fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { - ::protobuf::text_format::fmt(self, f) - } -} - -impl ::protobuf::reflect::ProtobufValue for UpdateConfigurationRequest { - type RuntimeType = ::protobuf::reflect::rt::RuntimeTypeMessage; -} - -// @@protoc_insertion_point(message:attestation_agent.UpdateConfigurationResponse) -#[derive(PartialEq,Clone,Default,Debug)] -pub struct UpdateConfigurationResponse { - // special fields - // @@protoc_insertion_point(special_field:attestation_agent.UpdateConfigurationResponse.special_fields) - pub special_fields: ::protobuf::SpecialFields, -} - -impl<'a> ::std::default::Default for &'a UpdateConfigurationResponse { - fn default() -> &'a UpdateConfigurationResponse { - ::default_instance() - } -} - -impl UpdateConfigurationResponse { - pub fn new() -> UpdateConfigurationResponse { - ::std::default::Default::default() - } - - fn generated_message_descriptor_data() -> ::protobuf::reflect::GeneratedMessageDescriptorData { - let mut fields = ::std::vec::Vec::with_capacity(0); - let mut oneofs = ::std::vec::Vec::with_capacity(0); - ::protobuf::reflect::GeneratedMessageDescriptorData::new_2::( - "UpdateConfigurationResponse", - fields, - oneofs, - ) - } -} - -impl ::protobuf::Message for UpdateConfigurationResponse { - const NAME: &'static str = "UpdateConfigurationResponse"; - - fn is_initialized(&self) -> bool { - true - } - - fn merge_from(&mut self, is: &mut ::protobuf::CodedInputStream<'_>) -> ::protobuf::Result<()> { - while let Some(tag) = is.read_raw_tag_or_eof()? { - match tag { - tag => { - ::protobuf::rt::read_unknown_or_skip_group(tag, is, self.special_fields.mut_unknown_fields())?; - }, - }; - } - ::std::result::Result::Ok(()) - } - - // Compute sizes of nested messages - #[allow(unused_variables)] - fn compute_size(&self) -> u64 { - let mut my_size = 0; - my_size += ::protobuf::rt::unknown_fields_size(self.special_fields.unknown_fields()); - self.special_fields.cached_size().set(my_size as u32); - my_size - } - - fn write_to_with_cached_sizes(&self, os: &mut ::protobuf::CodedOutputStream<'_>) -> ::protobuf::Result<()> { - os.write_unknown_fields(self.special_fields.unknown_fields())?; - ::std::result::Result::Ok(()) - } - - fn special_fields(&self) -> &::protobuf::SpecialFields { - &self.special_fields - } - - fn mut_special_fields(&mut self) -> &mut ::protobuf::SpecialFields { - &mut self.special_fields - } - - fn new() -> UpdateConfigurationResponse { - UpdateConfigurationResponse::new() - } - - fn clear(&mut self) { - self.special_fields.clear(); - } - - fn default_instance() -> &'static UpdateConfigurationResponse { - static instance: UpdateConfigurationResponse = UpdateConfigurationResponse { - special_fields: ::protobuf::SpecialFields::new(), - }; - &instance - } -} - -impl ::protobuf::MessageFull for UpdateConfigurationResponse { - fn descriptor() -> ::protobuf::reflect::MessageDescriptor { - static descriptor: ::protobuf::rt::Lazy<::protobuf::reflect::MessageDescriptor> = ::protobuf::rt::Lazy::new(); - descriptor.get(|| file_descriptor().message_by_package_relative_name("UpdateConfigurationResponse").unwrap()).clone() - } -} - -impl ::std::fmt::Display for UpdateConfigurationResponse { - fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { - ::protobuf::text_format::fmt(self, f) - } -} - -impl ::protobuf::reflect::ProtobufValue for UpdateConfigurationResponse { - type RuntimeType = ::protobuf::reflect::rt::RuntimeTypeMessage; -} - // @@protoc_insertion_point(message:attestation_agent.GetTeeTypeRequest) #[derive(PartialEq,Clone,Default,Debug)] pub struct GetTeeTypeRequest { @@ -1621,21 +1396,17 @@ static file_descriptor_proto_data: &'static [u8] = b"\ Response\"K\n\x11InitDataPlaintext\x12\x18\n\x07Content\x18\x01\x20\x01(\ \x0cR\x07Content\x12\x1c\n\tAlgorithm\x18\x02\x20\x01(\tR\tAlgorithm\".\ \n\x14CheckInitDataRequest\x12\x16\n\x06Digest\x18\x01\x20\x01(\x0cR\x06\ - Digest\"\x17\n\x15CheckInitDataResponse\"4\n\x1aUpdateConfigurationReque\ - st\x12\x16\n\x06config\x18\x01\x20\x01(\tR\x06config\"\x1d\n\x1bUpdateCo\ - nfigurationResponse\"\x13\n\x11GetTeeTypeRequest\"&\n\x12GetTeeTypeRespo\ - nse\x12\x10\n\x03tee\x18\x01\x20\x01(\tR\x03tee2\x87\x05\n\x17Attestatio\ - nAgentService\x12\\\n\x0bGetEvidence\x12%.attestation_agent.GetEvidenceR\ - equest\x1a&.attestation_agent.GetEvidenceResponse\x12S\n\x08GetToken\x12\ - \".attestation_agent.GetTokenRequest\x1a#.attestation_agent.GetTokenResp\ - onse\x12\x83\x01\n\x18ExtendRuntimeMeasurement\x122.attestation_agent.Ex\ - tendRuntimeMeasurementRequest\x1a3.attestation_agent.ExtendRuntimeMeasur\ - ementResponse\x12b\n\rCheckInitData\x12'.attestation_agent.CheckInitData\ - Request\x1a(.attestation_agent.CheckInitDataResponse\x12t\n\x13UpdateCon\ - figuration\x12-.attestation_agent.UpdateConfigurationRequest\x1a..attest\ - ation_agent.UpdateConfigurationResponse\x12Y\n\nGetTeeType\x12$.attestat\ - ion_agent.GetTeeTypeRequest\x1a%.attestation_agent.GetTeeTypeResponseb\ - \x06proto3\ + Digest\"\x17\n\x15CheckInitDataResponse\"\x13\n\x11GetTeeTypeRequest\"&\ + \n\x12GetTeeTypeResponse\x12\x10\n\x03tee\x18\x01\x20\x01(\tR\x03tee2\ + \x91\x04\n\x17AttestationAgentService\x12\\\n\x0bGetEvidence\x12%.attest\ + ation_agent.GetEvidenceRequest\x1a&.attestation_agent.GetEvidenceRespons\ + e\x12S\n\x08GetToken\x12\".attestation_agent.GetTokenRequest\x1a#.attest\ + ation_agent.GetTokenResponse\x12\x83\x01\n\x18ExtendRuntimeMeasurement\ + \x122.attestation_agent.ExtendRuntimeMeasurementRequest\x1a3.attestation\ + _agent.ExtendRuntimeMeasurementResponse\x12b\n\rCheckInitData\x12'.attes\ + tation_agent.CheckInitDataRequest\x1a(.attestation_agent.CheckInitDataRe\ + sponse\x12Y\n\nGetTeeType\x12$.attestation_agent.GetTeeTypeRequest\x1a%.\ + attestation_agent.GetTeeTypeResponseb\x06proto3\ "; /// `FileDescriptorProto` object which was a source for this generated file @@ -1653,7 +1424,7 @@ pub fn file_descriptor() -> &'static ::protobuf::reflect::FileDescriptor { file_descriptor.get(|| { let generated_file_descriptor = generated_file_descriptor_lazy.get(|| { let mut deps = ::std::vec::Vec::with_capacity(0); - let mut messages = ::std::vec::Vec::with_capacity(13); + let mut messages = ::std::vec::Vec::with_capacity(11); messages.push(GetEvidenceRequest::generated_message_descriptor_data()); messages.push(GetEvidenceResponse::generated_message_descriptor_data()); messages.push(GetTokenRequest::generated_message_descriptor_data()); @@ -1663,8 +1434,6 @@ pub fn file_descriptor() -> &'static ::protobuf::reflect::FileDescriptor { messages.push(InitDataPlaintext::generated_message_descriptor_data()); messages.push(CheckInitDataRequest::generated_message_descriptor_data()); messages.push(CheckInitDataResponse::generated_message_descriptor_data()); - messages.push(UpdateConfigurationRequest::generated_message_descriptor_data()); - messages.push(UpdateConfigurationResponse::generated_message_descriptor_data()); messages.push(GetTeeTypeRequest::generated_message_descriptor_data()); messages.push(GetTeeTypeResponse::generated_message_descriptor_data()); let mut enums = ::std::vec::Vec::with_capacity(0); diff --git a/attestation-agent/kbs_protocol/src/token_provider/aa/attestation_agent_ttrpc.rs b/attestation-agent/kbs_protocol/src/token_provider/aa/attestation_agent_ttrpc.rs index bd1035f9d..1dcbbeb31 100644 --- a/attestation-agent/kbs_protocol/src/token_provider/aa/attestation_agent_ttrpc.rs +++ b/attestation-agent/kbs_protocol/src/token_provider/aa/attestation_agent_ttrpc.rs @@ -52,11 +52,6 @@ impl AttestationAgentServiceClient { ::ttrpc::async_client_request!(self, ctx, req, "attestation_agent.AttestationAgentService", "CheckInitData", cres); } - pub async fn update_configuration(&self, ctx: ttrpc::context::Context, req: &super::attestation_agent::UpdateConfigurationRequest) -> ::ttrpc::Result { - let mut cres = super::attestation_agent::UpdateConfigurationResponse::new(); - ::ttrpc::async_client_request!(self, ctx, req, "attestation_agent.AttestationAgentService", "UpdateConfiguration", cres); - } - pub async fn get_tee_type(&self, ctx: ttrpc::context::Context, req: &super::attestation_agent::GetTeeTypeRequest) -> ::ttrpc::Result { let mut cres = super::attestation_agent::GetTeeTypeResponse::new(); ::ttrpc::async_client_request!(self, ctx, req, "attestation_agent.AttestationAgentService", "GetTeeType", cres); @@ -107,17 +102,6 @@ impl ::ttrpc::r#async::MethodHandler for CheckInitDataMethod { } } -struct UpdateConfigurationMethod { - service: Arc>, -} - -#[async_trait] -impl ::ttrpc::r#async::MethodHandler for UpdateConfigurationMethod { - async fn handler(&self, ctx: ::ttrpc::r#async::TtrpcContext, req: ::ttrpc::Request) -> ::ttrpc::Result<::ttrpc::Response> { - ::ttrpc::async_request_handler!(self, ctx, req, attestation_agent, UpdateConfigurationRequest, update_configuration); - } -} - struct GetTeeTypeMethod { service: Arc>, } @@ -143,9 +127,6 @@ pub trait AttestationAgentService: Sync { async fn check_init_data(&self, _ctx: &::ttrpc::r#async::TtrpcContext, _: super::attestation_agent::CheckInitDataRequest) -> ::ttrpc::Result { Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/attestation_agent.AttestationAgentService/CheckInitData is not supported".to_string()))) } - async fn update_configuration(&self, _ctx: &::ttrpc::r#async::TtrpcContext, _: super::attestation_agent::UpdateConfigurationRequest) -> ::ttrpc::Result { - Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/attestation_agent.AttestationAgentService/UpdateConfiguration is not supported".to_string()))) - } async fn get_tee_type(&self, _ctx: &::ttrpc::r#async::TtrpcContext, _: super::attestation_agent::GetTeeTypeRequest) -> ::ttrpc::Result { Err(::ttrpc::Error::RpcStatus(::ttrpc::get_status(::ttrpc::Code::NOT_FOUND, "/attestation_agent.AttestationAgentService/GetTeeType is not supported".to_string()))) } @@ -168,9 +149,6 @@ pub fn create_attestation_agent_service(service: Arc); - methods.insert("UpdateConfiguration".to_string(), - Box::new(UpdateConfigurationMethod{service: service.clone()}) as Box); - methods.insert("GetTeeType".to_string(), Box::new(GetTeeTypeMethod{service: service.clone()}) as Box); diff --git a/attestation-agent/protos/attestation-agent.proto b/attestation-agent/protos/attestation-agent.proto index 665044cde..7b6f219ee 100644 --- a/attestation-agent/protos/attestation-agent.proto +++ b/attestation-agent/protos/attestation-agent.proto @@ -47,12 +47,6 @@ message CheckInitDataRequest { message CheckInitDataResponse {} -message UpdateConfigurationRequest { - string config = 1; -} - -message UpdateConfigurationResponse {} - message GetTeeTypeRequest {} message GetTeeTypeResponse { @@ -64,11 +58,5 @@ service AttestationAgentService { rpc GetToken(GetTokenRequest) returns (GetTokenResponse) {}; rpc ExtendRuntimeMeasurement(ExtendRuntimeMeasurementRequest) returns (ExtendRuntimeMeasurementResponse) {}; rpc CheckInitData(CheckInitDataRequest) returns (CheckInitDataResponse) {}; - - // This is a workaround API for initdata in CoCo. Once - // a better design is implemented we can deprecate the API. - // See https://github.com/kata-containers/kata-containers/issues/9468 - rpc UpdateConfiguration(UpdateConfigurationRequest) returns (UpdateConfigurationResponse) {}; - rpc GetTeeType(GetTeeTypeRequest) returns (GetTeeTypeResponse) {}; }