Skip to content

Commit

Permalink
Made Attester trait's get_evidence() async
Browse files Browse the repository at this point in the history 
Signed-off-by: Magnus Kulke <magnuskulke@microsoft.com>
  • Loading branch information
@mkulke @Xynnn007
mkulke authored and Xynnn007 committed Jul 28, 2023
1 parent c6306eb commit 709a6b0
Show file tree
Hide file tree
Showing 8 changed files with 25 additions and 14 deletions.
4 changes: 4 additions & 0 deletions attestation-agent/attester/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ edition = "2021"

[dependencies]
anyhow.workspace = true
async-trait.workspace = true
az-snp-vtpm = { git = "https://github.com/kinvolk/azure-cvm-tooling", rev = "2c2e411", default-features = false, features = ["attester"], optional = true }
base64.workspace = true
log.workspace = true
Expand All @@ -17,6 +18,9 @@ sev = { git = "https://github.com/virtee/sev", version = "1.2", default-features
strum.workspace = true
tdx-attest-rs = { git = "https://github.com/intel/SGXDataCenterAttestationPrimitives", tag = "DCAP_1.16", optional = true }

[dev-dependencies]
tokio.workspace = true

[features]
default = ["all-attesters"]
all-attesters = ["tdx-attester", "sgx-attester", "az-snp-vtpm-attester", "snp-attester"]
Expand Down
3 changes: 2 additions & 1 deletion attestation-agent/attester/src/az_snp_vtpm/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,9 @@ struct Evidence {
vcek: String,
}

#[async_trait::async_trait]
impl Attester for AzSnpVtpmAttester {
fn get_evidence(&self, report_data: Vec<u8>) -> Result<String> {
async fn get_evidence(&self, report_data: Vec<u8>) -> Result<String> {
let report = vtpm::get_report()?;
let quote = vtpm::get_quote(&report_data)?;
let certs = imds::get_certs()?;
Expand Down
3 changes: 2 additions & 1 deletion attestation-agent/attester/src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,11 +57,12 @@ impl Tee {
}
}

#[async_trait::async_trait]
pub trait Attester {
/// Call the hardware driver to get the Hardware specific evidence.
/// The parameter `report_data` will be used as the user input of the
/// evidence to avoid reply attack.
fn get_evidence(&self, report_data: Vec<u8>) -> Result<String>;
async fn get_evidence(&self, report_data: Vec<u8>) -> Result<String>;
}

// Detect which TEE platform the KBC running environment is.
Expand Down
3 changes: 2 additions & 1 deletion attestation-agent/attester/src/sample/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,9 @@ struct SampleQuote {
#[derive(Debug, Default)]
pub struct SampleAttester {}

#[async_trait::async_trait]
impl Attester for SampleAttester {
fn get_evidence(&self, report_data: Vec<u8>) -> Result<String> {
async fn get_evidence(&self, report_data: Vec<u8>) -> Result<String> {
let evidence = SampleQuote {
svn: "1".to_string(),
report_data: base64::engine::general_purpose::STANDARD.encode(report_data),
Expand Down
9 changes: 5 additions & 4 deletions attestation-agent/attester/src/sgx_dcap/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,8 +45,9 @@ struct SgxDcapAttesterEvidence {
#[derive(Debug, Default)]
pub struct SgxDcapAttester {}

#[async_trait::async_trait]
impl Attester for SgxDcapAttester {
fn get_evidence(&self, mut report_data: Vec<u8>) -> Result<String> {
async fn get_evidence(&self, mut report_data: Vec<u8>) -> Result<String> {
if report_data.len() > 64 {
bail!("SGX Attester: Report data should be SHA384 base64 String");
}
Expand Down Expand Up @@ -90,12 +91,12 @@ mod tests {
use super::*;

#[ignore]
#[test]
fn test_sgx_get_evidence() {
#[tokio::test]
async fn test_sgx_get_evidence() {
let attester = SgxDcapAttester::default();
let report_data: Vec<u8> = vec![0; 48];

let evidence = attester.get_evidence(report_data);
let evidence = attester.get_evidence(report_data).await;
assert!(evidence.is_ok());
}
}
3 changes: 2 additions & 1 deletion attestation-agent/attester/src/snp/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,9 @@ struct SnpEvidence {
#[derive(Debug, Default)]
pub struct SnpAttester {}

#[async_trait::async_trait]
impl Attester for SnpAttester {
fn get_evidence(&self, mut report_data: Vec<u8>) -> Result<String> {
async fn get_evidence(&self, mut report_data: Vec<u8>) -> Result<String> {
if report_data.len() > 64 {
bail!("SNP Attester: Report data must be no more than 64 bytes");
}
Expand Down
9 changes: 5 additions & 4 deletions attestation-agent/attester/src/tdx/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,9 @@ struct TdxEvidence {
#[derive(Debug, Default)]
pub struct TdxAttester {}

#[async_trait::async_trait]
impl Attester for TdxAttester {
fn get_evidence(&self, mut report_data: Vec<u8>) -> Result<String> {
async fn get_evidence(&self, mut report_data: Vec<u8>) -> Result<String> {
if report_data.len() > 64 {
bail!("TDX Attester: Report data must be no more than 64 bytes");
}
Expand Down Expand Up @@ -71,12 +72,12 @@ mod tests {
use super::*;

#[ignore]
#[test]
fn test_tdx_get_evidence() {
#[tokio::test]
async fn test_tdx_get_evidence() {
let attester = TdxAttester::default();
let report_data: Vec<u8> = vec![0; 48];

let evidence = attester.get_evidence(report_data);
let evidence = attester.get_evidence(report_data).await;
assert!(evidence.is_ok());
}
}
5 changes: 3 additions & 2 deletions attestation-agent/kbs_protocol/src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ impl KbsProtocolWrapper {
})
}

fn generate_evidence(&self, tee_pubkey: TeePubKey) -> Result<Attestation> {
async fn generate_evidence(&self, tee_pubkey: TeePubKey) -> Result<Attestation> {
let nonce = self
.nonce
.to_owned()
Expand All @@ -151,6 +151,7 @@ impl KbsProtocolWrapper {

let tee_evidence = attester
.get_evidence(ehd)
.await
.map_err(|e| anyhow!("Get TEE evidence failed: {:?}", e))?;

Ok(Attestation {
Expand Down Expand Up @@ -199,7 +200,7 @@ impl KbsProtocolWrapper {
.http_client()
.post(format!("{kbs_root_url}{KBS_PREFIX}/attest"))
.header("Content-Type", "application/json")
.json(&self.generate_evidence(pubkey)?)
.json(&self.generate_evidence(pubkey).await?)
.send()
.await?;

Expand Down

0 comments on commit 709a6b0

Please sign in to comment.