csv: validate the hmac of PEK and ChipId in attester (#92)

Signed-off-by: hanliyang <hanliyang@hygon.cn>
inclavare-containers · Sep 7, 2023 · 4192866 · 4192866
1 parent a281238
commit 4192866
Show file tree

Hide file tree

Showing 7 changed files with 60 additions and 78 deletions.
diff --git a/attesters/csv/collect_evidence.c b/attesters/csv/collect_evidence.c
@@ -287,6 +287,31 @@ static int collect_attestation_evidence(const uint8_t *hash, uint32_t hash_len,
  /* Fill evidence buffer with attestation report */
  assert(sizeof(csv_attestation_report) <= CSV_GUEST_MAP_LEN);
 
+ /* The PEK and ChipId are stored in csv_attestation_report, it's necessary
+ * to validate PEK and ChipId before transfer to verifier.
+ */
+ hash_block_t hmac;
+
+ memset((void *)&hmac, 0, sizeof(hash_block_t));
+ ret = sm3_hmac((const char *)report_mnonce, CSV_ATTESTATION_MNONCE_SIZE,
+ (const unsigned char *)attestation_report +
+ CSV_ATTESTATION_REPORT_HMAC_DATA_OFFSET,
+ CSV_ATTESTATION_REPORT_HMAC_DATA_SIZE, (unsigned char *)&hmac,
+ sizeof(hash_block_t));
+ if (ret) {
+ RATS_ERR("failed to compute sm3 hmac\n");
+ goto err_munmap;
+ }
+ ret = memcmp(&hmac, &attestation_report->hmac, sizeof(hash_block_t));
+ if (ret) {
+ RATS_ERR("PEK and ChipId may have been tampered with\n");
+ goto err_munmap;
+ }
+ RATS_DEBUG("check PEK and ChipId successfully\n");
+
+ /* Reserved1 field should be filled with 0 */
+ memset(attestation_report->reserved1, 0, sizeof(attestation_report->reserved1));
+
  attestation_report = &evidence->attestation_report;
  memcpy(attestation_report, user_data, sizeof(csv_attestation_report));
 

diff --git a/attesters/csv/csv_utils.c b/attesters/csv/csv_utils.c
@@ -7,6 +7,7 @@
 #include <stddef.h>
 #include <librats/log.h>
 #include <openssl/evp.h>
+#include <openssl/hmac.h>
 
 void gen_random_bytes(void *buf, size_t len)
 {
@@ -46,3 +47,34 @@ int sm3_hash(const unsigned char *data, size_t len, unsigned char *hash, size_t
 
  return ret;
 }
+
+int sm3_hmac(const char *key, size_t key_len, const unsigned char *data, size_t data_len,
+ unsigned char *hmac, size_t expected_hmac_len)
+{
+ HMAC_CTX *hmac_ctx = HMAC_CTX_new();
+ const EVP_MD *evp_md = EVP_sm3();
+ unsigned int sm3_hmac_out_size = 0;
+ int ret = -1;
+
+ if (hmac_ctx == NULL)
+ return ret;
+
+ if (!HMAC_Init_ex(hmac_ctx, key, key_len, evp_md, NULL))
+ goto err_free_hmac_ctx;
+
+ if (!HMAC_Update(hmac_ctx, data, data_len))
+ goto err_free_hmac_ctx;
+
+ if (!HMAC_Final(hmac_ctx, hmac, &sm3_hmac_out_size))
+ goto err_free_hmac_ctx;
+
+ if (sm3_hmac_out_size != expected_hmac_len)
+ goto err_free_hmac_ctx;
+
+ ret = 0;
+
+err_free_hmac_ctx:
+ HMAC_CTX_free(hmac_ctx);
+
+ return ret;
+}
diff --git a/attesters/csv/csv_utils.h b/attesters/csv/csv_utils.h
@@ -8,3 +8,5 @@
 
 void gen_random_bytes(void *buf, size_t len);
 int sm3_hash(const unsigned char *data, size_t len, unsigned char *hash, size_t expected_hash_len);
+int sm3_hmac(const char *key, size_t key_len, const unsigned char *data, size_t data_len,
+ unsigned char *hmac, size_t expected_hmac_len);
diff --git a/verifiers/csv/CMakeLists.txt b/verifiers/csv/CMakeLists.txt
@@ -20,7 +20,6 @@ link_directories(${LIBRARY_DIRS})
 
 # Set source file
 set(SOURCES cleanup.c
- csv_utils.c
  hygoncert.c
  init.c
  main.c

diff --git a/verifiers/csv/csv_utils.c b/verifiers/csv/csv_utils.c
diff --git a/verifiers/csv/csv_utils.h b/verifiers/csv/csv_utils.h
diff --git a/verifiers/csv/verify_evidence.c b/verifiers/csv/verify_evidence.c
@@ -10,7 +10,6 @@
 #include <librats/verifier.h>
 #include <librats/csv.h>
 #include "hygoncert.h"
-#include "csv_utils.h"
 
 static rats_verifier_err_t verify_cert_chain(csv_evidence *evidence)
 {
@@ -24,35 +23,9 @@ static rats_verifier_err_t verify_cert_chain(csv_evidence *evidence)
  assert(sizeof(hygon_root_cert_t) == HYGON_CERT_SIZE);
  assert(sizeof(csv_cert_t) == HYGON_CSV_CERT_SIZE);
 
- /* The PEK and ChipId are stored in csv_attestation_report, it's necessary
- * to check whether PEK and ChipId have been tampered with.
- */
- hash_block_t hmac;
- uint8_t mnonce[CSV_ATTESTATION_MNONCE_SIZE] = {
- 0,
- };
+ /* Retrieve PEK cert and ChipId */
  int i, j;
 
- /* Retrieve mnonce which is the key of sm3-hmac */
- j = CSV_ATTESTATION_MNONCE_SIZE / sizeof(uint32_t);
- for (i = 0; i < j; i++)
- ((uint32_t *)mnonce)[i] = ((uint32_t *)report->mnonce)[i] ^ report->anonce;
-
- memset((void *)&hmac, 0, sizeof(hash_block_t));
- if (sm3_hmac((const char *)mnonce, CSV_ATTESTATION_MNONCE_SIZE,
- (const unsigned char *)report + CSV_ATTESTATION_REPORT_HMAC_DATA_OFFSET,
- CSV_ATTESTATION_REPORT_HMAC_DATA_SIZE, (unsigned char *)&hmac,
- sizeof(hash_block_t))) {
- RATS_ERR("failed to compute sm3 hmac\n");
- return err;
- }
- if (memcmp(&hmac, &report->hmac, sizeof(hash_block_t))) {
- RATS_ERR("PEK and ChipId may have been tampered with\n");
- return err;
- }
- RATS_DEBUG("check PEK and ChipId successfully\n");
-
- /* Retrieve PEK cert and ChipId */
  j = (offsetof(csv_attestation_report, reserved1) -
  offsetof(csv_attestation_report, pek_cert)) /
  sizeof(uint32_t);