From 693ef07b28792172955ac86a3adc8adf2780a6d5 Mon Sep 17 00:00:00 2001 From: Fattaneh Bayatbabolghani Date: Mon, 10 Jun 2024 16:08:39 -0700 Subject: [PATCH] update the CB protos, for CB all the layers except the root layer has one measurement which is event digest, so the protos are updated to accommodate that change. Change-Id: I3716e29e13702bb8ca40ff54f101bcba526261dc --- oak_attestation_verification/src/verifier.rs | 47 +++++++++++++------- proto/attestation/expected_value.proto | 17 +++---- proto/attestation/reference_value.proto | 24 ++++------ proto/attestation/verification.proto | 9 ++++ 4 files changed, 55 insertions(+), 42 deletions(-) diff --git a/oak_attestation_verification/src/verifier.rs b/oak_attestation_verification/src/verifier.rs index e84b3f78f9a..ea1bc4e16ba 100644 --- a/oak_attestation_verification/src/verifier.rs +++ b/oak_attestation_verification/src/verifier.rs @@ -39,19 +39,20 @@ use oak_proto_rust::oak::{ ApplicationLayerReferenceValues, AttestationResults, BinaryReferenceValue, CbData, CbEndorsements, CbExpectedValues, CbReferenceValues, ContainerLayerData, ContainerLayerEndorsements, ContainerLayerExpectedValues, ContainerLayerReferenceValues, - EndorsementReferenceValue, Endorsements, Evidence, ExpectedDigests, ExpectedRegex, - ExpectedStringLiterals, ExpectedValues, ExtractedEvidence, FakeAttestationReport, - FirmwareAttachment, InsecureExpectedValues, IntelTdxAttestationReport, - IntelTdxExpectedValues, KernelAttachment, KernelBinaryReferenceValue, KernelExpectedValues, - KernelLayerData, KernelLayerEndorsements, KernelLayerExpectedValues, - KernelLayerReferenceValues, OakContainersData, OakContainersEndorsements, - OakContainersExpectedValues, OakContainersReferenceValues, OakRestrictedKernelData, - OakRestrictedKernelEndorsements, OakRestrictedKernelExpectedValues, - OakRestrictedKernelReferenceValues, RawDigests, ReferenceValues, RootLayerData, - RootLayerEndorsements, RootLayerEvidence, RootLayerExpectedValues, - RootLayerReferenceValues, SystemLayerData, SystemLayerEndorsements, - SystemLayerExpectedValues, SystemLayerReferenceValues, TcbVersion, TeePlatform, - TextExpectedValue, TextReferenceValue, TransparentReleaseEndorsement, VerificationSkipped, + EndorsementReferenceValue, Endorsements, EventData, EventExpectedValues, Evidence, + ExpectedDigests, ExpectedRegex, ExpectedStringLiterals, ExpectedValues, ExtractedEvidence, + FakeAttestationReport, FirmwareAttachment, InsecureExpectedValues, + IntelTdxAttestationReport, IntelTdxExpectedValues, KernelAttachment, + KernelBinaryReferenceValue, KernelExpectedValues, KernelLayerData, KernelLayerEndorsements, + KernelLayerExpectedValues, KernelLayerReferenceValues, OakContainersData, + OakContainersEndorsements, OakContainersExpectedValues, OakContainersReferenceValues, + OakRestrictedKernelData, OakRestrictedKernelEndorsements, + OakRestrictedKernelExpectedValues, OakRestrictedKernelReferenceValues, RawDigests, + ReferenceValues, RootLayerData, RootLayerEndorsements, RootLayerEvidence, + RootLayerExpectedValues, RootLayerReferenceValues, SystemLayerData, + SystemLayerEndorsements, SystemLayerExpectedValues, SystemLayerReferenceValues, TcbVersion, + TeePlatform, TextExpectedValue, TextReferenceValue, TransparentReleaseEndorsement, + VerificationSkipped, }, RawDigest, }; @@ -402,6 +403,9 @@ fn get_cb_expected_values( endorsements.root_layer.as_ref(), reference_values.root_layer.as_ref().context("no root layer reference values")?, )?), + kernel_layer: Some(EventExpectedValues::default()), + system_layer: Some(EventExpectedValues::default()), + application_layer: Some(EventExpectedValues::default()), }) } @@ -1198,8 +1202,21 @@ fn extract_evidence_values(evidence: &Evidence) -> anyhow::Result Err(anyhow::anyhow!("incorrect number of DICE layers for Oak Containers")), } } else { - // Assume for now this is CB evidence until the CB fields are better defined. - Ok(EvidenceValues::Cb(CbData { root_layer })) + match &evidence.layers[..] { + [_kernel_layer, _system_layer, _application_layer] => { + let kernel_layer = Some(EventData::default()); + let system_layer = Some(EventData::default()); + let application_layer = Some(EventData::default()); + + Ok(EvidenceValues::Cb(CbData { + root_layer, + kernel_layer, + system_layer, + application_layer, + })) + } + _ => Err(anyhow::anyhow!("incorrect number of DICE layers for CB")), + } } } diff --git a/proto/attestation/expected_value.proto b/proto/attestation/expected_value.proto index 948cc433bbc..9252f6f36bb 100644 --- a/proto/attestation/expected_value.proto +++ b/proto/attestation/expected_value.proto @@ -139,17 +139,9 @@ message ApplicationLayerExpectedValues { ExpectedDigests configuration = 2; } -// Represents digest of application task config. -message CBApplicationLayerExpectedValues { - // Verifies the application task config. - ExpectedDigests binary = 1; -} - -// Represents digest of application task config. -message CBSystemLayerExpectedValues { - // Verifies the application task config. - ExpectedDigests system_image = 1; - TextExpectedValue system_cmd_line = 2; +// Represents digest of an event. +message EventExpectedValues { + ExpectedDigests event = 1; } message OakRestrictedKernelExpectedValues { @@ -167,6 +159,9 @@ message OakContainersExpectedValues { message CBExpectedValues { RootLayerExpectedValues root_layer = 1; + EventExpectedValues kernel_layer = 2; + EventExpectedValues system_layer = 3; + EventExpectedValues application_layer = 4; } message ExpectedValues { diff --git a/proto/attestation/reference_value.proto b/proto/attestation/reference_value.proto index abfaa43a5ac..dd8c3f17178 100644 --- a/proto/attestation/reference_value.proto +++ b/proto/attestation/reference_value.proto @@ -186,13 +186,6 @@ message SystemLayerReferenceValues { BinaryReferenceValue system_image = 1; } -message CBSystemLayerReferenceValues { - // Verifies the system image binary. - BinaryReferenceValue system_image = 1; - // Verifies the command line by which the system image was built. - StringReferenceValue system_cmd_line = 2; -} - // Represents an application running under Oak Restricted Kernel. message ApplicationLayerReferenceValues { // Verifies the application binary based on endorsement. @@ -202,12 +195,6 @@ message ApplicationLayerReferenceValues { BinaryReferenceValue configuration = 2; } -// Represents digest of application task config. -message CBApplicationLayerReferenceValues { - // Verifies the application task config. - BinaryReferenceValue binary = 1; -} - message ContainerLayerReferenceValues { // Verifies the container binary based on endorsement. BinaryReferenceValue binary = 1; @@ -216,6 +203,11 @@ message ContainerLayerReferenceValues { BinaryReferenceValue configuration = 2; } +// Represents digest of an event. +message EventReferenceValues { + BinaryReferenceValue event = 1; +} + message OakRestrictedKernelReferenceValues { RootLayerReferenceValues root_layer = 1; KernelLayerReferenceValues kernel_layer = 2; @@ -231,9 +223,9 @@ message OakContainersReferenceValues { message CBReferenceValues { RootLayerReferenceValues root_layer = 1; - KernelLayerReferenceValues kernel_layer = 2; - CBSystemLayerReferenceValues system_layer = 3; - CBApplicationLayerReferenceValues application_layer = 4; + EventReferenceValues kernel_layer = 2; + EventReferenceValues system_layer = 3; + EventReferenceValues application_layer = 4; } message ReferenceValues { diff --git a/proto/attestation/verification.proto b/proto/attestation/verification.proto index 0fa30e0dae3..bb116eec8d2 100644 --- a/proto/attestation/verification.proto +++ b/proto/attestation/verification.proto @@ -194,6 +194,12 @@ message ContainerLayerData { RawDigest config = 2; } +// Values extracted from the evidence that represents an event. +message EventData { + // Measurement RawDigest of an event. + RawDigest event = 1; +} + // Values extracted from the evidence for a restricted kernel application. message OakRestrictedKernelData { RootLayerData root_layer = 1; @@ -212,4 +218,7 @@ message OakContainersData { // Reserved for future use. message CbData { RootLayerData root_layer = 1; + EventData kernel_layer = 2; + EventData system_layer = 3; + EventData application_layer = 4; }