Skip to content

Commit

Permalink
Feat: update ual proto (#9)
Browse files Browse the repository at this point in the history
* Feat: sync ual proto and add UnifiedAttestationGenerationParams

* fix: circle ci image
  • Loading branch information
zhongtianq authored Feb 22, 2024
1 parent 47a9d68 commit 62069c1
Show file tree
Hide file tree
Showing 2 changed files with 123 additions and 24 deletions.
2 changes: 1 addition & 1 deletion .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ jobs:
# Specify the execution environment. You can specify an image from Dockerhub or use one of our Convenience Images from CircleCI's Developer Hub.
# See: https://circleci.com/docs/2.0/configuration-reference/#docker-machine-macos-windows-executor
docker:
- image: registry.hub.docker.com/secretflow/ubuntu-base-ci:0.4
- image: registry.hub.docker.com/secretflow/ubuntu-base-ci:latest
resource_class: large
# Add steps to the job
# See: https://circleci.com/docs/2.0/configuration-reference/#steps
Expand Down
145 changes: 122 additions & 23 deletions secretflowapis/v2/sdc/ual.proto
Original file line number Diff line number Diff line change
Expand Up @@ -19,25 +19,27 @@ package secretflowapis.v2.sdc;

/// UnifiedAttestationAttributes collect all attributes information
/// of trusted application from UnifiedAttestationReport format report.
/// All attributes is optional when used in UnifiedAttestationPolicy.
/// The TEE implement decides which attribute is used in repport and policy.
/// All attributes are optional when used in UnifiedAttestationPolicy.
/// The TEE implement decides which attribute is used in the report and policy.
message UnifiedAttestationAttributes {
// The TEE platform, in case some verifier need to verify this.
// The TEE platform, in case some verifier needs to verify this.
string str_tee_platform = 1 [ json_name = "str_tee_platform" ];
// The TEE platform hardware related identity or version
// The TEE platform hardware-related identity or version
string hex_platform_hw_version = 2 [ json_name = "hex_platform_hw_version" ];
// The TEE platform TCB software related version
// The TEE platform TCB software-related version
string hex_platform_sw_version = 3 [ json_name = "hex_platform_sw_version" ];
// The TEE platform security related attribte or flags
// The TEE platform security-related attributes or flags
string hex_secure_flags = 4 [ json_name = "hex_secure_flags" ];
// The measurement of TEE implement internal stuffs
// The measurement of TEE implement internal stuff
string hex_platform_measurement = 5
[ json_name = "hex_platform_measurement" ];
// The measurement of TEE instance boot time stuffs
// The measurement of TEE instance boot time stuff
string hex_boot_measurement = 6 [ json_name = "hex_boot_measurement" ];
// The TEE instance or trust application identity when generate the reprot
// The name of this tee instance
string str_tee_name = 8 [ json_name = "str_tee_name" ];
// The TEE instance or trust application identity when generating the report
string str_tee_identity = 9 [ json_name = "str_tee_identity" ];
// The static measurement of trust application when load the code
// The static measurement of trust application when loading the code
string hex_ta_measurement = 10 [ json_name = "hex_ta_measurement" ];
// The dynamical measurement of trust application code,
// for example, the real-time measurement of code in secure memory
Expand All @@ -49,60 +51,84 @@ message UnifiedAttestationAttributes {
string hex_prod_id = 13 [ json_name = "hex_prod_id" ];
// The minimal ISV SVN of the TEE instance or trust application
string str_min_isvsvn = 14 [ json_name = "str_min_isvsvn" ];
// The bool string "0" for debugable, "1" for not debugable
// The bool string "0" for debuggable, "1" for not debuggable
string bool_debug_disabled = 15 [ json_name = "bool_debug_disabled" ];
// The user special data for generating attestation report
// The user data for generating the attestation report
string hex_user_data = 20 [ json_name = "hex_user_data" ];
// hex string hash or original pem public key
string hex_hash_or_pem_pubkey = 21 [ json_name = "hex_hash_or_pem_pubkey" ];
// The idenpendent freshness value beside what in user data
// The independent freshness value besides what is in user data
string hex_nonce = 22 [ json_name = "hex_nonce" ];
// The service provider id, e.g. use in sgx1, 64 bytes hex string
string hex_spid = 30 [ json_name = "hex_spid" ];
// The report verified time set by verifier if there is trust time
string str_verified_time = 40 [ json_name = "str_verified_time" ];
}

/// UnifiedAttestationPolicy is used when verify the attestation report.
/// UnifiedAttestationPolicy is used when verifying the attestation report.
/// Both main or nested submodule attester support multi-version of instances.
message UnifiedAttestationPolicy {
// Assume one public key is bound to one report, specify it here.
// We can also specify the public key or its hash in main or submodule
// We can also specify the public key or its hash in the main or submodule
// UnifiedAttestationAttributes. Public key verification will happen
// in both two places.
// NOTE: if there is submodule attester, we must specify the public key
// here to verify the signature of submode attestation result.
// NOTE: if there is a submodule attester, we must specify the public key
// here to verify the signature of the submodel attestation result.
string pem_public_key = 1 [ json_name = "pem_public_key" ];
// For main attester
// For the main attester
repeated UnifiedAttestationAttributes main_attributes = 2
[ json_name = "main_attributes" ];
// For submodule attesters
repeated UnifiedAttestationNestedPolicy nested_policies = 3
UnifiedAttestationNestedPolicies nested_policies = 3
[ json_name = "nested_policies" ];
}

/// Match rulse for nested report verification
/// Match rules for nested reports verification
message UnifiedAttestationNestedPolicies {
// The group name and id are used for group attestation
string str_group_name = 1 [ json_name = "str_group_name" ];
string str_group_id = 2 [ json_name = "str_group_id" ];
repeated UnifiedAttestationNestedPolicy policies = 3
[ json_name = "policies" ];
}

/// Match rules for nested report verification
message UnifiedAttestationNestedPolicy {
repeated UnifiedAttestationAttributes sub_attributes = 1
repeated UnifiedAttestationAttributes sub_attributes = 3
[ json_name = "sub_attributes" ];
}

/// Special Parameters for different TEE platforms, keep consistent with kubetee
/// attestation.proto
message UnifiedAttestationReportParams {
// The identity string for report instance which is cached inside TEE.
// The identity string for the report instance which is cached inside TEE.
// It's optional and usually used in Asynchronous processes.
string str_report_identity = 1 [ json_name = "str_report_identity" ];
// The user data in some TEE platforms, Max to 64 Bytes of HEX string.
// Users need to convert binary value data to HEX string themselves.
string hex_user_data = 2 [ json_name = "hex_user_data" ];
// The JSON serialized string of UnifiedAttestationNestedReports
string json_nested_reports = 3 [ json_name = "json_nested_reports" ];
// User specified public key instead of UAK to be put into report_data
string pem_public_key = 4 [ json_name = "pem_public_key" ];
// Service Provider ID for SGX1 only
string hex_spid = 10 [ json_name = "hex_spid" ];
}

message UnifiedAttestationGenerationParams {
// For which TEE instance to generate the unified attestation report
string tee_identity = 1 [ json_name = "tee_identity" ];
// which type of unified attestation report to be generated
string report_type = 2 [ json_name = "report_type" ];
// Provide freshness if necessary.
string report_hex_nonce = 3 [ json_name = "report_hex_nonce" ];
UnifiedAttestationReportParams report_params = 4
[ json_name = "report_params" ];
}

/// Unified Attestation Report, keep consistent with kubetee attestation.proto
message UnifiedAttestationReport {
// For compatibility and udpate later, current is version "1.0"
// For compatibility and update later, the current version is "1.0"
string str_report_version = 1 [ json_name = "str_report_version" ];
// Valid type string: "BackgroundCheck"|"Passport"|"Uas"
string str_report_type = 2 [ json_name = "str_report_type" ];
Expand All @@ -113,4 +139,77 @@ message UnifiedAttestationReport {
string json_report = 4 [ json_name = "json_report" ];
// The JSON serialized string of UnifiedAttestationNestedReports
string json_nested_reports = 9 [ json_name = "json_nested_reports" ];
}

/// Unified attestation report with public key authentication
message UnifiedAttestationAuthReport {
UnifiedAttestationReport report = 1 [ json_name = "report" ];
string pem_public_key = 2 [ json_name = "pem_public_key" ];
}

/// UnifiedAttestationReport::json_report for SGX2 DCAP
/// Store the quote and PCCS verification collateral for SGX2 DCAP attestation
message DcapReport {
// For BackgroundCheck type report: Only quote in the report
string b64_quote = 1 [ json_name = "b64_quote" ];
// For Passport type report: Quote and collateral in report
// The serialized JSON string of the SgxQlQveCollateral
string json_collateral = 2 [ json_name = "json_collateral" ];
}

/// SGX DCAP quote verification collateral
/// Get this after generating the quote and adding it to the report
/// In this way, the challenger will don't need to connect PCCS anymore.
message SgxQlQveCollateral {
// uint32_t, version = 1. PCK Cert chain is in the Quote.
int64 version = 1 [ json_name = "version" ];
string pck_crl_issuer_chain = 2 [ json_name = "pck_crl_issuer_chain" ];
string root_ca_crl = 3 [ json_name = "root_ca_crl" ];
string pck_crl = 4 [ json_name = "pck_crl" ];
string tcb_info_issuer_chain = 5 [ json_name = "tcb_info_issuer_chain" ];
string tcb_info = 6 [ json_name = "tcb_info" ];
string qe_identity_issuer_chain = 7
[ json_name = "qe_identity_issuer_chain" ];
string qe_identity = 8 [ json_name = "qe_identity" ];
// < 0x00000000: SGX or 0x00000081: TDX
int64 tee_type = 20 [ json_name = "tee_type" ];
}

/// UnifiedAttestationReport::json_report for HyperEnclave
/// Only a quote is required for HyperEnclave attestation
message HyperEnclaveReport { string b64_quote = 1 [ json_name = "b64_quote" ]; }

/// UnifiedAttestationReport::json_report for Huawei Kunpeng
message KunpengReport {
string b64_quote = 1 [ json_name = "b64_quote" ];
int64 int64_version = 2 [ json_name = "int64_version" ];
}

/// UnifiedAttestationReport::json_report for Hygon CSV
message HygonCsvReport {
// For BackgroundCheck type report: Only quote in the report
string b64_quote = 1 [ json_name = "b64_quote" ];
// For Passport type report: Quote and collateral in report
// The serialized JSON string of the HygonCsvCertChain
string json_cert_chain = 2 [ json_name = "json_cert_chain" ];
// Save chip id to avoid to parse it from b64_quote when verify report
string str_chip_id = 3 [ json_name = "str_chip_id" ];
}

/// UnifiedAttestationReport::json_report for Intel TDX
message IntelTdxReport {
string b64_quote = 1 [ json_name = "b64_quote" ];
// For Passport type report: Quote and collateral in report
// The serialized JSON string of the SgxQlQveCollateral
string json_collateral = 2 [ json_name = "json_collateral" ];
}

/// Hygon CSV report verification collateral about certificates
/// Get this after generating the quote and adding it to the report
/// In this way, the challenger will don't need to connect PCCS anymore.
message HygonCsvCertChain {
// The Base64 string of hygon_root_cert_t
string b64_hsk_cert = 1 [ json_name = "b64_hsk_cert" ];
// The Base64 string of csv_cert_t
string b64_cek_cert = 2 [ json_name = "b64_cek_cert" ];
}

0 comments on commit 62069c1

Please sign in to comment.