Feat: update ual proto

.circleci/config.yml

@@ -34,7 +34,7 @@ jobs:
     # Specify the execution environment. You can specify an image from Dockerhub or use one of our Convenience Images from CircleCI's Developer Hub.
     # See: https://circleci.com/docs/2.0/configuration-reference/#docker-machine-macos-windows-executor
     docker:
-      - image: registry.hub.docker.com/secretflow/ubuntu-base-ci:0.4
+      - image: registry.hub.docker.com/secretflow/ubuntu-base-ci:latest
     resource_class: large
     # Add steps to the job
     # See: https://circleci.com/docs/2.0/configuration-reference/#steps

secretflowapis/v2/sdc/ual.proto

@@ -19,25 +19,27 @@ package secretflowapis.v2.sdc;
 
 /// UnifiedAttestationAttributes collect all attributes information
 /// of trusted application from UnifiedAttestationReport format report.
-/// All attributes is optional when used in UnifiedAttestationPolicy.
-/// The TEE implement decides which attribute is used in repport and policy.
+/// All attributes are optional when used in UnifiedAttestationPolicy.
+/// The TEE implement decides which attribute is used in the report and policy.
 message UnifiedAttestationAttributes {
-  // The TEE platform, in case some verifier need to verify this.
+  // The TEE platform, in case some verifier needs to verify this.
   string str_tee_platform = 1 [ json_name = "str_tee_platform" ];
-  // The TEE platform hardware related identity or version
+  // The TEE platform hardware-related identity or version
   string hex_platform_hw_version = 2 [ json_name = "hex_platform_hw_version" ];
-  // The TEE platform TCB software related version
+  // The TEE platform TCB software-related version
   string hex_platform_sw_version = 3 [ json_name = "hex_platform_sw_version" ];
-  // The TEE platform security related attribte or flags
+  // The TEE platform security-related attributes or flags
   string hex_secure_flags = 4 [ json_name = "hex_secure_flags" ];
-  // The measurement of TEE implement internal stuffs
+  // The measurement of TEE implement internal stuff
   string hex_platform_measurement = 5
       [ json_name = "hex_platform_measurement" ];
-  // The measurement of TEE instance boot time stuffs
+  // The measurement of TEE instance boot time stuff
   string hex_boot_measurement = 6 [ json_name = "hex_boot_measurement" ];
-  // The TEE instance or trust application identity when generate the reprot
+  // The name of this tee instance
+  string str_tee_name = 8 [ json_name = "str_tee_name" ];
+  // The TEE instance or trust application identity when generating the report
   string str_tee_identity = 9 [ json_name = "str_tee_identity" ];
-  // The static measurement of trust application when load the code
+  // The static measurement of trust application when loading the code
   string hex_ta_measurement = 10 [ json_name = "hex_ta_measurement" ];
   // The dynamical measurement of trust application code,
   // for example, the real-time measurement of code in secure memory
@@ -49,60 +51,84 @@ message UnifiedAttestationAttributes {
   string hex_prod_id = 13 [ json_name = "hex_prod_id" ];
   // The minimal ISV SVN of the TEE instance or trust application
   string str_min_isvsvn = 14 [ json_name = "str_min_isvsvn" ];
-  // The bool string "0" for debugable, "1" for not debugable
+  // The bool string "0" for debuggable, "1" for not debuggable
   string bool_debug_disabled = 15 [ json_name = "bool_debug_disabled" ];
-  // The user special data for generating attestation report
+  // The user data for generating the attestation report
   string hex_user_data = 20 [ json_name = "hex_user_data" ];
   // hex string hash or original pem public key
   string hex_hash_or_pem_pubkey = 21 [ json_name = "hex_hash_or_pem_pubkey" ];
-  // The idenpendent freshness value beside what in user data
+  // The independent freshness value besides what is in user data
   string hex_nonce = 22 [ json_name = "hex_nonce" ];
   // The service provider id, e.g. use in sgx1, 64 bytes hex string
   string hex_spid = 30 [ json_name = "hex_spid" ];
+  // The report verified time set by verifier if there is trust time
+  string str_verified_time = 40 [ json_name = "str_verified_time" ];
 }
 
-/// UnifiedAttestationPolicy is used when verify the attestation report.
+/// UnifiedAttestationPolicy is used when verifying the attestation report.
 /// Both main or nested submodule attester support multi-version of instances.
 message UnifiedAttestationPolicy {
   // Assume one public key is bound to one report, specify it here.
-  // We can also specify the public key or its hash in main or submodule
+  // We can also specify the public key or its hash in the main or submodule
   // UnifiedAttestationAttributes. Public key verification will happen
   // in both two places.
-  // NOTE: if there is submodule attester, we must specify the public key
-  // here to verify the signature of submode attestation result.
+  // NOTE: if there is a submodule attester, we must specify the public key
+  // here to verify the signature of the submodel attestation result.
   string pem_public_key = 1 [ json_name = "pem_public_key" ];
-  // For main attester
+  // For the main attester
   repeated UnifiedAttestationAttributes main_attributes = 2
       [ json_name = "main_attributes" ];
   // For submodule attesters
-  repeated UnifiedAttestationNestedPolicy nested_policies = 3
+  UnifiedAttestationNestedPolicies nested_policies = 3
       [ json_name = "nested_policies" ];
 }
 
-/// Match rulse for nested report verification
+/// Match rules for nested reports verification
+message UnifiedAttestationNestedPolicies {
+  // The group name and id are used for group attestation
+  string str_group_name = 1 [ json_name = "str_group_name" ];
+  string str_group_id = 2 [ json_name = "str_group_id" ];
+  repeated UnifiedAttestationNestedPolicy policies = 3
+      [ json_name = "policies" ];
+}
+
+/// Match rules for nested report verification
 message UnifiedAttestationNestedPolicy {
-  repeated UnifiedAttestationAttributes sub_attributes = 1
+  repeated UnifiedAttestationAttributes sub_attributes = 3
       [ json_name = "sub_attributes" ];
 }
 
 /// Special Parameters for different TEE platforms, keep consistent with kubetee
 /// attestation.proto
 message UnifiedAttestationReportParams {
-  // The identity string for report instance which is cached inside TEE.
+  // The identity string for the report instance which is cached inside TEE.
   // It's optional and usually used in Asynchronous processes.
   string str_report_identity = 1 [ json_name = "str_report_identity" ];
   // The user data in some TEE platforms, Max to 64 Bytes of HEX string.
   // Users need to convert binary value data to HEX string themselves.
   string hex_user_data = 2 [ json_name = "hex_user_data" ];
   // The JSON serialized string of UnifiedAttestationNestedReports
   string json_nested_reports = 3 [ json_name = "json_nested_reports" ];
+  // User specified public key instead of UAK to be put into report_data
+  string pem_public_key = 4 [ json_name = "pem_public_key" ];
   // Service Provider ID for SGX1 only
   string hex_spid = 10 [ json_name = "hex_spid" ];
 }
 
+message UnifiedAttestationGenerationParams {
+  // For which TEE instance to generate the unified attestation report
+  string tee_identity = 1 [ json_name = "tee_identity" ];
+  // which type of unified attestation report to be generated
+  string report_type = 2 [ json_name = "report_type" ];
+  // Provide freshness if necessary.
+  string report_hex_nonce = 3 [ json_name = "report_hex_nonce" ];
+  UnifiedAttestationReportParams report_params = 4
+      [ json_name = "report_params" ];
+}
+
 /// Unified Attestation Report, keep consistent with kubetee attestation.proto
 message UnifiedAttestationReport {
-  // For compatibility and udpate later, current is version "1.0"
+  // For compatibility and update later, the current version is "1.0"
   string str_report_version = 1 [ json_name = "str_report_version" ];
   // Valid type string: "BackgroundCheck"|"Passport"|"Uas"
   string str_report_type = 2 [ json_name = "str_report_type" ];
@@ -113,4 +139,77 @@ message UnifiedAttestationReport {
   string json_report = 4 [ json_name = "json_report" ];
   // The JSON serialized string of UnifiedAttestationNestedReports
   string json_nested_reports = 9 [ json_name = "json_nested_reports" ];
+}
+
+/// Unified attestation report with public key authentication
+message UnifiedAttestationAuthReport {
+  UnifiedAttestationReport report = 1 [ json_name = "report" ];
+  string pem_public_key = 2 [ json_name = "pem_public_key" ];
+}
+
+/// UnifiedAttestationReport::json_report for SGX2 DCAP
+/// Store the quote and PCCS verification collateral for SGX2 DCAP attestation
+message DcapReport {
+  // For BackgroundCheck type report: Only quote in the report
+  string b64_quote = 1 [ json_name = "b64_quote" ];
+  // For Passport type report: Quote and collateral in report
+  // The serialized JSON string of the SgxQlQveCollateral
+  string json_collateral = 2 [ json_name = "json_collateral" ];
+}
+
+/// SGX DCAP quote verification collateral
+/// Get this after generating the quote and adding it to the report
+/// In this way, the challenger will don't need to connect PCCS anymore.
+message SgxQlQveCollateral {
+  // uint32_t, version = 1. PCK Cert chain is in the Quote.
+  int64 version = 1 [ json_name = "version" ];
+  string pck_crl_issuer_chain = 2 [ json_name = "pck_crl_issuer_chain" ];
+  string root_ca_crl = 3 [ json_name = "root_ca_crl" ];
+  string pck_crl = 4 [ json_name = "pck_crl" ];
+  string tcb_info_issuer_chain = 5 [ json_name = "tcb_info_issuer_chain" ];
+  string tcb_info = 6 [ json_name = "tcb_info" ];
+  string qe_identity_issuer_chain = 7
+      [ json_name = "qe_identity_issuer_chain" ];
+  string qe_identity = 8 [ json_name = "qe_identity" ];
+  // <  0x00000000: SGX or 0x00000081: TDX
+  int64 tee_type = 20 [ json_name = "tee_type" ];
+}
+
+/// UnifiedAttestationReport::json_report for HyperEnclave
+/// Only a quote is required for HyperEnclave attestation
+message HyperEnclaveReport { string b64_quote = 1 [ json_name = "b64_quote" ]; }
+
+/// UnifiedAttestationReport::json_report for Huawei Kunpeng
+message KunpengReport {
+  string b64_quote = 1 [ json_name = "b64_quote" ];
+  int64 int64_version = 2 [ json_name = "int64_version" ];
+}
+
+/// UnifiedAttestationReport::json_report for Hygon CSV
+message HygonCsvReport {
+  // For BackgroundCheck type report: Only quote in the report
+  string b64_quote = 1 [ json_name = "b64_quote" ];
+  // For Passport type report: Quote and collateral in report
+  // The serialized JSON string of the HygonCsvCertChain
+  string json_cert_chain = 2 [ json_name = "json_cert_chain" ];
+  // Save chip id to avoid to parse it from b64_quote when verify report
+  string str_chip_id = 3 [ json_name = "str_chip_id" ];
+}
+
+/// UnifiedAttestationReport::json_report for Intel TDX
+message IntelTdxReport {
+  string b64_quote = 1 [ json_name = "b64_quote" ];
+  // For Passport type report: Quote and collateral in report
+  // The serialized JSON string of the SgxQlQveCollateral
+  string json_collateral = 2 [ json_name = "json_collateral" ];
+}
+
+/// Hygon CSV report verification collateral about certificates
+/// Get this after generating the quote and adding it to the report
+/// In this way, the challenger will don't need to connect PCCS anymore.
+message HygonCsvCertChain {
+  // The Base64 string of hygon_root_cert_t
+  string b64_hsk_cert = 1 [ json_name = "b64_hsk_cert" ];
+  // The Base64 string of csv_cert_t
+  string b64_cek_cert = 2 [ json_name = "b64_cek_cert" ];
 }