COCOS-326 - Cocos vTPM support

.github/workflows/checkproto.yaml

@@ -33,8 +33,8 @@ jobs:
 
       - name: Set up protoc
         run: |
-          PROTOC_VERSION=29.0
-          PROTOC_GEN_VERSION=v1.36.0
+          PROTOC_VERSION=29.3
+          PROTOC_GEN_VERSION=v1.36.4
           PROTOC_GRPC_VERSION=v1.5.1
 
           # Download and install protoc
@@ -55,7 +55,7 @@ jobs:
       - name: Set up Cocos-AI
         run: |
           # Rename .pb.go files to .pb.go.tmp to prevent conflicts
-          for p in $(ls pkg/manager/*.pb.go); do
+          for p in $(ls manager/*.pb.go); do
             mv $p $p.tmp
           done
 
@@ -67,7 +67,7 @@ jobs:
           make protoc
 
           # Compare generated Go files with the original ones
-          for p in $(ls pkg/manager/*.pb.go); do
+          for p in $(ls manager/*.pb.go); do
             if ! cmp -s $p $p.tmp; then
               echo "Proto file and generated Go file $p are out of sync!"
               exit 1

agent/agent.proto

@@ -36,7 +36,9 @@ message ResultResponse {
 }
 
 message AttestationRequest {
-  bytes report_data = 1; // Should be of length 64.
+  bytes teeNonce = 1; // Should be less or equal 64 bytes.
+  bytes vtpmNonce = 2; // Should be less or equal 32 bytes.
+  int32 type = 3;
 }
 
 message AttestationResponse {

agent/api/grpc/endpoint.go

@@ -70,7 +70,7 @@ func attestationEndpoint(svc agent.Service) endpoint.Endpoint {
 		if err := req.validate(); err != nil {
 			return attestationRes{}, err
 		}
-		file, err := svc.Attestation(ctx, req.ReportData)
+		file, err := svc.Attestation(ctx, req.TeeNonce, req.VtpmNonce, req.AttType)
 		if err != nil {
 			return attestationRes{}, err
 		}

agent/api/grpc/endpoint_test.go

@@ -141,21 +141,21 @@ func TestAttestationEndpoint(t *testing.T) {
 	}{
 		{
 			name: "Success",
-			req:  attestationReq{ReportData: sha3.Sum512([]byte("report data"))},
+			req:  attestationReq{TeeNonce: sha3.Sum512([]byte("report data")), VtpmNonce: sha3.Sum256([]byte("vtpm nonce")), AttType: 0},
 		},
 		{
 			name:        "Service Error",
-			req:         attestationReq{ReportData: sha3.Sum512([]byte("report data"))},
+			req:         attestationReq{TeeNonce: sha3.Sum512([]byte("report data")), VtpmNonce: sha3.Sum256([]byte("vtpm nonce")), AttType: 0},
 			expectedErr: true,
 		},
 	}
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			if tt.name == svcErr {
-				svc.On("Attestation", context.Background(), tt.req.ReportData).Return([]byte{}, errors.New("")).Once()
+				svc.On("Attestation", context.Background(), tt.req.TeeNonce, tt.req.VtpmNonce, tt.req.AttType).Return([]byte{}, errors.New("")).Once()
 			} else {
-				svc.On("Attestation", context.Background(), tt.req.ReportData).Return([]byte{}, nil).Once()
+				svc.On("Attestation", context.Background(), tt.req.TeeNonce, tt.req.VtpmNonce, tt.req.AttType).Return([]byte{}, nil).Once()
 			}
 			endpoint := attestationEndpoint(svc)
 			res, err := endpoint(context.Background(), tt.req)

agent/api/grpc/requests.go

@@ -38,7 +38,9 @@ func (req resultReq) validate() error {
 }
 
 type attestationReq struct {
-	ReportData [64]byte
+	TeeNonce  [64]byte
+	VtpmNonce [32]byte
+	AttType   int32
 }
 
 func (req attestationReq) validate() error {

agent/api/grpc/server.go

@@ -11,6 +11,7 @@ import (
 
 	"github.com/go-kit/kit/transport/grpc"
 	"github.com/ultravioletrs/cocos/agent"
+	"github.com/ultravioletrs/cocos/pkg/attestation/vtpm"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/status"
@@ -96,10 +97,20 @@ func encodeResultResponse(_ context.Context, response interface{}) (interface{},
 
 func decodeAttestationRequest(_ context.Context, grpcReq interface{}) (interface{}, error) {
 	req := grpcReq.(*agent.AttestationRequest)
-	if len(req.ReportData) != agent.ReportDataSize {
-		return nil, errors.New("malformed report data, expect 64 bytes")
+	var reportData [agent.Nonce]byte
+	var nonce [vtpm.Nonce]byte
+
+	if len(req.TeeNonce) > agent.Nonce {
+		return nil, errors.New("malformed report data, expect less or equal to 64 bytes")
+	}
+
+	if len(req.VtpmNonce) > vtpm.Nonce {
+		return nil, errors.New("malformed vTPM nonce, expect less or equal to 32 bytes")
 	}
-	return attestationReq{ReportData: [agent.ReportDataSize]byte(req.ReportData)}, nil
+
+	copy(reportData[:], req.TeeNonce)
+	copy(nonce[:], req.VtpmNonce)
+	return attestationReq{TeeNonce: reportData, VtpmNonce: nonce, AttType: req.Type}, nil
 }
 
 func encodeAttestationResponse(_ context.Context, response interface{}) (interface{}, error) {

agent/api/grpc/server_test.go

@@ -11,6 +11,7 @@ import (
 	"github.com/stretchr/testify/mock"
 	"github.com/ultravioletrs/cocos/agent"
 	"github.com/ultravioletrs/cocos/agent/mocks"
+	"github.com/ultravioletrs/cocos/pkg/attestation/vtpm"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/metadata"
 )
@@ -151,10 +152,12 @@ func TestAttestation(t *testing.T) {
 	mockStream := &MockAgentService_AttestationServer{ctx: context.Background()}
 	mockStream.On("Send", mock.AnythingOfType("*agent.AttestationResponse")).Return(nil)
 
-	reportData := [agent.ReportDataSize]byte{}
-	mockService.On("Attestation", mock.Anything, reportData).Return([]byte("attestation data"), nil)
+	reportData := [agent.Nonce]byte{}
+	vtpmNonce := [vtpm.Nonce]byte{}
+	attestationType := 0
+	mockService.On("Attestation", mock.Anything, reportData, vtpmNonce, int32(attestationType)).Return([]byte("attestation data"), nil)
 
-	err := server.Attestation(&agent.AttestationRequest{ReportData: reportData[:]}, mockStream)
+	err := server.Attestation(&agent.AttestationRequest{TeeNonce: reportData[:]}, mockStream)
 	assert.NoError(t, err)
 
 	mockService.AssertExpectations(t)
@@ -199,11 +202,11 @@ func TestEncodeResultResponse(t *testing.T) {
 }
 
 func TestDecodeAttestationRequest(t *testing.T) {
-	reportData := [agent.ReportDataSize]byte{}
-	req := &agent.AttestationRequest{ReportData: reportData[:]}
+	nonce := [agent.Nonce]byte{}
+	req := &agent.AttestationRequest{TeeNonce: nonce[:]}
 	decoded, err := decodeAttestationRequest(context.Background(), req)
 	assert.NoError(t, err)
-	assert.Equal(t, attestationReq{ReportData: reportData}, decoded)
+	assert.Equal(t, attestationReq{TeeNonce: nonce}, decoded)
 }
 
 func TestEncodeAttestationResponse(t *testing.T) {

agent/api/logging.go

@@ -13,6 +13,7 @@ import (
 	"time"
 
 	"github.com/ultravioletrs/cocos/agent"
+	"github.com/ultravioletrs/cocos/pkg/attestation/vtpm"
 )
 
 var _ agent.Service = (*loggingMiddleware)(nil)
@@ -103,7 +104,7 @@ func (lm *loggingMiddleware) Result(ctx context.Context) (response []byte, err e
 	return lm.svc.Result(ctx)
 }
 
-func (lm *loggingMiddleware) Attestation(ctx context.Context, reportData [agent.ReportDataSize]byte) (response []byte, err error) {
+func (lm *loggingMiddleware) Attestation(ctx context.Context, reportData [agent.Nonce]byte, nonce [vtpm.Nonce]byte, attType int32) (response []byte, err error) {
 	defer func(begin time.Time) {
 		message := fmt.Sprintf("Method Attestation took %s to complete", time.Since(begin))
 		if err != nil {
@@ -113,5 +114,5 @@ func (lm *loggingMiddleware) Attestation(ctx context.Context, reportData [agent.
 		lm.logger.Info(fmt.Sprintf("%s without errors", message))
 	}(time.Now())
 
-	return lm.svc.Attestation(ctx, reportData)
+	return lm.svc.Attestation(ctx, reportData, nonce, attType)
 }

agent/api/metrics.go

@@ -12,6 +12,7 @@ import (
 
 	"github.com/go-kit/kit/metrics"
 	"github.com/ultravioletrs/cocos/agent"
+	"github.com/ultravioletrs/cocos/pkg/attestation/vtpm"
 )
 
 var _ agent.Service = (*metricsMiddleware)(nil)
@@ -89,11 +90,11 @@ func (ms *metricsMiddleware) Result(ctx context.Context) ([]byte, error) {
 	return ms.svc.Result(ctx)
 }
 
-func (ms *metricsMiddleware) Attestation(ctx context.Context, reportData [agent.ReportDataSize]byte) ([]byte, error) {
+func (ms *metricsMiddleware) Attestation(ctx context.Context, reportData [agent.Nonce]byte, nonce [vtpm.Nonce]byte, attType int32) ([]byte, error) {
 	defer func(begin time.Time) {
 		ms.counter.With("method", "attestation").Add(1)
 		ms.latency.With("method", "attestation").Observe(time.Since(begin).Seconds())
 	}(time.Now())
 
-	return ms.svc.Attestation(ctx, reportData)
+	return ms.svc.Attestation(ctx, reportData, nonce, attType)
 }

agent/cvms/server/cvm.go

@@ -71,7 +71,7 @@ func (as *agentServer) Start(cfg agent.AgentConfig, cmp agent.Computation) error
 		return err
 	}
 
-	qp, err := quoteprovider.GetQuoteProvider()
+	qp, err := quoteprovider.GetLeveledQuoteProvider()
 	if err != nil {
 		as.logger.Error(fmt.Sprintf("failed to create quote provider %s", err.Error()))
 		return err