diff --git a/Doc/2023-10-CCC-Proposal-TechTalk.pdf b/Doc/2023-10-CCC-Proposal-TechTalk.pdf new file mode 100644 index 000000000..32292e2d9 Binary files /dev/null and b/Doc/2023-10-CCC-Proposal-TechTalk.pdf differ diff --git a/Doc/2023-10-CCC-Proposal-TechTalk.pptx b/Doc/2023-10-CCC-Proposal-TechTalk.pptx new file mode 100644 index 000000000..6801d1d16 Binary files /dev/null and b/Doc/2023-10-CCC-Proposal-TechTalk.pptx differ diff --git a/Doc/Suggested_features.md b/Doc/Suggested_features.md index 8096c6b39..abdce61b1 100644 --- a/Doc/Suggested_features.md +++ b/Doc/Suggested_features.md @@ -1,10 +1,10 @@ # Enhancements and Feature Requests 1. Finish Nvidia support - 2. Finish Python interface providing way to get keys and certs from store and using them in secure_channel + 2. Finish Python interface providing way to get keys and certs from store and using them in secure_channel -- almost done 3. thread safety for policy store (easy) 4. Clean up leaks in channel - 5. Implement platform features using Ye's interface for Gramine apps + 5. Implement platform features using Ye's interface for Gramine apps --- Done 6. Integration with Confidential Containers from IBM et al 7. Update Docs 8. Perf tests, Fuzz testing, valgrind for memory leaks diff --git a/certifier_service/certlib/cert1_test.go b/certifier_service/certlib/cert1_test.go index 71109dac5..fca8a2189 100644 --- a/certifier_service/certlib/cert1_test.go +++ b/certifier_service/certlib/cert1_test.go @@ -2027,3 +2027,270 @@ func TestEncapsulatedData(t *testing.T) { } fmt.Printf("Out: %s\n", string(out)) } + +/* + Comment back in when CI scripts are updated + +func TestSgxProperties(t *testing.T) { + + attestation, err := os.ReadFile("test_data/gramine-attestation.bin") + if err != nil { + fmt.Printf("Failed to read attestation file: %s\n", err.Error()) + } + + fmt.Printf("\nAttestation:\n") + PrintBytes(attestation) + fmt.Printf("\n\n") + + qeSvn, pceSvn, cpuSvn, debug, mode64bit := GetPlatformAttributesFromGramineAttest(attestation) + fmt.Printf("cpuSvn: ") + PrintBytes(cpuSvn) + fmt.Printf("\n") + + platName := "sgx" + cpuSvnName := "cpusvn" + qeName := "quoting-enclave-sv" + peName := "provisioning-enclave-sv" + deName := "debug" + x64Name := "X64" + + deVal := "no" + if debug { + deVal = "yes" + } + + x64Val := "no" + if mode64bit { + x64Val = "yes" + } + + props := &certprotos.Properties{} + + // Debug property + p0 := MakeProperty(deName, "string", &deVal, nil, nil) + props.Props = append(props.Props, p0) + + // 64 bit property + p1 := MakeProperty(x64Name, "string", &x64Val, nil, nil) + props.Props = append(props.Props, p1) + + ce := "=" + + // qe property + qeVal := uint64(qeSvn) + p2 := MakeProperty(qeName, "int", nil, &ce, &qeVal) + props.Props = append(props.Props, p2) + + // pe property + peVal := uint64(pceSvn) + p3 := MakeProperty(peName, "int", nil, &ce, &peVal) + props.Props = append(props.Props, p3) + + // svn property + svnVal := BytesToUint64(cpuSvn) + p4 := MakeProperty(cpuSvnName, "int", nil, &ce, &svnVal) + props.Props = append(props.Props, p4) + + var k *certprotos.KeyMessage = nil + + fmt.Printf("\n") + fmt.Printf("svnVal: %x\n\n", svnVal) + pl := MakePlatform(platName, k, props) + PrintPlatform(pl) + + fmt.Printf("\nAttestation (%d): ", len(attestation)) + PrintBytes(attestation) + fmt.Printf("\n") + + measurement := attestation[112:144] + if measurement == nil { + t.Errorf("Empty measurement\n") + } + fmt.Printf("\nMeasurement (%d):\n", len(measurement)) + PrintBytes(measurement) + fmt.Printf("\n") + + reportData := attestation[368:432] + fmt.Printf("\nReport data (%d):\n", len(reportData)) + PrintBytes(reportData) + fmt.Printf("\n") + + e := MakeEnvironment(pl, measurement) + if e == nil { + fmt.Printf("Can't make environment\n") + } else { + PrintEnvironment(e) + } + fmt.Printf("\n") + + pe := MakePlatformEntity(pl) + ee := MakeEnvironmentEntity(e) + fmt.Printf("\n") + PrintEntity(pe) + PrintEntity(ee) + fmt.Printf("\n") + if !SameProperty(p1, p1) { + t.Errorf("Properties should match\n") + } + if SameProperty(p1, p2) { + t.Errorf("Properties shouldn't match\n") + } + if !SameEnvironment(e, e) { + t.Errorf("Environments should match\n") + } + + verbie := "is-environment" + cl := MakeUnaryVseClause(ee, &verbie) + fmt.Printf("\n") + PrintVseClause(cl) + fmt.Printf("\n") + + // evidence will include: + // attest-key says environment(platform, measurement) is-environment + serializedKey, err := os.ReadFile("test_data/attest_key_file.bin") + if err != nil { + t.Errorf("Failed to read attest key file\n") + } + enclaveKey := certprotos.KeyMessage{} + err = proto.Unmarshal(serializedKey, &enclaveKey) + if err != nil { + t.Errorf("Failed to deserialize attest key file\n") + } + + sfc := ConstructGramineSpeaksForClaim(&enclaveKey, ee) + if sfc == nil { + t.Errorf("Can't construct speaks-for claim\n") + } + ec := ConstructGramineIsEnvironmentClaim(measurement, attestation) + if ec == nil { + t.Errorf("Can't construct is environment claim\n") + } + + fmt.Printf("\n") + fmt.Printf("\nEnvironment claim: ") + PrintVseClause(ec) + fmt.Printf("\n") + fmt.Printf("\nSpeaks for claim: ") + PrintVseClause(sfc) + fmt.Printf("\n") +} + +func TestSgxProofs(t *testing.T) { + fmt.Printf("\n") + fmt.Printf("\n") + fmt.Printf("TestSgxProofs\n") + fmt.Printf("\n") + + attestation, err := os.ReadFile("test_data/gramine-attestation.bin") + if err != nil { + t.Errorf("Failed to read attestation file\n") + } + + serializedPolicyKey, err := os.ReadFile("test_data/policy_key_file.bin") + if err != nil { + t.Errorf("Failed to read policy key file\n") + } + policyPrivateKey := certprotos.KeyMessage{} + err = proto.Unmarshal(serializedPolicyKey, &policyPrivateKey) + if err != nil { + t.Errorf("Failed to deserialize policy key file\n") + } + + serializedEnclaveKey, err := os.ReadFile("test_data/attest_key_file.bin") + if err != nil { + t.Errorf("Failed to read enclave key file\n") + } + enclavePrivateKey := certprotos.KeyMessage{} + err = proto.Unmarshal(serializedEnclaveKey, &enclavePrivateKey) + if err != nil { + t.Errorf("Failed to deserialize enclave key file\n") + } + + policyKey := InternalPublicFromPrivateKey(&policyPrivateKey) + if policyKey == nil { + t.Errorf("Failed to convert policy key\n") + } + enclaveKey := InternalPublicFromPrivateKey(&enclavePrivateKey) + if enclaveKey == nil { + t.Errorf("Failed to convert enclave key\n") + } + + // Evidence should be + // 0. Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] is-trusted + // 1. Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] says + // Key[rsa, platformKey, cdc8112d97fce6767143811f0ed5fb6c21aee424] is-trusted-for-attestation + // 2. Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] says + // Measurement[0001020304050607...] is-trusted + // 3. Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] says + // platform has-trusted-platform-property + // 4. environment(platform, measurement) is-environment + // 5. enclaveKey speaks-for Measurement[00010203...] + + pke := MakeKeyEntity(policyKey) + if pke == nil { + t.Errorf("Failed to make policy key entity\n") + } + eke := MakeKeyEntity(enclaveKey) + if eke == nil { + t.Errorf("Failed to make enclave key entity\n") + } + m := []byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32} + me := MakeMeasurementEntity(m) + if me == nil { + t.Errorf("Failed to make measurement entity\n") + } + + p := GetPlatformFromGramineAttest(attestation) + pe := MakePlatformEntity(p) + env := MakeEnvironment(p, m) + enve := MakeEnvironmentEntity(env) + + verbIsTrusted := "is-trusted" + verbIsTrustedForAttestation := "is-trusted-for-attestation" + verbSays := "says" + verbSpeaksFor := "speaks-for" + verbIsEnvironment := "is-environment" + verbTrustedProperty := "has-trusted-platform-property" + + policyKeyIsTrusted := MakeUnaryVseClause(pke, &verbIsTrusted) + keyIsTrustedForAttestation := MakeUnaryVseClause(eke, &verbIsTrustedForAttestation) + policyKeySaysPlatformKeyIsTrustedForAttestation := MakeIndirectVseClause(pke, &verbSays, keyIsTrustedForAttestation) + measurementIsTrusted := MakeUnaryVseClause(me, &verbIsTrusted) + policyKeySaysMeasurementIsTrusted := MakeIndirectVseClause(pke, &verbSays, measurementIsTrusted) + platformIsTrusted := MakeUnaryVseClause(pe, &verbTrustedProperty) + policyKeySaysPlatformIsTrusted := MakeIndirectVseClause(pke, &verbSays, platformIsTrusted) + environmentIsEnvironment := MakeUnaryVseClause(enve, &verbIsEnvironment) + enclaveKeySpeaksForEnvironment := MakeSimpleVseClause(eke, &verbSpeaksFor, enve) + + alreadyProved := certprotos.ProvedStatements{} + + alreadyProved.Proved = append(alreadyProved.Proved, policyKeyIsTrusted) + alreadyProved.Proved = append(alreadyProved.Proved, policyKeySaysPlatformKeyIsTrustedForAttestation) + alreadyProved.Proved = append(alreadyProved.Proved, policyKeySaysMeasurementIsTrusted) + alreadyProved.Proved = append(alreadyProved.Proved, policyKeySaysPlatformIsTrusted) + alreadyProved.Proved = append(alreadyProved.Proved, policyKeySaysPlatformKeyIsTrustedForAttestation) + alreadyProved.Proved = append(alreadyProved.Proved, environmentIsEnvironment) + alreadyProved.Proved = append(alreadyProved.Proved, enclaveKeySpeaksForEnvironment) + + fmt.Printf("\n") + purpose := "authentication" + toProve, proof := ConstructProofFromExtendedGramineEvidence(policyKey, purpose, &alreadyProved) + if toProve == nil || proof == nil { + t.Errorf("Failed to ConstructProof\n") + } + + fmt.Printf("\n") + fmt.Printf("toProve: ") + PrintVseClause(toProve) + fmt.Printf("\n") + + fmt.Printf("\n") + PrintProof(proof) + + if VerifyProof(policyKey, toProve, proof, &alreadyProved) { + fmt.Printf("Proof succeeded\n") + } else { + fmt.Printf("Proof failed\n") + } +} +*/ diff --git a/certifier_service/certlib/certlib_proofs.go b/certifier_service/certlib/certlib_proofs.go index 7acfceaa6..8bd9ee524 100644 --- a/certifier_service/certlib/certlib_proofs.go +++ b/certifier_service/certlib/certlib_proofs.go @@ -34,6 +34,8 @@ import ( "google.golang.org/protobuf/proto" ) +var extendedGramine bool = false + func InitAxiom(pk certprotos.KeyMessage, ps *certprotos.ProvedStatements) bool { // add pk is-trusted to proved statenments ke := MakeKeyEntity(&pk) @@ -324,43 +326,43 @@ func GetRelevantPlatformKeyPolicy(pool *PolicyPool, evType string, return nil } -func getVseMeasurementFromAttestation(evBuf []byte) []byte { +func GetVseMeasurementFromAttestation(evBuf []byte) []byte { sr := certprotos.SignedReport{} err := proto.Unmarshal(evBuf, &sr) if err != nil { - fmt.Printf("getVseMeasurementFromAttestation: Can't unmarshal signed report\n") + fmt.Printf("GetVseMeasurementFromAttestation: Can't unmarshal signed report\n") return nil } info := certprotos.VseAttestationReportInfo{} err = proto.Unmarshal(sr.GetReport(), &info) if err != nil { - fmt.Printf("getVseMeasurementFromAttestation: Can't unmarshal info\n") + fmt.Printf("GetVseMeasurementFromAttestation: Can't unmarshal info\n") return nil } return info.VerifiedMeasurement } -func getSevMeasurementFromAttestation(evBuf []byte) []byte { +func GetSevMeasurementFromAttestation(evBuf []byte) []byte { var am certprotos.SevAttestationMessage err := proto.Unmarshal(evBuf, &am) if err != nil { - fmt.Printf("getSevMeasurementFromAttestation: Can't unmarshal SevAttestationMessage\n") + fmt.Printf("GetSevMeasurementFromAttestation: Can't unmarshal SevAttestationMessage\n") return nil } return GetMeasurementFromSevAttest(am.ReportedAttestation) } -func getGramineMeasurementFromAttestation(evBuf []byte) []byte { +func GetGramineMeasurementFromAttestation(evBuf []byte) []byte { succeeded, _, m, err := VerifyGramineAttestation(evBuf) if !succeeded || err != nil { - fmt.Printf("getGramineMeasurementFromAttestation: Can't verify gramine evidence\n") + fmt.Printf("GetGramineMeasurementFromAttestation: Can't verify gramine evidence\n") return nil } return m } -func getOeMeasurementFromAttestation(prevEvidence *certprotos.Evidence, +func GetOeMeasurementFromAttestation(prevEvidence *certprotos.Evidence, curEvidence *certprotos.Evidence) []byte { var serializedUD, m []byte var err error @@ -376,27 +378,27 @@ func getOeMeasurementFromAttestation(prevEvidence *certprotos.Evidence, return m } -func getKeystoneMeasurementFromAttestation(evBuf []byte) []byte { +func GetKeystoneMeasurementFromAttestation(evBuf []byte) []byte { var am certprotos.KeystoneAttestationMessage err := proto.Unmarshal(evBuf, &am) if err != nil { - fmt.Printf("getKeystoneMeasurementFromAttestation: Can't unmarshal KeystoneAttestationMessage\n") + fmt.Printf("GetKeystoneMeasurementFromAttestation: Can't unmarshal KeystoneAttestationMessage\n") return nil } ptr := am.ReportedAttestation return ptr[0:32] } -func getIsletMeasurementFromAttestation(evBuf []byte) []byte { +func GetIsletMeasurementFromAttestation(evBuf []byte) []byte { var am certprotos.IsletAttestationMessage err := proto.Unmarshal(evBuf, &am) if err != nil { - fmt.Printf("getIsletMeasurementFromAttestation: Can't unmarshal IsletAttestationMessage\n") + fmt.Printf("GetIsletMeasurementFromAttestation: Can't unmarshal IsletAttestationMessage\n") return nil } m, err := isletverify.IsletVerify(am.WhatWasSaid, am.ReportedAttestation) if err != nil { - fmt.Printf("getIsletMeasurementFromAttestation: IsletVerify() failed\n") + fmt.Printf("GetIsletMeasurementFromAttestation: IsletVerify() failed\n") return nil } return m @@ -427,25 +429,25 @@ func GetRelevantMeasurementPolicy(pool *PolicyPool, evType string, } else if ev.GetEvidenceType() == "cert" { continue } else if ev.GetEvidenceType() == "signed-vse-attestation-report" { - measurement = getVseMeasurementFromAttestation(ev.SerializedEvidence) + measurement = GetVseMeasurementFromAttestation(ev.SerializedEvidence) break } else if ev.GetEvidenceType() == "sev-attestation" { - measurement = getSevMeasurementFromAttestation(ev.SerializedEvidence) + measurement = GetSevMeasurementFromAttestation(ev.SerializedEvidence) break } else if ev.GetEvidenceType() == "islet-attestation" { - measurement = getIsletMeasurementFromAttestation(ev.SerializedEvidence) + measurement = GetIsletMeasurementFromAttestation(ev.SerializedEvidence) break } else if ev.GetEvidenceType() == "keystone-attestation" { - measurement = getKeystoneMeasurementFromAttestation(ev.SerializedEvidence) + measurement = GetKeystoneMeasurementFromAttestation(ev.SerializedEvidence) break } else if ev.GetEvidenceType() == "gramine-attestation" { - measurement = getGramineMeasurementFromAttestation(ev.SerializedEvidence) + measurement = GetGramineMeasurementFromAttestation(ev.SerializedEvidence) break } else if ev.GetEvidenceType() == "oe-attestation-report" { if i < 1 || ev_list[i-1].GetEvidenceType() != "pem-cert-chain" { - measurement = getOeMeasurementFromAttestation(nil, ev_list[i]) + measurement = GetOeMeasurementFromAttestation(nil, ev_list[i]) } else { - measurement = getOeMeasurementFromAttestation(ev_list[i-1], ev_list[i]) + measurement = GetOeMeasurementFromAttestation(ev_list[i-1], ev_list[i]) } break } else { @@ -496,19 +498,31 @@ func GetRelevantPlatformFeaturePolicy(pool *PolicyPool, evType string, if ev == nil { continue } - if ev.GetEvidenceType() != "sev-attestation" { - continue - } - var am certprotos.SevAttestationMessage - err := proto.Unmarshal(ev.SerializedEvidence, &am) - if err != nil { - fmt.Printf("GetRelevantPlatformFeaturePolicy: Can't unmarshal SevAttestationMessage\n") - return nil + if ev.GetEvidenceType() == "sev-attestation" { + var am certprotos.SevAttestationMessage + err := proto.Unmarshal(ev.SerializedEvidence, &am) + if err != nil { + fmt.Printf("GetRelevantPlatformFeaturePolicy: Can't unmarshal SevAttestationMessage\n") + return nil + } + plat := GetPlatformFromSevAttest(am.ReportedAttestation) + if plat != nil { + platform = MakePlatformEntity(plat) + break + } } - plat := GetPlatformFromSevAttest(am.ReportedAttestation) - if plat != nil { - platform = MakePlatformEntity(plat) - break + if ev.GetEvidenceType() == "gramine-attestation" { + var am certprotos.GramineAttestationMessage + err := proto.Unmarshal(ev.SerializedEvidence, &am) + if err != nil { + fmt.Printf("GetRelevantPlatformFeaturePolicy: Can't unmarshal GramineAttestationMessage\n") + return nil + } + plat := GetPlatformFromGramineAttest(am.ReportedAttestation) + if plat != nil { + platform = MakePlatformEntity(plat) + break + } } } if platform == nil { @@ -767,12 +781,28 @@ func InitProvedStatements(pk certprotos.KeyMessage, evidenceList []*certprotos.E fmt.Printf("InitProvedStatements: Can't unmarshal user data\n") return false } - cl := ConstructGramineClaim(ud.EnclaveKey, m) - if cl == nil { - fmt.Printf("InitProvedStatements: ConstructGramineClaim failed\n") - return false + + if extendedGramine { + ec := ConstructGramineIsEnvironmentClaim(m, ev.SerializedEvidence) + if ec == nil { + fmt.Printf("InitProvedStatements: ConstructGramineIsEnvironmentClaim failed\n") + return false + } + ps.Proved = append(ps.Proved, ec) + sfc := ConstructGramineSpeaksForClaim(ud.EnclaveKey, ec.Subject) + if sfc == nil { + fmt.Printf("InitProvedStatements: ConstructGramineSpeaksForClaim failed\n") + return false + } + ps.Proved = append(ps.Proved, sfc) + } else { + cl := ConstructGramineClaim(ud.EnclaveKey, m) + if cl == nil { + fmt.Printf("InitProvedStatements: ConstructGramineClaim failed\n") + return false + } + ps.Proved = append(ps.Proved, cl) } - ps.Proved = append(ps.Proved, cl) } else if ev.GetEvidenceType() == "oe-attestation-report" { // call oeVerify here and construct the statement: // enclave-key speaks-for measurement @@ -1447,8 +1477,7 @@ func ConstructKeystoneSpeaksForMeasurementStatement(attestKey *certprotos.KeyMes } /* -struct sgx_quote_t -{ +struct sgx_quote_t { uint16_t version; // 0x000 uint16_t sign_type; // 0x002 sgx_epid_group_id_t epid_group_id; // 0x004 @@ -1476,6 +1505,16 @@ struct sgx_quote_t uint8_t signature[]; // 0x1B4 }; */ + +// The returned quantities are sort of described in the Intel Architecure manual +// in chapter 38 but not in detail. They are: +// qesvm: The quoting enclave security version number (16 bits). +// pceSvn: The provisioning enclave security version number (16 bits). +// cpuSvn: The cpu security version number (128 bits) which consists of +// "small integers describing the version numbers of compnents". +// debug: Whether the enclave is debugable. +// mode64bit: Running as x64 (rather than i32). +// The last two come from the attributes field. func GetPlatformAttributesFromGramineAttest(binGramineAttest []byte) (uint16, uint16, []byte, bool, bool) { qeSvn := uint16(binGramineAttest[0x8]) pceSvn := uint16(binGramineAttest[0xA]) @@ -1526,6 +1565,57 @@ func GetTcbVersionFromSevAttest(binSevAttest []byte) uint64 { return tcb } +func GetPlatformFromGramineAttest(binAttest []byte) *certprotos.Platform { + + qeSvn, pceSvn, cpuSvn, debug, mode64bit := GetPlatformAttributesFromGramineAttest(binAttest) + + platName := "sgx" + cpuSvnName := "cpusvn" + qeName := "quoting-enclave-sv" + peName := "provisioning-enclave-sv" + deName := "debug" + x64Name := "X64" + + deVal := "no" + if debug { + deVal = "yes" + } + + x64Val := "no" + if mode64bit { + x64Val = "yes" + } + + props := &certprotos.Properties{} + + // Debug property + p0 := MakeProperty(deName, "string", &deVal, nil, nil) + props.Props = append(props.Props, p0) + + // 64 bit property + p1 := MakeProperty(x64Name, "string", &x64Val, nil, nil) + props.Props = append(props.Props, p1) + + ce := "=" + + // qe property + qeVal := uint64(qeSvn) + p2 := MakeProperty(qeName, "int", nil, &ce, &qeVal) + props.Props = append(props.Props, p2) + + // pe property + peVal := uint64(pceSvn) + p3 := MakeProperty(peName, "int", nil, &ce, &peVal) + props.Props = append(props.Props, p3) + + // svn property + svnVal := BytesToUint64(cpuSvn) + p4 := MakeProperty(cpuSvnName, "int", nil, &ce, &svnVal) + props.Props = append(props.Props, p4) + + return MakePlatform(platName, nil, props) +} + /* Policy byte: Bit 3: Guest can be activated on multiple sockets. @@ -2211,6 +2301,7 @@ func VerifyRule10(tree *PredicateDominance, c1 *certprotos.VseClause, c2 *certpr if c.GetVerb() != "is-trusted" { return false } + return SameEntity(c.Subject, c1.Subject) && SameEntity(c.Subject, c2.Subject) } @@ -3030,7 +3121,7 @@ func ValidateOeEvidence(pubPolicyKey *certprotos.KeyMessage, evp *certprotos.Evi fmt.Printf("\nValidateOeEvidence, after InitProved:\n") PrintProvedStatements(alreadyProved) - // ConstructProofFromSevPlatformEvidence() + // ConstructProofFromOePlatformEvidence() toProve, proof := ConstructProofFromOeEvidence(pubPolicyKey, purpose, alreadyProved) if toProve == nil || proof == nil { fmt.Printf("ValidateOeEvidence: Can't construct proof\n") @@ -3163,6 +3254,42 @@ func ValidateSevEvidence(pubPolicyKey *certprotos.KeyMessage, evp *certprotos.Ev return true, toProve, me.Clause.Subject.Measurement } +func ConstructGramineIsEnvironmentClaim(measurement []byte, attestation []byte) *certprotos.VseClause { + + pl := GetPlatformFromGramineAttest(attestation) + if pl == nil { + fmt.Printf("ConstructExtendedGramineClaim: Can't make platform\n") + return nil + } + + e := MakeEnvironment(pl, measurement) + if e == nil { + fmt.Printf("ConstructExtendedGramineClaim: Can't make environment\n") + return nil + } + + ee := MakeEnvironmentEntity(e) + if ee == nil { + fmt.Printf("ConstructExtendedGramineClaim: Can't make environment entity\n") + return nil + } + + verbie := "is-environment" + return MakeUnaryVseClause(ee, &verbie) +} + +func ConstructGramineSpeaksForClaim(enclaveKey *certprotos.KeyMessage, + env *certprotos.EntityMessage) *certprotos.VseClause { + + em := MakeKeyEntity(enclaveKey) + if em == nil { + fmt.Printf("ConstructGramineClaim: Can't make enclave entity\n") + return nil + } + speaks_for := "speaks-for" + return MakeSimpleVseClause(em, &speaks_for, env) +} + func ConstructGramineClaim(enclaveKey *certprotos.KeyMessage, measurement []byte) *certprotos.VseClause { @@ -3263,7 +3390,7 @@ func ConstructProofFromGramineEvidence(publicPolicyKey *certprotos.KeyMessage, p // Measurement[0001020304050607...] is-trusted // Key[rsa, PlatformKey, cdc8112d97fce6767143811f0ed5fb6c21aee424] says // Key[rsa, attestKey, cdc8112d97fce6767143811f0ed5fb6c21aee424] is-trusted-for-attestation - // Key[rsa, attestKey, b223d5da6674c6bde7feac29801e3b69bb286320] speaks-for Measurement[00010203...] + // Key[rsa, enclaveKey, b223d5da6674c6bde7feac29801e3b69bb286320] speaks-for Measurement[00010203...] // Debug fmt.Printf("ConstructProofFromGramineEvidence, %d statements\n", len(alreadyProved.Proved)) @@ -3414,6 +3541,336 @@ func ValidateGramineEvidence(pubPolicyKey *certprotos.KeyMessage, evp *certproto return true, toProve, me.Clause.Subject.Measurement } +// Filtered policy should be +// Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] is-trusted +// Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] says +// Key[rsa, platformKey, cdc8112d97fce6767143811f0ed5fb6c21aee424] is-trusted-for-attestation +// Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] says +// Measurement[0001020304050607...] is-trusted +// Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] says +// platform has-trusted-platform-property +// Filter out irrelevant platforms and measurements +func FilterExtendedGraminePolicy(policyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, + policyPool *PolicyPool) *certprotos.ProvedStatements { + + fmt.Printf("\nFilterExtendedGraminePolicy: Incoming evidence for Gramine\n") + PrintEvidencePackage(evp, true) + fmt.Printf("\nOriginal Platform Policy:\n") + for i := 0; i < len(policyPool.PlatformKeyPolicy.Proved); i++ { + cl := policyPool.PlatformKeyPolicy.Proved[i] + PrintVseClause(cl) + fmt.Printf("\n") + } + fmt.Printf("\n") + fmt.Printf("\nOriginal Measurement Policy:\n") + for i := 0; i < len(policyPool.MeasurementPolicy.Proved); i++ { + cl := policyPool.MeasurementPolicy.Proved[i] + PrintVseClause(cl) + fmt.Printf("\n") + } + fmt.Printf("\nOriginal Platform Policy:\n") + for i := 0; i < len(policyPool.PlatformFeaturePolicy.Proved); i++ { + cl := policyPool.PlatformFeaturePolicy.Proved[i] + PrintVseClause(cl) + fmt.Printf("\n") + } + fmt.Printf("\n\n") + + filtered := &certprotos.ProvedStatements{} + + // policyKey is-trusted + from := policyPool.AllPolicy.Proved[0] + to := proto.Clone(from).(*certprotos.VseClause) + filtered.Proved = append(filtered.Proved, to) + + // This should be passed in + evType := "gramine-evidence" + + // PlatformKey + from = GetRelevantPlatformKeyPolicy(policyPool, evType, evp) + if from == nil { + return nil + } + to = proto.Clone(from).(*certprotos.VseClause) + filtered.Proved = append(filtered.Proved, to) + + // Measurement + from = GetRelevantMeasurementPolicy(policyPool, evType, evp) + if from == nil { + return nil + } + to = proto.Clone(from).(*certprotos.VseClause) + filtered.Proved = append(filtered.Proved, to) + + // Platform + from = GetRelevantPlatformFeaturePolicy(policyPool, evType, evp) + if from == nil { + fmt.Printf("FilterExtendedGraminePolicy: Can't get relavent platform features\n") + return nil + } + to = proto.Clone(from).(*certprotos.VseClause) + filtered.Proved = append(filtered.Proved, to) + + return filtered +} + +/* +Incoming evidence: + 0. Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] is-trusted + 1. Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] says + Key[rsa, platformKey, cdc8112d97fce6767143811f0ed5fb6c21aee424] is-trusted-for-attestation + 2. Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] says + Measurement[0001020304050607...] is-trusted + 3. Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] says + platform has-trusted-platform-property + 4. Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] says + Key[rsa, platformKey, cdc8112d97fce6767143811f0ed5fb6c21aee424] is-trusted-for-attestation + 5. environment(platform, measurement) is-environment + 6. enclaveKey speaks-for Measurement[00010203...] + +Produced proof should be: + 0. Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] is-trusted AND + Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] + says Measurement[0001020304050607...] is-trusted --> + Measurement[0001020304050607...] is-trusted + 1. policy-key is-trusted AND policy-key says platform has-trusted-platform-property --> + platform has-trusted-platform-property (r3) + 2. environment(platform, measurement) is-environment AND + platform[amd-sev-snp, no-debug,...] has-trusted-platform-property --> + environment(platform, measurement) environment-platform-is-trusted [3, ] + 3. environment(platform, measurement) is-environment AND measurement is-trusted --> + environment(platform, measurement) environment-measurement-is-trusted + 4. environment(platform, measurement) environment-platform-is-trusted" AND + environment(platform, measurement) environment-measurement-is-trusted" --> + environment(platform, measurement) is-trusted + 5. environment is-trusted and enclaveKey speaks-for environment --> + enclaveKey is-trusted-for-authentication +*/ +func ConstructProofFromExtendedGramineEvidence(publicPolicyKey *certprotos.KeyMessage, purpose string, + alreadyProved *certprotos.ProvedStatements) (*certprotos.VseClause, *certprotos.Proof) { + + // Debug + fmt.Printf("ConstructProofFromExtendedGramineEvidence, %d statements\n", len(alreadyProved.Proved)) + for i := 0; i < len(alreadyProved.Proved); i++ { + PrintVseClause(alreadyProved.Proved[i]) + fmt.Printf("\n") + } + + if len(alreadyProved.Proved) < 7 { + fmt.Printf("ConstructProofFromGramineEvidence: too few statements\n") + return nil, nil + } + + policyKeyIsTrusted := alreadyProved.Proved[0] + policyKeySaysMeasurementIsTrusted := alreadyProved.Proved[2] + policyKeySaysPlatformHasTrustedProperty := alreadyProved.Proved[3] + environmentIsEnvironment := alreadyProved.Proved[5] + enclaveKeySpeaksForEnvironment := alreadyProved.Proved[6] + + if policyKeyIsTrusted == nil || enclaveKeySpeaksForEnvironment == nil || + policyKeySaysMeasurementIsTrusted == nil || policyKeySaysPlatformHasTrustedProperty == nil || + environmentIsEnvironment == nil { + fmt.Printf("ConstructProofFromGramineEvidence: evidence missing\n") + return nil, nil + } + + proof := &certprotos.Proof{} + r1 := int32(1) + r3 := int32(3) + r8 := int32(8) + r9 := int32(9) + r10 := int32(10) + r6 := int32(6) + + measurementIsTrusted := policyKeySaysMeasurementIsTrusted.Clause + if measurementIsTrusted == nil { + fmt.Printf("ConstructProofFromExtendedGramineEvidence: Can't get measurement\n") + return nil, nil + } + ps1 := certprotos.ProofStep{ + S1: policyKeyIsTrusted, + S2: policyKeySaysMeasurementIsTrusted, + Conclusion: measurementIsTrusted, + RuleApplied: &r3, + } + proof.Steps = append(proof.Steps, &ps1) + + // policy-key is-trusted AND policy-key says platform has-trusted-platform-property --> + // platform has-trusted-platform-property (r3) + platformHasTrustedProperty := policyKeySaysPlatformHasTrustedProperty.Clause + if platformHasTrustedProperty == nil { + fmt.Printf("ConstructProofFromExtendedGramineEvidence: no platform trusted properties rule \n") + return nil, nil + } + ps2 := certprotos.ProofStep{ + S1: policyKeyIsTrusted, + S2: policyKeySaysPlatformHasTrustedProperty, + Conclusion: platformHasTrustedProperty, + RuleApplied: &r3, + } + proof.Steps = append(proof.Steps, &ps2) + + // environment(platform, measurement) is-environment AND + // platform[amd-sev-snp, no-debug,...] has-trusted-platform-property --> + // environment(platform, measurement) environment-platform-is-trusted + + v0 := "environment-platform-is-trusted" + environmentPlatformIsTrusted := MakeUnaryVseClause(environmentIsEnvironment.Subject, &v0) + if environmentPlatformIsTrusted == nil { + fmt.Printf("ConstructProofFromExtendedGramineEvidence: Can't get environment platform is trusted\n") + return nil, nil + } + ps3 := certprotos.ProofStep{ + S1: environmentIsEnvironment, + S2: platformHasTrustedProperty, + Conclusion: environmentPlatformIsTrusted, + RuleApplied: &r8, + } + proof.Steps = append(proof.Steps, &ps3) + + // environment(platform, measurement) is-environment AND measurement is-trusted --> + // environment(platform, measurement) environment-measurement-is-trusted + v1 := "environment-measurement-is-trusted" + environmentMeasurementIsTrusted := MakeUnaryVseClause(environmentIsEnvironment.Subject, &v1) + if environmentMeasurementIsTrusted == nil { + fmt.Printf("ConstructProofFromExtendedGramineEvidence: Can't get environment measurement is trusted\n") + return nil, nil + } + ps4 := certprotos.ProofStep{ + S1: environmentIsEnvironment, + S2: measurementIsTrusted, + Conclusion: environmentMeasurementIsTrusted, + RuleApplied: &r9, + } + proof.Steps = append(proof.Steps, &ps4) + + // environment(platform, measurement) environment-platform-is-trusted" AND + // environment(platform, measurement) environment-measurement-is-trusted" --> + // environment(platform, measurement) is-trusted + v2 := "is-trusted" + environmentIsTrusted := MakeUnaryVseClause(environmentIsEnvironment.Subject, &v2) + if environmentIsTrusted == nil { + fmt.Printf("ConstructProofFromExtendedGramineEvidence: Can't create environment is trusted\n") + return nil, nil + } + ps5 := certprotos.ProofStep{ + S1: environmentMeasurementIsTrusted, + S2: environmentPlatformIsTrusted, + Conclusion: environmentIsTrusted, + RuleApplied: &r10, + } + proof.Steps = append(proof.Steps, &ps5) + + enclaveKey := enclaveKeySpeaksForEnvironment.Subject + if enclaveKey == nil || enclaveKey.GetEntityType() != "key" { + fmt.Printf("ConstructProofFromExtendedGramineEvidence: Bad enclave key\n") + return nil, nil + } + var toProve *certprotos.VseClause = nil + if purpose == "authentication" { + verb := "is-trusted-for-authentication" + toProve = MakeUnaryVseClause(enclaveKey, &verb) + if toProve == nil { + fmt.Printf("ConstructProofFromExtendedGramineEvidence: Can't create toProve\n") + return nil, nil + } + } else { + verb := "is-trusted-for-attestation" + toProve = MakeUnaryVseClause(enclaveKey, &verb) + if toProve == nil { + fmt.Printf("ConstructProofFromExtendedGramineEvidence: Can't create toProve\n") + return nil, nil + } + } + + // environment is-trusted and enclaveKey speaks-for measurement --> + // enclaveKey is-trusted-for-authentication (r1) or + // enclaveKey is-trusted-for-attestation (r6) + if purpose == "authentication" { + ps6 := certprotos.ProofStep{ + S1: environmentIsTrusted, + S2: enclaveKeySpeaksForEnvironment, + Conclusion: toProve, + RuleApplied: &r1, + } + proof.Steps = append(proof.Steps, &ps6) + } else { + ps6 := certprotos.ProofStep{ + S1: environmentIsTrusted, + S2: enclaveKeySpeaksForEnvironment, + Conclusion: toProve, + RuleApplied: &r6, + } + proof.Steps = append(proof.Steps, &ps6) + } + + return toProve, proof +} + +// returns success, toProve, measurement +func ValidateExtendedGramineEvidence(pubPolicyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, + policyPool *PolicyPool, purpose string) (bool, + *certprotos.VseClause, []byte) { + + // Debug + fmt.Printf("\nValidateExtendedGramineEvidence, Original policy:\n") + PrintProvedStatements(policyPool.AllPolicy) + + alreadyProved := FilterExtendedGraminePolicy(pubPolicyKey, evp, policyPool) + if alreadyProved == nil { + fmt.Printf("ValidateExtendedGramineEvidence: Can't filterpolicy\n") + return false, nil, nil + } + + // Debug + fmt.Printf("\nfiltered policy:\n") + PrintProvedStatements(alreadyProved) + fmt.Printf("\n") + + if !InitProvedStatements(*pubPolicyKey, evp.FactAssertion, alreadyProved) { + fmt.Printf("ValidateExtendedGramineEvidence: Can't InitProvedStatements\n") + return false, nil, nil + } + + // Debug + fmt.Printf("\nValidateExtendedGramineEvidence, after InitProved:\n") + PrintProvedStatements(alreadyProved) + + // ConstructProofFromSevPlatformEvidence() + toProve, proof := ConstructProofFromExtendedGramineEvidence(pubPolicyKey, purpose, alreadyProved) + if toProve == nil || proof == nil { + fmt.Printf("ValidateExtendedGramineEvidence: Can't construct proof\n") + return false, nil, nil + } + + // Debug + fmt.Printf("\n") + fmt.Printf("ValidateExtendedGramineEvidence, toProve: ") + PrintVseClause(toProve) + fmt.Printf("\n") + PrintProof(proof) + fmt.Printf("\n") + + if !VerifyProof(pubPolicyKey, toProve, proof, alreadyProved) { + fmt.Printf("ValidateExtendedGramineEvidence: Proof does not verify\n") + return false, nil, nil + } + + // Debug + fmt.Printf("ValidateExtendedGramineEvidence: Proof verifies\n") + fmt.Printf("\nProved statements\n") + PrintProvedStatements(alreadyProved) + + me := alreadyProved.Proved[2] + if me.Clause == nil || me.Clause.Subject == nil || + me.Clause.Subject.GetEntityType() != "measurement" { + fmt.Printf("ValidateGramineEvidence: Proof does not verify\n") + return false, nil, nil + } + + return true, toProve, me.Clause.Subject.Measurement +} + func FilterKeystonePolicy(policyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, policyPool *PolicyPool) *certprotos.ProvedStatements { diff --git a/certifier_service/certlib/certlib_support.go b/certifier_service/certlib/certlib_support.go index 9b4403b21..ae3bdd704 100644 --- a/certifier_service/certlib/certlib_support.go +++ b/certifier_service/certlib/certlib_support.go @@ -1325,9 +1325,9 @@ func SatisfyingProperties(p1 *certprotos.Properties, p2 *certprotos.Properties) return false } pp := FindProperty(*p1.Props[i].PropertyName, p2.Props) + // If property is not on rule, ignore it. NEW if pp == nil { - fmt.Printf("Can't find property %s\n", *p1.Props[i].PropertyName) - return false + continue } if !SatisfyingProperty(p1.Props[i], pp) { return false @@ -1468,9 +1468,9 @@ func PrintEnvironmentDescriptor(e *certprotos.Environment) { if e == nil { return } - fmt.Printf("environment[") + fmt.Printf("Environment[") PrintPlatformDescriptor(e.ThePlatform) - fmt.Printf(", measurement: ") + fmt.Printf(", Measurement: ") PrintBytes(e.TheMeasurement) fmt.Printf("]") } @@ -1479,7 +1479,7 @@ func PrintPlatformDescriptor(p *certprotos.Platform) { if p == nil || p.PlatformType == nil { return } - fmt.Printf("platform[%s, ", *p.PlatformType) + fmt.Printf("Platform[%s, ", *p.PlatformType) if p.HasKey != nil && *p.HasKey && p.AttestKey != nil { PrintKeyDescriptor(p.AttestKey) fmt.Printf(", ") @@ -2194,3 +2194,15 @@ func Attest(eType string, toSay []byte) []byte { } return nil } + +func BytesToUint64(b []byte) uint64 { + t := uint64(b[0]) + t = (t << 8) | uint64(b[1]) + t = (t << 8) | uint64(b[2]) + t = (t << 8) | uint64(b[3]) + t = (t << 8) | uint64(b[4]) + t = (t << 8) | uint64(b[5]) + t = (t << 8) | uint64(b[6]) + t = (t << 8) | uint64(b[7]) + return t +} diff --git a/certifier_service/certlib/instructions.md b/certifier_service/certlib/instructions.md index 72d94e817..fcdc5866e 100644 --- a/certifier_service/certlib/instructions.md +++ b/certifier_service/certlib/instructions.md @@ -21,6 +21,7 @@ $CERTIFIER_PROTOTYPE/utilities/make_signed_claim_from_vse_clause.exe --vse_file= --duration=9000 --private_key_file=platform_key_file.bin \ --output=platform_attest_endorsement.bin $CERTIFIER_PROTOTYPE/utilities/print_signed_claim.exe --input=platform_attest_endorsement.bin +cp $CERTIFIER_PROTOTYPE/src/gramine/gramine_tests/gramine-attestation.bin . ``` diff --git a/certifier_service/certlib/test_data/generate_test_gramine_policy.sh b/certifier_service/certlib/test_data/generate_test_gramine_policy.sh new file mode 100755 index 000000000..29bb88650 --- /dev/null +++ b/certifier_service/certlib/test_data/generate_test_gramine_policy.sh @@ -0,0 +1,89 @@ + +export CERTIFIER_PROTOTYPE=../../.. +export UTILITIES=$CERTIFIER_PROTOTYPE/utilities +export TEST_DATA=. + +# Policy +# 0. Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] is-trusted +# 1. Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] says +# Key[rsa, platformKey, cdc8112d97fce6767143811f0ed5fb6c21aee424] is-trusted-for-attestation +# 2. Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] says +# Measurement[0001020304050607...] is-trusted +# 3. Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] says +# platform has-trusted-platform-property + + +$UTILITIES/make_unary_vse_clause.exe --key_subject=$TEST_DATA/policy_key_file.bin \ +--verb="is-trusted" --output=$TEST_DATA/gramine_policykeyistrusted.bin + +$UTILITIES/make_indirect_vse_clause.exe --key_subject=$TEST_DATA/policy_key_file.bin \ +--verb="says" --clause=$TEST_DATA/gramine_policykeyistrusted.bin --output=$TEST_DATA/gramine_sayspolicykeyistrusted.bin + +$UTILITIES/make_unary_vse_clause.exe --key_subject=$TEST_DATA/policy_key_file.bin \ +--verb="is-trusted" --output=$TEST_DATA/gramine_platformKeyistrusted.bin + +$UTILITIES/make_indirect_vse_clause.exe --key_subject=$TEST_DATA/policy_key_file.bin \ +--verb="says" --clause=$TEST_DATA/gramine_platformKeyistrusted.bin \ +--output=$TEST_DATA/gramine_saysplatformKeyistrusted.bin + +$UTILITIES/measurement_init.exe --mrenclave=\ +010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708 \ +--out_file=$TEST_DATA/meas.bin + +$UTILITIES/make_unary_vse_clause.exe --measurement_subject=$TEST_DATA/meas.bin \ +--verb="is-trusted" --output=$TEST_DATA/gramine_measurement.bin + +$UTILITIES/make_indirect_vse_clause.exe --key_subject=$TEST_DATA/policy_key_file.bin \ +--verb="says" --clause=$TEST_DATA/gramine_measurement.bin --output=$TEST_DATA/gramine_saysmeasurement.bin + +$UTILITIES/make_property.exe --property_name=debug --property_type='string' comparator="=" \ +--string_value=no --output=$TEST_DATA/property1.bin + +$UTILITIES/make_property.exe --property_name=X64 --property_type='string' comparator="=" \ +--string_value=yes --output=$TEST_DATA/property2.bin + +$UTILITIES/make_property.exe --property_name='cpusvn' --property_type=int --comparator="=" \ +--int_value=1374454427414364160 --output=$TEST_DATA/property3.bin + +$UTILITIES/make_property.exe --property_name='quoting-enclave-sv' --property_type=int --comparator="=" \ +--int_value=0x03 --output=$TEST_DATA/property4.bin + +$UTILITIES/make_property.exe --property_name='provisioning-enclave-sv' --property_type=int --comparator="=" \ +--int_value=0x13 --output=$TEST_DATA/property5.bin + +$UTILITIES/combine_properties.exe \ +--in=$TEST_DATA/property1.bin,$TEST_DATA/property2.bin,$TEST_DATA/property3.bin,$TEST_DATA/property4.bin,$TEST_DATA/property5.bin \ +--output=$TEST_DATA/properties.bin + +$UTILITIES/make_platform.exe --platform_type=sgx \ +--properties_file=$TEST_DATA/properties.bin --output=$TEST_DATA/gramine_platform.bin + +$UTILITIES/make_unary_vse_clause.exe --platform_subject=$TEST_DATA/gramine_platform.bin \ +--verb="has-trusted-platform-property" --output=$TEST_DATA/gramine_isplatform.bin + +$UTILITIES/make_indirect_vse_clause.exe --key_subject=$TEST_DATA/policy_key_file.bin \ +--verb="says" --clause=$TEST_DATA/gramine_isplatform.bin --output=$TEST_DATA/gramine_saysisplatform.bin + +# Signed claims + +$UTILITIES/make_signed_claim_from_vse_clause.exe --vse_file=$TEST_DATA/gramine_sayspolicykeyistrusted.bin \ +--duration=9000 --private_key_file=$TEST_DATA/policy_key_file.bin \ +--output=$TEST_DATA/gramine_signed_sayspolicykeyistrusted.bin + +$UTILITIES/make_signed_claim_from_vse_clause.exe --vse_file=$TEST_DATA/gramine_saysplatformKeyistrusted.bin \ +--duration=9000 --private_key_file=$TEST_DATA/policy_key_file.bin \ +--output=$TEST_DATA/gramine_signed_platform_key.bin + +$UTILITIES/make_signed_claim_from_vse_clause.exe --vse_file=$TEST_DATA/gramine_saysmeasurement.bin \ +--duration=9000 --private_key_file=$TEST_DATA/policy_key_file.bin \ +--output=$TEST_DATA/gramine_signed_saysmeasurement.bin + +$UTILITIES/make_signed_claim_from_vse_clause.exe --vse_file=$TEST_DATA/gramine_saysisplatform.bin \ +--duration=9000 --private_key_file=$TEST_DATA/policy_key_file.bin \ +--output=$TEST_DATA/gramine_signed_saysisplatform.bin + +$UTILITIES/package_claims.exe \ +--input=$TEST_DATA/gramine_signed_sayspolicykeyistrusted.bin,$TEST_DATA/gramine_signed_platform_key.bin,$TEST_DATA/gramine_signed_saysmeasurement.bin,$TEST_DATA/gramine_signed_saysisplatform.bin \ +--output=$TEST_DATA/gramine_policy.bin + +$UTILITIES/print_packaged_claims.exe --input=$TEST_DATA/gramine_policy.bin diff --git a/certifier_service/certprotos/certifier.proto b/certifier_service/certprotos/certifier.proto index be9b7cd52..a47c20266 100644 --- a/certifier_service/certprotos/certifier.proto +++ b/certifier_service/certprotos/certifier.proto @@ -190,7 +190,7 @@ message cert_chain { // Current evidence types: "signed-claim", // "signed-vse-attestation" -// "oe-attestation-report", +// "oe-attestation-report", "gramine-attestation" // "sev-attestation", "cert", cert-chain message evidence { optional string evidence_type = 1; diff --git a/certifier_service/simpleserver.go b/certifier_service/simpleserver.go index 816608e3d..7f6eb1997 100644 --- a/certifier_service/simpleserver.go +++ b/certifier_service/simpleserver.go @@ -80,6 +80,8 @@ var logging bool = false var logger *log.Logger var dataPacketFileNum int = loggingSequenceNumber +var extendedGramine bool = false + func initLog() bool { name := *logDir + "/" + *logFile logFiled, err := os.OpenFile(name, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0666) @@ -304,10 +306,18 @@ func ValidateRequestAndObtainToken(remoteIP string, pubKey *certprotos.KeyMessag return false, nil } } else if evType == "gramine-evidence" { - success, toProve, measurement = certlib.ValidateGramineEvidence(pubKey, ep, policyPool, purpose) - if !success { - fmt.Printf("ValidateRequestAndObtainToken: ValidateGramineEvidence failed\n") - return false, nil + if extendedGramine { + success, toProve, measurement = certlib.ValidateExtendedGramineEvidence(pubKey, ep, policyPool, purpose) + if !success { + fmt.Printf("ValidateRequestAndObtainToken: ValidateExtendedGramineEvidence failed\n") + return false, nil + } + } else { + success, toProve, measurement = certlib.ValidateGramineEvidence(pubKey, ep, policyPool, purpose) + if !success { + fmt.Printf("ValidateRequestAndObtainToken: ValidateGramineEvidence failed\n") + return false, nil + } } } else if evType == "keystone-evidence" { success, toProve, measurement = certlib.ValidateKeystoneEvidence(pubKey, ep, policyPool, purpose) @@ -936,41 +946,6 @@ func main() { var serverAddr string if *operation == "certifier-service" { - /* - REMOVE: This is a test Ye used - attestation, err := os.ReadFile("attestation.bin") - if err != nil { - fmt.Printf("Failed to read attestation file: %s\n", err.Error()) - } - - var what_to_say []byte - what_to_say = make([]byte, 256) - for i := 0; i < 256; i++ { - what_to_say[i] = byte(i) - } - outMeasurement, err := gramineverify.GramineVerify(what_to_say, attestation) - if err != nil { - fmt.Printf("GramineVerify failed: %s\n", err.Error()) - } - fmt.Printf("Measurement length: %d\n", len(outMeasurement)); - - attestation, err := os.ReadFile("gramine-attestation.bin") - if err != nil { - fmt.Printf("Failed to read attestation file: %s\n", err.Error()) - } - qeSvn, pceSvn, cpuSvn, debug, mode64bit := certlib.GetPlatformAttributesFromGramineAttest(attestation) - fmt.Printf("qeSvn: 0x%x, pceSvn: 0x%x\n", qeSvn, pceSvn) - fmt.Printf("cpuSvn: ") - certlib.PrintBytes(cpuSvn) - fmt.Printf("\n") - if (debug) { - fmt.Printf("Debug enclave\n"); - } - if (mode64bit) { - fmt.Printf("64 bit enclave\n"); - } - */ - // later this may turn into a TLS connection, we'll see if !initCertifierService(*getPolicyKeyFromSecureStore) { fmt.Printf("main: failed to initialize server\n") diff --git a/sample_apps/simple_app_under_gramine/script b/sample_apps/simple_app_under_gramine/script index ab5cf03f8..3e032f134 100755 --- a/sample_apps/simple_app_under_gramine/script +++ b/sample_apps/simple_app_under_gramine/script @@ -45,10 +45,47 @@ $CERTIFIER_PROTOTYPE/utilities/make_indirect_vse_clause.exe --key_subject=policy $CERTIFIER_PROTOTYPE/utilities/make_signed_claim_from_vse_clause.exe --vse_file=vse_policy2.bin \ --duration=9000 --private_key_file=policy_key_file.bin --output=signed_claim_2.bin +# For extended gramine construct platform policy +$UTILITIES/make_property.exe --property_name=debug --property_type='string' comparator="=" \ +--string_value=yes --output=$TEST_DATA/property1.bin + +$UTILITIES/make_property.exe --property_name=X64 --property_type='string' comparator="=" \ +--string_value=no --output=$TEST_DATA/property2.bin + +$UTILITIES/make_property.exe --property_name='cpusvn' --property_type=int --comparator="=" \ +--int_value=1374454427414364160 --output=$TEST_DATA/property3.bin + +$UTILITIES/make_property.exe --property_name='quoting-enclave-sv' --property_type=int --comparator="=" \ +--int_value=0x03 --output=$TEST_DATA/property4.bin + +$UTILITIES/make_property.exe --property_name='provisioning-enclave-sv' --property_type=int --comparator="=" \ +--int_value=0x13 --output=$TEST_DATA/property5.bin + +$UTILITIES/combine_properties.exe \ +--in=$TEST_DATA/property1.bin,$TEST_DATA/property2.bin,$TEST_DATA/property3.bin,$TEST_DATA/property4.bin,$TEST_DATA/property5.bin \ +--output=$TEST_DATA/properties.bin + +$UTILITIES/make_platform.exe --platform_type=sgx \ +--properties_file=$TEST_DATA/properties.bin --output=$TEST_DATA/gramine_platform.bin + +$UTILITIES/make_unary_vse_clause.exe --platform_subject=$TEST_DATA/gramine_platform.bin \ +--verb="has-trusted-platform-property" --output=$TEST_DATA/gramine_isplatform.bin + +$CERTIFIER_PROTOTYPE/utilities/make_indirect_vse_clause.exe --key_subject=policy_key_file.bin \ + --verb="says" --clause=gramine_isplatform.bin --output=vse_policy3.bin + +$CERTIFIER_PROTOTYPE/utilities/make_signed_claim_from_vse_clause.exe --vse_file=vse_policy3.bin \ + --duration=9000 --private_key_file=policy_key_file.bin --output=signed_claim_3.bin + # Package the policy for the certifier -$CERTIFIER_PROTOTYPE/utilities/package_claims.exe --input=signed_claim_1.bin,signed_claim_2.bin\ +$CERTIFIER_PROTOTYPE/utilities/package_claims.exe --input=signed_claim_1.bin,signed_claim_2.bin \ --output=policy.bin +# For extended gramine, include platform rule +$CERTIFIER_PROTOTYPE/utilities/package_claims.exe \ + --input=signed_claim_1.bin,signed_claim_2.bin,signed_claim_3.bin \ + --output=extended_policy.bin + # Compile the protobuf cd $CERTIFIER_PROTOTYPE cd certifier_service/certprotos