2022-09-05 03:06:08 -04:00
|
|
|
/*
|
|
|
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
|
|
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
|
*/
|
|
|
|
|
|
2022-03-22 11:03:15 -04:00
|
|
|
package cmd
|
|
|
|
|
|
|
|
|
|
import (
|
2022-06-28 11:03:28 -04:00
|
|
|
"bytes"
|
|
|
|
|
"context"
|
2023-12-05 06:28:40 -05:00
|
|
|
"crypto/sha256"
|
|
|
|
|
"crypto/sha512"
|
2023-04-03 09:06:27 -04:00
|
|
|
"encoding/base64"
|
2023-12-05 06:28:40 -05:00
|
|
|
"encoding/hex"
|
2023-04-03 09:06:27 -04:00
|
|
|
"encoding/json"
|
2022-03-22 11:03:15 -04:00
|
|
|
"errors"
|
|
|
|
|
"fmt"
|
2022-06-28 11:03:28 -04:00
|
|
|
"net"
|
2023-09-08 02:08:09 -04:00
|
|
|
"sort"
|
2022-07-29 02:24:13 -04:00
|
|
|
"strconv"
|
|
|
|
|
"strings"
|
2022-03-22 11:03:15 -04:00
|
|
|
|
2023-06-07 10:16:32 -04:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi"
|
2022-09-21 07:47:57 -04:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/atls"
|
2024-06-12 07:18:27 -04:00
|
|
|
azuretdx "github.com/edgelesssys/constellation/v2/internal/attestation/azure/tdx"
|
2023-12-05 06:28:40 -05:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation/choose"
|
2023-04-03 09:06:27 -04:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
|
2023-10-30 07:39:15 -04:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation/snp"
|
2023-12-05 06:28:40 -05:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
|
2023-08-21 07:50:00 -04:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
|
2022-11-15 09:40:49 -05:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/config"
|
2022-09-21 07:47:57 -04:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/constants"
|
2023-12-08 10:27:04 -05:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/constellation/state"
|
2022-09-21 07:47:57 -04:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/crypto"
|
|
|
|
|
"github.com/edgelesssys/constellation/v2/internal/file"
|
|
|
|
|
"github.com/edgelesssys/constellation/v2/internal/grpc/dialer"
|
2023-10-07 10:24:29 -04:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/verify"
|
2022-09-21 07:47:57 -04:00
|
|
|
"github.com/edgelesssys/constellation/v2/verify/verifyproto"
|
2024-06-12 07:18:27 -04:00
|
|
|
|
2024-06-17 07:38:59 -04:00
|
|
|
"github.com/google/go-sev-guest/proto/sevsnp"
|
2024-06-12 07:18:27 -04:00
|
|
|
"github.com/google/go-tdx-guest/abi"
|
|
|
|
|
"github.com/google/go-tdx-guest/proto/tdx"
|
2024-06-17 07:38:59 -04:00
|
|
|
"github.com/google/go-tpm-tools/proto/attest"
|
2024-06-12 07:18:27 -04:00
|
|
|
tpmProto "github.com/google/go-tpm-tools/proto/tpm"
|
2022-04-27 05:17:41 -04:00
|
|
|
"github.com/spf13/afero"
|
2022-03-22 11:03:15 -04:00
|
|
|
"github.com/spf13/cobra"
|
2023-10-16 09:05:29 -04:00
|
|
|
"github.com/spf13/pflag"
|
2022-06-28 11:03:28 -04:00
|
|
|
"google.golang.org/grpc"
|
2022-03-22 11:03:15 -04:00
|
|
|
)
|
|
|
|
|
|
2022-06-08 02:14:28 -04:00
|
|
|
// NewVerifyCmd returns a new cobra.Command for the verify command.
|
|
|
|
|
func NewVerifyCmd() *cobra.Command {
|
2022-03-22 11:03:15 -04:00
|
|
|
cmd := &cobra.Command{
|
2022-09-07 09:38:29 -04:00
|
|
|
Use: "verify",
|
2022-05-09 11:02:47 -04:00
|
|
|
Short: "Verify the confidential properties of a Constellation cluster",
|
2023-07-05 10:44:57 -04:00
|
|
|
Long: "Verify the confidential properties of a Constellation cluster.\n" +
|
2023-10-09 07:04:29 -04:00
|
|
|
"If arguments aren't specified, values are read from `" + constants.StateFilename + "`.",
|
2022-12-07 05:48:54 -05:00
|
|
|
Args: cobra.ExactArgs(0),
|
2022-04-27 05:17:41 -04:00
|
|
|
RunE: runVerify,
|
2022-03-22 11:03:15 -04:00
|
|
|
}
|
2022-09-11 09:58:31 -04:00
|
|
|
cmd.Flags().String("cluster-id", "", "expected cluster identifier")
|
2023-10-07 10:24:29 -04:00
|
|
|
cmd.Flags().StringP("output", "o", "", "print the attestation document in the output format {json|raw}")
|
2022-07-01 04:57:29 -04:00
|
|
|
cmd.Flags().StringP("node-endpoint", "e", "", "endpoint of the node to verify, passed as HOST[:PORT]")
|
2022-03-22 11:03:15 -04:00
|
|
|
return cmd
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-16 09:05:29 -04:00
|
|
|
type verifyFlags struct {
|
|
|
|
|
rootFlags
|
|
|
|
|
endpoint string
|
|
|
|
|
ownerID string
|
|
|
|
|
clusterID string
|
|
|
|
|
output string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (f *verifyFlags) parse(flags *pflag.FlagSet) error {
|
|
|
|
|
if err := f.rootFlags.parse(flags); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var err error
|
|
|
|
|
f.output, err = flags.GetString("output")
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("getting 'output' flag: %w", err)
|
|
|
|
|
}
|
|
|
|
|
f.endpoint, err = flags.GetString("node-endpoint")
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("getting 'node-endpoint' flag: %w", err)
|
|
|
|
|
}
|
|
|
|
|
f.clusterID, err = flags.GetString("cluster-id")
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("getting 'cluster-id' flag: %w", err)
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-11-21 11:02:33 -05:00
|
|
|
type verifyCmd struct {
|
2023-10-16 09:05:29 -04:00
|
|
|
fileHandler file.Handler
|
|
|
|
|
flags verifyFlags
|
|
|
|
|
log debugLog
|
2022-11-21 11:02:33 -05:00
|
|
|
}
|
|
|
|
|
|
2023-03-20 06:03:36 -04:00
|
|
|
func runVerify(cmd *cobra.Command, _ []string) error {
|
2022-11-21 11:02:33 -05:00
|
|
|
log, err := newCLILogger(cmd)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("creating logger: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-27 05:17:41 -04:00
|
|
|
fileHandler := file.NewHandler(afero.NewOsFs())
|
2022-11-21 11:02:33 -05:00
|
|
|
verifyClient := &constellationVerifier{
|
|
|
|
|
dialer: dialer.New(nil, nil, &net.Dialer{}),
|
|
|
|
|
log: log,
|
|
|
|
|
}
|
2024-06-12 07:18:27 -04:00
|
|
|
|
2023-10-16 09:05:29 -04:00
|
|
|
v := &verifyCmd{
|
|
|
|
|
fileHandler: fileHandler,
|
|
|
|
|
log: log,
|
|
|
|
|
}
|
|
|
|
|
if err := v.flags.parse(cmd.Flags()); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2024-04-03 09:49:03 -04:00
|
|
|
v.log.Debug("Using flags", "clusterID", v.flags.clusterID, "endpoint", v.flags.endpoint, "ownerID", v.flags.ownerID)
|
2024-06-12 07:18:27 -04:00
|
|
|
|
2023-06-07 10:16:32 -04:00
|
|
|
fetcher := attestationconfigapi.NewFetcher()
|
2024-06-12 07:18:27 -04:00
|
|
|
return v.verify(cmd, verifyClient, fetcher)
|
2022-04-27 05:17:41 -04:00
|
|
|
}
|
|
|
|
|
|
2024-06-12 07:18:27 -04:00
|
|
|
func (c *verifyCmd) verify(cmd *cobra.Command, verifyClient verifyClient, configFetcher attestationconfigapi.Fetcher) error {
|
2024-02-08 09:20:01 -05:00
|
|
|
c.log.Debug(fmt.Sprintf("Loading configuration file from %q", c.flags.pathPrefixer.PrefixPrintablePath(constants.ConfigFilename)))
|
2023-10-16 09:05:29 -04:00
|
|
|
conf, err := config.New(c.fileHandler, constants.ConfigFilename, configFetcher, c.flags.force)
|
2023-02-07 06:56:25 -05:00
|
|
|
var configValidationErr *config.ValidationError
|
|
|
|
|
if errors.As(err, &configValidationErr) {
|
|
|
|
|
cmd.PrintErrln(configValidationErr.LongMessage())
|
|
|
|
|
}
|
2022-04-27 05:17:41 -04:00
|
|
|
if err != nil {
|
2023-04-03 09:06:27 -04:00
|
|
|
return fmt.Errorf("loading config file: %w", err)
|
2022-03-22 11:03:15 -04:00
|
|
|
}
|
|
|
|
|
|
2023-10-16 09:05:29 -04:00
|
|
|
stateFile, err := state.ReadFromFile(c.fileHandler, constants.StateFilename)
|
|
|
|
|
if err != nil {
|
2024-06-21 04:09:01 -04:00
|
|
|
stateFile = state.New() // A state file is only required if the user has not provided IP or ID flags
|
2023-11-03 10:47:03 -04:00
|
|
|
}
|
2023-10-16 09:05:29 -04:00
|
|
|
|
|
|
|
|
ownerID, clusterID, err := c.validateIDFlags(cmd, stateFile)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
endpoint, err := c.validateEndpointFlag(cmd, stateFile)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var maaURL string
|
|
|
|
|
if stateFile.Infrastructure.Azure != nil {
|
|
|
|
|
maaURL = stateFile.Infrastructure.Azure.AttestationURL
|
|
|
|
|
}
|
|
|
|
|
conf.UpdateMAAURL(maaURL)
|
|
|
|
|
|
2024-02-08 09:20:01 -05:00
|
|
|
c.log.Debug("Updating expected PCRs")
|
2023-05-03 05:11:53 -04:00
|
|
|
attConfig := conf.GetAttestationConfig()
|
2023-12-05 06:28:40 -05:00
|
|
|
if err := updateInitMeasurements(attConfig, ownerID, clusterID); err != nil {
|
2023-04-03 09:06:27 -04:00
|
|
|
return fmt.Errorf("updating expected PCRs: %w", err)
|
2022-04-27 05:17:41 -04:00
|
|
|
}
|
|
|
|
|
|
2024-04-03 09:49:03 -04:00
|
|
|
c.log.Debug(fmt.Sprintf("Creating aTLS Validator for %q", conf.GetAttestationConfig().GetVariant()))
|
2023-12-05 06:28:40 -05:00
|
|
|
validator, err := choose.Validator(attConfig, warnLogger{cmd: cmd, log: c.log})
|
2023-05-03 05:11:53 -04:00
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("creating aTLS validator: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
2022-07-26 04:58:39 -04:00
|
|
|
nonce, err := crypto.GenerateRandomBytes(32)
|
2022-06-28 11:03:28 -04:00
|
|
|
if err != nil {
|
2023-04-03 09:06:27 -04:00
|
|
|
return fmt.Errorf("generating random nonce: %w", err)
|
2022-04-27 05:17:41 -04:00
|
|
|
}
|
2024-02-08 09:20:01 -05:00
|
|
|
c.log.Debug(fmt.Sprintf("Generated random nonce: %x", nonce))
|
2022-06-28 11:03:28 -04:00
|
|
|
|
2023-04-03 09:06:27 -04:00
|
|
|
rawAttestationDoc, err := verifyClient.Verify(
|
2022-06-28 11:03:28 -04:00
|
|
|
cmd.Context(),
|
2023-10-16 09:05:29 -04:00
|
|
|
endpoint,
|
2022-06-28 11:03:28 -04:00
|
|
|
&verifyproto.GetAttestationRequest{
|
2023-01-17 09:28:07 -05:00
|
|
|
Nonce: nonce,
|
2022-06-28 11:03:28 -04:00
|
|
|
},
|
2023-05-03 05:11:53 -04:00
|
|
|
validator,
|
2023-04-03 09:06:27 -04:00
|
|
|
)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("verifying: %w", err)
|
2022-03-22 11:03:15 -04:00
|
|
|
}
|
2022-04-27 05:17:41 -04:00
|
|
|
|
2024-06-12 07:18:27 -04:00
|
|
|
var attDocOutput string
|
|
|
|
|
switch c.flags.output {
|
|
|
|
|
case "json":
|
|
|
|
|
attDocOutput, err = formatJSON(cmd.Context(), rawAttestationDoc, attConfig, c.log)
|
2024-06-17 07:38:59 -04:00
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("printing attestation document: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
2024-06-12 07:18:27 -04:00
|
|
|
case "raw":
|
|
|
|
|
attDocOutput = fmt.Sprintf("Attestation Document:\n%s\n", rawAttestationDoc)
|
2024-06-17 07:38:59 -04:00
|
|
|
|
2024-06-12 07:18:27 -04:00
|
|
|
case "":
|
|
|
|
|
attDocOutput, err = formatDefault(cmd.Context(), rawAttestationDoc, attConfig, c.log)
|
2024-06-17 07:38:59 -04:00
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("printing attestation document: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
2024-06-12 07:18:27 -04:00
|
|
|
default:
|
|
|
|
|
return fmt.Errorf("invalid output value for formatter: %s", c.flags.output)
|
2023-10-07 10:24:29 -04:00
|
|
|
}
|
2024-06-12 07:18:27 -04:00
|
|
|
|
2023-04-03 09:06:27 -04:00
|
|
|
cmd.Println(attDocOutput)
|
2023-10-07 10:24:29 -04:00
|
|
|
cmd.PrintErrln("Verification OK")
|
2023-04-03 09:06:27 -04:00
|
|
|
|
2022-03-22 11:03:15 -04:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-16 09:05:29 -04:00
|
|
|
func (c *verifyCmd) validateIDFlags(cmd *cobra.Command, stateFile *state.State) (ownerID, clusterID string, err error) {
|
|
|
|
|
ownerID, clusterID = c.flags.ownerID, c.flags.clusterID
|
|
|
|
|
if c.flags.clusterID == "" {
|
|
|
|
|
cmd.PrintErrf("Using ID from %q. Specify --cluster-id to override this.\n", c.flags.pathPrefixer.PrefixPrintablePath(constants.StateFilename))
|
|
|
|
|
clusterID = stateFile.ClusterValues.ClusterID
|
2022-07-01 04:57:29 -04:00
|
|
|
}
|
2023-10-16 09:05:29 -04:00
|
|
|
if ownerID == "" {
|
|
|
|
|
// We don't want to print warnings until this is implemented again
|
|
|
|
|
// cmd.PrintErrf("Using ID from %q. Specify --owner-id to override this.\n", c.flags.pathPrefixer.PrefixPrintablePath(constants.StateFilename))
|
|
|
|
|
ownerID = stateFile.ClusterValues.OwnerID
|
2023-10-09 07:04:29 -04:00
|
|
|
}
|
|
|
|
|
|
2022-07-01 04:57:29 -04:00
|
|
|
// Validate
|
|
|
|
|
if ownerID == "" && clusterID == "" {
|
2023-10-16 09:05:29 -04:00
|
|
|
return "", "", errors.New("cluster-id not provided to verify the cluster")
|
2022-03-22 11:03:15 -04:00
|
|
|
}
|
|
|
|
|
|
2023-10-16 09:05:29 -04:00
|
|
|
return ownerID, clusterID, nil
|
2022-03-22 11:03:15 -04:00
|
|
|
}
|
|
|
|
|
|
2023-10-16 09:05:29 -04:00
|
|
|
func (c *verifyCmd) validateEndpointFlag(cmd *cobra.Command, stateFile *state.State) (string, error) {
|
|
|
|
|
endpoint := c.flags.endpoint
|
2022-07-29 02:24:13 -04:00
|
|
|
if endpoint == "" {
|
2023-10-16 09:05:29 -04:00
|
|
|
cmd.PrintErrf("Using endpoint from %q. Specify --node-endpoint to override this.\n", c.flags.pathPrefixer.PrefixPrintablePath(constants.StateFilename))
|
|
|
|
|
endpoint = stateFile.Infrastructure.ClusterEndpoint
|
2022-07-29 02:24:13 -04:00
|
|
|
}
|
2023-10-16 09:05:29 -04:00
|
|
|
endpoint, err := addPortIfMissing(endpoint, constants.VerifyServiceNodePortGRPC)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", fmt.Errorf("validating endpoint argument: %w", err)
|
2022-07-01 04:57:29 -04:00
|
|
|
}
|
2023-10-16 09:05:29 -04:00
|
|
|
return endpoint, nil
|
2022-07-01 04:57:29 -04:00
|
|
|
}
|
|
|
|
|
|
2024-06-12 07:18:27 -04:00
|
|
|
// formatJSON returns the json formatted attestation doc.
|
2024-06-17 07:38:59 -04:00
|
|
|
func formatJSON(ctx context.Context, docString []byte, attestationCfg config.AttestationCfg, log debugLog,
|
2023-10-07 10:24:29 -04:00
|
|
|
) (string, error) {
|
2024-06-17 07:38:59 -04:00
|
|
|
doc, err := unmarshalAttDoc(docString, attestationCfg.GetVariant())
|
|
|
|
|
if err != nil {
|
2024-06-12 07:18:27 -04:00
|
|
|
return "", fmt.Errorf("unmarshalling attestation document: %w", err)
|
2023-10-07 10:24:29 -04:00
|
|
|
}
|
|
|
|
|
|
2024-06-12 07:18:27 -04:00
|
|
|
switch attestationCfg.GetVariant() {
|
|
|
|
|
case variant.AWSSEVSNP{}, variant.AzureSEVSNP{}, variant.GCPSEVSNP{}:
|
|
|
|
|
return snpFormatJSON(ctx, doc.InstanceInfo, attestationCfg, log)
|
|
|
|
|
case variant.AzureTDX{}:
|
|
|
|
|
return tdxFormatJSON(doc.InstanceInfo, attestationCfg)
|
|
|
|
|
default:
|
|
|
|
|
return "", fmt.Errorf("json output is not supported for variant %s", attestationCfg.GetVariant())
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func snpFormatJSON(ctx context.Context, instanceInfoRaw []byte, attestationCfg config.AttestationCfg, log debugLog,
|
|
|
|
|
) (string, error) {
|
|
|
|
|
var instanceInfo snp.InstanceInfo
|
|
|
|
|
if err := json.Unmarshal(instanceInfoRaw, &instanceInfo); err != nil {
|
2023-11-07 09:19:31 -05:00
|
|
|
return "", fmt.Errorf("unmarshalling instance info: %w", err)
|
2023-10-07 10:24:29 -04:00
|
|
|
}
|
2024-06-12 07:18:27 -04:00
|
|
|
report, err := verify.NewReport(ctx, instanceInfo, attestationCfg, log)
|
2023-10-07 10:24:29 -04:00
|
|
|
if err != nil {
|
2023-11-07 09:19:31 -05:00
|
|
|
return "", fmt.Errorf("parsing SNP report: %w", err)
|
2023-10-07 10:24:29 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
jsonBytes, err := json.Marshal(report)
|
|
|
|
|
return string(jsonBytes), err
|
|
|
|
|
}
|
|
|
|
|
|
2024-06-12 07:18:27 -04:00
|
|
|
func tdxFormatJSON(instanceInfoRaw []byte, attestationCfg config.AttestationCfg) (string, error) {
|
|
|
|
|
var rawQuote []byte
|
2023-10-07 10:24:29 -04:00
|
|
|
|
2024-06-12 07:18:27 -04:00
|
|
|
if attestationCfg.GetVariant().Equal(variant.AzureTDX{}) {
|
|
|
|
|
var instanceInfo azuretdx.InstanceInfo
|
|
|
|
|
if err := json.Unmarshal(instanceInfoRaw, &instanceInfo); err != nil {
|
|
|
|
|
return "", fmt.Errorf("unmarshalling instance info: %w", err)
|
|
|
|
|
}
|
|
|
|
|
rawQuote = instanceInfo.AttestationReport
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tdxQuote, err := abi.QuoteToProto(rawQuote)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", fmt.Errorf("converting quote to proto: %w", err)
|
|
|
|
|
}
|
|
|
|
|
quote, ok := tdxQuote.(*tdx.QuoteV4)
|
|
|
|
|
if !ok {
|
|
|
|
|
return "", fmt.Errorf("unexpected quote type: %T", tdxQuote)
|
|
|
|
|
}
|
2023-10-07 10:24:29 -04:00
|
|
|
|
2024-06-12 07:18:27 -04:00
|
|
|
quoteJSON, err := json.Marshal(quote)
|
|
|
|
|
return string(quoteJSON), err
|
2023-10-07 10:24:29 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// format returns the formatted attestation doc.
|
2024-06-17 07:38:59 -04:00
|
|
|
func formatDefault(ctx context.Context, docString []byte, attestationCfg config.AttestationCfg, log debugLog,
|
2023-08-04 11:48:14 -04:00
|
|
|
) (string, error) {
|
2023-04-03 09:06:27 -04:00
|
|
|
b := &strings.Builder{}
|
|
|
|
|
b.WriteString("Attestation Document:\n")
|
|
|
|
|
|
2024-06-17 07:38:59 -04:00
|
|
|
doc, err := unmarshalAttDoc(docString, attestationCfg.GetVariant())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", fmt.Errorf("unmarshalling attestation document: %w", err)
|
2023-04-03 09:06:27 -04:00
|
|
|
}
|
|
|
|
|
|
2024-06-12 07:18:27 -04:00
|
|
|
if err := parseQuotes(b, doc.Attestation.Quotes, attestationCfg.GetMeasurements()); err != nil {
|
2023-04-03 09:06:27 -04:00
|
|
|
return "", fmt.Errorf("parse quote: %w", err)
|
|
|
|
|
}
|
2024-06-12 07:18:27 -04:00
|
|
|
|
|
|
|
|
// If we have a non SNP variant, print only the PCRs
|
|
|
|
|
if !(attestationCfg.GetVariant().Equal(variant.AzureSEVSNP{}) ||
|
|
|
|
|
attestationCfg.GetVariant().Equal(variant.AWSSEVSNP{}) ||
|
|
|
|
|
attestationCfg.GetVariant().Equal(variant.GCPSEVSNP{})) {
|
2023-04-03 09:06:27 -04:00
|
|
|
return b.String(), nil
|
|
|
|
|
}
|
|
|
|
|
|
2024-06-12 07:18:27 -04:00
|
|
|
// SNP reports contain extra information that we can print
|
|
|
|
|
var instanceInfo snp.InstanceInfo
|
|
|
|
|
if err := json.Unmarshal(doc.InstanceInfo, &instanceInfo); err != nil {
|
2023-11-07 09:19:31 -05:00
|
|
|
return "", fmt.Errorf("unmarshalling instance info: %w", err)
|
2023-04-03 09:06:27 -04:00
|
|
|
}
|
|
|
|
|
|
2024-06-12 07:18:27 -04:00
|
|
|
report, err := verify.NewReport(ctx, instanceInfo, attestationCfg, log)
|
2023-10-07 10:24:29 -04:00
|
|
|
if err != nil {
|
|
|
|
|
return "", fmt.Errorf("parsing SNP report: %w", err)
|
2023-07-26 07:43:39 -04:00
|
|
|
}
|
2023-04-03 09:06:27 -04:00
|
|
|
|
2023-11-07 09:19:31 -05:00
|
|
|
return report.FormatString(b)
|
2023-04-03 09:06:27 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// parseQuotes parses the base64-encoded quotes and writes their details to the output builder.
|
2024-06-12 07:18:27 -04:00
|
|
|
func parseQuotes(b *strings.Builder, quotes []*tpmProto.Quote, expectedPCRs measurements.M) error {
|
2023-07-25 09:02:59 -04:00
|
|
|
writeIndentfln(b, 1, "Quote:")
|
2023-09-08 02:08:09 -04:00
|
|
|
|
|
|
|
|
var pcrNumbers []uint32
|
|
|
|
|
for pcrNum := range expectedPCRs {
|
|
|
|
|
pcrNumbers = append(pcrNumbers, pcrNum)
|
|
|
|
|
}
|
|
|
|
|
sort.Slice(pcrNumbers, func(i, j int) bool { return pcrNumbers[i] < pcrNumbers[j] })
|
|
|
|
|
|
|
|
|
|
for _, pcrNum := range pcrNumbers {
|
|
|
|
|
expectedPCR := expectedPCRs[pcrNum]
|
2023-08-21 07:50:00 -04:00
|
|
|
pcrIdx, err := vtpm.GetSHA256QuoteIndex(quotes)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("get SHA256 quote index: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
2023-09-08 02:08:09 -04:00
|
|
|
actualPCR, ok := quotes[pcrIdx].Pcrs.Pcrs[pcrNum]
|
|
|
|
|
if !ok {
|
|
|
|
|
return fmt.Errorf("PCR %d not found in quote", pcrNum)
|
2023-04-03 09:06:27 -04:00
|
|
|
}
|
2023-07-25 09:02:59 -04:00
|
|
|
writeIndentfln(b, 2, "PCR %d (Strict: %t):", pcrNum, !expectedPCR.ValidationOpt)
|
|
|
|
|
writeIndentfln(b, 3, "Expected:\t%x", expectedPCR.Expected)
|
|
|
|
|
writeIndentfln(b, 3, "Actual:\t\t%x", actualPCR)
|
2023-04-03 09:06:27 -04:00
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-06-28 11:03:28 -04:00
|
|
|
type constellationVerifier struct {
|
2022-06-28 12:33:27 -04:00
|
|
|
dialer grpcInsecureDialer
|
2022-11-21 11:02:33 -05:00
|
|
|
log debugLog
|
2022-06-28 11:03:28 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Verify retrieves an attestation statement from the Constellation and verifies it using the validator.
|
|
|
|
|
func (v *constellationVerifier) Verify(
|
|
|
|
|
ctx context.Context, endpoint string, req *verifyproto.GetAttestationRequest, validator atls.Validator,
|
2024-06-17 07:38:59 -04:00
|
|
|
) ([]byte, error) {
|
2024-02-08 09:20:01 -05:00
|
|
|
v.log.Debug(fmt.Sprintf("Dialing endpoint: %q", endpoint))
|
2024-06-21 04:05:57 -04:00
|
|
|
conn, err := v.dialer.DialInsecure(endpoint)
|
2022-06-28 11:03:28 -04:00
|
|
|
if err != nil {
|
2024-06-17 07:38:59 -04:00
|
|
|
return nil, fmt.Errorf("dialing init server: %w", err)
|
2022-06-28 11:03:28 -04:00
|
|
|
}
|
|
|
|
|
defer conn.Close()
|
|
|
|
|
|
|
|
|
|
client := verifyproto.NewAPIClient(conn)
|
|
|
|
|
|
2024-02-08 09:20:01 -05:00
|
|
|
v.log.Debug("Sending attestation request")
|
2022-06-28 11:03:28 -04:00
|
|
|
resp, err := client.GetAttestation(ctx, req)
|
|
|
|
|
if err != nil {
|
2024-06-17 07:38:59 -04:00
|
|
|
return nil, fmt.Errorf("getting attestation: %w", err)
|
2022-06-28 11:03:28 -04:00
|
|
|
}
|
|
|
|
|
|
2024-02-08 09:20:01 -05:00
|
|
|
v.log.Debug("Verifying attestation")
|
2023-03-29 03:06:10 -04:00
|
|
|
signedData, err := validator.Validate(ctx, resp.Attestation, req.Nonce)
|
2022-06-28 11:03:28 -04:00
|
|
|
if err != nil {
|
2024-06-17 07:38:59 -04:00
|
|
|
return nil, fmt.Errorf("validating attestation: %w", err)
|
2022-06-28 11:03:28 -04:00
|
|
|
}
|
|
|
|
|
|
2023-01-17 09:28:07 -05:00
|
|
|
if !bytes.Equal(signedData, []byte(constants.ConstellationVerifyServiceUserData)) {
|
2024-06-17 07:38:59 -04:00
|
|
|
return nil, errors.New("signed data in attestation does not match expected user data")
|
2022-06-28 11:03:28 -04:00
|
|
|
}
|
2023-04-03 09:06:27 -04:00
|
|
|
|
2024-06-17 07:38:59 -04:00
|
|
|
return resp.Attestation, nil
|
2022-06-28 11:03:28 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type verifyClient interface {
|
2024-06-17 07:38:59 -04:00
|
|
|
Verify(ctx context.Context, endpoint string, req *verifyproto.GetAttestationRequest, validator atls.Validator) ([]byte, error)
|
2022-06-28 11:03:28 -04:00
|
|
|
}
|
|
|
|
|
|
2022-06-28 12:33:27 -04:00
|
|
|
type grpcInsecureDialer interface {
|
2024-06-21 04:05:57 -04:00
|
|
|
DialInsecure(endpoint string) (conn *grpc.ClientConn, err error)
|
2022-06-28 11:03:28 -04:00
|
|
|
}
|
2023-07-25 09:02:59 -04:00
|
|
|
|
|
|
|
|
// writeIndentfln writes a formatted string to the builder with the given indentation level
|
|
|
|
|
// and a newline at the end.
|
|
|
|
|
func writeIndentfln(b *strings.Builder, indentLvl int, format string, args ...any) {
|
|
|
|
|
for i := 0; i < indentLvl; i++ {
|
|
|
|
|
b.WriteByte('\t')
|
|
|
|
|
}
|
|
|
|
|
b.WriteString(fmt.Sprintf(format+"\n", args...))
|
|
|
|
|
}
|
2023-08-04 11:48:14 -04:00
|
|
|
|
2023-10-16 09:05:29 -04:00
|
|
|
func addPortIfMissing(endpoint string, defaultPort int) (string, error) {
|
|
|
|
|
if endpoint == "" {
|
|
|
|
|
return "", errors.New("endpoint is empty")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
_, _, err := net.SplitHostPort(endpoint)
|
|
|
|
|
if err == nil {
|
|
|
|
|
return endpoint, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if strings.Contains(err.Error(), "missing port in address") {
|
|
|
|
|
return net.JoinHostPort(endpoint, strconv.Itoa(defaultPort)), nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
2023-12-05 06:28:40 -05:00
|
|
|
|
|
|
|
|
// UpdateInitMeasurements sets the owner and cluster measurement values in the attestation config depending on the
|
|
|
|
|
// attestation variant.
|
|
|
|
|
func updateInitMeasurements(config config.AttestationCfg, ownerID, clusterID string) error {
|
|
|
|
|
m := config.GetMeasurements()
|
|
|
|
|
|
|
|
|
|
switch config.GetVariant() {
|
2024-01-24 09:10:15 -05:00
|
|
|
case variant.AWSNitroTPM{}, variant.AWSSEVSNP{},
|
|
|
|
|
variant.AzureTrustedLaunch{}, variant.AzureSEVSNP{}, variant.AzureTDX{}, // AzureTDX also uses a vTPM for measurements
|
2024-04-16 12:13:47 -04:00
|
|
|
variant.GCPSEVES{}, variant.GCPSEVSNP{},
|
2024-01-24 09:10:15 -05:00
|
|
|
variant.QEMUVTPM{}:
|
2023-12-05 06:28:40 -05:00
|
|
|
if err := updateMeasurementTPM(m, uint32(measurements.PCRIndexOwnerID), ownerID); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
return updateMeasurementTPM(m, uint32(measurements.PCRIndexClusterID), clusterID)
|
|
|
|
|
case variant.QEMUTDX{}:
|
|
|
|
|
// Measuring ownerID is currently not implemented for Constellation
|
|
|
|
|
// Since adding support for measuring ownerID to TDX would require additional code changes,
|
|
|
|
|
// the current implementation does not support it, but can be changed if we decide to add support in the future
|
|
|
|
|
return updateMeasurementTDX(m, uint32(measurements.TDXIndexClusterID), clusterID)
|
|
|
|
|
default:
|
|
|
|
|
return errors.New("selecting attestation variant: unknown attestation variant")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// updateMeasurementTDX updates the TDX measurement value in the attestation config for the given measurement index.
|
|
|
|
|
func updateMeasurementTDX(m measurements.M, measurementIdx uint32, encoded string) error {
|
|
|
|
|
if encoded == "" {
|
|
|
|
|
delete(m, measurementIdx)
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
decoded, err := decodeMeasurement(encoded)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// new_measurement_value := hash(old_measurement_value || data_to_extend)
|
|
|
|
|
// Since we use the DG.MR.RTMR.EXTEND call to extend the register, data_to_extend is the hash of our input
|
|
|
|
|
hashedInput := sha512.Sum384(decoded)
|
|
|
|
|
oldExpected := m[measurementIdx].Expected
|
|
|
|
|
expectedMeasurementSum := sha512.Sum384(append(oldExpected[:], hashedInput[:]...))
|
|
|
|
|
m[measurementIdx] = measurements.Measurement{
|
|
|
|
|
Expected: expectedMeasurementSum[:],
|
|
|
|
|
ValidationOpt: m[measurementIdx].ValidationOpt,
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// updateMeasurementTPM updates the TPM measurement value in the attestation config for the given measurement index.
|
|
|
|
|
func updateMeasurementTPM(m measurements.M, measurementIdx uint32, encoded string) error {
|
|
|
|
|
if encoded == "" {
|
|
|
|
|
delete(m, measurementIdx)
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
decoded, err := decodeMeasurement(encoded)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// new_pcr_value := hash(old_pcr_value || data_to_extend)
|
|
|
|
|
// Since we use the TPM2_PCR_Event call to extend the PCR, data_to_extend is the hash of our input
|
|
|
|
|
hashedInput := sha256.Sum256(decoded)
|
|
|
|
|
oldExpected := m[measurementIdx].Expected
|
|
|
|
|
expectedMeasurement := sha256.Sum256(append(oldExpected[:], hashedInput[:]...))
|
|
|
|
|
m[measurementIdx] = measurements.Measurement{
|
|
|
|
|
Expected: expectedMeasurement[:],
|
|
|
|
|
ValidationOpt: m[measurementIdx].ValidationOpt,
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// decodeMeasurement is a utility function that decodes the given string as hex or base64.
|
|
|
|
|
func decodeMeasurement(encoded string) ([]byte, error) {
|
|
|
|
|
decoded, err := hex.DecodeString(encoded)
|
|
|
|
|
if err != nil {
|
|
|
|
|
hexErr := err
|
|
|
|
|
decoded, err = base64.StdEncoding.DecodeString(encoded)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("input [%s] could neither be hex decoded (%w) nor base64 decoded (%w)", encoded, hexErr, err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return decoded, nil
|
|
|
|
|
}
|
2024-06-17 07:38:59 -04:00
|
|
|
|
|
|
|
|
func unmarshalAttDoc(attDocJSON []byte, attestationVariant variant.Variant) (vtpm.AttestationDocument, error) {
|
|
|
|
|
attDoc := vtpm.AttestationDocument{
|
|
|
|
|
Attestation: &attest.Attestation{},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Explicitly initialize this struct, as TeeAttestation
|
|
|
|
|
// is a "oneof" protobuf field, which needs an explicit
|
|
|
|
|
// type to be set to be unmarshaled correctly.
|
|
|
|
|
switch attestationVariant {
|
|
|
|
|
case variant.AzureTDX{}:
|
|
|
|
|
attDoc.Attestation.TeeAttestation = &attest.Attestation_TdxAttestation{
|
|
|
|
|
TdxAttestation: &tdx.QuoteV4{},
|
|
|
|
|
}
|
|
|
|
|
default:
|
|
|
|
|
attDoc.Attestation.TeeAttestation = &attest.Attestation_SevSnpAttestation{
|
|
|
|
|
SevSnpAttestation: &sevsnp.Attestation{},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err := json.Unmarshal(attDocJSON, &attDoc)
|
|
|
|
|
return attDoc, err
|
|
|
|
|
}
|
