Skip to content

Commit

Permalink
Merge pull request #2 from dongx1x/ccnp-server
Browse files Browse the repository at this point in the history
wenhuizhang authored Feb 6, 2024
2 parents d3e326c + 2183d33 commit 2311805
Showing 62 changed files with 1,315 additions and 5,663 deletions.
4 changes: 1 addition & 3 deletions .github/workflows/pr-check-rust.yaml
Original file line number Diff line number Diff line change
@@ -30,12 +30,10 @@ jobs:
sudo apt update && yes | DEBIAN_FRONTEND=noninteractive sudo apt install -y libcryptsetup-dev clang protobuf-compiler protobuf-c-compiler libprotobuf-c-dev libprotobuf-c1 build-essential pkg-config libssl-dev
- name: Run cargo check
run: |
cd service/quote-server
cd service/ccnp-server
cargo test
cargo check
cargo fmt -- --check
cargo clippy
cargo install --locked cargo-deny
cargo deny check
cd tdx_attest
cargo test
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -15,3 +15,6 @@ tools/cvm-image-rewriter/pre-stage/05-readonly-data/cloud-init/x-shellscript/01-
tools/cvm-image-rewriter/pre-stage/07-install-mvp-guest/cloud-init/
tools/cvm-image-rewriter/pre-stage/07-install-mvp-guest/artifacts/*

service/ccnp-server/target/
service/ccnp-server/Cargo.lock
service/ccnp-server/.cargo
27 changes: 0 additions & 27 deletions api/eventlog-server.proto

This file was deleted.

32 changes: 0 additions & 32 deletions api/measurement-server.proto

This file was deleted.

30 changes: 0 additions & 30 deletions api/quote-server.proto

This file was deleted.

22 changes: 12 additions & 10 deletions service/quote-server/Cargo.toml → service/ccnp-server/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
[package]
name = "quoteServer"
version = "0.1.0"
name = "ccnp_server"
version = "0.3.2"
edition = "2021"

[[bin]] # Bin to run the quote server
name = "quote_server"
path = "src/quote_server.rs"
name = "ccnp_server"
path = "src/main.rs"

[dependencies]
tonic = "0.9"
@@ -16,17 +16,19 @@ anyhow = "1.0"
async-trait = "0.1.56"
base64 = "0.13.0"
log = "0.4.14"
serde_json = "1.0"
sha2 = "0.10"
clap = { version = "4.0.29", features = ["derive"] }
tonic-reflection = "0.9.2"
tonic-health = "0.9.2"
nix = "0.26.2"
tdx_attest = "0.1.1"
lazy_static = "1.4.0"
cctrusted_vm = { git="https://github.com/cc-api/cc-trusted-api" }
cctrusted_base = { git="https://github.com/cc-api/cc-trusted-api" }
env_logger = "0.10.1"
regex = "1.10.3"
serde = { version = "1.0", features = ["derive"] }
serde_yaml = "0.9.30"
openssl = "0.10.63"

[dev-dependencies]
tower = { version = "0.4", features = ["util"] }
hyper = { version ="0.14.27" }
serial_test = { version ="2.0.0" }

[build-dependencies]
4 changes: 2 additions & 2 deletions service/pod-quote/Makefile → service/ccnp-server/Makefile
Original file line number Diff line number Diff line change
@@ -10,9 +10,9 @@ DESTDIR ?= $(PREFIX)/bin
DEBUG ?=

TARGET_DIR := target
BIN_NAME := pod_quote
BIN_NAME := ccnp_server

CARGO := /usr/local/cargo/bin/cargo
CARGO := cargo

ifdef DEBUG
release :=
101 changes: 101 additions & 0 deletions service/ccnp-server/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
# CCNP Service

This service will provide CC event log/CC measurement/CC report by [CC Trusted API](https://github.com/cc-api/cc-trusted-api) for remote attestation service to verify the integrity and confidentiality of the trusted computing environment and required software environment.

## Start Service

Run the command:

```
sudo ./ccnp_server
[2024-02-06T02:06:18Z INFO ccnp_server] [ccnp-server]: set sock file permissions: /run/ccnp/uds/ccnp-server.sock
[2024-02-06T02:06:18Z INFO ccnp_server] [ccnp-server]: staring the service...
```

## Query Information

1. Query the CC report

Run the command:

```
grpcurl -authority "dummy" -plaintext -d '{ "user_data": "MTIzNDU2NzgxMjM0NTY3ODEyMzQ1Njc4MTIzNDU2NzgxMjM0NTY3ODEyMzQ1Njc4", "nonce":"IXUKoBO1UM3c1wopN4sY" }' -unix /run/ccnp/uds/ccnp-server.sock ccnp_server_pb.ccnp.GetCcReport
```

The output looks like this:

```
{
"ccType": 1,
"ccReport": "..."
}
```

2. Query the CC measurement

Run the command:

```
grpcurl -authority "dummy" -plaintext -d '{ "index": 0, "algo_id": 12}' -unix /run/ccnp/uds/ccnp-server.sock ccnp_server_pb.ccnp.GetCcMeasurement
```

The output looks like:

```
{
"measurement": {
"algoId": 12,
"hash": "..."
}
}
```

3. Query the eventlog

Run the command:

```
grpcurl -authority "dummy" -plaintext -d '{"start": 0, "count": 3}' -unix /run/ccnp/uds/ccnp-server.sock ccnp_server_pb.ccnp.GetCcEventlog
```

The output looks like:

```
{
"eventLogs": [
{
"eventType": 3,
"digests": [
{
"algoId": 4,
"hash": "..."
}
],
"eventSize": 33,
"event": "..."
},
{
"eventType": 2147483659,
"digests": [
{
"algoId": 12,
"hash": "..."
}
],
"eventSize": 42,
"event": "..."
},
{
"eventType": 2147483658,
"digests": [
{
"algoId": 12,
"hash": "..."
}
],
"eventSize": 58,
"event": "..."
}
]
}
```
Original file line number Diff line number Diff line change
@@ -7,15 +7,15 @@ use std::env;
use std::path::PathBuf;

fn main() -> Result<(), Box<dyn std::error::Error>> {
tonic_build::compile_protos("api/quote-server.proto")?;
tonic_build::compile_protos("proto/ccnp-server.proto")?;

let original_out_dir = PathBuf::from(env::var("OUT_DIR")?);
let out_dir = "./src";

tonic_build::configure()
.out_dir(out_dir)
.file_descriptor_set_path(original_out_dir.join("quote_server_descriptor.bin"))
.compile(&["api/quote-server.proto"], &["api"])?;
.file_descriptor_set_path(original_out_dir.join("ccnp_server_descriptor.bin"))
.compile(&["proto/ccnp-server.proto"], &["proto"])?;

Ok(())
}
81 changes: 81 additions & 0 deletions service/ccnp-server/proto/ccnp-server.proto
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
syntax = "proto3";
package ccnp_server_pb;

message HealthCheckRequest {
string service = 1;
}

message HealthCheckResponse {
enum ServingStatus {
UNKNOWN = 0;
SERVING = 1;
NOT_SERVING = 2;
SERVICE_UNKNOWN = 3;
}
ServingStatus status = 1;
}

service ccnp {
rpc GetDefaultAlgorithm(GetDefaultAlgorithmRequest) returns (GetDefaultAlgorithmResponse);
rpc GetMeasurementCount(GetMeasurementCountRequest) returns (GetMeasurementCountResponse);
rpc GetCcReport (GetCcReportRequest) returns (GetCcReportResponse);
rpc GetCcMeasurement (GetCcMeasurementRequest) returns (GetCcMeasurementResponse) {}
rpc GetCcEventlog (GetCcEventlogRequest) returns (GetCcEventlogResponse) {}
}

message GetDefaultAlgorithmRequest {
}

message GetDefaultAlgorithmResponse {
uint32 algo_id = 1;
}

message GetMeasurementCountRequest {
}

message GetMeasurementCountResponse {
uint32 count = 1;
}

message GetCcReportRequest {
string user_data = 1;
string nonce = 2;
}

message GetCcReportResponse {
int32 cc_type = 1;
bytes cc_report = 2;
}

message GetCcMeasurementRequest {
uint32 index = 1;
uint32 algo_id = 2;
}

message GetCcMeasurementResponse {
TcgDigest measurement = 1;
}

message GetCcEventlogRequest {
uint32 start = 1;
uint32 count = 2;
}

message TcgDigest {
uint32 algo_id = 1;
bytes hash = 2;
}

message TcgEventlog {
uint32 rec_num = 1;
uint32 imr_index = 2;
uint32 event_type = 3;
repeated TcgDigest digests = 4;
uint32 event_size = 5;
bytes event = 6;
map<string, string> extra_info = 7;
}

message GetCcEventlogResponse {
repeated TcgEventlog event_logs = 1;
}
169 changes: 169 additions & 0 deletions service/ccnp-server/src/agent.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,169 @@
use anyhow::{anyhow, Error};
use cctrusted_base::{api::CCTrustedApi, api_data::ExtraArgs, tcg};
use cctrusted_vm::sdk::API;
use log::info;
use std::collections::HashMap;

use crate::ccnp_pb::{TcgDigest, TcgEventlog};

pub struct Agent {
pub event_logs: Option<Vec<TcgEventlog>>,
}

impl Agent {
pub fn init(&mut self) -> Result<(), Error> {
self.event_logs = Some(vec![]);
self.fetch_all_event_logs()
}

pub fn get_default_algorithm(&mut self) -> Result<u32, Error> {
let algo = match API::get_default_algorithm() {
Ok(v) => v,
Err(e) => return Err(e),
};
Ok(algo.algo_id.into())
}

pub fn get_measurement_count(&mut self) -> Result<u32, Error> {
let count = match API::get_measurement_count() {
Ok(v) => v,
Err(e) => return Err(e),
};

Ok(count.into())
}

pub fn fetch_all_event_logs(&mut self) -> Result<(), Error> {
let start: u32 = self
.event_logs
.as_ref()
.expect("The event_logs is None.")
.len() as u32;

let entries = match API::get_cc_eventlog(Some(start), None) {
Ok(v) => v,
Err(e) => return Err(e),
};

if entries.is_empty() {
return Ok(());
}

for entry in entries {
match entry {
tcg::EventLogEntry::TcgImrEvent(event) => {
let mut digests: Vec<TcgDigest> = vec![];
for d in event.digests {
digests.push(TcgDigest {
algo_id: d.algo_id as u32,
hash: d.hash,
})
}
let tcg_event = TcgEventlog {
rec_num: 0,
imr_index: event.imr_index,
event_type: event.event_type,
event_size: event.event_size,
event: event.event,
digests,
extra_info: HashMap::new(),
};

self.event_logs
.as_mut()
.expect("Change eventlog to mut failed.")
.push(tcg_event)
}
tcg::EventLogEntry::TcgPcClientImrEvent(event) => {
let mut digests: Vec<TcgDigest> = vec![];
let algo_id = tcg::TcgDigest::get_algorithm_id_from_digest_size(
event.digest.len().try_into().unwrap(),
);

digests.push(TcgDigest {
algo_id: algo_id.into(),
hash: event.digest.to_vec(),
});
self.event_logs
.as_mut()
.expect("Change eventlog to mut failed.")
.push(TcgEventlog {
rec_num: 0,
imr_index: event.imr_index,
event_type: event.event_type,
event_size: event.event_size,
event: event.event,
digests,
extra_info: HashMap::new(),
})
}
tcg::EventLogEntry::TcgCanonicalEvent(_event) => {
todo!();
}
}
}
info!(
"Loaded {} event logs.",
self.event_logs
.as_ref()
.expect("Change eventlog to ref failed.")
.len()
);

Ok(())
}

pub fn get_cc_eventlog(&mut self, start: u32, count: u32) -> Result<Vec<TcgEventlog>, Error> {
let _ = self.fetch_all_event_logs();
let event_logs = self
.event_logs
.as_ref()
.expect("The eventlog is None.")
.to_vec();
let s: usize = start.try_into().unwrap();
let mut e: usize = (start + count).try_into().unwrap();

if s >= event_logs.len() {
return Err(anyhow!(
"Invalid input start. Start must be smaller than total event log count."
));
}
if e >= event_logs.len() {
return Err(anyhow!(
"Invalid input count. count must be smaller than total event log count."
));
}
if e == 0 {
e = event_logs.len();
}

Ok(event_logs[s..e].to_vec().clone())
}

pub fn get_cc_report(
&mut self,
nonce: String,
user_data: String,
) -> Result<(Vec<u8>, i32), Error> {
let (report, cc_type) = match API::get_cc_report(Some(nonce), Some(user_data), ExtraArgs {})
{
Ok(v) => (v.cc_report, v.cc_type as i32),
Err(e) => return Err(e),
};

Ok((report, cc_type))
}

pub fn get_cc_measurement(&mut self, index: u32, algo_id: u32) -> Result<TcgDigest, Error> {
let measurement =
match API::get_cc_measurement(index.try_into().unwrap(), algo_id.try_into().unwrap()) {
Ok(v) => TcgDigest {
algo_id: v.algo_id.into(),
hash: v.hash,
},
Err(e) => return Err(e),
};

Ok(measurement)
}
}
751 changes: 751 additions & 0 deletions service/ccnp-server/src/ccnp_server_pb.rs

Large diffs are not rendered by default.

69 changes: 69 additions & 0 deletions service/ccnp-server/src/main.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
pub mod agent;
pub mod service;
pub mod ccnp_pb {
tonic::include_proto!("ccnp_server_pb");

pub const FILE_DESCRIPTOR_SET: &[u8] =
tonic::include_file_descriptor_set!("ccnp_server_descriptor");
}

use anyhow::Result;
use clap::Parser;
use log::info;
use std::{fs, os::unix::fs::PermissionsExt};
use tokio::net::UnixListener;
use tokio_stream::wrappers::UnixListenerStream;
use tonic::transport::Server;

use ccnp_pb::{ccnp_server::CcnpServer, FILE_DESCRIPTOR_SET};
use service::Service;

#[derive(Parser)]
struct Cli {
/// UDS sock file
#[arg(short, long)]
#[clap(default_value = "/run/ccnp/uds/ccnp-server.sock")]
sock: String,
}

fn set_sock_perm(sock: &str) -> Result<()> {
let mut perms = fs::metadata(sock)?.permissions();
perms.set_mode(0o666);
fs::set_permissions(sock, perms)?;
Ok(())
}

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
env_logger::init_from_env(env_logger::Env::new().default_filter_or("info"));

let cli = Cli::parse();
let sock = cli.sock;

let _ = std::fs::remove_file(sock.clone());
let uds = match UnixListener::bind(sock.clone()) {
Ok(r) => r,
Err(e) => panic!("[ccnp-server]: bind UDS socket error: {:?}", e),
};
let uds_stream = UnixListenerStream::new(uds);
info!("[ccnp-server]: set sock file permissions: {}", sock);
set_sock_perm(&sock.clone())?;

let (mut health_reporter, health_service) = tonic_health::server::health_reporter();
health_reporter.set_serving::<CcnpServer<Service>>().await;

let reflection_service = tonic_reflection::server::Builder::configure()
.register_encoded_file_descriptor_set(FILE_DESCRIPTOR_SET)
.build()
.unwrap();

info!("[ccnp-server]: staring the service...");
let service = Service::new();
Server::builder()
.add_service(reflection_service)
.add_service(health_service)
.add_service(CcnpServer::new(service))
.serve_with_incoming(uds_stream)
.await?;
Ok(())
}
123 changes: 123 additions & 0 deletions service/ccnp-server/src/service.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,123 @@
use anyhow::Result;
use lazy_static::lazy_static;
use std::sync::Mutex;
use tonic::{Request, Response, Status};

use crate::{
agent::Agent,
ccnp_pb::{
ccnp_server::Ccnp, GetCcEventlogRequest, GetCcEventlogResponse, GetCcMeasurementRequest,
GetCcMeasurementResponse, GetCcReportRequest, GetCcReportResponse,
GetDefaultAlgorithmRequest, GetDefaultAlgorithmResponse, GetMeasurementCountRequest,
GetMeasurementCountResponse,
},
};

lazy_static! {
static ref AGENT: Mutex<Agent> = Mutex::new(Agent { event_logs: None });
}

pub struct Service;
impl Service {
pub fn new() -> Service {
match AGENT.lock().expect("Agent lock() failed.").init() {
Err(e) => panic!("Server panic {:?}", e),
Ok(_v) => _v,
}
Service {}
}
}

impl Default for Service {
fn default() -> Self {
Self::new()
}
}

#[tonic::async_trait]
impl Ccnp for Service {
async fn get_default_algorithm(
&self,
_request: Request<GetDefaultAlgorithmRequest>,
) -> Result<Response<GetDefaultAlgorithmResponse>, Status> {
let algo_id = match AGENT
.lock()
.expect("Agent lock() failed.")
.get_default_algorithm()
{
Ok(v) => v,
Err(e) => return Err(Status::internal(e.to_string())),
};

Ok(Response::new(GetDefaultAlgorithmResponse { algo_id }))
}

async fn get_measurement_count(
&self,
_request: Request<GetMeasurementCountRequest>,
) -> Result<Response<GetMeasurementCountResponse>, Status> {
let count = match AGENT
.lock()
.expect("Agent lock() failed.")
.get_measurement_count()
{
Ok(v) => v,
Err(e) => return Err(Status::internal(e.to_string())),
};

Ok(Response::new(GetMeasurementCountResponse { count }))
}

async fn get_cc_measurement(
&self,
request: Request<GetCcMeasurementRequest>,
) -> Result<Response<GetCcMeasurementResponse>, Status> {
let req = request.into_inner();
let measurement = match AGENT
.lock()
.expect("Agent lock() failed.")
.get_cc_measurement(req.index, req.algo_id)
{
Ok(v) => v,
Err(e) => return Err(Status::internal(e.to_string())),
};

Ok(Response::new(GetCcMeasurementResponse {
measurement: Some(measurement),
}))
}

async fn get_cc_eventlog(
&self,
request: Request<GetCcEventlogRequest>,
) -> Result<Response<GetCcEventlogResponse>, Status> {
let req = request.into_inner();
let event_logs = match AGENT
.lock()
.expect("Agent lock() failed.")
.get_cc_eventlog(req.start, req.count)
{
Ok(v) => v,
Err(e) => return Err(Status::internal(e.to_string())),
};

Ok(Response::new(GetCcEventlogResponse { event_logs }))
}

async fn get_cc_report(
&self,
request: Request<GetCcReportRequest>,
) -> Result<Response<GetCcReportResponse>, Status> {
let req = request.into_inner();
let (cc_report, cc_type) = match AGENT
.lock()
.expect("Agent lock() failed.")
.get_cc_report(req.nonce, req.user_data)
{
Ok(v) => v,
Err(e) => return Err(Status::internal(e.to_string())),
};

Ok(Response::new(GetCcReportResponse { cc_report, cc_type }))
}
}
33 changes: 0 additions & 33 deletions service/eventlog-server/Makefile

This file was deleted.

131 changes: 0 additions & 131 deletions service/eventlog-server/README.md

This file was deleted.

17 changes: 0 additions & 17 deletions service/eventlog-server/go.mod

This file was deleted.

22 changes: 0 additions & 22 deletions service/eventlog-server/go.sum

This file was deleted.

208 changes: 0 additions & 208 deletions service/eventlog-server/proto/eventlog-server.pb.go

This file was deleted.

1 change: 0 additions & 1 deletion service/eventlog-server/proto/eventlog-server.proto

This file was deleted.

105 changes: 0 additions & 105 deletions service/eventlog-server/proto/eventlog-server_grpc.pb.go

This file was deleted.

406 changes: 0 additions & 406 deletions service/eventlog-server/resources/tdx.go

This file was deleted.

150 changes: 0 additions & 150 deletions service/eventlog-server/resources/tdx_test.go

This file was deleted.

66 changes: 0 additions & 66 deletions service/eventlog-server/resources/tpm.go

This file was deleted.

24 changes: 0 additions & 24 deletions service/eventlog-server/resources/tpm_test.go

This file was deleted.

151 changes: 0 additions & 151 deletions service/eventlog-server/server/server.go

This file was deleted.

173 changes: 0 additions & 173 deletions service/eventlog-server/server/server_test.go

This file was deleted.

33 changes: 0 additions & 33 deletions service/measurement-server/Makefile

This file was deleted.

134 changes: 0 additions & 134 deletions service/measurement-server/README.md

This file was deleted.

18 changes: 0 additions & 18 deletions service/measurement-server/go.mod

This file was deleted.

24 changes: 0 additions & 24 deletions service/measurement-server/go.sum

This file was deleted.

213 changes: 0 additions & 213 deletions service/measurement-server/proto/measurement-server.pb.go

This file was deleted.

1 change: 0 additions & 1 deletion service/measurement-server/proto/measurement-server.proto

This file was deleted.

105 changes: 0 additions & 105 deletions service/measurement-server/proto/measurement-server_grpc.pb.go

This file was deleted.

76 changes: 0 additions & 76 deletions service/measurement-server/resources/base.go

This file was deleted.

44 changes: 0 additions & 44 deletions service/measurement-server/resources/base_test.go

This file was deleted.

60 changes: 0 additions & 60 deletions service/measurement-server/resources/sev.go

This file was deleted.

32 changes: 0 additions & 32 deletions service/measurement-server/resources/sev_test.go

This file was deleted.

212 changes: 0 additions & 212 deletions service/measurement-server/resources/tdx.go

This file was deleted.

84 changes: 0 additions & 84 deletions service/measurement-server/resources/tdx_test.go

This file was deleted.

44 changes: 0 additions & 44 deletions service/measurement-server/resources/tpm.go

This file was deleted.

29 changes: 0 additions & 29 deletions service/measurement-server/resources/tpm_test.go

This file was deleted.

155 changes: 0 additions & 155 deletions service/measurement-server/server/server.go

This file was deleted.

160 changes: 0 additions & 160 deletions service/measurement-server/server/server_test.go

This file was deleted.

37 changes: 0 additions & 37 deletions service/pod-quote/Cargo.toml

This file was deleted.

68 changes: 0 additions & 68 deletions service/pod-quote/README.md

This file was deleted.

35 changes: 0 additions & 35 deletions service/pod-quote/deny.toml

This file was deleted.

60 changes: 0 additions & 60 deletions service/pod-quote/src/kube.rs

This file was deleted.

129 changes: 0 additions & 129 deletions service/pod-quote/src/pod_quote.rs

This file was deleted.

425 changes: 0 additions & 425 deletions service/pod-quote/src/tee.rs

This file was deleted.

18 changes: 0 additions & 18 deletions service/pod-quote/tdx_attest/Cargo.toml

This file was deleted.

1 change: 0 additions & 1 deletion service/pod-quote/tdx_attest/README.md

This file was deleted.

453 changes: 0 additions & 453 deletions service/pod-quote/tdx_attest/src/tdx_attest.rs

This file was deleted.

40 changes: 0 additions & 40 deletions service/quote-server/Makefile

This file was deleted.

109 changes: 0 additions & 109 deletions service/quote-server/README.md

This file was deleted.

30 changes: 0 additions & 30 deletions service/quote-server/api/quote-server.proto

This file was deleted.

35 changes: 0 additions & 35 deletions service/quote-server/deny.toml

This file was deleted.

308 changes: 0 additions & 308 deletions service/quote-server/src/quote_server.rs

This file was deleted.

425 changes: 0 additions & 425 deletions service/quote-server/src/tee.rs

This file was deleted.

18 changes: 0 additions & 18 deletions service/quote-server/tdx_attest/Cargo.toml

This file was deleted.

1 change: 0 additions & 1 deletion service/quote-server/tdx_attest/README.md

This file was deleted.

453 changes: 0 additions & 453 deletions service/quote-server/tdx_attest/src/tdx_attest.rs

This file was deleted.

0 comments on commit 2311805

Please sign in to comment.