cc-api · wenhuizhang · Feb 8, 2024 · Feb 8, 2024
diff --git a/sdk/rust/cctrusted_ccnp/Cargo.toml b/sdk/rust/cctrusted_ccnp/Cargo.toml
@@ -0,0 +1,27 @@
+[package]
+name = "cctrusted_ccnp"
+version = "0.1.0"
+edition = "2021"
+authors = ["Chen Hairong <[email protected]>"]
+repository = "https://github.com/cc-api/cc-trusted-api"
+description = "CC Trusted API CCNP SDK"
+license = "Apache-2.0"
+
+[lib]
+name = "cctrusted_ccnp"
+path = "src/lib.rs"
+
+[dependencies]
+cctrusted_base = { git="https://github.com/cc-api/cc-trusted-api" }
+anyhow = "1.0"
+log = "0.4.20"
+tonic = "0.9"
+base64 = "0.13.0"
+tower = { version = "0.4", features = ["util"] }
+prost = "0.11"
+tokio = { version = "1.0", features = ["macros", "rt-multi-thread"] }
+hashbrown = "0.14"
+lazy_static = "1.4.0"
+
+[build-dependencies]
+tonic-build = "0.9"
diff --git a/sdk/rust/cctrusted_ccnp/build.rs b/sdk/rust/cctrusted_ccnp/build.rs
@@ -0,0 +1,16 @@
+use std::env;
+use std::path::PathBuf;
+
+fn main() -> Result<(), Box<dyn std::error::Error>> {
+    tonic_build::compile_protos("proto/ccnp-server.proto")?;
+
+    let original_out_dir = PathBuf::from(env::var("OUT_DIR")?);
+    let out_dir = "./src";
+
+    tonic_build::configure()
+        .out_dir(out_dir)
+        .file_descriptor_set_path(original_out_dir.join("ccnp_server_descriptor.bin"))
+        .compile(&["proto/ccnp-server.proto"], &["proto"])?;
+
+    Ok(())
+}
diff --git a/sdk/rust/cctrusted_ccnp/deny.toml b/sdk/rust/cctrusted_ccnp/deny.toml
@@ -0,0 +1,35 @@
+[advisories]
+vulnerability = "deny"
+unmaintained = "warn"
+yanked = "warn"
+notice = "warn"
+
+[licenses]
+unlicensed = "warn"
+allow = [
+    "MIT",
+    "Apache-2.0",
+    "ISC",
+    "BSD-3-Clause",
+    "Unicode-DFS-2016",
+]
+
+copyleft = "warn"
+allow-osi-fsf-free = "neither"
+default = "deny"
+confidence-threshold = 0.8
+
+[[licenses.clarify]]
+name = "ring"
+expression = "MIT AND ISC AND OpenSSL"
+license-files = [
+    { path = "LICENSE", hash = 0xbd0eed23 }
+]
+
+[bans]
+multiple-versions = "warn"
+wildcards = "allow"
+
+[sources]
+unknown-registry = "warn"
+unknown-git = "warn"
diff --git a/sdk/rust/cctrusted_ccnp/proto/ccnp-server.proto b/sdk/rust/cctrusted_ccnp/proto/ccnp-server.proto
@@ -0,0 +1,81 @@
+syntax = "proto3";
+package ccnp_server_pb;
+
+message HealthCheckRequest {
+  string service = 1;
+}
+
+message HealthCheckResponse {
+  enum ServingStatus {
+    UNKNOWN = 0;
+    SERVING = 1;
+    NOT_SERVING = 2;
+    SERVICE_UNKNOWN = 3;
+  }
+  ServingStatus status = 1;
+}
+
+service ccnp {
+    rpc GetDefaultAlgorithm(GetDefaultAlgorithmRequest) returns (GetDefaultAlgorithmResponse);
+    rpc GetMeasurementCount(GetMeasurementCountRequest) returns (GetMeasurementCountResponse);
+    rpc GetCcReport (GetCcReportRequest) returns (GetCcReportResponse);
+    rpc GetCcMeasurement (GetCcMeasurementRequest) returns (GetCcMeasurementResponse) {}
+    rpc GetCcEventlog (GetCcEventlogRequest) returns (GetCcEventlogResponse) {}
+}
+
+message GetDefaultAlgorithmRequest {
+}
+
+message GetDefaultAlgorithmResponse {
+    uint32 algo_id = 1;
+}
+
+message GetMeasurementCountRequest {
+}
+
+message GetMeasurementCountResponse {
+    uint32 count = 1;
+}
+
+message GetCcReportRequest {
+    string user_data = 1;
+    string nonce = 2;
+}
+
+message GetCcReportResponse {
+    uint32 cc_type = 1;
+    bytes cc_report = 2;
+}
+
+message GetCcMeasurementRequest {
+    uint32 index = 1;
+    uint32 algo_id = 2;
+}
+
+message GetCcMeasurementResponse {
+    TcgDigest measurement = 1;
+}
+
+message GetCcEventlogRequest {
+    uint32 start = 1;
+    uint32 count = 2;
+}
+
+message TcgDigest {
+    uint32  algo_id = 1;
+    bytes   hash = 2;
+}
+
+message TcgEventlog {
+    uint32 rec_num = 1;
+    uint32  imr_index = 2;
+    uint32  event_type = 3;
+    repeated TcgDigest digests = 4;
+    uint32  event_size = 5;
+    bytes   event = 6;
+    map<string, string> extra_info = 7;
+}
+
+message GetCcEventlogResponse {
+    repeated TcgEventlog event_logs = 1;
+}
diff --git a/sdk/rust/cctrusted_ccnp/src/client.rs b/sdk/rust/cctrusted_ccnp/src/client.rs
@@ -0,0 +1,175 @@
+use crate::client::ccnp_server_pb::{
+    ccnp_client::CcnpClient, GetCcEventlogRequest, GetCcEventlogResponse, GetCcMeasurementRequest,
+    GetCcMeasurementResponse, GetCcReportRequest, GetCcReportResponse,
+};
+use cctrusted_base::api_data::ExtraArgs;
+use cctrusted_base::cc_type::TeeType;
+use core::result::Result::Ok;
+use hashbrown::HashMap;
+use tokio::net::UnixStream;
+use tonic::transport::{Endpoint, Uri};
+use tonic::Request;
+use tower::service_fn;
+
+//FixMe: use map from cc_type
+lazy_static! {
+    pub static ref TEE_VALUE_TYPE_MAP: HashMap<u32, TeeType> = {
+        let mut map: HashMap<u32, TeeType> = HashMap::new();
+        map.insert(0, TeeType::TPM);
+        map.insert(1, TeeType::TDX);
+        map.insert(2, TeeType::SEV);
+        map.insert(3, TeeType::CCA);
+        map
+    };
+}
+
+pub mod ccnp_server_pb {
+    tonic::include_proto!("ccnp_server_pb");
+
+    pub(crate) const FILE_DESCRIPTOR_SET: &[u8] =
+        tonic::include_file_descriptor_set!("ccnp_server_descriptor");
+}
+
+pub struct CcnpServiceClient {
+    pub ccnp_uds_path: String,
+}
+
+impl CcnpServiceClient {
+    async fn get_cc_report_from_server_async(
+        &mut self,
+        nonce: Option<String>,
+        data: Option<String>,
+        _extra_args: ExtraArgs,
+    ) -> Result<GetCcReportResponse, anyhow::Error> {
+        let uds_path = self.ccnp_uds_path.parse::<Uri>().unwrap();
+        let channel = Endpoint::try_from("http://[::]:0")
+            .unwrap()
+            .connect_with_connector(service_fn(move |_: Uri| {
+                UnixStream::connect(uds_path.to_string())
+            }))
+            .await
+            .unwrap();
+
+        let request = Request::new(GetCcReportRequest {
+            nonce: nonce.unwrap(),
+            user_data: data.unwrap(),
+        });
+
+        let mut ccnp_client = CcnpClient::new(channel);
+
+        let response = ccnp_client
+            .get_cc_report(request)
+            .await
+            .unwrap()
+            .into_inner();
+        Ok(response)
+    }
+
+    // turn async call to sync call
+    pub fn get_cc_report_from_server(
+        &mut self,
+        nonce: Option<String>,
+        data: Option<String>,
+        extra_args: ExtraArgs,
+    ) -> Result<GetCcReportResponse, anyhow::Error> {
+        let response = tokio::runtime::Builder::new_multi_thread()
+            .enable_all()
+            .build()
+            .unwrap()
+            .block_on(self.get_cc_report_from_server_async(nonce, data, extra_args));
+        response
+    }
+
+    pub fn get_tee_type_by_value(&self, tee_id: &u32) -> TeeType {
+        match TEE_VALUE_TYPE_MAP.get(tee_id) {
+            Some(tee_type) => tee_type.clone(),
+            None => TeeType::PLAIN,
+        }
+    }
+
+    async fn get_cc_measurement_from_server_async(
+        &mut self,
+        index: u8,
+        algo_id: u16,
+    ) -> Result<GetCcMeasurementResponse, anyhow::Error> {
+        let uds_path = self.ccnp_uds_path.parse::<Uri>().unwrap();
+        let channel = Endpoint::try_from("http://[::]:0")
+            .unwrap()
+            .connect_with_connector(service_fn(move |_: Uri| {
+                UnixStream::connect(uds_path.to_string())
+            }))
+            .await
+            .unwrap();
+
+        let request = Request::new(GetCcMeasurementRequest {
+            index: index.into(),
+            algo_id: algo_id.into(),
+        });
+
+        let mut ccnp_client = CcnpClient::new(channel);
+
+        let response = ccnp_client
+            .get_cc_measurement(request)
+            .await
+            .unwrap()
+            .into_inner();
+        Ok(response)
+    }
+
+    // turn async call to sync call
+    pub fn get_cc_measurement_from_server(
+        &mut self,
+        index: u8,
+        algo_id: u16,
+    ) -> Result<GetCcMeasurementResponse, anyhow::Error> {
+        let response = tokio::runtime::Builder::new_multi_thread()
+            .enable_all()
+            .build()
+            .unwrap()
+            .block_on(self.get_cc_measurement_from_server_async(index, algo_id));
+        response
+    }
+
+    async fn get_cc_eventlog_from_server_async(
+        &mut self,
+        start: Option<u32>,
+        count: Option<u32>,
+    ) -> Result<GetCcEventlogResponse, anyhow::Error> {
+        let uds_path = self.ccnp_uds_path.parse::<Uri>().unwrap();
+        let channel = Endpoint::try_from("http://[::]:0")
+            .unwrap()
+            .connect_with_connector(service_fn(move |_: Uri| {
+                UnixStream::connect(uds_path.to_string())
+            }))
+            .await
+            .unwrap();
+
+        let request = Request::new(GetCcEventlogRequest {
+            start: start.unwrap(),
+            count: count.unwrap(),
+        });
+
+        let mut ccnp_client = CcnpClient::new(channel);
+
+        let response = ccnp_client
+            .get_cc_eventlog(request)
+            .await
+            .unwrap()
+            .into_inner();
+        Ok(response)
+    }
+
+    // turn async call to sync call
+    pub fn get_cc_eventlog_from_server(
+        &mut self,
+        start: Option<u32>,
+        count: Option<u32>,
+    ) -> Result<GetCcEventlogResponse, anyhow::Error> {
+        let response = tokio::runtime::Builder::new_multi_thread()
+            .enable_all()
+            .build()
+            .unwrap()
+            .block_on(self.get_cc_eventlog_from_server_async(start, count));
+        response
+    }
+}
diff --git a/sdk/rust/cctrusted_ccnp/src/lib.rs b/sdk/rust/cctrusted_ccnp/src/lib.rs
@@ -0,0 +1,5 @@
+#[macro_use]
+extern crate lazy_static;
+
+pub mod client;
+pub mod sdk;