Merge pull request #83 from Freax13/enhancement/bundle-vcek

bundle VCEK with attestaton report

Author: Freax13

host/Cargo.lock

@@ -1,10 +1,72 @@
 use io::input::Header;
 use sha2::{Digest, Sha256};
+#[cfg(feature = "snp")]
+use snp_types::{attestation::TcbVersion, guest_policy::GuestPolicy};
+#[cfg(feature = "tdx")]
+use tdx_types::td_quote::TeeTcbSvn;
 
 #[cfg(feature = "snp")]
-pub mod snp;
+mod snp;
 #[cfg(feature = "tdx")]
-pub mod tdx;
+mod tdx;
+
+pub struct Configuration(ConfigurationImpl);
+
+enum ConfigurationImpl {
+    #[cfg(feature = "snp")]
+    Snp(snp::Configuration),
+    #[cfg(feature = "tdx")]
+    Tdx(tdx::Configuration),
+}
+
+impl Configuration {
+    #[cfg(feature = "snp")]
+    pub fn new_snp(
+        supervisor: &[u8],
+        kernel: &[u8],
+        init: &[u8],
+        load_kasan_shadow_mappings: bool,
+        policy: GuestPolicy,
+        min_tcb: TcbVersion,
+    ) -> Self {
+        Self(ConfigurationImpl::Snp(snp::Configuration::new(
+            supervisor,
+            kernel,
+            init,
+            load_kasan_shadow_mappings,
+            policy,
+            min_tcb,
+        )))
+    }
+
+    #[cfg(feature = "tdx")]
+    pub fn new_tdx(supervisor: &[u8], kernel: &[u8], init: &[u8], tee_tcb_svn: TeeTcbSvn) -> Self {
+        Self(ConfigurationImpl::Tdx(tdx::Configuration::new(
+            supervisor,
+            kernel,
+            init,
+            tee_tcb_svn,
+        )))
+    }
+
+    pub fn verify(
+        &self,
+        input_hash: InputHash,
+        output_hash: OutputHash,
+        attestation_report: &[u8],
+    ) -> Result<(), VerificationError> {
+        match self.0 {
+            #[cfg(feature = "snp")]
+            ConfigurationImpl::Snp(ref configuration) => {
+                configuration.verify(input_hash, output_hash, attestation_report)
+            }
+            #[cfg(feature = "tdx")]
+            ConfigurationImpl::Tdx(ref configuration) => {
+                configuration.verify(input_hash, output_hash, attestation_report)
+            }
+        }
+    }
+}
 
 #[derive(Debug)]
 pub struct VerificationError(());

host/mushroom-verify/src/lib.rs

@@ -1,8 +1,4 @@
-use std::{
-    cmp::Ordering,
-    fmt::{self, Display},
-    mem::size_of,
-};
+use std::{cmp::Ordering, mem::size_of};
 
 use bytemuck::{bytes_of, checked::try_pod_read_unaligned, pod_read_unaligned, NoUninit};
 use loader::{generate_base_load_commands, LoadCommand, LoadCommandPayload};
@@ -60,10 +56,18 @@ impl Configuration {
         input_hash: InputHash,
         output_hash: OutputHash,
         attestation_report: &[u8],
-        vcek: &Vcek,
     ) -> Result<(), VerificationError> {
+        // The VCEK is appended to the attestation report. Split the two.
+        const REPORT_LEN: usize = size_of::<AttestionReport>();
+        if attestation_report.len() < REPORT_LEN {
+            return Err(VerificationError(()));
+        }
+        let (attestation_report, vcek) = attestation_report.split_at(REPORT_LEN);
+
+        // Parse the attestation report and the VCEK.
         let report = try_pod_read_unaligned::<AttestionReport>(attestation_report)
             .map_err(|_| VerificationError(()))?;
+        let vcek = Vcek::from_bytes(vcek.to_owned()).map_err(|_| VerificationError(()))?;
 
         let AttestionReport::V2(report) = report;
 
@@ -114,45 +118,6 @@ impl Configuration {
     }
 }
 
-#[derive(Clone, Copy)]
-pub struct VcekParameters {
-    pub chip_id: ChipId,
-    pub tcb: TcbVersion,
-}
-
-impl VcekParameters {
-    /// Extract the VCEK parameters from an attestation report.
-    ///
-    /// This information is necessairy to retrieve the VCEK.
-    pub fn for_attestaton_report(
-        attestation_report: &[u8],
-    ) -> Result<VcekParameters, VerificationError> {
-        let attestion_report = try_pod_read_unaligned::<AttestionReport>(attestation_report)
-            .map_err(|_| VerificationError(()))?;
-        let AttestionReport::V2(report) = attestion_report;
-        Ok(VcekParameters {
-            chip_id: ChipId {
-                chip_id: report.chip_id,
-            },
-            tcb: report.reported_tcb,
-        })
-    }
-}
-
-#[derive(Clone, Copy)]
-pub struct ChipId {
-    pub chip_id: [u8; 64],
-}
-
-impl Display for ChipId {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        for b in self.chip_id.iter() {
-            write!(f, "{b:02x}")?;
-        }
-        Ok(())
-    }
-}
-
 #[derive(Clone, Copy, NoUninit)]
 #[repr(C)]
 struct PageInfo {

host/mushroom-verify/src/snp.rs

@@ -10,9 +10,9 @@ required-features = ["bin"]
 [features]
 default = ["insecure", "snp", "tdx"]
 insecure = ["dep:loader", "dep:snp-types", "dep:supervisor-services"]
-snp = ["dep:loader", "mushroom-verify?/snp", "dep:snp-types"]
+snp = ["dep:loader", "mushroom-verify?/snp", "dep:snp-types", "dep:vcek-kds"]
 tdx = ["dep:loader", "mushroom-verify?/tdx", "dep:qgs-client", "dep:tdx-types"]
-bin = ["dep:clap", "dep:mushroom-verify", "dep:tokio", "dep:tracing-subscriber", "dep:vcek-kds"]
+bin = ["dep:clap", "dep:mushroom-verify", "dep:tokio", "dep:tracing-subscriber", "dep:xdg"]
 
 [dependencies]
 anyhow = "1.0.81"
@@ -37,3 +37,4 @@ tracing-subscriber = { version = "0.3.18", optional = true }
 vcek-kds = { workspace = true, optional = true }
 volatile = { version = "0.5.1", features = [] }
 x86_64 = { version = "0.15.1", default-features = false }
+xdg = { version = "2.5.2", optional = true }