CCF
Loading...
Searching...
No Matches
quote_generation.h
Go to the documentation of this file.
1// Copyright (c) Microsoft Corporation. All rights reserved.
2// Licensed under the Apache 2.0 License.
3#pragma once
4
5#include "ccf/crypto/hash_provider.h"
6#include "ccf/ds/quote_info.h"
7#include "ccf/pal/attestation.h"
8#include "ccf/pal/attestation_sev_snp.h"
9#include "ccf/pal/platform.h"
10#include "ccf/pal/snp_ioctl.h"
11#include "ds/files.h"
12
13#include <nlohmann/json.hpp>
14#include <string>
15
16namespace ccf::pal
17{
18 static std::string virtual_attestation_path(const std::string& suffix)
19 {
20 return fmt::format("ccf_virtual_attestation.{}.{}", ::getpid(), suffix);
21 };
22
23 static void emit_virtual_measurement()
24 {
25 const auto package_path = std::filesystem::canonical("/proc/self/exe");
26 auto hasher = ccf::crypto::make_incremental_sha256();
27 std::ifstream f(package_path, std::ios::binary | std::ios::ate);
28 if (!f)
29 {
30 throw std::runtime_error(fmt::format(
31 "Cannot emit virtual measurement: Cannot open file {}", package_path));
32 }
33
34 const size_t size = f.tellg();
35 f.seekg(0, std::ios::beg);
36
37 static constexpr size_t buf_size = 4096;
38 char buf[buf_size];
39
40 size_t handled = 0;
41 while (handled < size)
42 {
43 const auto this_read = std::min(size - handled, buf_size);
44 f.read(buf, this_read);
45
46 hasher->update_hash(
47 {static_cast<const uint8_t*>(static_cast<const void*>(buf)),
48 this_read});
49
50 handled += this_read;
51 }
52
53 const auto package_hash = hasher->finalise();
54
55 auto j = nlohmann::json::object();
56
57 j["measurement"] = "Insecure hard-coded virtual measurement v1";
58 j["host_data"] = package_hash.hex_str();
59
60 files::dump(j.dump(2), virtual_attestation_path("measurement"));
61 }
62
63 static void generate_virtual_quote(
64 PlatformAttestationReportData& report_data,
65 RetrieveEndorsementCallback endorsement_cb,
66 [[maybe_unused]] const snp::EndorsementsServers& endorsements_servers = {})
67 {
68 auto quote = files::slurp_json(virtual_attestation_path("measurement"));
69 quote["report_data"] = ccf::crypto::b64_from_raw(report_data.data);
70
71 files::dump(quote.dump(2), virtual_attestation_path("attestation"));
72
73 auto dumped_quote = quote.dump();
74 std::vector<uint8_t> quote_vec(dumped_quote.begin(), dumped_quote.end());
75
76 endorsement_cb(
77 {.format = QuoteFormat::insecure_virtual,
78 .quote = quote_vec,
79 .endorsements = {},
80 .uvm_endorsements = {},
81 .endorsed_tcb = {}},
82 {});
83 }
84
85 static void generate_snp_quote(
86 PlatformAttestationReportData& report_data,
87 RetrieveEndorsementCallback endorsement_cb,
88 const snp::EndorsementsServers& endorsements_servers = {})
89 {
90 QuoteInfo node_quote_info = {};
91 node_quote_info.format = QuoteFormat::amd_sev_snp_v1;
92 auto attestation = snp::get_attestation(report_data);
93
94 if (attestation->get().version < pal::snp::minimum_attestation_version)
95 {
96 throw std::logic_error(fmt::format(
97 "SEV-SNP: attestation version {} is less than the minimum supported "
98 "version {}",
99 attestation->get().version,
100 pal::snp::minimum_attestation_version));
101 }
102
103 node_quote_info.quote = attestation->get_raw();
104
105 if (endorsement_cb != nullptr)
106 {
107 endorsement_cb(
108 node_quote_info,
109 snp::make_endorsement_endpoint_configuration(
110 attestation->get(), endorsements_servers));
111 }
112 }
113
114 static void generate_quote(
115 PlatformAttestationReportData& report_data,
116 RetrieveEndorsementCallback endorsement_cb,
117 const snp::EndorsementsServers& endorsements_servers = {})
118 {
119 switch (ccf::pal::platform)
120 {
121 case (ccf::pal::Platform::SNP):
122 {
123 generate_snp_quote(report_data, endorsement_cb, endorsements_servers);
124 break;
125 }
126
127 case (ccf::pal::Platform::Virtual):
128 {
129 generate_virtual_quote(
130 report_data, endorsement_cb, endorsements_servers);
131 break;
132 }
133
134 default:
135 {
136 throw std::logic_error(fmt::format(
137 "Unsupported platform for quote generation: {}", ccf::pal::platform));
138 }
139 }
140 }
141}
attestation_sev_snp.h
hash_provider.h
ccf::crypto::b64_from_raw
std::string b64_from_raw(const uint8_t *data, size_t size)
Definition base64.cpp:41
ccf::crypto::make_incremental_sha256
std::shared_ptr< ISha256Hash > make_incremental_sha256()
Definition hash.cpp:46
ccf::pal::snp::EndorsementsServers
std::vector< EndorsementsServer > EndorsementsServers
Definition attestation_sev_snp_endorsements.h:87
ccf::pal
Definition attestation.h:13
ccf::pal::RetrieveEndorsementCallback
std::function< void(const QuoteInfo &quote_info, const snp::EndorsementEndpointsConfiguration &config)> RetrieveEndorsementCallback
Definition attestation.h:19
quote_info.h
snp_ioctl.h
Generated by doxygen 1.9.8