Skip to content

Commit

Permalink
Fix policy-based attestation verification based on fresh testdata.
Browse files Browse the repository at this point in the history 
- Regenerated RK and OC evidence and endorsements from head
- Use new endorsement proto types

Bug: 375137648
Change-Id: If01e2200d4954d2ffc899a0af2e00226f88e90d7
  • Loading branch information
@thmsbinder
thmsbinder committed Jan 15, 2025
1 parent 7548c99 commit 842825a
Show file tree
Hide file tree
Showing 16 changed files with 549 additions and 220 deletions.
393 changes: 369 additions & 24 deletions oak_attestation_verification/src/expect.rs
View file

Large diffs are not rendered by default.

14 changes: 7 additions & 7 deletions oak_attestation_verification/src/policy/application.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,15 +18,15 @@ use anyhow::Context;
use oak_attestation_verification_types::{policy::Policy, APPLICATION_ENDORSEMENT_ID};
use oak_proto_rust::oak::{
attestation::v1::{
ApplicationLayerData, ApplicationLayerEndorsements, ApplicationLayerReferenceValues,
ApplicationEndorsement, ApplicationLayerData, ApplicationLayerReferenceValues,
EventAttestationResults,
},
Variant,
};

use crate::{
compare::compare_application_layer_measurement_digests,
expect::get_application_layer_expected_values,
expect::acquire_application_event_expected_values,
util::{decode_endorsement_proto, decode_event_proto},
};

Expand Down Expand Up @@ -54,18 +54,18 @@ impl Policy<[u8], Variant> for ApplicationPolicy {
"type.googleapis.com/oak.attestation.v1.ApplicationLayerData",
encoded_event,
)?;
// TODO: b/375137648 - Decode into new endorsement protos.
let event_endorsement = decode_endorsement_proto::<ApplicationLayerEndorsements>(
let endorsement = decode_endorsement_proto::<ApplicationEndorsement>(
&APPLICATION_ENDORSEMENT_ID,
encoded_event_endorsement,
)?;

let expected_values = get_application_layer_expected_values(
let expected_values = acquire_application_event_expected_values(
milliseconds_since_epoch,
Some(&event_endorsement),
Some(&endorsement),
&self.reference_values,
)
.context("couldn't verify application endosements")?;
.context("couldn't verify application endorsements")?;

compare_application_layer_measurement_digests(&event, &expected_values)
.context("couldn't verify application event")?;

Expand Down
7 changes: 4 additions & 3 deletions oak_attestation_verification/src/policy/binary.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ use oak_proto_rust::oak::{
};

use crate::{
compare::compare_event_measurement_digests, expect::get_event_expected_values,
compare::compare_event_measurement_digests, expect::acquire_event_expected_values,
util::decode_event_proto,
};

Expand All @@ -49,8 +49,9 @@ impl Policy<[u8], Variant> for BinaryPolicy {
)?;

let expected_values =
get_event_expected_values(milliseconds_since_epoch, &self.reference_values)
.context("couldn't verify event endosements")?;
acquire_event_expected_values(milliseconds_since_epoch, &self.reference_values)
.context("couldn't verify event endorsements")?;

compare_event_measurement_digests(&event, &expected_values)
.context("couldn't verify generic event")?;

Expand Down
14 changes: 7 additions & 7 deletions oak_attestation_verification/src/policy/container.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,15 +18,15 @@ use anyhow::Context;
use oak_attestation_verification_types::{policy::Policy, CONTAINER_ENDORSEMENT_ID};
use oak_proto_rust::oak::{
attestation::v1::{
ContainerLayerData, ContainerLayerEndorsements, ContainerLayerReferenceValues,
ContainerEndorsement, ContainerLayerData, ContainerLayerReferenceValues,
EventAttestationResults,
},
Variant,
};

use crate::{
compare::compare_container_layer_measurement_digests,
expect::get_container_layer_expected_values,
expect::acquire_container_event_expected_values,
util::{decode_endorsement_proto, decode_event_proto},
};

Expand Down Expand Up @@ -54,18 +54,18 @@ impl Policy<[u8], Variant> for ContainerPolicy {
"type.googleapis.com/oak.attestation.v1.ContainerLayerData",
encoded_event,
)?;
// TODO: b/375137648 - Decode into new endorsement protos.
let event_endorsement = decode_endorsement_proto::<ContainerLayerEndorsements>(
let endorsement = decode_endorsement_proto::<ContainerEndorsement>(
&CONTAINER_ENDORSEMENT_ID,
encoded_event_endorsement,
)?;

let expected_values = get_container_layer_expected_values(
let expected_values = acquire_container_event_expected_values(
milliseconds_since_epoch,
Some(&event_endorsement),
Some(&endorsement),
&self.reference_values,
)
.context("couldn't verify container endosements")?;
.context("couldn't verify container endorsements")?;

compare_container_layer_measurement_digests(&event, &expected_values)
.context("couldn't verify container event")?;

Expand Down
12 changes: 5 additions & 7 deletions oak_attestation_verification/src/policy/firmware.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ use oak_proto_rust::oak::{
};

use crate::{
compare::compare_measurement_digest, expect::get_stage0_expected_values,
compare::compare_measurement_digest, expect::acquire_stage0_expected_values,
platform::convert_amd_sev_snp_initial_measurement, util::decode_endorsement_proto,
};

Expand All @@ -44,21 +44,19 @@ impl Policy<[u8], Variant> for FirmwarePolicy {
milliseconds_since_epoch: i64,
) -> anyhow::Result<EventAttestationResults> {
let initial_measurement = convert_amd_sev_snp_initial_measurement(firmware_measurement);
let _firmware_endorsement = decode_endorsement_proto::<FirmwareEndorsement>(
let endorsement = decode_endorsement_proto::<FirmwareEndorsement>(
&FIRMWARE_ENDORSEMENT_ID,
encoded_firmware_endorsement,
)?;

let initial_measurement_expected_values = get_stage0_expected_values(
let expected_values = acquire_stage0_expected_values(
milliseconds_since_epoch,
// TODO: b/375137648 - Use firmware endorsement, once we switch to new endorsment
// types.
None,
Some(&endorsement),
&self.reference_values,
)
.context("getting stage0 values")?;

compare_measurement_digest(&initial_measurement, &initial_measurement_expected_values)
compare_measurement_digest(&initial_measurement, &expected_values)
.context("stage0 measurement values failed verification")?;

// TODO: b/356631062 - Return detailed attestation results.
Expand Down
14 changes: 6 additions & 8 deletions oak_attestation_verification/src/policy/kernel.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,15 +18,14 @@ use anyhow::Context;
use oak_attestation_verification_types::{policy::Policy, KERNEL_ENDORSEMENT_ID};
use oak_proto_rust::oak::{
attestation::v1::{
EventAttestationResults, KernelLayerEndorsements, KernelLayerReferenceValues,
Stage0Measurements,
EventAttestationResults, KernelEndorsement, KernelLayerReferenceValues, Stage0Measurements,
},
Variant,
};

use crate::{
compare::compare_kernel_layer_measurement_digests,
expect::get_kernel_layer_expected_values,
expect::acquire_kernel_event_expected_values,
extract::stage0_measurements_to_kernel_layer_data,
util::{decode_endorsement_proto, decode_event_proto},
};
Expand All @@ -53,18 +52,17 @@ impl Policy<[u8], Variant> for KernelPolicy {
"type.googleapis.com/oak.attestation.v1.Stage0Measurements",
encoded_event,
)?);
// TODO: b/375137648 - Decode into new endorsement protos.
let event_endorsements = decode_endorsement_proto::<KernelLayerEndorsements>(
let endorsement = decode_endorsement_proto::<KernelEndorsement>(
&KERNEL_ENDORSEMENT_ID,
encoded_event_endorsement,
)?;

let expected_values = get_kernel_layer_expected_values(
let expected_values = acquire_kernel_event_expected_values(
milliseconds_since_epoch,
Some(&event_endorsements),
Some(&endorsement),
&self.reference_values,
)
.context("couldn't verify kernel endosements")?;
.context("couldn't verify kernel endorsements")?;
compare_kernel_layer_measurement_digests(&event, &expected_values)
.context("couldn't verify kernel event")?;

Expand Down
15 changes: 7 additions & 8 deletions oak_attestation_verification/src/policy/system.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,15 +18,14 @@ use anyhow::Context;
use oak_attestation_verification_types::{policy::Policy, SYSTEM_ENDORSEMENT_ID};
use oak_proto_rust::oak::{
attestation::v1::{
EventAttestationResults, SystemLayerData, SystemLayerEndorsements,
SystemLayerReferenceValues,
EventAttestationResults, SystemEndorsement, SystemLayerData, SystemLayerReferenceValues,
},
Variant,
};

use crate::{
compare::compare_system_layer_measurement_digests,
expect::get_system_layer_expected_values,
expect::acquire_system_event_expected_values,
util::{decode_endorsement_proto, decode_event_proto},
};

Expand All @@ -51,18 +50,18 @@ impl Policy<[u8], Variant> for SystemPolicy {
"type.googleapis.com/oak.attestation.v1.SystemLayerData",
encoded_event,
)?;
// TODO: b/375137648 - Decode into new endorsement protos.
let event_endorsements = decode_endorsement_proto::<SystemLayerEndorsements>(
let endorsement = decode_endorsement_proto::<SystemEndorsement>(
&SYSTEM_ENDORSEMENT_ID,
encoded_event_endorsement,
)?;

let expected_values = get_system_layer_expected_values(
let expected_values = acquire_system_event_expected_values(
milliseconds_since_epoch,
Some(&event_endorsements),
Some(&endorsement),
&self.reference_values,
)
.context("couldn't verify system endosements")?;
.context("couldn't verify system endorsement")?;

compare_system_layer_measurement_digests(&event, &expected_values)
.context("couldn't verify system event")?;

Expand Down
Binary file modified oak_attestation_verification/testdata/oc_endorsements_20241205.binarypb
View file
Binary file not shown.
Loading

0 comments on commit 842825a

Please sign in to comment.