Address review comments

project-oak · Feb 9, 2024 · 1eba793 · 1eba793
1 parent 1fffc52
commit 1eba793
Show file tree

Hide file tree

Showing 7 changed files with 73 additions and 68 deletions.
diff --git a/oak_attestation_verification/src/verifier.rs b/oak_attestation_verification/src/verifier.rs
@@ -33,13 +33,13 @@ use oak_proto_rust::oak::{
     attestation::v1::{
         attestation_results::Status, binary_reference_value, endorsements,
         extracted_evidence::EvidenceValues, reference_values, root_layer_data::Report,
-        root_layer_reference_values, AmdAttestationReport, AmdSevReferenceValues, ApplicationKeys,
-        ApplicationLayerData, ApplicationLayerEndorsements, ApplicationLayerReferenceValues,
-        AttestationResults, BinaryReferenceValue, CbData, CbEndorsements, CbReferenceValues,
-        ContainerLayerData, ContainerLayerEndorsements, ContainerLayerReferenceValues,
-        Endorsements, Evidence, ExtractedEvidence, IntelTdxAttestationReport,
-        IntelTdxReferenceValues, KernelLayerData, KernelLayerEndorsements,
-        KernelLayerReferenceValues, MockAttestationReport, OakContainersData,
+        AmdAttestationReport, AmdSevReferenceValues, ApplicationKeys, ApplicationLayerData,
+        ApplicationLayerEndorsements, ApplicationLayerReferenceValues, AttestationResults,
+        BinaryReferenceValue, CbData, CbEndorsements, CbReferenceValues, ContainerLayerData,
+        ContainerLayerEndorsements, ContainerLayerReferenceValues, Endorsements, Evidence,
+        ExtractedEvidence, FakeAttestationReport, InsecureReferenceValues,
+        IntelTdxAttestationReport, IntelTdxReferenceValues, KernelLayerData,
+        KernelLayerEndorsements, KernelLayerReferenceValues, OakContainersData,
         OakContainersEndorsements, OakContainersReferenceValues, OakRestrictedKernelData,
         OakRestrictedKernelEndorsements, OakRestrictedKernelReferenceValues, ReferenceValues,
         RootLayerData, RootLayerEndorsements, RootLayerEvidence, RootLayerReferenceValues,
@@ -143,7 +143,7 @@ pub fn verify(
     {
         Report::SevSnp(values) => values.report_data.as_ref(),
         Report::Tdx(values) => values.report_data.as_ref(),
-        Report::Mock(values) => values.report_data.as_ref(),
+        Report::Fake(values) => values.report_data.as_ref(),
     };
     // The report data contains 64 bytes by default, but we only use the first 32 bytes at the
     // moment.
@@ -405,6 +405,14 @@ fn verify_intel_tdx_attestation_report(
     anyhow::bail!("needs implementation")
 }
 
+/// Verifies a fake attestation report.
+fn verify_fake_attestation_report(
+    _attestation_report_values: &FakeAttestationReport,
+    _reference_values: &InsecureReferenceValues,
+) -> anyhow::Result<()> {
+    Ok(())
+}
+
 /// Verifies the signature chain for the attestation report included in the root.
 fn verify_root_attestation_signature(
     _now_utc_millis: i64,
@@ -444,29 +452,28 @@ fn verify_root_layer(
     _endorsements: Option<&RootLayerEndorsements>,
     reference_values: &RootLayerReferenceValues,
 ) -> anyhow::Result<()> {
-    if let Some(root_layer_reference_values::Type::Skip(_)) = reference_values.r#type {
-        return Ok(());
-    }
     match values.report.as_ref() {
-        Some(Report::SevSnp(report_values)) => {
-            if let Some(root_layer_reference_values::Type::AmdSev(reference)) =
-                reference_values.r#type.as_ref()
-            {
-                verify_amd_sev_attestation_report(report_values, reference)
-            } else {
-                anyhow::bail!("AMD SEV-SNP reference values not found");
-            }
-        }
-        Some(Report::Tdx(report_values)) => {
-            if let Some(root_layer_reference_values::Type::IntelTdx(reference)) =
-                reference_values.r#type.as_ref()
-            {
-                verify_intel_tdx_attestation_report(report_values, reference)
-            } else {
-                anyhow::bail!("Intel TDX reference values not found");
-            }
-        }
-        Some(Report::Mock(_report_values)) => Ok(()),
+        Some(Report::SevSnp(report_values)) => verify_amd_sev_attestation_report(
+            report_values,
+            reference_values
+                .amd_sev
+                .as_ref()
+                .context("AMD SEV-SNP reference values not found")?,
+        ),
+        Some(Report::Tdx(report_values)) => verify_intel_tdx_attestation_report(
+            report_values,
+            reference_values
+                .intel_tdx
+                .as_ref()
+                .context("Intel TDX reference values not found")?,
+        ),
+        Some(Report::Fake(report_values)) => verify_fake_attestation_report(
+            report_values,
+            reference_values
+                .insecure
+                .as_ref()
+                .context("insecure reference values not found")?,
+        ),
         None => Err(anyhow::anyhow!("no attestation report")),
     }
 }
@@ -834,17 +841,17 @@ fn extract_root_values(root_layer: &RootLayerEvidence) -> anyhow::Result<RootLay
         }
         TeePlatform::IntelTdx => Err(anyhow::anyhow!("not supported")),
         TeePlatform::None => {
-            // We use an unsigned, mostly empty AMD SEV-SNP attestation report as a mock when not
+            // We use an unsigned, mostly empty AMD SEV-SNP attestation report as a fake when not
             // running in a TEE.
             let report = AttestationReport::ref_from(&root_layer.remote_attestation_report)
-                .context("invalid mock attestation report")?;
+                .context("invalid fake attestation report")?;
 
             report.validate().map_err(|msg| anyhow::anyhow!(msg))?;
 
             let report_data = report.data.report_data.as_ref().to_vec();
 
             Ok(RootLayerData {
-                report: Some(Report::Mock(MockAttestationReport { report_data })),
+                report: Some(Report::Fake(FakeAttestationReport { report_data })),
             })
         }
     }

diff --git a/...ification/testdata/mock_evidence.binarypb → ...ification/testdata/fake_evidence.binarypb b/...ification/testdata/mock_evidence.binarypb → ...ification/testdata/fake_evidence.binarypb
diff --git a/...fication/testdata/mock_evidence.textproto → ...fication/testdata/fake_evidence.textproto b/...fication/testdata/mock_evidence.textproto → ...fication/testdata/fake_evidence.textproto
@@ -2,12 +2,10 @@
 # proto-message: oak.attestaton.v1.Evidence
 #
 # Attestation evidence generated when not running on a TEE.
-# Generated on 8 Feb 2024. `mock_evidence.binarypb` is the same instance in
+# Generated on 9 Feb 2024. `fake_evidence.binarypb` is the same instance in
 # serialized binary format.
-#
-# The stage0 binary is measured in the attestation report.
 root_layer {
-  platform: NONE
+  platform: TEE_PLATFORM_NONE
   remote_attestation_report: "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000l\025\313\320C\030T\201i\347\024\300\363\023\241\306\' \003\317f\341\231\"\330D\306D2\r\336\214\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
   eca_public_key: "\247\001\002\002T\355\215\321Z\334ux&\262\214\370*\232L\217\023\307\010.\007\0038.\004\201\002 \001!X \024\221\3475\317u\245\372\226\236uTX\307\323l\336\242y\206\305\357\r\244\036)(\036HZ\330\004\"X \023=\367r@\000\177\334\331<\014\034\345\336\006\223w\343\3125\335\263\243\201UFx\241\346n\030\036"
 }

diff --git a/oak_attestation_verification/tests/verifier_tests.rs b/oak_attestation_verification/tests/verifier_tests.rs
@@ -21,13 +21,13 @@ use oak_attestation_verification::{
     verifier::{to_attestation_results, verify},
 };
 use oak_proto_rust::oak::attestation::v1::{
-    attestation_results::Status, binary_reference_value, reference_values,
-    root_layer_reference_values, AmdSevReferenceValues, BinaryReferenceValue,
-    ContainerLayerEndorsements, ContainerLayerReferenceValues, EndorsementReferenceValue,
-    Endorsements, Evidence, KernelLayerEndorsements, KernelLayerReferenceValues,
-    OakContainersEndorsements, OakContainersReferenceValues, ReferenceValues,
-    RootLayerEndorsements, RootLayerReferenceValues, SkipVerification, StringReferenceValue,
-    SystemLayerEndorsements, SystemLayerReferenceValues, TransparentReleaseEndorsement,
+    attestation_results::Status, binary_reference_value, reference_values, AmdSevReferenceValues,
+    BinaryReferenceValue, ContainerLayerEndorsements, ContainerLayerReferenceValues,
+    EndorsementReferenceValue, Endorsements, Evidence, InsecureReferenceValues,
+    KernelLayerEndorsements, KernelLayerReferenceValues, OakContainersEndorsements,
+    OakContainersReferenceValues, ReferenceValues, RootLayerEndorsements, RootLayerReferenceValues,
+    SkipVerification, StringReferenceValue, SystemLayerEndorsements, SystemLayerReferenceValues,
+    TransparentReleaseEndorsement,
 };
 use prost::Message;
 
@@ -38,7 +38,7 @@ const VCEK_MILAN_CERT_DER: &str = "testdata/vcek_milan.der";
 const ENDORSER_PUBLIC_KEY_PATH: &str = "testdata/oak-development.pem";
 const REKOR_PUBLIC_KEY_PATH: &str = "testdata/rekor_public_key.pem";
 const EVIDENCE_PATH: &str = "testdata/evidence.binarypb";
-const MOCK_EVIDENCE_PATH: &str = "testdata/mock_evidence.binarypb";
+const FAKE_EVIDENCE_PATH: &str = "testdata/fake_evidence.binarypb";
 
 // Pretend the tests run at this time: 1 Nov 2023, 9:00 UTC
 const NOW_UTC_MILLIS: i64 = 1698829200000;
@@ -49,10 +49,10 @@ fn create_evidence() -> Evidence {
     Evidence::decode(serialized.as_slice()).expect("could not decode evidence")
 }
 
-// Creates a valid mock evidence instance.
-fn create_mock_evidence() -> Evidence {
-    let serialized = fs::read(MOCK_EVIDENCE_PATH).expect("could not read evidence");
-    Evidence::decode(serialized.as_slice()).expect("could not decode evidence")
+// Creates a valid fake evidence instance.
+fn create_fake_evidence() -> Evidence {
+    let serialized = fs::read(FAKE_EVIDENCE_PATH).expect("could not read fake evidence");
+    Evidence::decode(serialized.as_slice()).expect("could not decode fake evidence")
 }
 
 // Creates valid endorsements for an Oak Containers chain.
@@ -136,7 +136,8 @@ fn create_reference_values() -> ReferenceValues {
     };
 
     let root_layer = RootLayerReferenceValues {
-        r#type: Some(root_layer_reference_values::Type::AmdSev(amd_sev)),
+        amd_sev: Some(amd_sev),
+        ..Default::default()
     };
     let kernel_layer = KernelLayerReferenceValues {
         kernel_image: Some(skip.clone()),
@@ -181,14 +182,15 @@ fn verify_succeeds() {
 }
 
 #[test]
-fn verify_mock_evidence() {
-    let evidence = create_mock_evidence();
+fn verify_fake_evidence() {
+    let evidence = create_fake_evidence();
     let endorsements = create_endorsements();
     let mut reference_values = create_reference_values();
     if let Some(reference_values::Type::OakContainers(reference)) = reference_values.r#type.as_mut()
     {
         reference.root_layer = Some(RootLayerReferenceValues {
-            r#type: Some(root_layer_reference_values::Type::Skip(SkipVerification {})),
+            insecure: Some(InsecureReferenceValues {}),
+            ..Default::default()
         });
     } else {
         panic!("invalid reference value type");

diff --git a/proto/attestation/evidence.proto b/proto/attestation/evidence.proto
@@ -37,7 +37,7 @@ enum TeePlatform {
   TEE_PLATFORM_UNSPECIFIED = 0;
   AMD_SEV_SNP = 1;
   INTEL_TDX = 2;
-  NONE = 3;
+  TEE_PLATFORM_NONE = 3;
 }
 
 // Evidence generated by the Layer0.

diff --git a/proto/attestation/reference_value.proto b/proto/attestation/reference_value.proto
@@ -70,13 +70,11 @@ message StringReferenceValue {
 }
 
 message RootLayerReferenceValues {
-  oneof type {
-    // Switches between AMD SEV-SNP and Intel TDX based on TeePlatform value.
-    // Verification is skipped when not running in a TEE.
-    AmdSevReferenceValues amd_sev = 1;
-    IntelTdxReferenceValues intel_tdx = 2;
-    SkipVerification skip = 3;
-  }
+  // Switches between AMD SEV-SNP and Intel TDX based on TeePlatform value.
+  // Verification is skipped when not running in a TEE.
+  AmdSevReferenceValues amd_sev = 1;
+  IntelTdxReferenceValues intel_tdx = 2;
+  InsecureReferenceValues insecure = 3;
 }
 
 message AmdSevReferenceValues {
@@ -93,9 +91,9 @@ message AmdSevReferenceValues {
   BinaryReferenceValue stage0 = 4;
 }
 
-message IntelTdxReferenceValues {
-  // TBD
-}
+message IntelTdxReferenceValues {}
+
+message InsecureReferenceValues {}
 
 // Verifies that the field contains at least one of the given digests.
 // No checks are performed if this is empty. A match in at least one

diff --git a/proto/attestation/verification.proto b/proto/attestation/verification.proto
@@ -74,8 +74,8 @@ message RootLayerData {
     AmdAttestationReport sev_snp = 1;
     // Values extracted from an Intel TDX attestation report.
     IntelTdxAttestationReport tdx = 2;
-    // Values extracted from a mock report when not running in a TEE.
-    MockAttestationReport mock = 3;
+    // Values extracted from a fake report when not running in a TEE.
+    FakeAttestationReport fake = 3;
   }
 }
 
@@ -106,8 +106,8 @@ message IntelTdxAttestationReport {
   bytes report_data = 1;
 }
 
-// Values extracted from a mock attestation report when not running in a TEE.
-message MockAttestationReport {
+// Values extracted from a fake attestation report when not running in a TEE.
+message FakeAttestationReport {
   // The custom bytes that were passed to the report when it was requested.
   bytes report_data = 1;
 }