2024-02-26 10:56:55 +00:00
|
|
|
use std::{
|
|
|
|
|
fs::{read, File},
|
|
|
|
|
io::{Error as IoError, Write},
|
|
|
|
|
};
|
|
|
|
|
|
2024-02-27 22:30:36 +00:00
|
|
|
use quartz_cw::{
|
|
|
|
|
msg::execute::attested::HasUserData,
|
|
|
|
|
state::{MrEnclave, UserData},
|
|
|
|
|
};
|
2024-02-26 10:56:55 +00:00
|
|
|
|
2024-07-18 23:34:31 +00:00
|
|
|
#[cfg(not(feature = "mock-sgx"))]
|
|
|
|
|
pub type DefaultAttestor = EpidAttestor;
|
|
|
|
|
|
|
|
|
|
#[cfg(feature = "mock-sgx")]
|
|
|
|
|
pub type DefaultAttestor = MockAttestor;
|
|
|
|
|
|
2024-08-02 16:31:01 +00:00
|
|
|
/// The trait defines the interface for generating attestations from within an enclave.
|
2024-02-26 10:56:55 +00:00
|
|
|
pub trait Attestor {
|
|
|
|
|
type Error: ToString;
|
|
|
|
|
|
|
|
|
|
fn quote(&self, user_data: impl HasUserData) -> Result<Vec<u8>, Self::Error>;
|
2024-02-27 22:30:36 +00:00
|
|
|
|
|
|
|
|
fn mr_enclave(&self) -> Result<MrEnclave, Self::Error>;
|
2024-02-26 10:56:55 +00:00
|
|
|
}
|
|
|
|
|
|
2024-08-02 16:31:01 +00:00
|
|
|
/// An `Attestor` for generating EPID attestations for Gramine based enclaves.
|
2024-07-18 23:34:31 +00:00
|
|
|
#[derive(Clone, PartialEq, Debug, Default)]
|
2024-02-26 10:56:55 +00:00
|
|
|
pub struct EpidAttestor;
|
|
|
|
|
|
|
|
|
|
impl Attestor for EpidAttestor {
|
|
|
|
|
type Error = IoError;
|
|
|
|
|
|
|
|
|
|
fn quote(&self, user_data: impl HasUserData) -> Result<Vec<u8>, Self::Error> {
|
|
|
|
|
let user_data = user_data.user_data();
|
|
|
|
|
let mut user_report_data = File::create("/dev/attestation/user_report_data")?;
|
|
|
|
|
user_report_data.write_all(user_data.as_slice())?;
|
|
|
|
|
user_report_data.flush()?;
|
|
|
|
|
read("/dev/attestation/quote")
|
|
|
|
|
}
|
2024-02-27 22:30:36 +00:00
|
|
|
|
|
|
|
|
fn mr_enclave(&self) -> Result<MrEnclave, Self::Error> {
|
|
|
|
|
let quote = self.quote(NullUserData)?;
|
|
|
|
|
Ok(quote[112..(112 + 32)]
|
|
|
|
|
.try_into()
|
|
|
|
|
.expect("hardcoded array size"))
|
|
|
|
|
}
|
2024-02-26 10:56:55 +00:00
|
|
|
}
|
2024-02-27 19:52:23 +00:00
|
|
|
|
2024-08-02 16:31:01 +00:00
|
|
|
/// An `Attestor` for generating DCAP attestations for Gramine based enclaves.
|
|
|
|
|
#[derive(Clone, PartialEq, Debug, Default)]
|
|
|
|
|
pub struct DcapAttestor;
|
|
|
|
|
|
|
|
|
|
impl Attestor for DcapAttestor {
|
|
|
|
|
type Error = IoError;
|
|
|
|
|
|
|
|
|
|
fn quote(&self, user_data: impl HasUserData) -> Result<Vec<u8>, Self::Error> {
|
|
|
|
|
let user_data = user_data.user_data();
|
|
|
|
|
let mut user_report_data = File::create("/dev/attestation/user_report_data")?;
|
|
|
|
|
user_report_data.write_all(user_data.as_slice())?;
|
|
|
|
|
user_report_data.flush()?;
|
|
|
|
|
read("/dev/attestation/quote")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn mr_enclave(&self) -> Result<MrEnclave, Self::Error> {
|
|
|
|
|
let quote = self.quote(NullUserData)?;
|
|
|
|
|
Ok(quote[112..(112 + 32)]
|
|
|
|
|
.try_into()
|
|
|
|
|
.expect("hardcoded array size"))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// A mock `Attestor` that creates a quote consisting of just the user report data. (only meant for
|
|
|
|
|
/// testing purposes)
|
2024-07-18 23:34:31 +00:00
|
|
|
#[derive(Clone, PartialEq, Debug, Default)]
|
2024-02-27 19:52:23 +00:00
|
|
|
pub struct MockAttestor;
|
|
|
|
|
|
|
|
|
|
impl Attestor for MockAttestor {
|
|
|
|
|
type Error = String;
|
|
|
|
|
|
2024-07-18 23:34:31 +00:00
|
|
|
fn quote(&self, user_data: impl HasUserData) -> Result<Vec<u8>, Self::Error> {
|
|
|
|
|
let user_data = user_data.user_data();
|
|
|
|
|
Ok(user_data.to_vec())
|
2024-02-27 19:52:23 +00:00
|
|
|
}
|
2024-02-27 22:30:36 +00:00
|
|
|
|
|
|
|
|
fn mr_enclave(&self) -> Result<MrEnclave, Self::Error> {
|
2024-07-18 23:34:31 +00:00
|
|
|
Ok(Default::default())
|
2024-02-27 22:30:36 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
struct NullUserData;
|
|
|
|
|
|
|
|
|
|
impl HasUserData for NullUserData {
|
|
|
|
|
fn user_data(&self) -> UserData {
|
|
|
|
|
[0u8; 64]
|
|
|
|
|
}
|
2024-02-27 19:52:23 +00:00
|
|
|
}
|
