intel-trust-authority-as: add runtime data to attestation request

By adding runtime data to the appraisal request and having the reportdata correctly hashed in the quote, ITA returns it back in the token claims under attester_runtime_data. For this to work, the Kata rootfs must be built with a modified guest-components with sha512 hashing: --- a/attestation-agent/kbs_protocol/src/client/rcar_client.rs +++ b/attestation-agent/kbs_protocol/src/client/rcar_client.rs @@ -13,7 +13,7 @@ use log::{debug, warn}; use resource_uri::ResourceUri; use serde::Deserialize; use serde_json::json; -use sha2::{Digest, Sha384}; +use sha2::{Digest, Sha512}; use crate::{ api::KbsClientCapabilities, @@ -189,7 +189,7 @@ impl KbsClient<Box<dyn EvidenceProvider>> { nonce: String, ) -> Result<String> { debug!("Challenge nonce: {nonce}"); - let mut hasher = Sha384::new(); + let mut hasher = Sha512::new(); hasher.update(runtime_data); let ehd = match tee { Otherwise, ITA responds 400 / bad request. This change is still safe because ITA AS with KBS get-resource isn't working without this either. Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
confidential-containers · Jun 21, 2024 · 8d26472 · 8d26472
1 parent 5c403b2
commit 8d26472
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/kbs/src/api/src/attestation/intel_trust_authority/mod.rs b/kbs/src/api/src/attestation/intel_trust_authority/mod.rs
@@ -5,10 +5,12 @@
 use super::Attest;
 use anyhow::*;
 use async_trait::async_trait;
+use base64::{engine::general_purpose::STANDARD, Engine};
 use jsonwebtoken::{decode, decode_header, jwk, Algorithm, DecodingKey, Validation};
 use kbs_types::{Attestation, Tee};
 use reqwest::header::{ACCEPT, CONTENT_TYPE};
 use serde::{Deserialize, Serialize};
+use serde_json::json;
 use std::fs::File;
 use std::io::BufReader;
 use std::str::FromStr;
@@ -23,6 +25,7 @@ struct IntelTrustAuthorityTeeEvidence {
 #[derive(Serialize, Debug)]
 struct AttestReqData {
     quote: String,
+    runtime_data: String,
 }
 
 #[derive(Deserialize, Debug)]
@@ -50,7 +53,7 @@ pub struct IntelTrustAuthority {
 
 #[async_trait]
 impl Attest for IntelTrustAuthority {
-    async fn verify(&self, tee: Tee, _nonce: &str, attestation: &str) -> Result<String> {
+    async fn verify(&self, tee: Tee, nonce: &str, attestation: &str) -> Result<String> {
         if tee != Tee::Tdx && tee != Tee::Sgx {
             bail!("Intel Trust Authority: TEE {tee:?} is not supported.");
         }
@@ -61,9 +64,16 @@ impl Attest for IntelTrustAuthority {
             serde_json::from_str::<IntelTrustAuthorityTeeEvidence>(&attestation.tee_evidence)
                 .map_err(|e| anyhow!("Deserialize supported TEE Evidence failed: {:?}", e))?;
 
+        let runtime_data = json!({
+            "tee-pubkey": attestation.tee_pubkey,
+            "nonce": nonce,
+        })
+        .to_string();
+
         // construct attest request data
         let req_data = AttestReqData {
             quote: evidence.quote,
+            runtime_data: STANDARD.encode(runtime_data),
         };
 
         let attest_req_body = serde_json::to_string(&req_data)