From 8d26472f867921483729dca441814da997314632 Mon Sep 17 00:00:00 2001
From: Mikko Ylinen <mikko.ylinen@intel.com>
Date: Fri, 7 Jun 2024 16:36:41 +0300
Subject: [PATCH] intel-trust-authority-as: add runtime data to attestation
 request

By adding runtime data to the appraisal request and having the reportdata
correctly hashed in the quote, ITA returns it back in the token claims
under attester_runtime_data.

For this to work, the Kata rootfs must be built with a modified
guest-components with sha512 hashing:

--- a/attestation-agent/kbs_protocol/src/client/rcar_client.rs
+++ b/attestation-agent/kbs_protocol/src/client/rcar_client.rs
@@ -13,7 +13,7 @@ use log::{debug, warn};
 use resource_uri::ResourceUri;
 use serde::Deserialize;
 use serde_json::json;
-use sha2::{Digest, Sha384};
+use sha2::{Digest, Sha512};

 use crate::{
     api::KbsClientCapabilities,
@@ -189,7 +189,7 @@ impl KbsClient<Box<dyn EvidenceProvider>> {
         nonce: String,
     ) -> Result<String> {
         debug!("Challenge nonce: {nonce}");
-        let mut hasher = Sha384::new();
+        let mut hasher = Sha512::new();
         hasher.update(runtime_data);

         let ehd = match tee {

Otherwise, ITA responds 400 / bad request.

This change is still safe because ITA AS with KBS get-resource
isn't working without this either.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
---
 .../api/src/attestation/intel_trust_authority/mod.rs | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/kbs/src/api/src/attestation/intel_trust_authority/mod.rs b/kbs/src/api/src/attestation/intel_trust_authority/mod.rs
index 7947decf7..7104548ce 100644
--- a/kbs/src/api/src/attestation/intel_trust_authority/mod.rs
+++ b/kbs/src/api/src/attestation/intel_trust_authority/mod.rs
@@ -5,10 +5,12 @@
 use super::Attest;
 use anyhow::*;
 use async_trait::async_trait;
+use base64::{engine::general_purpose::STANDARD, Engine};
 use jsonwebtoken::{decode, decode_header, jwk, Algorithm, DecodingKey, Validation};
 use kbs_types::{Attestation, Tee};
 use reqwest::header::{ACCEPT, CONTENT_TYPE};
 use serde::{Deserialize, Serialize};
+use serde_json::json;
 use std::fs::File;
 use std::io::BufReader;
 use std::str::FromStr;
@@ -23,6 +25,7 @@ struct IntelTrustAuthorityTeeEvidence {
 #[derive(Serialize, Debug)]
 struct AttestReqData {
     quote: String,
+    runtime_data: String,
 }
 
 #[derive(Deserialize, Debug)]
@@ -50,7 +53,7 @@ pub struct IntelTrustAuthority {
 
 #[async_trait]
 impl Attest for IntelTrustAuthority {
-    async fn verify(&self, tee: Tee, _nonce: &str, attestation: &str) -> Result<String> {
+    async fn verify(&self, tee: Tee, nonce: &str, attestation: &str) -> Result<String> {
         if tee != Tee::Tdx && tee != Tee::Sgx {
             bail!("Intel Trust Authority: TEE {tee:?} is not supported.");
         }
@@ -61,9 +64,16 @@ impl Attest for IntelTrustAuthority {
             serde_json::from_str::<IntelTrustAuthorityTeeEvidence>(&attestation.tee_evidence)
                 .map_err(|e| anyhow!("Deserialize supported TEE Evidence failed: {:?}", e))?;
 
+        let runtime_data = json!({
+            "tee-pubkey": attestation.tee_pubkey,
+            "nonce": nonce,
+        })
+        .to_string();
+
         // construct attest request data
         let req_data = AttestReqData {
             quote: evidence.quote,
+            runtime_data: STANDARD.encode(runtime_data),
         };
 
         let attest_req_body = serde_json::to_string(&req_data)