Implement simple remote attestation for the UEFI app (#2742)

jul-sh · web-flow · commit 16aad75e7ba2 · 2022-04-22T17:45:28.000+01:00
* Extract session logic for remote attestion, GH issue ref #2741 * Move sessions logic into its own crate remove unused deps format oak-prefix crate name for consistency fix typo * Implement simple remote attestion for the UEFI app * remove unused dep * Update lockfile * Shutdown with UEFI error code if a remote attestation error occurs * Update method call to match #2751 * Remove erroneous mention of gRPC
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/experimental/uefi/app/Cargo.lock b/experimental/uefi/app/Cargo.lock
diff --git a/experimental/uefi/loader/src/qemu.rs b/experimental/uefi/loader/src/qemu.rs
@@ -71,6 +71,10 @@ impl Qemu {
         // Construct the command-line arguments for `qemu`. See
         // https://www.qemu.org/docs/master/system/invocation.html for all available options.
 
+        // Needed to expose advanced CPU features to the UEFI app. Specifically
+        // RDRAND which is required for remote attestation.
+        cmd.arg("-enable-kvm");
+        cmd.args(&["-cpu", "Broadwell-IBRS"]);
         // We're going to run qemu as a noninteractive embedded program, so disable any
         // graphical outputs.
         cmd.arg("-nographic");
diff --git a/experimental/uefi/runtime/Cargo.toml b/experimental/uefi/runtime/Cargo.toml
@@ -8,3 +8,5 @@ license = "Apache-2.0"
 [dependencies]
 ciborium = { version = "*", default-features = false }
 ciborium-io = "*"
+oak_remote_attestation_sessions = { path = "../../../remote_attestation_sessions" }
+anyhow = { version = "*", default-features = false }
diff --git a/experimental/uefi/runtime/src/echo.rs b/experimental/uefi/runtime/src/echo.rs
@@ -16,17 +16,20 @@
 
 extern crate alloc;
 
-use crate::Channel;
+use crate::{remote_attestation::AttestationHandler, Channel};
 use alloc::vec::Vec;
 use ciborium::{de, ser};
 
 #[derive(Debug)]
 pub enum Error<T> {
     // An error occured while deserializing.
-    De(ciborium::de::Error<T>),
+    Deserialization(ciborium::de::Error<T>),
 
     // An error occured while serializing.
-    Ser(ciborium::ser::Error<T>),
+    Serialization(ciborium::ser::Error<T>),
+
+    // An error occured in remote attestation.
+    Attestation(anyhow::Error),
 }
 
 impl<E> ciborium_io::Write for &mut dyn Channel<Error = E> {
@@ -49,10 +52,16 @@ impl<E> ciborium_io::Read for &mut dyn Channel<Error = E> {
     }
 }
 
+const MOCK_SESSION_ID: [u8; 8] = [0; 8];
+
 // Echoes all input on the interface back out.
 pub fn echo<E: core::fmt::Debug>(mut channel: &mut dyn Channel<Error = E>) -> Result<!, Error<E>> {
+    let attestation_handler = &mut AttestationHandler::create(|v| v);
     loop {
-        let msg: Vec<u8> = de::from_reader(&mut channel).map_err(Error::De)?;
-        ser::into_writer(&msg, &mut channel).map_err(Error::Ser)?;
+        let msg: Vec<u8> = de::from_reader(&mut channel).map_err(Error::Deserialization)?;
+        let response = attestation_handler
+            .message(MOCK_SESSION_ID, msg)
+            .map_err(Error::Attestation)?;
+        ser::into_writer(&response, &mut channel).map_err(Error::Serialization)?;
     }
 }
diff --git a/experimental/uefi/runtime/src/lib.rs b/experimental/uefi/runtime/src/lib.rs
@@ -18,6 +18,7 @@
 #![feature(never_type)]
 
 pub mod echo;
+mod remote_attestation;
 
 /// Basic hardware abstraction layer for sending data.
 pub trait Channel {
diff --git a/experimental/uefi/runtime/src/remote_attestation.rs b/experimental/uefi/runtime/src/remote_attestation.rs
@@ -0,0 +1,93 @@
+//
+// Copyright 2022 The Project Oak Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+//! Server-side implementation the remote attestation handshake protocol.
+//!
+//! A simplified version of the implementation from the `grpc_unary_attestation`
+//! crate. TODO(#2741): Refactor this to share more code between the two runtimes.
+
+extern crate alloc;
+
+use alloc::vec::Vec;
+use anyhow::Context;
+use oak_remote_attestation_sessions::{SessionId, SessionState, SessionTracker};
+
+/// Number of sessions that will be kept in memory.
+const SESSIONS_CACHE_SIZE: usize = 10000;
+
+pub struct AttestationHandler<F> {
+    session_tracker: SessionTracker,
+    request_handler: F,
+}
+
+const MOCK_TEE_CERTIFICATE: [u8; 0] = [];
+const MOCK_ADDITIONAL_INFO: [u8; 0] = [];
+
+impl<F> AttestationHandler<F>
+where
+    F: Send + Sync + Clone + FnOnce(Vec<u8>) -> Vec<u8>,
+{
+    pub fn create(request_handler: F) -> Self {
+        let session_tracker = SessionTracker::create(
+            SESSIONS_CACHE_SIZE,
+            MOCK_TEE_CERTIFICATE.to_vec(),
+            MOCK_ADDITIONAL_INFO.to_vec(),
+        );
+
+        Self {
+            session_tracker,
+            request_handler,
+        }
+    }
+
+    pub fn message(&mut self, session_id: SessionId, request: Vec<u8>) -> anyhow::Result<Vec<u8>> {
+        let mut session_state = {
+            self.session_tracker
+                .pop_or_create_session_state(session_id)
+                .expect("Couldn't pop session state")
+        };
+        let response_body = match session_state {
+            SessionState::HandshakeInProgress(ref mut handshaker) => {
+                handshaker
+                    .next_step(&request)
+                    .context("Couldn't process handshake message")?
+                    // After receiving a valid `ClientIdentity` message
+                    // (the last step of the key exchange)
+                    // ServerHandshaker.next_step returns `None`. For unary
+                    // request we do want to send an explicit confirmation in
+                    // the form of a status message. Hence in case of `None`
+                    // fallback to a default (empty) response.
+                    .unwrap_or_default()
+            }
+            SessionState::EncryptedMessageExchange(ref mut encryptor) => {
+                let decrypted_request = encryptor
+                    .decrypt(&request)
+                    .context("Couldn't decrypt response")?;
+
+                let response = (self.request_handler.clone())(decrypted_request);
+
+                encryptor
+                    .encrypt(&response)
+                    .context("Couldn't encrypt response")?
+            }
+        };
+
+        self.session_tracker
+            .put_session_state(session_id, session_state);
+
+        Ok(response_body)
+    }
+}
