Conversation
SammyOina
requested review from
danko-miladinovic,
dborovcanin and
jovan-djukic
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #561 +/- ##
==========================================
+ Coverage 69.49% 70.79% +1.30%
==========================================
Files 85 91 +6
Lines 6075 6390 +315
==========================================
+ Hits 4222 4524 +302
+ Misses 1485 1462 -23
- Partials 368 404 +36 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
…ication for attestation responses, replacing raw quotes with EAT tokens in the attestation service and protobuf. Signed-off-by: Sammy Oina <sammyoina@gmail.com>
…ifier. Signed-off-by: Sammy Oina <sammyoina@gmail.com>
Signed-off-by: Sammy Oina <sammyoina@gmail.com>
…on claim extraction. Signed-off-by: SammyOina <sammyoina@gmail.com>
…NewEATClaims`. Signed-off-by: SammyOina <sammyoina@gmail.com>
…or to enforce claim dependencies. Signed-off-by: SammyOina <sammyoina@gmail.com>
…nced claim validation Signed-off-by: Sammy Oina <sammyoina@gmail.com>
…ackage Signed-off-by: Sammy Oina <sammyoina@gmail.com>
…NP, and vTPM attestation, and improve EAT decoder robustness. Signed-off-by: Sammy Oina <sammyoina@gmail.com>
… update go.mod to use go-jose/v4. Signed-off-by: Sammy Oina <sammyoina@gmail.com>
…tation test error handling. Signed-off-by: Sammy Oina <sammyoina@gmail.com>
…ession algorithm, and refactor TDX test error message checks. Signed-off-by: Sammy Oina <sammyoina@gmail.com>
…fication, and add key management. Signed-off-by: Sammy Oina <sammyoina@gmail.com>
…NP attestation tests. Signed-off-by: Sammy Oina <sammyoina@gmail.com>
| } | ||
|
|
||
| // TDXExtensions contains Intel TDX specific claims. | ||
| type TDXExtensions struct { |
There was a problem hiding this comment.
Maybe we can have the same names as the Intel TDX EAT profile. Source:
https://docs.trustauthority.intel.com/main/articles/articles/ita/concept-policy-v2.html
https://portal.trustauthority.intel.com/[eat_profile](https://portal.trustauthority.intel.com/eat_profile.html).html
What do you think?
| ) | ||
|
|
||
| // EATClaims represents the Entity Attestation Token claims following RFC 9711. | ||
| type EATClaims struct { |
There was a problem hiding this comment.
Can we add the intuse claim. With the status general.
https://www.rfc-editor.org/rfc/rfc9711.html#name-intuse-intended-use-claim
https://www.rfc-editor.org/rfc/rfc9711.html#int-use-registry
General meaning this is the up-to-date (fresh) token.
…_` prefixes and add an `IntUse` field. Signed-off-by: Sammy Oina <sammyoina@gmail.com>
4 participants
What type of PR is this?
What does this do?
New Features
Chores
Flow 1: Direct API Attestation
sequenceDiagram participant Agent as CVM Agent<br/>(Attester) participant AttSvc as Attestation Service<br/>(Evidence Generator) participant CLI as CLI<br/>(Verifier + Relying Party) participant Policy as Attestation Policy<br/>(Reference Values) Note over Agent,CLI: Direct Attestation API Call CLI->>Agent: Request Attestation(nonce) Agent->>AttSvc: FetchAttestation(nonce, platform_type) Note over AttSvc: 1. Get binary report from TEE<br/>2. Extract platform claims<br/>3. Create EAT token<br/>4. Sign with ECDSA key AttSvc-->>Agent: EAT Token (JWT/CBOR) Agent-->>CLI: EAT Token Note over CLI: Verifier Role CLI->>Policy: Load attestation policy Policy-->>CLI: EAT validation rules Note over CLI: 1. Decode EAT token<br/>2. Verify signature<br/>3. Validate claims vs policy<br/>4. Check nonce freshness<br/>5. Extract binary report<br/>6. Verify platform attestation CLI->>CLI: Make trust decision Note over CLI: Relying Party Role<br/>Trust established ✓Flow 2: Attested TLS Handshake
sequenceDiagram participant Client as CLI<br/>(Relying Party) participant Agent as CVM Agent<br/>(Attester) participant AttSvc as Attestation Service<br/>(Evidence Generator) participant Policy as Attestation Policy<br/>(Reference Values) Note over Client,Agent: TLS Handshake with Attestation Client->>Agent: ClientHello + SNI(nonce.nonce) Note over Agent: Certificate Provider Agent->>Agent: Generate ephemeral key pair Agent->>Agent: Extract nonce from SNI Agent->>AttSvc: Attest(pubkey, nonce) Note over AttSvc: 1. Hash(pubkey + nonce)<br/>2. Get binary report from TEE<br/>3. Extract platform claims<br/>4. Create EAT token (CBOR)<br/>5. Sign token AttSvc-->>Agent: EAT Token (CBOR) Note over Agent: 1. Create X.509 cert<br/>2. Embed EAT in extension<br/>3. Sign cert with ephemeral key Agent-->>Client: ServerHello + Certificate<br/>(with EAT in extension) Note over Client: Certificate Verifier Role Client->>Policy: Load attestation policy Policy-->>Client: EAT validation rules Note over Client: 1. Extract EAT from cert extension<br/>2. Decode EAT token<br/>3. Verify EAT signature<br/>4. Validate claims vs policy<br/>5. Verify nonce matches<br/>6. Extract binary report<br/>7. Verify platform attestation<br/>8. Verify cert signature Client->>Client: Make trust decision Note over Client: Relying Party Role<br/>TLS connection established ✓ Client->>Agent: Encrypted application dataComponent Mapping
- Generate binary attestation reports
- Create EAT tokens with claims
- Sign evidence
- Includes measurements
- Embeds binary report
- Cryptographically signed
- Validate signatures
- Check claims against policy
- Verify platform attestation
- Produce attestation results
- TCB versions
- EAT validation rules
- Platform configuration
- Make trust decisions
- Establish secure connections
- Execute computations
- TLS connection allowed/denied
- Computation authorized
Which issue(s) does this PR fix/relate to?
Have you included tests for your changes?
Did you document any new/modified feature?
Notes
To be merged after #559