Implement insecure C++ attestation verifier for testing (project-oak#…

…4159) Ref project-oak#3641
ipetr0v · Jul 11, 2023 · b9d6e82 · b9d6e82
1 parent ef8fc7d
commit b9d6e82
Show file tree

Hide file tree

Showing 5 changed files with 92 additions and 7 deletions.
diff --git a/cc/remote_attestation/BUILD b/cc/remote_attestation/BUILD
@@ -27,3 +27,14 @@ cc_library(
  "@com_google_absl//absl/status",
  ],
 )
+
+cc_library(
+ name = "insecure_attestation_verifier",
+ srcs = ["insecure_attestation_verifier.cc"],
+ hdrs = ["insecure_attestation_verifier.h"],
+ deps = [
+ ":attestation_verifier",
+ "//oak_remote_attestation/proto/v1:messages_cc_proto",
+ "@com_google_absl//absl/status",
+ ],
+)
diff --git a/cc/remote_attestation/attestation_verifier.h b/cc/remote_attestation/attestation_verifier.h
@@ -35,13 +35,13 @@ class AttestationVerifier {
  // reference values.
  //
  // The statuses returned include the following:
- // Status::kOk = Trusted Execution Environment was successfully verified with
- // the references.
+ // - Status::kOk = Trusted Execution Environment was successfully verified with
+ //  the references.
  //
- // Status::kUnauthenticated = Trusted Execution Environment could not be
- // verified with the references. This may be because the Trusted Execution
- // Environment is not trustworth or the supplied references were not
- // sufficient.
+ // - Status::kUnauthenticated = Trusted Execution Environment could not be
+ //  verified with the references. This may be because the Trusted Execution
+ //  Environment is not trustworth or the supplied references were not
+ //  sufficient.
  virtual absl::Status Verify(::oak::session::v1::AttestationEvidence evidence,
  ::oak::session::v1::AttestationEndorsement endorsement) const = 0;
 };

diff --git a/cc/remote_attestation/insecure_attestation_verifier.cc b/cc/remote_attestation/insecure_attestation_verifier.cc
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2023 The Project Oak Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "cc/remote_attestation/insecure_attestation_verifier.h"
+
+#include <string>
+
+#include "absl/status/status.h"
+#include "oak_remote_attestation/proto/v1/messages.pb.h"
+
+namespace oak::remote_attestation {
+
+namespace {
+using ::oak::session::v1::AttestationEndorsement;
+using ::oak::session::v1::AttestationEvidence;
+} // namespace
+
+absl::Status InsecureAttestationVerifier::Verify(AttestationEvidence evidence,
+ AttestationEndorsement endorsement) const {
+ return absl::OkStatus();
+}
+
+} // namespace oak::remote_attestation
diff --git a/cc/remote_attestation/insecure_attestation_verifier.h b/cc/remote_attestation/insecure_attestation_verifier.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023 The Project Oak Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef CC_REMOTE_ATTESTATION_INSECURE_ATTESTATION_VERIFIER_H_
+#define CC_REMOTE_ATTESTATION_INSECURE_ATTESTATION_VERIFIER_H_
+
+#include <string>
+
+#include "absl/status/status.h"
+#include "cc/remote_attestation/attestation_verifier.h"
+#include "oak_remote_attestation/proto/v1/messages.pb.h"
+
+namespace oak::remote_attestation {
+
+// Cerifier implementation that doesn't verify attestation evidence and is used for testing.
+class InsecureAttestationVerifier : public AttestationVerifier {
+ public:
+ // Doesn't perform attestation verification and just returns a success value.
+ absl::Status Verify(::oak::session::v1::AttestationEvidence evidence,
+ ::oak::session::v1::AttestationEndorsement endorsement) const override;
+};
+
+} // namespace oak::remote_attestation
+
+#endif // CC_REMOTE_ATTESTATION_INSECURE_ATTESTATION_VERIFIER_H_
diff --git a/java/src/main/java/com/google/oak/remote_attestation/InsecureAttestationVerifier.java b/java/src/main/java/com/google/oak/remote_attestation/InsecureAttestationVerifier.java
@@ -21,7 +21,7 @@
 import com.google.oak.util.Result;
 
 /**
- * A test verifier implementation that doesn't verify attestation evidence and is used for testing.
+ * Verifier implementation that doesn't verify attestation evidence and is used for testing.
  */
 public class InsecureAttestationVerifier implements AttestationVerifier {
  /**