From b9d6e822d4708c84d383ea0956b8d42644be2198 Mon Sep 17 00:00:00 2001 From: Ivan Petrov Date: Tue, 11 Jul 2023 15:27:30 +0100 Subject: [PATCH] Implement insecure C++ attestation verifier for testing (#4159) Ref https://github.com/project-oak/oak/issues/3641 --- cc/remote_attestation/BUILD | 11 ++++++ cc/remote_attestation/attestation_verifier.h | 12 +++--- .../insecure_attestation_verifier.cc | 36 ++++++++++++++++++ .../insecure_attestation_verifier.h | 38 +++++++++++++++++++ .../InsecureAttestationVerifier.java | 2 +- 5 files changed, 92 insertions(+), 7 deletions(-) create mode 100644 cc/remote_attestation/insecure_attestation_verifier.cc create mode 100644 cc/remote_attestation/insecure_attestation_verifier.h diff --git a/cc/remote_attestation/BUILD b/cc/remote_attestation/BUILD index b28e6de3c68..f241c92450a 100644 --- a/cc/remote_attestation/BUILD +++ b/cc/remote_attestation/BUILD @@ -27,3 +27,14 @@ cc_library( "@com_google_absl//absl/status", ], ) + +cc_library( + name = "insecure_attestation_verifier", + srcs = ["insecure_attestation_verifier.cc"], + hdrs = ["insecure_attestation_verifier.h"], + deps = [ + ":attestation_verifier", + "//oak_remote_attestation/proto/v1:messages_cc_proto", + "@com_google_absl//absl/status", + ], +) diff --git a/cc/remote_attestation/attestation_verifier.h b/cc/remote_attestation/attestation_verifier.h index 542661c395c..335b8e94241 100644 --- a/cc/remote_attestation/attestation_verifier.h +++ b/cc/remote_attestation/attestation_verifier.h @@ -35,13 +35,13 @@ class AttestationVerifier { // reference values. // // The statuses returned include the following: - // Status::kOk = Trusted Execution Environment was successfully verified with - // the references. + // - Status::kOk = Trusted Execution Environment was successfully verified with + // the references. // - // Status::kUnauthenticated = Trusted Execution Environment could not be - // verified with the references. This may be because the Trusted Execution - // Environment is not trustworth or the supplied references were not - // sufficient. + // - Status::kUnauthenticated = Trusted Execution Environment could not be + // verified with the references. This may be because the Trusted Execution + // Environment is not trustworth or the supplied references were not + // sufficient. virtual absl::Status Verify(::oak::session::v1::AttestationEvidence evidence, ::oak::session::v1::AttestationEndorsement endorsement) const = 0; }; diff --git a/cc/remote_attestation/insecure_attestation_verifier.cc b/cc/remote_attestation/insecure_attestation_verifier.cc new file mode 100644 index 00000000000..e7b623bb464 --- /dev/null +++ b/cc/remote_attestation/insecure_attestation_verifier.cc @@ -0,0 +1,36 @@ +/* + * Copyright 2023 The Project Oak Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "cc/remote_attestation/insecure_attestation_verifier.h" + +#include + +#include "absl/status/status.h" +#include "oak_remote_attestation/proto/v1/messages.pb.h" + +namespace oak::remote_attestation { + +namespace { +using ::oak::session::v1::AttestationEndorsement; +using ::oak::session::v1::AttestationEvidence; +} // namespace + +absl::Status InsecureAttestationVerifier::Verify(AttestationEvidence evidence, + AttestationEndorsement endorsement) const { + return absl::OkStatus(); +} + +} // namespace oak::remote_attestation diff --git a/cc/remote_attestation/insecure_attestation_verifier.h b/cc/remote_attestation/insecure_attestation_verifier.h new file mode 100644 index 00000000000..29714f81033 --- /dev/null +++ b/cc/remote_attestation/insecure_attestation_verifier.h @@ -0,0 +1,38 @@ +/* + * Copyright 2023 The Project Oak Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CC_REMOTE_ATTESTATION_INSECURE_ATTESTATION_VERIFIER_H_ +#define CC_REMOTE_ATTESTATION_INSECURE_ATTESTATION_VERIFIER_H_ + +#include + +#include "absl/status/status.h" +#include "cc/remote_attestation/attestation_verifier.h" +#include "oak_remote_attestation/proto/v1/messages.pb.h" + +namespace oak::remote_attestation { + +// Cerifier implementation that doesn't verify attestation evidence and is used for testing. +class InsecureAttestationVerifier : public AttestationVerifier { + public: + // Doesn't perform attestation verification and just returns a success value. + absl::Status Verify(::oak::session::v1::AttestationEvidence evidence, + ::oak::session::v1::AttestationEndorsement endorsement) const override; +}; + +} // namespace oak::remote_attestation + +#endif // CC_REMOTE_ATTESTATION_INSECURE_ATTESTATION_VERIFIER_H_ \ No newline at end of file diff --git a/java/src/main/java/com/google/oak/remote_attestation/InsecureAttestationVerifier.java b/java/src/main/java/com/google/oak/remote_attestation/InsecureAttestationVerifier.java index 4a817d96bc9..30063ab2813 100644 --- a/java/src/main/java/com/google/oak/remote_attestation/InsecureAttestationVerifier.java +++ b/java/src/main/java/com/google/oak/remote_attestation/InsecureAttestationVerifier.java @@ -21,7 +21,7 @@ import com.google.oak.util.Result; /** - * A test verifier implementation that doesn't verify attestation evidence and is used for testing. + * Verifier implementation that doesn't verify attestation evidence and is used for testing. */ public class InsecureAttestationVerifier implements AttestationVerifier { /**