Add wasm verifers

Author: PSS1998

Cargo.lock

@@ -9,7 +9,12 @@ members = [
     "integration-tests",
     "tools/trustee-cli",
     "deps/key-value-storage",
-    "deps/policy-engine"
+    "deps/policy-engine",
+    "wasm-components/dcap-qvl-wasi",
+    "wasm-components/tdx-verifier-component",
+    "wasm-components/tdx-verifier-test",
+    "wasm-components/snp-verifier-component",
+    "wasm-components/snp-verifier-test"
 ]
 resolver = "2"
 
@@ -77,3 +82,6 @@ tonic-prost = "0.14"
 tonic-prost-build = "0.14"
 tracing = "0.1.43"
 tracing-subscriber = { version = "0.3.22", features = ["env-filter"] }
+
+[patch.crates-io]
+dcap-qvl = { git = "https://github.com/Phala-Network/dcap-qvl.git", tag = "v0.3.6" }

Cargo.toml

@@ -72,6 +72,10 @@ tracing-subscriber.workspace = true
 uuid = { version = "1.19.0", features = ["v4"] }
 verifier = { path = "../deps/verifier", default-features = false }
 actix-cors = { version = "0.7", optional = true }
+wasmtime = { version = "25.0.0", features = ["component-model", "cache"] }
+wasmtime-wasi = "25.0.0"
+wasmtime-wasi-http = "25.0.0"
+wasmsign2 = "0.2.6"
 
 [build-dependencies]
 shadow-rs.workspace = true

attestation-service/Cargo.toml

@@ -18,9 +18,25 @@ section:
 | `work_dir`                 | String                      | The location for Attestation Service to store data. | False      | Firstly try to read from ENV `AS_WORK_DIR`. If not any, use `/opt/confidential-containers/attestation-service`       |
 | `rvps_config`              | [RVPSConfiguration][2]      | RVPS configuration                                  | False      | -       |
 | `attestation_token_broker` | [AttestationTokenBroker][1]  | Attestation result token configuration.            | False      | -       |
+| `wasm_verifier`            | [WasmVerifier][3]           | Host Wasm component verifiers.       | False      | Disabled |
 
 [1]: #attestationtokenbroker
 [2]: #rvps-configuration
+[3]: #wasmverifier
+
+#### WasmVerifier
+
+This section is **optional**. When enabled, the Attestation Service can load and invoke platform-specific verifier logic as Wasm *components*.
+
+| Property               | Type              | Description | Required | Default |
+|------------------------|-------------------|-------------|----------|---------|
+| `enabled`              | Boolean           | Enable Wasm component verifier hosting. | No | `false` |
+| `allow_unsigned`       | Boolean           | If `false`, uploaded components must be signed with `wasmsign2` and verify against `trusted_public_keys`. | No | `false` |
+| `trusted_public_keys`  | Array of String   | Paths to trusted public keys (raw/DER/PEM/OpenSSH) for verifying components. | No | `[]` |
+| `registry_dir`         | String            | Directory to store registered components; defaults to `<work_dir>/components`. | No | - |
+| `default_component_id` | String            | Default verifier component ID to use when a request does not provide `verifier_component` or `verifier_component_id`. | No | - |
+| `wasi_cache_dir`       | String            | Directory pre-opened to components as `cache/` (for collateral caching); defaults to `<work_dir>/wasm-cache`. | No | - |
+| `wasmtime_cache_config`| String            | Wasmtime cache config file path; defaults to `<work_dir>/wasmtime-cache.toml`. | No | - |
 
 #### AttestationTokenBroker
 

attestation-service/docs/config.md

@@ -57,6 +57,18 @@ The value is a base64 encoded JWT. The body of the JWT is showed in the [example
 
 More configuration items please refer to the [document](./config.md).
 
+## Wasm Component Verifiers
+
+This build can host platform-specific verifiers as Wasm *components* (Component Model) instead of native verifier drivers.
+
+- `POST /component`: register a verifier component and get a `component_id` back.
+- `POST /attestation`: each `verification_request` can either embed a verifier component (`verifier_component`) or refer to a previously registered component (`verifier_component_id`).
+
+Notes:
+- `verifier_component` is base64url (no pad) encoded raw `.wasm` component bytes.
+- If both `verifier_component` and `verifier_component_id` are provided, `verifier_component` takes precedence and is deduplicated/registered by hash.
+- If neither is provided, the service uses `wasm_verifier.default_component_id` (if configured) or rejects the request.
+
 ## Advanced Topics
 
 ### Building from Source

attestation-service/docs/restful-as.md

@@ -186,6 +186,8 @@ impl AttestationService for Arc<RwLock<AttestationServer>> {
                 runtime_data,
                 runtime_data_hash_algorithm,
                 init_data,
+                verifier_component: None,
+                verifier_component_id: None,
             });
         }
         let policy_ids = match request.policy_ids.is_empty() {

attestation-service/src/bin/grpc/mod.rs

@@ -16,7 +16,7 @@ use tokio::sync::RwLock;
 use tracing::{debug, error, info};
 use tracing_subscriber::{fmt::Subscriber, EnvFilter};
 
-use crate::restful::{attestation, get_challenge, get_policies, set_policy};
+use crate::restful::{attestation, get_challenge, get_policies, register_component, set_policy};
 
 mod restful;
 
@@ -61,6 +61,9 @@ enum WebApi {
 
     #[strum(serialize = "/challenge")]
     Challenge,
+
+    #[strum(serialize = "/component")]
+    Component,
 }
 
 #[derive(Error, Debug)]
@@ -165,13 +168,16 @@ loglevel: {env_filter}
     let server = HttpServer::new(move || {
         App::new()
             .wrap(configure_cors(&allowed_origin))
+            // Wasm verifier components can be a few MB; raise the default JSON payload limit.
+            .app_data(web::JsonConfig::default().limit(32 * 1024 * 1024))
             .service(web::resource(WebApi::Attestation.as_ref()).route(web::post().to(attestation)))
             .service(
                 web::resource(WebApi::Policy.as_ref())
                     .route(web::post().to(set_policy))
                     .route(web::get().to(get_policies)),
             )
             .service(web::resource(WebApi::Challenge.as_ref()).route(web::post().to(get_challenge)))
+            .service(web::resource(WebApi::Component.as_ref()).route(web::post().to(register_component)))
             .app_data(web::Data::clone(&attestation_service))
     });
 

attestation-service/src/bin/restful-as.rs

@@ -53,6 +53,10 @@ pub struct AttestationRequest {
 pub struct IndividualAttestationRequest {
     tee: String,
     evidence: String,
+    /// Base64url (no pad) encoded Wasm component bytes.
+    verifier_component: Option<String>,
+    /// Component ID returned by the Component Registration API.
+    verifier_component_id: Option<String>,
     runtime_data: Option<RuntimeData>,
     init_data: Option<InitDataInput>,
     runtime_data_hash_algorithm: Option<String>,
@@ -150,6 +154,15 @@ pub async fn attestation(
         let evidence =
             serde_json::from_slice(&evidence).context("failed to parse evidence as JSON")?;
 
+        let verifier_component = match attestation_request.verifier_component.as_deref() {
+            Some(s) => Some(
+                URL_SAFE_NO_PAD
+                    .decode(s)
+                    .context("base64 decode verifier component")?,
+            ),
+            None => None,
+        };
+
         let tee = to_tee(&attestation_request.tee)?;
 
         let runtime_data = attestation_request
@@ -179,6 +192,8 @@ pub async fn attestation(
             runtime_data,
             runtime_data_hash_algorithm,
             init_data,
+            verifier_component,
+            verifier_component_id: attestation_request.verifier_component_id,
         });
     }
 
@@ -200,6 +215,41 @@ pub async fn attestation(
     Ok(HttpResponse::Ok().body(token))
 }
 
+#[derive(Debug, Deserialize)]
+pub struct RegisterComponentRequest {
+    /// Base64url (no pad) encoded Wasm component bytes.
+    verifier_component: String,
+}
+
+#[derive(Debug, Serialize)]
+pub struct RegisterComponentResponse {
+    component_id: String,
+}
+
+#[instrument(skip_all, fields(request_id = tracing::field::Empty))]
+pub async fn register_component(
+    request: web::Json<RegisterComponentRequest>,
+    cocoas: web::Data<Arc<RwLock<AttestationService>>>,
+) -> Result<HttpResponse> {
+    let request_id = Uuid::new_v4().to_string();
+    Span::current().record("request_id", tracing::field::display(&request_id));
+    info!("Component Registration API called.");
+
+    let request = request.into_inner();
+    let component_bytes = URL_SAFE_NO_PAD
+        .decode(&request.verifier_component)
+        .context("base64 decode verifier component")?;
+
+    let component_id = cocoas
+        .read()
+        .await
+        .register_component_verifier(&component_bytes)
+        .await
+        .context("register component verifier")?;
+
+    Ok(HttpResponse::Ok().json(RegisterComponentResponse { component_id }))
+}
+
 #[derive(Deserialize, Debug)]
 pub struct SetPolicyInput {
     policy_id: String,

attestation-service/src/bin/restful/mod.rs

@@ -29,6 +29,65 @@ pub struct Config {
     /// Optional configuration for verifier modules
     #[serde(default)]
     pub verifier_config: Option<VerifierConfig>,
+
+    /// Configuration for hosting Wasm component verifiers.
+    #[serde(default)]
+    pub wasm_verifier: WasmVerifierConfig,
+}
+
+#[derive(Clone, Debug, Deserialize, PartialEq)]
+pub struct WasmVerifierConfig {
+    /// Enable loading and invoking Wasm component verifiers.
+    #[serde(default)]
+    pub enabled: bool,
+
+    /// If `false`, Wasm components must carry a valid `wasmsign2` signature that
+    /// matches one of the `trusted_public_keys`.
+    #[serde(default)]
+    pub allow_unsigned: bool,
+
+    /// Trusted public keys used to validate uploaded Wasm components.
+    /// Keys can be in `wasmsign2` raw format, DER, PEM, or OpenSSH public key format.
+    #[serde(default)]
+    pub trusted_public_keys: Vec<PathBuf>,
+
+    /// Optional directory for storing registered components. When unset,
+    /// defaults to `<work_dir>/components`.
+    #[serde(default)]
+    pub registry_dir: Option<PathBuf>,
+
+    /// Optional default component ID to use when a request does not include
+    /// `verifier_component` (inline) or `verifier_component_id` (cache reference).
+    ///
+    /// This enables gRPC/KBS callers (or legacy clients) to keep sending only
+    /// evidence while the AS fetches the verifier component from its registry.
+    #[serde(default)]
+    pub default_component_id: Option<String>,
+
+    /// Optional directory pre-opened to Wasm components as `cache/` for
+    /// collateral caching. When unset, defaults to `<work_dir>/wasm-cache`.
+    #[serde(default)]
+    pub wasi_cache_dir: Option<PathBuf>,
+
+    /// Optional Wasmtime cache config file path. When unset, defaults to
+    /// `<work_dir>/wasmtime-cache.toml` (created automatically) and stores cache
+    /// artifacts under `<work_dir>/wasmtime-cache/`.
+    #[serde(default)]
+    pub wasmtime_cache_config: Option<PathBuf>,
+}
+
+impl Default for WasmVerifierConfig {
+    fn default() -> Self {
+        Self {
+            enabled: false,
+            allow_unsigned: false,
+            trusted_public_keys: vec![],
+            registry_dir: None,
+            default_component_id: None,
+            wasi_cache_dir: None,
+            wasmtime_cache_config: None,
+        }
+    }
 }
 
 fn default_work_dir() -> PathBuf {
@@ -55,6 +114,7 @@ impl Default for Config {
             rvps_config: RvpsConfig::default(),
             attestation_token_broker: EarTokenConfiguration::default(),
             verifier_config: None,
+            wasm_verifier: WasmVerifierConfig::default(),
         }
     }
 }
@@ -115,6 +175,7 @@ mod tests {
             profile_name: "tag:github.com,2024:confidential-containers/Trustee".into()
         },
         verifier_config: None,
+        wasm_verifier: crate::config::WasmVerifierConfig::default(),
     })]
     #[case("./tests/configs/example2.json", Config {
         work_dir: PathBuf::from("/var/lib/attestation-service/"),
@@ -136,6 +197,7 @@ mod tests {
             })
         },
         verifier_config: None,
+        wasm_verifier: crate::config::WasmVerifierConfig::default(),
     })]
     fn read_config(#[case] config: &str, #[case] expected: Config) {
         let config = std::fs::read_to_string(config).unwrap();