snp-knative: support deployment on cc-vms (#18)

Author: csegarragonz

.gitignore

@@ -7,3 +7,5 @@ build-native
 build-wasm
 
 ansible/inventory/vms.ini
+
+datasets*

VERSION

@@ -1 +1 @@
-0.5.0
+0.6.0

accless/CMakeLists.txt

@@ -26,6 +26,7 @@ add_library(${CMAKE_PROJECT_TARGET}
 # in WASM because there is  no easy way to pass CMake vars to `wasm_cmake` in
 # faasmtools
 if (ACCLESS_UBENCH)
+    message(STATUS "Building UBENCH")
     target_compile_definitions(${CMAKE_PROJECT_TARGET} PUBLIC ACCLESS_UBENCH)
 endif ()
 
@@ -42,18 +43,36 @@ if (CMAKE_SYSTEM_NAME STREQUAL "WASI")
 
     set(ACCLESS_HEADERS ${CMAKE_CURRENT_LIST_DIR}/include)
 else ()
+    # This lines do not suppress the warning
+    set(MY_CUSTOM_RPATH "/usr/local/attestationcurl/lib;/usr/local/attestationssl/lib64")
+    set(CMAKE_BUILD_RPATH "${MY_CUSTOM_RPATH}")
+    set(CMAKE_INSTALL_RPATH "${MY_CUSTOM_RPATH}")
+    set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
+    target_link_directories(${CMAKE_PROJECT_TARGET} PRIVATE BEFORE
+        /usr/local/attestationcurl/lib
+        /usr/local/attestationssl/lib64
+    )
+
+    add_subdirectory(./libs/attestation)
     add_subdirectory(./libs/s3)
 
     set(ACCLESS_LIBRARIES
         accless::s3
+        accless::attestation
+        # We use the installed curl as part of azure-cvm-attestation
+        /usr/local/attestationcurl/lib/libcurl.a
         # Order matters: librabe-cpp must preceede librabe
         "/usr/local/lib/rabe/librabe-cpp.a"
         "/usr/local/lib/rabe/librabe.a"
+        # Same for JWT
+        "/usr/local/lib/tless-jwt/libtless-jwt-cpp.a"
+        "/usr/local/lib/tless-jwt/libtless_jwt.a"
     )
     set(ACCLESS_HEADERS
         ${CMAKE_CURRENT_LIST_DIR}/include
         ${CMAKE_CURRENT_LIST_DIR}/libs
         "/usr/include/rabe"
+        "/usr/include/tless-jwt"
     )
 endif()
 

accless/include/accless.h

@@ -10,8 +10,6 @@
 // mr_enclave in the SGX report has type sgx_measurement_t which is a SHA256
 // digest (see sgx_report.h)
 #define MRENCLAVE_SIZE 32
-#define ATT_PROVIDER_AUD "accless-attestation-service"
-#define ATT_PROVIDER_SUB "attested-client"
 
 // We define with C-linkage all the external symbols that a TLess ECF needs
 // from the runtime environment. These are implemented by the runtime outside
@@ -24,7 +22,10 @@ void __accless_get_mrenclave(uint8_t *buf, int32_t bufSize);
 }
 #endif
 
-/* Main TLess C++ API
+#define ATT_PROVIDER_AUD "accless-attestation-service"
+#define ATT_PROVIDER_SUB "attested-client"
+
+/* Main Accless C++ API
  *
  * MISSING:
  * - Decrypt/Encrypt function input/output
@@ -50,4 +51,4 @@ int32_t chain(const std::string &workflow, const std::string &parentFuncName,
 // Wait for a function by its id, and get its output and return code
 std::pair<int, std::string> wait(int32_t functionId, bool ignoreOutput = false);
 #endif
-} // namespace tless
+} // namespace accless

accless/include/dag.h

@@ -29,4 +29,4 @@ std::vector<std::string>
 getFuncChainFromCertChain(const std::vector<uint8_t> &certChain);
 std::vector<std::string>
 getFuncChainFromCertChain(const std::string &certChain);
-} // namespace tless::dag
+} // namespace accless::dag

accless/include/utils.h

@@ -7,7 +7,7 @@
 namespace accless::utils {
 std::string byteArrayToHexString(const uint8_t *data, int dataSize);
 
-std::vector<uint8_t> base64Decode(const std::string& input);
+std::vector<uint8_t> base64Decode(const std::string &input);
 
 #ifdef __faasm
 std::vector<uint8_t> doGetKeyBytes(const std::string &bucketName,

accless/libs/attestation/CMakeLists.txt

@@ -0,0 +1,23 @@
+set(CMAKE_PROJECT_TARGET attestation)
+
+include(FetchContent)
+
+FetchContent_Declare(
+    AzGuestAttestation
+    GIT_REPOSITORY https://github.com/faasm/azure-cvm-guest-attestation.git
+    GIT_TAG main
+)
+FetchContent_MakeAvailable(AzGuestAttestation)
+
+set(AZ_GUEST_ATTESTATION_INCLUDE_DIRS
+    ${azguestattestation_SOURCE_DIR}/AttestationClient
+    ${azguestattestation_SOURCE_DIR}/AttestationClient/include
+    ${azguestattestation_SOURCE_DIR}/LinuxTpm/include
+    ${azguestattestation_SOURCE_DIR}/external/jsoncpp-0.10.7/include
+)
+
+add_library(${CMAKE_PROJECT_TARGET} attestation.cpp)
+target_link_libraries(${CMAKE_PROJECT_TARGET} PUBLIC azguestattestation curl)
+target_include_directories(${CMAKE_PROJECT_TARGET} PUBLIC ${AZ_GUEST_ATTESTATION_INCLUDE_DIRS})
+
+add_library(accless::attestation ALIAS ${CMAKE_PROJECT_TARGET})

accless/libs/attestation/attestation.cpp

@@ -0,0 +1,236 @@
+#include "attestation.h"
+
+// Includes from Azure Guest Attestation library
+#include "AttestationLogger.h"
+#include "HclReportParser.h"
+#include "TpmCertOperations.h"
+
+#include <array>
+#include <curl/curl.h>
+#include <fcntl.h>
+#include <filesystem>
+#include <optional>
+#include <sys/ioctl.h>
+#include <sys/stat.h>
+#include <vector>
+
+using namespace attest;
+
+#define SNP_GUEST_REQ_IOC_TYPE 'S'
+#define SNP_GET_REPORT _IOWR(SNP_GUEST_REQ_IOC_TYPE, 0x0, struct snp_guest_request_ioctl)
+
+namespace accless::attestation {
+void Logger::Log(const char *log_tag, AttestationLogger::LogLevel level,
+                 const char *function, const int line, const char *fmt, ...) {
+    va_list args;
+    va_start(args, fmt);
+    size_t len = std::vsnprintf(NULL, 0, fmt, args);
+    va_end(args);
+
+    std::vector<char> str(len + 1);
+
+    va_start(args, fmt);
+    std::vsnprintf(&str[0], len + 1, fmt, args);
+    va_end(args);
+
+    // Uncomment for debug logs
+    // std::cout << std::string(str.begin(), str.end()) << std::endl;
+}
+
+std::vector<uint8_t> getSnpReportFromTPM() {
+    // First, get HCL report
+    Tpm tpm;
+    Buffer hclReport = tpm.GetHCLReport();
+
+    Buffer snpReport;
+    Buffer runtimeData;
+    HclReportParser reportParser;
+
+    auto result = reportParser.ExtractSnpReportAndRuntimeDataFromHclReport(
+        hclReport, snpReport, runtimeData);
+    if (result.code_ != AttestationResult::ErrorCode::SUCCESS) {
+        std::cerr << "accless: error parsing snp report from HCL report"
+                  << std::endl;
+        throw std::runtime_error("error parsing HCL report");
+    }
+
+    return snpReport;
+}
+
+void tpmRenewAkCert() {
+    TpmCertOperations tpmCertOps;
+    bool renewalRequired = false;
+    auto result = tpmCertOps.IsAkCertRenewalRequired(renewalRequired);
+    if (result.code_ != AttestationResult::ErrorCode::SUCCESS) {
+        std::cerr << "accless: error checking AkCert renewal state"
+                  << std::endl;
+
+        if (result.tpm_error_code_ != 0) {
+            std::cerr << "accless: internal TPM error occured: "
+                      << result.description_ << std::endl;
+            throw std::runtime_error("internal TPM error");
+        } else if (result.code_ == attest::AttestationResult::ErrorCode::
+                                       ERROR_AK_CERT_PROVISIONING_FAILED) {
+            std::cerr << "accless: attestation key cert provisioning delayed"
+                      << std::endl;
+            throw std::runtime_error("internal TPM error");
+        }
+    }
+
+    if (renewalRequired) {
+        auto replaceResult = tpmCertOps.RenewAndReplaceAkCert();
+        if (replaceResult.code_ != AttestationResult::ErrorCode::SUCCESS) {
+            std::cerr << "accless: failed to renew AkCert: "
+                      << result.description_ << std::endl;
+            throw std::runtime_error("accless: internal TPM error");
+        }
+    }
+}
+
+/******************************************************************************/
+/* SNP Related Methods                                                */
+/******************************************************************************/
+
+// This method fetches the SNP attestation report from /dev/sev-guest:
+// - message_version is not used in this simple example, but is kept for
+// interface compatibility.
+// - userData: Optional 64-byte data to be included in the report.
+// - vmpl: Optional VMPL level.
+std::vector<uint8_t>
+getSnpReportFromDev(std::optional<std::array<uint8_t, 64>> userData,
+                    std::optional<uint32_t> vmpl) {
+    int fd = open("/dev/sev-guest", O_RDWR);
+    if (fd < 0) {
+        std::cerr << "accless(att): failed to open /dev/sev-guest" << std::endl;
+        throw std::runtime_error("Failed to open /dev/sev-guest");
+    }
+
+    // Prepare the request payload.
+    snp_report_req reqPayload;
+    std::memset(&reqPayload, 0, sizeof(reqPayload));
+    reqPayload.vmpl = vmpl.value_or(0);
+    if (userData.has_value()) {
+        std::memcpy(reqPayload.user_data, userData->data(), userData->size());
+    }
+
+    // Prepare the response buffer.
+    snp_report_resp respPayload;
+    std::memset(&respPayload, 0, sizeof(respPayload));
+
+    // Prepare the ioctl wrapper.
+    snp_guest_request_ioctl guestReq;
+    std::memset(&guestReq, 0, sizeof(guestReq));
+    guestReq.msg_version = 1;  // Must be non-zero.
+    guestReq.req_data = reinterpret_cast<uint64_t>(&reqPayload);
+    guestReq.resp_data = reinterpret_cast<uint64_t>(&respPayload);
+
+    // Issue the ioctl.
+    if (ioctl(fd, SNP_GET_REPORT, &guestReq) < 0) {
+        int err = errno;
+        close(fd);
+        std::cerr << "accless(att): ioctl SNP_GET_REPORT failed: " << strerror(err) << std::endl;
+        throw std::runtime_error("ioctl SNP_GET_REPORT failed");
+    }
+    close(fd);
+
+    // Check for firmware or VMM errors.
+    if (guestReq.fw_error != 0 || guestReq.vmm_error != 0) {
+        std::cerr << "accless(att): firmware error: " << guestReq.fw_error
+                  << " vmm error: " << guestReq.vmm_error << std::endl;
+        throw std::runtime_error("Firmware reported error");
+    }
+
+    // Convert the response to a vector.
+    std::vector<uint8_t> report(respPayload.data, respPayload.data + SNP_REPORT_RESP_SIZE);
+    return report;
+}
+
+std::vector<uint8_t>
+getSnpReport(std::optional<std::array<uint8_t, 64>> reportData) {
+    if (std::filesystem::exists("/dev/sev-guest")) {
+        return getSnpReportFromDev(reportData, std::nullopt);
+    }
+
+    if (std::filesystem::exists("/dev/tpmrm0")) {
+        return getSnpReportFromTPM();
+    }
+
+    std::cerr << "accless(att): no known SNP device found for attestation"
+              << std::endl;
+    throw std::runtime_error("No known SNP device found!");
+}
+
+/******************************************************************************/
+/* Attestation Service Methods                                                */
+/******************************************************************************/
+
+// Get the URL of our own attestation service (**not** MAA)
+std::string getAttestationServiceUrl() {
+    const char *val = std::getenv("ACCLESS_AS_URL");
+    if (val == nullptr) {
+        // This url uses https://ip:port
+        std::cerr << "accless(att): must set ACCLESS_AS_URL" << std::endl;
+        throw std::runtime_error("must set ACCLESS_AS_URL");
+    }
+    return std::string(val);
+}
+
+std::string getAttestationServiceCertPath() {
+    const char *val = std::getenv("ACCLESS_AS_CERT");
+    if (val == nullptr) {
+        std::cerr << "accless(att): must set ACCLESS_AS_CERT" << std::endl;
+        throw std::runtime_error("must set ACCLESS_AS_CERT");
+    }
+    return std::string(val);
+}
+
+size_t curlWriteCallback(char *ptr, size_t size, size_t nmemb, void *userdata) {
+    size_t totalSize = size * nmemb;
+    auto *response = static_cast<std::string *>(userdata);
+    response->append(ptr, totalSize);
+    return totalSize;
+}
+
+std::string asGetJwtFromReport(const std::vector<uint8_t> &snpReport) {
+    std::string jwt;
+
+    CURL *curl = curl_easy_init();
+    if (!curl) {
+        std::cerr << "accless: failed to initialize CURL" << std::endl;
+        throw std::runtime_error("curl error");
+    }
+
+    std::string asUrl = getAttestationServiceUrl() + "/verify-snp-report";
+    std::string certPath = getAttestationServiceCertPath();
+    curl_easy_setopt(curl, CURLOPT_URL, asUrl.c_str());
+    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
+    curl_easy_setopt(curl, CURLOPT_CAINFO, certPath.c_str());
+    curl_easy_setopt(curl, CURLOPT_POST, 1L);
+    curl_easy_setopt(curl, CURLOPT_POSTFIELDS, snpReport.data());
+    curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, snpReport.size());
+
+    struct curl_slist *headers = nullptr;
+    headers =
+        curl_slist_append(headers, "Content-Type: application/octet-stream");
+    curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
+
+    // Set write function and data
+    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, curlWriteCallback);
+    curl_easy_setopt(curl, CURLOPT_WRITEDATA, &jwt);
+
+    // Perform the request
+    CURLcode res = curl_easy_perform(curl);
+    if (res != CURLE_OK) {
+        std::cerr << "accless: CURL error: " << curl_easy_strerror(res)
+                  << std::endl;
+        curl_easy_cleanup(curl);
+        curl_slist_free_all(headers);
+        throw std::runtime_error("curl error");
+    }
+
+    curl_easy_cleanup(curl);
+    curl_slist_free_all(headers);
+
+    return jwt;
+}
+} // namespace accless::attestation