COCOS-326 - Add vTPM support to CoCoS (#376)

* manager, cli and agent vtpm support * rebase and changed atls for vtpm * deleted unused code * changed chekproto.yaml script so it find the manager proto file correctly * fixe manager proto version * fix agent tests * fix server agent test * fix attestation test * fix attestation test gofumpt * created dummy RWC for TPM * fix comment * add default PCR values * rebase main * fix rust ci and missing header * changed embedded attestation to VMPL 2 * fix unused impot * fix pkg test * address attestation type * fix agent attestation test * add prc15 check * fix comments * fix cli tests * add doc * add mock for LeveledQuoteProvider when SEV-SNP device is not found Signed-off-by: Sammy Oina <sammyoina@gmail.com> * fix manager reading attestation policy * refactor PCR value checks and update attestation policy values Signed-off-by: Sammy Oina <sammyoina@gmail.com> * fix tests for sev and grpc --------- Signed-off-by: Sammy Oina <sammyoina@gmail.com> Co-authored-by: Sammy Oina <sammyoina@gmail.com>
2026-06-23 04:10:25 +00:00 · 2025-03-07 16:36:47 +01:00
parent fa26573643
commit 67f939fc66
57 changed files with 1289 additions and 626 deletions
@@ -25,8 +25,9 @@ import (
 	"github.com/google/go-tpm/legacy/tpm2"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
-	"github.com/ultravioletrs/cocos/agent"
+	config "github.com/ultravioletrs/cocos/pkg/attestation"
 	"github.com/ultravioletrs/cocos/pkg/attestation/quoteprovider"
+	"github.com/ultravioletrs/cocos/pkg/attestation/vtpm"
 	"google.golang.org/protobuf/encoding/protojson"
 	"google.golang.org/protobuf/encoding/prototext"
 	"google.golang.org/protobuf/proto"
@@ -109,33 +110,37 @@ const (
 		}
 	}
 	`
+	SNP     = "snp"
+	VTPM    = "vtpm"
+	SNPvTPM = "snp-vtpm"
 )

 var (
-	mode                string
-	cfg                 = check.Config{Policy: &check.Policy{}, RootOfTrust: &check.RootOfTrust{}}
-	cfgString           string
-	timeout             time.Duration
-	maxRetryDelay       time.Duration
-	platformInfo        string
-	stepping            string
-	trustedAuthorKeys   []string
-	trustedAuthorHashes []string
-	trustedIdKeys       []string
-	trustedIdKeyHashes  []string
-	attestationFile     string
-	tpmAttestationFile  string
-	attestation         []byte
-	empty16             = [size16]byte{}
-	empty32             = [size32]byte{}
-	empty64             = [size64]byte{}
-	defaultReportIdMa   = []byte{255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255}
-	getJsonAttestation  bool
-	errReportSize       = errors.New("attestation contents too small")
-	output              string
-	nonce               []byte
-	format              string
-	teeNonce            []byte
+	mode                    string
+	cfg                     = check.Config{Policy: &check.Policy{}, RootOfTrust: &check.RootOfTrust{}}
+	cfgString               string
+	timeout                 time.Duration
+	maxRetryDelay           time.Duration
+	platformInfo            string
+	stepping                string
+	trustedAuthorKeys       []string
+	trustedAuthorHashes     []string
+	trustedIdKeys           []string
+	trustedIdKeyHashes      []string
+	attestationFile         string
+	tpmAttestationFile      string
+	attestation             []byte
+	empty16                 = [size16]byte{}
+	empty32                 = [size32]byte{}
+	empty64                 = [size64]byte{}
+	defaultReportIdMa       = []byte{255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255}
+	errReportSize           = errors.New("attestation contents too small")
+	ErrBadAttestation       = errors.New("attestation file is corrupted or in wrong format")
+	output                  string
+	nonce                   []byte
+	format                  string
+	teeNonce                []byte
+	getTextProtoAttestation bool
 )

 var errEmptyFile = errors.New("input file is empty")
@@ -178,31 +183,75 @@ func (cli *CLI) NewAttestationCmd() *cobra.Command {

 func (cli *CLI) NewGetAttestationCmd() *cobra.Command {
 	cmd := &cobra.Command{
-		Use:     "get",
-		Short:   "Retrieve attestation information from agent. Report data expected in hex enoded string of length 64 bytes.",
-		Example: "get <report_data>",
-		Args:    cobra.ExactArgs(1),
+		Use:       "get",
+		Short:     "Retrieve attestation information from agent. The argument of the command must be the type of the report (snp or vtpm or snp-vtpm).",
+		ValidArgs: []cobra.Completion{SNP, VTPM, SNPvTPM},
+		Example: fmt.Sprintf(`Based on attestation report type:
+		get %s --tee <512 bit hex value>
+		get %s --vtpm <256 bit hex value>
+		get %s --tee <512 bit hex value> --vtpm <256 bit hex value>`, SNP, VTPM, SNPvTPM),
+		Args: cobra.ExactArgs(1),
 		Run: func(cmd *cobra.Command, args []string) {
 			if cli.connectErr != nil {
 				printError(cmd, "Failed to connect to agent: %v ❌ ", cli.connectErr)
 				return
 			}

-			cmd.Println("Getting attestation")
-
-			reportData, err := hex.DecodeString(args[0])
-			if err != nil {
-				printError(cmd, "Error decoding report data: %v ❌ ", err)
+			if err := cobra.OnlyValidArgs(cmd, args); err != nil {
+				printError(cmd, "Bad attestation type: %v ❌ ", err)
 				return
 			}
-			if len(reportData) != agent.ReportDataSize {
-				msg := color.New(color.FgRed).Sprintf("report data must be a hex encoded string of length %d bytes ❌ ", agent.ReportDataSize)
+
+			attestationType := args[0]
+
+			attType := config.SNP
+			switch attestationType {
+			case SNP:
+				cmd.Println("Fetching SEV-SNP attestation report")
+			case VTPM:
+				cmd.Println("Fetching vTPM report")
+				attType = config.VTPM
+			case SNPvTPM:
+				cmd.Println("Fetching SEV-SNP and vTPM report")
+				attType = config.SNPvTPM
+			}
+
+			if (attType == config.VTPM || attType == config.SNPvTPM) && len(nonce) == 0 {
+				msg := color.New(color.FgRed).Sprint("vTPM nonce must be defined for vTPM attestation ❌ ")
 				cmd.Println(msg)
 				return
 			}

+			if (attType == config.SNP || attType == config.SNPvTPM) && len(teeNonce) == 0 {
+				msg := color.New(color.FgRed).Sprint("TEE nonce must be defined for SEV-SNP attestation ❌ ")
+				cmd.Println(msg)
+				return
+			}
+
+			var fixedReportData [quoteprovider.Nonce]byte
+			if attType != config.VTPM {
+				if len(teeNonce) > quoteprovider.Nonce {
+					msg := color.New(color.FgRed).Sprintf("nonce must be a hex encoded string of length lesser or equal %d bytes ❌ ", quoteprovider.Nonce)
+					cmd.Println(msg)
+					return
+				}
+
+				copy(fixedReportData[:], teeNonce)
+			}
+
+			var fixedVtpmNonceByte [vtpm.Nonce]byte
+			if attType != config.SNP {
+				if len(nonce) > vtpm.Nonce {
+					msg := color.New(color.FgRed).Sprintf("vTPM nonce must be a hex encoded string of length lesser or equal %d bytes ❌ ", vtpm.Nonce)
+					cmd.Println(msg)
+					return
+				}
+
+				copy(fixedVtpmNonceByte[:], nonce)
+			}
+
 			filename := attestationFilePath
-			if getJsonAttestation {
+			if getTextProtoAttestation {
 				filename = attestationJson
 			}

@@ -212,7 +261,7 @@ func (cli *CLI) NewGetAttestationCmd() *cobra.Command {
 				return
 			}

-			if err := cli.agentSDK.Attestation(cmd.Context(), [agent.ReportDataSize]byte(reportData), attestationFile); err != nil {
+			if err := cli.agentSDK.Attestation(cmd.Context(), fixedReportData, fixedVtpmNonceByte, int(attType), attestationFile); err != nil {
 				printError(cmd, "Failed to get attestation due to error: %v ❌ ", err)
 				return
 			}
@@ -222,16 +271,32 @@ func (cli *CLI) NewGetAttestationCmd() *cobra.Command {
 				return
 			}

-			if getJsonAttestation {
+			if getTextProtoAttestation {
 				result, err := os.ReadFile(filename)
 				if err != nil {
 					printError(cmd, "Error reading attestation file: %v ❌ ", err)
 					return
 				}

-				result, err = attesationToJSON(result)
+				switch attestationType {
+				case SNP:
+					result, err = attesationToJSON(result)
+				case VTPM, SNPvTPM:
+					marshalOptions := prototext.MarshalOptions{
+						Multiline: true,
+						EmitASCII: true,
+					}
+					var attvTPM tpmAttest.Attestation
+					err = proto.Unmarshal(result, &attvTPM)
+					if err != nil {
+						printError(cmd, "failed to unmarshal the attestation report: %v ❌ ", ErrBadAttestation)
+					}
+
+					result = []byte(marshalOptions.Format(&attvTPM))
+				}
+
 				if err != nil {
-					printError(cmd, "Error converting attestation to json: %v ❌ ", err)
+					printError(cmd, "Error converting attestation to textproto: %v ❌ ", err)
 					return
 				}

@@ -245,7 +310,9 @@ func (cli *CLI) NewGetAttestationCmd() *cobra.Command {
 		},
 	}

-	cmd.Flags().BoolVarP(&getJsonAttestation, "json", "j", false, "Get attestation in json format")
+	cmd.Flags().BoolVarP(&getTextProtoAttestation, "textproto", "p", false, "Get attestation in textproto format")
+	cmd.Flags().BytesHexVarP(&teeNonce, "tee", "e", []byte{}, "Define the nonce for the SNP attestation report (must be used with attestation type snp and snp-vtpm)")
+	cmd.Flags().BytesHexVarP(&nonce, "vtpm", "t", []byte{}, "Define the nonce for the vTPM attestation report (must be used with attestation type vtpm and snp-vtpm)")

 	return cmd
 }
@@ -585,7 +652,12 @@ func sevsnpverify(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("error validating input: %v ❌ ", err)
 	}

-	if err := quoteprovider.VerifyAndValidate(attestation, &cfg); err != nil {
+	attestationPB, err := abi.ReportCertsToProto(attestation)
+	if err != nil {
+		return fmt.Errorf("failed to convert attestation bytes to struct %v ❌ ", err)
+	}
+
+	if err := quoteprovider.VerifyAndValidate(attestationPB, &cfg); err != nil {
 		return fmt.Errorf("attestation validation and verification failed with error: %v ❌ ", err)
 	}
 	cmd.Println("Attestation validation and verification is successful!")
@@ -18,7 +18,8 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
-	"github.com/ultravioletrs/cocos/agent"
+	"github.com/ultravioletrs/cocos/pkg/attestation/quoteprovider"
+	"github.com/ultravioletrs/cocos/pkg/attestation/vtpm"
 	"github.com/ultravioletrs/cocos/pkg/sdk/mocks"
 )

@@ -35,8 +36,8 @@ func TestNewAttestationCmd(t *testing.T) {

 	cmd.SetOutput(&buf)

-	reportData := bytes.Repeat([]byte{0x01}, agent.ReportDataSize)
-	mockSDK.On("Attestation", mock.Anything, [agent.ReportDataSize]byte(reportData), mock.Anything).Return(nil)
+	reportData := bytes.Repeat([]byte{0x01}, quoteprovider.Nonce)
+	mockSDK.On("Attestation", mock.Anything, [quoteprovider.Nonce]byte(reportData), mock.Anything).Return(nil)

 	cmd.SetArgs([]string{hex.EncodeToString(reportData)})
 	err := cmd.Execute()
@@ -47,6 +48,10 @@ func TestNewAttestationCmd(t *testing.T) {
 func TestNewGetAttestationCmd(t *testing.T) {
 	validattestation, err := os.ReadFile("../attestation.bin")
 	require.NoError(t, err)
+
+	teeNonce := hex.EncodeToString(bytes.Repeat([]byte{0x00}, quoteprovider.Nonce))
+	vtpmNonce := hex.EncodeToString(bytes.Repeat([]byte{0x00}, vtpm.Nonce))
+
 	testCases := []struct {
 		name         string
 		args         []string
@@ -56,57 +61,85 @@ func TestNewGetAttestationCmd(t *testing.T) {
 		expectedOut  string
 	}{
 		{
-			name:         "successful attestation retrieval",
-			args:         []string{hex.EncodeToString(bytes.Repeat([]byte{0x01}, agent.ReportDataSize))},
+			name:         "successful SNP attestation retrieval",
+			args:         []string{"snp", "--tee", teeNonce},
 			mockResponse: []byte("mock attestation"),
 			mockError:    nil,
 			expectedOut:  "Attestation result retrieved and saved successfully!",
 		},
 		{
-			name:         "invalid report data (decoding error)",
-			args:         []string{"invalid"},
-			mockResponse: nil,
-			mockError:    errors.New("error"),
-			expectedErr:  "Error decoding report data",
+			name:         "successful vTPM attestation retrieval",
+			args:         []string{"vtpm", "--vtpm", vtpmNonce},
+			mockResponse: []byte("mock attestation"),
+			mockError:    nil,
+			expectedOut:  "Attestation result retrieved and saved successfully!",
+		},
+		{
+			name:         "successful SNP-vTPM attestation retrieval",
+			args:         []string{"snp-vtpm", "--tee", teeNonce, "--vtpm", vtpmNonce},
+			mockResponse: []byte("mock attestation"),
+			mockError:    nil,
+			expectedOut:  "Attestation result retrieved and saved successfully!",
+		},
+		{
+			name:         "missing vTPM nonce",
+			args:         []string{"snp-vtpm", "--tee", teeNonce},
+			mockResponse: []byte("mock attestation"),
+			mockError:    nil,
+			expectedOut:  "vTPM nonce must be defined for vTPM attestation",
+		},
+		{
+			name:         "missing TEE nonce",
+			args:         []string{"snp-vtpm", "--vtpm", vtpmNonce},
+			mockResponse: []byte("mock attestation"),
+			mockError:    nil,
+			expectedOut:  "TEE nonce must be defined for SEV-SNP attestation",
 		},
 		{
 			name:         "invalid report data size",
-			args:         []string{hex.EncodeToString(bytes.Repeat([]byte{0x01}, 32))},
+			args:         []string{"snp", "--tee", hex.EncodeToString(bytes.Repeat([]byte{0x00}, 65))},
 			mockResponse: nil,
 			mockError:    errors.New("error"),
-			expectedErr:  "report data must be a hex encoded string of length 64 bytes",
+			expectedErr:  "nonce must be a hex encoded string of length lesser or equal 64 bytes",
 		},
 		{
-			name:         "invalid report data hex",
+			name:         "invalid vTPM data size",
+			args:         []string{"vtpm", "-t", hex.EncodeToString(bytes.Repeat([]byte{0x00}, 33))},
+			mockResponse: nil,
+			mockError:    errors.New("error"),
+			expectedErr:  "vTPM nonce must be a hex encoded string of length lesser or equal 32 bytes",
+		},
+		{
+			name:         "invalid arguments",
 			args:         []string{"invalid"},
 			mockResponse: nil,
 			mockError:    errors.New("error"),
-			expectedErr:  "Error decoding report data",
+			expectedErr:  "Bad attestation type: invalid argument ",
 		},
 		{
 			name:         "failed to get attestation",
-			args:         []string{hex.EncodeToString(bytes.Repeat([]byte{0x01}, agent.ReportDataSize))},
+			args:         []string{"snp", "-e", teeNonce},
 			mockResponse: nil,
 			mockError:    errors.New("error"),
 			expectedErr:  "Failed to get attestation due to error",
 		},
 		{
-			name:         "JSON report error",
-			args:         []string{hex.EncodeToString(bytes.Repeat([]byte{0x01}, agent.ReportDataSize)), "--json"},
+			name:         "Textproto report error",
+			args:         []string{"snp", "-e", teeNonce, "--textproto"},
 			mockResponse: []byte("mock attestation"),
 			mockError:    nil,
-			expectedErr:  "Error converting attestation to json",
+			expectedErr:  "Error converting attestation to textproto",
 		},
 		{
-			name:         "successful JSON report",
-			args:         []string{hex.EncodeToString(bytes.Repeat([]byte{0x01}, agent.ReportDataSize)), "--json"},
+			name:         "successful Textproto report",
+			args:         []string{"snp", "-e", teeNonce, "--textproto"},
 			mockResponse: validattestation,
 			mockError:    nil,
 			expectedOut:  "Attestation result retrieved and saved successfully!",
 		},
 		{
 			name:         "connection error",
-			args:         []string{hex.EncodeToString(bytes.Repeat([]byte{0x01}, agent.ReportDataSize))},
+			args:         []string{"snp", "-e", teeNonce},
 			mockResponse: nil,
 			mockError:    errors.New("failed to connect to agent"),
 			expectedErr:  "Failed to connect to agent",
@@ -128,8 +161,8 @@ func TestNewGetAttestationCmd(t *testing.T) {
 			var buf bytes.Buffer
 			cmd.SetOutput(&buf)

-			mockSDK.On("Attestation", mock.Anything, [agent.ReportDataSize]byte(bytes.Repeat([]byte{0x01}, agent.ReportDataSize)), mock.Anything).Return(tc.mockError).Run(func(args mock.Arguments) {
-				_, err := args.Get(2).(*os.File).Write(tc.mockResponse)
+			mockSDK.On("Attestation", mock.Anything, [quoteprovider.Nonce]byte(bytes.Repeat([]byte{0x00}, quoteprovider.Nonce)), [vtpm.Nonce]byte(bytes.Repeat([]byte{0x00}, vtpm.Nonce)), mock.Anything, mock.Anything).Return(tc.mockError).Run(func(args mock.Arguments) {
+				_, err := args.Get(4).(*os.File).Write(tc.mockResponse)
 				require.NoError(t, err)
 			})

@@ -12,7 +12,7 @@ import (
 	"github.com/google/go-sev-guest/proto/check"
 	"github.com/google/go-sev-guest/verify/trust"
 	"github.com/spf13/cobra"
-	"github.com/ultravioletrs/cocos/pkg/clients/grpc"
+	config "github.com/ultravioletrs/cocos/pkg/attestation"
 )

 const (
@@ -27,14 +27,14 @@ func (cli *CLI) NewCABundleCmd(fileSavePath string) *cobra.Command {
 		Example: "ca-bundle <path_to_platform_info_json>",
 		Args:    cobra.ExactArgs(1),
 		Run: func(cmd *cobra.Command, args []string) {
-			attestationConfiguration := check.Config{Policy: &check.Policy{}, RootOfTrust: &check.RootOfTrust{}}
-			err := grpc.ReadAttestationPolicy(args[0], &attestationConfiguration)
+			attestationConfiguration := config.Config{SnpCheck: &check.Config{Policy: &check.Policy{}, RootOfTrust: &check.RootOfTrust{}}, PcrConfig: &config.PcrConfig{}}
+			err := config.ReadAttestationPolicy(args[0], &attestationConfiguration)
 			if err != nil {
 				printError(cmd, "Error while reading manifest: %v ❌ ", err)
 				return
 			}

-			product := attestationConfiguration.RootOfTrust.ProductLine
+			product := attestationConfiguration.SnpCheck.RootOfTrust.ProductLine

 			getter := trust.DefaultHTTPSGetter()
 			caURL := kds.ProductCertChainURL(abi.VcekReportSigner, product)