COCOS-192 - Add support for attested TLS (#279)

* add draft tls extension

* add client support for ipv6

* remove vscode

* add evidence request server payload

* clean up the code

* add fetch and verify for quote provider

* add build parameters for buildroot

* change Makefile to always enable CGO

* fix ci

* add malloc check for NULL

* add copyright

* renamed files and fix cgo lint

* fix cache test

* fix server tests

* remove ineffective assignment

* fix no-TLS connection

* add check for SSL_set_fd failure

* add tests for verification of attestation

* fix CI

* fix failing tests

* fix backend tests

* remove commented code

* separate verify and validate function

* fix failing test

* Simplify function name

---------

Co-authored-by: ultraviolet <cocosai@ultraviolet.local.pragmatic-it.com>

agent/quoteprovider/embed.go

@@ -1,38 +0,0 @@
-// Copyright (c) Ultraviolet
-// SPDX-License-Identifier: Apache-2.0
-
-//go:build embed
-// +build embed
-
-package quoteprovider
-
-import (
-	"github.com/google/go-sev-guest/client"
-	pb "github.com/google/go-sev-guest/proto/sevsnp"
-	cocosai "github.com/ultravioletrs/cocos"
-)
-
-var _ client.QuoteProvider = (*embeddedQuoteProvider)(nil)
-
-type embeddedQuoteProvider struct {
-}
-
-func GetQuoteProvider() (client.QuoteProvider, error) {
-	return &embeddedQuoteProvider{}, nil
-}
-
-// GetQuote returns the SEV quote for the given report data.
-func (e *embeddedQuoteProvider) GetRawQuote(reportData [64]byte) ([]byte, error) {
-	return cocosai.EmbeddedAttestation, nil
-}
-
-// IsSupported returns true if the SEV platform is supported.
-func (e *embeddedQuoteProvider) IsSupported() bool {
-	return true
-}
-
-// Product returns the SEV product information.
-// unimplemented since it is deprecated and not used.
-func (e *embeddedQuoteProvider) Product() *pb.SevProduct {
-	panic("unimplemented")
-}

agent/quoteprovider/mocks/QuoteProvider.go

@@ -1,95 +0,0 @@
-// Code generated by mockery v2.45.0. DO NOT EDIT.
-
-package mocks
-
-import (
-	sevsnp "github.com/google/go-sev-guest/proto/sevsnp"
-	mock "github.com/stretchr/testify/mock"
-)
-
-// QuoteProvider is an autogenerated mock type for the QuoteProvider type
-type QuoteProvider struct {
-	mock.Mock
-}
-
-// GetRawQuote provides a mock function with given fields: reportData
-func (_m *QuoteProvider) GetRawQuote(reportData [64]byte) ([]uint8, error) {
-	ret := _m.Called(reportData)
-
-	if len(ret) == 0 {
-		panic("no return value specified for GetRawQuote")
-	}
-
-	var r0 []uint8
-	var r1 error
-	if rf, ok := ret.Get(0).(func([64]byte) ([]uint8, error)); ok {
-		return rf(reportData)
-	}
-	if rf, ok := ret.Get(0).(func([64]byte) []uint8); ok {
-		r0 = rf(reportData)
-	} else {
-		if ret.Get(0) != nil {
-			r0 = ret.Get(0).([]uint8)
-		}
-	}
-
-	if rf, ok := ret.Get(1).(func([64]byte) error); ok {
-		r1 = rf(reportData)
-	} else {
-		r1 = ret.Error(1)
-	}
-
-	return r0, r1
-}
-
-// IsSupported provides a mock function with given fields:
-func (_m *QuoteProvider) IsSupported() bool {
-	ret := _m.Called()
-
-	if len(ret) == 0 {
-		panic("no return value specified for IsSupported")
-	}
-
-	var r0 bool
-	if rf, ok := ret.Get(0).(func() bool); ok {
-		r0 = rf()
-	} else {
-		r0 = ret.Get(0).(bool)
-	}
-
-	return r0
-}
-
-// Product provides a mock function with given fields:
-func (_m *QuoteProvider) Product() *sevsnp.SevProduct {
-	ret := _m.Called()
-
-	if len(ret) == 0 {
-		panic("no return value specified for Product")
-	}
-
-	var r0 *sevsnp.SevProduct
-	if rf, ok := ret.Get(0).(func() *sevsnp.SevProduct); ok {
-		r0 = rf()
-	} else {
-		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(*sevsnp.SevProduct)
-		}
-	}
-
-	return r0
-}
-
-// NewQuoteProvider creates a new instance of QuoteProvider. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
-// The first argument is typically a *testing.T value.
-func NewQuoteProvider(t interface {
-	mock.TestingT
-	Cleanup(func())
-}) *QuoteProvider {
-	mock := &QuoteProvider{}
-	mock.Mock.Test(t)
-
-	t.Cleanup(func() { mock.AssertExpectations(t) })
-
-	return mock
-}

agent/quoteprovider/sev.go

@@ -1,13 +0,0 @@
-// Copyright (c) Ultraviolet
-// SPDX-License-Identifier: Apache-2.0
-
-//go:build !embed
-// +build !embed
-
-package quoteprovider
-
-import "github.com/google/go-sev-guest/client"
-
-func GetQuoteProvider() (client.QuoteProvider, error) {
-	return client.GetQuoteProvider()
-}

agent/service_test.go

@@ -18,10 +18,10 @@ import (
 	"github.com/ultravioletrs/cocos/agent/algorithm"
 	"github.com/ultravioletrs/cocos/agent/algorithm/python"
 	"github.com/ultravioletrs/cocos/agent/events/mocks"
-	"github.com/ultravioletrs/cocos/agent/quoteprovider"
-	mocks2 "github.com/ultravioletrs/cocos/agent/quoteprovider/mocks"
 	"github.com/ultravioletrs/cocos/agent/statemachine"
 	smmocks "github.com/ultravioletrs/cocos/agent/statemachine/mocks"
+	"github.com/ultravioletrs/cocos/pkg/attestation/quoteprovider"
+	mocks2 "github.com/ultravioletrs/cocos/pkg/attestation/quoteprovider/mocks"
 	"golang.org/x/crypto/sha3"
 	"google.golang.org/grpc/metadata"
 )