Rust sdk quote and measurement support[Ready to Merge] (#62)

* docs(contributor): contrib-readme-action has updated readme

* this commit include following changes:
- implemented APIs: parse_cc_report/get_default_algorithm/get_measurement_count/get_cc_measurement
- added UT cases for above APIs
- added UT cases for generate tdx report data function
- added more sample codes for above APIs

* format code according to scan results

* re-orginze API trait implementation code

* update according to review comments

* change get_td_report to private

* update to remove unnecessary test cases according to review comments

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

common/rust/cctrusted_base/src/api.rs

@@ -2,12 +2,7 @@ use crate::api_data::Algorithm;
 use crate::api_data::*;
 use crate::eventlog::TcgEventLog;
 use crate::tcg::TcgDigest;
-use crate::tdx::quote::TdxQuote;
-use crate::tpm::quote::TpmQuote;
-use anyhow::*;
-use core::mem;
 use core::result::Result;
-use core::result::Result::Ok;
 
 pub trait CCTrustedApi {
     /***
@@ -28,9 +23,9 @@ pub trait CCTrustedApi {
             The cc report byte array or error information
     */
     fn get_cc_report(
-        nonce: String,
-        data: String,
-        _extra_args: ExtraArgs,
+        nonce: Option<String>,
+        data: Option<String>,
+        extra_args: ExtraArgs,
     ) -> Result<CcReport, anyhow::Error>;
 
     /***
@@ -45,20 +40,31 @@ pub trait CCTrustedApi {
     fn dump_cc_report(report: &Vec<u8>);
 
     /***
-        Get measurement register according to given selected index and algorithms
+        Get the count of measurement register.
+        Different trusted foundation may provide different count of measurement
+        register. For example, Intel TDX TDREPORT provides the 4 measurement
+        register by default. TPM provides 24 measurement (0~16 for SRTM and 17~24
+        for DRTM).
+        Beyond the real mesurement register, some SDK may extend virtual measurement
+        reigster for addtional trust chain like container, namespace, cluster in
+        cloud native paradiagm.
+        Returns:
+            The count of measurement registers
+    */
+    fn get_measurement_count() -> Result<u8, anyhow::Error>;
 
+    /***
+        Get measurement register according to given selected index and algorithms
         Each trusted foundation in CC environment provides the multiple measurement
         registers, the count is update to ``get_measurement_count()``. And for each
         measurement register, it may provides multiple digest for different algorithms.
-
         Args:
             index (u8): the index of measurement register,
             algo_id (u8): the alrogithms ID
-
         Returns:
             TcgDigest struct
     */
-    fn get_cc_measurement(_index: u8, _algo_id: u8) -> TcgDigest;
+    fn get_cc_measurement(index: u8, algo_id: u8) -> Result<TcgDigest, anyhow::Error>;
 
     /***
         Get eventlog for given index and count.
@@ -104,25 +110,5 @@ pub trait CCTrustedApi {
         fn parse_cc_report(report: Vec<u8>) -> Result<TdxQuote, anyhow::Error>;
 */
 pub trait ParseCcReport<T> {
-    fn parse_cc_report(_report: Vec<u8>) -> Result<T, anyhow::Error>;
-}
-
-// API function parses raw cc report to TdxQuote struct
-impl ParseCcReport<TdxQuote> for CcReport {
-    fn parse_cc_report(report: Vec<u8>) -> Result<TdxQuote, anyhow::Error> {
-        match TdxQuote::parse_tdx_quote(report) {
-            Ok(tdx_quote) => unsafe {
-                let report: &TdxQuote = mem::transmute(&tdx_quote);
-                Ok(report.clone())
-            },
-            Err(e) => Err(anyhow!("[parse_cc_report] error parse tdx quote: {:?}", e)),
-        }
-    }
-}
-
-// API function parses raw cc report to TpmQuote struct
-impl ParseCcReport<TpmQuote> for CcReport {
-    fn parse_cc_report(_report: Vec<u8>) -> Result<TpmQuote, anyhow::Error> {
-        todo!()
-    }
+    fn parse_cc_report(report: Vec<u8>) -> Result<T, anyhow::Error>;
 }

common/rust/cctrusted_base/src/api_data.rs

@@ -38,3 +38,18 @@ pub struct Algorithm {
     pub algo_id: u8,
     pub algo_id_str: String,
 }
+
+/***
+ ********************************************
+ * API get_measurement_count() related data *
+ ********************************************
+ */
+// return number of measurement registers in a CVM
+
+/***
+ ********************************************
+ * API get_cc_measurement() related data *
+ ********************************************
+ */
+// the return data structure is defined in cctrusted_base as:
+// cctrusted_base::tcg::TcgDigest

common/rust/cctrusted_base/src/cc_type.rs

@@ -1,7 +1,7 @@
 use hashbrown::HashMap;
 
 // supported TEE types
-#[derive(Clone, Eq, Hash, PartialEq)]
+#[derive(Clone, Eq, Hash, PartialEq, Debug)]
 pub enum TeeType {
     PLAIN = -1,
     TPM = 0,

common/rust/cctrusted_base/src/tcg.rs

@@ -1,4 +1,5 @@
 use hashbrown::HashMap;
+use log::info;
 
 pub const TPM_ALG_ERROR: u8 = 0x0;
 pub const TPM_ALG_RSA: u8 = 0x1;
@@ -26,19 +27,46 @@ lazy_static! {
 // this trait retrieve tcg standard algorithm name in string
 pub trait TcgAlgorithmRegistry {
     fn get_algorithm_id(&self) -> u8;
+    fn get_algorithm_id_str(&self) -> String;
 }
 
 // digest format: (algo id, hash value)
-#[allow(dead_code)]
+#[derive(Clone)]
 pub struct TcgDigest {
-    algo_id: u8,
-    hash: Vec<u8>,
+    pub algo_id: u8,
+    pub hash: Vec<u8>,
 }
 
-// this trait retrieve IMR's max index of a CVM and hash value
+impl TcgDigest {
+    pub fn show(&self) {
+        info!("show data in struct TcgDigest");
+        info!(
+            "algo = {}",
+            ALGO_NAME_MAP.get(&self.algo_id).unwrap().to_owned()
+        );
+        info!("hash = {:02X?}", self.hash);
+    }
+
+    pub fn get_hash(&self) -> Vec<u8> {
+        self.hash.clone()
+    }
+}
+
+impl TcgAlgorithmRegistry for TcgDigest {
+    fn get_algorithm_id(&self) -> u8 {
+        self.algo_id
+    }
+
+    fn get_algorithm_id_str(&self) -> String {
+        ALGO_NAME_MAP.get(&self.algo_id).unwrap().to_owned()
+    }
+}
+
+// traits a Tcg IMR should have
 pub trait TcgIMR {
-    fn max_index(&self) -> u8;
+    fn max_index() -> u8;
     fn get_index(&self) -> u8;
-    fn get_hash(&self) -> Vec<&str>;
-    fn is_valid(&self) -> bool;
+    fn get_tcg_digest(&self, algo_id: u8) -> TcgDigest;
+    fn is_valid_index(index: u8) -> Result<bool, anyhow::Error>;
+    fn is_valid_algo(algo_id: u8) -> Result<bool, anyhow::Error>;
 }

common/rust/cctrusted_base/src/tdx/common.rs

@@ -35,3 +35,41 @@ lazy_static! {
 pub const REPORT_DATA_LEN: u32 = 64;
 pub const TDX_REPORT_LEN: u32 = 1024;
 pub const TDX_QUOTE_LEN: usize = 4 * 4096;
+
+#[repr(u16)]
+#[derive(Clone, PartialEq, Debug)]
+pub enum AttestationKeyType {
+    ECDSA_P256 = 2,
+    ECDSA_P384 = 3,
+}
+
+#[repr(u32)]
+#[derive(Clone, Debug, PartialEq)]
+pub enum IntelTeeType {
+    TEE_SGX = 0x00000000,
+    TEE_TDX = 0x00000081,
+}
+
+// QE_VENDOR_INTEL_SGX ID string "939a7233f79c4ca9940a0db3957f0607";
+pub const QE_VENDOR_INTEL_SGX: [u8; 16] = [
+    0x93, 0x9a, 0x72, 0x33, 0xf7, 0x9c, 0x4c, 0xa9, 0x94, 0x0a, 0x0d, 0xb3, 0x95, 0x7f, 0x06, 0x07,
+];
+
+#[derive(Clone, PartialEq, Debug)]
+#[repr(i16)]
+pub enum QeCertDataType {
+    /*** QE Certification Data Type.
+    Definition reference:
+    https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf
+    A.3.9. QE Certification Data - Version 4
+    */
+    PCK_ID_PLAIN = 1,
+    PCK_ID_RSA_2048_OAEP = 2,
+    PCK_ID_RSA_3072_OAEP = 3,
+    PCK_LEAF_CERT_PLAIN = 4, // Currently not supported
+    PCK_CERT_CHAIN = 5,
+    QE_REPORT_CERT = 6,
+    PLATFORM_MANIFEST = 7, // Currently not supported
+}
+pub const TDX_QUOTE_VERSION_4: u16 = 4;
+pub const TDX_QUOTE_VERSION_5: u16 = 5;