Merge pull request #10 from tkhq/zeke-nsm-attest

Nitro secure module attestation document verification logic
tkhq · May 20, 2022 · b862fb3 · b862fb3
2 parents 1b6da0c + 9cc455b
commit b862fb3
Show file tree

Hide file tree

Showing 23 changed files with 1,301 additions and 701 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Dockerfile b/Dockerfile
@@ -1,9 +1,10 @@
 FROM rust:1.60 as builder
 COPY ./ ./
-RUN cargo build --bin qos-core --features vm --no-default-features --release
+RUN cargo build --bin qos-core --features vm --no-default-features
 
 # We don't need the Rust toolchain to run the binary!
 FROM debian:buster-slim AS runtime
 WORKDIR app
-COPY --from=builder /target/release/qos-core /usr/local/bin
+RUN apt-get update && apt-get install -y libssl-dev
+COPY --from=builder /target/debug/qos-core /usr/local/bin
 ENTRYPOINT ["/usr/local/bin/qos-core", "--port", "6969", "--cid", "16"]
diff --git a/Makefile b/Makefile
@@ -6,7 +6,8 @@ test:
 enclave:
 	cargo run --bin qos-core \
 		-- \
-		--usock ./dev.sock
+		--usock ./dev.sock \
+		--mock true
 
 .PHONY: local-host
 local-host:
@@ -18,7 +19,7 @@ local-host:
 
 .PHONY: vm-host
 vm-host:
-	cargo run \
+	OPENSSL_DIR=/usr cargo run \
 		--bin qos-host \
 		--features vm \
 		-- \
@@ -37,7 +38,7 @@ local-client-echo:
 
 .PHONY: vm-client-echo
 vm-client-echo:
-	cargo run \
+	OPENSSL_DIR=/usr cargo run \
 		--bin qos-client \
 		--features vm \
 		echo \
@@ -54,13 +55,29 @@ local-client-describe-nsm:
 
 .PHONY: vm-client-describe-nsm
 vm-client-describe-nsm:
-	cargo run \
+	OPENSSL_DIR=/usr cargo run \
 		--bin qos-client \
 		--features vm \
 		describe-nsm \
 		--host-ip 127.0.0.1 \
 		--host-port 3000
 
+.PHONY: local-client-mock-attest
+local-client-mock-attest:
+	cargo run --bin qos-client \
+		mock-attestation \
+		--host-ip 127.0.0.1 \
+		--host-port 3000
+
+.PHONY: vm-client-mock-attest
+vm-client-attest:
+	OPENSSL_DIR=/usr cargo run \
+		--bin qos-client \
+		--features vm \
+		attestation \
+		--host-ip 127.0.0.1 \
+		--host-port 3000
+
 .PHONY: client
 client:
 	cargo run --bin qos-client

diff --git a/qos-client/Cargo.toml b/qos-client/Cargo.toml
@@ -6,6 +6,14 @@ edition = "2021"
 [dependencies]
 qos-core = { path = "../qos-core" }
 qos-host = { path = "../qos-host" }
+openssl = "0.10.40"
 
 # Third party
 ureq = { version = "2.4", default-features = false }
+serde_cbor = { version = "0.11", default-features = false }
+aws-nitro-enclaves-nsm-api = { version = "0.2.1", default-features = false }
+
+# For handling Attestation Doc
+aws-nitro-enclaves-cose = { version = "0.4.0", default-features = false, features = ["key_openssl_pkey"] }
+webpki = { version =  "0.22.0", default-features = false }
+serde_bytes = { version = "0.11", default-features = false }