Skip to content
This repository has been archived by the owner on Apr 15, 2024. It is now read-only.

Commit

Permalink
service/quote-serever: add README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@hairongchen
hairongchen committed Jul 13, 2023
1 parent e40e3dd commit d4e5aad
Show file tree
Hide file tree
Showing 2 changed files with 94 additions and 1 deletion.
7 changes: 6 additions & 1 deletion .github/cspell.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,11 @@
"dictionarydefinitions": [],
"dictionaries": [],
"words": [
"ccnp"
"ccnp",
"containerd",
"daemonset",
"grpcurl",
"proto",
"quoteserver"
]
}
88 changes: 88 additions & 0 deletions service/quote-server/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
# Service: CCNP Quote Service

This service will provide quote generated by underlying TEE platform for remote attestation service to verify the integrity and confidentiality of the trusted computing environment and required software environment.

## Introduction

This service provides functionality to fetch quote of underlying TEE platform with nonce as mandatory input and a base64 encoded user data as optional input. The nonce and optional user data will be digested and added into quote for remote attestation to verify the freshness of the quote and the user specified data.

The quote server use Unix domain socket based gRPC to serve the client SDK and the proto buffer message is as bellow:

```
message HealthCheckRequest {
string service = 1;
}
message HealthCheckResponse {
enum ServingStatus {
UNKNOWN = 0;
SERVING = 1;
NOT_SERVING = 2;
SERVICE_UNKNOWN = 3;
}
ServingStatus status = 1;
}
service GetQuote {
rpc GetQuote (GetQuoteRequest) returns (GetQuoteResponse);
}
message GetQuoteRequest {
string user_data = 1;
string nonce = 2;
}
message GetQuoteResponse {
string quote = 1;
string quote_type = 2;
}
```

## Installation
The quote service can be deployed as either DaemonSet or sidecar in different user scenarios.

### Build docker image
The Dockerfile for the service can be found under `container/quote-server` directory. Use the following command to build the image:

```
docker build -t ccnp_get_quote:0.1 -f container/quote-server/Dockerfile .
```

> Note: if you are using containerd as the default runtime for kubernetes. Please remember to use the following command to import the image into containerd:
```
docker save -o ccnp-quote-server.tar ccnp_get_quote:0.1
ctr -n=k8s.io image import ccnp-quote-server.tar
```

### Deploy as DaemonSet in Kubernetes
please edit file `service/quote-server/deployment/quote_server-daemonset.yaml` with the container image to use and run:
```
kubectl apply -f service/quote-server/deployment/quote_server-daemonset.yaml
```

## Testing
One can play with service on host from the source code following the steps below:

1. Start the quote service
```
cd service/quote-server
make build
./target/release/quote_server
```
2. Play with the service
Use the `grpcurl` as the tool to play with the service. Please follow the [official documentation](https://github.com/fullstorydev/grpcurl) to install grpcurl

Get quote from the TDX platform:
```
grpcurl -authority "dummy" -d '{"user_data": "MTIzNDU2NzgxMjM0NTY3ODEyMzQ1Njc4MTIzNDU2NzgxMjM0NTY3ODEyMzQ1Njc4", "nonce":"IXUKoBO1UM3c1wopN4sY"}' -plaintext -unix /run/ccnp/uds/quote-server.sock quoteserver.GetQuote.GetQuote
```

and the output should be as bellow:
```
{
"quote": "\"BAACAIEAAAAAAAAAk5pyM/ecTKmUCg2zlX8GB6P8pz1eLkNLuYzlFq7gmQ4AAAAABAAGAAAAAAAAAAAAAAAAAEj6aZSdsIAC7oQlKEf1cpiLHW5WjsE1P2TLbA/ZBTdfaa2VnA6vd0escKOSeJMCoQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAADnAgYAAAAAAKSgAzRsWhmm/SUEcehyvQcdjJLXQxq9pGNBeAihc4OqDUKYeBS8kvX1nGBEtnf1FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO8sw2a5sIgf6+MgszlJcgpq4sP0tqpfKTspZny2PWPOYiJbt1aPe1rpeqDtoa+NreW8yD5Jj8ypKTGA+WfwPH77+negDf9ZWNeonsxRtNtsLoUabMeutZ+xSCbs5gUWwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO+/PqJMpmXxEfoJELnxuPmAbw69VjN9ZQQqe3NjVd72ql13C43JW093ytpa7ipkSR7msIelxHz9nmDTkSucmGPMEAAA0doq0wnfzK1RM8LVMVECwOpiI5ePJkQ7KClggtiBrCrBhE6p3ECY4SUVhWET733tRdTwhkH3JNCkvTIRGeXE3SY1oRIxb7dVmrMVrWdmmfldJoB8RvpN7HOs/g788NOgFoemd5F95mGdNVJ3v0ppPvgJQ5ryby6SOYHAsL25dbkGAEYQAAAGBhMVA/8ABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVAAAAAAAAAOcAAAAAAAAAOWseNYAkJ5SHxHr5xWG93BUlhjmq0t2vdgCQ70Y/C4QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANyeKnxvlI8XR040p/xD7QMPfBVj8bq932NAyC4OVKjFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOYzIRlhSwSQeVYIlVCCAgcDb+K5pY0hOxqAEm1vN5p/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACXrF4+4CGy/IYdLV5k30DF9yMXwa6zYhBz8QproGhnTZPTIEXSIJLkzgEx9OaFrepQWCu+wbggzJVLqv9hg6a5IAAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHwUAXg4AAC0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlFOERDQ0JKYWdBd0lCQWdJVWR2clZDNnpJTFRvbGI0ZEt5RGhsbFlaUEc1RXdDZ1lJS29aSXpqMEVBd0l3CmNERWlNQ0FHQTFVRUF3d1pTVzUwWld3Z1UwZFlJRkJEU3lCUWJHRjBabTl5YlNCRFFURWFNQmdHQTFVRUNnd1IKU1c1MFpXd2dRMjl5Y0c5eVlYUnBiMjR4RkRBU0JnTlZCQWNNQzFOaGJuUmhJRU5zWVhKaE1Rc3dDUVlEVlFRSQpEQUpEUVRFTE1Ba0dBMVVFQmhNQ1ZWTXdIaGNOTWpNd05URTJNRGd5TXpJd1doY05NekF3TlRFMk1EZ3lNekl3CldqQndNU0l3SUFZRFZRUUREQmxKYm5SbGJDQlRSMWdnVUVOTElFTmxjblJwWm1sallYUmxNUm93R0FZRFZRUUsKREJGSmJuUmxiQ0JEYjNKd2IzSmhkR2x2YmpFVU1CSUdBMVVFQnd3TFUyRnVkR0VnUTJ4aGNtRXhDekFKQmdOVgpCQWdNQWtOQk1Rc3dDUVlEVlFRR0V3SlZVekJaTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCUHZQClNtKzJtU1R2TzE0RkhpOXd3K05qYUhzazhyVHFQQ0xEMDZ3MmtJVE9yb0RYSmN5NDBMbHRZemFBZ3JXR2FsWFoKTy9GY3cxc0padDZZdFNRVHlyU2pnZ01NTUlJRENEQWZCZ05WSFNNRUdEQVdnQlNWYjEzTnZSdmg2VUJKeWRUMApNODRCVnd2ZVZEQnJCZ05WSFI4RVpEQmlNR0NnWHFCY2hscG9kSFJ3Y3pvdkwyRndhUzUwY25WemRHVmtjMlZ5CmRtbGpaWE11YVc1MFpXd3VZMjl0TDNObmVDOWpaWEowYVdacFkyRjBhVzl1TDNZMEwzQmphMk55YkQ5allUMXcKYkdGMFptOXliU1psYm1OdlpHbHVaejFrWlhJd0hRWURWUjBPQkJZRUZEUGs4eit4L0JtVkw5UDVJTkRaNlhlUwpTOHR4TUE0R0ExVWREd0VCL3dRRUF3SUd3REFNQmdOVkhSTUJBZjhFQWpBQU1JSUNPUVlKS29aSWh2aE5BUTBCCkJJSUNLakNDQWlZd0hnWUtLb1pJaHZoTkFRMEJBUVFRUGYyUXdCNHRTYzhyRmxvZGJJQzlCVENDQVdNR0NpcUcKU0liNFRRRU5BUUl3Z2dGVE1CQUdDeXFHU0liNFRRRU5BUUlCQWdFRk1CQUdDeXFHU0liNFRRRU5BUUlDQWdFRgpNQkFHQ3lxR1NJYjRUUUVOQVFJREFnRUNNQkFHQ3lxR1NJYjRUUUVOQVFJRUFnRUNNQkFHQ3lxR1NJYjRUUUVOCkFRSUZBZ0VETUJBR0N5cUdTSWI0VFFFTkFRSUdBZ0VCTUJBR0N5cUdTSWI0VFFFTkFRSUhBZ0VBTUJBR0N5cUcKU0liNFRRRU5BUUlJQWdFRE1CQUdDeXFHU0liNFRRRU5BUUlKQWdFQU1CQUdDeXFHU0liNFRRRU5BUUlLQWdFQQpNQkFHQ3lxR1NJYjRUUUVOQVFJTEFnRUFNQkFHQ3lxR1NJYjRUUUVOQVFJTUFnRUFNQkFHQ3lxR1NJYjRUUUVOCkFRSU5BZ0VBTUJBR0N5cUdTSWI0VFFFTkFRSU9BZ0VBTUJBR0N5cUdTSWI0VFFFTkFRSVBBZ0VBTUJBR0N5cUcKU0liNFRRRU5BUUlRQWdFQU1CQUdDeXFHU0liNFRRRU5BUUlSQWdFTE1COEdDeXFHU0liNFRRRU5BUUlTQkJBRgpCUUlDQXdFQUF3QUFBQUFBQUFBQU1CQUdDaXFHU0liNFRRRU5BUU1FQWdBQU1CUUdDaXFHU0liNFRRRU5BUVFFCkJnQ0Fid1VBQURBUEJnb3Foa2lHK0UwQkRRRUZDZ0VCTUI0R0NpcUdTSWI0VFFFTkFRWUVFQUxFbzJLdDd4d3QKNmhQZGdZekRNMFl3UkFZS0tvWklodmhOQVEwQkJ6QTJNQkFHQ3lxR1NJYjRUUUVOQVFjQkFRSC9NQkFHQ3lxRwpTSWI0VFFFTkFRY0NBUUVBTUJBR0N5cUdTSWI0VFFFTkFRY0RBUUgvTUFvR0NDcUdTTTQ5QkFNQ0EwZ0FNRVVDCklBTURNUDNSaUJOYVpuM2NLUjducFVxNDFkTm1HNzIzZlFYcWlJVTU0U09KQWlFQSsrZW9Ta1ZOa2NnbERLZncKaDNDbGx6UzNway9hSGhYNjZDUjc1TllJanpnPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlDbGpDQ0FqMmdBd0lCQWdJVkFKVnZYYzI5RytIcFFFbkoxUFF6emdGWEM5NVVNQW9HQ0NxR1NNNDlCQU1DCk1HZ3hHakFZQmdOVkJBTU1FVWx1ZEdWc0lGTkhXQ0JTYjI5MElFTkJNUm93R0FZRFZRUUtEQkZKYm5SbGJDQkQKYjNKd2IzSmhkR2x2YmpFVU1CSUdBMVVFQnd3TFUyRnVkR0VnUTJ4aGNtRXhDekFKQmdOVkJBZ01Ba05CTVFzdwpDUVlEVlFRR0V3SlZVekFlRncweE9EQTFNakV4TURVd01UQmFGdzB6TXpBMU1qRXhNRFV3TVRCYU1IQXhJakFnCkJnTlZCQU1NR1VsdWRHVnNJRk5IV0NCUVEwc2dVR3hoZEdadmNtMGdRMEV4R2pBWUJnTlZCQW9NRVVsdWRHVnMKSUVOdmNuQnZjbUYwYVc5dU1SUXdFZ1lEVlFRSERBdFRZVzUwWVNCRGJHRnlZVEVMTUFrR0ExVUVDQXdDUTBFeApDekFKQmdOVkJBWVRBbFZUTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFTlNCLzd0MjFsWFNPCjJDdXpweHc3NGVKQjcyRXlER2dXNXJYQ3R4MnRWVExxNmhLazZ6K1VpUlpDbnFSN3BzT3ZncUZlU3hsbVRsSmwKZVRtaTJXWXozcU9CdXpDQnVEQWZCZ05WSFNNRUdEQVdnQlFpWlF6V1dwMDBpZk9EdEpWU3YxQWJPU2NHckRCUwpCZ05WSFI4RVN6QkpNRWVnUmFCRGhrRm9kSFJ3Y3pvdkwyTmxjblJwWm1sallYUmxjeTUwY25WemRHVmtjMlZ5CmRtbGpaWE11YVc1MFpXd3VZMjl0TDBsdWRHVnNVMGRZVW05dmRFTkJMbVJsY2pBZEJnTlZIUTRFRmdRVWxXOWQKemIwYjRlbEFTY25VOURQT0FWY0wzbFF3RGdZRFZSMFBBUUgvQkFRREFnRUdNQklHQTFVZEV3RUIvd1FJTUFZQgpBZjhDQVFBd0NnWUlLb1pJemowRUF3SURSd0F3UkFJZ1hzVmtpMHcraTZWWUdXM1VGLzIydWFYZTBZSkRqMVVlCm5BK1RqRDFhaTVjQ0lDWWIxU0FtRDV4a2ZUVnB2bzRVb3lpU1l4ckRXTG1VUjRDSTlOS3lmUE4rCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNqekNDQWpTZ0F3SUJBZ0lVSW1VTTFscWROSW56ZzdTVlVyOVFHemtuQnF3d0NnWUlLb1pJemowRUF3SXcKYURFYU1CZ0dBMVVFQXd3UlNXNTBaV3dnVTBkWUlGSnZiM1FnUTBFeEdqQVlCZ05WQkFvTUVVbHVkR1ZzSUVOdgpjbkJ2Y21GMGFXOXVNUlF3RWdZRFZRUUhEQXRUWVc1MFlTQkRiR0Z5WVRFTE1Ba0dBMVVFQ0F3Q1EwRXhDekFKCkJnTlZCQVlUQWxWVE1CNFhEVEU0TURVeU1URXdORFV4TUZvWERUUTVNVEl6TVRJek5UazFPVm93YURFYU1CZ0cKQTFVRUF3d1JTVzUwWld3Z1UwZFlJRkp2YjNRZ1EwRXhHakFZQmdOVkJBb01FVWx1ZEdWc0lFTnZjbkJ2Y21GMAphVzl1TVJRd0VnWURWUVFIREF0VFlXNTBZU0JEYkdGeVlURUxNQWtHQTFVRUNBd0NRMEV4Q3pBSkJnTlZCQVlUCkFsVlRNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVDNm5Fd01ESVlaT2ovaVBXc0N6YUVLaTcKMU9pT1NMUkZoV0dqYm5CVkpmVm5rWTR1M0lqa0RZWUwwTXhPNG1xc3lZamxCYWxUVll4RlAyc0pCSzV6bEtPQgp1ekNCdURBZkJnTlZIU01FR0RBV2dCUWlaUXpXV3AwMGlmT0R0SlZTdjFBYk9TY0dyREJTQmdOVkhSOEVTekJKCk1FZWdSYUJEaGtGb2RIUndjem92TDJObGNuUnBabWxqWVhSbGN5NTBjblZ6ZEdWa2MyVnlkbWxqWlhNdWFXNTAKWld3dVkyOXRMMGx1ZEdWc1UwZFlVbTl2ZEVOQkxtUmxjakFkQmdOVkhRNEVGZ1FVSW1VTTFscWROSW56ZzdTVgpVcjlRR3prbkJxd3dEZ1lEVlIwUEFRSC9CQVFEQWdFR01CSUdBMVVkRXdFQi93UUlNQVlCQWY4Q0FRRXdDZ1lJCktvWkl6ajBFQXdJRFNRQXdSZ0loQU9XLzVRa1IrUzlDaVNEY05vb3dMdVBSTHNXR2YvWWk3R1NYOTRCZ3dUd2cKQWlFQTRKMGxySG9NcytYbzVvL3NYNk85UVd4SFJBdlpVR09kUlE3Y3ZxUlhhcUk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KAA==\"",
"quoteType": "TDX"
}
```

0 comments on commit d4e5aad

Please sign in to comment.