From 213751802ef5dae86c7940f65cedaba21796016b Mon Sep 17 00:00:00 2001 From: Jernej Kos Date: Mon, 23 Sep 2024 12:37:22 +0200 Subject: [PATCH] runtime: Use correct quote policy for ROFL apps --- runtime/src/attestation.rs | 37 +++++++++++++++++++++++++++---------- runtime/src/dispatcher.rs | 14 ++++---------- runtime/src/identity.rs | 5 ----- runtime/src/rofl.rs | 19 +++++++++++++++++++ 4 files changed, 50 insertions(+), 25 deletions(-) diff --git a/runtime/src/attestation.rs b/runtime/src/attestation.rs index 52bdb3ed3c2..c97f7475b13 100644 --- a/runtime/src/attestation.rs +++ b/runtime/src/attestation.rs @@ -16,6 +16,7 @@ use crate::{ host::Host, identity::Identity, policy::PolicyVerifier, + rofl::App, types::Body, }; @@ -26,7 +27,8 @@ pub struct Handler { host: Arc, consensus_verifier: Arc, runtime_id: Namespace, - version: Option, + version: Version, + app: Arc, logger: Logger, } @@ -37,7 +39,8 @@ impl Handler { host: Arc, consensus_verifier: Arc, runtime_id: Namespace, - version: Option, + version: Version, + app: Arc, ) -> Self { Self { identity, @@ -45,6 +48,7 @@ impl Handler { consensus_verifier, runtime_id, version, + app, logger: get_logger("runtime/attestation"), } } @@ -92,21 +96,34 @@ impl Handler { }) } - async fn set_quote(&self, quote: Quote) -> Result { - if self.identity.quote_policy().is_none() { - info!(self.logger, "Configuring quote policy"); + async fn set_quote_policy(&self) -> Result<()> { + info!(self.logger, "Configuring quote policy"); + // Use the correct quote policy for verifying our own identity based on what kind of + // application this is. For ROFL, ask the application, for RONL, query consensus. + let policy = if self.app.is_supported() { + // ROFL, ask the app for policy. + self.app.quote_policy().await? + } else { + // RONL. // TODO: Make async. let consensus_verifier = self.consensus_verifier.clone(); let version = self.version; let runtime_id = self.runtime_id; - let policy = tokio::task::block_in_place(move || { + tokio::task::block_in_place(move || { // Obtain current quote policy from (verified) consensus state. - PolicyVerifier::new(consensus_verifier).quote_policy(&runtime_id, version) - })?; + PolicyVerifier::new(consensus_verifier).quote_policy(&runtime_id, Some(version)) + })? + }; - self.identity.set_quote_policy(policy)?; - } + self.identity.set_quote_policy(policy)?; + + Ok(()) + } + + async fn set_quote(&self, quote: Quote) -> Result { + // Ensure a quote policy is configured. + self.set_quote_policy().await?; info!( self.logger, diff --git a/runtime/src/dispatcher.rs b/runtime/src/dispatcher.rs index 09088f545aa..e77c5b8ea0d 100644 --- a/runtime/src/dispatcher.rs +++ b/runtime/src/dispatcher.rs @@ -265,19 +265,12 @@ impl Dispatcher { error!(self.logger, "ROFL application initialization failed"; "err" => ?err); } - // Determine what runtime version to support during remote attestation. For runtimes that - // define a ROFL application, we use `None` to signal that the active version is used. - let version = if app.is_supported() { - None - } else { - Some(protocol.get_config().version) - }; - + let app: Arc = Arc::from(app); let state = State { protocol: protocol.clone(), consensus_verifier: consensus_verifier.clone(), dispatcher: self.clone(), - app: Arc::from(app), + app: app.clone(), rpc_demux: Arc::new(rpc_demux), rpc_dispatcher: Arc::new(rpc_dispatcher), txn_dispatcher: Arc::from(txn_dispatcher), @@ -286,7 +279,8 @@ impl Dispatcher { protocol.clone(), consensus_verifier.clone(), protocol.get_runtime_id(), - version, + protocol.get_config().version, + app, ), policy_verifier: Arc::new(PolicyVerifier::new(consensus_verifier)), cache_set: cache::CacheSet::new(protocol.clone()), diff --git a/runtime/src/identity.rs b/runtime/src/identity.rs index 796f41dae54..36d9bc853cc 100644 --- a/runtime/src/identity.rs +++ b/runtime/src/identity.rs @@ -59,8 +59,6 @@ enum QuoteError { NonceMismatch, #[error("quote policy not set")] QuotePolicyNotSet, - #[error("quote policy already set")] - QuotePolicyAlreadySet, #[error("node identity not set")] NodeIdentityNotSet, #[error("endorsed quote mismatch")] @@ -287,9 +285,6 @@ impl Identity { /// Configure the runtime quote policy. pub(crate) fn set_quote_policy(&self, policy: QuotePolicy) -> Result<()> { let mut inner = self.inner.write().unwrap(); - if inner.quote_policy.is_some() { - return Err(QuoteError::QuotePolicyAlreadySet.into()); - } inner.quote_policy = Some(Arc::new(policy)); Ok(()) diff --git a/runtime/src/rofl.rs b/runtime/src/rofl.rs index 99988b239da..aa4c68661c5 100644 --- a/runtime/src/rofl.rs +++ b/runtime/src/rofl.rs @@ -5,6 +5,7 @@ use anyhow::{bail, Result}; use async_trait::async_trait; use crate::{ + common::sgx, consensus::roothash, dispatcher::{Initializer, PostInitState, PreInitState}, host::Host, @@ -25,6 +26,24 @@ pub trait App: Send + Sync { Ok(()) } + /// Quote policy to use for verifying our own enclave identity. + async fn quote_policy(&self) -> Result { + // Default implementation uses a sane policy. + Ok(sgx::QuotePolicy { + ias: Some(sgx::ias::QuotePolicy { + disabled: true, // Disable legacy EPID attestation. + ..Default::default() + }), + pcs: Some(sgx::pcs::QuotePolicy { + // Allow TDX since that is not part of the default policy. + tdx: Some(sgx::pcs::TdxQuotePolicy { + allowed_tdx_modules: vec![], + }), + ..Default::default() + }), + }) + } + /// Called on new runtime block being received. async fn on_runtime_block(&self, blk: &roothash::AnnotatedBlock) -> Result<()> { // Default implementation does nothing.