feat: adds dcap attestation type (#18)

* feat: adds dcap attestation type

* chore: adds feature flag to write dcap quotes to disk

* chore: adds security relevant validation logic to the DCAP attestation

---------

Co-authored-by: fnerdman <frieder@flashbots.net>
Co-authored-by: Frieder Paape <frieder@konvera.io>

Author: 3 people

.gitignore

@@ -1,4 +1,5 @@
 /constellation/
 /cvm-reverse-proxy
 /measurements.json
-/build/
+/build/
+/quotes/

README.md

@@ -46,6 +46,7 @@ Client
 - `--client-measurements`: optional path to JSON measurements enforced on the client
 - `--log-json`: log in JSON format (default: false)
 - `--log-debug`: log debug messages (default: false)
+- `--log-dcap-quote`: log dcap quotes to folder quotes/ (default: false)
 - `--help, -h`: show help
 
 
@@ -91,6 +92,7 @@ This repository contains a [dummy http server](./cmd/dummy-server/main.go) that
 - `--client-attestation-type`: type of attestation to present (none, azure-tdx) (default: "none")
 - `--log-json`: log in JSON format (default: false)
 - `--log-debug`: log debug messages (default: false)
+- `--log-dcap-quote`: log dcap quotes to folder quotes/ (default: false)
 - `--help, -h`: show help
 
 
@@ -122,6 +124,16 @@ The measurements are expected to be a JSON map, and multiple valid measurements
 The (single) validated measurement is json-marshalled and forwarded (returned in the case of client) as "X-Flashbots-Measurement" header, and the type of attestation as "X-Flashbots-Attestation-Type" header. For mapping attestation types to OIDs and issuers, see [internal/attestation/variant/variant.go](./internal/attestation/variant/variant.go).
 To only validate and forward the measurement (as opposed to also authorizing the measurement against an expected one), simply provide an empty expected measurements object.
 
+### Debugging DCAP quote isses
+
+If logging dcap quotes to disk is enabled, issues with the respective quotes can be investigated using [github.com/google/go-tdx-guest](https://github.com/google/go-tdx-guest)'s check tool
+```
+git clone https://github.com/google/go-tdx-guest
+cd go-tdx-guest
+go build tools/check/check.go
+./check -verbosity 2 -get_collateral true -in quotes/quote_received_20241010_121042.dat
+```
+
 ---
 
 ## Notes

cmd/proxy-client/main.go

@@ -10,6 +10,7 @@ import (
 	"github.com/flashbots/cvm-reverse-proxy/common"
 	"github.com/flashbots/cvm-reverse-proxy/internal/atls"
 	"github.com/flashbots/cvm-reverse-proxy/proxy"
+	"github.com/flashbots/cvm-reverse-proxy/tdx"
 	"github.com/urfave/cli/v2" // imports as package "cli"
 )
 
@@ -57,6 +58,12 @@ var flags []cli.Flag = []cli.Flag{
 		Value: true,
 		Usage: "log debug messages",
 	},
+	&cli.BoolFlag{
+		Name:    "log-dcap-quote",
+		EnvVars: []string{"LOG_DCAP_QUOTE"},
+		Value:   false,
+		Usage:   "log dcap quotes to folder quotes/",
+	},
 }
 
 func main() {
@@ -78,6 +85,7 @@ func runClient(cCtx *cli.Context) error {
 	serverMeasurements := cCtx.String("server-measurements")
 	logJSON := cCtx.Bool("log-json")
 	logDebug := cCtx.Bool("log-debug")
+	tdx.SetLogDcapQuote(cCtx.Bool("log-dcap-quote"))
 
 	verifyTLS := cCtx.Bool("verify-tls")
 

cmd/proxy-server/main.go

@@ -14,6 +14,7 @@ import (
 	"github.com/flashbots/cvm-reverse-proxy/common"
 	"github.com/flashbots/cvm-reverse-proxy/internal/atls"
 	"github.com/flashbots/cvm-reverse-proxy/proxy"
+	"github.com/flashbots/cvm-reverse-proxy/tdx"
 	"github.com/urfave/cli/v2" // imports as package "cli"
 )
 
@@ -75,6 +76,12 @@ var flags []cli.Flag = []cli.Flag{
 		Value:   true,
 		Usage:   "log debug messages",
 	},
+	&cli.BoolFlag{
+		Name:    "log-dcap-quote",
+		EnvVars: []string{"LOG_DCAP_QUOTE"},
+		Value:   false,
+		Usage:   "log dcap quotes to folder quotes/",
+	},
 }
 
 var log *slog.Logger
@@ -102,6 +109,8 @@ func runServer(cCtx *cli.Context) error {
 	clientMeasurements := cCtx.String("client-measurements")
 	logJSON := cCtx.Bool("log-json")
 	logDebug := cCtx.Bool("log-debug")
+	tdx.SetLogDcapQuote(cCtx.Bool("log-dcap-quote"))
+
 	serverAttestationTypeFlag := cCtx.String("server-attestation-type")
 
 	certFile := cCtx.String("tls-certificate")

measurements.json

@@ -21,5 +21,22 @@
 		"9": {
 			"expected": "c9f429296634072d1063a03fb287bed0b2d177b0a504755ad9194cffd90b2489"
 		}
+	},
+	"dcap-tdx-example": {
+		"0": {
+			"expected": "5d56080eb9ef8ce0bbaf6bdcdadeeb06e7c5b0a4d1ec16be868a85a953babe0c5e54d01c8e050a54fe1ca078372530d2"
+		},
+		"1": {
+			"expected": "4216e925f796f4e282cfa6e72d4c77a80560987afa29155a61fdc33adb80eab0d4112abd52387e5e25a60deefb8a5287"
+		},
+		"2": {
+			"expected": "4274fefb79092c164000b571b64ecb432fa2357adb421fd1c77a867168d7d7f7fe82796d1eba092c7bab35cf43f5ec55"
+		},
+		"3": {
+			"expected": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+		},
+		"4": {
+			"expected": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+		}
 	}
 }

proxy/atls_config.go

@@ -12,8 +12,10 @@ import (
 
 	"github.com/flashbots/cvm-reverse-proxy/internal/atls"
 	azure_tdx "github.com/flashbots/cvm-reverse-proxy/internal/attestation/azure/tdx"
+	dcap_tdx "github.com/flashbots/cvm-reverse-proxy/tdx"
 	"github.com/flashbots/cvm-reverse-proxy/internal/attestation/measurements"
 	"github.com/flashbots/cvm-reverse-proxy/internal/attestation/variant"
+	"github.com/flashbots/cvm-reverse-proxy/internal/cloud/cloudprovider"
 	"github.com/flashbots/cvm-reverse-proxy/internal/config"
 )
 
@@ -22,16 +24,19 @@ type AttestationType string
 const (
 	AttestationNone     AttestationType = "none"
 	AttestationAzureTDX AttestationType = "azure-tdx"
+	AttestationDCAPTDX  AttestationType = "dcap-tdx"
 )
 
-const AvailableAttestationTypes string = "none, azure-tdx"
+const AvailableAttestationTypes string = "none, azure-tdx, dcap-tdx"
 
 func ParseAttestationType(attestationType string) (AttestationType, error) {
 	switch attestationType {
 	case string(AttestationNone):
 		return AttestationNone, nil
 	case string(AttestationAzureTDX):
 		return AttestationAzureTDX, nil
+	case string(AttestationDCAPTDX):
+		return AttestationDCAPTDX, nil
 	default:
 		return AttestationType(""), errors.New("invalid attestation-type passed in")
 	}
@@ -43,6 +48,8 @@ func CreateAttestationIssuer(log *slog.Logger, attestationType AttestationType)
 		return nil, nil
 	case AttestationAzureTDX:
 		return azure_tdx.NewIssuer(log), nil
+	case AttestationDCAPTDX:
+		return dcap_tdx.NewIssuer(log), nil
 	default:
 		return nil, errors.New("invalid attestation-type passed in")
 	}
@@ -73,6 +80,14 @@ func CreateAttestationValidators(log *slog.Logger, attestationType AttestationTy
 			validators = append(validators, azure_tdx.NewValidator(attConfig, AttestationLogger{Log: log}))
 		}
 		return []atls.Validator{NewMultiValidator(validators)}, nil
+	case AttestationDCAPTDX:
+		validators := []atls.Validator{}
+		for _, measurement := range parsedMeasurements {
+			attConfig := &config.QEMUTDX{Measurements: measurements.DefaultsFor(cloudprovider.QEMU, variant.QEMUTDX{})}
+			attConfig.SetMeasurements(measurement)
+			validators = append(validators, dcap_tdx.NewValidator(attConfig, AttestationLogger{Log: log}))
+		}
+		return []atls.Validator{NewMultiValidator(validators)}, nil
 	default:
 		return nil, errors.New("invalid attestation-type passed in")
 	}
@@ -86,6 +101,12 @@ func ExtractMeasurementsFromExtension(ext *pkix.Extension, v variant.Variant) (m
 			return nil, errors.New("could not parse measurements from raw attestations document")
 		}
 		return measurements, nil
+	case variant.QEMUTDX{}:
+		measurements, err := dcap_tdx.ParseDcapTDXAttestationMeasurementsRaw(ext.Value)
+		if err != nil {
+			return nil, errors.New("could not parse measurements from raw attestations document")
+		}
+		return measurements, nil
 	default:
 		return nil, errors.New("unsupported ATLS variant")
 	}

tdx/issuer.go

@@ -0,0 +1,120 @@
+/*
+Copyright (c) Edgeless Systems GmbH
+
+SPDX-License-Identifier: AGPL-3.0-only
+*/
+
+package tdx
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/flashbots/cvm-reverse-proxy/internal/attestation"
+	"github.com/flashbots/cvm-reverse-proxy/internal/attestation/variant"
+
+	"github.com/google/go-tdx-guest/client"
+)
+
+var logDcapQuote bool
+
+type tdxAttestationDocument struct {
+        // RawQuote is the raw TDX quote.
+        RawQuote []byte
+        // UserData is the user data that was passed to the enclave and was included in the quote.
+        UserData []byte
+}
+
+// Issuer is the TDX attestation issuer.
+type Issuer struct {
+	variant.QEMUTDX
+
+	log  attestation.Logger
+}
+
+// NewIssuer initializes a new TDX Issuer.
+func NewIssuer(log attestation.Logger) *Issuer {
+	if log == nil {
+		log = attestation.NOPLogger{}
+	}
+	return &Issuer{
+		log:  log,
+	}
+}
+
+func SetLogDcapQuote(logQuote bool) {
+	logDcapQuote = logQuote
+	if logDcapQuote {
+		// Create local folder "quotes" if it doesn't exist
+		if _, err := os.Stat("quotes"); os.IsNotExist(err) {
+			os.Mkdir("quotes", os.ModePerm)
+		}
+	}
+}
+
+// Issue issues a TDX attestation document.
+func (i *Issuer) Issue(_ context.Context, userData []byte, nonce []byte) (attDoc []byte, err error) {
+	i.log.Info("Issuing attestation statement")
+	defer func() {
+		if err != nil {
+			i.log.Warn(fmt.Sprintf("Failed to issue attestation document: %s", err))
+		}
+	}()
+
+	qp, err := client.GetQuoteProvider()
+	if err != nil {
+                return nil, fmt.Errorf("get quote provider: %w", err)
+        }
+
+	var checkedUserData [64]byte
+	copy(checkedUserData[:], attestation.MakeExtraData(userData, nonce))
+
+	quote, err := qp.GetRawQuote(checkedUserData)
+	if err != nil {
+		return nil, fmt.Errorf("generating quote: %w", err)
+	}
+
+	err = writeRawQuoteToDisk(quote, true)
+	if err != nil {
+		return nil, fmt.Errorf("writing quote to disk: %w", err)
+	}
+
+	rawAttDoc, err := json.Marshal(tdxAttestationDocument{
+		RawQuote: quote,
+		UserData: userData,
+	})
+	if err != nil {
+		return nil, fmt.Errorf("marshaling attestation document: %w", err)
+	}
+
+	return rawAttDoc, nil
+}
+
+func writeRawQuoteToDisk(RawQuote []byte, isIssued bool) error {
+	if !logDcapQuote {
+		return nil
+	}
+
+	timestamp := time.Now().Format("20060102_150405")
+	quoteType := "issued"
+	if !isIssued {
+		quoteType = "received"
+	}
+
+	fileName := fmt.Sprintf("quotes/quote_%s_%s.dat", quoteType, timestamp)
+	file, err := os.Create(fileName)
+	if err != nil {
+		return err
+	}
+	defer file.Close()
+
+	_, err = file.Write(RawQuote)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}