Change from passing verifier to passing measurements

Previously many interfaces that wished to attest to an enclave would
create and pass a verifier down to the logic that would eventually try
and verify the enclave's report.
Now these interfaces pass in a `Vec<TrustedMeasurement>` with all of the
measurements they wish to verify against. This isolates the logic for
how an enclave report is verified to support different verification
methods based on EPID vs DCAP.

attest/ake/Cargo.toml

@@ -20,6 +20,7 @@ sgx-sim = [
 [dependencies]
 mc-attest-core = { path = "../../attest/core", default-features = false }
 mc-attest-verifier = { path = "../../attest/verifier", default-features = false }
+mc-attest-verifier-config = { path = "../../attest/verifier/config", default-features = false }
 mc-crypto-keys = { path = "../../crypto/keys", default-features = false }
 mc-crypto-noise = { path = "../../crypto/noise", default-features = false }
 

attest/ake/src/event.rs

@@ -6,7 +6,7 @@ use crate::mealy::{Input as MealyInput, Output as MealyOutput};
 use alloc::vec::Vec;
 use core::marker::PhantomData;
 use mc_attest_core::VerificationReport;
-use mc_attest_verifier::Verifier;
+use mc_attest_verifier_config::TrustedMeasurement;
 use mc_crypto_keys::Kex;
 use mc_crypto_noise::{
     HandshakeIX, HandshakeNX, HandshakePattern, NoiseCipher, NoiseDigest, ProtocolName,
@@ -223,8 +223,8 @@ where
     pub(crate) local_identity: KexAlgo::Private,
     /// This is the local node's ias report.
     pub(crate) ias_report: VerificationReport,
-    /// This is the verifier used to examine the initiator's IAS report
-    pub(crate) verifier: Verifier,
+    /// The measurements that the initiator's IAS report must conform to
+    pub(crate) measurements: Vec<TrustedMeasurement>,
 
     /// The auth request input, including payload, if any
     pub(crate) data: AuthRequestOutput<HandshakeIX, KexAlgo, Cipher, DigestAlgo>,
@@ -248,12 +248,12 @@ where
         data: AuthRequestOutput<HandshakeIX, KexAlgo, Cipher, DigestAlgo>,
         local_identity: KexAlgo::Private,
         ias_report: VerificationReport,
-        verifier: Verifier,
+        measurements: impl Into<Vec<TrustedMeasurement>>,
     ) -> Self {
         Self {
             local_identity,
             ias_report,
-            verifier,
+            measurements: measurements.into(),
             data,
         }
     }
@@ -287,14 +287,14 @@ impl MealyOutput for AuthResponseOutput {}
 /// The authentication response is combined with a verifier for the initiator.
 pub struct AuthResponseInput {
     pub(crate) data: Vec<u8>,
-    pub(crate) verifier: Verifier,
+    pub(crate) measurements: Vec<TrustedMeasurement>,
 }
 
 impl AuthResponseInput {
-    pub fn new(data: AuthResponseOutput, verifier: Verifier) -> Self {
+    pub fn new(data: AuthResponseOutput, measurements: impl Into<Vec<TrustedMeasurement>>) -> Self {
         Self {
             data: data.0,
-            verifier,
+            measurements: measurements.into(),
         }
     }
 }

attest/ake/src/initiator.rs

@@ -8,6 +8,7 @@ use crate::{
 };
 use alloc::vec::Vec;
 use mc_attest_core::{ReportDataMask, VerificationReport};
+use mc_attest_verifier::{Verifier, DEBUG_ENCLAVE};
 use mc_crypto_keys::{Kex, ReprBytes};
 use mc_crypto_noise::{
     HandshakeIX, HandshakeNX, HandshakeOutput, HandshakePattern, HandshakeState, HandshakeStatus,
@@ -162,7 +163,9 @@ where
                 let remote_report = VerificationReport::decode(output.payload.as_slice())
                     .map_err(|_e| Error::ReportDeserialization)?;
 
-                let mut verifier = input.verifier;
+                let measurements = input.measurements;
+                let mut verifier = Verifier::default();
+                verifier.measurements(&measurements).debug(DEBUG_ENCLAVE);
 
                 // We are not returning the report data and instead returning the raw report
                 // since that also includes the signature and certificate chain.

attest/ake/src/lib.rs

@@ -37,7 +37,7 @@ mod test {
     use aes_gcm::Aes256Gcm;
     use mc_attest_core::Quote;
     use mc_attest_net::{Client, RaClient};
-    use mc_attest_verifier::{MrSignerVerifier, Verifier, IAS_SIM_ROOT_ANCHORS};
+    use mc_attest_verifier_config::{TrustedMeasurement, TrustedMrSignerMeasurement};
     use mc_crypto_keys::{X25519Private, X25519Public, X25519};
     use mc_util_encodings::{FromBase64, ToX64};
     use mc_util_from_random::FromRandom;
@@ -78,17 +78,14 @@ mod test {
             .report_body()
             .expect("Could not retrieve report body from cached report");
 
-        // Construct a report verifier that will check the MRSIGNER, product ID, and
-        // security version
-        let mr_signer = MrSignerVerifier::new(
-            report_body.mr_signer(),
+        let mr_signer = TrustedMeasurement::from(TrustedMrSignerMeasurement::new(
+            &report_body.mr_signer().into(),
             report_body.product_id(),
             report_body.security_version(),
-        );
-
-        let mut verifier = Verifier::new(&[IAS_SIM_ROOT_ANCHORS])
-            .expect("Could not construct verifier with sim root anchors");
-        verifier.mr_signer(mr_signer).debug(true);
+            [] as [&str; 0],
+            [] as [&str; 0],
+        ));
+        let measurements = [mr_signer];
 
         let initiator = Start::new(RESPONDER_ID_STR.into());
         let responder = Start::new(RESPONDER_ID_STR.into());
@@ -101,15 +98,19 @@ mod test {
 
         // initiator = authpending, responder = start
 
-        let auth_request_input =
-            NodeAuthRequestInput::new(auth_request_output, identity, ias_report, verifier.clone());
+        let auth_request_input = NodeAuthRequestInput::new(
+            auth_request_output,
+            identity,
+            ias_report,
+            measurements.clone(),
+        );
         let (responder, auth_response_output) = responder
             .try_next(&mut csprng, auth_request_input)
             .expect("Responder could not process auth request");
 
         // initiator = authpending, responder = ready
 
-        let auth_response_input = AuthResponseInput::new(auth_response_output, verifier);
+        let auth_response_input = AuthResponseInput::new(auth_response_output, measurements);
         let (initiator, _) = initiator
             .try_next(&mut csprng, auth_response_input)
             .expect("Initiator not process auth response");

attest/ake/src/responder.rs

@@ -9,6 +9,7 @@ use crate::{
 };
 use alloc::vec::Vec;
 use mc_attest_core::{ReportDataMask, VerificationReport};
+use mc_attest_verifier::{Verifier, DEBUG_ENCLAVE};
 use mc_crypto_keys::{Kex, ReprBytes};
 use mc_crypto_noise::{
     HandshakeIX, HandshakeNX, HandshakePattern, HandshakeState, HandshakeStatus, NoiseCipher,
@@ -139,7 +140,9 @@ where
                 input.local_identity,
             )?;
 
-        let mut verifier = input.verifier;
+        let measurements = input.measurements;
+        let mut verifier = Verifier::default();
+        verifier.measurements(&measurements).debug(DEBUG_ENCLAVE);
 
         // Parse the received IAS report
         let remote_report = VerificationReport::decode(payload.as_slice())

connection/Cargo.toml

@@ -13,6 +13,7 @@ mc-attest-ake = { path = "../attest/ake" }
 mc-attest-api = { path = "../attest/api" }
 mc-attest-core = { path = "../attest/core" }
 mc-attest-verifier = { path = "../attest/verifier" }
+mc-attest-verifier-config = { path = "../attest/verifier/config" }
 mc-blockchain-types = { path = "../blockchain/types" }
 mc-common = { path = "../common" }
 mc-consensus-api = { path = "../consensus/api" }

connection/src/thick.rs

@@ -24,7 +24,7 @@ use mc_attest_ake::{
 };
 use mc_attest_api::{attest::Message, attest_grpc::AttestedApiClient};
 use mc_attest_core::VerificationReport;
-use mc_attest_verifier::Verifier;
+use mc_attest_verifier_config::TrustedMeasurement;
 use mc_blockchain_types::{Block, BlockID, BlockIndex};
 use mc_common::{
     logger::{log, o, Logger},
@@ -146,8 +146,9 @@ pub struct ThickClient<CP: CredentialsProvider> {
     attested_api_client: AttestedApiClient,
     /// The gRPC API client we will use for legacy transaction submission.
     consensus_client_api_client: ConsensusClientApiClient,
-    /// An object which can verify a consensus node's provided IAS report
-    verifier: Verifier,
+    /// The allowed measurements for the enclave. If the enclave matches any of
+    /// these measurements it will be allowed to attest.
+    measurements: Vec<TrustedMeasurement>,
     /// The AKE state machine object, if one is available.
     enclave_connection: Option<Ready<Aes256Gcm>>,
     /// Generic interface for retreiving GRPC credentials.
@@ -162,7 +163,7 @@ impl<CP: CredentialsProvider> ThickClient<CP> {
     pub fn new(
         chain_id: String,
         uri: ClientUri,
-        verifier: Verifier,
+        measurements: impl Into<Vec<TrustedMeasurement>>,
         env: Arc<Environment>,
         credentials_provider: CP,
         logger: Logger,
@@ -182,7 +183,7 @@ impl<CP: CredentialsProvider> ThickClient<CP> {
             blockchain_api_client,
             consensus_client_api_client,
             attested_api_client,
-            verifier,
+            measurements: measurements.into(),
             enclave_connection: None,
             credentials_provider,
             cookies: CookieJar::default(),
@@ -319,7 +320,7 @@ impl<CP: CredentialsProvider> AttestedConnection for ThickClient<CP> {
             })?;
 
         let auth_response_event =
-            AuthResponseInput::new(auth_response_msg.into(), self.verifier.clone());
+            AuthResponseInput::new(auth_response_msg.into(), self.measurements.clone());
         let (initiator, verification_report) =
             initiator.try_next(&mut csprng, auth_response_event)?;