verify oe report with null format id

Signed-off-by: Qiucheng Wang <[email protected]>

common/attest_plugin.c

@@ -301,61 +301,78 @@ oe_result_t oe_verify_evidence(
 
     if (!format_id)
     {
-        oe_attestation_header_t* evidence =
-            (oe_attestation_header_t*)evidence_buffer;
+        // check whether evidence buffer structure is oe_report
+        oe_report_header_t* report = (oe_report_header_t*)evidence_buffer;
 
-        if (evidence_buffer_size < sizeof(oe_attestation_header_t) ||
-            evidence->version != OE_ATTESTATION_HEADER_VERSION)
-            OE_RAISE_MSG(
-                OE_INVALID_PARAMETER,
-                "Invalid attestation header version %d, expected %d",
-                evidence->version,
-                OE_ATTESTATION_HEADER_VERSION);
-
-        if (evidence_buffer_size !=
-            (evidence->data_size + sizeof(oe_attestation_header_t)))
-            OE_RAISE_MSG(
-                OE_INVALID_PARAMETER,
-                "Evidence size is invalid. "
-                "Header data size: %d bytes, evidence buffer size: %d",
-                evidence->data_size,
-                evidence_buffer_size);
-
-        if (endorsements_buffer)
+        if (evidence_buffer_size >= sizeof(oe_report_header_t) &&
+            report->version == OE_REPORT_HEADER_VERSION)
         {
-            oe_attestation_header_t* endorsements =
-                (oe_attestation_header_t*)endorsements_buffer;
+            format_id = &_uuid_legacy_report_remote;
+            plugin_evidence = evidence_buffer;
+            plugin_evidence_size = evidence_buffer_size;
+            plugin_endorsements = endorsements_buffer;
+            plugin_endorsements_size = endorsements_buffer_size;
+        }
+        else
+        {
+            oe_attestation_header_t* evidence =
+                (oe_attestation_header_t*)evidence_buffer;
 
-            if (endorsements_buffer_size < sizeof(oe_attestation_header_t) ||
-                endorsements->version != OE_ATTESTATION_HEADER_VERSION)
+            if (evidence_buffer_size < sizeof(oe_attestation_header_t) ||
+                evidence->version != OE_ATTESTATION_HEADER_VERSION)
                 OE_RAISE_MSG(
                     OE_INVALID_PARAMETER,
                     "Invalid attestation header version %d, expected %d",
-                    endorsements->version,
+                    evidence->version,
                     OE_ATTESTATION_HEADER_VERSION);
 
-            if (endorsements_buffer_size !=
-                (endorsements->data_size + sizeof(oe_attestation_header_t)))
+            if (evidence_buffer_size !=
+                (evidence->data_size + sizeof(oe_attestation_header_t)))
                 OE_RAISE_MSG(
                     OE_INVALID_PARAMETER,
-                    "Endorsements buffer size is invalid. "
-                    "Header data size: %d bytes, endorsements buffer size: %d",
-                    endorsements->data_size,
-                    endorsements_buffer_size);
-
-            if (memcmp(
-                    &evidence->format_id,
-                    &endorsements->format_id,
-                    sizeof(evidence->format_id)) != 0)
-                OE_RAISE(OE_CONSTRAINT_FAILED);
-
-            plugin_endorsements = endorsements->data;
-            plugin_endorsements_size = endorsements->data_size;
-        }
+                    "Evidence size is invalid. "
+                    "Header data size: %d bytes, evidence buffer size: %d",
+                    evidence->data_size,
+                    evidence_buffer_size);
 
-        plugin_evidence = evidence->data;
-        plugin_evidence_size = evidence->data_size;
-        format_id = &evidence->format_id;
+            if (endorsements_buffer)
+            {
+                oe_attestation_header_t* endorsements =
+                    (oe_attestation_header_t*)endorsements_buffer;
+
+                if (endorsements_buffer_size <
+                        sizeof(oe_attestation_header_t) ||
+                    endorsements->version != OE_ATTESTATION_HEADER_VERSION)
+                    OE_RAISE_MSG(
+                        OE_INVALID_PARAMETER,
+                        "Invalid attestation header version %d, expected %d",
+                        endorsements->version,
+                        OE_ATTESTATION_HEADER_VERSION);
+
+                if (endorsements_buffer_size !=
+                    (endorsements->data_size + sizeof(oe_attestation_header_t)))
+                    OE_RAISE_MSG(
+                        OE_INVALID_PARAMETER,
+                        "Endorsements buffer size is invalid. "
+                        "Header data size: %d bytes, endorsements buffer size: "
+                        "%d",
+                        endorsements->data_size,
+                        endorsements_buffer_size);
+
+                if (memcmp(
+                        &evidence->format_id,
+                        &endorsements->format_id,
+                        sizeof(evidence->format_id)) != 0)
+                    OE_RAISE(OE_CONSTRAINT_FAILED);
+
+                plugin_endorsements = endorsements->data;
+                plugin_endorsements_size = endorsements->data_size;
+            }
+
+            plugin_evidence = evidence->data;
+            plugin_evidence_size = evidence->data_size;
+            format_id = &evidence->format_id;
+        }
     }
     else
     {
@@ -405,7 +422,7 @@ oe_result_t oe_verify_attestation_certificate_with_evidence(
     oe_cert_t cert = {0};
     uint8_t* report = NULL;
     size_t report_size = 0;
-    oe_report_header_t* header = NULL;
+    oe_attestation_header_t* header = NULL;
     uint8_t* pub_key_buff = NULL;
     size_t pub_key_buff_size = KEY_BUFF_SIZE;
     oe_claim_t* claims = NULL;
@@ -472,7 +489,7 @@ oe_result_t oe_verify_attestation_certificate_with_evidence(
     if (oid_array_index >= 2) // oid_oe_evidence or oid_new_oe_evidence
     {
         // find the report version
-        header = (oe_report_header_t*)report;
+        header = (oe_attestation_header_t*)report;
         if (header->version != OE_ATTESTATION_HEADER_VERSION)
             OE_RAISE_MSG(
                 OE_INVALID_PARAMETER,

docs/DesignDocs/AttestationEvidenceFormatSupport.md

@@ -15,24 +15,24 @@ Goals:
 User Experience
 ---------------
 
-New parameter `format_id` will be added to `oe_verify_evidence` to verify various evidences other than the ones generated by `oe_get_evidence()`, such as a raw SGX quote. To verify an evidence generated by `oe_get_evidence()`, `format_id` should be `null`.
+New parameter `format_id` will be added to `oe_verify_evidence()` to verify various evidences other than the ones generated by `oe_get_evidence()`, such as a raw SGX quote. To verify an evidence generated by `oe_get_evidence()`, `format_id` should be `null`. To verify an evidence generated by the legacy API `oe_get_report()`, the `format_id` can be `null` optionally so that `oe_verify_evidence()` could handle both evidence formats with the same input parameters.
 
 Scenario 1 - Verifier verifies a raw evidence (not generated by `oe_get_evidence()`) of known format id:
 
 1. Call OE SDK public API to initialize verifier plugins.
 2. Get the raw evidence and its format id from an attester, such as get a raw sgx quote from Intel SGX SDK.
 3. Call the new API with the evidence and the format id to verify the evidence.
 
-Scenario 2 - Verifier verifies an evidence generated by `oe_get_evidence()`:
+Scenario 2 - Verifier verifies an evidence generated by `oe_get_evidence()` or legacy `oe_get_report()`:
 
 1. Call OE SDK public API to initialize verifier plugins.
-2. Call the new API to verify the evidence. The format id is not required because it is contained in the evidence buffer.
+2. Call the new API to verify the evidence. The format id is not required.
 
 Scenario 1 is for users who provide their own evidence structures (like #2999, user hopes to verify a raw sgx quote).
 
-Scenario 2 is for users use the existing OESDK everywhere. They can use oe_generate_evidence to generate an oe_evidence structure and verify it by oe_verify_evidence.
+Scenario 2 is for users use the existing OESDK everywhere. They can use `oe_get_evidence()` to generate an oe_evidence structure and verify it by `oe_verify_evidence()`.
 
-In scenario 2, users should pass a `null` format id so that new `oe_get_evidence()` avoids guessing the provided evidence is a raw evidence or an oe_evidence, and the cases that the provided format id is not consistent with the id contained in the oe_evidence buffer.
+In scenario 2, users should pass a `null` format id so that new `oe_verify_evidence()` avoids guessing the provided evidence is generated by an OESDK API (`oe_get_evidence()` or legacy `oe_get_report()`) or not, and the cases that the provided format id is not consistent with the id contained in the oe_evidence buffer.
 ```
 Attester				        Verifier
 --------- 				        ----------
@@ -64,17 +64,17 @@ oe_result_t oe_verify_evidence(
     oe_claim_t** claims,
     size_t* claims_length);
 ```
-This API is used to verify both evidences whose format id is provided by verifier and who is generated by `oe_get_evidence()`. When actual format_id is provided, it decouples evidence format ID and raw evidence buffer. When format_id is `null`, the API acts the same as previous `oe_get_evidence()`. This new design will provide more flexibility.
+This API is used to verify both evidences whose format id is provided by verifier and who is generated by `oe_get_evidence()`. When actual format_id is provided, it decouples evidence format ID and raw evidence buffer. When format_id is `null`, the API acts the same as previous `oe_verify_evidence()`. This new design will provide more flexibility.
 
 
 ### New Format ID
-According to issue #2999 reported by attestation service, it has to support two new evidence formats: the raw evidence generated by SGX quote generation and `oe_get_report()`. Thus, two new id need to be defined for evidence generated by `oe_get_report()`.
+According to issue #2999 reported by attestation service, it has to support two new evidence formats: the raw evidence generated by SGX quote generation and `oe_get_report()`. Thus, two new id were defined.
 
 ```
-#define OE_FORMAT_UUID_SGX_ECDSA_P256_QUOTE  { _uuid_ }
-#define OE_FORMAT_UUID_SGX_ECDSA_P256_REPORT { _uuid_ }
+#define OE_FORMAT_UUID_RAW_SGX_QUOTE_ECDSA  { _uuid_ }
+#define OE_FORMAT_UUID_LEGACY_REPORT_REMOTE { _uuid_ }
 ```
-Current `OE_FORMAT_UUID_SGX_ECDSA_P256` format id is still used to identify the SGX ECDSA-p256 evidence generated by `oe_get_evidence()`.
+`OE_FORMAT_UUID_SGX_ECDSA` format id is still used to identify the SGX ECDSA-p256 evidence generated by `oe_get_evidence()`.
 
 
 ### Additional Claims

docs/DesignDocs/Attestation_API_Proposal.md

@@ -250,13 +250,9 @@ Use cases for evidence verification:
 - Verify evidence, optionally with a set of endorsements and policies.
   - Function `oe_result_t oe_verify_evidence(const oe_uuid_t* format_id, const uint8_t* evidence_buffer, size_t evidence_buffer_size, const uint8_t* endorsements_buffer, size_t endorsements_buffer_size, const oe_policy_t* policies, size_t policies_size, oe_claim_t** claims, size_t* claims_length)`.
   - The optional parameter `format_id` is added.
-    - If it is `NULL`, the `evidence_buffer` and `endorsements_buffer`
-    must be wrapped with an attestation header that contains a valid
-    format ID.
-    - Otherwise, it must hold a valid format ID that identifies the
-    type of evidence and endorsements data in the `evidence_buffer` and
-    `endorsements_buffer` parameters. The data in these two buffers must not
-    be wrapped with an attestation header.
+    - If the `evidence_buffer` is generated by the legacy API `oe_get_report()`, the `format_id` could optionally be `NULL` and it will then be assigned to `OE_FORMAT_UUID_LEGACY_REPORT_REMOTE`.
+    - Otherwise, if the `format_id` is `NULL`, the `evidence_buffer` and `endorsements_buffer` must be wrapped with an attestation header that contains a valid format ID.
+    - If the `format_id` is not `NULL`, it must hold a valid format ID that identifies the type of evidence and endorsements data in the `evidence_buffer` and `endorsements_buffer` parameters. The data in these two buffers must not be wrapped with an attestation header.
   - Otherwise, this function has the same definition as in the OE SDK V0.9
   release.
 - Free a dynamically allocated claims list buffer.
@@ -659,6 +655,8 @@ The API function `oe_verify_evidence()` supports the values listed below in its
 * `NULL`:
   * The input evidence is generated by `oe_get_evidence()`, with
   the `OE_EVIDENCE_FLAGS_EMBED_FORMAT_ID` bit set in its `flags` parameter.
+  * The input evidence is an OE report generated by the legacy API function
+  `oe_get_report()` with the `OE_REPORT_FLAGS_REMOTE_ATTESTATION` flag.
 * `OE_FORMAT_UUID_SGX_LOCAL_ATTESTATION`:
   * The input evidence is generated by `oe_get_evidence()` for format
   `OE_FORMAT_UUID_SGX_LOCAL_ATTESTATION`, with the

include/openenclave/attestation/verifier.h

@@ -139,9 +139,10 @@ oe_result_t oe_verifier_free_format_settings(uint8_t* settings);
  *
  * @param[in] format_id The optional format id of the evidence to be verified.
  * If this parameter is NULL, the evidence_buffer (and endorsement_buffer if
- * not NULL) must contain data with an attestation header holding a valid
- * format id. Otherwise, this parameter must hold a valid format id, and the
- * envidence and endorsements data must not be wrapped with an attestation
+ * not NULL) must either contain data with an attestation header holding a valid
+ * format id, or be an oe report generated by the legacy API function
+ * oe_get_report(). Otherwise, this parameter must hold a valid format id, and
+ * the envidence and endorsements data must not be wrapped with an attestation
  * header.
  * @param[in] evidence_buffer The evidence buffer.
  * @param[in] evidence_buffer_size The size of evidence_buffer in bytes.