Make endorsements an optional argument for policies

This is needed for binaries that don't have corresponding endorsements and
are purely verified by the policy. I.e. binaries that are not published
into the transparency log like Confidential Borg binaries.

Fixes: 369775157
Change-Id: Iebbd559ea799423bc082bffb6cbd088bd6cfb26d

Author: ipetr0v

oak_attestation_verification/src/policy/application.rs

@@ -39,10 +39,10 @@ impl ApplicationPolicy {
     }
 }
 
-// We have to use [`Policy<[u8], Variant>`] instead of [`EventPolicy`], because
+// We have to use [`Policy<[u8]>`] instead of [`EventPolicy`], because
 // Rust doesn't yet support implementing trait aliases.
 // <https://github.com/rust-lang/rfcs/blob/master/text/1733-trait-alias.md>
-impl Policy<[u8], Variant> for ApplicationPolicy {
+impl Policy<[u8]> for ApplicationPolicy {
     fn verify(
         &self,
         encoded_event: &[u8],
@@ -53,12 +53,12 @@ impl Policy<[u8], Variant> for ApplicationPolicy {
             "type.googleapis.com/oak.attestation.v1.ApplicationLayerData",
             encoded_event,
         )?;
-        let endorsement: ApplicationEndorsement =
+        let endorsement: Option<ApplicationEndorsement> =
             encoded_endorsement.try_into().map_err(anyhow::Error::msg)?;
 
         let expected_values = acquire_application_event_expected_values(
             milliseconds_since_epoch,
-            Some(&endorsement),
+            endorsement.as_ref(),
             &self.reference_values,
         )
         .context("couldn't verify application endorsements")?;

oak_attestation_verification/src/policy/binary.rs

@@ -36,7 +36,7 @@ impl BinaryPolicy {
     }
 }
 
-impl Policy<[u8], Variant> for BinaryPolicy {
+impl Policy<[u8]> for BinaryPolicy {
     fn verify(
         &self,
         encoded_event: &[u8],

oak_attestation_verification/src/policy/container.rs

@@ -47,10 +47,10 @@ impl ContainerPolicy {
     }
 }
 
-// We have to use [`Policy<[u8], Variant>`] instead of [`EventPolicy`], because
+// We have to use [`Policy<[u8]>`] instead of [`EventPolicy`], because
 // Rust doesn't yet support implementing trait aliases.
 // <https://github.com/rust-lang/rfcs/blob/master/text/1733-trait-alias.md>
-impl Policy<[u8], Variant> for ContainerPolicy {
+impl Policy<[u8]> for ContainerPolicy {
     fn verify(
         &self,
         encoded_event: &[u8],
@@ -61,12 +61,12 @@ impl Policy<[u8], Variant> for ContainerPolicy {
             "type.googleapis.com/oak.attestation.v1.ContainerLayerData",
             encoded_event,
         )?;
-        let endorsement: ContainerEndorsement =
+        let endorsement: Option<ContainerEndorsement> =
             encoded_endorsement.try_into().map_err(anyhow::Error::msg)?;
 
         let expected_values = acquire_container_event_expected_values(
             milliseconds_since_epoch,
-            Some(&endorsement),
+            endorsement.as_ref(),
             &self.reference_values,
         )
         .context("couldn't verify container endorsements")?;

oak_attestation_verification/src/policy/firmware.rs

@@ -36,20 +36,20 @@ impl FirmwarePolicy {
     }
 }
 
-impl Policy<[u8], Variant> for FirmwarePolicy {
+impl Policy<[u8]> for FirmwarePolicy {
     fn verify(
         &self,
         firmware_measurement: &[u8],
         encoded_endorsement: &Variant,
         milliseconds_since_epoch: i64,
     ) -> anyhow::Result<EventAttestationResults> {
         let initial_measurement = convert_amd_sev_snp_initial_measurement(firmware_measurement);
-        let endorsement: FirmwareEndorsement =
+        let endorsement: Option<FirmwareEndorsement> =
             encoded_endorsement.try_into().map_err(anyhow::Error::msg)?;
 
         let expected_values = acquire_stage0_expected_values(
             milliseconds_since_epoch,
-            Some(&endorsement),
+            endorsement.as_ref(),
             &self.reference_values,
         )
         .context("getting stage0 values")?;

oak_attestation_verification/src/policy/kernel.rs

@@ -39,7 +39,7 @@ impl KernelPolicy {
     }
 }
 
-impl Policy<[u8], Variant> for KernelPolicy {
+impl Policy<[u8]> for KernelPolicy {
     fn verify(
         &self,
         encoded_event: &[u8],
@@ -51,12 +51,12 @@ impl Policy<[u8], Variant> for KernelPolicy {
                 "type.googleapis.com/oak.attestation.v1.Stage0Measurements",
                 encoded_event,
             )?);
-        let endorsement: KernelEndorsement =
+        let endorsement: Option<KernelEndorsement> =
             encoded_endorsement.try_into().map_err(anyhow::Error::msg)?;
 
         let expected_values = acquire_kernel_event_expected_values(
             milliseconds_since_epoch,
-            Some(&endorsement),
+            endorsement.as_ref(),
             &self.reference_values,
         )
         .context("couldn't verify kernel endorsements")?;

oak_attestation_verification/src/policy/platform.rs

@@ -40,7 +40,7 @@ impl AmdSevSnpPolicy {
     }
 }
 
-impl Policy<AttestationReport, Variant> for AmdSevSnpPolicy {
+impl Policy<AttestationReport> for AmdSevSnpPolicy {
     fn verify(
         &self,
         attestation_report: &AttestationReport,

oak_attestation_verification/src/policy/system.rs

@@ -38,7 +38,7 @@ impl SystemPolicy {
     }
 }
 
-impl Policy<[u8], Variant> for SystemPolicy {
+impl Policy<[u8]> for SystemPolicy {
     fn verify(
         &self,
         encoded_event: &[u8],
@@ -49,12 +49,12 @@ impl Policy<[u8], Variant> for SystemPolicy {
             "type.googleapis.com/oak.attestation.v1.SystemLayerData",
             encoded_event,
         )?;
-        let endorsement: SystemEndorsement =
+        let endorsement: Option<SystemEndorsement> =
             encoded_endorsement.try_into().map_err(anyhow::Error::msg)?;
 
         let expected_values = acquire_system_event_expected_values(
             milliseconds_since_epoch,
-            Some(&endorsement),
+            endorsement.as_ref(),
             &self.reference_values,
         )
         .context("couldn't verify system endorsement")?;

oak_attestation_verification/src/verifier.rs

@@ -432,23 +432,34 @@ fn verify_event_log(
     policies: &[Box<dyn EventPolicy>],
     milliseconds_since_epoch: i64,
 ) -> anyhow::Result<Vec<EventAttestationResults>> {
-    if event_log.encoded_events.len() != event_endorsements.len() {
-        anyhow::bail!(
-            "event log length ({}) is not equal to the number of endorsements ({})",
-            event_log.encoded_events.len(),
-            event_endorsements.len()
-        );
-    }
     if policies.len() != event_log.encoded_events.len() {
         anyhow::bail!(
             "number of policies ({}) is not equal to the event log length ({})",
             policies.len(),
             event_log.encoded_events.len()
         );
     }
+    if event_log.encoded_events.len() < event_endorsements.len() {
+        anyhow::bail!(
+            "event log length ({}) is smaller than the number of endorsements ({})",
+            event_log.encoded_events.len(),
+            event_endorsements.len()
+        );
+    }
+
+    // Pad `event_endorsements` with an empty [`Variant`] to the same length as the
+    // event log.
+    let empty_endorsement = Variant::default();
+    let mut padded_event_endorsements: Vec<&Variant> = event_endorsements.iter().collect();
+    if event_log.encoded_events.len() > event_endorsements.len() {
+        padded_event_endorsements.extend(
+            core::iter::repeat(&empty_endorsement)
+                .take(event_log.encoded_events.len() - event_endorsements.len()),
+        );
+    }
 
     let verification_iterator =
-        izip!(policies.iter(), event_log.encoded_events.iter(), event_endorsements.iter());
+        izip!(policies.iter(), event_log.encoded_events.iter(), padded_event_endorsements.iter());
     let event_attestation_results = verification_iterator
         .map(|(event_policy, event, event_endorsement)| {
             event_policy.verify(event, event_endorsement, milliseconds_since_epoch).unwrap_or(

oak_attestation_verification_types/src/policy.rs

@@ -22,15 +22,15 @@ use oak_proto_rust::oak::{attestation::v1::EventAttestationResults, Variant};
 /// Verification Policy correspond to the "Appraisal Policy for Evidence"
 /// provided by the RATS standard.
 /// <https://datatracker.ietf.org/doc/html/rfc9334#section-8.5>
-pub trait Policy<V: ?Sized, N: ?Sized>: Send + Sync {
+pub trait Policy<V: ?Sized>: Send + Sync {
     fn verify(
         &self,
         evidence: &V,
-        endorsement: &N,
+        endorsement: &Variant,
         milliseconds_since_epoch: i64,
     ) -> anyhow::Result<EventAttestationResults>;
 }
 
 /// Verification Policy that takes an encoded Event and an encoded Event
 /// Endorsement and performs attestation verification for this specific Event.
-pub trait EventPolicy = Policy<[u8], Variant>;
+pub trait EventPolicy = Policy<[u8]>;

oak_proto_rust/src/variant.rs

@@ -23,6 +23,18 @@ use crate::oak::{
     Variant,
 };
 
+impl Variant {
+    pub fn is_empty(&self) -> bool {
+        self.id.is_empty()
+    }
+}
+
+impl From<Option<Variant>> for Variant {
+    fn from(value: Option<Variant>) -> Self {
+        value.unwrap_or_default()
+    }
+}
+
 /// A random ID for each endorsement protocol buffer type that appears as ID
 /// in the oak::Variant encoding.
 const AMD_SEV_SNP_PLATFORM_ENDORSEMENT_ID: [u8; 16] =
@@ -88,6 +100,25 @@ impl TryFrom<&Variant> for ApplicationEndorsement {
     }
 }
 
+macro_rules! impl_try_from_variant_to_option {
+    ($value_type:ty) => {
+        impl TryFrom<&Variant> for Option<$value_type> {
+            type Error = &'static str;
+            fn try_from(value: &Variant) -> Result<Self, Self::Error> {
+                let result = if !value.is_empty() { Some(value.try_into()?) } else { None };
+                Ok(result)
+            }
+        }
+    };
+}
+
+impl_try_from_variant_to_option!(AmdSevSnpEndorsement);
+impl_try_from_variant_to_option!(FirmwareEndorsement);
+impl_try_from_variant_to_option!(KernelEndorsement);
+impl_try_from_variant_to_option!(SystemEndorsement);
+impl_try_from_variant_to_option!(ContainerEndorsement);
+impl_try_from_variant_to_option!(ApplicationEndorsement);
+
 impl From<AmdSevSnpEndorsement> for Variant {
     fn from(value: AmdSevSnpEndorsement) -> Self {
         Variant { id: AMD_SEV_SNP_PLATFORM_ENDORSEMENT_ID.to_vec(), value: value.encode_to_vec() }