def invoke_get_quote(self, agent, need_pubkey):
print("invoke_get_quote")
# print(type(agent)) dictionary
params = cloud_verifier_common.prepare_get_quote(agent)
agent[
'operational_state'] = cloud_verifier_common.CloudAgent_Operational_State.GET_QUOTE # =3
client = tornado.httpclient.AsyncHTTPClient()
# https://www.tornadoweb.org/en/stable/httpclient.html
partial_req = "1"
if need_pubkey:
partial_req = "0"
url = "http://%s:%d/quotes/integrity?nonce=%s&mask=%s&vmask=%s&partial=%s" % (
agent['ip'], agent['port'], params["nonce"], params["mask"],
params['vmask'], partial_req)
# the following line adds the agent and params arguments to the callback as a convenience
cb = functools.partial(self.on_get_quote_response, agent,
url) # functools is invoked
# wrap function into a variable and partialy set serveral parameters
# where is the response para? provided by fetch?
'''
If a ``callback`` is given, it will be invoked with the `HTTPResponse`.
In the callback interface, `HTTPError` is not automatically raised.
Instead, you must check the response's ``error`` attribute or
call its `~HTTPResponse.rethrow` method.
'''
client.fetch(url, callback=cb) # quote is in the feed back
# fetch is improtant
# print("get quote from agent")
print(url)
async def invoke_get_quote(self, agent, need_pubkey):
if agent is None:
raise Exception("agent deleted while being processed")
params = cloud_verifier_common.prepare_get_quote(agent)
partial_req = "1"
if need_pubkey:
partial_req = "0"
res = tornado_requests.request(
"GET",
"http://%s:%d/quotes/integrity?nonce=%s&mask=%s&vmask=%s&partial=%s"
% (agent['ip'], agent['port'], params["nonce"], params["mask"],
params['vmask'], partial_req),
context=None)
response = await res
if response.status_code != 200:
# this is a connection error, retry get quote
if response.status_code == 599:
asyncio.ensure_future(
self.process_agent(
agent, cloud_verifier_common.
CloudAgent_Operational_State.GET_QUOTE_RETRY))
else:
# catastrophic error, do not continue
error = "Unexpected Get Quote response error for cloud agent " + \
agent['agent_id'] + ", Error: " + str(response.status_code)
logger.critical(error)
asyncio.ensure_future(
self.process_agent(
agent, cloud_verifier_common.
CloudAgent_Operational_State.FAILED))
else:
try:
json_response = json.loads(response.body)
# validate the cloud agent response
if cloud_verifier_common.process_quote_response(
agent, json_response['results']):
if agent['provide_V']:
asyncio.ensure_future(
self.process_agent(
agent, cloud_verifier_common.
CloudAgent_Operational_State.PROVIDE_V))
else:
asyncio.ensure_future(
self.process_agent(
agent, cloud_verifier_common.
CloudAgent_Operational_State.GET_QUOTE))
else:
asyncio.ensure_future(
self.process_agent(
agent, cloud_verifier_common.
CloudAgent_Operational_State.INVALID_QUOTE))
except Exception as e:
logger.exception(e)
async def invoke_get_quote(agent, need_pubkey):
if agent is None:
raise Exception("agent deleted while being processed")
params = cloud_verifier_common.prepare_get_quote(agent)
partial_req = "1"
if need_pubkey:
partial_req = "0"
version = keylime_api_version.current_version()
res = tornado_requests.request(
"GET",
"http://%s:%d/v%s/quotes/integrity?nonce=%s&mask=%s&vmask=%s&partial=%s&ima_ml_entry=%d"
%
(agent['ip'], agent['port'], version, params["nonce"], params["mask"],
params['vmask'], partial_req, params['ima_ml_entry']),
context=None)
response = await res
if response.status_code != 200:
# this is a connection error, retry get quote
if response.status_code == 599:
asyncio.ensure_future(process_agent(agent, states.GET_QUOTE_RETRY))
else:
# catastrophic error, do not continue
logger.critical(
"Unexpected Get Quote response error for cloud agent %s, Error: %s",
agent['agent_id'], response.status_code)
asyncio.ensure_future(process_agent(agent, states.FAILED))
else:
try:
json_response = json.loads(response.body)
# validate the cloud agent response
if 'provide_V' not in agent:
agent['provide_V'] = True
agentAttestState = get_AgentAttestStates().get_by_agent_id(
agent['agent_id'])
if cloud_verifier_common.process_quote_response(
agent, json_response['results'], agentAttestState):
if agent['provide_V']:
asyncio.ensure_future(
process_agent(agent, states.PROVIDE_V))
else:
asyncio.ensure_future(
process_agent(agent, states.GET_QUOTE))
else:
asyncio.ensure_future(
process_agent(agent, states.INVALID_QUOTE))
# store the attestation state
store_attestation_state(agentAttestState)
except Exception as e:
logger.exception(e)
def invoke_get_quote(self, agent, need_pubkey):
params = cloud_verifier_common.prepare_get_quote(agent)
agent['operational_state'] = cloud_verifier_common.CloudAgent_Operational_State.GET_QUOTE
client = tornado.httpclient.AsyncHTTPClient()
partial_req = "1"
if need_pubkey:
partial_req = "0"
url = "http://%s:%d/quotes/integrity?nonce=%s&mask=%s&vmask=%s&partial=%s"%(agent['ip'],agent['port'],params["nonce"],params["mask"],params['vmask'],partial_req)
# the following line adds the agent and params arguments to the callback as a convenience
cb = functools.partial(self.on_get_quote_response, agent, url)
client.fetch(url, callback=cb)
async def invoke_get_prov_quote(self, agent, need_pubkey):
# obviously not need pubkey, delete latter
params = cloud_verifier_common.prepare_get_quote(agent)
logger.info(
"invoking Teneant Verifier -> Provider Verifier communication")
logger.debug(params['provider_ip'])
logger.debug(params['provider_port'])
agent[
'operational_state'] = cloud_verifier_common.CloudAgent_Operational_State.GET_PROVIDER_QUOTE
url = "http://%s:%d/verifier?nonce=%s&mask=%s&vmask=%s" % (
params['provider_ip'], params['provider_port'], params["nonce"],
params["mask"], params['vmask'])
logger.debug(
"Tenant Provider requesting quote from provider verifier, url: ",
url)
res = tornado_requests.request("GET", url, context=None)
response = await res
if response.status_code != 200:
if response.status_code == 599:
asyncio.ensure_future(
self.process_agent(
agent, cloud_verifier_common.
CloudAgent_Operational_State.GET_PROVIDER_QUOTE_RETRY))
else:
error = "Unexpected Get Quote response error for provider: " + params[
'provider_ip'] + ":" + str(
params['provider_port']) + ", Error: " + str(
response.status_code)
logger.critical(error)
asyncio.ensure_future(
self.process_agent(
agent, cloud_verifier_common.
CloudAgent_Operational_State.FAILED))
else:
try:
json_response = json.loads(response.body)
result = json_response.get('results')
#Merkle Tree Proof that was returned with Provider Agent signed quote
nonce_proof = string_to_proof(result['nonce_proof'])
logger.debug(
"Was Tenant nonce in provider merkle tree: ",
merklelib.verify_leaf_inclusion(params.get("nonce"),
nonce_proof, hashfunc,
result['merkle_head']))
#Hackish Way to "Register" the Tenant Verifier with public AIK of Provider Agent so that Tenant may
#confirm quote
#Sends get_keys request to Provider Registrar
#Makes it so tenant dosn't have to harcode provider verifier information
registrar_client.init_client_tls(config, 'cloud_verifier')
registrar_keys = registrar_client.getKeys(
params['provider_ip'],
config.get("general", "registrar_tls_port"),
agent['agent_id'])
#provider_agent = {'v': '5IDWvzBPeLjpJ6f1woEmm7/SU+/AA8JWtWR9mIQXDGk=', 'ip': '11.0.0.22', 'port': 9002, 'provider_ip': None, 'provider_port': 0, 'operational_state': 3, 'public_key': '-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwp02Zhqyk3i/GFJPPH54\nlJSElPUQmLZeVpTXKYAvuttuYSjwz2fGATCiffKHnZmfIHUhMGH+zKvtFPCy/Dwo\nOKUWBfhU1QjEFP6EKywiPk8a0uDipQNq87ELJfnPRKA0leIIkyYFIpYfn/TvlthA\nweUlX15OpWHn+x9sDA2HldZZae4YS/51pW0GM8biHNhcQ4J1c+DYc+HKojobmBHz\nKtBAmmd5HdThFSSBhqFo8J+hs0+2Mr4LRiqYwAYwGsYNQblcZAvIAboqR2GZ4XL8\nYlJnzCpyoVLSQPM4FmupJhexp5PAHUzdJ96wsS8AVy/+i3tp+l43+fL9CI1LYBQD\newIDAQAB\n-----END PUBLIC KEY-----\n', 'tpm_policy': {'22': ['0000000000000000000000000000000000000001', '0000000000000000000000000000000000000000000000000000000000000001', '000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001', 'ffffffffffffffffffffffffffffffffffffffff', 'ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff', 'ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'], '15': ['0000000000000000000000000000000000000000', '0000000000000000000000000000000000000000000000000000000000000000', '000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000'], 'mask': '0x408000'}, 'vtpm_policy': {'23': ['ffffffffffffffffffffffffffffffffffffffff', '0000000000000000000000000000000000000000'], '15': ['0000000000000000000000000000000000000000'], 'mask': '0x808000'}, 'metadata': {}, 'ima_whitelist': {}, 'revocation_key': '', 'tpm_version': 2, 'accept_tpm_hash_algs': ['sha512', 'sha384', 'sha256', 'sha1'], 'accept_tpm_encryption_algs': ['ecc', 'rsa'], 'accept_tpm_signing_algs': ['ecschnorr', 'rsassa'], 'hash_alg': 'sha256', 'enc_alg': 'rsa', 'sign_alg': 'rsassa', 'need_provider_quote': False, 'quote_col': [], 'registrar_keys': {'aik': '-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApG0MqAABAlDn1RefgQkw\ngAtoV6LVJaF19Zi3VSxbXkdFbgvObLHsRHcpR7HJKrCuX0yJo9T8r39v3WKHhiUt\nEpEAoQYGXHlWaG/Z01OE0DD19z3CEj9EvfkIpwJf15NAnkqrhVA4FKDyOMo5piHV\nixAIxpIbysGswo+PcTi9CjIE0dRFiGzju3wF8ObqcfSlX8VD24X2tOf1LYyxEUhs\nba9jfzwMgidaafA6gV+8e2cW9TiOM1VIMc1IofvrsspHTUxSD6jC6XbW88UUYC6i\nqTnh5wAl7Ag/TfENsRhCuaaeRellVVm/PfGF8+FjcdWX91vq76mcqwI0qaaOqBRl\n+QIDAQAB\n-----END PUBLIC KEY-----\n', 'ek': '-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0dLxdAABVJO6qxamjCMh\nyhWZgiFHZHnPEe0tMFyK3fNVr/w8lX9r+QOLxLmkT0IdgsEYtGZGefbD+qQl4O1s\nk25823Xzu5tEF8966rTdkfsv8CRrNaBLwWlnt/n+qjIoU3xZJMmR+mFfqTc3a6zV\nmPOYJstFtM8r4b9HPCUq6Mte/J3Wx4FxI9R4UrCUyiAeH++0QapIxuEGsVIYs92n\nGyvFQYBZFRU6cIt33iaqTrRCICJp+YblMnw54YJGAH2vTVQf6/fLAnQt5L1UfmTy\nR/ZA6advx8soekSBOIAW7XmV8Xp9mSquIHZdSXMJlcn/B35PU3BdkUtIYm5JuGGt\nPQIDAQAB\n-----END PUBLIC KEY-----\n', 'ekcert': 'emulator', 'regcount': 1}, 'nonce': 'D9ge8y9zu60budeNVWMx', 'b64_encrypted_V': b'Wy5atU+joWoUVNrn3yIKWPVydG4mE3ngWF5N/bKTTzXSLbpO+IlayXuy6v+teC8OGO2bMnjJBeKUXEQmFyvei0XVFa3A76V9d2YPF8Vkf8nKT4rWm/6RiAwZqbzY+IR4e27P+Wf2ZExHE+2EbPgVefAD87RhUyjbuhqZXFB65i9DCeK93DapPj2gLhxnzirmdTn23bDOFhVyHAidhAoCiK7CA4TrT2N0j3q5ConyMx7ZNfyoDdkWKNGlcJgjFaCqJQYAFlcbfid4EytDZd6+gX6RhyYi82iwUg+LDASsrS7FbR/AdCnE1kJuYCIoluUhztHr7nzT2o9/r6YKTCDRXQ==', 'provide_V': False, 'num_retries': 0, 'first_verified': True, 'agent_id': 'D432FBB3-D2F1-4A97-9EF7-75BD81C00000'}
tpm_version = result.get('tpm_version')
tpm = tpm_obj.getTPM(need_hw_tpm=False,
tpm_version=tpm_version)
hash_alg = result.get('hash_alg')
enc_alg = result.get('enc_alg')
sign_alg = result.get('sign_alg')
try:
#Before checking quote validity make sure Tenant nonce was in original batch request
#If not quote is at wrong tenant verifier, and it can not confirm quote validity
if merklelib.verify_leaf_inclusion(params.get("nonce"),
nonce_proof, hashfunc,
result['merkle_head']):
validQuote = tpm.check_quote(
result['merkle_head'],
agent['public_key'], # NK keys
result.get('quote'),
registrar_keys['aik'],
agent['tpm_policy'],
None, # ima_measurement_list,
agent['ima_whitelist'],
hash_alg)
logger.info("Provider_IP: " +
str(params['provider_ip']))
logger.info("Provider_Port: " +
str(params['provider_port']))
logger.info("validation result for provider quote: " +
str(validQuote))
else:
logger.error("Invalid Quote")
except Exception as e:
print('error: ', e)
except Exception as e:
logger.exception(e)
pass
