rust-am-clients

A repository for client implementations written in Rust that interact with Attestation Manager (AM) and Attestation Service Provider (ASP) servers.

Building

Once you have Rust installed (https://www.rust-lang.org/tools/install), simply typing make should build all the executable targets specified in this workspace.

To install necessary runtime dependencies for these executables, follow the installation instructions in the cvm and asp-libs repositories as specified in their READMEs.

Testing

Before testing a rust client executable, you'll need to make sure its cvm and asp-libs dependencies are visible (NOTE: An alternative is to pass paths to these dependencies explicitly as CLI arguments to a client executable).

First, make sure the cvm executable is on your PATH:

which cvm

Next, set the ASP_BIN environment variable to point to your ASP executables installed under asp-libs:

export ASP_BIN=<path_to_asp-libs>/target/release/

Now try running the rodeo_client_test make target as follows:

make rodeo_client_test

Successful output should be some JSON logging followed by something like:

Protocol completed successfully!

Steps for testing the RODEO-HAMR workflow

1. Install and test the rust-rodeo-client executable and its dependencies (see above)

2. Clone the INSPECTA-models repository, and locate the attestation/ directory for the codegen project you wish to attest (i.e. for the isolette project this would be: INSPECTA-models/isolette/hamr/microkit/attestation). Below we assume this path is in an environment variable called $HAMR_ATTESTATION_ROOT.

3. Identify the filename of the HAMR attestation report at $HAMR_ATTESTATION_ROOT (i.e. sysml_attestation_report.json).

4. From the top-level directory of the rust-am-clients repository, run HAMR contract provisioning:

   cargo run --release --bin rust-rodeo-client -- --hamr-report-filepath $HAMR_ATTESTATION_ROOT/sysml_attestation_report.json -p $HAMR_ATTESTATION_ROOT/hamr_maestro_golden_evidence.json

   Note: the --hamr-model-filename CLI arg expects the file path to the HAMR attestation report (the attestation tools rely on that file residing at the $HAMR_ATTESTATION_ROOT directory) and the -p option (provision) expects a file path for where to output the golden evidence file (used during appraisal in the next step).

   After running the above command, MAESTRO provisioning will populate two output files in the $HAMR_ATTESTATION_ROOT directory, namely hamr_maestro_term.json (the JSON-encoded attestation protocol -- its filename is hardcoded for now) and hamr_maestro_golden_evidence.json (the golden evidence structure -- filename chosen during provisioning via -p).

5. Again in rust-am-clients/, run HAMR contract appraisal:

   cargo run --release --bin rust-rodeo-client -- -t $HAMR_ATTESTATION_ROOT/hamr_maestro_term.json -a

   Note: the -t CLI arg points to the MAESTRO protocol term (generated during provisioning above). -a tells the MAESTRO tools to perform evidence appraisal against the golden evidence file generated during provisioning above (the path to this golden evidence file is automatically embedded into the protocol term during provisioning).

6. Check the $HAMR_ATTESTATION_ROOT directory for the newly-generated file called appsumm_response.json. This is an AppraisalSummary Response JSON structure (tailored for parsing by tools like Resolute). The crucial field of this JSON object is "APPRAISAL_RESULT" which captures the overall appraisal judgement for the HAMR contract file slices as a boolean. The JSON schema for the AppraisalSummary Response can be found here.

Invoking rust-rodeo-client from a directory other than the rust-am-clients root

The following commands assume the environment variable $RODEO_ROOT is set to point to the top-level of your locally-cloned rust-am-clients repo:

For provisioning:

$RODEO_ROOT/target/release/rust-rodeo-client --hamr-report-filepath $HAMR_ATTESTATION_ROOT/sysml_attestation_report.json -s $RODEO_ROOT/rodeo_configs/sessions/session_union.json -m $RODEO_ROOT/testing/manifests/Manifest_P0.json -o $RODEO_ROOT/testing/outputs/ -p $HAMR_ATTESTATION_ROOT/hamr_maestro_golden_evidence.json

For appraisal:

 $RODEO_ROOT/target/release/rust-rodeo-client -t $HAMR_ATTESTATION_ROOT/hamr_maestro_term.json -s $RODEO_ROOT/rodeo_configs/sessions/session_union.json -m $RODEO_ROOT/testing/manifests/Manifest_P0.json -o $RODEO_ROOT/testing/outputs/ -a

NOTE: After the above appraisal, the resulting Appraisal Summary file will be generated at $HAMR_ATTESTATION_ROOT/appsumm_response.json.