Merge pull request #145 from GaloisInc/120-mkm-client

Add a simple helper program to request keys from the MKM

This branch adds a small helper program called `mkm_client` that will connect to the MKM server and to the local trusted boot daemon, request a key, and (on success) print the key to stdout.  The logging component's startup script will use this to get an encryption key that it can pass to `cryptsetup` to open the encrypted filesystem.

.github/workflows/main.yml

@@ -561,3 +561,42 @@ jobs:
           run: |
               cd components/mission_key_management
               python3 run_tests.py
+
+  mkm_client:
+      runs-on: ubuntu-22.04
+      needs: trusted-boot-build
+      steps:
+        - name: Checkout repository
+          uses: actions/checkout@v4
+        # mkm is trivial to build, so we don't bother packaging or caching it.
+        - name: Install dependencies
+          run: |
+            sudo apt-get update
+            sudo apt-get install -y build-essential
+            sudo apt-get install -y {gcc,g++}-aarch64-linux-gnu
+        - name: Build mkm
+          run: |
+              cd components/mission_key_management
+              make
+              [ -f mkm ]
+        - name: Build mkm_client
+          run: |
+              cd components/mkm_client
+              make
+              [ -f mkm_client ]
+              make TARGET=aarch64
+              [ -f mkm_client.aarch64 ]
+        - name: Download trusted_boot binary
+          uses: actions/download-artifact@v4
+          with:
+            name: trusted-boot-binaries
+        - name: Move trusted_boot binary into place
+          run: |
+              chmod -v +x trusted_boot
+              mv -v trusted_boot components/platform_crypto/shave_trusted_boot/
+        - name: Run tests
+          run: |
+              cd components/mkm_client
+              ../mission_key_management/mkm &
+              key=$(../platform_crypto/shave_trusted_boot/trusted_boot ./run_client.sh)
+              [ "$key" = "mkm_client uses this key to test" ]

components/mission_key_management/client.c

@@ -9,6 +9,7 @@
 
 #ifndef CN_ENV
 # include <sys/epoll.h>
+# include <sys/socket.h>
 # include <unistd.h>
 # include <stdio.h>
 #else
@@ -49,7 +50,13 @@ struct client* client_new(int fd) {
 }
 
 void client_delete(struct client* c) {
-    int ret = close(c->fd);
+    int ret = shutdown(c->fd, SHUT_RDWR);
+    if (ret != 0) {
+        perror("shutdown (client_delete)");
+        // Keep going.  Even if TCP shutdown fails, we still need to close the
+        // file descriptor.
+    }
+    ret = close(c->fd);
     if (ret != 0) {
         perror("close (client_delete)");
         // Keep going.  On Linux, `close` always closes the file descriptor,

components/mission_key_management/cn_stubs.h

@@ -70,3 +70,11 @@ ssize_t _write(int fildes, const void *buf, size_t nbyte);
     return >= -1i64 && return < (i64)nbyte;
 $*/
 #define write(f,b,s) _write(f,b,s)
+
+int _shutdown(int fildes, int how);
+/*$ spec _close(i32 fildes, i32 how);
+    requires true;
+    ensures true;
+$*/
+#define shutdown(x,h) _shutdown(x,h)
+

components/mission_key_management/mkm.c

@@ -36,6 +36,18 @@ int main() {
             test_attest_helper_measure,
             (const uint8_t*)"extra key for test_attest to use");
 
+    // Measure of `mkm_client`'s `run_client.sh` script.
+    static const uint8_t mkm_client_run_measure[MEASURE_SIZE] = {
+        0x5b, 0xfa, 0xa5, 0xe5, 0xed, 0xdc, 0xc3, 0x6e,
+        0x15, 0x5b, 0xde, 0x85, 0x9a, 0xc5, 0x5e, 0x52,
+        0x77, 0x93, 0x67, 0x91, 0x76, 0x1a, 0x34, 0xb2,
+        0xc6, 0xbc, 0xb5, 0xda, 0x81, 0xb4, 0x74, 0x6b
+    };
+    policy_add(
+            (const uint8_t*)"\0",
+            mkm_client_run_measure,
+            (const uint8_t*)"mkm_client uses this key to test");
+
 
     // Open the listening socket.
 

components/mkm_client/.gitignore

@@ -0,0 +1,4 @@
+/build/
+/build.*/
+/mkm_client
+/mkm_client.*

components/mkm_client/Makefile

@@ -0,0 +1,36 @@
+ROOT_DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))
+
+ifeq ($(TARGET),x86_64)
+CC = x86_64-linux-gnu-gcc
+CXX = x86_64-linux-gnu-g++
+else ifeq ($(TARGET),aarch64)
+CC = aarch64-linux-gnu-gcc
+CXX = aarch64-linux-gnu-g++
+else ifeq ($(TARGET),)
+# If target is unspecified, use gcc and its default target.
+CC = gcc
+CXX = g++
+else
+$(error "bad TARGET $(TARGET)")
+endif
+
+TARGET_SUFFIX = $(foreach x,$(TARGET),.$(x))
+BUILD_DIR = build$(TARGET_SUFFIX)
+
+MKM_CLIENT_BIN = mkm_client$(TARGET_SUFFIX)
+
+SRC = mkm_client.c
+OBJ = $(SRC:%.c=$(BUILD_DIR)/%.o)
+CFLAGS = -I$(ROOT_DIR) -Wall -Wextra -pedantic
+
+$(MKM_CLIENT_BIN): $(OBJ)
+	@mkdir -pv $(dir $@)
+	$(CC) $(CFLAGS) -o $@ $^
+
+$(BUILD_DIR)/%.o: $(ROOT_DIR)/%.c
+	@mkdir -pv $(dir $@)
+	$(CC) $(CFLAGS) -c $< -o $@
+
+.PHONY: clean
+clean:
+	rm -rf build/ build.*/

components/mkm_client/README.md

@@ -0,0 +1,31 @@
+# Mission Key Management Client
+
+This is a small helper program for requesting a key from the Mission Key
+Management component.  It connects to an MKM server and the local trusted boot
+daemon and requests a particular key ID.  The key received is written to
+stdout.  If the request fails for any reason, the client program exits nonzero.
+
+
+## Building
+
+To build the MKM client:
+
+```sh
+make
+```
+
+Or, to build an ARM binary for use inside the OpenSUT VMs:
+
+```sh
+make TARGET=aarch64
+```
+
+
+## Protocol
+
+See `../mission_key_management/README.md` for details on the protocol.
+
+The MKM client connects to localhost (127.0.0.1) port 6000 by default.  To
+change this, set the `MKM_HOST` and/or `MKM_PORT` environment variables.
+For example, `MKM_HOST=10.0.2.121 MKM_PORT=6001 ./mkm_client` will cause it to
+connect to port 6001 on 10.0.2.121.