From c09ca5d854a3b48d741a615f14fe0236247f2f62 Mon Sep 17 00:00:00 2001 From: Peng Li <86324823+penglimsft@users.noreply.github.com> Date: Wed, 7 Sep 2022 23:17:18 +0000 Subject: [PATCH 01/15] Fix broken link and typo in contributing.md --- CONTRIBUTING.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 6eab9f5cab..e35adf304c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -15,7 +15,7 @@ Thank you for your interest in contributing to Azure SDK for C++. - **DO** submit all code changes via pull requests (PRs) rather than through a direct commit. PRs will be reviewed and potentially merged by the repo maintainers after a peer review that includes at least one maintainer. - **DO** review your own PR to make sure there aren't any unintended changes or commits before submitting it. - **DO NOT** submit "work in progress" PRs. A PR should only be submitted when it is considered ready for review and subsequent merging by the contributor. - - If the change is work-in-progress or an experiment, **DO** start if off as a temporary draft PR. + - If the change is work-in-progress or an experiment, **DO** start it off as a temporary draft PR. - **DO** give PRs short-but-descriptive names (e.g. "Improve code coverage for Azure.Core by 10%", not "Fix #1234") and add a description which explains why the change is being made. - **DO** refer to any relevant issues, and include [keywords](https://docs.github.com/articles/closing-issues-via-commit-messages/) that automatically close issues when the PR is merged. - **DO** tag any users that should know about and/or review the change. @@ -48,13 +48,13 @@ Codespaces is new technology that allows you to use a container as your developm ### GitHub Codespaces 1. From the Azure SDK GitHub repo, click on the "Code -> Open with Codespaces" button. -1. Open a Terminal. The development environment will be ready for you. Continue to [Building and Testing](https://github.com/Azure/azure-sdk-for-cpp/blob/main/CONTRIBUTING.md#building-and-testing). +1. Open a Terminal. The development environment will be ready for you. Continue to [Building the project](#building-the-project). ### VS Code Codespaces 1. Install the [VS Code Remote Extension Pack](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.vscode-remote-extensionpack) 1. When you open the Azure SDK for C++ repo in VS Code, it will prompt you to open the project in the Dev Container. If it does not prompt you, then hit CTRL+P, and select "Remote-Containers: Open Folder in Container..." -1. Open a Terminal. The development environment will be ready for you. Continue to [Building and Testing](https://github.com/Azure/azure-sdk-for-cpp/blob/main/CONTRIBUTING.md#building-and-testing). +1. Open a Terminal. The development environment will be ready for you. Continue to [Building the project](#building-the-project). ## Full Local Setup From 47a2c6cb9b23db6b8929975b5f73caabb9fe270e Mon Sep 17 00:00:00 2001 From: Peng Li Date: Thu, 8 Sep 2022 16:26:39 -0700 Subject: [PATCH 02/15] Use vector for attest instead of strings --- .../inc/azure/attestation/attestation_client.hpp | 4 +++- .../azure/attestation/attestation_client_models.hpp | 2 +- .../azure/attestation/attestation_client_options.hpp | 6 ++---- .../src/attestation_client.cpp | 7 ++++--- .../private/attestation_deserializers_private.cpp | 12 ++++++------ .../private/attestation_deserializers_private.hpp | 7 ++++--- .../test/ut/tpmattestation_test.cpp | 3 ++- 7 files changed, 22 insertions(+), 19 deletions(-) diff --git a/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp b/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp index 4aa60061ed..b3e2b0432e 100644 --- a/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp +++ b/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp @@ -238,11 +238,13 @@ namespace Azure { namespace Security { namespace Attestation { * until the service responds with a JSON string with a property named {@code "report"}, whose * value will be an attestation result token. * + * @param tpmQuoteToAttest - TPM Quote to be validated by the attestation service. * @param options sent to the service for Trusted Platform Module (TPM) attestation. * @return attestation response for Trusted Platform Module (TPM) attestation. */ Response AttestTpm( - AttestTpmOptions const& options, + std::vector const& tpmQuoteToAttest, + AttestTpmOptions options = AttestTpmOptions{}, Azure::Core::Context const& context = Azure::Core::Context{}) const; private: diff --git a/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client_models.hpp b/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client_models.hpp index 2fb15bcc51..8584593d5b 100644 --- a/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client_models.hpp +++ b/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client_models.hpp @@ -453,7 +453,7 @@ namespace Azure { namespace Security { namespace Attestation { namespace Models * [here](https://docs.microsoft.com/azure/attestation/virtualization-based-security-protocol') * */ - std::string TpmResult; + std::vector TpmResult; }; /** diff --git a/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client_options.hpp b/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client_options.hpp index a94cf6092e..8f9add74de 100644 --- a/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client_options.hpp +++ b/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client_options.hpp @@ -262,11 +262,9 @@ namespace Azure { namespace Security { namespace Attestation { struct AttestTpmOptions final { /** - * @brief JSON Data to send to the attestation service for TPM attestation. - * @details The TPM attestation protocol is defined - * [here](https://docs.microsoft.com/azure/attestation/virtualization-based-security-protocol') + * @brief Reserved field for future use. */ - std::string Payload; + Azure::Nullable Reserved; }; /** @brief The AttestationSigningKey represents a tuple of asymmetric private cryptographic key diff --git a/sdk/attestation/azure-security-attestation/src/attestation_client.cpp b/sdk/attestation/azure-security-attestation/src/attestation_client.cpp index 1e0077adc3..55d0b09e98 100644 --- a/sdk/attestation/azure-security-attestation/src/attestation_client.cpp +++ b/sdk/attestation/azure-security-attestation/src/attestation_client.cpp @@ -196,13 +196,14 @@ Azure::Response> AttestationClient::AttestOp } Azure::Response AttestationClient::AttestTpm( - AttestTpmOptions const& attestTpmOptions, + std::vector const& tpmQuoteToAttest, + AttestTpmOptions options, Azure::Core::Context const& context) const { auto tracingContext(m_tracingFactory.CreateTracingContext("AttestTpm", context)); try { - std::string jsonToSend = TpmDataSerializer::Serialize(attestTpmOptions.Payload); + std::string jsonToSend = TpmDataSerializer::Serialize(tpmQuoteToAttest); auto encodedVector = std::vector(jsonToSend.begin(), jsonToSend.end()); Azure::Core::IO::MemoryBodyStream stream(encodedVector); @@ -212,7 +213,7 @@ Azure::Response AttestationClient::AttestTpm( // Send the request to the service. auto response = AttestationCommonRequest::SendRequest(*m_pipeline, request, tracingContext.Context); - std::string returnedBody(TpmDataSerializer::Deserialize(response)); + auto returnedBody = TpmDataSerializer::Deserialize(response); return Response(TpmAttestationResult{returnedBody}, std::move(response)); } catch (std::runtime_error const& ex) diff --git a/sdk/attestation/azure-security-attestation/src/private/attestation_deserializers_private.cpp b/sdk/attestation/azure-security-attestation/src/private/attestation_deserializers_private.cpp index 580fcdf503..684cec9432 100644 --- a/sdk/attestation/azure-security-attestation/src/private/attestation_deserializers_private.cpp +++ b/sdk/attestation/azure-security-attestation/src/private/attestation_deserializers_private.cpp @@ -397,21 +397,21 @@ namespace Azure { namespace Security { namespace Attestation { namespace _detail returnValue.CertificateThumbprint, jsonResult, "x-ms-certificate-thumbprint"); return returnValue; } - std::string TpmDataSerializer::Serialize(std::string const& tpmData) + std::string TpmDataSerializer::Serialize(std::vector const& tpmData) { Azure::Core::Json::_internal::json jsonData; - jsonData["data"] = Azure::Core::_internal::Base64Url::Base64UrlEncode( - std::vector(tpmData.begin(), tpmData.end())); + jsonData["data"] = Azure::Core::_internal::Base64Url::Base64UrlEncode(tpmData); return jsonData.dump(); } - std::string TpmDataSerializer::Deserialize(Azure::Core::Json::_internal::json const& jsonData) + std::vector TpmDataSerializer::Deserialize( + Azure::Core::Json::_internal::json const& jsonData) { std::vector returnValue; JsonOptional::SetIfExists>( returnValue, jsonData, "data", Azure::Core::_internal::Base64Url::Base64UrlDecode); - return std::string(returnValue.begin(), returnValue.end()); + return returnValue; } - std::string TpmDataSerializer::Deserialize( + std::vector TpmDataSerializer::Deserialize( std::unique_ptr const& response) { return TpmDataSerializer::Deserialize( diff --git a/sdk/attestation/azure-security-attestation/src/private/attestation_deserializers_private.hpp b/sdk/attestation/azure-security-attestation/src/private/attestation_deserializers_private.hpp index 6cc7d1279b..9b72f35fac 100644 --- a/sdk/attestation/azure-security-attestation/src/private/attestation_deserializers_private.hpp +++ b/sdk/attestation/azure-security-attestation/src/private/attestation_deserializers_private.hpp @@ -136,9 +136,10 @@ namespace Azure { namespace Security { namespace Attestation { namespace _detail struct TpmDataSerializer { - static std::string Serialize(std::string const& tpmData); - static std::string Deserialize(Azure::Core::Json::_internal::json const& jsonData); - static std::string Deserialize(std::unique_ptr const& response); + static std::string Serialize(std::vector const& tpmData); + static std::vector Deserialize(Azure::Core::Json::_internal::json const& jsonData); + static std::vector Deserialize( + std::unique_ptr const& response); }; }}}} // namespace Azure::Security::Attestation::_detail diff --git a/sdk/attestation/azure-security-attestation/test/ut/tpmattestation_test.cpp b/sdk/attestation/azure-security-attestation/test/ut/tpmattestation_test.cpp index dad0c78f55..2d0737e12c 100644 --- a/sdk/attestation/azure-security-attestation/test/ut/tpmattestation_test.cpp +++ b/sdk/attestation/azure-security-attestation/test/ut/tpmattestation_test.cpp @@ -118,7 +118,8 @@ namespace Azure { namespace Security { namespace Attestation { namespace Test { { auto client(CreateClient(InstanceType::AAD)); - auto response(client.AttestTpm(AttestTpmOptions{R"({"payload": { "type": "aikcert" } })"})); + std::string tpmQuote = R"({"payload": { "type": "aikcert" } })"; + auto response(client.AttestTpm(std::vector(tpmQuote.begin(), tpmQuote.end()))); Azure::Core::Json::_internal::json parsedResponse( Azure::Core::Json::_internal::json::parse(response.Value.TpmResult)); From 8bfd981016376dcbf4dac8ce6951eb4c9d80181d Mon Sep 17 00:00:00 2001 From: Peng Li Date: Thu, 8 Sep 2022 17:27:53 -0700 Subject: [PATCH 03/15] remove options --- .../inc/azure/attestation/attestation_client.hpp | 2 +- .../inc/azure/attestation/attestation_client_options.hpp | 4 ---- .../azure-security-attestation/src/attestation_client.cpp | 2 +- 3 files changed, 2 insertions(+), 6 deletions(-) diff --git a/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp b/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp index b3e2b0432e..bda9fe0f07 100644 --- a/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp +++ b/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp @@ -244,7 +244,7 @@ namespace Azure { namespace Security { namespace Attestation { */ Response AttestTpm( std::vector const& tpmQuoteToAttest, - AttestTpmOptions options = AttestTpmOptions{}, + AttestTpmOptions const& options = AttestTpmOptions{}, Azure::Core::Context const& context = Azure::Core::Context{}) const; private: diff --git a/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client_options.hpp b/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client_options.hpp index 8f9add74de..b9f1a2450a 100644 --- a/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client_options.hpp +++ b/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client_options.hpp @@ -261,10 +261,6 @@ namespace Azure { namespace Security { namespace Attestation { */ struct AttestTpmOptions final { - /** - * @brief Reserved field for future use. - */ - Azure::Nullable Reserved; }; /** @brief The AttestationSigningKey represents a tuple of asymmetric private cryptographic key diff --git a/sdk/attestation/azure-security-attestation/src/attestation_client.cpp b/sdk/attestation/azure-security-attestation/src/attestation_client.cpp index 55d0b09e98..dd08be1709 100644 --- a/sdk/attestation/azure-security-attestation/src/attestation_client.cpp +++ b/sdk/attestation/azure-security-attestation/src/attestation_client.cpp @@ -197,7 +197,7 @@ Azure::Response> AttestationClient::AttestOp Azure::Response AttestationClient::AttestTpm( std::vector const& tpmQuoteToAttest, - AttestTpmOptions options, + AttestTpmOptions const&, Azure::Core::Context const& context) const { auto tracingContext(m_tracingFactory.CreateTracingContext("AttestTpm", context)); From a83a816ae4b55d06f3b4fb09bf0de4accc23e104 Mon Sep 17 00:00:00 2001 From: Peng Li Date: Fri, 9 Sep 2022 17:53:37 -0700 Subject: [PATCH 04/15] fix comments --- .../inc/azure/attestation/attestation_client.hpp | 13 +++---------- .../azure/attestation/attestation_client_models.hpp | 3 ++- .../src/attestation_client.cpp | 4 ++-- 3 files changed, 7 insertions(+), 13 deletions(-) diff --git a/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp b/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp index bda9fe0f07..1da17c0f5c 100644 --- a/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp +++ b/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp @@ -225,25 +225,18 @@ namespace Azure { namespace Security { namespace Attestation { /** * @brief Perform a single leg * - * Processes attestation evidence from a VBS enclave, producing an attestation result. + * Attest a TPM based enclave * * The TPM attestation protocol is defined * [here](https://docs.microsoft.com/azure/attestation/virtualization-based-security-protocol') * - * Unlike OpenEnclave reports and SGX enclave quotes, TPM attestation is implemented using - * JSON encoded strings. * - * The client formats a string serialized JSON request to the - * service, which responds with a JSON response. The serialized JSON object exchange continues - * until the service responds with a JSON string with a property named {@code "report"}, whose - * value will be an attestation result token. - * - * @param tpmQuoteToAttest - TPM Quote to be validated by the attestation service. + * @param dataToAttest - Attestation Request data. * @param options sent to the service for Trusted Platform Module (TPM) attestation. * @return attestation response for Trusted Platform Module (TPM) attestation. */ Response AttestTpm( - std::vector const& tpmQuoteToAttest, + std::vector const& dataToAttest, AttestTpmOptions const& options = AttestTpmOptions{}, Azure::Core::Context const& context = Azure::Core::Context{}) const; diff --git a/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client_models.hpp b/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client_models.hpp index 8584593d5b..946582480f 100644 --- a/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client_models.hpp +++ b/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client_models.hpp @@ -448,7 +448,8 @@ namespace Azure { namespace Security { namespace Attestation { namespace Models */ struct TpmAttestationResult final { - /** @brief The JSON encoded value returned from TPM attestation. + /** @brief Attestation response data. + * * The TPM attestation protocol is defined * [here](https://docs.microsoft.com/azure/attestation/virtualization-based-security-protocol') * diff --git a/sdk/attestation/azure-security-attestation/src/attestation_client.cpp b/sdk/attestation/azure-security-attestation/src/attestation_client.cpp index dd08be1709..ef781d1264 100644 --- a/sdk/attestation/azure-security-attestation/src/attestation_client.cpp +++ b/sdk/attestation/azure-security-attestation/src/attestation_client.cpp @@ -196,14 +196,14 @@ Azure::Response> AttestationClient::AttestOp } Azure::Response AttestationClient::AttestTpm( - std::vector const& tpmQuoteToAttest, + std::vector const& dataToAttest, AttestTpmOptions const&, Azure::Core::Context const& context) const { auto tracingContext(m_tracingFactory.CreateTracingContext("AttestTpm", context)); try { - std::string jsonToSend = TpmDataSerializer::Serialize(tpmQuoteToAttest); + std::string jsonToSend = TpmDataSerializer::Serialize(dataToAttest); auto encodedVector = std::vector(jsonToSend.begin(), jsonToSend.end()); Azure::Core::IO::MemoryBodyStream stream(encodedVector); From 5321299d74b87158f6ee26b69d0ad5a18c83a49c Mon Sep 17 00:00:00 2001 From: Peng Li Date: Fri, 9 Sep 2022 19:13:51 -0700 Subject: [PATCH 05/15] update release version --- .../azure-security-attestation/CHANGELOG.md | 132 +++++++++--------- .../src/private/package_version.hpp | 4 +- 2 files changed, 67 insertions(+), 69 deletions(-) diff --git a/sdk/attestation/azure-security-attestation/CHANGELOG.md b/sdk/attestation/azure-security-attestation/CHANGELOG.md index b032e5a8d2..4538a39d9c 100644 --- a/sdk/attestation/azure-security-attestation/CHANGELOG.md +++ b/sdk/attestation/azure-security-attestation/CHANGELOG.md @@ -1,67 +1,65 @@ -# Release History - -## 1.1.0-beta.1 (Unreleased) - -### Features Added - -### Breaking Changes - -### Bugs Fixed - -### Other Changes - -## 1.0.0 (2022-07-07) - -### Breaking Changes - -- Renamed `Version` field to `ApiVersion` and removed the `ServiceVersion` enumeration. - -## 1.0.0-beta.3 (2022-06-07) - -### Breaking Changes - -- `ValueToSend` field in `TpmAttestationOptions` becomes `Payload`. -- `AddIsolatedModeCertificatesOptions` becomes `AddIsolatedModeCertificateOptions` -- `RemoveIsolatedModeCertificatesOptions` becomes `RemoveIsolatedModeCertificateOptions` -- Renamed `AttestEnclaveOptions` to `AttestSgxEnclaveOptions` and `AttestOpenEnclaveOptions`. -- `AttestationClient` and `AttestationAdministrationClient` creation is now done using the factory method `AttestationClient::Create()` and `AttestationAdministrationClient::Create()`. - -## 1.0.0-beta.2 (2022-05-10) - -### Breaking Changes - -- Renamed `AttestationOpenIdMetadata` type to `OpenIdMetadata`. -- Renamed `AttestationSigningCertificateResult` type to `TokenValidationCertificateResult` to more accurately reflect the - purpose of the type. -- Removed the `AttestationTokenBase` class and moved its contents to the `AttestationToken` class. -- Empty `AttestationToken` types are now represented with `AttestationToken` rather than `AttestationToken<>` to more idiomatically express the idea of a nullable attestation token. -- Renamed `RuntimeClaims` field to `RunTimeClaims` to align with `InitTimeClaims` type name; standardized spelling of - `InitTimeClaims`. -- Changed input parameter to `AttestTpm` to be `AttestTpmOptions` instead of `std::string`. -- Changed output parameter of `AttestTpm` to be `TpmAttestationResult` instead of `std::string`. -- Renamed `AttestationTokenValidationOptions::ValidationTimeSlack` to `AttestationTokenValidationOptions::TimeValidationSlack` - to improve consistency with other attestation SDKs. -- Removed the unused `AttestationValidationCollateral` API. -- Renamed `AttestOptions` to `AttestEnclaveOptions` -- Renamed `TokenValidationOptions` field in various API Options structures to be `TokenValidationOptionsOverride` to better - reflect the semantics of the field. -- Renamed `PolicyCertificate` types to `IsolatedMode`. - - `PolicyCertificateModificationResult` becomes `IsolatedModeCertificateModificationResult` - - `PolicyCertificateListResult` becomes `IsolatedModeCertificateListResult` - - `GetPolicyManagementCertificateOptions` becomes `GetIsolatedModeCertificatesOptions` - - `AddPolicyManagementCertificatesOptions` becomes `AddIsolatedModeCertificatesOptions` - - `RemovePolicyManagementCertificatesOptions` becomes `RemoveIsolatedModeCertificatesOptions` - - `AttestationAdministrationClient::GetPolicyManagementCertificates` becomes `AttestationAdministrationClient::GetIsolatedModeCertificates`. - - `AttestationAdministrationClient::AddPolicyManagementCertificate` becomes `AttestationAdministrationClient::AddIsolatedModeCertificate`. - - `AttestationAdministrationClient::RemovePolicyManagementCertificate` becomes `AttestationAdministrationClient::RemoveIsolatedModeCertificate`. -- Removed `ClientVersion` API from `AttestationClient` and `AttestationAdministrationClient` - -### Other Changes - -- Added `Endpoint` property to `AttestationClient` and `AttestationAdministrationClient` - -## 1.0.0-beta.1 (2022-04-05) - -### Features Added - -- Attestation Package creation +# Release History + +## 2.0.0-beta.1 (Unreleased) + +### Breaking Changes +- Changed `AttestationClient::AttestTpm` to match `AttestOpenEnclave` and `AttestSgxmEnclave` + - Added `std::vector` dataToAttest parameter. + - Removed `PayLoad` in `TpmAttestationOptions` + - Changed `TpmResult` in `TpmAttestationResult` to type `std::vector` + +## 1.0.0 (2022-07-07) + +### Breaking Changes + +- Renamed `Version` field to `ApiVersion` and removed the `ServiceVersion` enumeration. + +## 1.0.0-beta.3 (2022-06-07) + +### Breaking Changes + +- `ValueToSend` field in `TpmAttestationOptions` becomes `Payload`. +- `AddIsolatedModeCertificatesOptions` becomes `AddIsolatedModeCertificateOptions` +- `RemoveIsolatedModeCertificatesOptions` becomes `RemoveIsolatedModeCertificateOptions` +- Renamed `AttestEnclaveOptions` to `AttestSgxEnclaveOptions` and `AttestOpenEnclaveOptions`. +- `AttestationClient` and `AttestationAdministrationClient` creation is now done using the factory method `AttestationClient::Create()` and `AttestationAdministrationClient::Create()`. + +## 1.0.0-beta.2 (2022-05-10) + +### Breaking Changes + +- Renamed `AttestationOpenIdMetadata` type to `OpenIdMetadata`. +- Renamed `AttestationSigningCertificateResult` type to `TokenValidationCertificateResult` to more accurately reflect the + purpose of the type. +- Removed the `AttestationTokenBase` class and moved its contents to the `AttestationToken` class. +- Empty `AttestationToken` types are now represented with `AttestationToken` rather than `AttestationToken<>` to more idiomatically express the idea of a nullable attestation token. +- Renamed `RuntimeClaims` field to `RunTimeClaims` to align with `InitTimeClaims` type name; standardized spelling of + `InitTimeClaims`. +- Changed input parameter to `AttestTpm` to be `AttestTpmOptions` instead of `std::string`. +- Changed output parameter of `AttestTpm` to be `TpmAttestationResult` instead of `std::string`. +- Renamed `AttestationTokenValidationOptions::ValidationTimeSlack` to `AttestationTokenValidationOptions::TimeValidationSlack` + to improve consistency with other attestation SDKs. +- Removed the unused `AttestationValidationCollateral` API. +- Renamed `AttestOptions` to `AttestEnclaveOptions` +- Renamed `TokenValidationOptions` field in various API Options structures to be `TokenValidationOptionsOverride` to better + reflect the semantics of the field. +- Renamed `PolicyCertificate` types to `IsolatedMode`. + - `PolicyCertificateModificationResult` becomes `IsolatedModeCertificateModificationResult` + - `PolicyCertificateListResult` becomes `IsolatedModeCertificateListResult` + - `GetPolicyManagementCertificateOptions` becomes `GetIsolatedModeCertificatesOptions` + - `AddPolicyManagementCertificatesOptions` becomes `AddIsolatedModeCertificatesOptions` + - `RemovePolicyManagementCertificatesOptions` becomes `RemoveIsolatedModeCertificatesOptions` + - `AttestationAdministrationClient::GetPolicyManagementCertificates` becomes `AttestationAdministrationClient::GetIsolatedModeCertificates`. + - `AttestationAdministrationClient::AddPolicyManagementCertificate` becomes `AttestationAdministrationClient::AddIsolatedModeCertificate`. + - `AttestationAdministrationClient::RemovePolicyManagementCertificate` becomes `AttestationAdministrationClient::RemoveIsolatedModeCertificate`. +- Removed `ClientVersion` API from `AttestationClient` and `AttestationAdministrationClient` + +### Other Changes + +- Added `Endpoint` property to `AttestationClient` and `AttestationAdministrationClient` + +## 1.0.0-beta.1 (2022-04-05) + +### Features Added + +- Attestation Package creation diff --git a/sdk/attestation/azure-security-attestation/src/private/package_version.hpp b/sdk/attestation/azure-security-attestation/src/private/package_version.hpp index 574c556d0c..616b888ecd 100644 --- a/sdk/attestation/azure-security-attestation/src/private/package_version.hpp +++ b/sdk/attestation/azure-security-attestation/src/private/package_version.hpp @@ -8,8 +8,8 @@ #pragma once -#define AZURE_ATTESTATION_VERSION_MAJOR 1 -#define AZURE_ATTESTATION_VERSION_MINOR 1 +#define AZURE_ATTESTATION_VERSION_MAJOR 2 +#define AZURE_ATTESTATION_VERSION_MINOR 0 #define AZURE_ATTESTATION_VERSION_PATCH 0 #define AZURE_ATTESTATION_VERSION_PRERELEASE "beta.1" From dd262bb42f328ce126a10135da90e4ecc6f8b37a Mon Sep 17 00:00:00 2001 From: Peng Li Date: Mon, 12 Sep 2022 14:20:07 -0700 Subject: [PATCH 06/15] remove versionig --- sdk/attestation/azure-security-attestation/CHANGELOG.md | 9 ++++++++- .../src/private/package_version.hpp | 4 ++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/sdk/attestation/azure-security-attestation/CHANGELOG.md b/sdk/attestation/azure-security-attestation/CHANGELOG.md index 4538a39d9c..ca6f2888a3 100644 --- a/sdk/attestation/azure-security-attestation/CHANGELOG.md +++ b/sdk/attestation/azure-security-attestation/CHANGELOG.md @@ -1,13 +1,20 @@ # Release History -## 2.0.0-beta.1 (Unreleased) +## 1.1.0-beta.1 (Unreleased) + +### Features Added ### Breaking Changes + - Changed `AttestationClient::AttestTpm` to match `AttestOpenEnclave` and `AttestSgxmEnclave` - Added `std::vector` dataToAttest parameter. - Removed `PayLoad` in `TpmAttestationOptions` - Changed `TpmResult` in `TpmAttestationResult` to type `std::vector` +### Bugs Fixed + +### Other Changes + ## 1.0.0 (2022-07-07) ### Breaking Changes diff --git a/sdk/attestation/azure-security-attestation/src/private/package_version.hpp b/sdk/attestation/azure-security-attestation/src/private/package_version.hpp index 616b888ecd..574c556d0c 100644 --- a/sdk/attestation/azure-security-attestation/src/private/package_version.hpp +++ b/sdk/attestation/azure-security-attestation/src/private/package_version.hpp @@ -8,8 +8,8 @@ #pragma once -#define AZURE_ATTESTATION_VERSION_MAJOR 2 -#define AZURE_ATTESTATION_VERSION_MINOR 0 +#define AZURE_ATTESTATION_VERSION_MAJOR 1 +#define AZURE_ATTESTATION_VERSION_MINOR 1 #define AZURE_ATTESTATION_VERSION_PATCH 0 #define AZURE_ATTESTATION_VERSION_PRERELEASE "beta.1" From 2c516e38e0561813158f11dc5d7c838e49785769 Mon Sep 17 00:00:00 2001 From: Peng Li Date: Tue, 13 Sep 2022 13:45:42 -0700 Subject: [PATCH 07/15] revert changelog --- .../azure-security-attestation/CHANGELOG.md | 139 +++++++++--------- 1 file changed, 67 insertions(+), 72 deletions(-) diff --git a/sdk/attestation/azure-security-attestation/CHANGELOG.md b/sdk/attestation/azure-security-attestation/CHANGELOG.md index ca6f2888a3..b032e5a8d2 100644 --- a/sdk/attestation/azure-security-attestation/CHANGELOG.md +++ b/sdk/attestation/azure-security-attestation/CHANGELOG.md @@ -1,72 +1,67 @@ -# Release History - -## 1.1.0-beta.1 (Unreleased) - -### Features Added - -### Breaking Changes - -- Changed `AttestationClient::AttestTpm` to match `AttestOpenEnclave` and `AttestSgxmEnclave` - - Added `std::vector` dataToAttest parameter. - - Removed `PayLoad` in `TpmAttestationOptions` - - Changed `TpmResult` in `TpmAttestationResult` to type `std::vector` - -### Bugs Fixed - -### Other Changes - -## 1.0.0 (2022-07-07) - -### Breaking Changes - -- Renamed `Version` field to `ApiVersion` and removed the `ServiceVersion` enumeration. - -## 1.0.0-beta.3 (2022-06-07) - -### Breaking Changes - -- `ValueToSend` field in `TpmAttestationOptions` becomes `Payload`. -- `AddIsolatedModeCertificatesOptions` becomes `AddIsolatedModeCertificateOptions` -- `RemoveIsolatedModeCertificatesOptions` becomes `RemoveIsolatedModeCertificateOptions` -- Renamed `AttestEnclaveOptions` to `AttestSgxEnclaveOptions` and `AttestOpenEnclaveOptions`. -- `AttestationClient` and `AttestationAdministrationClient` creation is now done using the factory method `AttestationClient::Create()` and `AttestationAdministrationClient::Create()`. - -## 1.0.0-beta.2 (2022-05-10) - -### Breaking Changes - -- Renamed `AttestationOpenIdMetadata` type to `OpenIdMetadata`. -- Renamed `AttestationSigningCertificateResult` type to `TokenValidationCertificateResult` to more accurately reflect the - purpose of the type. -- Removed the `AttestationTokenBase` class and moved its contents to the `AttestationToken` class. -- Empty `AttestationToken` types are now represented with `AttestationToken` rather than `AttestationToken<>` to more idiomatically express the idea of a nullable attestation token. -- Renamed `RuntimeClaims` field to `RunTimeClaims` to align with `InitTimeClaims` type name; standardized spelling of - `InitTimeClaims`. -- Changed input parameter to `AttestTpm` to be `AttestTpmOptions` instead of `std::string`. -- Changed output parameter of `AttestTpm` to be `TpmAttestationResult` instead of `std::string`. -- Renamed `AttestationTokenValidationOptions::ValidationTimeSlack` to `AttestationTokenValidationOptions::TimeValidationSlack` - to improve consistency with other attestation SDKs. -- Removed the unused `AttestationValidationCollateral` API. -- Renamed `AttestOptions` to `AttestEnclaveOptions` -- Renamed `TokenValidationOptions` field in various API Options structures to be `TokenValidationOptionsOverride` to better - reflect the semantics of the field. -- Renamed `PolicyCertificate` types to `IsolatedMode`. - - `PolicyCertificateModificationResult` becomes `IsolatedModeCertificateModificationResult` - - `PolicyCertificateListResult` becomes `IsolatedModeCertificateListResult` - - `GetPolicyManagementCertificateOptions` becomes `GetIsolatedModeCertificatesOptions` - - `AddPolicyManagementCertificatesOptions` becomes `AddIsolatedModeCertificatesOptions` - - `RemovePolicyManagementCertificatesOptions` becomes `RemoveIsolatedModeCertificatesOptions` - - `AttestationAdministrationClient::GetPolicyManagementCertificates` becomes `AttestationAdministrationClient::GetIsolatedModeCertificates`. - - `AttestationAdministrationClient::AddPolicyManagementCertificate` becomes `AttestationAdministrationClient::AddIsolatedModeCertificate`. - - `AttestationAdministrationClient::RemovePolicyManagementCertificate` becomes `AttestationAdministrationClient::RemoveIsolatedModeCertificate`. -- Removed `ClientVersion` API from `AttestationClient` and `AttestationAdministrationClient` - -### Other Changes - -- Added `Endpoint` property to `AttestationClient` and `AttestationAdministrationClient` - -## 1.0.0-beta.1 (2022-04-05) - -### Features Added - -- Attestation Package creation +# Release History + +## 1.1.0-beta.1 (Unreleased) + +### Features Added + +### Breaking Changes + +### Bugs Fixed + +### Other Changes + +## 1.0.0 (2022-07-07) + +### Breaking Changes + +- Renamed `Version` field to `ApiVersion` and removed the `ServiceVersion` enumeration. + +## 1.0.0-beta.3 (2022-06-07) + +### Breaking Changes + +- `ValueToSend` field in `TpmAttestationOptions` becomes `Payload`. +- `AddIsolatedModeCertificatesOptions` becomes `AddIsolatedModeCertificateOptions` +- `RemoveIsolatedModeCertificatesOptions` becomes `RemoveIsolatedModeCertificateOptions` +- Renamed `AttestEnclaveOptions` to `AttestSgxEnclaveOptions` and `AttestOpenEnclaveOptions`. +- `AttestationClient` and `AttestationAdministrationClient` creation is now done using the factory method `AttestationClient::Create()` and `AttestationAdministrationClient::Create()`. + +## 1.0.0-beta.2 (2022-05-10) + +### Breaking Changes + +- Renamed `AttestationOpenIdMetadata` type to `OpenIdMetadata`. +- Renamed `AttestationSigningCertificateResult` type to `TokenValidationCertificateResult` to more accurately reflect the + purpose of the type. +- Removed the `AttestationTokenBase` class and moved its contents to the `AttestationToken` class. +- Empty `AttestationToken` types are now represented with `AttestationToken` rather than `AttestationToken<>` to more idiomatically express the idea of a nullable attestation token. +- Renamed `RuntimeClaims` field to `RunTimeClaims` to align with `InitTimeClaims` type name; standardized spelling of + `InitTimeClaims`. +- Changed input parameter to `AttestTpm` to be `AttestTpmOptions` instead of `std::string`. +- Changed output parameter of `AttestTpm` to be `TpmAttestationResult` instead of `std::string`. +- Renamed `AttestationTokenValidationOptions::ValidationTimeSlack` to `AttestationTokenValidationOptions::TimeValidationSlack` + to improve consistency with other attestation SDKs. +- Removed the unused `AttestationValidationCollateral` API. +- Renamed `AttestOptions` to `AttestEnclaveOptions` +- Renamed `TokenValidationOptions` field in various API Options structures to be `TokenValidationOptionsOverride` to better + reflect the semantics of the field. +- Renamed `PolicyCertificate` types to `IsolatedMode`. + - `PolicyCertificateModificationResult` becomes `IsolatedModeCertificateModificationResult` + - `PolicyCertificateListResult` becomes `IsolatedModeCertificateListResult` + - `GetPolicyManagementCertificateOptions` becomes `GetIsolatedModeCertificatesOptions` + - `AddPolicyManagementCertificatesOptions` becomes `AddIsolatedModeCertificatesOptions` + - `RemovePolicyManagementCertificatesOptions` becomes `RemoveIsolatedModeCertificatesOptions` + - `AttestationAdministrationClient::GetPolicyManagementCertificates` becomes `AttestationAdministrationClient::GetIsolatedModeCertificates`. + - `AttestationAdministrationClient::AddPolicyManagementCertificate` becomes `AttestationAdministrationClient::AddIsolatedModeCertificate`. + - `AttestationAdministrationClient::RemovePolicyManagementCertificate` becomes `AttestationAdministrationClient::RemoveIsolatedModeCertificate`. +- Removed `ClientVersion` API from `AttestationClient` and `AttestationAdministrationClient` + +### Other Changes + +- Added `Endpoint` property to `AttestationClient` and `AttestationAdministrationClient` + +## 1.0.0-beta.1 (2022-04-05) + +### Features Added + +- Attestation Package creation From 73a296c5450e852d759cf8986081242b95843b65 Mon Sep 17 00:00:00 2001 From: Peng Li Date: Tue, 13 Sep 2022 13:47:42 -0700 Subject: [PATCH 08/15] add the change --- sdk/attestation/azure-security-attestation/CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/sdk/attestation/azure-security-attestation/CHANGELOG.md b/sdk/attestation/azure-security-attestation/CHANGELOG.md index b032e5a8d2..1c62cce77e 100644 --- a/sdk/attestation/azure-security-attestation/CHANGELOG.md +++ b/sdk/attestation/azure-security-attestation/CHANGELOG.md @@ -6,6 +6,11 @@ ### Breaking Changes +- Changed `AttestationClient::AttestTpm` to match `AttestOpenEnclave` and `AttestSgxmEnclave` + - Added `std::vector` dataToAttest parameter. + - Removed `PayLoad` in `TpmAttestationOptions` + - Changed `TpmResult` in `TpmAttestationResult` to type `std::vector` + ### Bugs Fixed ### Other Changes From 81e9c8de2a30a94c1f3bb75014c2d91dc8da7483 Mon Sep 17 00:00:00 2001 From: Peng Li Date: Tue, 13 Sep 2022 13:56:19 -0700 Subject: [PATCH 09/15] update comment --- .../inc/azure/attestation/attestation_client.hpp | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp b/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp index 1da17c0f5c..0b9636e175 100644 --- a/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp +++ b/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp @@ -231,9 +231,11 @@ namespace Azure { namespace Security { namespace Attestation { * [here](https://docs.microsoft.com/azure/attestation/virtualization-based-security-protocol') * * - * @param dataToAttest - Attestation Request data. - * @param options sent to the service for Trusted Platform Module (TPM) attestation. - * @return attestation response for Trusted Platform Module (TPM) attestation. + * @param dataToAttest - Attestation request data. + * @param options - Options to the attestation request. + * @param context - Context for the operation. + * + * @return Response - The result of the attestation operation */ Response AttestTpm( std::vector const& dataToAttest, From ceb16d518412d66369efa725c3948e8dd8f0238f Mon Sep 17 00:00:00 2001 From: Peng Li <86324823+penglimsft@users.noreply.github.com> Date: Tue, 13 Sep 2022 16:19:31 -0700 Subject: [PATCH 10/15] Update sdk/attestation/azure-security-attestation/CHANGELOG.md Co-authored-by: Larry Osterman --- sdk/attestation/azure-security-attestation/CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/attestation/azure-security-attestation/CHANGELOG.md b/sdk/attestation/azure-security-attestation/CHANGELOG.md index 1c62cce77e..e5c537269e 100644 --- a/sdk/attestation/azure-security-attestation/CHANGELOG.md +++ b/sdk/attestation/azure-security-attestation/CHANGELOG.md @@ -6,7 +6,7 @@ ### Breaking Changes -- Changed `AttestationClient::AttestTpm` to match `AttestOpenEnclave` and `AttestSgxmEnclave` +- Changed `AttestationClient::AttestTpm` to match `AttestOpenEnclave` and `AttestSgxEnclave` - Added `std::vector` dataToAttest parameter. - Removed `PayLoad` in `TpmAttestationOptions` - Changed `TpmResult` in `TpmAttestationResult` to type `std::vector` From ec897c4cf634ec6050937a998ec54639844be8a7 Mon Sep 17 00:00:00 2001 From: Peng Li <86324823+penglimsft@users.noreply.github.com> Date: Tue, 13 Sep 2022 23:42:59 +0000 Subject: [PATCH 11/15] fix formatting --- .../inc/azure/attestation/attestation_client.hpp | 2 +- .../inc/azure/attestation/attestation_client_models.hpp | 2 +- .../src/private/attestation_client_private.hpp | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp b/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp index 0b9636e175..0ace09b322 100644 --- a/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp +++ b/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp @@ -234,7 +234,7 @@ namespace Azure { namespace Security { namespace Attestation { * @param dataToAttest - Attestation request data. * @param options - Options to the attestation request. * @param context - Context for the operation. - * + * * @return Response - The result of the attestation operation */ Response AttestTpm( diff --git a/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client_models.hpp b/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client_models.hpp index 946582480f..c4db47e2ae 100644 --- a/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client_models.hpp +++ b/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client_models.hpp @@ -449,7 +449,7 @@ namespace Azure { namespace Security { namespace Attestation { namespace Models struct TpmAttestationResult final { /** @brief Attestation response data. - * + * * The TPM attestation protocol is defined * [here](https://docs.microsoft.com/azure/attestation/virtualization-based-security-protocol') * diff --git a/sdk/attestation/azure-security-attestation/src/private/attestation_client_private.hpp b/sdk/attestation/azure-security-attestation/src/private/attestation_client_private.hpp index bfc68430b3..c0b1ae8ea0 100644 --- a/sdk/attestation/azure-security-attestation/src/private/attestation_client_private.hpp +++ b/sdk/attestation/azure-security-attestation/src/private/attestation_client_private.hpp @@ -445,7 +445,7 @@ namespace Azure { namespace Security { namespace Attestation { namespace _detail /** * @brief Convert the internal attestation token to a public AttestationToken object. */ - operator Models::AttestationToken&() { return m_token; } + operator Models::AttestationToken &() { return m_token; } /** * @brief Convert the internal attestation token to a public AttestationToken object. */ From 70144a4839856419ec918fdbbfc5289612453891 Mon Sep 17 00:00:00 2001 From: Peng Li <86324823+penglimsft@users.noreply.github.com> Date: Tue, 13 Sep 2022 23:51:07 +0000 Subject: [PATCH 12/15] address pr comment --- .../azure-security-attestation/src/attestation_client.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/attestation/azure-security-attestation/src/attestation_client.cpp b/sdk/attestation/azure-security-attestation/src/attestation_client.cpp index ef781d1264..8786466e1d 100644 --- a/sdk/attestation/azure-security-attestation/src/attestation_client.cpp +++ b/sdk/attestation/azure-security-attestation/src/attestation_client.cpp @@ -213,7 +213,7 @@ Azure::Response AttestationClient::AttestTpm( // Send the request to the service. auto response = AttestationCommonRequest::SendRequest(*m_pipeline, request, tracingContext.Context); - auto returnedBody = TpmDataSerializer::Deserialize(response); + std::vector returnedBody{TpmDataSerializer::Deserialize(response)}; return Response(TpmAttestationResult{returnedBody}, std::move(response)); } catch (std::runtime_error const& ex) From 5892c8412d7c5d5fe2ef7bac748a2f1d5e7f6940 Mon Sep 17 00:00:00 2001 From: Peng Li <86324823+penglimsft@users.noreply.github.com> Date: Wed, 14 Sep 2022 00:09:31 +0000 Subject: [PATCH 13/15] fix formating --- .../src/private/attestation_client_private.hpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/attestation/azure-security-attestation/src/private/attestation_client_private.hpp b/sdk/attestation/azure-security-attestation/src/private/attestation_client_private.hpp index c0b1ae8ea0..bfc68430b3 100644 --- a/sdk/attestation/azure-security-attestation/src/private/attestation_client_private.hpp +++ b/sdk/attestation/azure-security-attestation/src/private/attestation_client_private.hpp @@ -445,7 +445,7 @@ namespace Azure { namespace Security { namespace Attestation { namespace _detail /** * @brief Convert the internal attestation token to a public AttestationToken object. */ - operator Models::AttestationToken &() { return m_token; } + operator Models::AttestationToken&() { return m_token; } /** * @brief Convert the internal attestation token to a public AttestationToken object. */ From 9a1af62814deeb329520d7156d5325e58785c30f Mon Sep 17 00:00:00 2001 From: Peng Li <86324823+penglimsft@users.noreply.github.com> Date: Wed, 14 Sep 2022 22:55:08 +0000 Subject: [PATCH 14/15] update a comment --- .../inc/azure/attestation/attestation_client.hpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp b/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp index 0ace09b322..dea0fa2988 100644 --- a/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp +++ b/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp @@ -223,7 +223,7 @@ namespace Azure { namespace Security { namespace Attestation { Azure::Core::Context const& context = Azure::Core::Context{}) const; /** - * @brief Perform a single leg + * @brief Sends TPM-based attestation data to the service. * * Attest a TPM based enclave * From a8592cfe94d5a97f1fba5d7bd9c3289b1342b969 Mon Sep 17 00:00:00 2001 From: Peng Li <86324823+penglimsft@users.noreply.github.com> Date: Thu, 15 Sep 2022 01:02:41 +0000 Subject: [PATCH 15/15] remove the attest tpm comment --- .../inc/azure/attestation/attestation_client.hpp | 3 --- 1 file changed, 3 deletions(-) diff --git a/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp b/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp index dea0fa2988..d7c44d4941 100644 --- a/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp +++ b/sdk/attestation/azure-security-attestation/inc/azure/attestation/attestation_client.hpp @@ -224,9 +224,6 @@ namespace Azure { namespace Security { namespace Attestation { /** * @brief Sends TPM-based attestation data to the service. - * - * Attest a TPM based enclave - * * The TPM attestation protocol is defined * [here](https://docs.microsoft.com/azure/attestation/virtualization-based-security-protocol') *