From fdd2b7956a4a795c7e78298f942fc1703c1140f4 Mon Sep 17 00:00:00 2001
From: Al Cutter <al@google.com>
Date: Mon, 4 Mar 2024 18:00:08 +0000
Subject: [PATCH] Add support for ID attestation to HID

---
 api/api.go        |  4 ++-
 api/api.pb.go     | 74 ++++++++++++++++++++++++++++++++---------------
 api/api.proto     |  9 ++++++
 api/rpc/rpc.go    |  4 +++
 trusted_os/ctl.go |  6 ++--
 5 files changed, 71 insertions(+), 26 deletions(-)

diff --git a/api/api.go b/api/api.go
index 4ab46fd..c309995 100644
--- a/api/api.go
+++ b/api/api.go
@@ -103,7 +103,9 @@ func (p *Status) Print() string {
 	status.WriteString(fmt.Sprintf("IdentityCounter ............: %d\n", p.IdentityCounter))
 	if p.Witness != nil {
 		status.WriteString(fmt.Sprintf("Witness/Identity ...........: %v\n", p.Witness.Identity))
-		status.WriteString(fmt.Sprintf("Witness/IP .................: %v", p.Witness.IP))
+		status.WriteString(fmt.Sprintf("Witness/IP .................: %v\n", p.Witness.IP))
+		status.WriteString(fmt.Sprintf("Witness/AttestationKey .....: %v\n", p.Witness.IDAttestPublicKey))
+		status.WriteString(fmt.Sprintf("Witness/AttestedID .........:\n%v", p.Witness.AttestedID))
 	} else {
 		status.WriteString(fmt.Sprint("Witness ....................: <no status>"))
 	}
diff --git a/api/api.pb.go b/api/api.pb.go
index 8ba411b..0391658 100644
--- a/api/api.pb.go
+++ b/api/api.pb.go
@@ -421,6 +421,15 @@ type WitnessStatus struct {
 	Identity string `protobuf:"bytes,1,opt,name=Identity,proto3" json:"Identity,omitempty"`
 	// IP is a string representation of the witness applet's current IP address.
 	IP string `protobuf:"bytes,2,opt,name=IP,proto3" json:"IP,omitempty"`
+	// IDAttestKey is the stable public key from this device, used to attest to all derived witness identities.
+	IDAttestPublicKey string `protobuf:"bytes,3,opt,name=IDAttestPublicKey,proto3" json:"IDAttestPublicKey,omitempty"`
+	// AttestedID is a note-formatted signed attestation for the current witness identity.
+	// This attestation note contains:
+	//   "ArmoredWitness ID attestation v1"
+	//   <Device serial>
+	//   <Witness identity counter in decimal>
+	//   <Witness identity as a note verifier string>
+	AttestedID string `protobuf:"bytes,4,opt,name=AttestedID,proto3" json:"AttestedID,omitempty"`
 }
 
 func (x *WitnessStatus) Reset() {
@@ -469,6 +478,20 @@ func (x *WitnessStatus) GetIP() string {
 	return ""
 }
 
+func (x *WitnessStatus) GetIDAttestPublicKey() string {
+	if x != nil {
+		return x.IDAttestPublicKey
+	}
+	return ""
+}
+
+func (x *WitnessStatus) GetAttestedID() string {
+	if x != nil {
+		return x.AttestedID
+	}
+	return ""
+}
+
 type Configuration struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -653,29 +676,34 @@ var file_api_proto_rawDesc = []byte{
 	0x65, 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0f, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69,
 	0x74, 0x79, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x53, 0x52, 0x4b,
 	0x48, 0x61, 0x73, 0x68, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x53, 0x52, 0x4b, 0x48,
-	0x61, 0x73, 0x68, 0x22, 0x3b, 0x0a, 0x0d, 0x57, 0x69, 0x74, 0x6e, 0x65, 0x73, 0x73, 0x53, 0x74,
-	0x61, 0x74, 0x75, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79,
-	0x12, 0x0e, 0x0a, 0x02, 0x49, 0x50, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x50,
-	0x22, 0xa1, 0x01, 0x0a, 0x0d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x44, 0x48, 0x43, 0x50, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08,
-	0x52, 0x04, 0x44, 0x48, 0x43, 0x50, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x50, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x02, 0x49, 0x50, 0x12, 0x18, 0x0a, 0x07, 0x4e, 0x65, 0x74, 0x6d, 0x61, 0x73,
-	0x6b, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x4e, 0x65, 0x74, 0x6d, 0x61, 0x73, 0x6b,
-	0x12, 0x18, 0x0a, 0x07, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x07, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x52, 0x65,
-	0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x52, 0x65,
-	0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x4e, 0x54, 0x50, 0x53, 0x65, 0x72,
-	0x76, 0x65, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x4e, 0x54, 0x50, 0x53, 0x65,
-	0x72, 0x76, 0x65, 0x72, 0x22, 0x4a, 0x0a, 0x08, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
-	0x12, 0x24, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32,
-	0x0e, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x52,
-	0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61,
-	0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64,
-	0x2a, 0x28, 0x0a, 0x09, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x08, 0x0a,
-	0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x47, 0x45, 0x4e, 0x45, 0x52,
-	0x49, 0x43, 0x5f, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x10, 0x01, 0x42, 0x08, 0x5a, 0x06, 0x2e, 0x2f,
-	0x3b, 0x61, 0x70, 0x69, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x61, 0x73, 0x68, 0x22, 0x89, 0x01, 0x0a, 0x0d, 0x57, 0x69, 0x74, 0x6e, 0x65, 0x73, 0x73, 0x53,
+	0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74,
+	0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74,
+	0x79, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x50, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49,
+	0x50, 0x12, 0x2c, 0x0a, 0x11, 0x49, 0x44, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x50, 0x75, 0x62,
+	0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x49, 0x44,
+	0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12,
+	0x1e, 0x0a, 0x0a, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x65, 0x64, 0x49, 0x44, 0x18, 0x04, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x0a, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x65, 0x64, 0x49, 0x44, 0x22,
+	0xa1, 0x01, 0x0a, 0x0d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x12, 0x12, 0x0a, 0x04, 0x44, 0x48, 0x43, 0x50, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52,
+	0x04, 0x44, 0x48, 0x43, 0x50, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x50, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x02, 0x49, 0x50, 0x12, 0x18, 0x0a, 0x07, 0x4e, 0x65, 0x74, 0x6d, 0x61, 0x73, 0x6b,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x4e, 0x65, 0x74, 0x6d, 0x61, 0x73, 0x6b, 0x12,
+	0x18, 0x0a, 0x07, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x07, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x52, 0x65, 0x73,
+	0x6f, 0x6c, 0x76, 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x52, 0x65, 0x73,
+	0x6f, 0x6c, 0x76, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x4e, 0x54, 0x50, 0x53, 0x65, 0x72, 0x76,
+	0x65, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x4e, 0x54, 0x50, 0x53, 0x65, 0x72,
+	0x76, 0x65, 0x72, 0x22, 0x4a, 0x0a, 0x08, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12,
+	0x24, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0e,
+	0x2e, 0x61, 0x70, 0x69, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x52, 0x05,
+	0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x2a,
+	0x28, 0x0a, 0x09, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x08, 0x0a, 0x04,
+	0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x47, 0x45, 0x4e, 0x45, 0x52, 0x49,
+	0x43, 0x5f, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x10, 0x01, 0x42, 0x08, 0x5a, 0x06, 0x2e, 0x2f, 0x3b,
+	0x61, 0x70, 0x69, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
diff --git a/api/api.proto b/api/api.proto
index 5daaf02..96b27d4 100644
--- a/api/api.proto
+++ b/api/api.proto
@@ -149,6 +149,15 @@ message WitnessStatus {
   string Identity = 1;
   // IP is a string representation of the witness applet's current IP address.
   string IP = 2;
+  // IDAttestKey is the stable public key from this device, used to attest to all derived witness identities.
+  string IDAttestPublicKey = 3;
+  // AttestedID is a note-formatted signed attestation for the current witness identity.
+  // This attestation note contains:
+	//   "ArmoredWitness ID attestation v1"
+	//   <Device serial>
+	//   <Witness identity counter in decimal>
+	//   <Witness identity as a note verifier string>
+  string AttestedID = 4;
 }
 
 /*
diff --git a/api/rpc/rpc.go b/api/rpc/rpc.go
index 19d8a97..c34a942 100644
--- a/api/rpc/rpc.go
+++ b/api/rpc/rpc.go
@@ -49,6 +49,10 @@ type WitnessStatus struct {
 	Identity string
 	// IP is the currently-assigned IP address of the witness applet.
 	IP string
+	// IDAttestPublicKey is the stable-derived use by this device to attest to witness IDs.
+	IDAttestPublicKey string
+	// AttestedID is a note formatted attestation for the current witness ID.
+	AttestedID string
 }
 
 // FirmwareUpdate represents a firmware update.
diff --git a/trusted_os/ctl.go b/trusted_os/ctl.go
index 72531d7..58bfdfc 100644
--- a/trusted_os/ctl.go
+++ b/trusted_os/ctl.go
@@ -77,8 +77,10 @@ func getStatus() (s *api.Status) {
 	}
 	if witnessStatus != nil {
 		s.Witness = &api.WitnessStatus{
-			Identity: witnessStatus.Identity,
-			IP:       witnessStatus.IP,
+			Identity:          witnessStatus.Identity,
+			IP:                witnessStatus.IP,
+			IDAttestPublicKey: witnessStatus.IDAttestPublicKey,
+			AttestedID:        witnessStatus.AttestedID,
 		}
 	}