From 17e64b4c8b317112066b63a1380f770f4bfcb8eb Mon Sep 17 00:00:00 2001 From: peg Date: Fri, 12 Dec 2025 19:02:24 +0100 Subject: [PATCH 1/3] Use git version of dcap-qvl --- Cargo.lock | 45 ++++++++++++++++++++++----------------------- Cargo.toml | 4 ++-- 2 files changed, 24 insertions(+), 25 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index bd6566a..b4dc3f7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -402,9 +402,9 @@ dependencies = [ [[package]] name = "borsh" -version = "1.5.7" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ad8646f98db542e39fc66e68a20b2144f6a732636df7c2354e74645faaa433ce" +checksum = "d1da5ab77c1437701eeff7c88d968729e7766172279eab0676857b3d63af7a6f" dependencies = [ "borsh-derive", "cfg_aliases", @@ -412,9 +412,9 @@ dependencies = [ [[package]] name = "borsh-derive" -version = "1.5.7" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fdd1d3c0c2f5833f22386f252fe8ed005c7f59fdcddeef025c01b4c3b9fd9ac3" +checksum = "0686c856aa6aac0c4498f936d7d6a02df690f614c03e4d906d1018062b5c5e2c" dependencies = [ "once_cell", "proc-macro-crate", @@ -658,9 +658,8 @@ checksum = "2a2330da5de22e8a3cb63252ce2abb30116bf5265e89c0e01bc17015ce30a476" [[package]] name = "dcap-qvl" -version = "0.3.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "435989ce7ba46ba3f837f9df3c8139469e72ae810e707893b19f8b6b370d14ef" +version = "0.3.5" +source = "git+https://github.com/Phala-Network/dcap-qvl.git#c95e85a5dd47975ad7c56be8afbecb6ef7288330" dependencies = [ "anyhow", "asn1_der", @@ -1522,9 +1521,9 @@ checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c" [[package]] name = "js-sys" -version = "0.3.82" +version = "0.3.83" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b011eec8cc36da2aab2d5cff675ec18454fad408585853910a202391cf9f8e65" +checksum = "464a3709c7f55f1f721e5389aa6ea4e3bc6aba669353300af094b29ffbdde1d8" dependencies = [ "once_cell", "wasm-bindgen", @@ -1613,9 +1612,9 @@ dependencies = [ [[package]] name = "log" -version = "0.4.28" +version = "0.4.29" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "34080505efa8e45a4b816c349525ebe327ceaa8559756f0356cba97ef3bf7432" +checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897" [[package]] name = "lru-slab" @@ -3403,9 +3402,9 @@ dependencies = [ [[package]] name = "wasm-bindgen" -version = "0.2.105" +version = "0.2.106" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da95793dfc411fbbd93f5be7715b0578ec61fe87cb1a42b12eb625caa5c5ea60" +checksum = "0d759f433fa64a2d763d1340820e46e111a7a5ab75f993d1852d70b03dbb80fd" dependencies = [ "cfg-if", "once_cell", @@ -3416,9 +3415,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-futures" -version = "0.4.55" +version = "0.4.56" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "551f88106c6d5e7ccc7cd9a16f312dd3b5d36ea8b4954304657d5dfba115d4a0" +checksum = "836d9622d604feee9e5de25ac10e3ea5f2d65b41eac0d9ce72eb5deae707ce7c" dependencies = [ "cfg-if", "js-sys", @@ -3429,9 +3428,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.105" +version = "0.2.106" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "04264334509e04a7bf8690f2384ef5265f05143a4bff3889ab7a3269adab59c2" +checksum = "48cb0d2638f8baedbc542ed444afc0644a29166f1595371af4fecf8ce1e7eeb3" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -3439,9 +3438,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.105" +version = "0.2.106" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "420bc339d9f322e562942d52e115d57e950d12d88983a14c79b86859ee6c7ebc" +checksum = "cefb59d5cd5f92d9dcf80e4683949f15ca4b511f4ac0a6e14d4e1ac60c6ecd40" dependencies = [ "bumpalo", "proc-macro2", @@ -3452,18 +3451,18 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.105" +version = "0.2.106" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "76f218a38c84bcb33c25ec7059b07847d465ce0e0a76b995e134a45adcb6af76" +checksum = "cbc538057e648b67f72a982e708d485b2efa771e1ac05fec311f9f63e5800db4" dependencies = [ "unicode-ident", ] [[package]] name = "web-sys" -version = "0.3.82" +version = "0.3.83" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3a1f95c0d03a47f4ae1f7a64643a6bb97465d9b740f0fa8f90ea33915c99a9a1" +checksum = "9b32828d774c412041098d182a8b38b16ea816958e07cf40eec2bc080ae137ac" dependencies = [ "js-sys", "wasm-bindgen", diff --git a/Cargo.toml b/Cargo.toml index 061364e..cc2c909 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -23,7 +23,7 @@ pem-rfc7468 = { version = "0.7.0", features = ["std"] } tdx-quote = { version = "0.0.4", features = ["mock"] } configfs-tsm = "0.0.2" rand_core = { version = "0.6.4", features = ["getrandom"] } -dcap-qvl = "0.3.4" +dcap-qvl = { git="https://github.com/Phala-Network/dcap-qvl.git" } hex = "0.4.3" hyper = { version = "1.7.0", features = ["server", "http2"] } hyper-util = "0.1.17" @@ -33,7 +33,7 @@ http = "1.3.1" serde_json = "1.0.145" serde = "1.0.228" base64 = "0.22.1" -reqwest = { version = "0.12.23", default-features = false, features = [ +reqwest = { version = "0.12.24", default-features = false, features = [ "rustls-tls-webpki-roots-no-provider", ] } tracing = "0.1.41" From 992a63970c69c57058602058f9b4b9d5ae4c863f Mon Sep 17 00:00:00 2001 From: peg Date: Fri, 12 Dec 2025 19:15:18 +0100 Subject: [PATCH 2/3] Use production quote verifier --- src/attestation/dcap.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/attestation/dcap.rs b/src/attestation/dcap.rs index e448f95..c0b53e7 100644 --- a/src/attestation/dcap.rs +++ b/src/attestation/dcap.rs @@ -40,7 +40,8 @@ pub async fn verify_dcap_attestation( ) .await?; - let _verified_report = dcap_qvl::verify::verify(&input, &collateral, now)?; + let quote_verifier = dcap_qvl::verify::QuoteVerifier::new_prod(); + let _verified_report = quote_verifier.verify(&input, &collateral, now)?; let measurements = MultiMeasurements::from_dcap_qvl_quote("e)?; From bd96dbde94b10548634a0b51902ca1bc995f817c Mon Sep 17 00:00:00 2001 From: peg Date: Tue, 27 Jan 2026 09:54:17 +0100 Subject: [PATCH 3/3] Bump dcap-qvl --- Cargo.lock | 92 ++++++++++++++++++++++++++++++----------- Cargo.toml | 2 +- src/attestation/dcap.rs | 2 +- 3 files changed, 70 insertions(+), 26 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index b707f6c..6800415 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -166,7 +166,7 @@ dependencies = [ "reqwest", "rsa", "rustls-pemfile", - "rustls-webpki 0.103.8", + "rustls-webpki", "serde", "serde_json", "sha2", @@ -569,6 +569,15 @@ dependencies = [ "unicode-xid", ] +[[package]] +name = "convert_case" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "633458d4ef8c78b72454de2d54fd6ab2e60f9e02be22f3c6104cdc8a4e0fceb9" +dependencies = [ + "unicode-segmentation", +] + [[package]] name = "cpufeatures" version = "0.2.17" @@ -664,8 +673,9 @@ checksum = "2a2330da5de22e8a3cb63252ce2abb30116bf5265e89c0e01bc17015ce30a476" [[package]] name = "dcap-qvl" -version = "0.3.5" -source = "git+https://github.com/Phala-Network/dcap-qvl.git#c95e85a5dd47975ad7c56be8afbecb6ef7288330" +version = "0.3.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3696cfa3d2b8b26df6dadafa67dd1fa69376c1e38971c207984bc3a9f0621d05" dependencies = [ "anyhow", "asn1_der", @@ -676,18 +686,20 @@ dependencies = [ "const-oid", "dcap-qvl-webpki", "der", + "derive_more 2.1.1", "futures", "hex", "log", + "p256", "parity-scale-codec", "pem", "reqwest", - "ring", - "rustls-webpki 0.102.8", + "rustls-pki-types", "scale-info", "serde", "serde-human-bytes", "serde_json", + "sha2", "tracing", "urlencoding", "wasm-bindgen-futures", @@ -696,12 +708,19 @@ dependencies = [ [[package]] name = "dcap-qvl-webpki" -version = "0.103.3" +version = "0.103.4+dcap.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70ebdcd097c369fe3422cf3978540e0406148435ec0f4d8ecbbf201c746f19c9" +checksum = "d0af040afe66c4f26ca05f308482d98bd75a35a80a227d877c2e28c9947a9fa6" dependencies = [ + "ecdsa", + "ed25519-dalek", + "p256", + "p384", "ring", + "rsa", "rustls-pki-types", + "sha2", + "signature", "untrusted", ] @@ -758,7 +777,16 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4a9b99b9cbbe49445b21764dc0625032a89b145a2642e67603e1c936f5458d05" dependencies = [ - "derive_more-impl", + "derive_more-impl 1.0.0", +] + +[[package]] +name = "derive_more" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d751e9e49156b02b44f9c1815bcb94b984cdcc4396ecc32521c739452808b134" +dependencies = [ + "derive_more-impl 2.1.1", ] [[package]] @@ -772,6 +800,20 @@ dependencies = [ "syn", ] +[[package]] +name = "derive_more-impl" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "799a97264921d8623a957f6c3b9011f3b5492f557bbb7a5a19b7fa6d06ba8dcb" +dependencies = [ + "convert_case", + "proc-macro2", + "quote", + "rustc_version", + "syn", + "unicode-xid", +] + [[package]] name = "digest" version = "0.10.7" @@ -2436,6 +2478,7 @@ dependencies = [ "pkcs1", "pkcs8", "rand_core 0.6.4", + "sha2", "signature", "spki", "subtle", @@ -2488,7 +2531,7 @@ dependencies = [ "once_cell", "ring", "rustls-pki-types", - "rustls-webpki 0.103.8", + "rustls-webpki", "subtle", "zeroize", ] @@ -2512,17 +2555,6 @@ dependencies = [ "zeroize", ] -[[package]] -name = "rustls-webpki" -version = "0.102.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9" -dependencies = [ - "ring", - "rustls-pki-types", - "untrusted", -] - [[package]] name = "rustls-webpki" version = "0.103.8" @@ -2554,7 +2586,7 @@ checksum = "346a3b32eba2640d17a9cb5927056b08f3de90f65b72fe09402c2ad07d684d0b" dependencies = [ "bitvec", "cfg-if", - "derive_more", + "derive_more 1.0.0", "parity-scale-codec", "scale-info-derive", ] @@ -2658,16 +2690,16 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.145" +version = "1.0.149" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "402a6f66d8c709116cf22f558eab210f5a50187f702eb4d7e5ef38d9a7f1c79c" +checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86" dependencies = [ "indexmap", "itoa", "memchr", - "ryu", "serde", "serde_core", + "zmij", ] [[package]] @@ -3326,6 +3358,12 @@ version = "1.0.20" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "462eeb75aeb73aea900253ce739c8e18a67423fadf006037cd3ff27e82748a06" +[[package]] +name = "unicode-segmentation" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f6ccf251212114b54433ec949fd6a7841275f9ada20dddd2f29e9ceea4501493" + [[package]] name = "unicode-xid" version = "0.2.6" @@ -4010,3 +4048,9 @@ dependencies = [ "quote", "syn", ] + +[[package]] +name = "zmij" +version = "1.0.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "02aae0f83f69aafc94776e879363e9771d7ecbffe2c7fbb6c14c5e00dfe88439" diff --git a/Cargo.toml b/Cargo.toml index f1ed68b..f361a66 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -25,7 +25,7 @@ anyhow = "1.0.100" pem-rfc7468 = { version = "0.7.0", features = ["std"] } configfs-tsm = "0.0.2" rand_core = { version = "0.6.4", features = ["getrandom"] } -dcap-qvl = { git="https://github.com/Phala-Network/dcap-qvl.git" } +dcap-qvl = "0.3.10" hex = "0.4.3" hyper = { version = "1.7.0", features = ["server", "http2"] } hyper-util = "0.1.17" diff --git a/src/attestation/dcap.rs b/src/attestation/dcap.rs index 71779da..170ef1f 100644 --- a/src/attestation/dcap.rs +++ b/src/attestation/dcap.rs @@ -134,7 +134,7 @@ mod tests { // To avoid this test stopping working when the certificate is no longer valid we pass in a // timestamp - let now = 1764621240; + let now = 1769503950; let measurements_json = br#" [{