DCAP attestation: Add GCP provenence check to establish whether the associated PPID is endorsed by Google

crates/attestation/src/azure/mod.rs

@@ -802,7 +802,7 @@ mod tests {
     /// Verify a complete observed Azure attestation payload that includes
     /// AK intermediates fetched from the leaf certificate's AIA URLs.
     #[tokio::test]
-    async fn test_verify() {
+    async fn test_verify_with_ak_intermediates() {
         // generated using [capture_azure_fixture] above.
         let attestation_bytes: &'static [u8] =
             include_bytes!("../../test-assets/azure-tdx-with-ak-intermediates-1780922561.yaml");

crates/attestation/src/dcap.rs

@@ -33,7 +33,7 @@ pub async fn verify_dcap_attestation(
     input: Vec<u8>,
     expected_input_data: [u8; 64],
     pccs: Option<Pccs>,
-) -> Result<MultiMeasurements, DcapVerificationError> {
+) -> Result<(MultiMeasurements, Quote), DcapVerificationError> {
     let now = std::time::SystemTime::now().duration_since(std::time::UNIX_EPOCH)?.as_secs();
     let override_azure_outdated_tcb = false;
     verify_dcap_attestation_with_given_timestamp(
@@ -58,7 +58,7 @@ pub fn verify_dcap_attestation_sync(
     input: Vec<u8>,
     expected_input_data: [u8; 64],
     pccs: Pccs,
-) -> Result<MultiMeasurements, DcapVerificationError> {
+) -> Result<(MultiMeasurements, Quote), DcapVerificationError> {
     let now = std::time::SystemTime::now().duration_since(std::time::UNIX_EPOCH)?.as_secs();
     let override_azure_outdated_tcb = false;
     verify_dcap_attestation_with_timestamp_sync(
@@ -84,7 +84,7 @@ pub fn verify_dcap_attestation_with_timestamp_sync(
     collateral: Option<QuoteCollateralV3>,
     now: u64,
     override_azure_outdated_tcb: bool,
-) -> Result<MultiMeasurements, DcapVerificationError> {
+) -> Result<(MultiMeasurements, Quote), DcapVerificationError> {
     let quote = Quote::parse(&input)?;
 
     let ca = quote.ca()?;
@@ -118,7 +118,7 @@ pub async fn verify_dcap_attestation_with_given_timestamp(
     collateral: Option<QuoteCollateralV3>,
     now: u64,
     override_azure_outdated_tcb: bool,
-) -> Result<MultiMeasurements, DcapVerificationError> {
+) -> Result<(MultiMeasurements, Quote), DcapVerificationError> {
     let quote = Quote::parse(&input)?;
 
     let ca = quote.ca()?;
@@ -156,7 +156,7 @@ fn verify_dcap_attestation_with_collateral_and_timestamp(
     collateral: QuoteCollateralV3,
     now: u64,
     override_azure_outdated_tcb: bool,
-) -> Result<MultiMeasurements, DcapVerificationError> {
+) -> Result<(MultiMeasurements, Quote), DcapVerificationError> {
     tracing::info!("Verifying DCAP attestation: {quote:?}");
 
     let fmspc = hex::encode_upper(quote.fmspc()?);
@@ -197,19 +197,19 @@ fn verify_dcap_attestation_with_collateral_and_timestamp(
 
     let measurements = MultiMeasurements::from_dcap_qvl_quote(&quote)?;
 
-    if get_quote_input_data(quote.report) != expected_input_data {
+    if get_quote_input_data(&quote.report) != expected_input_data {
         return Err(DcapVerificationError::InputMismatch);
     }
 
-    Ok(measurements)
+    Ok((measurements, quote))
 }
 
 #[cfg(any(test, feature = "mock"))]
 pub async fn verify_dcap_attestation(
     input: Vec<u8>,
     expected_input_data: [u8; 64],
     pccs: Option<Pccs>,
-) -> Result<MultiMeasurements, DcapVerificationError> {
+) -> Result<(MultiMeasurements, Quote), DcapVerificationError> {
     let quote = Quote::parse(&input)?;
     let ca = quote.ca()?;
     let fmspc = hex::encode_upper(quote.fmspc()?);
@@ -224,19 +224,19 @@ pub async fn verify_dcap_attestation(
     verifier.verify(&input, &collateral, now)?;
 
     let measurements = MultiMeasurements::from_dcap_qvl_quote(&quote)?;
-    if get_quote_input_data(quote.report) != expected_input_data {
+    if get_quote_input_data(&quote.report) != expected_input_data {
         return Err(DcapVerificationError::InputMismatch);
     }
 
-    Ok(measurements)
+    Ok((measurements, quote))
 }
 
 #[cfg(any(test, feature = "mock"))]
 pub fn verify_dcap_attestation_sync(
     input: Vec<u8>,
     expected_input_data: [u8; 64],
     pccs: Pccs,
-) -> Result<MultiMeasurements, DcapVerificationError> {
+) -> Result<(MultiMeasurements, Quote), DcapVerificationError> {
     let quote = Quote::parse(&input)?;
     let ca = quote.ca()?;
     let fmspc = hex::encode_upper(quote.fmspc()?);
@@ -246,10 +246,11 @@ pub fn verify_dcap_attestation_sync(
     verifier.verify(&input, &collateral, now)?;
 
     let measurements = MultiMeasurements::from_dcap_qvl_quote(&quote)?;
-    if get_quote_input_data(quote.report.clone()) != expected_input_data {
+    if get_quote_input_data(&quote.report) != expected_input_data {
         return Err(DcapVerificationError::InputMismatch);
     }
-    Ok(measurements)
+
+    Ok((measurements, quote))
 }
 
 /// Create a mock quote for testing on non-confidential hardware
@@ -267,7 +268,7 @@ fn generate_quote(input: [u8; 64]) -> Result<Vec<u8>, tdx_attest::TdxAttestError
 }
 
 /// Given a [Report] get the input data regardless of report type
-pub fn get_quote_input_data(report: Report) -> [u8; 64] {
+pub fn get_quote_input_data(report: &Report) -> [u8; 64] {
     match report {
         Report::TD10(r) => r.report_data,
         Report::TD15(r) => r.base.report_data,
@@ -297,7 +298,7 @@ mod tests {
     use mock_tdx::{MockPcsConfig, spawn_mock_pcs_server};
 
     use super::*;
-    use crate::measurements::MeasurementPolicy;
+    use crate::{AttestationType, measurements::MeasurementPolicy};
 
     #[tokio::test]
     async fn test_dcap_verify() {
@@ -331,7 +332,7 @@ mod tests {
         let async_collateral = serde_saphyr::from_slice(collateral_bytes).unwrap();
         let sync_collateral = serde_saphyr::from_slice(collateral_bytes).unwrap();
 
-        let async_measurements = verify_dcap_attestation_with_given_timestamp(
+        let (async_measurements, _) = verify_dcap_attestation_with_given_timestamp(
             attestation_bytes.to_vec(),
             [
                 116, 39, 106, 100, 143, 31, 212, 145, 244, 116, 162, 213, 44, 114, 216, 80, 227,
@@ -347,7 +348,7 @@ mod tests {
         .await
         .unwrap();
 
-        let sync_measurements = verify_dcap_attestation_with_timestamp_sync(
+        let (sync_measurements, _) = verify_dcap_attestation_with_timestamp_sync(
             attestation_bytes.to_vec(),
             [
                 116, 39, 106, 100, 143, 31, 212, 145, 244, 116, 162, 213, 44, 114, 216, 80, 227,
@@ -363,7 +364,9 @@ mod tests {
         .unwrap();
 
         assert_eq!(async_measurements, sync_measurements);
-        measurement_policy.check_measurement(&async_measurements).unwrap();
+        measurement_policy
+            .check_measurement(AttestationType::DcapTdx, &async_measurements)
+            .unwrap();
     }
 
     // This specifically tests a quote which has outdated TCB level from Azure
@@ -409,7 +412,7 @@ mod tests {
         let expected_input_data = [0xA5; 64];
         let attestation_bytes = create_dcap_attestation(expected_input_data).unwrap();
 
-        let measurements =
+        let (measurements, _) =
             verify_dcap_attestation(attestation_bytes, expected_input_data, Some(pccs))
                 .await
                 .unwrap();