Skip to content

Bump dcap-qvl to 0.5.2 #61

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ameba23 wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Bump dcap-qvl to 0.5.2 #61

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fa7615a
Bump dcap-qvl to 0.5.2
ameba23 Jun 23, 2026
75c370b
Merge branch 'main' into peg/bump-dcapqvl
ameba23 Jun 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
221 changes: 186 additions & 35 deletions Cargo.lock
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,5 +26,5 @@ reqwest = { version = "0.13.4", default-features = false, features = ["rustls"]
rustls = { version = "0.23.37", default-features = false, features = ["brotli"] }
tokio = { version = "1.50.0", features = ["default"] }
tokio-rustls = { version = "0.26.4", default-features = false }
dcap-qvl = { git = "https://github.com/Phala-Network/dcap-qvl.git", rev = "f1dcc65371e941a7b83e3234833d23a1fb232ab1" }
dcap-qvl = "0.5.2"
pccs = { path = "crates/pccs" }
17 changes: 7 additions & 10 deletions crates/attestation/src/azure/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -663,16 +663,13 @@ mod test_utils {

let quote_bytes = BASE64_URL_SAFE.decode(&attestation_document.tdx_quote_base64).unwrap();
let quote = dcap_qvl::quote::Quote::parse(&quote_bytes).unwrap();
let ca = quote.ca().unwrap();
let fmspc = hex::encode_upper(quote.fmspc().unwrap());
let collateral = dcap_qvl::collateral::get_collateral_for_fmspc(
PCS_URL,
fmspc.clone(),
ca,
false, // TDX, not SGX.
)
.await
.unwrap();
let ca = dcap_qvl::intel::quote_ca(&quote).unwrap().as_id_str();
let fmspc = hex::encode_upper(dcap_qvl::intel::quote_fmspc(&quote).unwrap());
let collateral = dcap_qvl::collateral::CollateralClient::with_default_http(PCS_URL)
.unwrap()
.fetch_for_fmspc_without_pck_chain(&fmspc, ca, false)
.await
.unwrap();

let timestamp =
std::time::SystemTime::now().duration_since(std::time::UNIX_EPOCH).unwrap().as_secs();
Expand Down
31 changes: 14 additions & 17 deletions crates/attestation/src/dcap.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@
//! verification
use dcap_qvl::{
QuoteCollateralV3,
collateral::get_collateral_for_fmspc,
collateral::CollateralClient,
intel::{quote_ca, quote_fmspc},
quote::{Quote, Report},
tcb_info::TcbInfo,
};
Expand Down Expand Up @@ -87,8 +88,8 @@ pub fn verify_dcap_attestation_with_timestamp_sync(
) -> Result<MultiMeasurements, DcapVerificationError> {
let quote = Quote::parse(&input)?;

let ca = quote.ca()?;
let fmspc = hex::encode_upper(quote.fmspc()?);
let ca = quote_ca(&quote)?.as_id_str();
let fmspc = hex::encode_upper(quote_fmspc(&quote)?);

let collateral = if let Some(given_collateral) = collateral {
given_collateral
Expand Down Expand Up @@ -121,22 +122,18 @@ pub async fn verify_dcap_attestation_with_given_timestamp(
) -> Result<MultiMeasurements, DcapVerificationError> {
let quote = Quote::parse(&input)?;

let ca = quote.ca()?;
let fmspc = hex::encode_upper(quote.fmspc()?);
let ca = quote_ca(&quote)?.as_id_str();
let fmspc = hex::encode_upper(quote_fmspc(&quote)?);

let collateral = if let Some(given_collateral) = collateral {
given_collateral
} else if let Some(ref pccs) = pccs_option {
let (collateral, _is_fresh) = pccs.get_collateral(fmspc.clone(), ca, now).await?;
collateral
} else {
get_collateral_for_fmspc(
PCS_URL,
fmspc.clone(),
ca,
false, // Indicates not SGX
)
.await?
CollateralClient::with_default_http(PCS_URL)?
.fetch_for_fmspc_without_pck_chain(&fmspc, ca, false)
.await?
};

verify_dcap_attestation_with_collateral_and_timestamp(
Expand All @@ -159,7 +156,7 @@ fn verify_dcap_attestation_with_collateral_and_timestamp(
) -> Result<MultiMeasurements, DcapVerificationError> {
tracing::info!("Verifying DCAP attestation: {quote:?}");

let fmspc = hex::encode_upper(quote.fmspc()?);
let fmspc = hex::encode_upper(quote_fmspc(&quote)?);

// Override outdated TCB only if we are on Azure and the FMSPC is known to
// be outdated
Expand Down Expand Up @@ -211,8 +208,8 @@ pub async fn verify_dcap_attestation(
pccs: Option<Pccs>,
) -> Result<MultiMeasurements, DcapVerificationError> {
let quote = Quote::parse(&input)?;
let ca = quote.ca()?;
let fmspc = hex::encode_upper(quote.fmspc()?);
let ca = quote_ca(&quote)?.as_id_str();
let fmspc = hex::encode_upper(quote_fmspc(&quote)?);
let now = std::time::SystemTime::now().duration_since(std::time::UNIX_EPOCH)?.as_secs();
let collateral = if let Some(ref pccs) = pccs {
let (collateral, _is_fresh) = pccs.get_collateral(fmspc, ca, now).await?;
Expand All @@ -238,8 +235,8 @@ pub fn verify_dcap_attestation_sync(
pccs: Pccs,
) -> Result<MultiMeasurements, DcapVerificationError> {
let quote = Quote::parse(&input)?;
let ca = quote.ca()?;
let fmspc = hex::encode_upper(quote.fmspc()?);
let ca = quote_ca(&quote)?.as_id_str();
let fmspc = hex::encode_upper(quote_fmspc(&quote)?);
let now = std::time::SystemTime::now().duration_since(std::time::UNIX_EPOCH)?.as_secs();
let collateral = pccs.get_collateral_sync(fmspc, ca, now)?;
let verifier = mock_tdx::mock_dcap_verifier();
Expand Down
58 changes: 29 additions & 29 deletions crates/mock-tdx/assets/mock-dcap-collateral.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ pck_crl_issuer_chain: |
U3LfYiHqOhN1V+Rz/dtnVfBb1QfDxTP86ckShaNjMGEwHwYDVR0jBBgwFoAUdoBa
Y6aYDBgHVCShPzJ3LQLXxxswDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBS/y6K3
QqgHu7crUi+kaUxGBP9o6zAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0kA
MEYCIQCvhCZKzOyaNkad7y1vBE4SKtT8nRZqCx/Y82ugmDoAjgIhAIs/9uHaNmOD
Uip8B/h+JVgIm8FoNs5EOc5D/PkyoEKk
MEYCIQD89W1J6retVRfhlatWf1dGo2eGTeNLt0boodhEQWsh0gIhALy/gS3FYKvW
uGlyLQIAgkmXdONSk3Zr/9KWsRlUzSZ3
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIBjDCCATKgAwIBAgIBATAKBggqhkjOPQQDAjAdMRswGQYDVQQDDBJNb2NrIElu
Expand All @@ -17,14 +17,14 @@ pck_crl_issuer_chain: |
BwNCAAQCF+YX8LZEOSgnj5aZnmmiOk8sFSvfbWzfZuW4AoLU7RlKfevLl3EtLdo8
qFqodlpW9F/HWFmWUvKJfGUwbleUo2MwYTAfBgNVHSMEGDAWgBR2gFpjppgMGAdU
JKE/MnctAtfHGzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFHaAWmOmmAwYB1Qk
oT8ydy0C18cbMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhANOM
o5zM6NZ93Iewr2S2g0MiM+6mMJaJNDfY5pXp82amAiBXJ1pB709SgQCgRmICY6GJ
LsG1gRFnBX+0dG80hRXdPA==
oT8ydy0C18cbMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAIwO
8YQHeXcarVp8UjFEbRCISwPyngJ86p4X2rr6XyGzAiBexJXkCBh/H7vmk4Jicih9
5iKbc/dtGsAlXBmRNaN6rg==
-----END CERTIFICATE-----
root_ca_crl: >-
3081d5307d020101300a06082a8648ce3d040302301d311b301906035504030c124d6f636b20496e74656c20526f6f74204341170d3235303130313030303030305a170d3435303130313030303030305aa02f302d301f0603551d2304183016801476805a63a6980c18075424a13f32772d02d7c71b300a0603551d140403020101300a06082a8648ce3d0403020348003045022034caddb53533343cde3c792b6a4457ce1685d07fda266591d276774ace219a3f022100a26423311d592db905ef49ab329ffce8b1ef4e0e0fd05b56f4085789038b035b
3081d4307d020101300a06082a8648ce3d040302301d311b301906035504030c124d6f636b20496e74656c20526f6f74204341170d3235303130313030303030305a170d3435303130313030303030305aa02f302d301f0603551d2304183016801476805a63a6980c18075424a13f32772d02d7c71b300a0603551d140403020101300a06082a8648ce3d040302034700304402206882efeeaaeaf781785bc9ce78adf44c1300c20a70ef771ea24527226cc0ea9b02202abf57f738870145387f777edacdfc39eb777e5babb279f1b696c4f35d389853
pck_crl: >-
3081dc308184020101300a06082a8648ce3d04030230243122302006035504030c194d6f636b20496e74656c20544342205369676e696e67204341170d3235303130313030303030305a170d3435303130313030303030305aa02f302d301f0603551d23041830168014bfcba2b742a807bbb72b522fa4694c4604ff68eb300a0603551d140403020102300a06082a8648ce3d040302034700304402205062b6aee1fea13dea47a816f419df3da4af7f71a2a98887d027c72d983366f2022030f8baae33ab09b7d9826ad238761e6e365079671d1e1cb31ee1e339d8da4249
3081dc308184020101300a06082a8648ce3d04030230243122302006035504030c194d6f636b20496e74656c20544342205369676e696e67204341170d3235303130313030303030305a170d3435303130313030303030305aa02f302d301f0603551d23041830168014bfcba2b742a807bbb72b522fa4694c4604ff68eb300a0603551d140403020102300a06082a8648ce3d040302034700304402201d3c43e36db05a848e7839f43f86246c618a7860318b1ce0484d692eda71b79602202aac417042ae47d9cb6a7b19a4649e46ef6c1434aa1160f3f60eea1989c59a00
tcb_info_issuer_chain: |
-----BEGIN CERTIFICATE-----
MIIBlzCCATygAwIBAgIBAzAKBggqhkjOPQQDAjAkMSIwIAYDVQQDDBlNb2NrIElu
Expand All @@ -34,8 +34,8 @@ tcb_info_issuer_chain: |
EFInErC1p8/wgWhUhphKlOaDHtrEbnNg+p2DSnqBoaNjMGEwHwYDVR0jBBgwFoAU
v8uit0KoB7u3K1IvpGlMRgT/aOswDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBST
7j5t5QAoWFiJAKg4c8ROKT5hpTAPBgNVHRMBAf8EBTADAQEAMAoGCCqGSM49BAMC
A0kAMEYCIQCAhGx8v+2u1fXhC8xMtzeouG654iUvC684nd3q7TBHMwIhAKqvK38E
Mu8JWo589cyxCqsAErRhSodsqUcW/MyDC0hL
A0kAMEYCIQDi3oq/vQ4ZQD8i6MFGb/STIjwx7v8fX3xGmj5jHtGAWwIhAJ+sKdZe
fTxpwah87AqNRNKOue0fCesiwV1KWYSFcrMB
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIBlDCCATmgAwIBAgIBAjAKBggqhkjOPQQDAjAdMRswGQYDVQQDDBJNb2NrIElu
Expand All @@ -45,8 +45,8 @@ tcb_info_issuer_chain: |
U3LfYiHqOhN1V+Rz/dtnVfBb1QfDxTP86ckShaNjMGEwHwYDVR0jBBgwFoAUdoBa
Y6aYDBgHVCShPzJ3LQLXxxswDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBS/y6K3
QqgHu7crUi+kaUxGBP9o6zAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0kA
MEYCIQCvhCZKzOyaNkad7y1vBE4SKtT8nRZqCx/Y82ugmDoAjgIhAIs/9uHaNmOD
Uip8B/h+JVgIm8FoNs5EOc5D/PkyoEKk
MEYCIQD89W1J6retVRfhlatWf1dGo2eGTeNLt0boodhEQWsh0gIhALy/gS3FYKvW
uGlyLQIAgkmXdONSk3Zr/9KWsRlUzSZ3
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIBjDCCATKgAwIBAgIBATAKBggqhkjOPQQDAjAdMRswGQYDVQQDDBJNb2NrIElu
Expand All @@ -55,13 +55,13 @@ tcb_info_issuer_chain: |
BwNCAAQCF+YX8LZEOSgnj5aZnmmiOk8sFSvfbWzfZuW4AoLU7RlKfevLl3EtLdo8
qFqodlpW9F/HWFmWUvKJfGUwbleUo2MwYTAfBgNVHSMEGDAWgBR2gFpjppgMGAdU
JKE/MnctAtfHGzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFHaAWmOmmAwYB1Qk
oT8ydy0C18cbMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhANOM
o5zM6NZ93Iewr2S2g0MiM+6mMJaJNDfY5pXp82amAiBXJ1pB709SgQCgRmICY6GJ
LsG1gRFnBX+0dG80hRXdPA==
oT8ydy0C18cbMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAIwO
8YQHeXcarVp8UjFEbRCISwPyngJ86p4X2rr6XyGzAiBexJXkCBh/H7vmk4Jicih9
5iKbc/dtGsAlXBmRNaN6rg==
-----END CERTIFICATE-----
tcb_info: "{\"id\":\"TDX\",\"version\":3,\"issueDate\":\"2025-01-01T00:00:00Z\",\"nextUpdate\":\"2045-01-01T00:00:00Z\",\"fmspc\":\"00906EA10000\",\"pceId\":\"0000\",\"tcbType\":0,\"tcbEvaluationDataNumber\":1,\"tcbLevels\":[{\"tcb\":{\"sgxtcbcomponents\":[{\"svn\":11},{\"svn\":11},{\"svn\":2},{\"svn\":2},{\"svn\":255},{\"svn\":1},{\"svn\":0},{\"svn\":0},{\"svn\":0},{\"svn\":0},{\"svn\":0},{\"svn\":0},{\"svn\":0},{\"svn\":0},{\"svn\":0},{\"svn\":0}],\"tdxtcbcomponents\":[{\"svn\":1},{\"svn\":1},{\"svn\":1},{\"svn\":1},{\"svn\":1},{\"svn\":1},{\"svn\":1},{\"svn\":1},{\"svn\":1},{\"svn\":1},{\"svn\":1},{\"svn\":1},{\"svn\":1},{\"svn\":1},{\"svn\":1},{\"svn\":1}],\"pcesvn\":13},\"tcbDate\":\"2025-01-01T00:00:00Z\",\"tcbStatus\":\"UpToDate\",\"advisoryIDs\":[]}]}"
tcb_info: "{\"id\":\"TDX\",\"version\":3,\"issueDate\":\"2025-01-01T00:00:00Z\",\"nextUpdate\":\"2045-01-01T00:00:00Z\",\"fmspc\":\"00906EA10000\",\"pceId\":\"0000\",\"tcbType\":0,\"tcbEvaluationDataNumber\":1,\"tcbLevels\":[{\"tcb\":{\"sgxtcbcomponents\":[{\"svn\":11},{\"svn\":11},{\"svn\":2},{\"svn\":2},{\"svn\":255},{\"svn\":1},{\"svn\":0},{\"svn\":0},{\"svn\":0},{\"svn\":0},{\"svn\":0},{\"svn\":0},{\"svn\":0},{\"svn\":0},{\"svn\":0},{\"svn\":0}],\"tdxtcbcomponents\":[{\"svn\":1},{\"svn\":1},{\"svn\":1},{\"svn\":1},{\"svn\":1},{\"svn\":1},{\"svn\":1},{\"svn\":1},{\"svn\":1},{\"svn\":1},{\"svn\":1},{\"svn\":1},{\"svn\":1},{\"svn\":1},{\"svn\":1},{\"svn\":1}],\"pcesvn\":13},\"tcbDate\":\"2025-01-01T00:00:00Z\",\"tcbStatus\":\"UpToDate\",\"advisoryIDs\":[]}],\"tdxModule\":{\"mrsigner\":\"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\",\"attributes\":\"0000000000000000\",\"attributesMask\":\"FFFFFFFFFFFFFFFF\"},\"tdxModuleIdentities\":[]}"
tcb_info_signature: >-
81deffe35b79b7d7cfa1b4f7a62cf2f661f7d47c1d53838f8c48199ebbd14af77605f8a9bf060aafc48624a5a70be20307bb9e622345fd59f40966967ff1bce1
4bdc0625ab48e3bdd7b3c93b03151ceef35472640bb4741cc0aa327e2c0277c8771a7961c476f5a87aded364546bd6ff803b0c2a1a48a2c5867afc59b610d324
qe_identity_issuer_chain: |
-----BEGIN CERTIFICATE-----
MIIBlzCCATygAwIBAgIBAzAKBggqhkjOPQQDAjAkMSIwIAYDVQQDDBlNb2NrIElu
Expand All @@ -71,8 +71,8 @@ qe_identity_issuer_chain: |
EFInErC1p8/wgWhUhphKlOaDHtrEbnNg+p2DSnqBoaNjMGEwHwYDVR0jBBgwFoAU
v8uit0KoB7u3K1IvpGlMRgT/aOswDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBST
7j5t5QAoWFiJAKg4c8ROKT5hpTAPBgNVHRMBAf8EBTADAQEAMAoGCCqGSM49BAMC
A0kAMEYCIQCAhGx8v+2u1fXhC8xMtzeouG654iUvC684nd3q7TBHMwIhAKqvK38E
Mu8JWo589cyxCqsAErRhSodsqUcW/MyDC0hL
A0kAMEYCIQDi3oq/vQ4ZQD8i6MFGb/STIjwx7v8fX3xGmj5jHtGAWwIhAJ+sKdZe
fTxpwah87AqNRNKOue0fCesiwV1KWYSFcrMB
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIBlDCCATmgAwIBAgIBAjAKBggqhkjOPQQDAjAdMRswGQYDVQQDDBJNb2NrIElu
Expand All @@ -82,8 +82,8 @@ qe_identity_issuer_chain: |
U3LfYiHqOhN1V+Rz/dtnVfBb1QfDxTP86ckShaNjMGEwHwYDVR0jBBgwFoAUdoBa
Y6aYDBgHVCShPzJ3LQLXxxswDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBS/y6K3
QqgHu7crUi+kaUxGBP9o6zAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0kA
MEYCIQCvhCZKzOyaNkad7y1vBE4SKtT8nRZqCx/Y82ugmDoAjgIhAIs/9uHaNmOD
Uip8B/h+JVgIm8FoNs5EOc5D/PkyoEKk
MEYCIQD89W1J6retVRfhlatWf1dGo2eGTeNLt0boodhEQWsh0gIhALy/gS3FYKvW
uGlyLQIAgkmXdONSk3Zr/9KWsRlUzSZ3
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIBjDCCATKgAwIBAgIBATAKBggqhkjOPQQDAjAdMRswGQYDVQQDDBJNb2NrIElu
Expand All @@ -92,9 +92,9 @@ qe_identity_issuer_chain: |
BwNCAAQCF+YX8LZEOSgnj5aZnmmiOk8sFSvfbWzfZuW4AoLU7RlKfevLl3EtLdo8
qFqodlpW9F/HWFmWUvKJfGUwbleUo2MwYTAfBgNVHSMEGDAWgBR2gFpjppgMGAdU
JKE/MnctAtfHGzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFHaAWmOmmAwYB1Qk
oT8ydy0C18cbMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhANOM
o5zM6NZ93Iewr2S2g0MiM+6mMJaJNDfY5pXp82amAiBXJ1pB709SgQCgRmICY6GJ
LsG1gRFnBX+0dG80hRXdPA==
oT8ydy0C18cbMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAIwO
8YQHeXcarVp8UjFEbRCISwPyngJ86p4X2rr6XyGzAiBexJXkCBh/H7vmk4Jicih9
5iKbc/dtGsAlXBmRNaN6rg==
-----END CERTIFICATE-----
qe_identity: "{\"id\":\"TD_QE\",\"version\":2,\"issueDate\":\"2025-01-01T00:00:00Z\",\"nextUpdate\":\"2045-01-01T00:00:00Z\",\"tcbEvaluationDataNumber\":1,\"miscselect\":\"00000000\",\"miscselectMask\":\"FFFFFFFF\",\"attributes\":\"00000000000000000000000000000000\",\"attributesMask\":\"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF\",\"mrsigner\":\"5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A\",\"isvprodid\":2,\"tcbLevels\":[{\"tcb\":{\"isvsvn\":11},\"tcbDate\":\"2025-01-01T00:00:00Z\",\"tcbStatus\":\"UpToDate\",\"advisoryIDs\":[]}]}"
qe_identity_signature: >-
Expand All @@ -117,9 +117,9 @@ pck_certificate_chain: |
MBAGCyqGSIb4TQENAQIOAgEAMBAGCyqGSIb4TQENAQIPAgEAMBAGCyqGSIb4TQEN
AQIQAgEAMBAGCyqGSIb4TQENAQIRAgENMB8GCyqGSIb4TQENAQISBBALCwIC/wEA
AAAAAAAAAAAAMBAGCiqGSIb4TQENAQMEAgAAMBQGCiqGSIb4TQENAQQEBgCQbqEA
ADAPBgoqhkiG+E0BDQEFCgEAMAoGCCqGSM49BAMCA0gAMEUCID830FZbEZLj3Zwv
+45GtB9pkIWKWgKXr/582kNwIagiAiEAttIFwEKZhgyjPIWgQsa0g31aUvKgtl31
9CfxzKBt/Qs=
ADAPBgoqhkiG+E0BDQEFCgEAMAoGCCqGSM49BAMCA0gAMEUCIGBFEVX91x8zqkUb
cslsijmXtQ4gQu+q5Tz34a2dh9bYAiEAmOWX5gciKT5b4ZoGC7Eou+FRAGBpg5rB
42O85NOsLgg=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIBjDCCATKgAwIBAgIBATAKBggqhkjOPQQDAjAdMRswGQYDVQQDDBJNb2NrIElu
Expand All @@ -128,7 +128,7 @@ pck_certificate_chain: |
BwNCAAQCF+YX8LZEOSgnj5aZnmmiOk8sFSvfbWzfZuW4AoLU7RlKfevLl3EtLdo8
qFqodlpW9F/HWFmWUvKJfGUwbleUo2MwYTAfBgNVHSMEGDAWgBR2gFpjppgMGAdU
JKE/MnctAtfHGzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFHaAWmOmmAwYB1Qk
oT8ydy0C18cbMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhANOM
o5zM6NZ93Iewr2S2g0MiM+6mMJaJNDfY5pXp82amAiBXJ1pB709SgQCgRmICY6GJ
LsG1gRFnBX+0dG80hRXdPA==
oT8ydy0C18cbMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAIwO
8YQHeXcarVp8UjFEbRCISwPyngJ86p4X2rr6XyGzAiBexJXkCBh/H7vmk4Jicih9
5iKbc/dtGsAlXBmRNaN6rg==
-----END CERTIFICATE-----
12 changes: 6 additions & 6 deletions crates/mock-tdx/assets/mock-pck-chain.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,9 @@ SIb4TQENAQILAgEAMBAGCyqGSIb4TQENAQIMAgEAMBAGCyqGSIb4TQENAQINAgEA
MBAGCyqGSIb4TQENAQIOAgEAMBAGCyqGSIb4TQENAQIPAgEAMBAGCyqGSIb4TQEN
AQIQAgEAMBAGCyqGSIb4TQENAQIRAgENMB8GCyqGSIb4TQENAQISBBALCwIC/wEA
AAAAAAAAAAAAMBAGCiqGSIb4TQENAQMEAgAAMBQGCiqGSIb4TQENAQQEBgCQbqEA
ADAPBgoqhkiG+E0BDQEFCgEAMAoGCCqGSM49BAMCA0gAMEUCID830FZbEZLj3Zwv
+45GtB9pkIWKWgKXr/582kNwIagiAiEAttIFwEKZhgyjPIWgQsa0g31aUvKgtl31
9CfxzKBt/Qs=
ADAPBgoqhkiG+E0BDQEFCgEAMAoGCCqGSM49BAMCA0gAMEUCIGBFEVX91x8zqkUb
cslsijmXtQ4gQu+q5Tz34a2dh9bYAiEAmOWX5gciKT5b4ZoGC7Eou+FRAGBpg5rB
42O85NOsLgg=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIBjDCCATKgAwIBAgIBATAKBggqhkjOPQQDAjAdMRswGQYDVQQDDBJNb2NrIElu
Expand All @@ -26,7 +26,7 @@ GQYDVQQDDBJNb2NrIEludGVsIFJvb3QgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMB
BwNCAAQCF+YX8LZEOSgnj5aZnmmiOk8sFSvfbWzfZuW4AoLU7RlKfevLl3EtLdo8
qFqodlpW9F/HWFmWUvKJfGUwbleUo2MwYTAfBgNVHSMEGDAWgBR2gFpjppgMGAdU
JKE/MnctAtfHGzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFHaAWmOmmAwYB1Qk
oT8ydy0C18cbMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhANOM
o5zM6NZ93Iewr2S2g0MiM+6mMJaJNDfY5pXp82amAiBXJ1pB709SgQCgRmICY6GJ
LsG1gRFnBX+0dG80hRXdPA==
oT8ydy0C18cbMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAIwO
8YQHeXcarVp8UjFEbRCISwPyngJ86p4X2rr6XyGzAiBexJXkCBh/H7vmk4Jicih9
5iKbc/dtGsAlXBmRNaN6rg==
-----END CERTIFICATE-----
Binary file modified crates/mock-tdx/assets/mock-root-ca.der
View file
Open in desktop
Binary file not shown.
13 changes: 6 additions & 7 deletions crates/mock-tdx/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
pub mod mock_pcs;

#[cfg(test)]
use dcap_qvl::intel::{quote_ca, quote_fmspc};
use dcap_qvl::{
QuoteCollateralV3,
quote::{
Expand Down Expand Up @@ -85,10 +87,7 @@ pub const MOCK_RTMR3: [u8; 48] = [0x80; 48];

/// Get a DCAP quote verifier with the mock PCK root-of-trust
pub fn mock_dcap_verifier() -> dcap_qvl::verify::QuoteVerifier {
dcap_qvl::verify::QuoteVerifier::new(
EMBEDDED_ROOT_CA_DER.to_vec(),
dcap_qvl::verify::rustcrypto::backend(),
)
dcap_qvl::verify::QuoteVerifier::new(EMBEDDED_ROOT_CA_DER.to_vec())
}

/// Get mock collateral for verifying generated mock quotes
Expand Down Expand Up @@ -257,8 +256,8 @@ mod tests {

let collateral = mock_collateral();
let tcb_info: TcbInfo = serde_json::from_str(&collateral.tcb_info).unwrap();
assert_eq!(hex::encode_upper(quote.fmspc().unwrap()), tcb_info.fmspc);
assert_eq!(quote.ca().unwrap(), "processor");
assert_eq!(hex::encode_upper(quote_fmspc(&quote).unwrap()), tcb_info.fmspc);
assert_eq!(quote_ca(&quote).unwrap().as_id_str(), "processor");

let verifier = mock_dcap_verifier();
let verified = verifier.verify(&quote_bytes, &collateral, FIXTURE_TIME).unwrap();
Expand Down Expand Up @@ -296,7 +295,7 @@ mod tests {

let quote_bytes = generate_mock_tdx_quote([0xEF; 64]).unwrap();
let quote = Quote::parse(&quote_bytes).unwrap();
assert_eq!(hex::encode_upper(quote.fmspc().unwrap()), tcb_info.fmspc);
assert_eq!(hex::encode_upper(quote_fmspc(&quote).unwrap()), tcb_info.fmspc);
assert_eq!(quote.header.pce_svn, tcb_info.tcb_levels[0].tcb.pce_svn);

verifier.verify(&quote_bytes, &collateral, FIXTURE_TIME).unwrap();
Expand Down
8 changes: 7 additions & 1 deletion crates/mock-tdx/src/main.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ use std::{
use dcap_qvl::{
QuoteCollateralV3,
intel::{PckExtension, parse_pck_extension},
tcb_info::{Tcb, TcbComponents, TcbInfo, TcbLevel, TcbStatus},
tcb_info::{Tcb, TcbComponents, TcbInfo, TcbLevel, TcbStatus, TdxModule},
};
use p256::{
SecretKey,
Expand Down Expand Up @@ -277,6 +277,12 @@ fn mock_tcb_info(
tcb_status: TcbStatus::UpToDate,
advisory_ids: Vec::new(),
}],
tdx_module: Some(TdxModule {
mrsigner: "00".repeat(48),
attributes: "00".repeat(8),
attributes_mask: "FF".repeat(8),
}),
tdx_module_identities: Vec::new(),
}
}

Expand Down
11 changes: 5 additions & 6 deletions crates/pccs/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ use std::{
time::{SystemTime, UNIX_EPOCH},
};

use dcap_qvl::{QuoteCollateralV3, collateral::get_collateral_for_fmspc, tcb_info::TcbInfo};
use dcap_qvl::{QuoteCollateralV3, collateral::CollateralClient, tcb_info::TcbInfo};
use thiserror::Error;
use time::{OffsetDateTime, format_description::well_known::Rfc3339};
use tokio::{
Expand Down Expand Up @@ -424,11 +424,10 @@ async fn fetch_collateral(
fmspc: String,
ca: &'static str,
) -> Result<QuoteCollateralV3, PccsError> {
get_collateral_for_fmspc(
url, fmspc, ca, false, // Indicates not SGX
)
.await
.map_err(Into::into)
CollateralClient::with_default_http(url)?
.fetch_for_fmspc_without_pck_chain(&fmspc, ca, false)
.await
.map_err(Into::into)
}

/// Extracts the earliest next update timestamp from collateral metadata
Expand Down
Loading