@@ -24,73 +24,45 @@ pub async fn verify_dcap_attestation(
2424 expected_input_data : [ u8 ; 64 ] ,
2525 pccs_url : Option < String > ,
2626) -> Result < MultiMeasurements , DcapVerificationError > {
27- let measurements = if !cfg ! ( not( test) ) {
28- let now = std:: time:: SystemTime :: now ( )
29- . duration_since ( std:: time:: UNIX_EPOCH ) ?
30- . as_secs ( ) ;
31- let quote = Quote :: parse ( & input) ?;
32- tracing:: info!( "Verifying DCAP attestation: {quote:?}" ) ;
33-
34- let ca = quote. ca ( ) ?;
35- let fmspc = hex:: encode_upper ( quote. fmspc ( ) ?) ;
36- let mut collateral = get_collateral_for_fmspc (
37- & pccs_url. clone ( ) . unwrap_or ( PCS_URL . to_string ( ) ) ,
38- fmspc,
39- ca,
40- false , // Indicates not SGX
41- )
42- . await ?;
43-
44- println ! ( "tcb info {:?}" , collateral. tcb_info) ;
45- let mut tcb_info: TcbInfo = serde_json:: from_str ( & collateral. tcb_info ) . unwrap ( ) ;
46-
47- let tcb_levels = tcb_info
48- . tcb_levels
49- . into_iter ( )
50- . map ( |mut tcb_level| {
51- if & tcb_level. tcb_status == "UpToDate" {
52- if tcb_level. tcb . sgx_components [ 7 ] . svn > 3 {
53- tracing:: warn!(
54- "Overriding tcb info to allow outdated Azure v6 SEAM loader"
55- ) ;
56- println ! ( "modifying!" ) ;
57- tcb_level. tcb . sgx_components [ 7 ] . svn = 3 ;
58- }
59- tcb_level
60- } else {
61- tcb_level
62- }
63- } )
64- . collect :: < Vec < _ > > ( ) ;
65-
66- tcb_info. tcb_levels = tcb_levels;
67-
68- let tcb_info_json = serde_json:: to_string ( & tcb_info) . unwrap ( ) ;
69- // collateral.tcb_info = tcb_info_json;
70-
71- println ! ( "tcb info {:?}" , collateral. tcb_info) ;
72-
73- let _verified_report = dcap_qvl:: verify:: verify ( & input, & collateral, now) ?;
27+ let now = std:: time:: SystemTime :: now ( )
28+ . duration_since ( std:: time:: UNIX_EPOCH ) ?
29+ . as_secs ( ) ;
30+ let quote = Quote :: parse ( & input) ?;
31+ tracing:: info!( "Verifying DCAP attestation: {quote:?}" ) ;
32+
33+ let ca = quote. ca ( ) ?;
34+ let fmspc = hex:: encode_upper ( quote. fmspc ( ) ?) ;
35+ let mut collateral = get_collateral_for_fmspc (
36+ & pccs_url. clone ( ) . unwrap_or ( PCS_URL . to_string ( ) ) ,
37+ fmspc,
38+ ca,
39+ false , // Indicates not SGX
40+ )
41+ . await ?;
7442
75- let measurements = MultiMeasurements :: from_dcap_qvl_quote ( & quote ) ?;
43+ let _verified_report = dcap_qvl :: verify :: verify ( & input , & collateral , now ) ?;
7644
77- if get_quote_input_data ( quote. report ) != expected_input_data {
78- return Err ( DcapVerificationError :: InputMismatch ) ;
79- }
80- measurements
81- } else {
82- // In tests we use mock quotes which will fail to verify
83- let quote = tdx_quote:: Quote :: from_bytes ( & input) ?;
84- if quote. report_input_data ( ) != expected_input_data {
85- return Err ( DcapVerificationError :: InputMismatch ) ;
86- }
45+ let measurements = MultiMeasurements :: from_dcap_qvl_quote ( & quote) ?;
8746
88- MultiMeasurements :: from_tdx_quote ( & quote)
89- } ;
47+ if get_quote_input_data ( quote. report ) != expected_input_data {
48+ return Err ( DcapVerificationError :: InputMismatch ) ;
49+ }
9050
9151 Ok ( measurements)
9252}
9353
54+ pub fn mock_verify_dcap (
55+ input : Vec < u8 > ,
56+ expected_input_data : [ u8 ; 64 ] ,
57+ ) -> Result < MultiMeasurements , DcapVerificationError > {
58+ // In tests we use mock quotes which will fail to verify
59+ let quote = tdx_quote:: Quote :: from_bytes ( & input) ?;
60+ if quote. report_input_data ( ) != expected_input_data {
61+ return Err ( DcapVerificationError :: InputMismatch ) ;
62+ }
63+ Ok ( MultiMeasurements :: from_tdx_quote ( & quote) )
64+ }
65+
9466/// Create a mock quote for testing on non-confidential hardware
9567#[ cfg( test) ]
9668fn generate_quote ( input : [ u8 ; 64 ] ) -> Result < Vec < u8 > , QuoteGenerationError > {
0 commit comments