From 8ff843fad74523a40d15a18574f4683dab26239e Mon Sep 17 00:00:00 2001 From: Nick Santana Date: Fri, 21 Jul 2023 13:37:15 -0700 Subject: [PATCH] Use `ConfigId` from `mc-sgx-core-types` Previously the `ConfigId` was defined in `mc-attest-core`. Now the `ConfigId` from `mc-sgx-core-types` is used. --- attest/core/data/test/quote_ok_str.txt | 2 +- attest/core/src/lib.rs | 14 ++++---- attest/core/src/report.rs | 2 +- attest/core/src/types.rs | 1 - attest/core/src/types/config_id.rs | 40 --------------------- attest/core/src/types/report_body.rs | 49 +++++++++----------------- attest/verifier/src/lib.rs | 2 +- attest/verifier/src/report_body.rs | 2 +- 8 files changed, 29 insertions(+), 83 deletions(-) delete mode 100644 attest/core/src/types/config_id.rs diff --git a/attest/core/data/test/quote_ok_str.txt b/attest/core/data/test/quote_ok_str.txt index 8a9019e408..92a80dc578 100644 --- a/attest/core/data/test/quote_ok_str.txt +++ b/attest/core/data/test/quote_ok_str.txt @@ -1 +1 @@ -Quote: { version: 2, sign_type: Unlinkable, epid_group_id: 00000b4d, qe_svn: 8, pce_svn: 7, xeid: 0, basename: Basename(b6b3ee840b3fb5a6a2b14c54221aab6aad6bd3cd49db38f2b12d2c37b8943eda), report_body: ReportBody: { cpu_svn: CpuSecurityVersion(0808ffffff0201000000000000000000), misc_select: 0, isv_ext_prod_id: ExtendedProductId(00000000000000000000000000000000), attributes: Attributes(sgx_attributes_t { flags: 7, xfrm: 7 }), mr_enclave: MrEnclave(973140462e17d2f523511d798061eae3e8282b884ee078de91c99d833f559bbc), mr_signer: MrSigner(7ee5e29d74623fdbc6fbf1454be6f3bb0b86c12366b7b478ad13353e44de8411), config_id: ConfigId(00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000), isv_prod_id: 0, isv_svn: IsvSvn(0), config_svn: 0, isv_family_id: FamilyId(00000000000000000000000000000000), report_data: ReportData(sgx_report_data_t { d: [231, 160, 220, 27, 37, 176, 225, 77, 21, 108, 159, 18, 130, 15, 61, 34, 104, 25, 253, 104, 242, 55, 106, 203, 247, 61, 64, 28, 149, 154, 85, 144, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] }) }, signature_len: 680, signature: Some(146c25c134df61f2f55fbba368333e1c77b3524f483212f90b89d6432a21ab2adcfdbeaeb816bdb7a988a67b502c92e7b4a683b88df6ffc649d24e75d61dbfcf8aa09e22da5fb84b24fa1908f8d338277bbf8dc3c6e060ace551b7eaf2d3fdbbfc38905d0ed9d4cd28657f07ce4d5ba9e405a597c534484b4e38c54d5f9a7bcc602373f96a2962c51b60162b28c30d8a374d12f3f46ec5970699c39e8e7a3527443c65cd56abf0ad1153426e0ba32edf84070f2bfa3a32a7463bcdaec0c46ce9337899c1399e68b04ed36409c49bddd2db2bfc40ff7a1b281e2c4fa9607c678ffa4f7a7d93cfd4610047eeb62755861240eed273158c33dd17f539d248a1b3a197d986f9c52d43a246060a6a3bff21e971d82f1bfec654b31265f0e980a54a29e2ba8aca6bffe27668dd21a268010000d46a0dc1ffc4986b994b0b6efd610637d7b22bf21888c6296a9a538cadb8ac5d8f4156ac01db17579b90acd4e130f5865373a84d2ea131ee4f326d169d41d1b552daaa4c514c8ae1245185bccf4f4c9b6b5f3e3cec93216cd1ae023f03155fbf05ff0701b7fadd29a1f097318b9ba2a416e86d3131859c7aea45c58cda4a5a6fa833eabcf0a520d7342d514dbd5c9fa85ed89d8e85342a3b6f1bc1144c11102cd6409e9e93ee672ebffed9b17b0e766a9556ff0bc0da5baac91de39d1deacc35e4036795bd5ebfe7c2e8392921757f2355fdb5ff0c3d6885712cf399d0598a95df36ea34f10f3e4906043d913449d24e12228583d0713aed8a54c530cdc4c28acfc916fe7ba96be700ed2eccb3ba6874a1badd2a1ef80bac9169305666b33091f8ad935e31d3ed33251642787b161e0322d891e3a1fa171251783b61b3b33e5dffaba9010ee33e445840e0e493799d7281a681d86b1afd05cfd90b2eaf0584bccf7eefe5d9747a2e52a0e5c7a0a5d2ff1f1af590d7064abd) } \ No newline at end of file +Quote: { version: 2, sign_type: Unlinkable, epid_group_id: 00000b4d, qe_svn: 8, pce_svn: 7, xeid: 0, basename: Basename(b6b3ee840b3fb5a6a2b14c54221aab6aad6bd3cd49db38f2b12d2c37b8943eda), report_body: ReportBody: { cpu_svn: CpuSecurityVersion(0808ffffff0201000000000000000000), misc_select: 0, isv_ext_prod_id: ExtendedProductId(00000000000000000000000000000000), attributes: Attributes(sgx_attributes_t { flags: 7, xfrm: 7 }), mr_enclave: MrEnclave(973140462e17d2f523511d798061eae3e8282b884ee078de91c99d833f559bbc), mr_signer: MrSigner(7ee5e29d74623fdbc6fbf1454be6f3bb0b86c12366b7b478ad13353e44de8411), config_id: ConfigId([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]), isv_prod_id: 0, isv_svn: IsvSvn(0), config_svn: 0, isv_family_id: FamilyId(00000000000000000000000000000000), report_data: ReportData(sgx_report_data_t { d: [231, 160, 220, 27, 37, 176, 225, 77, 21, 108, 159, 18, 130, 15, 61, 34, 104, 25, 253, 104, 242, 55, 106, 203, 247, 61, 64, 28, 149, 154, 85, 144, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] }) }, signature_len: 680, signature: Some(146c25c134df61f2f55fbba368333e1c77b3524f483212f90b89d6432a21ab2adcfdbeaeb816bdb7a988a67b502c92e7b4a683b88df6ffc649d24e75d61dbfcf8aa09e22da5fb84b24fa1908f8d338277bbf8dc3c6e060ace551b7eaf2d3fdbbfc38905d0ed9d4cd28657f07ce4d5ba9e405a597c534484b4e38c54d5f9a7bcc602373f96a2962c51b60162b28c30d8a374d12f3f46ec5970699c39e8e7a3527443c65cd56abf0ad1153426e0ba32edf84070f2bfa3a32a7463bcdaec0c46ce9337899c1399e68b04ed36409c49bddd2db2bfc40ff7a1b281e2c4fa9607c678ffa4f7a7d93cfd4610047eeb62755861240eed273158c33dd17f539d248a1b3a197d986f9c52d43a246060a6a3bff21e971d82f1bfec654b31265f0e980a54a29e2ba8aca6bffe27668dd21a268010000d46a0dc1ffc4986b994b0b6efd610637d7b22bf21888c6296a9a538cadb8ac5d8f4156ac01db17579b90acd4e130f5865373a84d2ea131ee4f326d169d41d1b552daaa4c514c8ae1245185bccf4f4c9b6b5f3e3cec93216cd1ae023f03155fbf05ff0701b7fadd29a1f097318b9ba2a416e86d3131859c7aea45c58cda4a5a6fa833eabcf0a520d7342d514dbd5c9fa85ed89d8e85342a3b6f1bc1144c11102cd6409e9e93ee672ebffed9b17b0e766a9556ff0bc0da5baac91de39d1deacc35e4036795bd5ebfe7c2e8392921757f2355fdb5ff0c3d6885712cf399d0598a95df36ea34f10f3e4906043d913449d24e12228583d0713aed8a54c530cdc4c28acfc916fe7ba96be700ed2eccb3ba6874a1badd2a1ef80bac9169305666b33091f8ad935e31d3ed33251642787b161e0322d891e3a1fa171251783b61b3b33e5dffaba9010ee33e445840e0e493799d7281a681d86b1afd05cfd90b2eaf0584bccf7eefe5d9747a2e52a0e5c7a0a5d2ff1f1af590d7064abd) } \ No newline at end of file diff --git a/attest/core/src/lib.rs b/attest/core/src/lib.rs index 52a2edbbdd..ebe21e7055 100644 --- a/attest/core/src/lib.rs +++ b/attest/core/src/lib.rs @@ -35,17 +35,19 @@ pub use crate::{ seal::{IntelSealed, IntelSealingError, ParseSealedError, Sealed}, sigrl::SigRL, types::{ - basename::Basename, config_id::ConfigId, cpu_svn::CpuSecurityVersion, - epid_group_id::EpidGroupId, ext_prod_id::ExtendedProductId, family_id::FamilyId, - key_id::KeyId, mac::Mac, measurement::Measurement, pib::PlatformInfoBlob, - report_body::ReportBody, report_data::ReportDataMask, spid::ProviderId, update_info::*, - ConfigSecurityVersion, MiscSelect, ProductId, + basename::Basename, cpu_svn::CpuSecurityVersion, epid_group_id::EpidGroupId, + ext_prod_id::ExtendedProductId, family_id::FamilyId, key_id::KeyId, mac::Mac, + measurement::Measurement, pib::PlatformInfoBlob, report_body::ReportBody, + report_data::ReportDataMask, spid::ProviderId, update_info::*, ConfigSecurityVersion, + MiscSelect, ProductId, }, }; pub use mc_attest_verifier_types::{VerificationReport, VerificationSignature}; -pub use mc_sgx_core_types::{Attributes, IsvSvn, MrEnclave, MrSigner, ReportData, TargetInfo}; +pub use mc_sgx_core_types::{ + Attributes, ConfigId, IsvSvn, MrEnclave, MrSigner, ReportData, TargetInfo, +}; /// The IAS version we support pub const IAS_VERSION: f64 = 4.0; diff --git a/attest/core/src/report.rs b/attest/core/src/report.rs index 9ce2151840..6185f0fb8e 100644 --- a/attest/core/src/report.rs +++ b/attest/core/src/report.rs @@ -204,7 +204,7 @@ mod test { }, }; - const TEST_REPORT_DEBUGSTR: &str = "Report: { body: ReportBody: { cpu_svn: CpuSecurityVersion(0102030405060708090a0b0c0d0e0f10), misc_select: 17, isv_ext_prod_id: ExtendedProductId(0102030405060708090a0b0c0d0e0f10), attributes: Attributes(sgx_attributes_t { flags: 72623859790382856, xfrm: 578437695752307201 }), mr_enclave: MrEnclave(1112131415161718191a1b1c1d1e1f202122232425262728292a2b2b2c2d2e2f), mr_signer: MrSigner(303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f), config_id: ConfigId(505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f), isv_prod_id: 144, isv_svn: IsvSvn(145), config_svn: 146, isv_family_id: FamilyId(939495969798999a9b9c9d9e9fa0a1a2), report_data: ReportData(sgx_report_data_t { d: [163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226] }) }, key: KeyId(0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20), mac: Mac(0102030405060708090a0b0c0d0e0f10) }"; + const TEST_REPORT_DEBUGSTR: &str = "Report: { body: ReportBody: { cpu_svn: CpuSecurityVersion(0102030405060708090a0b0c0d0e0f10), misc_select: 17, isv_ext_prod_id: ExtendedProductId(0102030405060708090a0b0c0d0e0f10), attributes: Attributes(sgx_attributes_t { flags: 72623859790382856, xfrm: 578437695752307201 }), mr_enclave: MrEnclave(1112131415161718191a1b1c1d1e1f202122232425262728292a2b2b2c2d2e2f), mr_signer: MrSigner(303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f), config_id: ConfigId([80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143]), isv_prod_id: 144, isv_svn: IsvSvn(145), config_svn: 146, isv_family_id: FamilyId(939495969798999a9b9c9d9e9fa0a1a2), report_data: ReportData(sgx_report_data_t { d: [163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226] }) }, key: KeyId(0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20), mac: Mac(0102030405060708090a0b0c0d0e0f10) }"; #[test] fn test_serde() { diff --git a/attest/core/src/types.rs b/attest/core/src/types.rs index f6d9f15f89..9a1c6ac02c 100644 --- a/attest/core/src/types.rs +++ b/attest/core/src/types.rs @@ -4,7 +4,6 @@ //! or in multiple places. pub mod basename; -pub mod config_id; pub mod cpu_svn; pub mod epid_group_id; pub mod ext_prod_id; diff --git a/attest/core/src/types/config_id.rs b/attest/core/src/types/config_id.rs deleted file mode 100644 index d638820a6a..0000000000 --- a/attest/core/src/types/config_id.rs +++ /dev/null @@ -1,40 +0,0 @@ -// Copyright (c) 2018-2022 The MobileCoin Foundation - -//! This module contains the wrapper type for an sgx_config_id_t - -use crate::impl_sgx_newtype_for_bytearray; -use mc_sgx_types::{sgx_config_id_t, SGX_CONFIGID_SIZE}; - -/// A configuration ID data type -/// -/// This type exists because of the lack of non-type polymorphism, and -/// should be removed once https://github.com/rust-lang/rust/issues/44580 -/// has been completed. -#[derive(Clone, Copy)] -pub struct ConfigId(sgx_config_id_t); - -impl_sgx_newtype_for_bytearray! { - ConfigId, sgx_config_id_t, SGX_CONFIGID_SIZE; -} - -#[cfg(test)] -mod test { - use super::*; - use mc_util_serial::{deserialize, serialize}; - - #[test] - fn test_serde() { - let src = [ - 0u8, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, - 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, - 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, - ]; - - let cid: ConfigId = (&src).into(); - let cidser = serialize(&cid).expect("Could not serialize ConfigId"); - let cid2: ConfigId = deserialize(&cidser).expect("Could not deserialize ConfigId"); - assert_eq!(cid, cid2); - let dest: sgx_config_id_t = cid2.into(); - assert_eq!(&src[..], &dest[..]); - } -} diff --git a/attest/core/src/types/report_body.rs b/attest/core/src/types/report_body.rs index 7c48f293e7..f9808a3529 100644 --- a/attest/core/src/types/report_body.rs +++ b/attest/core/src/types/report_body.rs @@ -7,11 +7,11 @@ use crate::{ impl_sgx_wrapper_reqs, traits::SgxWrapperType, types::{ - config_id::ConfigId, cpu_svn::CpuSecurityVersion, ext_prod_id::ExtendedProductId, - family_id::FamilyId, measurement::Measurement, report_data::ReportDataMask, - ConfigSecurityVersion, MiscSelect, ProductId, + cpu_svn::CpuSecurityVersion, ext_prod_id::ExtendedProductId, family_id::FamilyId, + measurement::Measurement, report_data::ReportDataMask, ConfigSecurityVersion, MiscSelect, + ProductId, }, - Attributes, IsvSvn, ReportData, + Attributes, ConfigId, IsvSvn, ReportData, }; use alloc::vec::Vec; use core::{ @@ -21,7 +21,7 @@ use core::{ mem::size_of, }; use mc_sgx_core_types::{AttributeFlags, MrEnclave, MrSigner}; -use mc_sgx_types::{sgx_attributes_t, sgx_measurement_t, sgx_report_body_t}; +use mc_sgx_types::{sgx_attributes_t, sgx_measurement_t, sgx_report_body_t, SGX_CONFIGID_SIZE}; use mc_util_encodings::{Error as EncodingError, IntelLayout}; // Offsets of various fields in a sgx_report_body_t with x86_64 layout @@ -49,7 +49,7 @@ const RB_MRSIGNER_END: usize = RB_MRSIGNER_START + MrSigner::SIZE; const RB_RESERVED3_START: usize = RB_MRSIGNER_END; const RB_RESERVED3_END: usize = RB_RESERVED3_START + 32; const RB_CONFIGID_START: usize = RB_RESERVED3_END; -const RB_CONFIGID_END: usize = RB_CONFIGID_START + ::X86_64_CSIZE; +const RB_CONFIGID_END: usize = RB_CONFIGID_START + SGX_CONFIGID_SIZE; const RB_ISVPRODID_START: usize = RB_CONFIGID_END; const RB_ISVPRODID_END: usize = RB_ISVPRODID_START + size_of::(); const RB_ISVSVN_START: usize = RB_ISVPRODID_END; @@ -235,22 +235,16 @@ impl Ord for ReportBody { Ordering::Equal => { match self.0.misc_select.cmp(&other.0.misc_select) { Ordering::Equal => { - match self.config_id().cmp(&other.config_id()) { - Ordering::Equal => { - match self.0.config_svn.cmp(&other.0.config_svn) - { - Ordering::Equal => match self - .cpu_security_version() - .cmp(&other.cpu_security_version()) - { - Ordering::Equal => self - .report_data() - .cmp(&other.report_data()), - ordering => ordering, - }, - ordering => ordering, + match self.0.config_svn.cmp(&other.0.config_svn) { + Ordering::Equal => match self + .cpu_security_version() + .cmp(&other.cpu_security_version()) + { + Ordering::Equal => { + self.report_data().cmp(&other.report_data()) } - } + ordering => ordering, + }, ordering => ordering, } } @@ -315,10 +309,7 @@ impl SgxWrapperType for ReportBody { return Err(EncodingError::InvalidOutputLength); } dest[RB_MRSIGNER_START..RB_MRSIGNER_END].copy_from_slice(&src.mr_signer.m); - ConfigId::write_ffi_bytes( - &src.config_id, - &mut dest[RB_CONFIGID_START..RB_CONFIGID_END], - )?; + dest[RB_CONFIGID_START..RB_CONFIGID_END].copy_from_slice(&src.config_id); dest[RB_ISVPRODID_START..RB_ISVPRODID_END].copy_from_slice(&src.isv_prod_id.to_le_bytes()); dest[RB_ISVSVN_START..RB_ISVSVN_END].copy_from_slice(&src.isv_svn.to_le_bytes()); dest[RB_CONFIGSVN_START..RB_CONFIGSVN_END].copy_from_slice(&src.config_svn.to_le_bytes()); @@ -380,7 +371,7 @@ impl<'src> TryFrom<&'src [u8]> for ReportBody { reserved3: (&src[RB_RESERVED3_START..RB_RESERVED3_END]) .try_into() .map_err(|_e| EncodingError::InvalidInput)?, - config_id: ConfigId::try_from(&src[RB_CONFIGID_START..RB_CONFIGID_END])?.into(), + config_id: ConfigId::from(&src[RB_CONFIGID_START..RB_CONFIGID_END].try_into()?).into(), isv_prod_id: u16::from_le_bytes( (&src[RB_ISVPRODID_START..RB_ISVPRODID_END]) .try_into() @@ -507,12 +498,6 @@ mod test { body2.0.mr_signer.m[0] = orig_value; assert_eq!(body1, body2); - let orig_value = body2.0.config_id[0]; - body2.0.config_id[0] = 255; - assert!(body1 < body2); - body2.0.config_id[0] = orig_value; - assert_eq!(body1, body2); - let orig_value = body2.0.isv_prod_id; body2.0.isv_prod_id = 255; assert!(body1 < body2); diff --git a/attest/verifier/src/lib.rs b/attest/verifier/src/lib.rs index 6da2bb0e51..372494d22e 100644 --- a/attest/verifier/src/lib.rs +++ b/attest/verifier/src/lib.rs @@ -281,7 +281,7 @@ impl Verifier { /// Verify the report body config ID matches the given value. pub fn config_id(&mut self, config_id: &ConfigId) -> &mut Self { - self.report_body_verifiers.push((*config_id).into()); + self.report_body_verifiers.push(config_id.clone().into()); self } diff --git a/attest/verifier/src/report_body.rs b/attest/verifier/src/report_body.rs index db735fdfa0..032bd1dc29 100644 --- a/attest/verifier/src/report_body.rs +++ b/attest/verifier/src/report_body.rs @@ -90,7 +90,7 @@ impl Verify for AttributesVerifier { /// A [`Verify`] implementation that will check if the enclave /// configuration ID matches the given value -#[derive(Clone, Debug, Deserialize, Eq, Hash, Ord, PartialEq, PartialOrd, Serialize)] +#[derive(Clone, Debug, Eq, Hash, PartialEq)] pub struct ConfigIdVerifier(ConfigId); impl Verify for ConfigIdVerifier {