carv-protocol · tyxben · May 31, 2024 · Jun 6, 2024 · Jun 7, 2024 · Jun 26, 2024
diff --git a/.gitignore b/.gitignore
@@ -38,5 +38,4 @@ bin/
 *.swp
 
 internal/scripts
-*_test.go
 configs/config-test.yaml
diff --git a/configs/trusted.json b/configs/trusted.json
@@ -5,7 +5,9 @@
       "39ecc806c079565f3bdbfc653eac14743842626f005496d6b5ad879868869048",
       "9f51cfe28c770f6f1f9844042ea051d8030349880f6af640c786549dba86185a",
       "4603b9abe7d9d9ba8f14d3ad1dd359fdfb4269cfa04f48c19dee64455d6e3077",
-      "96895d38170328f738045ce3fb85cc782e90af693e328edf91029e6fc966ef98"
+      "96895d38170328f738045ce3fb85cc782e90af693e328edf91029e6fc966ef98",
+      "3d90da2a20ea35d2fa409fa147d7f5b966245bd98b5041c604dfdd0bd188e646",
+      "bf24f0aacf9a175765e52925aab88ca636cb87afeb39ef259305a06998acb5e3"
     ]
   }
 }
diff --git a/go.mod b/go.mod
@@ -25,6 +25,7 @@ require (
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/StackExchange/wmi v1.2.1 // indirect
 	github.com/VictoriaMetrics/fastcache v1.12.1 // indirect
+	github.com/andybalholm/brotli v1.1.0
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bits-and-blooms/bitset v1.10.0 // indirect
 	github.com/btcsuite/btcd/btcec/v2 v2.2.0 // indirect

diff --git a/go.sum b/go.sum
@@ -57,6 +57,8 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
 github.com/allegro/bigcache v1.2.1-0.20190218064605-e24eb225f156 h1:eMwmnE/GDgah4HI848JfFxHt+iPb26b4zyfspmqY0/8=
 github.com/allegro/bigcache v1.2.1-0.20190218064605-e24eb225f156/go.mod h1:Cb/ax3seSYIx7SuZdm2G2xzfwmv3TPSk2ucNfQESPXM=
+github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M=
+github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/aymerick/raymond v2.0.3-0.20180322193309-b565731e1464+incompatible/go.mod h1:osfaiScAUVup+UC9Nfq76eWqDhXlp+4UYaA8uhTBO6g=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=

diff --git a/pkg/dcap/cert.go b/pkg/dcap/cert.go
@@ -126,15 +126,15 @@ func parseTCB(sgxExtMap map[string]asn1.RawValue, compSVNOIDs []asn1.ObjectIdent
 	var sequence []Ext
 	_, err := asn1.Unmarshal(pceSVNRaw.FullBytes, &sequence)
 	if err != nil {
-		return tcb, errors.New(fmt.Sprintf("failed to unmarshal ASN.1 sequence: %w", err))
+		return tcb, errors.New(fmt.Sprintf("failed to unmarshal ASN.1 sequence: %v", err))
 	}
 	pceExtMap := make(map[string]asn1.RawValue)
 	for i, ext := range sequence {
 		pceExtMap[fmt.Sprintf("%v", ext.Key)] = sequence[i].Value
 	}
 	pceSVN, err := parseUint16ASN1(sequence)
 	if err != nil {
-		return tcb, errors.New(fmt.Sprintf("error parsing PCE SVN: %w", err))
+		return tcb, errors.New(fmt.Sprintf("error parsing PCE SVN: %v", err))
 	}
 	tcb.PceSVN = pceSVN
 	var compSVNArray []byte
@@ -150,7 +150,7 @@ func parseTCB(sgxExtMap map[string]asn1.RawValue, compSVNOIDs []asn1.ObjectIdent
 	j := 0
 	for i := 0; i < len(compSVNArray); i++ {
 		if j > len(tcb.CompSVNArray) {
-			return tcb, errors.New(fmt.Sprintf("error parsing Comp SVN: %w", err))
+			return tcb, errors.New(fmt.Sprintf("error parsing Comp SVN: %v", err))
 		}
 		if compSVNArray[i] > 0 {
 			tcb.CompSVNArray[j] = compSVNArray[i]

diff --git a/pkg/dcap/verify.go b/pkg/dcap/verify.go
@@ -6,24 +6,31 @@ import (
 	"encoding/binary"
 	"encoding/json"
 	"fmt"
-	"github.com/carv-protocol/verifier/internal/conf"
 	"io"
+	"io/ioutil"
 	"os"
+
+	"github.com/andybalholm/brotli"
+	"github.com/carv-protocol/verifier/internal/conf"
 )
 
 func VerifyAttestation(data string, cf *conf.Bootstrap) (bool, error) {
 	b64Data, err := base64.StdEncoding.DecodeString(data)
 	if err != nil {
 		return false, err
 	}
-
+	quoteByte, err := decompressDataWithBrotli(b64Data)
+	if err != nil {
+		return false, err
+	}
+
 	var quote = Quote{}
-	var byteReader = bytes.NewReader(b64Data)
+	var byteReader = bytes.NewReader(quoteByte)
 	err = binary.Read(byteReader, binary.BigEndian, &quote)
 	if err != nil {
 		return false, err
 	}
-	quoteAuth, err := GetQuoteV3Auth(b64Data)
+	quoteAuth, err := GetQuoteV3Auth(quoteByte)
 	if err != nil {
 		return false, err
 	}
@@ -32,7 +39,7 @@ func VerifyAttestation(data string, cf *conf.Bootstrap) (bool, error) {
 	if err != nil {
 		return false, err
 	}
-	err = quote.VerifyQuote(b64Data, &result, &quoteAuth, cf)
+	err = quote.VerifyQuote(quoteByte, &result, &quoteAuth, cf)
 	if err != nil {
 		return false, err
 	}
@@ -67,3 +74,12 @@ func TrustedLoad(path string) (TrusTEEInfo, error) {
 
 	return info, nil
 }
+
+func decompressDataWithBrotli(compressedData []byte) ([]byte, error) {
+	reader := brotli.NewReader(bytes.NewReader(compressedData))
+	decompressedData, err := ioutil.ReadAll(reader)
+	if err != nil {
+		return nil, err
+	}
+	return decompressedData, nil
+}
diff --git a/pkg/dcap/verify_test.go b/pkg/dcap/verify_test.go
@@ -0,0 +1,48 @@
+package dcap
+
+import (
+	"testing"
+
+	"github.com/carv-protocol/verifier/internal/conf"
+)
+
+func TestVerifyAttestation(t *testing.T) {
+	//t.Parallel()
+	type args struct {
+		data string
+		cf   *conf.Bootstrap
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    bool
+		wantErr bool
+	}{
+		{
+			name: "Test case 1",
+			args: args{
+				data: "G3kSEdWsHgA0UhbO328AT01Hmb/nbS7o95zLae++eSKiI9v+TyOGIWAo7SaoAUSxEmXiWOpn0ZtX+Z+/UBdFYtc6dY27cen2toigYYlstmHywCIdygYAu0Gvexm3QWL80ritSOFB8YADYMDrQOAAZCA9z439u0ChNgMOsT0zGAoa+XeeZeqFhDTIiH2ql+1K/Nnhg4CAgvz/P4AGEuj1nTVM8VK3nIetbXlJS1nXk1DFNR/dfM/7TJkOWWKb09B5Xvf/s4lRSs/ZE0Eru+8Hy5HzQ+3uuTPVfQnaItKjb6iYD7Iy4DgCun4emOaTXZuBpbuTkTnxAGzUXrC/oac0eTZsjKYmu3SEAQHcTgtcBVQTkTOdyOx4HVHsIxpIEGe2OnOmaurs1xQKHz/Rm2krMu/R/ta91by8lSFaMOfF6EXIJb+MRxcbqNU4vqB6njI9+OX/t5/IqRSfPeHvp9W2zZvidgvzESw+4yBkmIBlLPxL3fbop6oglg3SJmVQs/b9/e/46MXWDHYOnSR+ZyEFYanEqjgiyu5XkJWN3sCP7vLcn2SSSmnbabhnxFgIOiCHeWdltUtXKelBGFFzFVBdHeyp/g2IRMrn4/O9xvlgMz06vUh/1gnK2p7bWSpCWejB3lNxYXmAVkPiowsGPAw+rETKpP//xDsQAHdn0fr+ZAVfyfUyc4tUorICD9t0+niAy1ZpgkvWvCWI1Wfn8PV+mutu4y1fojhjGhyOot1VoStro/fau18N1bQkOoouilMK4n1FLyVO5UD2QD9swpwMSliubh9ThH6ghJDpt9qSpAMCgYFDQEJBw8DCwSMgIiGjoKKhY2BiYePg4uETEBIRQwJGSADAeE7+YUQZ9/+JaRhzh2MY0zs/AhCc002MMXJbBTVHUPGkcKyXgQ6dGMJuhFfLIbOmPRn2LeAaq4L/DSWfOoNCzTWoCW0FhgwuEgq1LqNsZZSZVolxKLiDSPRFsmKOUV7sbxUhImO6F0gxuEgoVjoEkdGpkKb9rZn9LfLwVpnWxyEwQspPEawFXvhNdQ0bTv1nkbuNkE+NZUFSKTkg0CUypp6A55o3hhqB01TobVP7ohM6iPlCkNrwJ7HMrrNOcCKQdUiLiGsOa10DIah3q2vYVxjF4UKphPoep35fM8WtvPRdkYe9CAfNbIJ/gCCnLIlUS1dXS7c5sH6sOpoIxFu2UK29xHTeB0aVND9NfaEfPEHXzdEBgkrAs4982w6j2k2TCZUCCYa+dxYJy4aKMox/b1zTLTQ4RAHi4Pv7zFbCvK/+5GONnCwOijZw+Le1/H7WTT/cDtEWWs04i9f73/kV3rNxtlX35F1Zc5wYf0Dm1fuOYLSI10k93Wjm7zulRCA4J7iDJ6T8dBsJygjMFIrSarH0x3Bs1glyv4fYAGJjoVSPx5SgB1J+ug03tCSoFQyr/I7qpr8Nh22o62kYPdPR+2hl1Nd0OrD0XJvpFxwufVfm4r3PVkaZ6Xdh2i9v6V+P2O7K3DX2WXkrTMfYZ/bbWxaTt0Td3vS/FbG7Il5oUDHHUNpCyr66+GPJ+nc5Lc5lzvW2Yw8qNAKECupQD16uy3u211Lf8meRHB/N/ZqCzXo+CWgNWdaBaIrmWurcyzSBYqgWtA0FgqcNhR2EgnMc6MKdD5fXjI0PpYEA4hx7BGPYKr1Vxd8DC4dSyv4exOjRtueUFJ7J7Mu02+xsNpYlDLd3BiJeWbGkPpRcK+WkAkGGx7/MPX4IKipAuDFQgKQxAoSSUgUA4MyVw/kEQ6Se9+bcshk1EJEUI8bGcLfRFBaee3pVg5awAVDgqgKoOXdhwICmPI0a1m81gBqjKRZN2bjBRQORDR3Q0FvNOTgFFGoB9W4+1/BDWFEFurBoiU9yTjZAUDLI0N3SKuBGIGWGb/DkD0oqMgRSc89m9mvmeQvgRcU1m1ZwNi7DIUaUesNwDrwVpHDLgjSVeCX9oESxobPTxggsKooLTzEJNdQghFyxK/EzpQ1/NsTVS7LksymHWVDfy9gf98t1NnTRRx294fDEnOhXNmXPSL48S+9MEOXD4ybfIfJSBWP5+pxYtw/wJas3L/Dz8/PzQ33yT0zDmDtBrToBj4D7jgg7c9cpdNMxr02bzbY3Sa/uYienSTk5tleJgMOSWxxBgYFg6sM6WMSmKxCCJv37wNInd/xthlFUmbbBqY8iRLnc4oByNAC4FvDoaOMTELgQHf0IkmgRo72jjUlM10uKLfzwDirQfDIsXUrjqRL2aRi9HOuLoaRB3YUPxQCn/lhf0Vhf1uMYEUpNVcsucEvgKy6ylVFEiFTM+Rah2YOhxhXXAb5NU8SwT2PhnDXVxVZGTgylpD4xAmVNpILUj9D892Uu+jwKgInf0+2jf62ji35N+iVMZatHjl8f85XG3n3d/J3X0yxpwxJf7+Hv7RmM6u4co09/iXu3B8f40ppZMS3vAXpPGL0JPCHlp9tIUEZgppBsSzll2c0w2lNAXm4ajQtYBVHNHgRFAKmIcPYNjSbkCnpU4R6R5uwEuQp2DN2tv6uApzZ6Wbh7mjS52OOB+si7hH3dwcOfHoy0qKNk0mf2AUyVUVnHHkb1NbHJLoBp7S17qclojBMaOyi3cwRlANAwoZkPNK7lcQELBOBp1at0AgvznubP9Nwaetau04Jly8SZm+Z7nx+NwiXdIjmCK5zFHVns21XNfRYuqkUEL2T1OZ/i9DYOVjJ826j4PEjmXZLQwtz2/76nnT8D1U2w6EYk/JKIRX8/+Pw6qd8oTR62ZNP5iu56swrYyzafAsiEQ3PHaimFL8ytBhBSH7BRZOUkppYgyVfEVPsk+QhnyEksVyLm03cJPz4vgnTQrW8VUKS0CkBKi4A5+4Adr69UC8KLMujm7S574mlP/9pfsAjaIPJCp8lYV11R6p7S67mw3kvenUlReIb4BNbl/vwWXY/2fZwWH2dnPl30t5r6vwCBVC63OKAcLQqoUKn1QKmRQ5zBtB4AGcnXouINDLL5Sp7DWWTjNiK1Pwzae+9C75mx07xof1mU2xZSOtYKwJZCyzX6x3YQz1k+rIb5M18Htsw+2xCOZcKCQyh/6/Ee5vs7/y/4+fn5+aHzVvkP",
+				cf: &conf.Bootstrap{
+					Dacp: &conf.Dacp{
+						TrustedPath:  "../../configs/trusted.json",
+						TcbPath:      "../../configs/tcb.json",
+						IdentityPath: "../../configs/identity.json",
+					},
+				},
+			},
+			want: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := VerifyAttestation(tt.args.data, tt.args.cf)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("VerifyAttestation() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != tt.want {
+				t.Errorf("VerifyAttestation() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}