add allowed_tcb_statuses and allowed_advisory_ids option to attestation command

bluele · bluele · commit 3713a5a4985f · 2025-03-08T10:08:23.000+09:00
Signed-off-by: Jun Kimura &lt;jun.kimura@datachain.jp&gt;
diff --git a/app/src/commands/attestation.rs b/app/src/commands/attestation.rs
@@ -10,8 +10,9 @@ use host::store::transaction::CommitStore;
 use remote_attestation::{
     dcap,
     dcap_pcs::client::PCSClient,
+    dcap_quote_verifier::verifier::Status,
     dcap_simulation::{DCAP_SIM_ROOT_CA_PEM, DCAP_SIM_ROOT_KEY_PKCS8},
-    dcap_utils::ValidatedPCSClient,
+    dcap_utils::{QVResultAllowList, ValidatedPCSClient},
     ias, zkdcap, IASMode,
 };
 use remote_attestation::{
@@ -327,6 +328,7 @@ fn run_dcap_remote_attestation<E: EnclaveCommandAPI<S>, S: CommitStore>(
         enclave.get_key_manager(),
         Address::from_hex_string(&cmd.enclave_key)?,
         cmd.collateral_service.clone().into(),
+        Default::default(),
     )?;
     Ok(())
 }
@@ -344,6 +346,18 @@ pub struct ZKDCAPRemoteAttestation {
     pub enclave_key: String,
     #[clap(flatten)]
     pub collateral_service: SgxCollateralService,
+    #[clap(
+        long = "allowed_tcb_statuses",
+        value_delimiter = ',',
+        help = "Allowed TCB status list"
+    )]
+    pub allowed_tcb_statuses: Vec<Status>,
+    #[clap(
+        long = "allowed_advisory_ids",
+        value_delimiter = ',',
+        help = "Allowed advisory ID list"
+    )]
+    pub allowed_advisory_ids: Vec<String>,
     #[clap(long = "program_path", help = "Path to the zkVM guest program")]
     pub program_path: Option<PathBuf>,
     #[clap(
@@ -421,6 +435,10 @@ fn run_zkdcap_remote_attestation<E: EnclaveCommandAPI<S>, S: CommitStore>(
         cmd.get_zkvm_program()?.as_ref(),
         cmd.disable_pre_execution,
         cmd.collateral_service.clone().into(),
+        QVResultAllowList::new(
+            cmd.allowed_tcb_statuses.clone(),
+            cmd.allowed_advisory_ids.clone(),
+        ),
     )?;
     Ok(())
 }
diff --git a/modules/remote-attestation/src/dcap.rs b/modules/remote-attestation/src/dcap.rs
@@ -1,4 +1,4 @@
-use crate::dcap_utils::{DCAPRemoteAttestationResult, ValidatedPCSClient};
+use crate::dcap_utils::{DCAPRemoteAttestationResult, QVResultAllowList, ValidatedPCSClient};
 use crate::errors::Error;
 use anyhow::anyhow;
 use attestation_report::QEType;
@@ -27,9 +27,16 @@ pub fn run_dcap_ra(
     key_manager: &EnclaveKeyManager,
     target_enclave_key: Address,
     pcs_client: ValidatedPCSClient,
+    allow_list: QVResultAllowList,
 ) -> Result<(), Error> {
     let current_time = Time::now();
-    let result = dcap_ra(key_manager, target_enclave_key, current_time, pcs_client)?;
+    let result = dcap_ra(
+        key_manager,
+        target_enclave_key,
+        current_time,
+        pcs_client,
+        allow_list,
+    )?;
 
     key_manager
         .update_ra_quote(target_enclave_key, result.to_ra_quote().into())
@@ -44,6 +51,7 @@ pub(crate) fn dcap_ra(
     target_enclave_key: Address,
     current_time: Time,
     pcs_client: ValidatedPCSClient,
+    allow_list: QVResultAllowList,
 ) -> Result<DCAPRemoteAttestationResult, Error> {
     let ek_info = key_manager.load(target_enclave_key).map_err(|e| {
         Error::key_manager(
@@ -88,6 +96,13 @@ pub(crate) fn dcap_ra(
         output.status, output.advisory_ids, output.validity, output.min_tcb_evaluation_data_number,
     );
 
+    if let Some(false) = allow_list.is_allowed_tcb_status(output.status) {
+        return Err(Error::tcb_status_not_allowed(output.status));
+    }
+    if let Some(false) = allow_list.is_allowed_advisory_ids(&output.advisory_ids) {
+        return Err(Error::advisory_ids_not_allowed(output.advisory_ids.clone()));
+    }
+
     Ok(DCAPRemoteAttestationResult {
         raw_quote,
         output,
diff --git a/modules/remote-attestation/src/dcap_utils.rs b/modules/remote-attestation/src/dcap_utils.rs
@@ -1,6 +1,6 @@
 use attestation_report::DCAPQuote;
 use dcap_pcs::client::PCSClient;
-use dcap_quote_verifier::verifier::QuoteVerificationOutput;
+use dcap_quote_verifier::verifier::{QuoteVerificationOutput, Status};
 use dcap_quote_verifier::{collateral::QvCollateral, types::quotes::CertData};
 use lcp_types::proto::lcp::service::enclave::v1::{QvCollateral as ProtoQvCollateral, Validity};
 use std::ops::Deref;
@@ -61,6 +61,38 @@ impl Deref for ValidatedPCSClient {
     }
 }
 
+/// A list of TCB statuses and advisory IDs that are allowed.
+#[derive(Debug, Clone, Default)]
+pub struct QVResultAllowList {
+    pub tcb_statuses: Vec<Status>,
+    pub advisory_ids: Vec<String>,
+}
+
+impl QVResultAllowList {
+    pub fn new(tcb_statuses: Vec<Status>, advisory_ids: Vec<String>) -> Self {
+        Self {
+            tcb_statuses,
+            advisory_ids,
+        }
+    }
+
+    pub fn is_allowed_tcb_status(&self, tcb_status: Status) -> Option<bool> {
+        if self.tcb_statuses.is_empty() {
+            None
+        } else {
+            Some(self.tcb_statuses.contains(&tcb_status))
+        }
+    }
+
+    pub fn is_allowed_advisory_ids(&self, advisory_ids: &[String]) -> Option<bool> {
+        if self.advisory_ids.is_empty() {
+            None
+        } else {
+            Some(advisory_ids.iter().all(|id| self.advisory_ids.contains(id)))
+        }
+    }
+}
+
 #[derive(Debug)]
 pub struct DCAPRemoteAttestationResult {
     pub raw_quote: Vec<u8>,
diff --git a/modules/remote-attestation/src/errors.rs b/modules/remote-attestation/src/errors.rs
@@ -1,4 +1,5 @@
 use attestation_report::QEType;
+use dcap_quote_verifier::verifier::Status;
 use flex_error::*;
 use lcp_types::Time;
 use sgx_types::{sgx_quote3_error_t, sgx_status_t};
@@ -19,7 +20,7 @@ define_error! {
             descr: String,
         }
         |e| {
-            format_args!("InvalidUtf8: bytes={:?} descr={}", e.bytes, e.descr)
+            format_args!("Invalid utf8: bytes={:?} descr={}", e.bytes, e.descr)
         },
 
         InvalidU32String {
@@ -28,7 +29,7 @@ define_error! {
             descr: String,
         }
         |e| {
-            format_args!("InvalidU32String: string={} descr={}", e.string, e.descr)
+            format_args!("Invalid u32 string: string={} descr={}", e.string, e.descr)
         },
 
         Base64Decode {
@@ -43,7 +44,7 @@ define_error! {
             value: String,
         }
         |e| {
-            format_args!("InvalidPercentDecode: value={}", e.value)
+            format_args!("Invalid percent decode: value={}", e.value)
         },
 
         IoError {
@@ -60,7 +61,7 @@ define_error! {
 
         InvalidIasServerName
         |_| {
-            format_args!("InvalidServerName")
+            format_args!("Invalid IAS server name")
         },
 
         HttpParseError
@@ -80,7 +81,7 @@ define_error! {
             status: reqwest::StatusCode,
         }
         |e| {
-            format_args!("InvalidHTTPStatus: url={} status={}", e.url, e.status)
+            format_args!("Invalid HTTP status: url={} status={}", e.url, e.status)
         },
 
         Pem
@@ -95,15 +96,15 @@ define_error! {
             port: u16,
         }
         |e| {
-            format_args!("CannotLookupAddress: host={} port={}", e.host, e.port)
+            format_args!("Cannot lookup address: host={} port={}", e.host, e.port)
         },
 
         TooOldReportTimestamp {
             now: Time,
             timestamp: Time
         }
         |e| {
-            format_args!("TooOldReportTimestamp: the timestamp of the report is too old: now={:?} attestation_time={:?}", e.now, e.timestamp)
+            format_args!("Too old report timestamp: the timestamp of the report is too old: now={:?} attestation_time={:?}", e.now, e.timestamp)
         },
 
         AttestationReport
@@ -123,35 +124,35 @@ define_error! {
             descr: String
         }
         |e| {
-            format_args!("UnexpectedIASReportResponse error: {}", e.descr)
+            format_args!("Unexpected IAS Report response error: {}", e.descr)
         },
 
         UnexpectedSigrlResponse {
             descr: String
         }
         |e| {
-            format_args!("UnexpectedSigrlResponse error: {}", e.descr)
+            format_args!("Unexpected sigrl response error: {}", e.descr)
         },
 
         UnexpectedIasReportCertificateResponse {
             descr: String
         }
         |e| {
-            format_args!("UnexpectedIASReportCertificateResponse error: {}", e.descr)
+            format_args!("Unexpected IAS certificate response error: {}", e.descr)
         },
 
         UnexpectedReport {
             descr: String
         }
         |e| {
-            format_args!("UnexpectedReport error: {}", e.descr)
+            format_args!("Unexpected report error: {}", e.descr)
         },
 
         UnexpectedQuote {
             descr: String
         }
         |e| {
-            format_args!("UnexpectedQuoteError: {}", e.descr)
+            format_args!("Unexpected quote error: {}", e.descr)
         },
 
         UnexpectedQeType {
@@ -162,6 +163,20 @@ define_error! {
             format_args!("Unexpected QE type: expected={:?} actual={:?}", e.expected, e.actual)
         },
 
+        TcbStatusNotAllowed {
+            tcb_status: Status,
+        }
+        |e| {
+            format_args!("TCB status Not allowed: tcb_status={:?}", e.tcb_status)
+        },
+
+        AdvisoryIdsNotAllowed {
+            advisory_ids: Vec<String>,
+        }
+        |e| {
+            format_args!("Advisory Ids Not allowed: advisory_ids={:?}", e.advisory_ids)
+        },
+
         SgxError {
             status: sgx_status_t,
             descr: String
diff --git a/modules/remote-attestation/src/lib.rs b/modules/remote-attestation/src/lib.rs
@@ -12,6 +12,7 @@ pub mod zkdcap;
 
 pub use common::get_target_qe_info;
 pub use dcap_pcs;
+pub use dcap_quote_verifier;
 pub use ias_utils::{validate_qe_report, IASMode, IAS_HOSTNAME};
 #[cfg(feature = "sgx-sw")]
 pub use rsa;
diff --git a/modules/remote-attestation/src/zkdcap.rs b/modules/remote-attestation/src/zkdcap.rs
@@ -1,7 +1,7 @@
 use crate::{
     dcap::dcap_ra,
     dcap_simulation::{dcap_ra_simulation, DCAPRASimulationOpts},
-    dcap_utils::{DCAPRemoteAttestationResult, ValidatedPCSClient},
+    dcap_utils::{DCAPRemoteAttestationResult, QVResultAllowList, ValidatedPCSClient},
     errors::Error,
 };
 use anyhow::anyhow;
@@ -34,6 +34,7 @@ pub fn run_zkdcap_ra(
     elf: &[u8],
     disable_pre_execution: bool,
     pcs_client: ValidatedPCSClient,
+    allow_list: QVResultAllowList,
 ) -> Result<(), Error> {
     let image_id = compute_image_id(elf)
         .map_err(|e| Error::anyhow(anyhow!("cannot compute image id: {}", e)))?;
@@ -43,7 +44,13 @@ pub fn run_zkdcap_ra(
     );
 
     let current_time = Time::now();
-    let res = dcap_ra(key_manager, target_enclave_key, current_time, pcs_client)?;
+    let res = dcap_ra(
+        key_manager,
+        target_enclave_key,
+        current_time,
+        pcs_client,
+        allow_list,
+    )?;
 
     zkdcap_ra(
         key_manager,
diff --git a/tests/integration/src/lib.rs b/tests/integration/src/lib.rs
@@ -38,7 +38,6 @@ mod tests {
     use lcp_proto::protobuf::Protobuf;
     use lcp_types::{ClientId, Height};
     use log::*;
-    use remote_attestation::dcap_utils::ValidatedPCSClient;
     use std::str::FromStr;
     use std::sync::{Arc, RwLock};
     use store::{host::HostStore, memory::MemStore};
@@ -227,6 +226,7 @@ mod tests {
         #[cfg(not(feature = "sgx-sw"))]
         {
             use remote_attestation::dcap_pcs::client::PCSClient;
+            use remote_attestation::dcap_utils::ValidatedPCSClient;
             use remote_attestation::zkdcap::run_zkdcap_ra;
             use remote_attestation::zkvm::prover::Risc0ProverMode;
             use zkdcap_risc0::DCAP_QUOTE_VERIFIER_ELF;
@@ -259,6 +259,7 @@ mod tests {
                     ),
                     None,
                 ),
+                Default::default(),
             );
             assert!(res.is_ok(), "zkDCAP Remote Attestation Failed {:?}", res);
         }
