add expected_tcb_evaluation_data_number to zkdcap attestation command

Signed-off-by: Jun Kimura <[email protected]>

Author: bluele

app/src/commands/attestation.rs

@@ -11,6 +11,7 @@ use remote_attestation::{
     dcap,
     dcap_pcs::client::PCSClient,
     dcap_simulation::{DCAP_SIM_ROOT_CA_PEM, DCAP_SIM_ROOT_KEY_PKCS8},
+    dcap_utils::ValidatedPCSClient,
     ias, zkdcap, IASMode,
 };
 use remote_attestation::{
@@ -251,6 +252,11 @@ pub struct SgxCollateralService {
         help = "Update policy (early(default) or standard)"
     )]
     pub update_policy: UpdatePolicy,
+    #[clap(
+        long = "expected_tcb_evaluation_data_number",
+        help = "Expected TCB Evaluation Data Number for TCB Info and QE Identity"
+    )]
+    pub expected_tcb_evaluation_data_number: Option<u32>,
 }
 
 #[derive(Clone, Debug, PartialEq)]
@@ -285,12 +291,15 @@ impl SgxCollateralService {
     }
 }
 
-impl From<SgxCollateralService> for PCSClient {
+impl From<SgxCollateralService> for ValidatedPCSClient {
     fn from(service: SgxCollateralService) -> Self {
         Self::new(
-            service.get_pccs_url().as_str(),
-            service.get_certs_service_url().as_str(),
-            service.update_policy == UpdatePolicy::Early,
+            PCSClient::new(
+                service.get_pccs_url().as_str(),
+                service.get_certs_service_url().as_str(),
+                service.update_policy == UpdatePolicy::Early,
+            ),
+            service.expected_tcb_evaluation_data_number,
         )
     }
 }

modules/remote-attestation/src/dcap.rs

@@ -1,9 +1,8 @@
-use crate::dcap_utils::DCAPRemoteAttestationResult;
+use crate::dcap_utils::{DCAPRemoteAttestationResult, ValidatedPCSClient};
 use crate::errors::Error;
 use anyhow::anyhow;
 use attestation_report::QEType;
 use crypto::Address;
-use dcap_pcs::client::PCSClient;
 use dcap_quote_verifier::quotes::version_3::verify_quote_v3;
 use dcap_quote_verifier::types::quotes::version_3::QuoteV3;
 use keymanager::EnclaveKeyManager;
@@ -27,7 +26,7 @@ pub const INTEL_ROOT_CA_HASH: [u8; 32] = [
 pub fn run_dcap_ra(
     key_manager: &EnclaveKeyManager,
     target_enclave_key: Address,
-    pcs_client: PCSClient,
+    pcs_client: ValidatedPCSClient,
 ) -> Result<(), Error> {
     let current_time = Time::now();
     let result = dcap_ra(key_manager, target_enclave_key, current_time, pcs_client)?;
@@ -44,7 +43,7 @@ pub(crate) fn dcap_ra(
     key_manager: &EnclaveKeyManager,
     target_enclave_key: Address,
     current_time: Time,
-    pcs_client: PCSClient,
+    pcs_client: ValidatedPCSClient,
 ) -> Result<DCAPRemoteAttestationResult, Error> {
     let ek_info = key_manager.load(target_enclave_key).map_err(|e| {
         Error::key_manager(
@@ -64,7 +63,7 @@ pub(crate) fn dcap_ra(
     let (quote, _) = QuoteV3::from_bytes(&raw_quote).map_err(Error::dcap_quote_verifier)?;
 
     let collateral = pcs_client
-        .get_collateral(true, &quote.signature.qe_cert_data)
+        .validate_and_get_collateral(true, &quote.signature.qe_cert_data)
         .map_err(|e| Error::anyhow(anyhow!("cannot get collateral data: {}", e)))?;
 
     info!(
@@ -115,6 +114,7 @@ fn rsgx_qe_get_quote(app_report: &sgx_report_t) -> Result<Vec<u8>, sgx_quote3_er
 #[cfg(test)]
 mod tests {
     use super::*;
+    use dcap_pcs::client::PCSClient;
     use dcap_quote_verifier::{crypto::keccak256sum, types::SGX_TEE_TYPE};
 
     #[test]

modules/remote-attestation/src/dcap_utils.rs

@@ -1,7 +1,65 @@
 use attestation_report::DCAPQuote;
-use dcap_quote_verifier::collateral::QvCollateral;
+use dcap_pcs::client::PCSClient;
 use dcap_quote_verifier::verifier::QuoteVerificationOutput;
+use dcap_quote_verifier::{collateral::QvCollateral, types::quotes::CertData};
 use lcp_types::proto::lcp::service::enclave::v1::{QvCollateral as ProtoQvCollateral, Validity};
+use std::ops::Deref;
+
+pub struct ValidatedPCSClient {
+    client: PCSClient,
+    expected_tcb_evaluation_data_number: Option<u32>,
+}
+
+impl ValidatedPCSClient {
+    pub fn new(client: PCSClient, expected_tcb_evaluation_data_number: Option<u32>) -> Self {
+        Self {
+            client,
+            expected_tcb_evaluation_data_number,
+        }
+    }
+
+    pub fn validate_and_get_collateral(
+        &self,
+        is_sgx: bool,
+        qe_cert_data: &CertData,
+    ) -> Result<QvCollateral, anyhow::Error> {
+        let collateral = self.client.get_collateral(is_sgx, qe_cert_data)?;
+        if let Some(expected_tcb_evaluation_data_number) = self.expected_tcb_evaluation_data_number
+        {
+            let tcb_info_tcb_evaluation_data_number = collateral
+                .get_tcb_info_v3()?
+                .tcb_info
+                .tcb_evaluation_data_number;
+            if tcb_info_tcb_evaluation_data_number != expected_tcb_evaluation_data_number {
+                return Err(anyhow::anyhow!(
+                    "TCBInfo: the number of TCB evaluation data is not as expected: {} != {}",
+                    tcb_info_tcb_evaluation_data_number,
+                    expected_tcb_evaluation_data_number
+                ));
+            }
+            let qe_identity_tcb_evaluation_data_number = collateral
+                .get_qe_identity_v2()?
+                .enclave_identity
+                .tcb_evaluation_data_number;
+            if qe_identity_tcb_evaluation_data_number != expected_tcb_evaluation_data_number {
+                return Err(anyhow::anyhow!(
+                    "QEIdentity: the number of TCB evaluation data is not as expected: {} != {}",
+                    qe_identity_tcb_evaluation_data_number,
+                    expected_tcb_evaluation_data_number
+                ));
+            }
+        }
+        Ok(collateral)
+    }
+}
+
+impl Deref for ValidatedPCSClient {
+    type Target = PCSClient;
+
+    fn deref(&self) -> &Self::Target {
+        &self.client
+    }
+}
 
 #[derive(Debug)]
 pub struct DCAPRemoteAttestationResult {

modules/remote-attestation/src/zkdcap.rs

@@ -1,13 +1,12 @@
 use crate::{
     dcap::dcap_ra,
     dcap_simulation::{dcap_ra_simulation, DCAPRASimulationOpts},
-    dcap_utils::DCAPRemoteAttestationResult,
+    dcap_utils::{DCAPRemoteAttestationResult, ValidatedPCSClient},
     errors::Error,
 };
 use anyhow::anyhow;
 use attestation_report::{Risc0ZKVMProof, ZKDCAPQuote, ZKVMProof};
 use crypto::Address;
-use dcap_pcs::client::PCSClient;
 use dcap_quote_verifier::{collateral::QvCollateral, verifier::QuoteVerificationOutput};
 use keymanager::EnclaveKeyManager;
 use lcp_types::Time;
@@ -34,7 +33,7 @@ pub fn run_zkdcap_ra(
     prover_mode: Risc0ProverMode,
     elf: &[u8],
     disable_pre_execution: bool,
-    pcs_client: PCSClient,
+    pcs_client: ValidatedPCSClient,
 ) -> Result<(), Error> {
     let image_id = compute_image_id(elf)
         .map_err(|e| Error::anyhow(anyhow!("cannot compute image id: {}", e)))?;

tests/integration/src/lib.rs

@@ -38,6 +38,7 @@ mod tests {
     use lcp_proto::protobuf::Protobuf;
     use lcp_types::{ClientId, Height};
     use log::*;
+    use remote_attestation::dcap_utils::ValidatedPCSClient;
     use std::str::FromStr;
     use std::sync::{Arc, RwLock};
     use store::{host::HostStore, memory::MemStore};
@@ -250,10 +251,13 @@ mod tests {
                 Risc0ProverMode::Dev,
                 DCAP_QUOTE_VERIFIER_ELF,
                 false,
-                PCSClient::new(
-                    "https://api.trustedservices.intel.com/",
-                    "https://certificates.trustedservices.intel.com/",
-                    false,
+                ValidatedPCSClient::new(
+                    PCSClient::new(
+                        "https://api.trustedservices.intel.com/",
+                        "https://certificates.trustedservices.intel.com/",
+                        false,
+                    ),
+                    None,
                 ),
             );
             assert!(res.is_ok(), "zkDCAP Remote Attestation Failed {:?}", res);