Merge pull request #99 from mobilecoinfoundation/nick/consolidated-ev…

…idence Add wrapping container for `Quote3` and `TcbInfoRaw`
mobilecoinfoundation · Jun 23, 2023 · c411bb0 · c411bb0
2 parents 8413e9c + 5b62625
commit c411bb0
Show file tree

Hide file tree

Showing 6 changed files with 426 additions and 67 deletions.
diff --git a/verifier/Cargo.toml b/verifier/Cargo.toml
@@ -14,9 +14,8 @@ repository = { workspace = true }
 rust-version = { workspace = true }
 
 [features]
-tcb = ["dep:serde_json", "dep:serde", "dep:der", "dep:hex", "advisories", "mc-sgx-dcap-types/tcb"]
-advisories = ["dep:serde_json"]
-x509 = ["dep:mbedtls", "dep:x509-cert"]
+tcb = ["dep:serde_json", "dep:serde", "dep:der", "dep:hex", "mc-sgx-dcap-types/tcb", "x509-cert/pem"]
+x509 = ["dep:mbedtls", "x509-cert"]
 
 [dependencies]
 der = { version = "0.7.5", default-features = false, optional = true }
@@ -33,6 +32,7 @@ x509-cert = { version = "0.2.0", default-features = false, optional = true }
 
 [dev-dependencies]
 mc-sgx-core-sys-types = "0.6.1"
+mc-sgx-dcap-sys-types = "0.6.1"
 textwrap = "0.16.0"
 x509-cert = { version = "0.2.0", default-features = false, features = ["pem"] }
 yare = "1.0.2"

diff --git a/verifier/src/advisories.rs b/verifier/src/advisories.rs
@@ -181,10 +181,7 @@ mod test {
 
     #[test]
     fn advisories_have_one_less_when_verifying() {
-        let mut advisories = Advisories::new(
-            ["123".into(), "345".into()],
-            AdvisoryStatus::ConfigurationNeeded,
-        );
+        let mut advisories = Advisories::new(["123", "345"], AdvisoryStatus::ConfigurationNeeded);
         let verifier = AdvisoriesVerifier::new(advisories.clone());
 
         advisories.ids.remove("123");
@@ -200,8 +197,7 @@ mod test {
 
     #[test]
     fn advisories_have_lower_status_when_verifying() {
-        let mut advisories =
-            Advisories::new(["123".into(), "345".into()], AdvisoryStatus::UpToDate);
+        let mut advisories = Advisories::new(["123", "345"], AdvisoryStatus::UpToDate);
         let verifier = AdvisoriesVerifier::new(advisories.clone());
 
         advisories.status = AdvisoryStatus::SWHardeningNeeded;

diff --git a/verifier/src/error.rs b/verifier/src/error.rs
@@ -0,0 +1,50 @@
+// Copyright (c) 2023 The MobileCoin Foundation
+
+//! Errors that can occur during verification
+
+use mc_sgx_dcap_types::TcbError;
+
+pub type Result<T> = core::result::Result<T, Error>;
+
+/// Error working with quote evidence
+#[derive(displaydoc::Display, Debug)]
+pub enum Error {
+    /// Error converting from DER {0}
+    Der(der::Error),
+    /// Error parsing TCB(Trusted Computing Base) json info: {0}
+    Serde(serde_json::Error),
+    /// Error decoding the signature in the TCB data
+    SignatureDecodeError,
+    /// Error verifying the signature
+    SignatureVerification,
+    /// TCB info not yet valid
+    TcbInfoNotYetValid,
+    /// TCB info expired
+    TcbInfoExpired,
+    /// Asking for TCB levels for a different FMSPC
+    FmspcMismatch,
+    /// The TCB level reported does not match an entry in the TCB info data.
+    UnsupportedTcbLevel,
+    /// Failure to get the TCB info from a quote {0}
+    Quote3TcbInfo(TcbError),
+    /// Unsupported quote certification data, should be `PckCertificateChain`
+    UnsupportedQuoteCertificationData,
+}
+
+impl From<der::Error> for Error {
+    fn from(e: der::Error) -> Self {
+        Error::Der(e)
+    }
+}
+
+impl From<serde_json::Error> for Error {
+    fn from(e: serde_json::Error) -> Self {
+        Error::Serde(e)
+    }
+}
+
+impl From<TcbError> for Error {
+    fn from(e: TcbError) -> Self {
+        Error::Quote3TcbInfo(e)
+    }
+}