Add Verifier for ReportData

[nick-mobilecoin]

No description provided.

[nick-mobilecoin]

Current dependencies on/for this PR:

• main
  • PR Add workspace elements #1
    • PR Generic And and Or verification steps #2
      • PR Port Attributes verification from MobileCoin repo #3
        • PR Port in ConfigId verifier for ReportBody #9
          • PR Add no alloc build to CI #10
            • PR Rework Verifiers to be passed in the evidence #11
              • PR Update verifiers to rely on subset of evidence #12
              • PR Add ConfigSvn verifier #18
                • PR Macroize the common ReportBody member Accessors #20
                  • PR Add IsvSvnVerifier #21
                  • PR Add MiscellaneousSelectVerifier for ReportBody verification #22
                  • PR Add Verifier for MrEnclave #23
                  • PR Add Verifier for MrSigner #24
                  • PR Add Verifier for ReportData #25 👈
                  • PR Use generic impl instead of self_accessor macro #26
                  • PR Consolidate equality logic behind Generic interface #30
                  • PR Add display capability to Verifier output #31
                  • PR Add Not verifier for negating verifier results #33
                  • PR Update to mc-sgx-*** 0.5.0 #34
                  • PR Update ReportDataVerifier to use a mask #35
                  • PR Add CpuSvnVerifier #38
    • PR Remove specific CODEOWNERS for metadata files #4

This comment was auto-generated by Graphite.

[codecov]

Codecov Report

Merging #25 (c7dddd5) into nick/mr_signer (86f7c82) will increase coverage by 0.26%.
The diff coverage is 96.77%.

@@                Coverage Diff                 @@
##           nick/mr_signer      #25      +/-   ##
==================================================
+ Coverage           92.84%   93.10%   +0.26%     
==================================================
  Files                   2        2              
  Lines                 433      464      +31     
==================================================
+ Hits                  402      432      +30     
- Misses                 31       32       +1     

Impacted Files	Coverage Δ
verifier/src/lib.rs	85.29% <ø> (ø)
verifier/src/report_body.rs	96.34% <96.77%> (+0.04%)	⬆️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[jcape]

This is fine for now, but we should also add a ReportDataMaskVerifier for compatibility with EPID's sake.

Right now in EPID land, report_data contains two things: 32 bytes of static noise identity public key, and 32 bytes of app-specific data we want to attest to (e.g. in consensus, this is a block signing public key, in fog ingest this, is the ingress public key---i.e. the key that senders should encrypt their fog hint for). When we switch to DCAP, I'd like to change this to some kind of a MAC over an associated data structure that contains these keys (i.e. give us more than 64 bytes worth of data that we can attest to), but that's not how it works now.

The upshot is that right now, mc-attest-ake needs to be able to check that the first 32 bytes match, and ignore the rest of ReportData.

[nick-mobilecoin]

created #28 to address the partial verification

[nick-mobilecoin]

@samdealy bumped for re-review due to argument docs cleanup

[NotGyro]

Looks good to me, especially now that #27 is noted and won't get forgotten