Add wrapping container for Quote3 and TcbInfoRaw

[nick-mobilecoin]

Add a new wrapping container, Evidence that takes a Quote3 and a
TcbInfoRaw. The Evidence can be used with the majority of the
Verifier implementations. This allows one to compose one verifier and
use the Evidence in the verify() method.

Motivation

When working on an example for the verifiers it felt like there was quite a bit of work clients needed to do to get things right. The intent is to make it less error prone and easier for clients to work with.

This change may likely need some discussion about if this path is the correct way to go.

[nick-mobilecoin]

Current dependencies on/for this PR:

• main
  • PR Add wrapping container for Quote3 and TcbInfoRaw #99 👈
    • PR Add logic to parse JSON formatted QE identity #104
      • PR Add SignedQeIdentityVerifier #105

This comment was auto-generated by Graphite.

[github-actions]

❌ Unreviewed dependencies found

Crate	Version	Reviews (N/2)	LoC	Left-Pad Index	Geiger	Flags
yare	1.0.2	0	89	11	0	____
mc-sgx-dcap-sys-types	0.6.1	0	97	3	0	CB__
mc-sgx-core-sys-types	0.6.1	0	224	5	0	CB__
subtle	2.5.0	0	440	146	9	____
displaydoc	0.2.4	0	600	58	20	____
x509-cert	0.2.3	0	1963	6	0	____
mc-sgx-dcap-types	0.6.1	0	1990	0	0	____
mc-sgx-core-types	0.6.1	0	2053	1	0	____
textwrap	0.16.0	0	2234	74	0	____
p256	0.13.2	0	2545	25	0	____

[codecov]

Codecov Report

Merging #99 (5b62625) into main (8413e9c) will increase coverage by 0.49%.
The diff coverage is 97.89%.

@@            Coverage Diff             @@
##             main      #99      +/-   ##
==========================================
+ Coverage   97.90%   98.39%   +0.49%     
==========================================
  Files           7        9       +2     
  Lines        2101     2311     +210     
==========================================
+ Hits         2057     2274     +217     
+ Misses         44       37       -7     

Impacted Files	Coverage Δ
verifier/src/lib.rs	96.22% <ø> (+3.49%)	⬆️
verifier/src/error.rs	70.00% <70.00%> (ø)
verifier/src/evidence.rs	99.09% <99.09%> (ø)
verifier/src/advisories.rs	99.11% <100.00%> (-0.04%)	⬇️
verifier/src/tcb.rs	99.81% <100.00%> (-0.01%)	⬇️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[eranrund]

Code-wise this looks fine to me. I like the verbose tree display thing and I like having an example output in the tests.
I don't feel like I can meaningfully comment on the quote types due to my lack of familiarity with the DCAP data types... but everything appears well documented and fairly easy to follow so I am okay with it getting merged if @cbeck88 agrees with that.

Having to manually construct that And<...> type is indeed suboptimal but I also couldn't figure out a way to avoid it due to wanting to use multiple traits on that thing. So returning an impl Verifier<...> or a Box<dyn Verifier...> doesn't seem to work.

How would this look in clients? Would they have to construct all this And<> stuff or is there going to be some standard verifier of some sort that we use in all our clients?

[nick-mobilecoin]

How would this look in clients? Would they have to construct all this And<> stuff or is there going to be some standard verifier of some sort that we use in all our clients?

That is something I'm still unsure of.
I'm thinking we might provide common MRSIGNER and MRENCLAVE verifier type, that would still require clients to build in the correct order, or we take in a series of arguments.
I really wish I could figure out a way to use Box or dyn here, but I was unable to display the error tree with them.

[eranrund]

How would this look in clients? Would they have to construct all this And<> stuff or is there going to be some standard verifier of some sort that we use in all our clients?

That is something I'm still unsure of. I'm thinking we might provide common MRSIGNER and MRENCLAVE verifier type, that would still require clients to build in the correct order, or we take in a series of arguments. I really wish I could figure out a way to use Box or dyn here, but I was unable to display the error tree with them.

That might be possible with another trait that inherits the Verifier and tree display traits, and has a blanket implementation for everything that implements these two. Kinda hacky...