mobilecoinfoundation · nick-mobilecoin · Jul 25, 2023 · Jul 21, 2023
diff --git a/attest/ake/src/lib.rs b/attest/ake/src/lib.rs
@@ -80,7 +80,7 @@ mod test {
 
         let mr_signer = TrustedIdentity::from(TrustedMrSignerIdentity::new(
             report_body.mr_signer(),
-            report_body.product_id().into(),
+            report_body.product_id(),
             report_body.security_version(),
             [] as [&str; 0],
             [] as [&str; 0],

diff --git a/attest/core/data/test/quote_ok_str.txt b/attest/core/data/test/quote_ok_str.txt
@@ -1 +1 @@
-Quote: { version: 2, sign_type: Unlinkable, epid_group_id: 00000b4d, qe_svn: 8, pce_svn: 7, xeid: 0, basename: Basename(b6b3ee840b3fb5a6a2b14c54221aab6aad6bd3cd49db38f2b12d2c37b8943eda), report_body: ReportBody: { cpu_svn: CpuSvn(sgx_cpu_svn_t { svn: [8, 8, 255, 255, 255, 2, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0] }), misc_select: 0, isv_ext_prod_id: ExtendedProductId(00000000000000000000000000000000), attributes: Attributes(sgx_attributes_t { flags: 7, xfrm: 7 }), mr_enclave: MrEnclave(973140462e17d2f523511d798061eae3e8282b884ee078de91c99d833f559bbc), mr_signer: MrSigner(7ee5e29d74623fdbc6fbf1454be6f3bb0b86c12366b7b478ad13353e44de8411), config_id: ConfigId([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]), isv_prod_id: 0, isv_svn: IsvSvn(0), config_svn: ConfigSvn(0), isv_family_id: FamilyId(00000000000000000000000000000000), report_data: ReportData(sgx_report_data_t { d: [231, 160, 220, 27, 37, 176, 225, 77, 21, 108, 159, 18, 130, 15, 61, 34, 104, 25, 253, 104, 242, 55, 106, 203, 247, 61, 64, 28, 149, 154, 85, 144, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] }) }, signature_len: 680, signature: Some(146c25c134df61f2f55fbba368333e1c77b3524f483212f90b89d6432a21ab2adcfdbeaeb816bdb7a988a67b502c92e7b4a683b88df6ffc649d24e75d61dbfcf8aa09e22da5fb84b24fa1908f8d338277bbf8dc3c6e060ace551b7eaf2d3fdbbfc38905d0ed9d4cd28657f07ce4d5ba9e405a597c534484b4e38c54d5f9a7bcc602373f96a2962c51b60162b28c30d8a374d12f3f46ec5970699c39e8e7a3527443c65cd56abf0ad1153426e0ba32edf84070f2bfa3a32a7463bcdaec0c46ce9337899c1399e68b04ed36409c49bddd2db2bfc40ff7a1b281e2c4fa9607c678ffa4f7a7d93cfd4610047eeb62755861240eed273158c33dd17f539d248a1b3a197d986f9c52d43a246060a6a3bff21e971d82f1bfec654b31265f0e980a54a29e2ba8aca6bffe27668dd21a268010000d46a0dc1ffc4986b994b0b6efd610637d7b22bf21888c6296a9a538cadb8ac5d8f4156ac01db17579b90acd4e130f5865373a84d2ea131ee4f326d169d41d1b552daaa4c514c8ae1245185bccf4f4c9b6b5f3e3cec93216cd1ae023f03155fbf05ff0701b7fadd29a1f097318b9ba2a416e86d3131859c7aea45c58cda4a5a6fa833eabcf0a520d7342d514dbd5c9fa85ed89d8e85342a3b6f1bc1144c11102cd6409e9e93ee672ebffed9b17b0e766a9556ff0bc0da5baac91de39d1deacc35e4036795bd5ebfe7c2e8392921757f2355fdb5ff0c3d6885712cf399d0598a95df36ea34f10f3e4906043d913449d24e12228583d0713aed8a54c530cdc4c28acfc916fe7ba96be700ed2eccb3ba6874a1badd2a1ef80bac9169305666b33091f8ad935e31d3ed33251642787b161e0322d891e3a1fa171251783b61b3b33e5dffaba9010ee33e445840e0e493799d7281a681d86b1afd05cfd90b2eaf0584bccf7eefe5d9747a2e52a0e5c7a0a5d2ff1f1af590d7064abd) }
+Quote: { version: 2, sign_type: Unlinkable, epid_group_id: 00000b4d, qe_svn: 8, pce_svn: 7, xeid: 0, basename: Basename(b6b3ee840b3fb5a6a2b14c54221aab6aad6bd3cd49db38f2b12d2c37b8943eda), report_body: ReportBody: { cpu_svn: CpuSvn(sgx_cpu_svn_t { svn: [8, 8, 255, 255, 255, 2, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0] }), misc_select: 0, isv_ext_prod_id: ExtendedProductId(00000000000000000000000000000000), attributes: Attributes(sgx_attributes_t { flags: 7, xfrm: 7 }), mr_enclave: MrEnclave(973140462e17d2f523511d798061eae3e8282b884ee078de91c99d833f559bbc), mr_signer: MrSigner(7ee5e29d74623fdbc6fbf1454be6f3bb0b86c12366b7b478ad13353e44de8411), config_id: ConfigId([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]), isv_prod_id: IsvProductId(0), isv_svn: IsvSvn(0), config_svn: ConfigSvn(0), isv_family_id: FamilyId(00000000000000000000000000000000), report_data: ReportData(sgx_report_data_t { d: [231, 160, 220, 27, 37, 176, 225, 77, 21, 108, 159, 18, 130, 15, 61, 34, 104, 25, 253, 104, 242, 55, 106, 203, 247, 61, 64, 28, 149, 154, 85, 144, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] }) }, signature_len: 680, signature: Some(146c25c134df61f2f55fbba368333e1c77b3524f483212f90b89d6432a21ab2adcfdbeaeb816bdb7a988a67b502c92e7b4a683b88df6ffc649d24e75d61dbfcf8aa09e22da5fb84b24fa1908f8d338277bbf8dc3c6e060ace551b7eaf2d3fdbbfc38905d0ed9d4cd28657f07ce4d5ba9e405a597c534484b4e38c54d5f9a7bcc602373f96a2962c51b60162b28c30d8a374d12f3f46ec5970699c39e8e7a3527443c65cd56abf0ad1153426e0ba32edf84070f2bfa3a32a7463bcdaec0c46ce9337899c1399e68b04ed36409c49bddd2db2bfc40ff7a1b281e2c4fa9607c678ffa4f7a7d93cfd4610047eeb62755861240eed273158c33dd17f539d248a1b3a197d986f9c52d43a246060a6a3bff21e971d82f1bfec654b31265f0e980a54a29e2ba8aca6bffe27668dd21a268010000d46a0dc1ffc4986b994b0b6efd610637d7b22bf21888c6296a9a538cadb8ac5d8f4156ac01db17579b90acd4e130f5865373a84d2ea131ee4f326d169d41d1b552daaa4c514c8ae1245185bccf4f4c9b6b5f3e3cec93216cd1ae023f03155fbf05ff0701b7fadd29a1f097318b9ba2a416e86d3131859c7aea45c58cda4a5a6fa833eabcf0a520d7342d514dbd5c9fa85ed89d8e85342a3b6f1bc1144c11102cd6409e9e93ee672ebffed9b17b0e766a9556ff0bc0da5baac91de39d1deacc35e4036795bd5ebfe7c2e8392921757f2355fdb5ff0c3d6885712cf399d0598a95df36ea34f10f3e4906043d913449d24e12228583d0713aed8a54c530cdc4c28acfc916fe7ba96be700ed2eccb3ba6874a1badd2a1ef80bac9169305666b33091f8ad935e31d3ed33251642787b161e0322d891e3a1fa171251783b61b3b33e5dffaba9010ee33e445840e0e493799d7281a681d86b1afd05cfd90b2eaf0584bccf7eefe5d9747a2e52a0e5c7a0a5d2ff1f1af590d7064abd) }
diff --git a/attest/core/src/ias/verify.rs b/attest/core/src/ias/verify.rs
@@ -14,7 +14,7 @@ use crate::{
         epid_group_id::EpidGroupId, measurement::Measurement, pib::PlatformInfoBlob,
         report_data::ReportDataMask,
     },
-    IsvSvn, VerificationReport, BASE64_ENGINE,
+    IsvProductId, IsvSvn, VerificationReport, BASE64_ENGINE,
 };
 use alloc::{
     string::{String, ToString},
@@ -197,7 +197,7 @@ impl VerificationReportData {
         expected_type: QuoteSignType,
         allow_debug: bool,
         expected_measurements: &[Measurement],
-        expected_product_id: u16,
+        expected_product_id: IsvProductId,
         minimum_security_version: IsvSvn,
         expected_data: &ReportDataMask,
     ) -> Result<(), VerifyError> {

diff --git a/attest/core/src/lib.rs b/attest/core/src/lib.rs
@@ -38,14 +38,15 @@ pub use crate::{
         basename::Basename, epid_group_id::EpidGroupId, ext_prod_id::ExtendedProductId,
         family_id::FamilyId, key_id::KeyId, mac::Mac, measurement::Measurement,
         pib::PlatformInfoBlob, report_body::ReportBody, report_data::ReportDataMask,
-        spid::ProviderId, update_info::*, MiscSelect, ProductId,
+        spid::ProviderId, update_info::*, MiscSelect,
     },
 };
 
 pub use mc_attest_verifier_types::{VerificationReport, VerificationSignature};
 
 pub use mc_sgx_core_types::{
-    Attributes, ConfigId, ConfigSvn, CpuSvn, IsvSvn, MrEnclave, MrSigner, ReportData, TargetInfo,
+    Attributes, ConfigId, ConfigSvn, CpuSvn, IsvProductId, IsvSvn, MrEnclave, MrSigner, ReportData,
+    TargetInfo,
 };
 
 /// The IAS version we support

diff --git a/attest/core/src/quote.rs b/attest/core/src/quote.rs
@@ -12,7 +12,7 @@ use crate::{
         basename::Basename, epid_group_id::EpidGroupId, measurement::Measurement,
         report_body::ReportBody, report_data::ReportDataMask,
     },
-    IsvSvn, ProductId, BASE64_ENGINE,
+    IsvProductId, IsvSvn, BASE64_ENGINE,
 };
 use alloc::vec::Vec;
 use base64::Engine;
@@ -305,7 +305,7 @@ impl Quote {
         expected_type: QuoteSignType,
         allow_debug: bool,
         expected_measurements: &[Measurement],
-        expected_product_id: ProductId,
+        expected_product_id: IsvProductId,
         minimum_security_version: IsvSvn,
         expected_data: &ReportDataMask,
     ) -> Result<(), QuoteError> {

diff --git a/attest/core/src/report.rs b/attest/core/src/report.rs
@@ -204,7 +204,7 @@ mod test {
         },
     };
 
-    const TEST_REPORT_DEBUGSTR: &str = "Report: { body: ReportBody: { cpu_svn: CpuSvn(sgx_cpu_svn_t { svn: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16] }), misc_select: 17, isv_ext_prod_id: ExtendedProductId(0102030405060708090a0b0c0d0e0f10), attributes: Attributes(sgx_attributes_t { flags: 72623859790382856, xfrm: 578437695752307201 }), mr_enclave: MrEnclave(1112131415161718191a1b1c1d1e1f202122232425262728292a2b2b2c2d2e2f), mr_signer: MrSigner(303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f), config_id: ConfigId([80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143]), isv_prod_id: 144, isv_svn: IsvSvn(145), config_svn: ConfigSvn(146), isv_family_id: FamilyId(939495969798999a9b9c9d9e9fa0a1a2), report_data: ReportData(sgx_report_data_t { d: [163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226] }) }, key: KeyId(0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20), mac: Mac(0102030405060708090a0b0c0d0e0f10) }";
+    const TEST_REPORT_DEBUGSTR: &str = "Report: { body: ReportBody: { cpu_svn: CpuSvn(sgx_cpu_svn_t { svn: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16] }), misc_select: 17, isv_ext_prod_id: ExtendedProductId(0102030405060708090a0b0c0d0e0f10), attributes: Attributes(sgx_attributes_t { flags: 72623859790382856, xfrm: 578437695752307201 }), mr_enclave: MrEnclave(1112131415161718191a1b1c1d1e1f202122232425262728292a2b2b2c2d2e2f), mr_signer: MrSigner(303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f), config_id: ConfigId([80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143]), isv_prod_id: IsvProductId(144), isv_svn: IsvSvn(145), config_svn: ConfigSvn(146), isv_family_id: FamilyId(939495969798999a9b9c9d9e9fa0a1a2), report_data: ReportData(sgx_report_data_t { d: [163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226] }) }, key: KeyId(0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20), mac: Mac(0102030405060708090a0b0c0d0e0f10) }";
 
     #[test]
     fn test_serde() {

diff --git a/attest/core/src/types.rs b/attest/core/src/types.rs
@@ -17,4 +17,3 @@ pub mod spid;
 pub mod update_info;
 
 pub type MiscSelect = u32;
-pub type ProductId = u16;
diff --git a/attest/core/src/types/report_body.rs b/attest/core/src/types/report_body.rs
@@ -8,9 +8,9 @@ use crate::{
     traits::SgxWrapperType,
     types::{
         ext_prod_id::ExtendedProductId, family_id::FamilyId, measurement::Measurement,
-        report_data::ReportDataMask, MiscSelect, ProductId,
+        report_data::ReportDataMask, MiscSelect,
     },
-    Attributes, ConfigId, ConfigSvn, CpuSvn, IsvSvn, ReportData,
+    Attributes, ConfigId, ConfigSvn, CpuSvn, IsvProductId, IsvSvn, ReportData,
 };
 use alloc::vec::Vec;
 use core::{
@@ -125,8 +125,8 @@ impl ReportBody {
     }
 
     /// Retrieve the product ID of the enclave
-    pub fn product_id(&self) -> ProductId {
-        self.0.isv_prod_id
+    pub fn product_id(&self) -> IsvProductId {
+        self.0.isv_prod_id.into()
     }
 
     /// Retrieve the user data provided when the report was created
@@ -145,7 +145,7 @@ impl ReportBody {
         &self,
         allow_debug: bool,
         expected_measurements: &[Measurement],
-        expected_product_id: ProductId,
+        expected_product_id: IsvProductId,
         minimum_security_version: IsvSvn,
         expected_data: &ReportDataMask,
     ) -> Result<(), ReportBodyVerifyError> {
@@ -161,8 +161,8 @@ impl ReportBody {
         let product_id = self.product_id();
         if expected_product_id != product_id {
             return Err(ReportBodyVerifyError::ProductId(
-                expected_product_id,
-                product_id,
+                expected_product_id.into(),
+                product_id.into(),
             ));
         }
 

diff --git a/attest/verifier/src/lib.rs b/attest/verifier/src/lib.rs
@@ -72,7 +72,7 @@ use hex_fmt::HexList;
 use mbedtls::{alloc::Box as MbedtlsBox, x509::Certificate, Error as TlsError};
 use mc_attest_core::{
     Attributes, Basename, ConfigId, ConfigSvn, CpuSvn, EpidGroupId, ExtendedProductId, FamilyId,
-    IasNonce, IsvSvn, MiscSelect, ProductId, Quote, QuoteSignType, ReportDataMask,
+    IasNonce, IsvProductId, IsvSvn, MiscSelect, Quote, QuoteSignType, ReportDataMask,
     VerificationReport, VerificationReportData, VerifyError,
 };
 use mc_attestation_verifier::TrustedIdentity;
@@ -331,7 +331,7 @@ impl Verifier {
     }
 
     /// Verify the report body product ID matches the given value.
-    pub fn product_id(&mut self, product_id: ProductId) -> &mut Self {
+    pub fn product_id(&mut self, product_id: IsvProductId) -> &mut Self {
         self.report_body_verifiers
             .push(ProductIdVerifier::from(product_id).into());
         self
@@ -497,7 +497,7 @@ mod test {
                 209, 31, 70, 153, 191, 224, 183, 181, 71, 206, 99, 225, 136, 46, 1, 238, 208, 198,
                 84, 121, 40, 171, 120, 154, 49, 90, 135, 137, 143, 44, 83, 77,
             ]),
-            10,
+            10.into(),
             10.into(),
         );
         mr_signer1.set_advisories(Advisories::new(
@@ -509,7 +509,7 @@ mod test {
                 209, 31, 70, 153, 191, 224, 183, 181, 71, 206, 99, 225, 136, 46, 1, 238, 208, 198,
                 84, 121, 40, 171, 120, 154, 49, 90, 135, 137, 143, 44, 83, 77,
             ]),
-            1,
+            1.into(),
             1.into(),
         );
         mr_signer2.set_advisories(Advisories::new(

diff --git a/attest/verifier/src/report_body.rs b/attest/verifier/src/report_body.rs
@@ -8,8 +8,8 @@ use crate::{
     Verify,
 };
 use mc_attest_core::{
-    Attributes, ConfigId, ConfigSvn, CpuSvn, ExtendedProductId, FamilyId, IsvSvn, MiscSelect,
-    ProductId, ReportBody, ReportDataMask,
+    Attributes, ConfigId, ConfigSvn, CpuSvn, ExtendedProductId, FamilyId, IsvProductId, IsvSvn,
+    MiscSelect, ReportBody, ReportDataMask,
 };
 use mc_sgx_core_types::AttributeFlags;
 use serde::{Deserialize, Serialize};
@@ -55,7 +55,7 @@ impl_kind_from_verifier! {
     ConfigVersionVerifier, ConfigVersion, ConfigSvn;
     DebugVerifier, Debug, bool;
     MiscSelectVerifier, MiscSelect, MiscSelect;
-    ProductIdVerifier, ProductId, ProductId;
+    ProductIdVerifier, ProductId, IsvProductId;
     VersionVerifier, Version, IsvSvn;
 }
 
@@ -180,8 +180,8 @@ impl Verify<ReportBody> for MiscSelectVerifier {
 
 /// A [`Verify<ReportBody>`] implementation that will check if the enclave's
 /// product ID matches the one given.
-#[derive(Clone, Debug, Deserialize, Eq, Hash, Ord, PartialEq, PartialOrd, Serialize)]
-pub struct ProductIdVerifier(ProductId);
+#[derive(Clone, Debug, Eq, Hash, PartialEq)]
+pub struct ProductIdVerifier(IsvProductId);
 
 impl Verify<ReportBody> for ProductIdVerifier {
     fn verify(&self, report_body: &ReportBody) -> bool {
@@ -478,7 +478,9 @@ mod test {
     #[test]
     fn product_id_success() {
         let report_body = ReportBody::from(&REPORT_BODY_SRC);
-        let verifier = Kind::from(ProductIdVerifier::from(REPORT_BODY_SRC.isv_prod_id));
+        let verifier = Kind::from(ProductIdVerifier::from(IsvProductId::from(
+            REPORT_BODY_SRC.isv_prod_id,
+        )));
 
         assert!(verifier.verify(&report_body));
     }
@@ -487,7 +489,9 @@ mod test {
     #[test]
     fn product_id_fail() {
         let report_body = ReportBody::from(&REPORT_BODY_SRC);
-        let verifier = Kind::from(ProductIdVerifier::from(REPORT_BODY_SRC.isv_prod_id - 1));
+        let verifier = Kind::from(ProductIdVerifier::from(IsvProductId::from(
+            REPORT_BODY_SRC.isv_prod_id - 1,
+        )));
 
         assert!(!verifier.verify(&report_body));
     }