From 20f7318bb3641b6fb9d9566bca009a2550623af0 Mon Sep 17 00:00:00 2001
From: Thomas Niederberger <781000+Niederb@users.noreply.github.com>
Date: Thu, 26 Jan 2023 11:26:25 +0100
Subject: [PATCH] On chain DCAP verification (#134)

* Initial version of on chain verification

* Rename from report to quote

* Add unit tests for decoding

* Implement signature check for TcbInfo and QeIdentity

* Cleanup

* Documentation

* Use size_of from core instead of std

* Deserialize EnclaveIdentity

* Refactor into smaller methods

* Add collateral data and improve tests

* Improve test

* Work on CRL parsing

* Make hex compatible to no_std

* Change license just in case...

* Cleanup

* Cleanup

* Cleanup

* Add data structures for TcbInfo collateral

* Work towards registering the quoting enclave

* Work towards registering the tcb info

* Adjust weights to polkadot-v0.9.29

* Switch to ring-xous

* Improve error handling and logging

* Cleanups and documentation

* Get rid of dangerous unwrap

* Error handling and cleanup

* Switch to collateral version v4

* Switch to DateTime instead of String

* Move collateral data to separate file

* Add more validation logic and tests

* Improve collateral handling and work towards registering the quoting enclave

* Switch license to GPL-3.0

* Register quoting enclave

* Add check for mrenclave

* More checks and error-handling

* Deserialize more parts of the collateral

* Remove unneccessary check

* Expand checks for quoting enclave

* Add dummy support to register TCB info

* Add code to extract certificate information

* Rename ias-verify crate to sgx-verify as it verifies dcap as well

* Work towards storing TCB info on chain

* Store TCB info on chain

* Store TCB info on chain

* Define fmspc as byte array

* Store the correct FMSPC

* Verify TCB info

* Verify TCB info

* Add register_quoting_enclave unittest

* Add register_tcb_info unittest

* Make the add_and_remove_dcap_enclave_works test work again

* Add a check to prevent out of memory issues

* Cleanup

* Clippy fixes

* Deal with potential errors that happen during DER encoding

* Separate verification and putting collateral on chain more strictly

* Cleanup log messages

* Add some fuzz tests

* Remove unnecessary pub

* Update Cargo.lock after merge and fix clippy issues

* Fix clippy issue

* Fix test issues

* Remove unused code

* Move the code for the unfinished CRL handling into a unit test

* Make clippy happy

* Add comment on how to extract the code for a certificate anchor

* Add fuzz test for extract_tcb_info

* Cleanup and documentation

* Incorporate review feedback

* Introduce type alias for mrsigner and mrenclave

* Incorporate review feedback

* Incorporate review feedback

* Incorporate review feedback

* Add another fuzz test

* Enable std features for std-compilation

* Cleanup

* Incorporate review feedback

* Add clarifying comment
---
 Cargo.lock                                    |  227 +-
 Cargo.toml                                    |    2 +-
 primitives/teerex/Cargo.toml                  |    9 +-
 primitives/teerex/src/lib.rs                  |  147 +-
 sidechain/src/tests.rs                        |    3 +-
 teeracle/src/benchmarking.rs                  |    2 +-
 teeracle/src/tests.rs                         |    1 -
 teerex/Cargo.toml                             |    6 +-
 teerex/ias-verify/src/lib.rs                  |  341 --
 .../AttestationReportSigningCACert.pem        |    0
 teerex/{ias-verify => sgx-verify}/Cargo.toml  |   25 +-
 teerex/sgx-verify/fuzz/Cargo.lock             | 3445 +++++++++++++++++
 teerex/sgx-verify/fuzz/Cargo.toml             |   56 +
 .../fuzz/fuzz_targets/decode_quote.rs         |   15 +
 .../fuzz/fuzz_targets/deserialize_json.rs     |   11 +
 .../fuzz/fuzz_targets/extract_tcb_info.rs     |    8 +
 .../fuzz/fuzz_targets/signature_check.rs      |   25 +
 .../fuzz/fuzz_targets/verify_ias_report.rs    |    9 +
 teerex/sgx-verify/src/collateral.rs           |  278 ++
 .../src/ephemeral_key.rs                      |    2 +-
 teerex/sgx-verify/src/lib.rs                  |  736 ++++
 .../src/netscape_comment.rs                   |    2 +-
 .../{ias-verify => sgx-verify}/src/tests.rs   |  127 +-
 .../{ias-verify => sgx-verify}/src/utils.rs   |    0
 .../sgx-verify/test/dcap/dcap_quote_cert.der  |   25 +
 teerex/sgx-verify/test/dcap/pck_crl.der       |    1 +
 .../test/dcap/pck_crl_issuer_chain.pem        |   32 +
 teerex/sgx-verify/test/dcap/qe_identity.json  |    1 +
 .../sgx-verify/test/dcap/qe_identity_cert.pem |   14 +
 .../test/dcap/qe_identity_issuer_chain.pem    |   32 +
 teerex/sgx-verify/test/dcap/root_ca_crl.der   |    1 +
 teerex/sgx-verify/test/dcap/tcb_info.json     |    1 +
 .../test/dcap/tcb_info_issuer_chain.pem       |   32 +
 .../test/enclave-signing-pubkey-TEST4.bin     |    0
 .../test/enclave-signing-pubkey-TEST5.bin     |    0
 .../test/enclave-signing-pubkey-TEST6.bin     |    0
 .../test/enclave-signing-pubkey-TEST7.bin     |    0
 ...nclave-signing-pubkey-TEST8-PRODUCTION.bin |  Bin
 .../test/ra_dump_cert_TEST4.der               |  Bin
 .../test/ra_dump_cert_TEST5.der               |  Bin
 .../test/ra_dump_cert_TEST6.der               |  Bin
 .../test/ra_dump_cert_TEST7.der               |  Bin
 .../test/ra_dump_cert_TEST8_PRODUCTION.der    |  Bin
 .../test_ra_cert_MRSIGNER1_MRENCLAVE1.der     |  Bin
 .../test_ra_cert_MRSIGNER2_MRENCLAVE2.der     |  Bin
 .../test_ra_cert_MRSIGNER3_MRENCLAVE2.der     |  Bin
 ...st_ra_signer_attn_MRSIGNER1_MRENCLAVE1.bin |  Bin
 ...st_ra_signer_attn_MRSIGNER2_MRENCLAVE2.bin |    0
 ...st_ra_signer_attn_MRSIGNER3_MRENCLAVE2.bin |    0
 ..._ra_signer_pubkey_MRSIGNER1_MRENCLAVE1.bin |    0
 ..._ra_signer_pubkey_MRSIGNER2_MRENCLAVE2.bin |    0
 ..._ra_signer_pubkey_MRSIGNER3_MRENCLAVE2.bin |    0
 teerex/src/lib.rs                             |  183 +-
 teerex/src/tests/test_cases.rs                |   94 +-
 teerex/src/weights.rs                         |   24 +
 test-utils/src/ias-data/ra_dcap_dump_quote.ra |  Bin 0 -> 4599 bytes
 test-utils/src/ias.rs                         |   32 +-
 57 files changed, 5507 insertions(+), 442 deletions(-)
 delete mode 100644 teerex/ias-verify/src/lib.rs
 rename teerex/{ias-verify => sgx-verify}/AttestationReportSigningCACert.pem (100%)
 rename teerex/{ias-verify => sgx-verify}/Cargo.toml (64%)
 create mode 100644 teerex/sgx-verify/fuzz/Cargo.lock
 create mode 100644 teerex/sgx-verify/fuzz/Cargo.toml
 create mode 100644 teerex/sgx-verify/fuzz/fuzz_targets/decode_quote.rs
 create mode 100644 teerex/sgx-verify/fuzz/fuzz_targets/deserialize_json.rs
 create mode 100644 teerex/sgx-verify/fuzz/fuzz_targets/extract_tcb_info.rs
 create mode 100644 teerex/sgx-verify/fuzz/fuzz_targets/signature_check.rs
 create mode 100644 teerex/sgx-verify/fuzz/fuzz_targets/verify_ias_report.rs
 create mode 100644 teerex/sgx-verify/src/collateral.rs
 rename teerex/{ias-verify => sgx-verify}/src/ephemeral_key.rs (93%)
 create mode 100644 teerex/sgx-verify/src/lib.rs
 rename teerex/{ias-verify => sgx-verify}/src/netscape_comment.rs (96%)
 rename teerex/{ias-verify => sgx-verify}/src/tests.rs (64%)
 rename teerex/{ias-verify => sgx-verify}/src/utils.rs (100%)
 create mode 100644 teerex/sgx-verify/test/dcap/dcap_quote_cert.der
 create mode 100644 teerex/sgx-verify/test/dcap/pck_crl.der
 create mode 100644 teerex/sgx-verify/test/dcap/pck_crl_issuer_chain.pem
 create mode 100644 teerex/sgx-verify/test/dcap/qe_identity.json
 create mode 100644 teerex/sgx-verify/test/dcap/qe_identity_cert.pem
 create mode 100644 teerex/sgx-verify/test/dcap/qe_identity_issuer_chain.pem
 create mode 100644 teerex/sgx-verify/test/dcap/root_ca_crl.der
 create mode 100644 teerex/sgx-verify/test/dcap/tcb_info.json
 create mode 100644 teerex/sgx-verify/test/dcap/tcb_info_issuer_chain.pem
 rename teerex/{ias-verify => sgx-verify}/test/enclave-signing-pubkey-TEST4.bin (100%)
 rename teerex/{ias-verify => sgx-verify}/test/enclave-signing-pubkey-TEST5.bin (100%)
 rename teerex/{ias-verify => sgx-verify}/test/enclave-signing-pubkey-TEST6.bin (100%)
 rename teerex/{ias-verify => sgx-verify}/test/enclave-signing-pubkey-TEST7.bin (100%)
 rename teerex/{ias-verify => sgx-verify}/test/enclave-signing-pubkey-TEST8-PRODUCTION.bin (100%)
 rename teerex/{ias-verify => sgx-verify}/test/ra_dump_cert_TEST4.der (100%)
 rename teerex/{ias-verify => sgx-verify}/test/ra_dump_cert_TEST5.der (100%)
 rename teerex/{ias-verify => sgx-verify}/test/ra_dump_cert_TEST6.der (100%)
 rename teerex/{ias-verify => sgx-verify}/test/ra_dump_cert_TEST7.der (100%)
 rename teerex/{ias-verify => sgx-verify}/test/ra_dump_cert_TEST8_PRODUCTION.der (100%)
 rename teerex/{ias-verify => sgx-verify}/test/test_ra_cert_MRSIGNER1_MRENCLAVE1.der (100%)
 rename teerex/{ias-verify => sgx-verify}/test/test_ra_cert_MRSIGNER2_MRENCLAVE2.der (100%)
 rename teerex/{ias-verify => sgx-verify}/test/test_ra_cert_MRSIGNER3_MRENCLAVE2.der (100%)
 rename teerex/{ias-verify => sgx-verify}/test/test_ra_signer_attn_MRSIGNER1_MRENCLAVE1.bin (100%)
 rename teerex/{ias-verify => sgx-verify}/test/test_ra_signer_attn_MRSIGNER2_MRENCLAVE2.bin (100%)
 rename teerex/{ias-verify => sgx-verify}/test/test_ra_signer_attn_MRSIGNER3_MRENCLAVE2.bin (100%)
 rename teerex/{ias-verify => sgx-verify}/test/test_ra_signer_pubkey_MRSIGNER1_MRENCLAVE1.bin (100%)
 rename teerex/{ias-verify => sgx-verify}/test/test_ra_signer_pubkey_MRSIGNER2_MRENCLAVE2.bin (100%)
 rename teerex/{ias-verify => sgx-verify}/test/test_ra_signer_pubkey_MRSIGNER3_MRENCLAVE2.bin (100%)
 create mode 100644 test-utils/src/ias-data/ra_dcap_dump_quote.ra

diff --git a/Cargo.lock b/Cargo.lock
index 9eb37101..24ba5eb1 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -334,6 +334,7 @@ dependencies = [
  "iana-time-zone",
  "num-integer",
  "num-traits",
+ "serde",
  "winapi",
 ]
 
@@ -606,9 +607,23 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f1a467a65c5e759bce6e65eaf91cc29f466cdc57cb65777bd646872a8a1fd4de"
 dependencies = [
  "const-oid",
+ "der_derive",
+ "flagset",
  "zeroize",
 ]
 
+[[package]]
+name = "der_derive"
+version = "0.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8ef71ddb5b3a1f53dee24817c8f70dfa1cb29e804c18d88c228d4bc9c86ee3b9"
+dependencies = [
+ "proc-macro-error",
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
 [[package]]
 name = "derivative"
 version = "2.2.0"
@@ -813,15 +828,6 @@ version = "2.5.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0206175f82b8d6bf6652ff7d71a1e27fd2e4efde587fd368662814d6ec1d9ce0"
 
-[[package]]
-name = "failure"
-version = "0.1.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d32e9bd16cc02eae7db7ef620b392808b89f6a5e16bb3497d159c6b92a0f4f86"
-dependencies = [
- "backtrace",
-]
-
 [[package]]
 name = "fake-simd"
 version = "0.1.2"
@@ -865,6 +871,12 @@ dependencies = [
  "static_assertions",
 ]
 
+[[package]]
+name = "flagset"
+version = "0.4.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cda653ca797810c02f7ca4b804b40b8b95ae046eb989d356bce17919a8c25499"
+
 [[package]]
 name = "fnv"
 version = "1.0.7"
@@ -1404,23 +1416,6 @@ dependencies = [
  "cxx-build",
 ]
 
-[[package]]
-name = "ias-verify"
-version = "0.1.4"
-dependencies = [
- "base64",
- "chrono",
- "frame-support",
- "hex-literal",
- "parity-scale-codec",
- "scale-info",
- "serde_json",
- "sp-core 7.0.0 (git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.36)",
- "sp-io 7.0.0 (git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.36)",
- "sp-std 5.0.0 (git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.36)",
- "webpki 0.21.0",
-]
-
 [[package]]
 name = "ident_case"
 version = "1.0.1"
@@ -1901,6 +1896,17 @@ dependencies = [
  "num-traits",
 ]
 
+[[package]]
+name = "num-derive"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "876a53fff98e03a936a674b29568b0e605f06b29372c2489ff4de23f1949743d"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
 [[package]]
 name = "num-format"
 version = "0.4.4"
@@ -2117,13 +2123,13 @@ dependencies = [
  "frame-support",
  "frame-system",
  "hex-literal",
- "ias-verify",
  "log",
  "pallet-balances",
  "pallet-timestamp",
  "parity-scale-codec",
  "scale-info",
  "serde",
+ "sgx-verify",
  "sp-core 7.0.0 (git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.36)",
  "sp-externalities 0.13.0 (git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.36)",
  "sp-io 7.0.0 (git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.36)",
@@ -2472,6 +2478,26 @@ dependencies = [
  "cc",
 ]
 
+[[package]]
+name = "ptr_meta"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0738ccf7ea06b608c10564b31debd4f5bc5e197fc8bfe088f68ae5ce81e7a4f1"
+dependencies = [
+ "ptr_meta_derive",
+]
+
+[[package]]
+name = "ptr_meta_derive"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "16b845dbfca988fa33db069c0e230574d15a3088f147a87b64c7589eb662c9ac"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
 [[package]]
 name = "quote"
 version = "1.0.23"
@@ -2652,30 +2678,57 @@ dependencies = [
 
 [[package]]
 name = "ring"
-version = "0.16.9"
-source = "git+https://github.com/scs/webpki-nostd.git#935d31c36fa9b6d55a3226572eaf2b3ded7cf437"
+version = "0.16.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc"
 dependencies = [
  "cc",
  "libc",
+ "once_cell",
  "spin",
  "untrusted",
- "which",
+ "web-sys",
  "winapi",
 ]
 
 [[package]]
 name = "ring"
 version = "0.16.20"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc"
+source = "git+https://github.com/Niederb/ring-xous.git?branch=0.16.20-cleanup#8b2f60a7d4a063e2170cd47bc5591c39f49ca825"
 dependencies = [
  "cc",
  "libc",
+ "log",
  "once_cell",
+ "rkyv",
  "spin",
  "untrusted",
- "web-sys",
  "winapi",
+ "xous",
+ "xous-api-names",
+ "xous-ipc",
+]
+
+[[package]]
+name = "rkyv"
+version = "0.4.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "70de01b38fe7baba4ecdd33b777096d2b326993d8ea99bc5b6ede691883d3010"
+dependencies = [
+ "memoffset",
+ "ptr_meta",
+ "rkyv_derive",
+]
+
+[[package]]
+name = "rkyv_derive"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "95a169f6bc5a81033e86ed39d0f4150e2608160b73d2b93c6e8e6a3efa873f14"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
 ]
 
 [[package]]
@@ -2726,7 +2779,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "539a2bfe908f471bfa933876bd1eb6a19cf2176d375f82ef7f99530a40e48c2c"
 dependencies = [
  "log",
- "ring 0.16.20",
+ "ring 0.16.20 (registry+https://github.com/rust-lang/crates.io-index)",
  "sct",
  "webpki 0.22.0",
 ]
@@ -2876,7 +2929,7 @@ version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4"
 dependencies = [
- "ring 0.16.20",
+ "ring 0.16.20 (registry+https://github.com/rust-lang/crates.io-index)",
  "untrusted",
 ]
 
@@ -2981,6 +3034,29 @@ dependencies = [
  "serde",
 ]
 
+[[package]]
+name = "sgx-verify"
+version = "0.1.4"
+dependencies = [
+ "base64",
+ "chrono",
+ "der",
+ "frame-support",
+ "hex",
+ "hex-literal",
+ "parity-scale-codec",
+ "ring 0.16.20 (git+https://github.com/Niederb/ring-xous.git?branch=0.16.20-cleanup)",
+ "scale-info",
+ "serde",
+ "serde_json",
+ "sp-core 7.0.0 (git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.36)",
+ "sp-io 7.0.0 (git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.36)",
+ "sp-std 5.0.0 (git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.36)",
+ "teerex-primitives",
+ "webpki 0.21.0",
+ "x509-cert",
+]
+
 [[package]]
 name = "sha-1"
 version = "0.9.8"
@@ -4157,7 +4233,8 @@ dependencies = [
 name = "teerex-primitives"
 version = "0.1.0"
 dependencies = [
- "ias-verify",
+ "common-primitives",
+ "hex-literal",
  "parity-scale-codec",
  "scale-info",
  "serde",
@@ -4770,10 +4847,10 @@ dependencies = [
 [[package]]
 name = "webpki"
 version = "0.21.0"
-source = "git+https://github.com/scs/webpki-nostd.git#935d31c36fa9b6d55a3226572eaf2b3ded7cf437"
+source = "git+https://github.com/scs/webpki-nostd.git?branch=tn/use-ring-xous#921d737c08a5d2ba3ba0a53f91d98410c2a29d8d"
 dependencies = [
- "ring 0.16.20",
- "ring 0.16.9",
+ "ring 0.16.20 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ring 0.16.20 (git+https://github.com/Niederb/ring-xous.git?branch=0.16.20-cleanup)",
  "untrusted",
 ]
 
@@ -4783,7 +4860,7 @@ version = "0.22.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f095d78192e208183081cc07bc5515ef55216397af48b873e5edcd72637fa1bd"
 dependencies = [
- "ring 0.16.20",
+ "ring 0.16.20 (registry+https://github.com/rust-lang/crates.io-index)",
  "untrusted",
 ]
 
@@ -4796,16 +4873,6 @@ dependencies = [
  "webpki 0.22.0",
 ]
 
-[[package]]
-name = "which"
-version = "3.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d011071ae14a2f6671d0b74080ae0cd8ebf3a6f8c9589a2cd45f23126fe29724"
-dependencies = [
- "failure",
- "libc",
-]
-
 [[package]]
 name = "winapi"
 version = "0.3.9"
@@ -4946,6 +5013,18 @@ dependencies = [
  "tap",
 ]
 
+[[package]]
+name = "x509-cert"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "99d224a125dec5adda27d0346b9cae9794830279c4f9c27e4ab0b6c408d54012"
+dependencies = [
+ "const-oid",
+ "der",
+ "flagset",
+ "spki",
+]
+
 [[package]]
 name = "xcm"
 version = "0.9.36"
@@ -4983,6 +5062,54 @@ dependencies = [
  "xcm",
 ]
 
+[[package]]
+name = "xous"
+version = "0.9.29"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3eee9419ad8c7653cf1dfaf7f0f19144a56c4b65f5bed249c3d56aad9d89da5f"
+dependencies = [
+ "lazy_static",
+]
+
+[[package]]
+name = "xous-api-log"
+version = "0.1.23"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7679a3bc3629def7a34eb26956a079d580ca40254fc5dcea0cff736d1989f71d"
+dependencies = [
+ "log",
+ "num-derive",
+ "num-traits",
+ "xous",
+ "xous-ipc",
+]
+
+[[package]]
+name = "xous-api-names"
+version = "0.9.25"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5e54311061dc021a10cd87cb783b793532b0b6b666f1c58176c5925e5e5e8ccc"
+dependencies = [
+ "log",
+ "num-derive",
+ "num-traits",
+ "rkyv",
+ "xous",
+ "xous-api-log",
+ "xous-ipc",
+]
+
+[[package]]
+name = "xous-ipc"
+version = "0.9.29"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8530fb0ef0893871ae2187bdd66927de158a7d963b08fa8906fefd773c600e5f"
+dependencies = [
+ "bitflags",
+ "rkyv",
+ "xous",
+]
+
 [[package]]
 name = "yap"
 version = "0.7.2"
diff --git a/Cargo.toml b/Cargo.toml
index 45d41215..88466499 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -4,7 +4,7 @@ members = [
     "teerex",
     "parentchain",
     "sidechain",
-    "teerex/ias-verify",
+    "teerex/sgx-verify",
     "teeracle",
     "test-utils",
     "xcm-transactor",
diff --git a/primitives/teerex/Cargo.toml b/primitives/teerex/Cargo.toml
index 9fa66f91..f39da2ec 100644
--- a/primitives/teerex/Cargo.toml
+++ b/primitives/teerex/Cargo.toml
@@ -9,26 +9,25 @@ edition = "2021"
 
 [dependencies]
 codec = { version = "3.0.0", default-features = false, features = ["derive"], package = "parity-scale-codec" }
+common-primitives = { path = "../common", default-features = false }
 scale-info = { version = "2.0.1", default-features = false, features = ["derive"] }
 serde = { version = "1.0.13", default-features = false }
 
-# local
-ias-verify = { path = "../../teerex/ias-verify", default-features = false }
-
 # substrate dependencies
 sp-core = { default-features = false, git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.36" }
 sp-io = { default-features = false, git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.36" }
 sp-std = { default-features = false, git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.36" }
 
+[dev-dependencies]
+hex-literal = "0.3.4"
 
 [features]
 default = ["std"]
 std = [
     "codec/std",
+    "common-primitives/std",
     "scale-info/std",
     "serde/std",
-    # local
-    "ias-verify/std",
     # substrate
     "sp-core/std",
     "sp-io/std",
diff --git a/primitives/teerex/src/lib.rs b/primitives/teerex/src/lib.rs
index dcb5d384..5037bc43 100644
--- a/primitives/teerex/src/lib.rs
+++ b/primitives/teerex/src/lib.rs
@@ -18,15 +18,26 @@
 //!Primitives for teerex
 #![cfg_attr(not(feature = "std"), no_std)]
 use codec::{Decode, Encode};
-use ias_verify::SgxBuildMode;
 use scale_info::TypeInfo;
 use sp_core::H256;
 use sp_std::prelude::*;
 
+#[derive(Encode, Decode, Copy, Clone, PartialEq, Eq, sp_core::RuntimeDebug, TypeInfo)]
+pub enum SgxBuildMode {
+	Debug,
+	Production,
+}
+
+impl Default for SgxBuildMode {
+	fn default() -> Self {
+		SgxBuildMode::Production
+	}
+}
+
 #[derive(Encode, Decode, Default, Copy, Clone, PartialEq, Eq, sp_core::RuntimeDebug, TypeInfo)]
 pub struct Enclave<PubKey, Url> {
 	pub pubkey: PubKey, // FIXME: this is redundant information
-	pub mr_enclave: [u8; 32],
+	pub mr_enclave: MrEnclave,
 	// Todo: make timestamp: Moment
 	pub timestamp: u64, // unix epoch in milliseconds
 	pub url: Url,       // utf8 encoded url
@@ -36,7 +47,7 @@ pub struct Enclave<PubKey, Url> {
 impl<PubKey, Url> Enclave<PubKey, Url> {
 	pub fn new(
 		pubkey: PubKey,
-		mr_enclave: [u8; 32],
+		mr_enclave: MrEnclave,
 		timestamp: u64,
 		url: Url,
 		sgx_build_mode: SgxBuildMode,
@@ -45,6 +56,115 @@ impl<PubKey, Url> Enclave<PubKey, Url> {
 	}
 }
 
+/// The list of valid TCBs for an enclave.
+#[derive(Encode, Decode, Clone, PartialEq, Eq, sp_core::RuntimeDebug, TypeInfo)]
+pub struct QeTcb {
+	pub isvsvn: u16,
+}
+
+impl QeTcb {
+	pub fn new(isvsvn: u16) -> Self {
+		Self { isvsvn }
+	}
+}
+
+/// This represents all the collateral data that we need to store on chain in order to verify
+/// the quoting enclave validity of another enclave that wants to register itself on chain
+#[derive(Encode, Decode, Default, Clone, PartialEq, Eq, sp_core::RuntimeDebug, TypeInfo)]
+pub struct QuotingEnclave {
+	// Todo: make timestamp: Moment
+	pub issue_date: u64, // unix epoch in milliseconds
+	// Todo: make timestamp: Moment
+	pub next_update: u64, // unix epoch in milliseconds
+	pub miscselect: [u8; 4],
+	pub miscselect_mask: [u8; 4],
+	pub attributes: [u8; 16],
+	pub attributes_mask: [u8; 16],
+	pub mrsigner: MrSigner,
+	pub isvprodid: u16,
+	/// Contains only the TCB versions that are considered UpToDate
+	pub tcb: Vec<QeTcb>,
+}
+
+impl QuotingEnclave {
+	#[allow(clippy::too_many_arguments)]
+	pub fn new(
+		issue_date: u64,
+		next_update: u64,
+		miscselect: [u8; 4],
+		miscselect_mask: [u8; 4],
+		attributes: [u8; 16],
+		attributes_mask: [u8; 16],
+		mrsigner: MrSigner,
+		isvprodid: u16,
+		tcb: Vec<QeTcb>,
+	) -> Self {
+		Self {
+			issue_date,
+			next_update,
+			miscselect,
+			miscselect_mask,
+			attributes,
+			attributes_mask,
+			mrsigner,
+			isvprodid,
+			tcb,
+		}
+	}
+}
+
+#[derive(Encode, Decode, Default, Clone, PartialEq, Eq, sp_core::RuntimeDebug, TypeInfo)]
+pub struct TcbVersionStatus {
+	pub cpusvn: Cpusvn,
+	pub pcesvn: Pcesvn,
+}
+
+impl TcbVersionStatus {
+	pub fn new(cpusvn: Cpusvn, pcesvn: Pcesvn) -> Self {
+		Self { cpusvn, pcesvn }
+	}
+
+	pub fn verify_examinee(&self, examinee: &TcbVersionStatus) -> bool {
+		for (v, r) in self.cpusvn.iter().zip(examinee.cpusvn.iter()) {
+			if *v > *r {
+				return false
+			}
+		}
+		self.pcesvn <= examinee.pcesvn
+	}
+}
+
+/// This represents all the collateral data that we need to store on chain in order to verify
+/// the quoting enclave validity of another enclave that wants to register itself on chain
+#[derive(Encode, Decode, Default, Clone, PartialEq, Eq, sp_core::RuntimeDebug, TypeInfo)]
+pub struct TcbInfoOnChain {
+	// Todo: make timestamp: Moment
+	pub issue_date: u64, // unix epoch in milliseconds
+	// Todo: make timestamp: Moment
+	pub next_update: u64, // unix epoch in milliseconds
+	tcb_levels: Vec<TcbVersionStatus>,
+}
+
+impl TcbInfoOnChain {
+	pub fn new(issue_date: u64, next_update: u64, tcb_levels: Vec<TcbVersionStatus>) -> Self {
+		Self { issue_date, next_update, tcb_levels }
+	}
+
+	pub fn verify_examinee(&self, examinee: &TcbVersionStatus) -> bool {
+		for tb in &self.tcb_levels {
+			if tb.verify_examinee(examinee) {
+				return true
+			}
+		}
+		false
+	}
+}
+
+pub type MrSigner = [u8; 32];
+pub type MrEnclave = [u8; 32];
+pub type Fmspc = [u8; 6];
+pub type Cpusvn = [u8; 16];
+pub type Pcesvn = u16;
 pub type ShardIdentifier = H256;
 
 #[derive(Encode, Decode, Default, Clone, PartialEq, Eq, sp_core::RuntimeDebug, TypeInfo)]
@@ -52,3 +172,24 @@ pub struct Request {
 	pub shard: ShardIdentifier,
 	pub cyphertext: Vec<u8>,
 }
+
+#[cfg(test)]
+mod tests {
+	use super::*;
+	use hex_literal::hex;
+
+	#[test]
+	fn tcb_full_is_valid() {
+		// The strings are the hex encodings of the 16-byte CPUSVN numbers
+		let reference = TcbVersionStatus::new(hex!("11110204018007000000000000000000"), 7);
+		assert!(reference.verify_examinee(&reference));
+		assert!(reference
+			.verify_examinee(&TcbVersionStatus::new(hex!("11110204018007000000000000000000"), 7)));
+		assert!(reference
+			.verify_examinee(&TcbVersionStatus::new(hex!("21110204018007000000000000000001"), 7)));
+		assert!(!reference
+			.verify_examinee(&TcbVersionStatus::new(hex!("10110204018007000000000000000000"), 6)));
+		assert!(!reference
+			.verify_examinee(&TcbVersionStatus::new(hex!("11110204018007000000000000000000"), 6)));
+	}
+}
diff --git a/sidechain/src/tests.rs b/sidechain/src/tests.rs
index 05bc93cc..7a481abd 100644
--- a/sidechain/src/tests.rs
+++ b/sidechain/src/tests.rs
@@ -18,6 +18,7 @@ limitations under the License.
 use crate::{mock::*, Error, Event as SidechainEvent, Teerex};
 use frame_support::{assert_err, assert_ok, dispatch::DispatchResultWithPostInfo};
 use sp_core::H256;
+use teerex_primitives::MrSigner;
 use test_utils::ias::consts::*;
 
 // give get_signer a concrete type
@@ -198,7 +199,7 @@ fn register_enclave7() {
 	register_enclave(TEST7_SIGNER_PUB, TEST7_CERT, 1);
 }
 
-fn register_enclave(signer_pub_key: &[u8; 32], cert: &[u8], expected_enclave_count: u64) {
+fn register_enclave(signer_pub_key: &MrSigner, cert: &[u8], expected_enclave_count: u64) {
 	let signer7 = get_signer(signer_pub_key);
 
 	//Ensure that enclave is registered
diff --git a/teeracle/src/benchmarking.rs b/teeracle/src/benchmarking.rs
index bd7bc336..24de3bd2 100644
--- a/teeracle/src/benchmarking.rs
+++ b/teeracle/src/benchmarking.rs
@@ -26,7 +26,7 @@ use frame_benchmarking::benchmarks;
 use frame_system::RawOrigin;
 use pallet_teerex::Pallet as Teerex;
 use sp_runtime::traits::CheckedConversion;
-use sp_std::{borrow::ToOwned, prelude::*};
+use sp_std::prelude::*;
 use teeracle_primitives::{DataSource, OracleDataName, TradingPairString};
 
 use test_utils::{
diff --git a/teeracle/src/tests.rs b/teeracle/src/tests.rs
index df345cf3..b0a971d0 100644
--- a/teeracle/src/tests.rs
+++ b/teeracle/src/tests.rs
@@ -30,7 +30,6 @@ const COINGECKO_SRC: &str = "https://api.coingecko.com";
 const COINMARKETCAP_SRC: &str = "https://coinmarketcap.com/";
 
 const DOT_USD_TRADING_PAIR: &str = "DOT/USD";
-const TEER_USD_TRADING_PAIR: &str = "TEER/USD";
 
 // give get_signer a concrete type
 fn get_signer(pubkey: &[u8; 32]) -> AccountId {
diff --git a/teerex/Cargo.toml b/teerex/Cargo.toml
index a410b48f..90ada22a 100644
--- a/teerex/Cargo.toml
+++ b/teerex/Cargo.toml
@@ -5,7 +5,7 @@ version = "0.9.0"
 authors = ["Integritee AG <hello@integritee.network>"]
 homepage = "https://integritee.network/"
 repository = "https://github.com/integritee-network/pallets/"
-license = "Apache-2.0"
+license = "GPL-3.0"
 edition = "2021"
 
 [dependencies]
@@ -15,7 +15,7 @@ scale-info = { version = "2.0.1", default-features = false, features = ["derive"
 serde = { version = "1.0", features = ["derive"], optional = true }
 
 # local
-ias-verify = { path = "./ias-verify", default-features = false }
+sgx-verify = { path = "sgx-verify", default-features = false }
 teerex-primitives = { path = "../primitives/teerex", default-features = false }
 
 # substrate dependencies
@@ -50,7 +50,7 @@ std = [
     "scale-info/std",
     "serde",
     # local
-    "ias-verify/std",
+    "sgx-verify/std",
     "teerex-primitives/std",
     # substrate
     "frame-support/std",
diff --git a/teerex/ias-verify/src/lib.rs b/teerex/ias-verify/src/lib.rs
deleted file mode 100644
index 2801d65b..00000000
--- a/teerex/ias-verify/src/lib.rs
+++ /dev/null
@@ -1,341 +0,0 @@
-/*
-	Copyright 2021 Integritee AG and Supercomputing Systems AG
-
-	Licensed under the Apache License, Version 2.0 (the "License");
-	you may not use this file except in compliance with the License.
-	You may obtain a copy of the License at
-
-		http://www.apache.org/licenses/LICENSE-2.0
-
-	Unless required by applicable law or agreed to in writing, software
-	distributed under the License is distributed on an "AS IS" BASIS,
-	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-	See the License for the specific language governing permissions and
-	limitations under the License.
-
-*/
-
-#![cfg_attr(not(feature = "std"), no_std)]
-
-use crate::netscape_comment::NetscapeComment;
-use chrono::prelude::*;
-use codec::{Decode, Encode};
-use scale_info::TypeInfo;
-use serde_json::Value;
-use sp_std::{
-	convert::{TryFrom, TryInto},
-	prelude::*,
-};
-
-mod ephemeral_key;
-mod netscape_comment;
-#[cfg(test)]
-mod tests;
-mod utils;
-
-const SGX_REPORT_DATA_SIZE: usize = 64;
-#[derive(Encode, Decode, Copy, Clone, TypeInfo)]
-pub struct SgxReportData {
-	d: [u8; SGX_REPORT_DATA_SIZE],
-}
-
-#[derive(Encode, Decode, Copy, Clone, TypeInfo)]
-pub struct SGXAttributes {
-	flags: u64,
-	xfrm: u64,
-}
-
-// see Intel SGX SDK https://github.com/intel/linux-sgx/blob/master/common/inc/sgx_report.h
-const SGX_REPORT_BODY_RESERVED1_BYTES: usize = 12;
-const SGX_REPORT_BODY_RESERVED2_BYTES: usize = 32;
-const SGX_REPORT_BODY_RESERVED3_BYTES: usize = 32;
-const SGX_REPORT_BODY_RESERVED4_BYTES: usize = 42;
-const SGX_FLAGS_DEBUG: u64 = 0x0000000000000002;
-
-#[derive(Encode, Decode, Copy, Clone, TypeInfo)]
-pub struct SgxReportBody {
-	cpu_svn: [u8; 16],    /* (  0) Security Version of the CPU */
-	misc_select: [u8; 4], /* ( 16) Which fields defined in SSA.MISC */
-	reserved1: [u8; SGX_REPORT_BODY_RESERVED1_BYTES], /* ( 20) */
-	isv_ext_prod_id: [u8; 16], /* ( 32) ISV assigned Extended Product ID */
-	attributes: SGXAttributes, /* ( 48) Any special Capabilities the Enclave possess */
-	mr_enclave: [u8; 32], /* ( 64) The value of the enclave's ENCLAVE measurement */
-	reserved2: [u8; SGX_REPORT_BODY_RESERVED2_BYTES], /* ( 96) */
-	mr_signer: [u8; 32],  /* (128) The value of the enclave's SIGNER measurement */
-	reserved3: [u8; SGX_REPORT_BODY_RESERVED3_BYTES], /* (160) */
-	config_id: [u8; 64],  /* (192) CONFIGID */
-	isv_prod_id: u16,     /* (256) Product ID of the Enclave */
-	isv_svn: u16,         /* (258) Security Version of the Enclave */
-	config_svn: u16,      /* (260) CONFIGSVN */
-	reserved4: [u8; SGX_REPORT_BODY_RESERVED4_BYTES], /* (262) */
-	isv_family_id: [u8; 16], /* (304) ISV assigned Family ID */
-	report_data: SgxReportData, /* (320) Data provided by the user */
-}
-
-impl SgxReportBody {
-	pub fn sgx_build_mode(&self) -> SgxBuildMode {
-		#[cfg(test)]
-		println!("attributes flag : {:x}", self.attributes.flags);
-		if self.attributes.flags & SGX_FLAGS_DEBUG == SGX_FLAGS_DEBUG {
-			SgxBuildMode::Debug
-		} else {
-			SgxBuildMode::Production
-		}
-	}
-}
-// see Intel SGX SDK https://github.com/intel/linux-sgx/blob/master/common/inc/sgx_quote.h
-#[derive(Encode, Decode, Copy, Clone, TypeInfo)]
-pub struct SgxQuote {
-	version: u16,       /* 0   */
-	sign_type: u16,     /* 2   */
-	epid_group_id: u32, /* 4   */
-	qe_svn: u16,        /* 8   */
-	pce_svn: u16,       /* 10  */
-	xeid: u32,          /* 12  */
-	basename: [u8; 32], /* 16  */
-	report_body: SgxReportBody, /* 48  */
-	                    //signature_len: u32,    /* 432 */
-	                    //signature: [u8; 64]    /* 436 */  //must be hard-coded for SCALE codec
-}
-
-#[derive(Encode, Decode, Copy, Clone, PartialEq, Eq, sp_core::RuntimeDebug, TypeInfo)]
-pub enum SgxBuildMode {
-	Debug,
-	Production,
-}
-impl Default for SgxBuildMode {
-	fn default() -> Self {
-		SgxBuildMode::Production
-	}
-}
-
-#[derive(Encode, Decode, Copy, Clone, PartialEq, Eq, sp_core::RuntimeDebug, TypeInfo)]
-pub enum SgxStatus {
-	Invalid,
-	Ok,
-	GroupOutOfDate,
-	GroupRevoked,
-	ConfigurationNeeded,
-}
-impl Default for SgxStatus {
-	fn default() -> Self {
-		SgxStatus::Invalid
-	}
-}
-
-#[derive(Encode, Decode, Default, Copy, Clone, PartialEq, Eq, sp_core::RuntimeDebug, TypeInfo)]
-pub struct SgxReport {
-	pub mr_enclave: [u8; 32],
-	pub pubkey: [u8; 32],
-	pub status: SgxStatus,
-	pub timestamp: u64, // unix timestamp in milliseconds
-	pub build_mode: SgxBuildMode,
-}
-
-type SignatureAlgorithms = &'static [&'static webpki::SignatureAlgorithm];
-static SUPPORTED_SIG_ALGS: SignatureAlgorithms = &[
-	//&webpki::ECDSA_P256_SHA256,
-	//&webpki::ECDSA_P256_SHA384,
-	//&webpki::ECDSA_P384_SHA256,
-	//&webpki::ECDSA_P384_SHA384,
-	&webpki::RSA_PKCS1_2048_8192_SHA256,
-	&webpki::RSA_PKCS1_2048_8192_SHA384,
-	&webpki::RSA_PKCS1_2048_8192_SHA512,
-	&webpki::RSA_PKCS1_3072_8192_SHA384,
-];
-
-//pub const IAS_REPORT_CA: &[u8] = include_bytes!("../AttestationReportSigningCACert.pem");
-
-pub static IAS_SERVER_ROOTS: webpki::TLSServerTrustAnchors = webpki::TLSServerTrustAnchors(&[
-	/*
-	 * -----BEGIN CERTIFICATE-----
-	 * MIIFSzCCA7OgAwIBAgIJANEHdl0yo7CUMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV
-	 * BAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExGjAYBgNV
-	 * BAoMEUludGVsIENvcnBvcmF0aW9uMTAwLgYDVQQDDCdJbnRlbCBTR1ggQXR0ZXN0
-	 * YXRpb24gUmVwb3J0IFNpZ25pbmcgQ0EwIBcNMTYxMTE0MTUzNzMxWhgPMjA0OTEy
-	 * MzEyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwL
-	 * U2FudGEgQ2xhcmExGjAYBgNVBAoMEUludGVsIENvcnBvcmF0aW9uMTAwLgYDVQQD
-	 * DCdJbnRlbCBTR1ggQXR0ZXN0YXRpb24gUmVwb3J0IFNpZ25pbmcgQ0EwggGiMA0G
-	 * CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCfPGR+tXc8u1EtJzLA10Feu1Wg+p7e
-	 * LmSRmeaCHbkQ1TF3Nwl3RmpqXkeGzNLd69QUnWovYyVSndEMyYc3sHecGgfinEeh
-	 * rgBJSEdsSJ9FpaFdesjsxqzGRa20PYdnnfWcCTvFoulpbFR4VBuXnnVLVzkUvlXT
-	 * L/TAnd8nIZk0zZkFJ7P5LtePvykkar7LcSQO85wtcQe0R1Raf/sQ6wYKaKmFgCGe
-	 * NpEJUmg4ktal4qgIAxk+QHUxQE42sxViN5mqglB0QJdUot/o9a/V/mMeH8KvOAiQ
-	 * byinkNndn+Bgk5sSV5DFgF0DffVqmVMblt5p3jPtImzBIH0QQrXJq39AT8cRwP5H
-	 * afuVeLHcDsRp6hol4P+ZFIhu8mmbI1u0hH3W/0C2BuYXB5PC+5izFFh/nP0lc2Lf
-	 * 6rELO9LZdnOhpL1ExFOq9H/B8tPQ84T3Sgb4nAifDabNt/zu6MmCGo5U8lwEFtGM
-	 * RoOaX4AS+909x00lYnmtwsDVWv9vBiJCXRsCAwEAAaOByTCBxjBgBgNVHR8EWTBX
-	 * MFWgU6BRhk9odHRwOi8vdHJ1c3RlZHNlcnZpY2VzLmludGVsLmNvbS9jb250ZW50
-	 * L0NSTC9TR1gvQXR0ZXN0YXRpb25SZXBvcnRTaWduaW5nQ0EuY3JsMB0GA1UdDgQW
-	 * BBR4Q3t2pn680K9+QjfrNXw7hwFRPDAfBgNVHSMEGDAWgBR4Q3t2pn680K9+Qjfr
-	 * NXw7hwFRPDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkq
-	 * hkiG9w0BAQsFAAOCAYEAeF8tYMXICvQqeXYQITkV2oLJsp6J4JAqJabHWxYJHGir
-	 * IEqucRiJSSx+HjIJEUVaj8E0QjEud6Y5lNmXlcjqRXaCPOqK0eGRz6hi+ripMtPZ
-	 * sFNaBwLQVV905SDjAzDzNIDnrcnXyB4gcDFCvwDFKKgLRjOB/WAqgscDUoGq5ZVi
-	 * zLUzTqiQPmULAQaB9c6Oti6snEFJiCQ67JLyW/E83/frzCmO5Ru6WjU4tmsmy8Ra
-	 * Ud4APK0wZTGtfPXU7w+IBdG5Ez0kE1qzxGQaL4gINJ1zMyleDnbuS8UicjJijvqA
-	 * 152Sq049ESDz+1rRGc2NVEqh1KaGXmtXvqxXcTB+Ljy5Bw2ke0v8iGngFBPqCTVB
-	 * 3op5KBG3RjbF6RRSzwzuWfL7QErNC8WEy5yDVARzTA5+xmBc388v9Dm21HGfcC8O
-	 * DD+gT9sSpssq0ascmvH49MOgjt1yoysLtdCtJW/9FZpoOypaHx0R+mJTLwPXVMrv
-	 * DaVzWh5aiEx+idkSGMnX
-	 * -----END CERTIFICATE-----
-	 */
-	webpki::TrustAnchor {
-		subject: b"1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x0b0\t\x06\x03U\x04\x08\x0c\x02CA1\x140\x12\x06\x03U\x04\x07\x0c\x0bSanta Clara1\x1a0\x18\x06\x03U\x04\n\x0c\x11Intel Corporation100.\x06\x03U\x04\x03\x0c\'Intel SGX Attestation Report Signing CA",
-		spki: b"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x8f\x000\x82\x01\x8a\x02\x82\x01\x81\x00\x9f<d~\xb5w<\xbbQ-\'2\xc0\xd7A^\xbbU\xa0\xfa\x9e\xde.d\x91\x99\xe6\x82\x1d\xb9\x10\xd51w7\twFjj^G\x86\xcc\xd2\xdd\xeb\xd4\x14\x9dj/c%R\x9d\xd1\x0c\xc9\x877\xb0w\x9c\x1a\x07\xe2\x9cG\xa1\xae\x00IHGlH\x9fE\xa5\xa1]z\xc8\xec\xc6\xac\xc6E\xad\xb4=\x87g\x9d\xf5\x9c\t;\xc5\xa2\xe9ilTxT\x1b\x97\x9euKW9\x14\xbeU\xd3/\xf4\xc0\x9d\xdf\'!\x994\xcd\x99\x05\'\xb3\xf9.\xd7\x8f\xbf)$j\xbe\xcbq$\x0e\xf3\x9c-q\x07\xb4GTZ\x7f\xfb\x10\xeb\x06\nh\xa9\x85\x80!\x9e6\x91\tRh8\x92\xd6\xa5\xe2\xa8\x08\x03\x19>@u1@N6\xb3\x15b7\x99\xaa\x82Pt@\x97T\xa2\xdf\xe8\xf5\xaf\xd5\xfec\x1e\x1f\xc2\xaf8\x08\x90o(\xa7\x90\xd9\xdd\x9f\xe0`\x93\x9b\x12W\x90\xc5\x80]\x03}\xf5j\x99S\x1b\x96\xdei\xde3\xed\"l\xc1 }\x10B\xb5\xc9\xab\x7f@O\xc7\x11\xc0\xfeGi\xfb\x95x\xb1\xdc\x0e\xc4i\xea\x1a%\xe0\xff\x99\x14\x88n\xf2i\x9b#[\xb4\x84}\xd6\xff@\xb6\x06\xe6\x17\x07\x93\xc2\xfb\x98\xb3\x14X\x7f\x9c\xfd%sb\xdf\xea\xb1\x0b;\xd2\xd9vs\xa1\xa4\xbdD\xc4S\xaa\xf4\x7f\xc1\xf2\xd3\xd0\xf3\x84\xf7J\x06\xf8\x9c\x08\x9f\r\xa6\xcd\xb7\xfc\xee\xe8\xc9\x82\x1a\x8eT\xf2\\\x04\x16\xd1\x8cF\x83\x9a_\x80\x12\xfb\xdd=\xc7M%by\xad\xc2\xc0\xd5Z\xffo\x06\"B]\x1b\x02\x03\x01\x00\x01",
-		name_constraints: None
-	},
-
-]);
-
-/// Contains an unvalidated ias remote attestation certificate.
-///
-/// Wrapper to implemented parsing and verification traits on it.
-pub struct CertDer<'a>(&'a [u8]);
-
-// make sure this function doesn't panic!
-pub fn verify_ias_report(cert_der: &[u8]) -> Result<SgxReport, &'static str> {
-	// Before we reach here, the runtime already verified the extrinsic is properly signed by the extrinsic sender
-	// Hence, we skip: EphemeralKey::try_from(cert)?;
-
-	#[cfg(test)]
-	println!("verifyRA: start verifying RA cert");
-
-	let cert = CertDer(cert_der);
-	let netscape = NetscapeComment::try_from(cert)?;
-	let sig_cert = webpki::EndEntityCert::from(&netscape.sig_cert).map_err(|_| "Bad der")?;
-
-	verify_signature(&sig_cert, netscape.attestation_raw, &netscape.sig)?;
-
-	// FIXME: now hardcoded. but certificate renewal would have to be done manually anyway...
-	// chain wasm update or by some sudo call
-	let valid_until = webpki::Time::from_seconds_since_unix_epoch(1573419050);
-	verify_server_cert(&sig_cert, valid_until)?;
-
-	parse_report(netscape.attestation_raw)
-}
-
-fn parse_report(report_raw: &[u8]) -> Result<SgxReport, &'static str> {
-	// parse attestation report
-	let attn_report: Value = match serde_json::from_slice(report_raw) {
-		Ok(report) => report,
-		Err(_) => return Err("RA report parsing error"),
-	};
-
-	let _ra_timestamp = match &attn_report["timestamp"] {
-		Value::String(time) => {
-			let time_fixed = time.clone() + "+0000";
-			match DateTime::parse_from_str(&time_fixed, "%Y-%m-%dT%H:%M:%S%.f%z") {
-				Ok(d) => d.timestamp(),
-				Err(_) => return Err("RA report timestamp parsing error"),
-			}
-		},
-		_ => return Err("Failed to fetch timestamp from attestation report"),
-	};
-
-	// in milliseconds
-	let ra_timestamp: u64 = (_ra_timestamp * 1000)
-		.try_into()
-		.map_err(|_| "Error converting report.timestamp to u64")?;
-
-	#[cfg(test)]
-	println!("verifyRA attestation timestamp [unix epoch]: {}", ra_timestamp);
-
-	// get quote status (mandatory field)
-	let ra_status = match &attn_report["isvEnclaveQuoteStatus"] {
-		Value::String(quote_status) => match quote_status.as_ref() {
-			"OK" => SgxStatus::Ok,
-			"GROUP_OUT_OF_DATE" => SgxStatus::GroupOutOfDate,
-			"GROUP_REVOKED" => SgxStatus::GroupRevoked,
-			"CONFIGURATION_NEEDED" => SgxStatus::ConfigurationNeeded,
-			_ => SgxStatus::Invalid,
-		},
-		_ => return Err("Failed to fetch isvEnclaveQuoteStatus from attestation report"),
-	};
-
-	#[cfg(test)]
-	println!("verifyRA attestation status is: {:?}", ra_status);
-	// parse quote body
-	if let Value::String(quote_raw) = &attn_report["isvEnclaveQuoteBody"] {
-		let quote = match base64::decode(quote_raw) {
-			Ok(q) => q,
-			Err(_) => return Err("Quote Decoding Error"),
-		};
-		#[cfg(test)]
-		println!("Quote read. len={}", quote.len());
-		// TODO: lack security check here
-		let sgx_quote: SgxQuote = match Decode::decode(&mut &quote[..]) {
-			Ok(q) => q,
-			Err(_) => return Err("could not decode quote"),
-		};
-
-		#[cfg(test)]
-		{
-			println!("sgx quote version = {}", sgx_quote.version);
-			println!("sgx quote signature type = {}", sgx_quote.sign_type);
-			//println!("sgx quote report_data = {:?}", sgx_quote.report_body.report_data.d[..32]);
-			println!("sgx quote mr_enclave = {:x?}", sgx_quote.report_body.mr_enclave);
-			println!("sgx quote mr_signer = {:x?}", sgx_quote.report_body.mr_signer);
-			println!("sgx quote report_data = {:x?}", sgx_quote.report_body.report_data.d.to_vec());
-		}
-
-		let mut xt_signer_array = [0u8; 32];
-		xt_signer_array.copy_from_slice(&sgx_quote.report_body.report_data.d[..32]);
-		Ok(SgxReport {
-			mr_enclave: sgx_quote.report_body.mr_enclave,
-			status: ra_status,
-			pubkey: xt_signer_array,
-			timestamp: ra_timestamp,
-			build_mode: sgx_quote.report_body.sgx_build_mode(),
-		})
-	} else {
-		Err("Failed to parse isvEnclaveQuoteBody from attestation report")
-	}
-}
-
-pub fn verify_signature(
-	entity_cert: &webpki::EndEntityCert,
-	attestation_raw: &[u8],
-	signature: &[u8],
-) -> Result<(), &'static str> {
-	match entity_cert.verify_signature(
-		&webpki::RSA_PKCS1_2048_8192_SHA256,
-		attestation_raw,
-		signature,
-	) {
-		Ok(()) => {
-			#[cfg(test)]
-			println!("IAS signature is valid");
-			Ok(())
-		},
-		Err(_e) => {
-			#[cfg(test)]
-			println!("RSA Signature ERROR: {}", _e);
-			Err("bad signature")
-		},
-	}
-}
-
-pub fn verify_server_cert(
-	sig_cert: &webpki::EndEntityCert,
-	timestamp_valid_until: webpki::Time,
-) -> Result<(), &'static str> {
-	let chain: Vec<&[u8]> = Vec::new();
-	match sig_cert.verify_is_valid_tls_server_cert(
-		SUPPORTED_SIG_ALGS,
-		&IAS_SERVER_ROOTS,
-		&chain,
-		timestamp_valid_until,
-	) {
-		Ok(()) => {
-			#[cfg(test)]
-			println!("CA is valid");
-			Ok(())
-		},
-		Err(_e) => {
-			#[cfg(test)]
-			println!("CA ERROR: {}", _e);
-			Err("CA verification failed")
-		},
-	}
-}
diff --git a/teerex/ias-verify/AttestationReportSigningCACert.pem b/teerex/sgx-verify/AttestationReportSigningCACert.pem
similarity index 100%
rename from teerex/ias-verify/AttestationReportSigningCACert.pem
rename to teerex/sgx-verify/AttestationReportSigningCACert.pem
diff --git a/teerex/ias-verify/Cargo.toml b/teerex/sgx-verify/Cargo.toml
similarity index 64%
rename from teerex/ias-verify/Cargo.toml
rename to teerex/sgx-verify/Cargo.toml
index 178b4c53..06557b97 100644
--- a/teerex/ias-verify/Cargo.toml
+++ b/teerex/sgx-verify/Cargo.toml
@@ -1,20 +1,28 @@
 [package]
-name = "ias-verify"
+name = "sgx-verify"
 version = "0.1.4"
 description = "a certificate verification and IAS report parser crate for the teerex pallet"
 authors = ["Integritee AG <hello@integritee.network>"]
 homepage = "https://integritee.network/"
 repository = "https://github.com/integritee-network/pallets/"
-license = "Apache-2.0"
+license = "GPL-3.0"
 edition = "2021"
 
 [dependencies]
 base64 = { version = "0.13", default-features = false, features = ["alloc"] }
-chrono = { version = "0.4", default-features = false }
+chrono = { version = "0.4", default-features = false, features = ["serde"] }
 codec = { version = "3.0.0", default-features = false, features = ["derive"], package = "parity-scale-codec" }
+der = { default-features = false, version = "0.6.0" }
+hex = { default-features = false, version = "0.4.3", features = ["alloc"] }
+ring = { git = "https://github.com/Niederb/ring-xous.git", branch = "0.16.20-cleanup", default-features = false, features = ["alloc"] }
 scale-info = { version = "2.0.1", default-features = false, features = ["derive"] }
+serde = { default-features = false, version = "1.0.140", features = ["derive"] }
 serde_json = { version = "1.0", default-features = false, features = ["alloc"] }
-webpki = { default-features = false, git = "https://github.com/scs/webpki-nostd.git" }
+webpki = { default-features = false, git = "https://github.com/scs/webpki-nostd.git", branch = "tn/use-ring-xous" }
+x509-cert = { default-features = false, version = "0.1.0", features = ["alloc"] }
+
+# local
+teerex-primitives = { path = "../../primitives/teerex", default-features = false }
 
 # substrate dependencies
 frame-support = { default-features = false, git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.36" }
@@ -23,7 +31,7 @@ sp-io = { default-features = false, git = "https://github.com/paritytech/substra
 sp-std = { default-features = false, git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.36" }
 
 [dev-dependencies]
-hex-literal = "*"
+hex-literal = "0.3.4"
 
 [features]
 default = ["std"]
@@ -31,9 +39,16 @@ std = [
     "base64/std",
     "chrono/std",
     "codec/std",
+    "der/std",
+    "hex/std",
+    "ring/std",
     "scale-info/std",
+    "serde/std",
     "serde_json/std",
     "webpki/std",
+    "x509-cert/std",
+    # local
+    "teerex-primitives/std",
     # substrate
     "frame-support/std",
     "sp-core/std",
diff --git a/teerex/sgx-verify/fuzz/Cargo.lock b/teerex/sgx-verify/fuzz/Cargo.lock
new file mode 100644
index 00000000..dcf6bad9
--- /dev/null
+++ b/teerex/sgx-verify/fuzz/Cargo.lock
@@ -0,0 +1,3445 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+version = 3
+
+[[package]]
+name = "Inflector"
+version = "0.11.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fe438c63458706e03479442743baae6c88256498e6431708f6dfc520a26515d3"
+dependencies = [
+ "lazy_static",
+ "regex",
+]
+
+[[package]]
+name = "addr2line"
+version = "0.17.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b9ecd88a8c8378ca913a680cd98f0f13ac67383d35993f86c90a70e3f137816b"
+dependencies = [
+ "gimli 0.26.2",
+]
+
+[[package]]
+name = "addr2line"
+version = "0.19.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a76fd60b23679b7d19bd066031410fb7e458ccc5e958eb5c325888ce4baedc97"
+dependencies = [
+ "gimli 0.27.0",
+]
+
+[[package]]
+name = "adler"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
+
+[[package]]
+name = "ahash"
+version = "0.7.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fcb51a0695d8f838b1ee009b3fbf66bda078cd64590202a864a8f3e8c4315c47"
+dependencies = [
+ "getrandom 0.2.8",
+ "once_cell",
+ "version_check",
+]
+
+[[package]]
+name = "aho-corasick"
+version = "0.7.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cc936419f96fa211c1b9166887b38e5e40b19958e5b895be7c1f93adec7071ac"
+dependencies = [
+ "memchr",
+]
+
+[[package]]
+name = "android_system_properties"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "ansi_term"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d52a9bb7ec0cf484c551830a7ce27bd20d67eac647e1befb56b0be4ee39a55d2"
+dependencies = [
+ "winapi",
+]
+
+[[package]]
+name = "anyhow"
+version = "1.0.68"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2cb2f989d18dd141ab8ae82f64d1a8cdd37e0840f73a406896cf5e99502fab61"
+
+[[package]]
+name = "arbitrary"
+version = "1.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b0224938f92e7aef515fac2ff2d18bd1115c1394ddf4a092e0c87e8be9499ee5"
+
+[[package]]
+name = "array-bytes"
+version = "4.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f52f63c5c1316a16a4b35eaac8b76a98248961a533f061684cb2a7cb0eafb6c6"
+
+[[package]]
+name = "arrayref"
+version = "0.3.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a4c527152e37cf757a3f78aae5a06fbeefdb07ccc535c980a3208ee3060dd544"
+
+[[package]]
+name = "arrayvec"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "23b62fc65de8e4e7f52534fb52b0f3ed04746ae267519eef2a83941e8085068b"
+
+[[package]]
+name = "arrayvec"
+version = "0.7.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8da52d66c7071e2e3fa2a1e5c6d088fec47b593032b254f5e980de8ea54454d6"
+
+[[package]]
+name = "async-trait"
+version = "0.1.61"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "705339e0e4a9690e2908d2b3d049d85682cf19fbd5782494498fbf7003a6a282"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "autocfg"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
+
+[[package]]
+name = "backtrace"
+version = "0.3.67"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "233d376d6d185f2a3093e58f283f60f880315b6c60075b01f36b3b85154564ca"
+dependencies = [
+ "addr2line 0.19.0",
+ "cc",
+ "cfg-if",
+ "libc",
+ "miniz_oxide",
+ "object 0.30.2",
+ "rustc-demangle",
+]
+
+[[package]]
+name = "base16ct"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "349a06037c7bf932dd7e7d1f653678b2038b9ad46a74102f1fc7bd7872678cce"
+
+[[package]]
+name = "base58"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6107fe1be6682a68940da878d9e9f5e90ca5745b3dec9fd1bb393c8777d4f581"
+
+[[package]]
+name = "base64"
+version = "0.13.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8"
+
+[[package]]
+name = "base64ct"
+version = "1.5.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b645a089122eccb6111b4f81cbc1a49f5900ac4666bb93ac027feaecf15607bf"
+
+[[package]]
+name = "bincode"
+version = "1.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b1f45e9417d87227c7a56d22e471c6206462cba514c7590c09aff4cf6d1ddcad"
+dependencies = [
+ "serde",
+]
+
+[[package]]
+name = "bitflags"
+version = "1.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
+
+[[package]]
+name = "bitvec"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1bc2832c24239b0141d5674bb9174f9d68a8b5b3f2753311927c172ca46f7e9c"
+dependencies = [
+ "funty",
+ "radium",
+ "tap",
+ "wyz",
+]
+
+[[package]]
+name = "blake2"
+version = "0.10.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe"
+dependencies = [
+ "digest 0.10.6",
+]
+
+[[package]]
+name = "block-buffer"
+version = "0.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c0940dc441f31689269e10ac70eb1002a3a1d3ad1390e030043662eb7fe4688b"
+dependencies = [
+ "block-padding",
+ "byte-tools",
+ "byteorder",
+ "generic-array 0.12.4",
+]
+
+[[package]]
+name = "block-buffer"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4152116fd6e9dadb291ae18fc1ec3575ed6d84c29642d97890f4b4a3417297e4"
+dependencies = [
+ "generic-array 0.14.6",
+]
+
+[[package]]
+name = "block-buffer"
+version = "0.10.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "69cce20737498f97b993470a6e536b8523f0af7892a4f928cceb1ac5e52ebe7e"
+dependencies = [
+ "generic-array 0.14.6",
+]
+
+[[package]]
+name = "block-padding"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fa79dedbb091f449f1f39e53edf88d5dbe95f895dae6135a8d7b881fb5af73f5"
+dependencies = [
+ "byte-tools",
+]
+
+[[package]]
+name = "bumpalo"
+version = "3.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "572f695136211188308f16ad2ca5c851a712c464060ae6974944458eb83880ba"
+
+[[package]]
+name = "byte-slice-cast"
+version = "1.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c3ac9f8b63eca6fd385229b3675f6cc0dc5c8a5c8a54a59d4f52ffd670d87b0c"
+
+[[package]]
+name = "byte-tools"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e3b5ca7a04898ad4bcd41c90c5285445ff5b791899bb1b0abdd2a2aa791211d7"
+
+[[package]]
+name = "byteorder"
+version = "1.4.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610"
+
+[[package]]
+name = "bytes"
+version = "1.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dfb24e866b15a1af2a1b663f10c6b6b8f397a84aadb828f12e5b289ec23a3a3c"
+
+[[package]]
+name = "cc"
+version = "1.0.78"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a20104e2335ce8a659d6dd92a51a767a0c062599c73b343fd152cb401e828c3d"
+dependencies = [
+ "jobserver",
+]
+
+[[package]]
+name = "cfg-expr"
+version = "0.10.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0aacacf4d96c24b2ad6eb8ee6df040e4f27b0d0b39a5710c30091baa830485db"
+dependencies = [
+ "smallvec",
+]
+
+[[package]]
+name = "cfg-if"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
+
+[[package]]
+name = "chrono"
+version = "0.4.23"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "16b0a3d9ed01224b22057780a37bb8c5dbfe1be8ba48678e7bf57ec4b385411f"
+dependencies = [
+ "iana-time-zone",
+ "num-integer",
+ "num-traits",
+ "serde",
+ "winapi",
+]
+
+[[package]]
+name = "codespan-reporting"
+version = "0.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3538270d33cc669650c4b093848450d380def10c331d38c768e34cac80576e6e"
+dependencies = [
+ "termcolor",
+ "unicode-width",
+]
+
+[[package]]
+name = "common-primitives"
+version = "0.1.0"
+dependencies = [
+ "sp-std",
+]
+
+[[package]]
+name = "const-oid"
+version = "0.9.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cec318a675afcb6a1ea1d4340e2d377e56e47c266f28043ceccbf4412ddfdd3b"
+
+[[package]]
+name = "core-foundation-sys"
+version = "0.8.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc"
+
+[[package]]
+name = "cpp_demangle"
+version = "0.3.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "eeaa953eaad386a53111e47172c2fedba671e5684c8dd601a5f474f4f118710f"
+dependencies = [
+ "cfg-if",
+]
+
+[[package]]
+name = "cpufeatures"
+version = "0.2.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "28d997bd5e24a5928dd43e46dc529867e207907fe0b239c3477d924f7f2ca320"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "cranelift-entity"
+version = "0.88.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "87a0f1b2fdc18776956370cf8d9b009ded3f855350c480c1c52142510961f352"
+dependencies = [
+ "serde",
+]
+
+[[package]]
+name = "crc32fast"
+version = "1.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b540bd8bc810d3885c6ea91e2018302f68baba2129ab3e88f32389ee9370880d"
+dependencies = [
+ "cfg-if",
+]
+
+[[package]]
+name = "crunchy"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7a81dae078cea95a014a339291cec439d2f232ebe854a9d672b796c6afafa9b7"
+
+[[package]]
+name = "crypto-bigint"
+version = "0.4.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ef2b4b23cddf68b89b8f8069890e8c270d54e2d5fe1b143820234805e4cb17ef"
+dependencies = [
+ "generic-array 0.14.6",
+ "rand_core 0.6.4",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "crypto-common"
+version = "0.1.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
+dependencies = [
+ "generic-array 0.14.6",
+ "typenum",
+]
+
+[[package]]
+name = "crypto-mac"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b584a330336237c1eecd3e94266efb216c56ed91225d634cb2991c5f3fd1aeab"
+dependencies = [
+ "generic-array 0.14.6",
+ "subtle",
+]
+
+[[package]]
+name = "crypto-mac"
+version = "0.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b1d1a86f49236c215f271d40892d5fc950490551400b02ef360692c29815c714"
+dependencies = [
+ "generic-array 0.14.6",
+ "subtle",
+]
+
+[[package]]
+name = "curve25519-dalek"
+version = "2.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4a9b85542f99a2dfa2a1b8e192662741c9859a846b296bef1c92ef9b58b5a216"
+dependencies = [
+ "byteorder",
+ "digest 0.8.1",
+ "rand_core 0.5.1",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "curve25519-dalek"
+version = "3.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0b9fdf9972b2bd6af2d913799d9ebc165ea4d2e65878e329d9c6b372c4491b61"
+dependencies = [
+ "byteorder",
+ "digest 0.9.0",
+ "rand_core 0.5.1",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "cxx"
+version = "1.0.86"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "51d1075c37807dcf850c379432f0df05ba52cc30f279c5cfc43cc221ce7f8579"
+dependencies = [
+ "cc",
+ "cxxbridge-flags",
+ "cxxbridge-macro",
+ "link-cplusplus",
+]
+
+[[package]]
+name = "cxx-build"
+version = "1.0.86"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5044281f61b27bc598f2f6647d480aed48d2bf52d6eb0b627d84c0361b17aa70"
+dependencies = [
+ "cc",
+ "codespan-reporting",
+ "once_cell",
+ "proc-macro2",
+ "quote",
+ "scratch",
+ "syn",
+]
+
+[[package]]
+name = "cxxbridge-flags"
+version = "1.0.86"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "61b50bc93ba22c27b0d31128d2d130a0a6b3d267ae27ef7e4fae2167dfe8781c"
+
+[[package]]
+name = "cxxbridge-macro"
+version = "1.0.86"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "39e61fda7e62115119469c7b3591fd913ecca96fb766cfd3f2e2502ab7bc87a5"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "der"
+version = "0.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f1a467a65c5e759bce6e65eaf91cc29f466cdc57cb65777bd646872a8a1fd4de"
+dependencies = [
+ "const-oid",
+ "der_derive",
+ "flagset",
+ "zeroize",
+]
+
+[[package]]
+name = "der_derive"
+version = "0.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8ef71ddb5b3a1f53dee24817c8f70dfa1cb29e804c18d88c228d4bc9c86ee3b9"
+dependencies = [
+ "proc-macro-error",
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "derive_more"
+version = "0.99.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4fb810d30a7c1953f91334de7244731fc3f3c10d7fe163338a35b9f640960321"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "digest"
+version = "0.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f3d0c8c8752312f9713efd397ff63acb9f85585afbf179282e720e7704954dd5"
+dependencies = [
+ "generic-array 0.12.4",
+]
+
+[[package]]
+name = "digest"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066"
+dependencies = [
+ "generic-array 0.14.6",
+]
+
+[[package]]
+name = "digest"
+version = "0.10.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8168378f4e5023e7218c89c891c0fd8ecdb5e5e4f18cb78f38cf245dd021e76f"
+dependencies = [
+ "block-buffer 0.10.3",
+ "crypto-common",
+ "subtle",
+]
+
+[[package]]
+name = "downcast-rs"
+version = "1.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9ea835d29036a4087793836fa931b08837ad5e957da9e23886b29586fb9b6650"
+
+[[package]]
+name = "dyn-clonable"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4e9232f0e607a262ceb9bd5141a3dfb3e4db6994b31989bbfd845878cba59fd4"
+dependencies = [
+ "dyn-clonable-impl",
+ "dyn-clone",
+]
+
+[[package]]
+name = "dyn-clonable-impl"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "558e40ea573c374cf53507fd240b7ee2f5477df7cfebdb97323ec61c719399c5"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "dyn-clone"
+version = "1.0.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c9b0705efd4599c15a38151f4721f7bc388306f61084d3bfd50bd07fbca5cb60"
+
+[[package]]
+name = "ecdsa"
+version = "0.14.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "413301934810f597c1d19ca71c8710e99a3f1ba28a0d2ebc01551a2daeea3c5c"
+dependencies = [
+ "der",
+ "elliptic-curve",
+ "rfc6979",
+ "signature",
+]
+
+[[package]]
+name = "ed25519"
+version = "1.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1e9c280362032ea4203659fc489832d0204ef09f247a0506f170dafcac08c369"
+dependencies = [
+ "signature",
+]
+
+[[package]]
+name = "ed25519-dalek"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c762bae6dcaf24c4c84667b8579785430908723d5c889f469d76a41d59cc7a9d"
+dependencies = [
+ "curve25519-dalek 3.2.0",
+ "ed25519",
+ "sha2 0.9.9",
+ "zeroize",
+]
+
+[[package]]
+name = "ed25519-zebra"
+version = "3.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7c24f403d068ad0b359e577a77f92392118be3f3c927538f2bb544a5ecd828c6"
+dependencies = [
+ "curve25519-dalek 3.2.0",
+ "hashbrown",
+ "hex",
+ "rand_core 0.6.4",
+ "sha2 0.9.9",
+ "zeroize",
+]
+
+[[package]]
+name = "either"
+version = "1.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "90e5c1c8368803113bf0c9584fc495a58b86dc8a29edbf8fe877d21d9507e797"
+
+[[package]]
+name = "elliptic-curve"
+version = "0.12.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e7bb888ab5300a19b8e5bceef25ac745ad065f3c9f7efc6de1b91958110891d3"
+dependencies = [
+ "base16ct",
+ "crypto-bigint",
+ "der",
+ "digest 0.10.6",
+ "ff",
+ "generic-array 0.14.6",
+ "group",
+ "rand_core 0.6.4",
+ "sec1",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "environmental"
+version = "1.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e48c92028aaa870e83d51c64e5d4e0b6981b360c522198c23959f219a4e1b15b"
+
+[[package]]
+name = "errno"
+version = "0.2.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f639046355ee4f37944e44f60642c6f3a7efa3cf6b78c78a0d989a8ce6c396a1"
+dependencies = [
+ "errno-dragonfly",
+ "libc",
+ "winapi",
+]
+
+[[package]]
+name = "errno-dragonfly"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "aa68f1b12764fab894d2755d2518754e71b4fd80ecfb822714a1206c2aab39bf"
+dependencies = [
+ "cc",
+ "libc",
+]
+
+[[package]]
+name = "fake-simd"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e88a8acf291dafb59c2d96e8f59828f3838bb1a70398823ade51a84de6a6deed"
+
+[[package]]
+name = "fallible-iterator"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4443176a9f2c162692bd3d352d745ef9413eec5782a80d8fd6f8a1ac692a07f7"
+
+[[package]]
+name = "ff"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d013fc25338cc558c5c2cfbad646908fb23591e2404481826742b651c9af7160"
+dependencies = [
+ "rand_core 0.6.4",
+ "subtle",
+]
+
+[[package]]
+name = "fixed-hash"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "835c052cb0c08c1acf6ffd71c022172e18723949c8282f2b9f27efbc51e64534"
+dependencies = [
+ "byteorder",
+ "rand 0.8.5",
+ "rustc-hex",
+ "static_assertions",
+]
+
+[[package]]
+name = "flagset"
+version = "0.4.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cda653ca797810c02f7ca4b804b40b8b95ae046eb989d356bce17919a8c25499"
+
+[[package]]
+name = "frame-metadata"
+version = "15.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "df6bb8542ef006ef0de09a5c4420787d79823c0ed7924225822362fd2bf2ff2d"
+dependencies = [
+ "cfg-if",
+ "parity-scale-codec",
+ "scale-info",
+ "serde",
+]
+
+[[package]]
+name = "frame-support"
+version = "4.0.0-dev"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "bitflags",
+ "frame-metadata",
+ "frame-support-procedural",
+ "impl-trait-for-tuples",
+ "k256",
+ "log",
+ "once_cell",
+ "parity-scale-codec",
+ "paste",
+ "scale-info",
+ "serde",
+ "smallvec",
+ "sp-api",
+ "sp-arithmetic",
+ "sp-core",
+ "sp-core-hashing-proc-macro",
+ "sp-inherents",
+ "sp-io",
+ "sp-runtime",
+ "sp-staking",
+ "sp-state-machine",
+ "sp-std",
+ "sp-tracing",
+ "sp-weights",
+ "tt-call",
+]
+
+[[package]]
+name = "frame-support-procedural"
+version = "4.0.0-dev"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "Inflector",
+ "cfg-expr",
+ "frame-support-procedural-tools",
+ "itertools",
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "frame-support-procedural-tools"
+version = "4.0.0-dev"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "frame-support-procedural-tools-derive",
+ "proc-macro-crate",
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "frame-support-procedural-tools-derive"
+version = "3.0.0"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "funty"
+version = "2.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e6d5a32815ae3f33302d95fdcb2ce17862f8c65363dcfd29360480ba1001fc9c"
+
+[[package]]
+name = "futures"
+version = "0.3.25"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "38390104763dc37a5145a53c29c63c1290b5d316d6086ec32c293f6736051bb0"
+dependencies = [
+ "futures-channel",
+ "futures-core",
+ "futures-executor",
+ "futures-io",
+ "futures-sink",
+ "futures-task",
+ "futures-util",
+]
+
+[[package]]
+name = "futures-channel"
+version = "0.3.25"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "52ba265a92256105f45b719605a571ffe2d1f0fea3807304b522c1d778f79eed"
+dependencies = [
+ "futures-core",
+ "futures-sink",
+]
+
+[[package]]
+name = "futures-core"
+version = "0.3.25"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "04909a7a7e4633ae6c4a9ab280aeb86da1236243a77b694a49eacd659a4bd3ac"
+
+[[package]]
+name = "futures-executor"
+version = "0.3.25"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7acc85df6714c176ab5edf386123fafe217be88c0840ec11f199441134a074e2"
+dependencies = [
+ "futures-core",
+ "futures-task",
+ "futures-util",
+ "num_cpus",
+]
+
+[[package]]
+name = "futures-io"
+version = "0.3.25"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "00f5fb52a06bdcadeb54e8d3671f8888a39697dcb0b81b23b55174030427f4eb"
+
+[[package]]
+name = "futures-macro"
+version = "0.3.25"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bdfb8ce053d86b91919aad980c220b1fb8401a9394410e1c289ed7e66b61835d"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "futures-sink"
+version = "0.3.25"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "39c15cf1a4aa79df40f1bb462fb39676d0ad9e366c2a33b590d7c66f4f81fcf9"
+
+[[package]]
+name = "futures-task"
+version = "0.3.25"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2ffb393ac5d9a6eaa9d3fdf37ae2776656b706e200c8e16b1bdb227f5198e6ea"
+
+[[package]]
+name = "futures-util"
+version = "0.3.25"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "197676987abd2f9cadff84926f410af1c183608d36641465df73ae8211dc65d6"
+dependencies = [
+ "futures-channel",
+ "futures-core",
+ "futures-io",
+ "futures-macro",
+ "futures-sink",
+ "futures-task",
+ "memchr",
+ "pin-project-lite",
+ "pin-utils",
+ "slab",
+]
+
+[[package]]
+name = "generic-array"
+version = "0.12.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ffdf9f34f1447443d37393cc6c2b8313aebddcd96906caf34e54c68d8e57d7bd"
+dependencies = [
+ "typenum",
+]
+
+[[package]]
+name = "generic-array"
+version = "0.14.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bff49e947297f3312447abdca79f45f4738097cc82b06e72054d2223f601f1b9"
+dependencies = [
+ "typenum",
+ "version_check",
+]
+
+[[package]]
+name = "getrandom"
+version = "0.1.16"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8fc3cb4d91f53b50155bdcfd23f6a4c39ae1969c2ae85982b135750cccaf5fce"
+dependencies = [
+ "cfg-if",
+ "js-sys",
+ "libc",
+ "wasi 0.9.0+wasi-snapshot-preview1",
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "getrandom"
+version = "0.2.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c05aeb6a22b8f62540c194aac980f2115af067bfe15a0734d7277a768d396b31"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "wasi 0.11.0+wasi-snapshot-preview1",
+]
+
+[[package]]
+name = "gimli"
+version = "0.26.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "22030e2c5a68ec659fde1e949a745124b48e6fa8b045b7ed5bd1fe4ccc5c4e5d"
+dependencies = [
+ "fallible-iterator",
+ "stable_deref_trait",
+]
+
+[[package]]
+name = "gimli"
+version = "0.27.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dec7af912d60cdbd3677c1af9352ebae6fb8394d165568a2234df0fa00f87793"
+
+[[package]]
+name = "group"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5dfbfb3a6cfbd390d5c9564ab283a0349b9b9fcd46a706c1eb10e0db70bfbac7"
+dependencies = [
+ "ff",
+ "rand_core 0.6.4",
+ "subtle",
+]
+
+[[package]]
+name = "hash-db"
+version = "0.15.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d23bd4e7b5eda0d0f3a307e8b381fdc8ba9000f26fbe912250c0a4cc3956364a"
+
+[[package]]
+name = "hash256-std-hasher"
+version = "0.15.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "92c171d55b98633f4ed3860808f004099b36c1cc29c42cfc53aa8591b21efcf2"
+dependencies = [
+ "crunchy",
+]
+
+[[package]]
+name = "hashbrown"
+version = "0.12.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888"
+dependencies = [
+ "ahash",
+]
+
+[[package]]
+name = "hermit-abi"
+version = "0.2.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ee512640fe35acbfb4bb779db6f0d80704c2cacfa2e39b601ef3e3f47d1ae4c7"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "hex"
+version = "0.4.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
+
+[[package]]
+name = "hex-literal"
+version = "0.3.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7ebdb29d2ea9ed0083cd8cece49bbd968021bd99b0849edb4a9a7ee0fdf6a4e0"
+
+[[package]]
+name = "hmac"
+version = "0.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "126888268dcc288495a26bf004b38c5fdbb31682f992c84ceb046a1f0fe38840"
+dependencies = [
+ "crypto-mac 0.8.0",
+ "digest 0.9.0",
+]
+
+[[package]]
+name = "hmac"
+version = "0.11.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2a2a2320eb7ec0ebe8da8f744d7812d9fc4cb4d09344ac01898dbcb6a20ae69b"
+dependencies = [
+ "crypto-mac 0.11.1",
+ "digest 0.9.0",
+]
+
+[[package]]
+name = "hmac"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
+dependencies = [
+ "digest 0.10.6",
+]
+
+[[package]]
+name = "hmac-drbg"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "17ea0a1394df5b6574da6e0c1ade9e78868c9fb0a4e5ef4428e32da4676b85b1"
+dependencies = [
+ "digest 0.9.0",
+ "generic-array 0.14.6",
+ "hmac 0.8.1",
+]
+
+[[package]]
+name = "iana-time-zone"
+version = "0.1.53"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "64c122667b287044802d6ce17ee2ddf13207ed924c712de9a66a5814d5b64765"
+dependencies = [
+ "android_system_properties",
+ "core-foundation-sys",
+ "iana-time-zone-haiku",
+ "js-sys",
+ "wasm-bindgen",
+ "winapi",
+]
+
+[[package]]
+name = "iana-time-zone-haiku"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0703ae284fc167426161c2e3f1da3ea71d94b21bedbcc9494e92b28e334e3dca"
+dependencies = [
+ "cxx",
+ "cxx-build",
+]
+
+[[package]]
+name = "impl-codec"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ba6a270039626615617f3f36d15fc827041df3b78c439da2cadfa47455a77f2f"
+dependencies = [
+ "parity-scale-codec",
+]
+
+[[package]]
+name = "impl-serde"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ebc88fc67028ae3db0c853baa36269d398d5f45b6982f95549ff5def78c935cd"
+dependencies = [
+ "serde",
+]
+
+[[package]]
+name = "impl-trait-for-tuples"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "11d7a9f6330b71fea57921c9b61c47ee6e84f72d394754eff6163ae67e7395eb"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "indexmap"
+version = "1.9.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1885e79c1fc4b10f0e172c475f458b7f7b93061064d98c3293e98c5ba0c8b399"
+dependencies = [
+ "autocfg",
+ "hashbrown",
+ "serde",
+]
+
+[[package]]
+name = "integer-sqrt"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "276ec31bcb4a9ee45f58bec6f9ec700ae4cf4f4f8f2fa7e06cb406bd5ffdd770"
+dependencies = [
+ "num-traits",
+]
+
+[[package]]
+name = "io-lifetimes"
+version = "0.7.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "59ce5ef949d49ee85593fc4d3f3f95ad61657076395cbbce23e2121fc5542074"
+
+[[package]]
+name = "itertools"
+version = "0.10.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b0fd2260e829bddf4cb6ea802289de2f86d6a7a690192fbe91b3f46e0f2c8473"
+dependencies = [
+ "either",
+]
+
+[[package]]
+name = "itoa"
+version = "1.0.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fad582f4b9e86b6caa621cabeb0963332d92eea04729ab12892c2533951e6440"
+
+[[package]]
+name = "jobserver"
+version = "0.1.25"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "068b1ee6743e4d11fb9c6a1e6064b3693a1b600e7f5f5988047d98b3dc9fb90b"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "js-sys"
+version = "0.3.60"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "49409df3e3bf0856b916e2ceaca09ee28e6871cf7d9ce97a692cacfdb2a25a47"
+dependencies = [
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "k256"
+version = "0.11.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "72c1e0b51e7ec0a97369623508396067a486bd0cbed95a2659a4b863d28cfc8b"
+dependencies = [
+ "cfg-if",
+ "ecdsa",
+ "elliptic-curve",
+ "sha2 0.10.6",
+]
+
+[[package]]
+name = "keccak"
+version = "0.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3afef3b6eff9ce9d8ff9b3601125eec7f0c8cbac7abd14f355d053fa56c98768"
+dependencies = [
+ "cpufeatures",
+]
+
+[[package]]
+name = "lazy_static"
+version = "1.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
+
+[[package]]
+name = "libc"
+version = "0.2.139"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "201de327520df007757c1f0adce6e827fe8562fbc28bfd9c15571c66ca1f5f79"
+
+[[package]]
+name = "libfuzzer-sys"
+version = "0.4.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c8fff891139ee62800da71b7fd5b508d570b9ad95e614a53c6f453ca08366038"
+dependencies = [
+ "arbitrary",
+ "cc",
+ "once_cell",
+]
+
+[[package]]
+name = "libm"
+version = "0.2.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "348108ab3fba42ec82ff6e9564fc4ca0247bdccdc68dd8af9764bbc79c3c8ffb"
+
+[[package]]
+name = "libsecp256k1"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "95b09eff1b35ed3b33b877ced3a691fc7a481919c7e29c53c906226fcf55e2a1"
+dependencies = [
+ "arrayref",
+ "base64",
+ "digest 0.9.0",
+ "hmac-drbg",
+ "libsecp256k1-core",
+ "libsecp256k1-gen-ecmult",
+ "libsecp256k1-gen-genmult",
+ "rand 0.8.5",
+ "serde",
+ "sha2 0.9.9",
+ "typenum",
+]
+
+[[package]]
+name = "libsecp256k1-core"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5be9b9bb642d8522a44d533eab56c16c738301965504753b03ad1de3425d5451"
+dependencies = [
+ "crunchy",
+ "digest 0.9.0",
+ "subtle",
+]
+
+[[package]]
+name = "libsecp256k1-gen-ecmult"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3038c808c55c87e8a172643a7d87187fc6c4174468159cb3090659d55bcb4809"
+dependencies = [
+ "libsecp256k1-core",
+]
+
+[[package]]
+name = "libsecp256k1-gen-genmult"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3db8d6ba2cec9eacc40e6e8ccc98931840301f1006e95647ceb2dd5c3aa06f7c"
+dependencies = [
+ "libsecp256k1-core",
+]
+
+[[package]]
+name = "link-cplusplus"
+version = "1.0.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ecd207c9c713c34f95a097a5b029ac2ce6010530c7b49d7fea24d977dede04f5"
+dependencies = [
+ "cc",
+]
+
+[[package]]
+name = "linux-raw-sys"
+version = "0.0.46"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d4d2456c373231a208ad294c33dc5bff30051eafd954cd4caae83a712b12854d"
+
+[[package]]
+name = "lock_api"
+version = "0.4.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "435011366fe56583b16cf956f9df0095b405b82d76425bc8981c0e22e60ec4df"
+dependencies = [
+ "autocfg",
+ "scopeguard",
+]
+
+[[package]]
+name = "log"
+version = "0.4.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e"
+dependencies = [
+ "cfg-if",
+]
+
+[[package]]
+name = "lru"
+version = "0.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b6e8aaa3f231bb4bd57b84b2d5dc3ae7f350265df8aa96492e0bc394a1571909"
+dependencies = [
+ "hashbrown",
+]
+
+[[package]]
+name = "mach"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b823e83b2affd8f40a9ee8c29dbc56404c1e34cd2710921f2801e2cf29527afa"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "matchers"
+version = "0.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f099785f7595cc4b4553a174ce30dd7589ef93391ff414dbb67f62392b9e0ce1"
+dependencies = [
+ "regex-automata",
+]
+
+[[package]]
+name = "memchr"
+version = "2.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d"
+
+[[package]]
+name = "memoffset"
+version = "0.6.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5aa361d4faea93603064a027415f07bd8e1d5c88c9fbf68bf56a285428fd79ce"
+dependencies = [
+ "autocfg",
+]
+
+[[package]]
+name = "memory-db"
+version = "0.31.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5e0c7cba9ce19ac7ffd2053ac9f49843bbd3f4318feedfd74e85c19d5fb0ba66"
+dependencies = [
+ "hash-db",
+ "hashbrown",
+]
+
+[[package]]
+name = "memory_units"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8452105ba047068f40ff7093dd1d9da90898e63dd61736462e9cdda6a90ad3c3"
+
+[[package]]
+name = "merlin"
+version = "2.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4e261cf0f8b3c42ded9f7d2bb59dea03aa52bc8a1cbc7482f9fc3fd1229d3b42"
+dependencies = [
+ "byteorder",
+ "keccak",
+ "rand_core 0.5.1",
+ "zeroize",
+]
+
+[[package]]
+name = "miniz_oxide"
+version = "0.6.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b275950c28b37e794e8c55d88aeb5e139d0ce23fdbbeda68f8d7174abdf9e8fa"
+dependencies = [
+ "adler",
+]
+
+[[package]]
+name = "nohash-hasher"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2bf50223579dc7cdcfb3bfcacf7069ff68243f8c363f62ffa99cf000a6b9c451"
+
+[[package]]
+name = "num-bigint"
+version = "0.4.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f93ab6289c7b344a8a9f60f88d80aa20032336fe78da341afc91c8a2341fc75f"
+dependencies = [
+ "autocfg",
+ "num-integer",
+ "num-traits",
+]
+
+[[package]]
+name = "num-derive"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "876a53fff98e03a936a674b29568b0e605f06b29372c2489ff4de23f1949743d"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "num-format"
+version = "0.4.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a652d9771a63711fd3c3deb670acfbe5c30a4072e664d7a3bf5a9e1056ac72c3"
+dependencies = [
+ "arrayvec 0.7.2",
+ "itoa",
+]
+
+[[package]]
+name = "num-integer"
+version = "0.1.45"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9"
+dependencies = [
+ "autocfg",
+ "num-traits",
+]
+
+[[package]]
+name = "num-rational"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0638a1c9d0a3c0914158145bc76cff373a75a627e6ecbfb71cbe6f453a5a19b0"
+dependencies = [
+ "autocfg",
+ "num-bigint",
+ "num-integer",
+ "num-traits",
+]
+
+[[package]]
+name = "num-traits"
+version = "0.2.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "578ede34cf02f8924ab9447f50c28075b4d3e5b269972345e7e0372b38c6cdcd"
+dependencies = [
+ "autocfg",
+]
+
+[[package]]
+name = "num_cpus"
+version = "1.15.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0fac9e2da13b5eb447a6ce3d392f23a29d8694bff781bf03a16cd9ac8697593b"
+dependencies = [
+ "hermit-abi",
+ "libc",
+]
+
+[[package]]
+name = "object"
+version = "0.29.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "21158b2c33aa6d4561f1c0a6ea283ca92bc54802a93b263e910746d679a7eb53"
+dependencies = [
+ "crc32fast",
+ "hashbrown",
+ "indexmap",
+ "memchr",
+]
+
+[[package]]
+name = "object"
+version = "0.30.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2b8c786513eb403643f2a88c244c2aaa270ef2153f55094587d0c48a3cf22a83"
+dependencies = [
+ "memchr",
+]
+
+[[package]]
+name = "once_cell"
+version = "1.17.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6f61fba1741ea2b3d6a1e3178721804bb716a68a6aeba1149b5d52e3d464ea66"
+
+[[package]]
+name = "opaque-debug"
+version = "0.2.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2839e79665f131bdb5782e51f2c6c9599c133c6098982a54c794358bf432529c"
+
+[[package]]
+name = "opaque-debug"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"
+
+[[package]]
+name = "parity-scale-codec"
+version = "3.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "366e44391a8af4cfd6002ef6ba072bae071a96aafca98d7d448a34c5dca38b6a"
+dependencies = [
+ "arrayvec 0.7.2",
+ "bitvec",
+ "byte-slice-cast",
+ "bytes",
+ "impl-trait-for-tuples",
+ "parity-scale-codec-derive",
+ "serde",
+]
+
+[[package]]
+name = "parity-scale-codec-derive"
+version = "3.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9299338969a3d2f491d65f140b00ddec470858402f888af98e8642fb5e8965cd"
+dependencies = [
+ "proc-macro-crate",
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "parity-wasm"
+version = "0.45.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e1ad0aff30c1da14b1254fcb2af73e1fa9a28670e584a626f53a369d0e157304"
+
+[[package]]
+name = "parking_lot"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f"
+dependencies = [
+ "lock_api",
+ "parking_lot_core",
+]
+
+[[package]]
+name = "parking_lot_core"
+version = "0.9.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7ff9f3fef3968a3ec5945535ed654cb38ff72d7495a25619e2247fb15a2ed9ba"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "redox_syscall",
+ "smallvec",
+ "windows-sys 0.42.0",
+]
+
+[[package]]
+name = "paste"
+version = "1.0.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d01a5bd0424d00070b0098dd17ebca6f961a959dead1dbcbbbc1d1cd8d3deeba"
+
+[[package]]
+name = "pbkdf2"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "216eaa586a190f0a738f2f918511eecfa90f13295abec0e457cdebcceda80cbd"
+dependencies = [
+ "crypto-mac 0.8.0",
+]
+
+[[package]]
+name = "pbkdf2"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d95f5254224e617595d2cc3cc73ff0a5eaf2637519e25f03388154e9378b6ffa"
+dependencies = [
+ "crypto-mac 0.11.1",
+]
+
+[[package]]
+name = "pin-project-lite"
+version = "0.2.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e0a7ae3ac2f1173085d398531c705756c94a4c56843785df85a60c1a0afac116"
+
+[[package]]
+name = "pin-utils"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
+
+[[package]]
+name = "pkcs8"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9eca2c590a5f85da82668fa685c09ce2888b9430e83299debf1f34b65fd4a4ba"
+dependencies = [
+ "der",
+ "spki",
+]
+
+[[package]]
+name = "ppv-lite86"
+version = "0.2.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de"
+
+[[package]]
+name = "primitive-types"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9f3486ccba82358b11a77516035647c34ba167dfa53312630de83b12bd4f3d66"
+dependencies = [
+ "fixed-hash",
+ "impl-codec",
+ "impl-serde",
+ "scale-info",
+ "uint",
+]
+
+[[package]]
+name = "proc-macro-crate"
+version = "1.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "eda0fc3b0fb7c975631757e14d9049da17374063edb6ebbcbc54d880d4fe94e9"
+dependencies = [
+ "once_cell",
+ "thiserror",
+ "toml",
+]
+
+[[package]]
+name = "proc-macro-error"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c"
+dependencies = [
+ "proc-macro-error-attr",
+ "proc-macro2",
+ "quote",
+ "syn",
+ "version_check",
+]
+
+[[package]]
+name = "proc-macro-error-attr"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "version_check",
+]
+
+[[package]]
+name = "proc-macro2"
+version = "1.0.49"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "57a8eca9f9c4ffde41714334dee777596264c7825420f521abc92b5b5deb63a5"
+dependencies = [
+ "unicode-ident",
+]
+
+[[package]]
+name = "psm"
+version = "0.1.21"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5787f7cda34e3033a72192c018bc5883100330f362ef279a8cbccfce8bb4e874"
+dependencies = [
+ "cc",
+]
+
+[[package]]
+name = "ptr_meta"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0738ccf7ea06b608c10564b31debd4f5bc5e197fc8bfe088f68ae5ce81e7a4f1"
+dependencies = [
+ "ptr_meta_derive",
+]
+
+[[package]]
+name = "ptr_meta_derive"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "16b845dbfca988fa33db069c0e230574d15a3088f147a87b64c7589eb662c9ac"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "quote"
+version = "1.0.23"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8856d8364d252a14d474036ea1358d63c9e6965c8e5c1885c18f73d70bff9c7b"
+dependencies = [
+ "proc-macro2",
+]
+
+[[package]]
+name = "radium"
+version = "0.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dc33ff2d4973d518d823d61aa239014831e521c75da58e3df4840d3f47749d09"
+
+[[package]]
+name = "rand"
+version = "0.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03"
+dependencies = [
+ "getrandom 0.1.16",
+ "libc",
+ "rand_chacha 0.2.2",
+ "rand_core 0.5.1",
+ "rand_hc",
+ "rand_pcg",
+]
+
+[[package]]
+name = "rand"
+version = "0.8.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
+dependencies = [
+ "libc",
+ "rand_chacha 0.3.1",
+ "rand_core 0.6.4",
+]
+
+[[package]]
+name = "rand_chacha"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402"
+dependencies = [
+ "ppv-lite86",
+ "rand_core 0.5.1",
+]
+
+[[package]]
+name = "rand_chacha"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
+dependencies = [
+ "ppv-lite86",
+ "rand_core 0.6.4",
+]
+
+[[package]]
+name = "rand_core"
+version = "0.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19"
+dependencies = [
+ "getrandom 0.1.16",
+]
+
+[[package]]
+name = "rand_core"
+version = "0.6.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
+dependencies = [
+ "getrandom 0.2.8",
+]
+
+[[package]]
+name = "rand_hc"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c"
+dependencies = [
+ "rand_core 0.5.1",
+]
+
+[[package]]
+name = "rand_pcg"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "16abd0c1b639e9eb4d7c50c0b8100b0d0f849be2349829c740fe8e6eb4816429"
+dependencies = [
+ "rand_core 0.5.1",
+]
+
+[[package]]
+name = "redox_syscall"
+version = "0.2.16"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a"
+dependencies = [
+ "bitflags",
+]
+
+[[package]]
+name = "ref-cast"
+version = "1.0.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8c78fb8c9293bcd48ef6fce7b4ca950ceaf21210de6e105a883ee280c0f7b9ed"
+dependencies = [
+ "ref-cast-impl",
+]
+
+[[package]]
+name = "ref-cast-impl"
+version = "1.0.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9f9c0c92af03644e4806106281fe2e068ac5bc0ae74a707266d06ea27bccee5f"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "regex"
+version = "1.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "48aaa5748ba571fb95cd2c85c09f629215d3a6ece942baa100950af03a34f733"
+dependencies = [
+ "aho-corasick",
+ "memchr",
+ "regex-syntax",
+]
+
+[[package]]
+name = "regex-automata"
+version = "0.1.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132"
+dependencies = [
+ "regex-syntax",
+]
+
+[[package]]
+name = "regex-syntax"
+version = "0.6.28"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "456c603be3e8d448b072f410900c09faf164fbce2d480456f50eea6e25f9c848"
+
+[[package]]
+name = "rfc6979"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7743f17af12fa0b03b803ba12cd6a8d9483a587e89c69445e3909655c0b9fabb"
+dependencies = [
+ "crypto-bigint",
+ "hmac 0.12.1",
+ "zeroize",
+]
+
+[[package]]
+name = "ring"
+version = "0.16.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc"
+dependencies = [
+ "cc",
+ "libc",
+ "once_cell",
+ "spin",
+ "untrusted",
+ "web-sys",
+ "winapi",
+]
+
+[[package]]
+name = "ring"
+version = "0.16.20"
+source = "git+https://github.com/Niederb/ring-xous.git?branch=0.16.20-cleanup#8b2f60a7d4a063e2170cd47bc5591c39f49ca825"
+dependencies = [
+ "cc",
+ "libc",
+ "log",
+ "once_cell",
+ "rkyv",
+ "spin",
+ "untrusted",
+ "winapi",
+ "xous",
+ "xous-api-names",
+ "xous-ipc",
+]
+
+[[package]]
+name = "rkyv"
+version = "0.4.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "70de01b38fe7baba4ecdd33b777096d2b326993d8ea99bc5b6ede691883d3010"
+dependencies = [
+ "memoffset",
+ "ptr_meta",
+ "rkyv_derive",
+]
+
+[[package]]
+name = "rkyv_derive"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "95a169f6bc5a81033e86ed39d0f4150e2608160b73d2b93c6e8e6a3efa873f14"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "rustc-demangle"
+version = "0.1.21"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7ef03e0a2b150c7a90d01faf6254c9c48a41e95fb2a8c2ac1c6f0d2b9aefc342"
+
+[[package]]
+name = "rustc-hash"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
+
+[[package]]
+name = "rustc-hex"
+version = "2.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3e75f6a532d0fd9f7f13144f392b6ad56a32696bfcd9c78f797f16bbb6f072d6"
+
+[[package]]
+name = "rustix"
+version = "0.35.13"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "727a1a6d65f786ec22df8a81ca3121107f235970dc1705ed681d3e6e8b9cd5f9"
+dependencies = [
+ "bitflags",
+ "errno",
+ "io-lifetimes",
+ "libc",
+ "linux-raw-sys",
+ "windows-sys 0.42.0",
+]
+
+[[package]]
+name = "ryu"
+version = "1.0.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7b4b9743ed687d4b4bcedf9ff5eaa7398495ae14e61cba0a295704edbc7decde"
+
+[[package]]
+name = "scale-info"
+version = "2.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "001cf62ece89779fd16105b5f515ad0e5cedcd5440d3dd806bb067978e7c3608"
+dependencies = [
+ "bitvec",
+ "cfg-if",
+ "derive_more",
+ "parity-scale-codec",
+ "scale-info-derive",
+ "serde",
+]
+
+[[package]]
+name = "scale-info-derive"
+version = "2.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "303959cf613a6f6efd19ed4b4ad5bf79966a13352716299ad532cfb115f4205c"
+dependencies = [
+ "proc-macro-crate",
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "schnorrkel"
+version = "0.9.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "021b403afe70d81eea68f6ea12f6b3c9588e5d536a94c3bf80f15e7faa267862"
+dependencies = [
+ "arrayref",
+ "arrayvec 0.5.2",
+ "curve25519-dalek 2.1.3",
+ "getrandom 0.1.16",
+ "merlin",
+ "rand 0.7.3",
+ "rand_core 0.5.1",
+ "sha2 0.8.2",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "scopeguard"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd"
+
+[[package]]
+name = "scratch"
+version = "1.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ddccb15bcce173023b3fedd9436f882a0739b8dfb45e4f6b6002bee5929f61b2"
+
+[[package]]
+name = "sec1"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3be24c1842290c45df0a7bf069e0c268a747ad05a192f2fd7dcfdbc1cba40928"
+dependencies = [
+ "base16ct",
+ "der",
+ "generic-array 0.14.6",
+ "pkcs8",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "secp256k1"
+version = "0.24.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d9512ffd81e3a3503ed401f79c33168b9148c75038956039166cd750eaa037c3"
+dependencies = [
+ "secp256k1-sys",
+]
+
+[[package]]
+name = "secp256k1-sys"
+version = "0.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "83080e2c2fc1006e625be82e5d1eb6a43b7fd9578b617fcc55814daf286bba4b"
+dependencies = [
+ "cc",
+]
+
+[[package]]
+name = "secrecy"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9bd1c54ea06cfd2f6b63219704de0b9b4f72dcc2b8fdef820be6cd799780e91e"
+dependencies = [
+ "zeroize",
+]
+
+[[package]]
+name = "serde"
+version = "1.0.152"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bb7d1f0d3021d347a83e556fc4683dea2ea09d87bccdf88ff5c12545d89d5efb"
+dependencies = [
+ "serde_derive",
+]
+
+[[package]]
+name = "serde_derive"
+version = "1.0.152"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "af487d118eecd09402d70a5d72551860e788df87b464af30e5ea6a38c75c541e"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "serde_json"
+version = "1.0.91"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "877c235533714907a8c2464236f5c4b2a17262ef1bd71f38f35ea592c8da6883"
+dependencies = [
+ "itoa",
+ "ryu",
+ "serde",
+]
+
+[[package]]
+name = "sgx-verify"
+version = "0.1.4"
+dependencies = [
+ "base64",
+ "chrono",
+ "der",
+ "frame-support",
+ "hex",
+ "parity-scale-codec",
+ "ring 0.16.20 (git+https://github.com/Niederb/ring-xous.git?branch=0.16.20-cleanup)",
+ "scale-info",
+ "serde",
+ "serde_json",
+ "sp-core",
+ "sp-io",
+ "sp-std",
+ "teerex-primitives",
+ "webpki",
+ "x509-cert",
+]
+
+[[package]]
+name = "sgx-verify-fuzz"
+version = "0.0.0"
+dependencies = [
+ "base64",
+ "hex-literal",
+ "libfuzzer-sys",
+ "parity-scale-codec",
+ "serde_json",
+ "sgx-verify",
+ "webpki",
+]
+
+[[package]]
+name = "sha2"
+version = "0.8.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a256f46ea78a0c0d9ff00077504903ac881a1dafdc20da66545699e7776b3e69"
+dependencies = [
+ "block-buffer 0.7.3",
+ "digest 0.8.1",
+ "fake-simd",
+ "opaque-debug 0.2.3",
+]
+
+[[package]]
+name = "sha2"
+version = "0.9.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4d58a1e1bf39749807d89cf2d98ac2dfa0ff1cb3faa38fbb64dd88ac8013d800"
+dependencies = [
+ "block-buffer 0.9.0",
+ "cfg-if",
+ "cpufeatures",
+ "digest 0.9.0",
+ "opaque-debug 0.3.0",
+]
+
+[[package]]
+name = "sha2"
+version = "0.10.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "82e6b795fe2e3b1e845bafcb27aa35405c4d47cdfc92af5fc8d3002f76cebdc0"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "digest 0.10.6",
+]
+
+[[package]]
+name = "sha3"
+version = "0.10.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bdf0c33fae925bdc080598b84bc15c55e7b9a4a43b3c704da051f977469691c9"
+dependencies = [
+ "digest 0.10.6",
+ "keccak",
+]
+
+[[package]]
+name = "sharded-slab"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "900fba806f70c630b0a382d0d825e17a0f19fcd059a2ade1ff237bcddf446b31"
+dependencies = [
+ "lazy_static",
+]
+
+[[package]]
+name = "signature"
+version = "1.6.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c"
+dependencies = [
+ "digest 0.10.6",
+ "rand_core 0.6.4",
+]
+
+[[package]]
+name = "slab"
+version = "0.4.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4614a76b2a8be0058caa9dbbaf66d988527d86d003c11a94fbd335d7661edcef"
+dependencies = [
+ "autocfg",
+]
+
+[[package]]
+name = "smallvec"
+version = "1.10.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a507befe795404456341dfab10cef66ead4c041f62b8b11bbb92bffe5d0953e0"
+
+[[package]]
+name = "sp-api"
+version = "4.0.0-dev"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "hash-db",
+ "log",
+ "parity-scale-codec",
+ "sp-api-proc-macro",
+ "sp-core",
+ "sp-runtime",
+ "sp-state-machine",
+ "sp-std",
+ "sp-trie",
+ "sp-version",
+ "thiserror",
+]
+
+[[package]]
+name = "sp-api-proc-macro"
+version = "4.0.0-dev"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "blake2",
+ "proc-macro-crate",
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "sp-application-crypto"
+version = "7.0.0"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "parity-scale-codec",
+ "scale-info",
+ "serde",
+ "sp-core",
+ "sp-io",
+ "sp-std",
+]
+
+[[package]]
+name = "sp-arithmetic"
+version = "6.0.0"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "integer-sqrt",
+ "num-traits",
+ "parity-scale-codec",
+ "scale-info",
+ "serde",
+ "sp-debug-derive",
+ "sp-std",
+ "static_assertions",
+]
+
+[[package]]
+name = "sp-core"
+version = "7.0.0"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "array-bytes",
+ "base58",
+ "bitflags",
+ "blake2",
+ "byteorder",
+ "dyn-clonable",
+ "ed25519-zebra",
+ "futures",
+ "hash-db",
+ "hash256-std-hasher",
+ "impl-serde",
+ "lazy_static",
+ "libsecp256k1",
+ "log",
+ "merlin",
+ "num-traits",
+ "parity-scale-codec",
+ "parking_lot",
+ "primitive-types",
+ "rand 0.7.3",
+ "regex",
+ "scale-info",
+ "schnorrkel",
+ "secp256k1",
+ "secrecy",
+ "serde",
+ "sp-core-hashing",
+ "sp-debug-derive",
+ "sp-externalities",
+ "sp-runtime-interface",
+ "sp-std",
+ "sp-storage",
+ "ss58-registry",
+ "substrate-bip39",
+ "thiserror",
+ "tiny-bip39",
+ "wasmi",
+ "zeroize",
+]
+
+[[package]]
+name = "sp-core-hashing"
+version = "5.0.0"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "blake2",
+ "byteorder",
+ "digest 0.10.6",
+ "sha2 0.10.6",
+ "sha3",
+ "sp-std",
+ "twox-hash",
+]
+
+[[package]]
+name = "sp-core-hashing-proc-macro"
+version = "5.0.0"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "sp-core-hashing",
+ "syn",
+]
+
+[[package]]
+name = "sp-debug-derive"
+version = "5.0.0"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "sp-externalities"
+version = "0.13.0"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "environmental",
+ "parity-scale-codec",
+ "sp-std",
+ "sp-storage",
+]
+
+[[package]]
+name = "sp-inherents"
+version = "4.0.0-dev"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "async-trait",
+ "impl-trait-for-tuples",
+ "parity-scale-codec",
+ "sp-core",
+ "sp-runtime",
+ "sp-std",
+ "thiserror",
+]
+
+[[package]]
+name = "sp-io"
+version = "7.0.0"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "bytes",
+ "ed25519-dalek",
+ "futures",
+ "hash-db",
+ "libsecp256k1",
+ "log",
+ "parity-scale-codec",
+ "parking_lot",
+ "secp256k1",
+ "sp-core",
+ "sp-externalities",
+ "sp-keystore",
+ "sp-runtime-interface",
+ "sp-state-machine",
+ "sp-std",
+ "sp-tracing",
+ "sp-trie",
+ "sp-wasm-interface",
+ "tracing",
+ "tracing-core",
+]
+
+[[package]]
+name = "sp-keystore"
+version = "0.13.0"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "async-trait",
+ "futures",
+ "merlin",
+ "parity-scale-codec",
+ "parking_lot",
+ "schnorrkel",
+ "sp-core",
+ "sp-externalities",
+ "thiserror",
+]
+
+[[package]]
+name = "sp-panic-handler"
+version = "5.0.0"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "backtrace",
+ "lazy_static",
+ "regex",
+]
+
+[[package]]
+name = "sp-runtime"
+version = "7.0.0"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "either",
+ "hash256-std-hasher",
+ "impl-trait-for-tuples",
+ "log",
+ "parity-scale-codec",
+ "paste",
+ "rand 0.7.3",
+ "scale-info",
+ "serde",
+ "sp-application-crypto",
+ "sp-arithmetic",
+ "sp-core",
+ "sp-io",
+ "sp-std",
+ "sp-weights",
+]
+
+[[package]]
+name = "sp-runtime-interface"
+version = "7.0.0"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "bytes",
+ "impl-trait-for-tuples",
+ "parity-scale-codec",
+ "primitive-types",
+ "sp-externalities",
+ "sp-runtime-interface-proc-macro",
+ "sp-std",
+ "sp-storage",
+ "sp-tracing",
+ "sp-wasm-interface",
+ "static_assertions",
+]
+
+[[package]]
+name = "sp-runtime-interface-proc-macro"
+version = "6.0.0"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "Inflector",
+ "proc-macro-crate",
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "sp-staking"
+version = "4.0.0-dev"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "parity-scale-codec",
+ "scale-info",
+ "sp-core",
+ "sp-runtime",
+ "sp-std",
+]
+
+[[package]]
+name = "sp-state-machine"
+version = "0.13.0"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "hash-db",
+ "log",
+ "num-traits",
+ "parity-scale-codec",
+ "parking_lot",
+ "rand 0.7.3",
+ "smallvec",
+ "sp-core",
+ "sp-externalities",
+ "sp-panic-handler",
+ "sp-std",
+ "sp-trie",
+ "thiserror",
+ "tracing",
+ "trie-root",
+]
+
+[[package]]
+name = "sp-std"
+version = "5.0.0"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+
+[[package]]
+name = "sp-storage"
+version = "7.0.0"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "impl-serde",
+ "parity-scale-codec",
+ "ref-cast",
+ "serde",
+ "sp-debug-derive",
+ "sp-std",
+]
+
+[[package]]
+name = "sp-tracing"
+version = "6.0.0"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "parity-scale-codec",
+ "sp-std",
+ "tracing",
+ "tracing-core",
+ "tracing-subscriber",
+]
+
+[[package]]
+name = "sp-trie"
+version = "7.0.0"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "ahash",
+ "hash-db",
+ "hashbrown",
+ "lazy_static",
+ "lru",
+ "memory-db",
+ "nohash-hasher",
+ "parity-scale-codec",
+ "parking_lot",
+ "scale-info",
+ "sp-core",
+ "sp-std",
+ "thiserror",
+ "tracing",
+ "trie-db",
+ "trie-root",
+]
+
+[[package]]
+name = "sp-version"
+version = "5.0.0"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "impl-serde",
+ "parity-scale-codec",
+ "parity-wasm",
+ "scale-info",
+ "serde",
+ "sp-core-hashing-proc-macro",
+ "sp-runtime",
+ "sp-std",
+ "sp-version-proc-macro",
+ "thiserror",
+]
+
+[[package]]
+name = "sp-version-proc-macro"
+version = "4.0.0-dev"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "parity-scale-codec",
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "sp-wasm-interface"
+version = "7.0.0"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "impl-trait-for-tuples",
+ "log",
+ "parity-scale-codec",
+ "sp-std",
+ "wasmi",
+ "wasmtime",
+]
+
+[[package]]
+name = "sp-weights"
+version = "4.0.0"
+source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.36#cb4f2491b00af7d7817f3a54209c26b20faa1f51"
+dependencies = [
+ "impl-trait-for-tuples",
+ "parity-scale-codec",
+ "scale-info",
+ "serde",
+ "smallvec",
+ "sp-arithmetic",
+ "sp-core",
+ "sp-debug-derive",
+ "sp-std",
+]
+
+[[package]]
+name = "spin"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
+
+[[package]]
+name = "spki"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "67cf02bbac7a337dc36e4f5a693db6c21e7863f45070f7064577eb4367a3212b"
+dependencies = [
+ "base64ct",
+ "der",
+]
+
+[[package]]
+name = "ss58-registry"
+version = "1.37.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d44528162f980c0e03c71e005d334332c8da0aec9f2b0b4bdc557ed4a9f24776"
+dependencies = [
+ "Inflector",
+ "num-format",
+ "proc-macro2",
+ "quote",
+ "serde",
+ "serde_json",
+ "unicode-xid",
+]
+
+[[package]]
+name = "stable_deref_trait"
+version = "1.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3"
+
+[[package]]
+name = "static_assertions"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f"
+
+[[package]]
+name = "substrate-bip39"
+version = "0.4.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "49eee6965196b32f882dd2ee85a92b1dbead41b04e53907f269de3b0dc04733c"
+dependencies = [
+ "hmac 0.11.0",
+ "pbkdf2 0.8.0",
+ "schnorrkel",
+ "sha2 0.9.9",
+ "zeroize",
+]
+
+[[package]]
+name = "subtle"
+version = "2.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601"
+
+[[package]]
+name = "syn"
+version = "1.0.107"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1f4064b5b16e03ae50984a5a8ed5d4f8803e6bc1fd170a3cda91a1be4b18e3f5"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-ident",
+]
+
+[[package]]
+name = "synstructure"
+version = "0.12.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+ "unicode-xid",
+]
+
+[[package]]
+name = "tap"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369"
+
+[[package]]
+name = "target-lexicon"
+version = "0.12.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9410d0f6853b1d94f0e519fb95df60f29d2c1eff2d921ffdf01a4c8a3b54f12d"
+
+[[package]]
+name = "teerex-primitives"
+version = "0.1.0"
+dependencies = [
+ "common-primitives",
+ "parity-scale-codec",
+ "scale-info",
+ "serde",
+ "sp-core",
+ "sp-io",
+ "sp-std",
+]
+
+[[package]]
+name = "termcolor"
+version = "1.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bab24d30b911b2376f3a13cc2cd443142f0c81dda04c118693e35b3835757755"
+dependencies = [
+ "winapi-util",
+]
+
+[[package]]
+name = "thiserror"
+version = "1.0.38"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6a9cd18aa97d5c45c6603caea1da6628790b37f7a34b6ca89522331c5180fed0"
+dependencies = [
+ "thiserror-impl",
+]
+
+[[package]]
+name = "thiserror-impl"
+version = "1.0.38"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1fb327af4685e4d03fa8cbcf1716380da910eeb2bb8be417e7f9fd3fb164f36f"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "thread_local"
+version = "1.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5516c27b78311c50bf42c071425c560ac799b11c30b31f87e3081965fe5e0180"
+dependencies = [
+ "once_cell",
+]
+
+[[package]]
+name = "tiny-bip39"
+version = "0.8.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ffc59cb9dfc85bb312c3a78fd6aa8a8582e310b0fa885d5bb877f6dcc601839d"
+dependencies = [
+ "anyhow",
+ "hmac 0.8.1",
+ "once_cell",
+ "pbkdf2 0.4.0",
+ "rand 0.7.3",
+ "rustc-hash",
+ "sha2 0.9.9",
+ "thiserror",
+ "unicode-normalization",
+ "wasm-bindgen",
+ "zeroize",
+]
+
+[[package]]
+name = "tinyvec"
+version = "1.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "87cc5ceb3875bb20c2890005a4e226a4651264a5c75edb2421b52861a0a0cb50"
+dependencies = [
+ "tinyvec_macros",
+]
+
+[[package]]
+name = "tinyvec_macros"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cda74da7e1a664f795bb1f8a87ec406fb89a02522cf6e50620d016add6dbbf5c"
+
+[[package]]
+name = "toml"
+version = "0.5.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1333c76748e868a4d9d1017b5ab53171dfd095f70c712fdb4653a406547f598f"
+dependencies = [
+ "serde",
+]
+
+[[package]]
+name = "tracing"
+version = "0.1.37"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8ce8c33a8d48bd45d624a6e523445fd21ec13d3653cd51f681abf67418f54eb8"
+dependencies = [
+ "cfg-if",
+ "pin-project-lite",
+ "tracing-attributes",
+ "tracing-core",
+]
+
+[[package]]
+name = "tracing-attributes"
+version = "0.1.23"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4017f8f45139870ca7e672686113917c71c7a6e02d4924eda67186083c03081a"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "tracing-core"
+version = "0.1.30"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "24eb03ba0eab1fd845050058ce5e616558e8f8d8fca633e6b163fe25c797213a"
+dependencies = [
+ "once_cell",
+ "valuable",
+]
+
+[[package]]
+name = "tracing-log"
+version = "0.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "78ddad33d2d10b1ed7eb9d1f518a5674713876e97e5bb9b7345a7984fbb4f922"
+dependencies = [
+ "lazy_static",
+ "log",
+ "tracing-core",
+]
+
+[[package]]
+name = "tracing-serde"
+version = "0.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bc6b213177105856957181934e4920de57730fc69bf42c37ee5bb664d406d9e1"
+dependencies = [
+ "serde",
+ "tracing-core",
+]
+
+[[package]]
+name = "tracing-subscriber"
+version = "0.2.25"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0e0d2eaa99c3c2e41547cfa109e910a68ea03823cccad4a0525dcbc9b01e8c71"
+dependencies = [
+ "ansi_term",
+ "chrono",
+ "lazy_static",
+ "matchers",
+ "regex",
+ "serde",
+ "serde_json",
+ "sharded-slab",
+ "smallvec",
+ "thread_local",
+ "tracing",
+ "tracing-core",
+ "tracing-log",
+ "tracing-serde",
+]
+
+[[package]]
+name = "trie-db"
+version = "0.24.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "004e1e8f92535694b4cb1444dc5a8073ecf0815e3357f729638b9f8fc4062908"
+dependencies = [
+ "hash-db",
+ "hashbrown",
+ "log",
+ "rustc-hex",
+ "smallvec",
+]
+
+[[package]]
+name = "trie-root"
+version = "0.17.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9a36c5ca3911ed3c9a5416ee6c679042064b93fc637ded67e25f92e68d783891"
+dependencies = [
+ "hash-db",
+]
+
+[[package]]
+name = "tt-call"
+version = "1.0.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f4f195fd851901624eee5a58c4bb2b4f06399148fcd0ed336e6f1cb60a9881df"
+
+[[package]]
+name = "twox-hash"
+version = "1.6.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "97fee6b57c6a41524a810daee9286c02d7752c4253064d0b05472833a438f675"
+dependencies = [
+ "cfg-if",
+ "digest 0.10.6",
+ "rand 0.8.5",
+ "static_assertions",
+]
+
+[[package]]
+name = "typenum"
+version = "1.16.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "497961ef93d974e23eb6f433eb5fe1b7930b659f06d12dec6fc44a8f554c0bba"
+
+[[package]]
+name = "uint"
+version = "0.9.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "76f64bba2c53b04fcab63c01a7d7427eadc821e3bc48c34dc9ba29c501164b52"
+dependencies = [
+ "byteorder",
+ "crunchy",
+ "hex",
+ "static_assertions",
+]
+
+[[package]]
+name = "unicode-ident"
+version = "1.0.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "84a22b9f218b40614adcb3f4ff08b703773ad44fa9423e4e0d346d5db86e4ebc"
+
+[[package]]
+name = "unicode-normalization"
+version = "0.1.22"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5c5713f0fc4b5db668a2ac63cdb7bb4469d8c9fed047b1d0292cc7b0ce2ba921"
+dependencies = [
+ "tinyvec",
+]
+
+[[package]]
+name = "unicode-width"
+version = "0.1.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c0edd1e5b14653f783770bce4a4dabb4a5108a5370a5f5d8cfe8710c361f6c8b"
+
+[[package]]
+name = "unicode-xid"
+version = "0.2.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c"
+
+[[package]]
+name = "untrusted"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
+
+[[package]]
+name = "valuable"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d"
+
+[[package]]
+name = "version_check"
+version = "0.9.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f"
+
+[[package]]
+name = "wasi"
+version = "0.9.0+wasi-snapshot-preview1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519"
+
+[[package]]
+name = "wasi"
+version = "0.11.0+wasi-snapshot-preview1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
+
+[[package]]
+name = "wasm-bindgen"
+version = "0.2.83"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "eaf9f5aceeec8be17c128b2e93e031fb8a4d469bb9c4ae2d7dc1888b26887268"
+dependencies = [
+ "cfg-if",
+ "wasm-bindgen-macro",
+]
+
+[[package]]
+name = "wasm-bindgen-backend"
+version = "0.2.83"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4c8ffb332579b0557b52d268b91feab8df3615f265d5270fec2a8c95b17c1142"
+dependencies = [
+ "bumpalo",
+ "log",
+ "once_cell",
+ "proc-macro2",
+ "quote",
+ "syn",
+ "wasm-bindgen-shared",
+]
+
+[[package]]
+name = "wasm-bindgen-macro"
+version = "0.2.83"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "052be0f94026e6cbc75cdefc9bae13fd6052cdcaf532fa6c45e7ae33a1e6c810"
+dependencies = [
+ "quote",
+ "wasm-bindgen-macro-support",
+]
+
+[[package]]
+name = "wasm-bindgen-macro-support"
+version = "0.2.83"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "07bc0c051dc5f23e307b13285f9d75df86bfdf816c5721e573dec1f9b8aa193c"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+ "wasm-bindgen-backend",
+ "wasm-bindgen-shared",
+]
+
+[[package]]
+name = "wasm-bindgen-shared"
+version = "0.2.83"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1c38c045535d93ec4f0b4defec448e4291638ee608530863b1e2ba115d4fff7f"
+
+[[package]]
+name = "wasmi"
+version = "0.13.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "06c326c93fbf86419608361a2c925a31754cf109da1b8b55737070b4d6669422"
+dependencies = [
+ "parity-wasm",
+ "wasmi-validation",
+ "wasmi_core",
+]
+
+[[package]]
+name = "wasmi-validation"
+version = "0.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "91ff416ad1ff0c42e5a926ed5d5fab74c0f098749aa0ad8b2a34b982ce0e867b"
+dependencies = [
+ "parity-wasm",
+]
+
+[[package]]
+name = "wasmi_core"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "57d20cb3c59b788653d99541c646c561c9dd26506f25c0cebfe810659c54c6d7"
+dependencies = [
+ "downcast-rs",
+ "libm",
+ "memory_units",
+ "num-rational",
+ "num-traits",
+]
+
+[[package]]
+name = "wasmparser"
+version = "0.89.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ab5d3e08b13876f96dd55608d03cd4883a0545884932d5adf11925876c96daef"
+dependencies = [
+ "indexmap",
+]
+
+[[package]]
+name = "wasmtime"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4ad5af6ba38311282f2a21670d96e78266e8c8e2f38cbcd52c254df6ccbc7731"
+dependencies = [
+ "anyhow",
+ "bincode",
+ "cfg-if",
+ "indexmap",
+ "libc",
+ "log",
+ "object 0.29.0",
+ "once_cell",
+ "paste",
+ "psm",
+ "serde",
+ "target-lexicon",
+ "wasmparser",
+ "wasmtime-environ",
+ "wasmtime-jit",
+ "wasmtime-runtime",
+ "windows-sys 0.36.1",
+]
+
+[[package]]
+name = "wasmtime-asm-macros"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "45de63ddfc8b9223d1adc8f7b2ee5f35d1f6d112833934ad7ea66e4f4339e597"
+dependencies = [
+ "cfg-if",
+]
+
+[[package]]
+name = "wasmtime-environ"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ebb881c61f4f627b5d45c54e629724974f8a8890d455bcbe634330cc27309644"
+dependencies = [
+ "anyhow",
+ "cranelift-entity",
+ "gimli 0.26.2",
+ "indexmap",
+ "log",
+ "object 0.29.0",
+ "serde",
+ "target-lexicon",
+ "thiserror",
+ "wasmparser",
+ "wasmtime-types",
+]
+
+[[package]]
+name = "wasmtime-jit"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1985c628011fe26adf5e23a5301bdc79b245e0e338f14bb58b39e4e25e4d8681"
+dependencies = [
+ "addr2line 0.17.0",
+ "anyhow",
+ "bincode",
+ "cfg-if",
+ "cpp_demangle",
+ "gimli 0.26.2",
+ "log",
+ "object 0.29.0",
+ "rustc-demangle",
+ "rustix",
+ "serde",
+ "target-lexicon",
+ "thiserror",
+ "wasmtime-environ",
+ "wasmtime-runtime",
+ "windows-sys 0.36.1",
+]
+
+[[package]]
+name = "wasmtime-jit-debug"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f671b588486f5ccec8c5a3dba6b4c07eac2e66ab8c60e6f4e53717c77f709731"
+dependencies = [
+ "once_cell",
+]
+
+[[package]]
+name = "wasmtime-runtime"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ee8f92ad4b61736339c29361da85769ebc200f184361959d1792832e592a1afd"
+dependencies = [
+ "anyhow",
+ "cc",
+ "cfg-if",
+ "indexmap",
+ "libc",
+ "log",
+ "mach",
+ "memoffset",
+ "paste",
+ "rand 0.8.5",
+ "rustix",
+ "thiserror",
+ "wasmtime-asm-macros",
+ "wasmtime-environ",
+ "wasmtime-jit-debug",
+ "windows-sys 0.36.1",
+]
+
+[[package]]
+name = "wasmtime-types"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d23d61cb4c46e837b431196dd06abb11731541021916d03476a178b54dc07aeb"
+dependencies = [
+ "cranelift-entity",
+ "serde",
+ "thiserror",
+ "wasmparser",
+]
+
+[[package]]
+name = "web-sys"
+version = "0.3.60"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bcda906d8be16e728fd5adc5b729afad4e444e106ab28cd1c7256e54fa61510f"
+dependencies = [
+ "js-sys",
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "webpki"
+version = "0.21.0"
+source = "git+https://github.com/scs/webpki-nostd.git?branch=tn/use-ring-xous#921d737c08a5d2ba3ba0a53f91d98410c2a29d8d"
+dependencies = [
+ "ring 0.16.20 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ring 0.16.20 (git+https://github.com/Niederb/ring-xous.git?branch=0.16.20-cleanup)",
+ "untrusted",
+]
+
+[[package]]
+name = "winapi"
+version = "0.3.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
+dependencies = [
+ "winapi-i686-pc-windows-gnu",
+ "winapi-x86_64-pc-windows-gnu",
+]
+
+[[package]]
+name = "winapi-i686-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
+
+[[package]]
+name = "winapi-util"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178"
+dependencies = [
+ "winapi",
+]
+
+[[package]]
+name = "winapi-x86_64-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
+
+[[package]]
+name = "windows-sys"
+version = "0.36.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ea04155a16a59f9eab786fe12a4a450e75cdb175f9e0d80da1e17db09f55b8d2"
+dependencies = [
+ "windows_aarch64_msvc 0.36.1",
+ "windows_i686_gnu 0.36.1",
+ "windows_i686_msvc 0.36.1",
+ "windows_x86_64_gnu 0.36.1",
+ "windows_x86_64_msvc 0.36.1",
+]
+
+[[package]]
+name = "windows-sys"
+version = "0.42.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5a3e1820f08b8513f676f7ab6c1f99ff312fb97b553d30ff4dd86f9f15728aa7"
+dependencies = [
+ "windows_aarch64_gnullvm",
+ "windows_aarch64_msvc 0.42.0",
+ "windows_i686_gnu 0.42.0",
+ "windows_i686_msvc 0.42.0",
+ "windows_x86_64_gnu 0.42.0",
+ "windows_x86_64_gnullvm",
+ "windows_x86_64_msvc 0.42.0",
+]
+
+[[package]]
+name = "windows_aarch64_gnullvm"
+version = "0.42.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "41d2aa71f6f0cbe00ae5167d90ef3cfe66527d6f613ca78ac8024c3ccab9a19e"
+
+[[package]]
+name = "windows_aarch64_msvc"
+version = "0.36.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9bb8c3fd39ade2d67e9874ac4f3db21f0d710bee00fe7cab16949ec184eeaa47"
+
+[[package]]
+name = "windows_aarch64_msvc"
+version = "0.42.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dd0f252f5a35cac83d6311b2e795981f5ee6e67eb1f9a7f64eb4500fbc4dcdb4"
+
+[[package]]
+name = "windows_i686_gnu"
+version = "0.36.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "180e6ccf01daf4c426b846dfc66db1fc518f074baa793aa7d9b9aaeffad6a3b6"
+
+[[package]]
+name = "windows_i686_gnu"
+version = "0.42.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fbeae19f6716841636c28d695375df17562ca208b2b7d0dc47635a50ae6c5de7"
+
+[[package]]
+name = "windows_i686_msvc"
+version = "0.36.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e2e7917148b2812d1eeafaeb22a97e4813dfa60a3f8f78ebe204bcc88f12f024"
+
+[[package]]
+name = "windows_i686_msvc"
+version = "0.42.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "84c12f65daa39dd2babe6e442988fc329d6243fdce47d7d2d155b8d874862246"
+
+[[package]]
+name = "windows_x86_64_gnu"
+version = "0.36.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4dcd171b8776c41b97521e5da127a2d86ad280114807d0b2ab1e462bc764d9e1"
+
+[[package]]
+name = "windows_x86_64_gnu"
+version = "0.42.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bf7b1b21b5362cbc318f686150e5bcea75ecedc74dd157d874d754a2ca44b0ed"
+
+[[package]]
+name = "windows_x86_64_gnullvm"
+version = "0.42.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "09d525d2ba30eeb3297665bd434a54297e4170c7f1a44cad4ef58095b4cd2028"
+
+[[package]]
+name = "windows_x86_64_msvc"
+version = "0.36.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c811ca4a8c853ef420abd8592ba53ddbbac90410fab6903b3e79972a631f7680"
+
+[[package]]
+name = "windows_x86_64_msvc"
+version = "0.42.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f40009d85759725a34da6d89a94e63d7bdc50a862acf0dbc7c8e488f1edcb6f5"
+
+[[package]]
+name = "wyz"
+version = "0.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "05f360fc0b24296329c78fda852a1e9ae82de9cf7b27dae4b7f62f118f77b9ed"
+dependencies = [
+ "tap",
+]
+
+[[package]]
+name = "x509-cert"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "99d224a125dec5adda27d0346b9cae9794830279c4f9c27e4ab0b6c408d54012"
+dependencies = [
+ "const-oid",
+ "der",
+ "flagset",
+ "spki",
+]
+
+[[package]]
+name = "xous"
+version = "0.9.30"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "72ac1d35325af0505ac3f492f928b2e2665f17353646ff7e7c3b09e833b12a84"
+dependencies = [
+ "lazy_static",
+]
+
+[[package]]
+name = "xous-api-log"
+version = "0.1.25"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2021b1e48cf6868a6ac46264cd14e037d7f536a8c237ad686bc186d0ea20721c"
+dependencies = [
+ "log",
+ "num-derive",
+ "num-traits",
+ "xous",
+ "xous-ipc",
+]
+
+[[package]]
+name = "xous-api-names"
+version = "0.9.27"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6f907fef193079493a8fd76d6aefa2482b6d8aa905f99aaa40eb83893e13aa92"
+dependencies = [
+ "log",
+ "num-derive",
+ "num-traits",
+ "rkyv",
+ "xous",
+ "xous-api-log",
+ "xous-ipc",
+]
+
+[[package]]
+name = "xous-ipc"
+version = "0.9.30"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "062ff9e64e967c0a27b63dbd12f3ea4b958433728c813bbbf3bb1053bac47066"
+dependencies = [
+ "bitflags",
+ "rkyv",
+ "xous",
+]
+
+[[package]]
+name = "zeroize"
+version = "1.5.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c394b5bd0c6f669e7275d9c20aa90ae064cb22e75a1cad54e1b34088034b149f"
+dependencies = [
+ "zeroize_derive",
+]
+
+[[package]]
+name = "zeroize_derive"
+version = "1.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "44bf07cb3e50ea2003396695d58bf46bc9887a1f362260446fad6bc4e79bd36c"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+ "synstructure",
+]
diff --git a/teerex/sgx-verify/fuzz/Cargo.toml b/teerex/sgx-verify/fuzz/Cargo.toml
new file mode 100644
index 00000000..173181c7
--- /dev/null
+++ b/teerex/sgx-verify/fuzz/Cargo.toml
@@ -0,0 +1,56 @@
+[package]
+name = "sgx-verify-fuzz"
+version = "0.0.0"
+publish = false
+edition = "2021"
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+base64 = { version = "0.13", default-features = false, features = ["alloc"] }
+codec = { version = "3.0.0", default-features = false, features = ["derive"], package = "parity-scale-codec" }
+hex-literal = "0.3.4"
+libfuzzer-sys = "0.4"
+serde_json = { version = "1.0" }
+webpki = { default-features = false, git = "https://github.com/scs/webpki-nostd.git", branch = "tn/use-ring-xous" }
+
+[dependencies.sgx-verify]
+path = ".."
+
+# Prevent this from interfering with workspaces
+[workspace]
+members = ["."]
+
+[profile.release]
+debug = 1
+
+[[bin]]
+name = "decode_quote"
+path = "fuzz_targets/decode_quote.rs"
+test = false
+doc = false
+
+[[bin]]
+name = "deserialize_json"
+path = "fuzz_targets/deserialize_json.rs"
+test = false
+doc = false
+
+[[bin]]
+name = "signature_check"
+path = "fuzz_targets/signature_check.rs"
+test = false
+doc = false
+
+[[bin]]
+name = "extract_tcb_info"
+path = "fuzz_targets/extract_tcb_info.rs"
+test = false
+doc = false
+
+[[bin]]
+name = "verify_ias_report"
+path = "fuzz_targets/verify_ias_report.rs"
+test = false
+doc = false
diff --git a/teerex/sgx-verify/fuzz/fuzz_targets/decode_quote.rs b/teerex/sgx-verify/fuzz/fuzz_targets/decode_quote.rs
new file mode 100644
index 00000000..bd0a574e
--- /dev/null
+++ b/teerex/sgx-verify/fuzz/fuzz_targets/decode_quote.rs
@@ -0,0 +1,15 @@
+#![no_main]
+
+use codec::{Decode, Encode};
+use libfuzzer_sys::fuzz_target;
+use sgx_verify::DcapQuote;
+
+fuzz_target!(|data: &[u8]| {
+	let mut copy = data;
+	let quote: Result<DcapQuote, codec::Error> = Decode::decode(&mut copy);
+
+	// This assert is commented out because the fuzzer manages to find a "valid" quote that can
+	// at least be decoded into memory. We would need additional verification steps (for example signature)
+	// to enable this check.
+	//assert!(quote.is_err());
+});
diff --git a/teerex/sgx-verify/fuzz/fuzz_targets/deserialize_json.rs b/teerex/sgx-verify/fuzz/fuzz_targets/deserialize_json.rs
new file mode 100644
index 00000000..d5ac8e06
--- /dev/null
+++ b/teerex/sgx-verify/fuzz/fuzz_targets/deserialize_json.rs
@@ -0,0 +1,11 @@
+#![no_main]
+
+use libfuzzer_sys::fuzz_target;
+use sgx_verify::collateral::{EnclaveIdentity, TcbInfo};
+
+fuzz_target!(|data: &[u8]| {
+	let enclave: Result<EnclaveIdentity, serde_json::Error> = serde_json::from_slice(data);
+	assert!(enclave.is_err());
+	let tcb_info: Result<TcbInfo, serde_json::Error> = serde_json::from_slice(data);
+	assert!(tcb_info.is_err());
+});
diff --git a/teerex/sgx-verify/fuzz/fuzz_targets/extract_tcb_info.rs b/teerex/sgx-verify/fuzz/fuzz_targets/extract_tcb_info.rs
new file mode 100644
index 00000000..3f082eed
--- /dev/null
+++ b/teerex/sgx-verify/fuzz/fuzz_targets/extract_tcb_info.rs
@@ -0,0 +1,8 @@
+#![no_main]
+
+use libfuzzer_sys::fuzz_target;
+use sgx_verify::extract_tcb_info;
+
+fuzz_target!(|data: &[u8]| {
+	assert!(extract_tcb_info(data).is_err());
+});
diff --git a/teerex/sgx-verify/fuzz/fuzz_targets/signature_check.rs b/teerex/sgx-verify/fuzz/fuzz_targets/signature_check.rs
new file mode 100644
index 00000000..5fcf4d11
--- /dev/null
+++ b/teerex/sgx-verify/fuzz/fuzz_targets/signature_check.rs
@@ -0,0 +1,25 @@
+#![no_main]
+#![feature(core_panic)]
+
+pub extern crate alloc;
+extern crate core;
+
+use libfuzzer_sys::fuzz_target;
+use sgx_verify::deserialize_enclave_identity;
+
+fuzz_target!(|data: &[u8]| {
+	if data.len() < 64 {
+		return
+	}
+
+	let cert = include_str!("../../test/dcap/qe_identity_cert.pem");
+	let cert = cert.replace('\n', "");
+	let decoded_cert = base64::decode(&cert).unwrap();
+	let cert = webpki::EndEntityCert::from(decoded_cert.as_slice()).unwrap();
+
+	let quoting_enclave = br#"{"id":"QE","version":2,"issueDate":"2022-10-18T21:55:07Z","nextUpdate":"2022-11-17T21:55:07Z","tcbEvaluationDataNumber":12,"miscselect":"00000000","miscselectMask":"FFFFFFFF","attributes":"11000000000000000000000000000000","attributesMask":"FBFFFFFFFFFFFFFF0000000000000000","mrsigner":"8C4F5775D796503E96137F77C68A829A0056AC8DED70140B081B094490C57BFF","isvprodid":1,"tcbLevels":[{"tcb":{"isvsvn":6},"tcbDate":"2021-11-10T00:00:00Z","tcbStatus":"UpToDate"},{"tcb":{"isvsvn":5},"tcbDate":"2020-11-11T00:00:00Z","tcbStatus":"OutOfDate"},{"tcb":{"isvsvn":4},"tcbDate":"2019-11-13T00:00:00Z","tcbStatus":"OutOfDate"},{"tcb":{"isvsvn":2},"tcbDate":"2019-05-15T00:00:00Z","tcbStatus":"OutOfDate"},{"tcb":{"isvsvn":1},"tcbDate":"2018-08-15T00:00:00Z","tcbStatus":"OutOfDate"}]}"#;
+	let signature = &data[0..64];
+
+	let res = deserialize_enclave_identity(&quoting_enclave[..], &signature, &cert);
+	assert!(res.is_err(), "Found a valid signature");
+});
diff --git a/teerex/sgx-verify/fuzz/fuzz_targets/verify_ias_report.rs b/teerex/sgx-verify/fuzz/fuzz_targets/verify_ias_report.rs
new file mode 100644
index 00000000..99610e53
--- /dev/null
+++ b/teerex/sgx-verify/fuzz/fuzz_targets/verify_ias_report.rs
@@ -0,0 +1,9 @@
+#![no_main]
+
+use libfuzzer_sys::fuzz_target;
+use sgx_verify::verify_ias_report;
+
+fuzz_target!(|data: &[u8]| {
+	// Check test that there is now panic and that the provided data is not a valid IAS report
+	assert!(verify_ias_report(data).is_err());
+});
diff --git a/teerex/sgx-verify/src/collateral.rs b/teerex/sgx-verify/src/collateral.rs
new file mode 100644
index 00000000..d5423884
--- /dev/null
+++ b/teerex/sgx-verify/src/collateral.rs
@@ -0,0 +1,278 @@
+/*
+	Copyright 2022 Integritee AG and Supercomputing Systems AG
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+
+*/
+
+#![cfg_attr(not(feature = "std"), no_std)]
+pub extern crate alloc;
+
+use alloc::string::String;
+use chrono::prelude::{DateTime, Utc};
+use serde::{de::Error, Deserialize, Deserializer, Serialize, Serializer};
+use sp_std::prelude::*;
+use teerex_primitives::{
+	Fmspc, MrSigner, Pcesvn, QeTcb, QuotingEnclave, TcbInfoOnChain, TcbVersionStatus,
+};
+
+/// The data structures in here are designed such that they can be used to serialize/deserialize
+/// the "TCB info" and "enclave identity" collateral data in JSON format provided by intel
+/// See https://api.portal.trustedservices.intel.com/documentation for further information and examples
+
+#[derive(Serialize, Deserialize)]
+pub struct Tcb {
+	isvsvn: u16,
+}
+
+impl Tcb {
+	pub fn is_valid(&self) -> bool {
+		// At the time of writing this code everything older than 6 is outdated
+		// Intel does the same check in their DCAP implementation
+		self.isvsvn >= 6
+	}
+}
+
+#[derive(Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct TcbLevel {
+	tcb: Tcb,
+	/// Intel does not verify the tcb_date in their code and their API documentation also does
+	/// not mention it needs verification.
+	tcb_date: DateTime<Utc>,
+	tcb_status: String,
+	#[serde(rename = "advisoryIDs")]
+	#[serde(skip_serializing_if = "Option::is_none")]
+	advisory_ids: Option<Vec<String>>,
+}
+
+impl TcbLevel {
+	pub fn is_valid(&self) -> bool {
+		// UpToDate is the only valid status (the other being OutOfDate and Revoked)
+		// A possible extension would be to also verify that the advisory_ids list is empty,
+		// but I think this could also lead to all TcbLevels being invalid
+		self.tcb.is_valid() && self.tcb_status == "UpToDate"
+	}
+}
+
+#[derive(Serialize, Deserialize)]
+struct TcbComponent {
+	svn: u8,
+	#[serde(skip_serializing_if = "Option::is_none")]
+	category: Option<String>,
+	#[serde(rename = "type")] //type is a keyword so we rename the field
+	#[serde(skip_serializing_if = "Option::is_none")]
+	tcb_type: Option<String>,
+}
+
+#[derive(Serialize, Deserialize)]
+pub struct TcbFull {
+	sgxtcbcomponents: [TcbComponent; 16],
+	pcesvn: Pcesvn,
+}
+
+#[derive(Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct TcbLevelFull {
+	tcb: TcbFull,
+	/// Intel does not verify the tcb_date in their code and their API documentation also does
+	/// not mention it needs verification.
+	tcb_date: DateTime<Utc>,
+	tcb_status: String,
+	#[serde(rename = "advisoryIDs")]
+	#[serde(skip_serializing_if = "Option::is_none")]
+	advisory_ids: Option<Vec<String>>,
+}
+
+impl TcbLevelFull {
+	pub fn is_valid(&self) -> bool {
+		// A possible extension would be to also verify that the advisory_ids list is empty,
+		// but I think this could also lead to all TcbLevels being invalid
+		self.tcb_status == "UpToDate" || self.tcb_status == "SWHardeningNeeded"
+	}
+}
+
+#[derive(Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct EnclaveIdentity {
+	id: String,
+	version: u16,
+	issue_date: DateTime<Utc>,
+	next_update: DateTime<Utc>,
+	tcb_evaluation_data_number: u16,
+	#[serde(deserialize_with = "deserialize_from_hex::<_, 4>")]
+	#[serde(serialize_with = "serialize_to_hex::<_, 4>")]
+	miscselect: [u8; 4],
+	#[serde(deserialize_with = "deserialize_from_hex::<_, 4>")]
+	#[serde(serialize_with = "serialize_to_hex::<_, 4>")]
+	miscselect_mask: [u8; 4],
+	#[serde(deserialize_with = "deserialize_from_hex::<_, 16>")]
+	#[serde(serialize_with = "serialize_to_hex::<_, 16>")]
+	attributes: [u8; 16],
+	#[serde(deserialize_with = "deserialize_from_hex::<_, 16>")]
+	#[serde(serialize_with = "serialize_to_hex::<_, 16>")]
+	attributes_mask: [u8; 16],
+	#[serde(deserialize_with = "deserialize_from_hex::<_, 32>")]
+	#[serde(serialize_with = "serialize_to_hex::<_, 32>")]
+	mrsigner: MrSigner,
+	pub isvprodid: u16,
+	pub tcb_levels: Vec<TcbLevel>,
+}
+
+fn serialize_to_hex<S, const N: usize>(x: &[u8; N], s: S) -> Result<S::Ok, S::Error>
+where
+	S: Serializer,
+{
+	s.serialize_str(&hex::encode(x).to_uppercase())
+}
+
+fn deserialize_from_hex<'de, D, const N: usize>(deserializer: D) -> Result<[u8; N], D::Error>
+where
+	D: Deserializer<'de>,
+{
+	let s: &str = Deserialize::deserialize(deserializer)?;
+	let hex = hex::decode(s).map_err(|_| D::Error::custom("Failed to deserialize hex string"))?;
+	hex.try_into().map_err(|_| D::Error::custom("Invalid hex length"))
+}
+
+impl EnclaveIdentity {
+	/// This extracts the necessary information into the struct that we actually store in the chain
+	pub fn to_quoting_enclave(&self) -> QuotingEnclave {
+		let mut valid_tcbs: Vec<QeTcb> = Vec::new();
+		for tcb in &self.tcb_levels {
+			if tcb.is_valid() {
+				valid_tcbs.push(QeTcb::new(tcb.tcb.isvsvn));
+			}
+		}
+		QuotingEnclave::new(
+			self.issue_date
+				.timestamp_millis()
+				.try_into()
+				.expect("no support for negative unix timestamps"),
+			self.next_update
+				.timestamp_millis()
+				.try_into()
+				.expect("no support for negative unix timestamps"),
+			self.miscselect,
+			self.miscselect_mask,
+			self.attributes,
+			self.attributes_mask,
+			self.mrsigner,
+			self.isvprodid,
+			valid_tcbs,
+		)
+	}
+
+	pub fn is_valid(&self, timestamp_millis: i64) -> bool {
+		self.id == "QE" &&
+			self.version == 2 &&
+			self.issue_date.timestamp_millis() < timestamp_millis &&
+			timestamp_millis < self.next_update.timestamp_millis()
+	}
+}
+
+#[derive(Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct TcbInfo {
+	id: String,
+	version: u8,
+	issue_date: DateTime<Utc>,
+	next_update: DateTime<Utc>,
+	#[serde(deserialize_with = "deserialize_from_hex::<_, 6>")]
+	#[serde(serialize_with = "serialize_to_hex::<_, 6>")]
+	pub fmspc: teerex_primitives::Fmspc,
+	pce_id: String,
+	tcb_type: u16,
+	tcb_evaluation_data_number: u16,
+	tcb_levels: Vec<TcbLevelFull>,
+}
+
+impl TcbInfo {
+	/// This extracts the necessary information into a tuple (`(Key, Value)`) that we actually store in the chain
+	pub fn to_chain_tcb_info(&self) -> (Fmspc, TcbInfoOnChain) {
+		let valid_tcbs: Vec<TcbVersionStatus> = self
+			.tcb_levels
+			.iter()
+			// Only store TCB levels on chain that are currently valid
+			.filter(|tcb| tcb.is_valid())
+			.map(|tcb| {
+				let mut components = [0u8; 16];
+				for (i, t) in tcb.tcb.sgxtcbcomponents.iter().enumerate() {
+					components[i] = t.svn;
+				}
+				TcbVersionStatus::new(components, tcb.tcb.pcesvn)
+			})
+			.collect();
+		(
+			self.fmspc,
+			TcbInfoOnChain::new(
+				self.issue_date
+					.timestamp_millis()
+					.try_into()
+					.expect("no support for negative unix timestamps"),
+				self.next_update
+					.timestamp_millis()
+					.try_into()
+					.expect("no support for negative unix timestamps"),
+				valid_tcbs,
+			),
+		)
+	}
+
+	pub fn is_valid(&self, timestamp_millis: i64) -> bool {
+		self.id == "SGX" &&
+			self.version == 3 &&
+			self.issue_date.timestamp_millis() < timestamp_millis &&
+			timestamp_millis < self.next_update.timestamp_millis()
+	}
+}
+
+#[derive(Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct TcbInfoSigned {
+	pub tcb_info: TcbInfo,
+	pub signature: String,
+}
+
+#[derive(Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct EnclaveIdentitySigned {
+	pub enclave_identity: EnclaveIdentity,
+	pub signature: String,
+}
+
+#[cfg(test)]
+mod tests {
+	use super::*;
+
+	#[test]
+	fn tcb_level_is_valid() {
+		let t: TcbLevel = serde_json::from_str(
+			r#"{"tcb":{"isvsvn":6}, "tcbDate":"2021-11-10T00:00:00Z", "tcbStatus":"UpToDate" }"#,
+		)
+		.unwrap();
+		assert!(t.is_valid());
+
+		let t: TcbLevel = serde_json::from_str(
+			r#"{"tcb":{"isvsvn":6}, "tcbDate":"2021-11-10T00:00:00Z", "tcbStatus":"OutOfDate" }"#,
+		)
+		.unwrap();
+		assert!(!t.is_valid());
+
+		let t: TcbLevel = serde_json::from_str(
+			r#"{"tcb":{"isvsvn":5}, "tcbDate":"2021-11-10T00:00:00Z", "tcbStatus":"UpToDate" }"#,
+		)
+		.unwrap();
+		assert!(!t.is_valid());
+	}
+}
diff --git a/teerex/ias-verify/src/ephemeral_key.rs b/teerex/sgx-verify/src/ephemeral_key.rs
similarity index 93%
rename from teerex/ias-verify/src/ephemeral_key.rs
rename to teerex/sgx-verify/src/ephemeral_key.rs
index f4a4f927..74e64940 100644
--- a/teerex/ias-verify/src/ephemeral_key.rs
+++ b/teerex/sgx-verify/src/ephemeral_key.rs
@@ -15,7 +15,7 @@ impl<'a> TryFrom<CertDer<'a>> for EphemeralKey<'a> {
 			.position(|window| window == PRIME256V1_OID)
 			.ok_or("Certificate does not contain 'PRIME256V1_OID'")?;
 
-		offset += 11; // 10 + TAG (0x03)
+		offset += PRIME256V1_OID.len() + 1; // OID length + TAG (0x03)
 
 		// Obtain Public Key length
 		let len = length_from_raw_data(cert_der, &mut offset)?;
diff --git a/teerex/sgx-verify/src/lib.rs b/teerex/sgx-verify/src/lib.rs
new file mode 100644
index 00000000..2a6ae4c8
--- /dev/null
+++ b/teerex/sgx-verify/src/lib.rs
@@ -0,0 +1,736 @@
+/*
+	Copyright 2021 Integritee AG and Supercomputing Systems AG
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+
+*/
+
+#![cfg_attr(not(feature = "std"), no_std)]
+pub extern crate alloc;
+
+use crate::{
+	collateral::{EnclaveIdentity, TcbInfo},
+	netscape_comment::NetscapeComment,
+	utils::length_from_raw_data,
+};
+use alloc::string::String;
+use chrono::DateTime;
+use codec::{Decode, Encode, Input};
+use der::asn1::ObjectIdentifier;
+use frame_support::{ensure, traits::Len};
+use ring::signature::{self};
+use scale_info::TypeInfo;
+use serde_json::Value;
+use sp_std::{
+	convert::{TryFrom, TryInto},
+	prelude::*,
+};
+use teerex_primitives::{
+	Cpusvn, Fmspc, MrEnclave, MrSigner, Pcesvn, QuotingEnclave, SgxBuildMode, TcbVersionStatus,
+};
+use webpki::SignatureAlgorithm;
+use x509_cert::Certificate;
+
+pub mod collateral;
+mod ephemeral_key;
+mod netscape_comment;
+#[cfg(test)]
+mod tests;
+mod utils;
+
+const SGX_REPORT_DATA_SIZE: usize = 64;
+#[derive(Encode, Decode, Copy, Clone, TypeInfo)]
+#[repr(C)]
+pub struct SgxReportData {
+	d: [u8; SGX_REPORT_DATA_SIZE],
+}
+
+#[derive(Encode, Decode, Copy, Clone, TypeInfo)]
+#[repr(C)]
+pub struct SGXAttributes {
+	flags: u64,
+	xfrm: u64,
+}
+
+#[derive(Decode, Clone, TypeInfo)]
+#[repr(C)]
+pub struct DcapQuote {
+	header: DcapQuoteHeader,
+	body: SgxReportBody,
+	signature_data_len: u32,
+	quote_signature_data: EcdsaQuoteSignature,
+}
+
+#[derive(Encode, Decode, Copy, Clone, TypeInfo)]
+#[repr(C)]
+pub struct DcapQuoteHeader {
+	version: u16,
+	attestation_key_type: u16,
+	reserved: u32,
+	qe_svn: u16,
+	pce_svn: u16,
+	qe_vendor_id: [u8; 16],
+	user_data: [u8; 20],
+}
+
+const ATTESTATION_KEY_SIZE: usize = 64;
+const REPORT_SIGNATURE_SIZE: usize = 64;
+
+#[derive(Decode, Clone, TypeInfo)]
+#[repr(C)]
+pub struct EcdsaQuoteSignature {
+	isv_enclave_report_signature: [u8; REPORT_SIGNATURE_SIZE],
+	ecdsa_attestation_key: [u8; ATTESTATION_KEY_SIZE],
+	qe_report: SgxReportBody,
+	qe_report_signature: [u8; REPORT_SIGNATURE_SIZE],
+	qe_authentication_data: QeAuthenticationData,
+	qe_certification_data: QeCertificationData,
+}
+
+#[derive(Clone, TypeInfo)]
+#[repr(C)]
+pub struct QeAuthenticationData {
+	size: u16,
+	certification_data: Vec<u8>,
+}
+
+impl Decode for QeAuthenticationData {
+	fn decode<I: Input>(input: &mut I) -> Result<Self, codec::Error> {
+		let mut size_buf: [u8; 2] = [0; 2];
+		input.read(&mut size_buf)?;
+		let size = u16::from_le_bytes(size_buf);
+
+		let mut certification_data = vec![0; size.into()];
+		input.read(&mut certification_data)?;
+
+		Ok(Self { size, certification_data })
+	}
+}
+
+#[derive(Clone, TypeInfo)]
+#[repr(C)]
+pub struct QeCertificationData {
+	certification_data_type: u16,
+	size: u32,
+	certification_data: Vec<u8>,
+}
+
+impl Decode for QeCertificationData {
+	fn decode<I: Input>(input: &mut I) -> Result<Self, codec::Error> {
+		let mut certification_data_type_buf: [u8; 2] = [0; 2];
+		input.read(&mut certification_data_type_buf)?;
+		let certification_data_type = u16::from_le_bytes(certification_data_type_buf);
+
+		let mut size_buf: [u8; 4] = [0; 4];
+		input.read(&mut size_buf)?;
+		let size = u32::from_le_bytes(size_buf);
+		// This is an arbitrary limit to prevent out of memory issues. Intel does not specify a max value
+		if size > 65_000 {
+			return Result::Err(codec::Error::from(
+				"Certification data too long. Max 65000 bytes are allowed",
+			))
+		}
+
+		// Safety: The try_into() can only fail due to overflow on a 16-bit system, but we anyway
+		// ensure the value is small enough above.
+		let mut certification_data = vec![0; size.try_into().unwrap()];
+		input.read(&mut certification_data)?;
+
+		Ok(Self { certification_data_type, size, certification_data })
+	}
+}
+
+// see Intel SGX SDK https://github.com/intel/linux-sgx/blob/master/common/inc/sgx_report.h
+const SGX_REPORT_BODY_RESERVED1_BYTES: usize = 12;
+const SGX_REPORT_BODY_RESERVED2_BYTES: usize = 32;
+const SGX_REPORT_BODY_RESERVED3_BYTES: usize = 32;
+const SGX_REPORT_BODY_RESERVED4_BYTES: usize = 42;
+const SGX_FLAGS_DEBUG: u64 = 0x0000000000000002;
+
+#[derive(Encode, Decode, Copy, Clone, TypeInfo)]
+#[repr(C)]
+pub struct SgxReportBody {
+	cpu_svn: [u8; 16],    /* (  0) Security Version of the CPU */
+	misc_select: [u8; 4], /* ( 16) Which fields defined in SSA.MISC */
+	reserved1: [u8; SGX_REPORT_BODY_RESERVED1_BYTES], /* ( 20) */
+	isv_ext_prod_id: [u8; 16], /* ( 32) ISV assigned Extended Product ID */
+	attributes: SGXAttributes, /* ( 48) Any special Capabilities the Enclave possess */
+	mr_enclave: MrEnclave, /* ( 64) The value of the enclave's ENCLAVE measurement */
+	reserved2: [u8; SGX_REPORT_BODY_RESERVED2_BYTES], /* ( 96) */
+	mr_signer: MrSigner,  /* (128) The value of the enclave's SIGNER measurement */
+	reserved3: [u8; SGX_REPORT_BODY_RESERVED3_BYTES], /* (160) */
+	config_id: [u8; 64],  /* (192) CONFIGID */
+	isv_prod_id: u16,     /* (256) Product ID of the Enclave */
+	isv_svn: u16,         /* (258) Security Version of the Enclave */
+	config_svn: u16,      /* (260) CONFIGSVN */
+	reserved4: [u8; SGX_REPORT_BODY_RESERVED4_BYTES], /* (262) */
+	isv_family_id: [u8; 16], /* (304) ISV assigned Family ID */
+	report_data: SgxReportData, /* (320) Data provided by the user */
+}
+
+impl SgxReportBody {
+	pub fn sgx_build_mode(&self) -> SgxBuildMode {
+		#[cfg(test)]
+		println!("attributes flag : {}", format!("{:x}", self.attributes.flags));
+		if self.attributes.flags & SGX_FLAGS_DEBUG == SGX_FLAGS_DEBUG {
+			SgxBuildMode::Debug
+		} else {
+			SgxBuildMode::Production
+		}
+	}
+
+	pub fn verify(&self, o: &QuotingEnclave) -> bool {
+		if self.isv_prod_id != o.isvprodid || self.mr_signer != o.mrsigner {
+			return false
+		}
+		for i in 0..self.misc_select.len() {
+			if (self.misc_select[i] & o.miscselect_mask[i]) !=
+				(o.miscselect[i] & o.miscselect_mask[i])
+			{
+				return false
+			}
+		}
+		for tcb in &o.tcb {
+			// If the enclave isvsvn is bigger than one of the
+			if self.isv_svn >= tcb.isvsvn {
+				return true
+			}
+		}
+		false
+	}
+}
+// see Intel SGX SDK https://github.com/intel/linux-sgx/blob/master/common/inc/sgx_quote.h
+#[derive(Encode, Decode, Copy, Clone, TypeInfo)]
+#[repr(C)]
+pub struct SgxQuote {
+	version: u16,       /* 0   */
+	sign_type: u16,     /* 2   */
+	epid_group_id: u32, /* 4   */
+	qe_svn: u16,        /* 8   */
+	pce_svn: u16,       /* 10  */
+	xeid: u32,          /* 12  */
+	basename: [u8; 32], /* 16  */
+	report_body: SgxReportBody, /* 48  */
+	                    //signature_len: u32,    /* 432 */
+	                    //signature: [u8; 64]    /* 436 */  //must be hard-coded for SCALE codec
+}
+
+#[derive(Encode, Decode, Copy, Clone, PartialEq, Eq, sp_core::RuntimeDebug, TypeInfo)]
+pub enum SgxStatus {
+	Invalid,
+	Ok,
+	GroupOutOfDate,
+	GroupRevoked,
+	ConfigurationNeeded,
+}
+impl Default for SgxStatus {
+	fn default() -> Self {
+		SgxStatus::Invalid
+	}
+}
+
+#[derive(Encode, Decode, Default, Copy, Clone, PartialEq, Eq, sp_core::RuntimeDebug, TypeInfo)]
+pub struct SgxReport {
+	pub mr_enclave: MrEnclave,
+	pub pubkey: [u8; 32],
+	pub status: SgxStatus,
+	pub timestamp: u64, // unix timestamp in milliseconds
+	pub build_mode: SgxBuildMode,
+}
+
+type SignatureAlgorithms = &'static [&'static webpki::SignatureAlgorithm];
+static SUPPORTED_SIG_ALGS: SignatureAlgorithms = &[
+	//&webpki::ECDSA_P256_SHA256,
+	//&webpki::ECDSA_P256_SHA384,
+	//&webpki::ECDSA_P384_SHA256,
+	//&webpki::ECDSA_P384_SHA384,
+	&webpki::RSA_PKCS1_2048_8192_SHA256,
+	&webpki::RSA_PKCS1_2048_8192_SHA384,
+	&webpki::RSA_PKCS1_2048_8192_SHA512,
+	&webpki::RSA_PKCS1_3072_8192_SHA384,
+];
+
+//pub const IAS_REPORT_CA: &[u8] = include_bytes!("../AttestationReportSigningCACert.pem");
+
+pub static IAS_SERVER_ROOTS: webpki::TLSServerTrustAnchors = webpki::TLSServerTrustAnchors(&[
+	/*
+	 * -----BEGIN CERTIFICATE-----
+	 * MIIFSzCCA7OgAwIBAgIJANEHdl0yo7CUMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV
+	 * BAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExGjAYBgNV
+	 * BAoMEUludGVsIENvcnBvcmF0aW9uMTAwLgYDVQQDDCdJbnRlbCBTR1ggQXR0ZXN0
+	 * YXRpb24gUmVwb3J0IFNpZ25pbmcgQ0EwIBcNMTYxMTE0MTUzNzMxWhgPMjA0OTEy
+	 * MzEyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwL
+	 * U2FudGEgQ2xhcmExGjAYBgNVBAoMEUludGVsIENvcnBvcmF0aW9uMTAwLgYDVQQD
+	 * DCdJbnRlbCBTR1ggQXR0ZXN0YXRpb24gUmVwb3J0IFNpZ25pbmcgQ0EwggGiMA0G
+	 * CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCfPGR+tXc8u1EtJzLA10Feu1Wg+p7e
+	 * LmSRmeaCHbkQ1TF3Nwl3RmpqXkeGzNLd69QUnWovYyVSndEMyYc3sHecGgfinEeh
+	 * rgBJSEdsSJ9FpaFdesjsxqzGRa20PYdnnfWcCTvFoulpbFR4VBuXnnVLVzkUvlXT
+	 * L/TAnd8nIZk0zZkFJ7P5LtePvykkar7LcSQO85wtcQe0R1Raf/sQ6wYKaKmFgCGe
+	 * NpEJUmg4ktal4qgIAxk+QHUxQE42sxViN5mqglB0QJdUot/o9a/V/mMeH8KvOAiQ
+	 * byinkNndn+Bgk5sSV5DFgF0DffVqmVMblt5p3jPtImzBIH0QQrXJq39AT8cRwP5H
+	 * afuVeLHcDsRp6hol4P+ZFIhu8mmbI1u0hH3W/0C2BuYXB5PC+5izFFh/nP0lc2Lf
+	 * 6rELO9LZdnOhpL1ExFOq9H/B8tPQ84T3Sgb4nAifDabNt/zu6MmCGo5U8lwEFtGM
+	 * RoOaX4AS+909x00lYnmtwsDVWv9vBiJCXRsCAwEAAaOByTCBxjBgBgNVHR8EWTBX
+	 * MFWgU6BRhk9odHRwOi8vdHJ1c3RlZHNlcnZpY2VzLmludGVsLmNvbS9jb250ZW50
+	 * L0NSTC9TR1gvQXR0ZXN0YXRpb25SZXBvcnRTaWduaW5nQ0EuY3JsMB0GA1UdDgQW
+	 * BBR4Q3t2pn680K9+QjfrNXw7hwFRPDAfBgNVHSMEGDAWgBR4Q3t2pn680K9+Qjfr
+	 * NXw7hwFRPDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkq
+	 * hkiG9w0BAQsFAAOCAYEAeF8tYMXICvQqeXYQITkV2oLJsp6J4JAqJabHWxYJHGir
+	 * IEqucRiJSSx+HjIJEUVaj8E0QjEud6Y5lNmXlcjqRXaCPOqK0eGRz6hi+ripMtPZ
+	 * sFNaBwLQVV905SDjAzDzNIDnrcnXyB4gcDFCvwDFKKgLRjOB/WAqgscDUoGq5ZVi
+	 * zLUzTqiQPmULAQaB9c6Oti6snEFJiCQ67JLyW/E83/frzCmO5Ru6WjU4tmsmy8Ra
+	 * Ud4APK0wZTGtfPXU7w+IBdG5Ez0kE1qzxGQaL4gINJ1zMyleDnbuS8UicjJijvqA
+	 * 152Sq049ESDz+1rRGc2NVEqh1KaGXmtXvqxXcTB+Ljy5Bw2ke0v8iGngFBPqCTVB
+	 * 3op5KBG3RjbF6RRSzwzuWfL7QErNC8WEy5yDVARzTA5+xmBc388v9Dm21HGfcC8O
+	 * DD+gT9sSpssq0ascmvH49MOgjt1yoysLtdCtJW/9FZpoOypaHx0R+mJTLwPXVMrv
+	 * DaVzWh5aiEx+idkSGMnX
+	 * -----END CERTIFICATE-----
+	 */
+	webpki::TrustAnchor {
+		subject: b"1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x0b0\t\x06\x03U\x04\x08\x0c\x02CA1\x140\x12\x06\x03U\x04\x07\x0c\x0bSanta Clara1\x1a0\x18\x06\x03U\x04\n\x0c\x11Intel Corporation100.\x06\x03U\x04\x03\x0c\'Intel SGX Attestation Report Signing CA",
+		spki: b"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x8f\x000\x82\x01\x8a\x02\x82\x01\x81\x00\x9f<d~\xb5w<\xbbQ-\'2\xc0\xd7A^\xbbU\xa0\xfa\x9e\xde.d\x91\x99\xe6\x82\x1d\xb9\x10\xd51w7\twFjj^G\x86\xcc\xd2\xdd\xeb\xd4\x14\x9dj/c%R\x9d\xd1\x0c\xc9\x877\xb0w\x9c\x1a\x07\xe2\x9cG\xa1\xae\x00IHGlH\x9fE\xa5\xa1]z\xc8\xec\xc6\xac\xc6E\xad\xb4=\x87g\x9d\xf5\x9c\t;\xc5\xa2\xe9ilTxT\x1b\x97\x9euKW9\x14\xbeU\xd3/\xf4\xc0\x9d\xdf\'!\x994\xcd\x99\x05\'\xb3\xf9.\xd7\x8f\xbf)$j\xbe\xcbq$\x0e\xf3\x9c-q\x07\xb4GTZ\x7f\xfb\x10\xeb\x06\nh\xa9\x85\x80!\x9e6\x91\tRh8\x92\xd6\xa5\xe2\xa8\x08\x03\x19>@u1@N6\xb3\x15b7\x99\xaa\x82Pt@\x97T\xa2\xdf\xe8\xf5\xaf\xd5\xfec\x1e\x1f\xc2\xaf8\x08\x90o(\xa7\x90\xd9\xdd\x9f\xe0`\x93\x9b\x12W\x90\xc5\x80]\x03}\xf5j\x99S\x1b\x96\xdei\xde3\xed\"l\xc1 }\x10B\xb5\xc9\xab\x7f@O\xc7\x11\xc0\xfeGi\xfb\x95x\xb1\xdc\x0e\xc4i\xea\x1a%\xe0\xff\x99\x14\x88n\xf2i\x9b#[\xb4\x84}\xd6\xff@\xb6\x06\xe6\x17\x07\x93\xc2\xfb\x98\xb3\x14X\x7f\x9c\xfd%sb\xdf\xea\xb1\x0b;\xd2\xd9vs\xa1\xa4\xbdD\xc4S\xaa\xf4\x7f\xc1\xf2\xd3\xd0\xf3\x84\xf7J\x06\xf8\x9c\x08\x9f\r\xa6\xcd\xb7\xfc\xee\xe8\xc9\x82\x1a\x8eT\xf2\\\x04\x16\xd1\x8cF\x83\x9a_\x80\x12\xfb\xdd=\xc7M%by\xad\xc2\xc0\xd5Z\xffo\x06\"B]\x1b\x02\x03\x01\x00\x01",
+		name_constraints: None
+	},
+]);
+
+/// The needed code for a trust anchor can be extracted using `webpki` with something like this:
+/// println!("{:?}", webpki::TrustAnchor::try_from_cert_der(&root_cert));
+#[allow(clippy::zero_prefixed_literal)]
+pub static DCAP_SERVER_ROOTS: webpki::TLSServerTrustAnchors =
+	webpki::TLSServerTrustAnchors(&[webpki::TrustAnchor {
+		subject: &[
+			49, 26, 48, 24, 06, 03, 85, 04, 03, 12, 17, 73, 110, 116, 101, 108, 32, 83, 71, 88, 32,
+			82, 111, 111, 116, 32, 67, 65, 49, 26, 48, 24, 06, 03, 85, 04, 10, 12, 17, 73, 110,
+			116, 101, 108, 32, 67, 111, 114, 112, 111, 114, 97, 116, 105, 111, 110, 49, 20, 48, 18,
+			06, 03, 85, 04, 07, 12, 11, 83, 97, 110, 116, 97, 32, 67, 108, 97, 114, 97, 49, 11, 48,
+			09, 06, 03, 85, 04, 08, 12, 02, 67, 65, 49, 11, 48, 09, 06, 03, 85, 04, 06, 19, 02, 85,
+			83,
+		],
+		spki: &[
+			48, 19, 06, 07, 42, 134, 72, 206, 61, 02, 01, 06, 08, 42, 134, 72, 206, 61, 03, 01, 07,
+			03, 66, 00, 04, 11, 169, 196, 192, 192, 200, 97, 147, 163, 254, 35, 214, 176, 44, 218,
+			16, 168, 187, 212, 232, 142, 72, 180, 69, 133, 97, 163, 110, 112, 85, 37, 245, 103,
+			145, 142, 46, 220, 136, 228, 13, 134, 11, 208, 204, 78, 226, 106, 172, 201, 136, 229,
+			05, 169, 83, 85, 140, 69, 63, 107, 09, 04, 174, 115, 148,
+		],
+		name_constraints: None,
+	}]);
+
+/// Contains an unvalidated ias remote attestation certificate.
+///
+/// Wrapper to implemented parsing and verification traits on it.
+pub struct CertDer<'a>(&'a [u8]);
+
+/// Encode two 32-byte values in DER format
+/// This is meant for 256 bit ECC signatures or public keys
+pub fn encode_as_der(data: &[u8]) -> Result<Vec<u8>, &'static str> {
+	if data.len() != 64 {
+		return Result::Err("Key must be 64 bytes long")
+	}
+	let mut sequence = der::asn1::SequenceOf::<der::asn1::UIntRef, 2>::new();
+	sequence
+		.add(der::asn1::UIntRef::new(&data[0..32]).map_err(|_| "Invalid public key")?)
+		.map_err(|_| "Invalid public key")?;
+	sequence
+		.add(der::asn1::UIntRef::new(&data[32..]).map_err(|_| "Invalid public key")?)
+		.map_err(|_| "Invalid public key")?;
+	// 72 should be enough in all cases. 2 + 2 x (32 + 3)
+	let mut asn1 = vec![0u8; 72];
+	let mut writer = der::SliceWriter::new(&mut asn1);
+	writer.encode(&sequence).map_err(|_| "Could not encode public key to DER")?;
+	Ok(writer.finish().map_err(|_| "Could not convert public key to DER")?.to_vec())
+}
+
+/// Extracts the specified data into a `EnclaveIdentity` instance.
+/// Also verifies that the data matches the given signature, was produced by the given certificate
+/// and matches the data
+pub fn deserialize_enclave_identity(
+	data: &[u8],
+	signature: &[u8],
+	certificate: &webpki::EndEntityCert,
+) -> Result<EnclaveIdentity, &'static str> {
+	let signature = encode_as_der(signature)?;
+	verify_signature(certificate, data, &signature, &webpki::ECDSA_P256_SHA256)?;
+	serde_json::from_slice(data).map_err(|_| "Deserialization failed")
+}
+
+/// Extracts the specified data into a `TcbInfo` instance.
+/// Also verifies that the data matches the given signature, was produced by the given certificate
+/// and matches the data
+pub fn deserialize_tcb_info(
+	data: &[u8],
+	signature: &[u8],
+	certificate: &webpki::EndEntityCert,
+) -> Result<TcbInfo, &'static str> {
+	let signature = encode_as_der(signature)?;
+	verify_signature(certificate, data, &signature, &webpki::ECDSA_P256_SHA256)?;
+	serde_json::from_slice(data).map_err(|_| "Deserialization failed")
+}
+
+/// Extract a list of certificates from a byte vec. The certificates must be separated by
+/// `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` markers
+pub fn extract_certs(cert_chain: &[u8]) -> Vec<Vec<u8>> {
+	// The certificates should be valid UTF-8 but if not we continue. The certificate verification
+	// will fail at a later point.
+	let certs_concat = String::from_utf8_lossy(cert_chain);
+	let certs_concat = certs_concat.replace('\n', "");
+	let certs_concat = certs_concat.replace("-----BEGIN CERTIFICATE-----", "");
+	// Use the end marker to split the string into certificates
+	let parts = certs_concat.split("-----END CERTIFICATE-----");
+	parts.filter(|p| !p.is_empty()).filter_map(|p| base64::decode(p).ok()).collect()
+}
+
+/// Verifies that the `leaf_cert` in combination with the `intermediate_certs` establishes
+/// a valid certificate chain that is rooted in one of the trust anchors that was compiled into to the pallet
+pub fn verify_certificate_chain<'a>(
+	leaf_cert: &'a [u8],
+	intermediate_certs: &[&[u8]],
+	verification_time: u64,
+) -> Result<webpki::EndEntityCert<'a>, &'static str> {
+	let leaf_cert: webpki::EndEntityCert =
+		webpki::EndEntityCert::from(leaf_cert).map_err(|_| "Failed to parse leaf certificate")?;
+	let time = webpki::Time::from_seconds_since_unix_epoch(verification_time / 1000);
+	let sig_algs = &[&webpki::ECDSA_P256_SHA256];
+	leaf_cert
+		.verify_is_valid_tls_server_cert(sig_algs, &DCAP_SERVER_ROOTS, intermediate_certs, time)
+		.map_err(|_| "Invalid certificate chain")?;
+	Ok(leaf_cert)
+}
+
+pub fn verify_dcap_quote(
+	dcap_quote_raw: &[u8],
+	verification_time: u64,
+	qe: &QuotingEnclave,
+) -> Result<(Fmspc, TcbVersionStatus, SgxReport), &'static str> {
+	let mut dcap_quote_clone = dcap_quote_raw;
+	let quote: DcapQuote =
+		Decode::decode(&mut dcap_quote_clone).map_err(|_| "Failed to decode attestation report")?;
+
+	ensure!(quote.header.version == 3, "Only support for version 3");
+	ensure!(quote.header.attestation_key_type == 2, "Only support for ECDSA-256");
+	ensure!(
+		quote.quote_signature_data.qe_certification_data.certification_data_type == 5,
+		"Only support for PEM formatted PCK Cert Chain"
+	);
+	ensure!(quote.quote_signature_data.qe_report.verify(qe), "Enclave rejected by quoting enclave");
+	let mut xt_signer_array = [0u8; 32];
+	xt_signer_array.copy_from_slice(&quote.body.report_data.d[..32]);
+
+	let certs = extract_certs(&quote.quote_signature_data.qe_certification_data.certification_data);
+	ensure!(certs.len() >= 2, "Certificate chain must have at least two certificates");
+	let intermediate_certificate_slices: Vec<&[u8]> =
+		certs[1..].iter().map(Vec::as_slice).collect();
+	let leaf_cert =
+		verify_certificate_chain(&certs[0], &intermediate_certificate_slices, verification_time)?;
+
+	let (fmspc, tcb_info) = extract_tcb_info(&certs[0])?;
+
+	// For this part some understanding of the document (Especially chapter A.4: Quote Format)
+	// Intel® Software Guard Extensions (Intel® SGX) Data Center Attestation Primitives: ECDSA Quote Library API
+	// https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_ECDSA_QuoteLibReference_DCAP_API.pdf
+
+	const AUTHENTICATION_DATA_SIZE: usize = 32; // This is actually variable but assume 32 for now. This is also hard-coded to 32 in the Intel DCAP repo
+	const DCAP_QUOTE_HEADER_SIZE: usize = core::mem::size_of::<DcapQuoteHeader>();
+	const REPORT_SIZE: usize = core::mem::size_of::<SgxReportBody>();
+	const QUOTE_SIGNATURE_DATA_LEN_SIZE: usize = core::mem::size_of::<u32>();
+
+	let attestation_key_offset = DCAP_QUOTE_HEADER_SIZE +
+		REPORT_SIZE +
+		QUOTE_SIGNATURE_DATA_LEN_SIZE +
+		REPORT_SIGNATURE_SIZE;
+	let authentication_data_offset = attestation_key_offset +
+		ATTESTATION_KEY_SIZE +
+		REPORT_SIZE +
+		REPORT_SIGNATURE_SIZE +
+		core::mem::size_of::<u16>(); //Size of the QE authentication data. We ignore this for now and assume 32. See AUTHENTICATION_DATA_SIZE
+	let mut hash_data = [0u8; ATTESTATION_KEY_SIZE + AUTHENTICATION_DATA_SIZE];
+	hash_data[0..ATTESTATION_KEY_SIZE].copy_from_slice(
+		&dcap_quote_raw[attestation_key_offset..(attestation_key_offset + ATTESTATION_KEY_SIZE)],
+	);
+	hash_data[ATTESTATION_KEY_SIZE..].copy_from_slice(
+		&dcap_quote_raw
+			[authentication_data_offset..(authentication_data_offset + AUTHENTICATION_DATA_SIZE)],
+	);
+	// Ensure that the hash matches the intel signed hash in the QE report. This establishes trust into the attestation key.
+	let hash = ring::digest::digest(&ring::digest::SHA256, &hash_data);
+	ensure!(
+		hash.as_ref() == &quote.quote_signature_data.qe_report.report_data.d[0..32],
+		"Hashes must match"
+	);
+
+	let qe_report_offset = attestation_key_offset + ATTESTATION_KEY_SIZE;
+	let qe_report_slice = &dcap_quote_raw[qe_report_offset..(qe_report_offset + REPORT_SIZE)];
+	let mut pub_key = [0x04u8; 65]; //Prepend 0x04 to specify uncompressed format
+	pub_key[1..].copy_from_slice(&quote.quote_signature_data.ecdsa_attestation_key);
+
+	let peer_public_key =
+		signature::UnparsedPublicKey::new(&signature::ECDSA_P256_SHA256_FIXED, pub_key);
+	let isv_report_slice = &dcap_quote_raw[0..(DCAP_QUOTE_HEADER_SIZE + REPORT_SIZE)];
+	// Verify that the enclave data matches the signature generated by the trusted attestation key.
+	// This establishes trust into the data of the enclave we actually want to verify
+	peer_public_key
+		.verify(isv_report_slice, &quote.quote_signature_data.isv_enclave_report_signature)
+		.map_err(|_| "Failed to verify report signature")?;
+
+	// Verify that the QE report was signed by Intel. This establishes trust into the QE report.
+	let asn1_signature = encode_as_der(&quote.quote_signature_data.qe_report_signature)?;
+	verify_signature(&leaf_cert, qe_report_slice, &asn1_signature, &webpki::ECDSA_P256_SHA256)?;
+
+	ensure!(dcap_quote_clone.is_empty(), "There should be no bytes left over after decoding");
+	let report = SgxReport {
+		mr_enclave: quote.body.mr_enclave,
+		status: SgxStatus::Ok,
+		pubkey: xt_signer_array,
+		timestamp: verification_time,
+		build_mode: quote.body.sgx_build_mode(),
+	};
+	Ok((fmspc, tcb_info, report))
+}
+
+// make sure this function doesn't panic!
+pub fn verify_ias_report(cert_der: &[u8]) -> Result<SgxReport, &'static str> {
+	// Before we reach here, the runtime already verified the extrinsic is properly signed by the extrinsic sender
+	// Hence, we skip: EphemeralKey::try_from(cert)?;
+
+	#[cfg(test)]
+	println!("verifyRA: start verifying RA cert");
+
+	let cert = CertDer(cert_der);
+	let netscape = NetscapeComment::try_from(cert)?;
+	let sig_cert = webpki::EndEntityCert::from(&netscape.sig_cert).map_err(|_| "Bad der")?;
+
+	verify_signature(
+		&sig_cert,
+		netscape.attestation_raw,
+		&netscape.sig,
+		&webpki::RSA_PKCS1_2048_8192_SHA256,
+	)?;
+
+	// FIXME: now hardcoded. but certificate renewal would have to be done manually anyway...
+	// chain wasm update or by some sudo call
+	let valid_until = webpki::Time::from_seconds_since_unix_epoch(1573419050);
+	verify_server_cert(&sig_cert, valid_until)?;
+
+	parse_report(netscape.attestation_raw)
+}
+
+fn parse_report(report_raw: &[u8]) -> Result<SgxReport, &'static str> {
+	// parse attestation report
+	let attn_report: Value = match serde_json::from_slice(report_raw) {
+		Ok(report) => report,
+		Err(_) => return Err("RA report parsing error"),
+	};
+
+	let _ra_timestamp = match &attn_report["timestamp"] {
+		Value::String(time) => {
+			let time_fixed = time.clone() + "+0000";
+			match DateTime::parse_from_str(&time_fixed, "%Y-%m-%dT%H:%M:%S%.f%z") {
+				Ok(d) => d.timestamp(),
+				Err(_) => return Err("RA report timestamp parsing error"),
+			}
+		},
+		_ => return Err("Failed to fetch timestamp from attestation report"),
+	};
+
+	// in milliseconds
+	let ra_timestamp: u64 = (_ra_timestamp * 1000)
+		.try_into()
+		.map_err(|_| "Error converting report.timestamp to u64")?;
+
+	#[cfg(test)]
+	println!("verifyRA attestation timestamp [unix epoch]: {}", ra_timestamp);
+
+	// get quote status (mandatory field)
+	let ra_status = match &attn_report["isvEnclaveQuoteStatus"] {
+		Value::String(quote_status) => match quote_status.as_ref() {
+			"OK" => SgxStatus::Ok,
+			"GROUP_OUT_OF_DATE" => SgxStatus::GroupOutOfDate,
+			"GROUP_REVOKED" => SgxStatus::GroupRevoked,
+			"CONFIGURATION_NEEDED" => SgxStatus::ConfigurationNeeded,
+			_ => SgxStatus::Invalid,
+		},
+		_ => return Err("Failed to fetch isvEnclaveQuoteStatus from attestation report"),
+	};
+
+	#[cfg(test)]
+	println!("verifyRA attestation status is: {:?}", ra_status);
+	// parse quote body
+	if let Value::String(quote_raw) = &attn_report["isvEnclaveQuoteBody"] {
+		let quote = match base64::decode(quote_raw) {
+			Ok(q) => q,
+			Err(_) => return Err("Quote Decoding Error"),
+		};
+		#[cfg(test)]
+		println!("Quote read. len={}", quote.len());
+		// TODO: lack security check here
+		let sgx_quote: SgxQuote = match Decode::decode(&mut &quote[..]) {
+			Ok(q) => q,
+			Err(_) => return Err("could not decode quote"),
+		};
+
+		#[cfg(test)]
+		{
+			println!("sgx quote version = {}", sgx_quote.version);
+			println!("sgx quote signature type = {}", sgx_quote.sign_type);
+			//println!("sgx quote report_data = {:?}", sgx_quote.report_body.report_data.d[..32]);
+			println!("sgx quote mr_enclave = {:x?}", sgx_quote.report_body.mr_enclave);
+			println!("sgx quote mr_signer = {:x?}", sgx_quote.report_body.mr_signer);
+			println!("sgx quote report_data = {:x?}", sgx_quote.report_body.report_data.d.to_vec());
+		}
+
+		let mut xt_signer_array = [0u8; 32];
+		xt_signer_array.copy_from_slice(&sgx_quote.report_body.report_data.d[..32]);
+		Ok(SgxReport {
+			mr_enclave: sgx_quote.report_body.mr_enclave,
+			status: ra_status,
+			pubkey: xt_signer_array,
+			timestamp: ra_timestamp,
+			build_mode: sgx_quote.report_body.sgx_build_mode(),
+		})
+	} else {
+		Err("Failed to parse isvEnclaveQuoteBody from attestation report")
+	}
+}
+
+/// * `signature` - Must be encoded in DER format.
+pub fn verify_signature(
+	entity_cert: &webpki::EndEntityCert,
+	data: &[u8],
+	signature: &[u8],
+	signature_algorithm: &SignatureAlgorithm,
+) -> Result<(), &'static str> {
+	match entity_cert.verify_signature(signature_algorithm, data, signature) {
+		Ok(()) => {
+			#[cfg(test)]
+			println!("IAS signature is valid");
+			Ok(())
+		},
+		Err(_e) => {
+			#[cfg(test)]
+			println!("RSA Signature ERROR: {}", _e);
+			Err("bad signature")
+		},
+	}
+}
+
+pub fn verify_server_cert(
+	sig_cert: &webpki::EndEntityCert,
+	timestamp_valid_until: webpki::Time,
+) -> Result<(), &'static str> {
+	let chain: Vec<&[u8]> = Vec::new();
+	match sig_cert.verify_is_valid_tls_server_cert(
+		SUPPORTED_SIG_ALGS,
+		&IAS_SERVER_ROOTS,
+		&chain,
+		timestamp_valid_until,
+	) {
+		Ok(()) => {
+			#[cfg(test)]
+			println!("CA is valid");
+			Ok(())
+		},
+		Err(_e) => {
+			#[cfg(test)]
+			println!("CA ERROR: {}", _e);
+			Err("CA verification failed")
+		},
+	}
+}
+
+/// See document "Intel® Software Guard Extensions: PCK Certificate and Certificate Revocation List Profile Specification"
+/// https://download.01.org/intel-sgx/dcap-1.2/linux/docs/Intel_SGX_PCK_Certificate_CRL_Spec-1.1.pdf
+const INTEL_SGX_EXTENSION_OID: ObjectIdentifier =
+	ObjectIdentifier::new_unwrap("1.2.840.113741.1.13.1");
+const OID_FMSPC: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113741.1.13.1.4");
+const OID_PCESVN: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113741.1.13.1.2.17");
+const OID_CPUSVN: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113741.1.13.1.2.18");
+
+pub fn extract_tcb_info(cert: &[u8]) -> Result<(Fmspc, TcbVersionStatus), &'static str> {
+	let extension_section = get_intel_extension(cert)?;
+
+	let fmspc = get_fmspc(&extension_section)?;
+	let cpusvn = get_cpusvn(&extension_section)?;
+	let pcesvn = get_pcesvn(&extension_section)?;
+
+	Ok((fmspc, TcbVersionStatus::new(cpusvn, pcesvn)))
+}
+
+fn get_intel_extension(der_encoded: &[u8]) -> Result<Vec<u8>, &'static str> {
+	let cert: Certificate =
+		der::Decode::from_der(der_encoded).map_err(|_| "Error parsing certificate")?;
+	let mut extension_iter = cert
+		.tbs_certificate
+		.extensions
+		.as_deref()
+		.unwrap_or(&[])
+		.iter()
+		.filter(|e| e.extn_id == INTEL_SGX_EXTENSION_OID)
+		.map(|e| e.extn_value);
+
+	let extension = extension_iter.next();
+	ensure!(
+		extension.is_some() && extension_iter.next().is_none(),
+		"There should only be one section containing Intel extensions"
+	);
+	// SAFETY: Ensured above that extension.is_some() == true
+	Ok(extension.unwrap().to_vec())
+}
+
+fn get_fmspc(der: &[u8]) -> Result<Fmspc, &'static str> {
+	let bytes_oid = OID_FMSPC.as_bytes();
+	let mut offset = der
+		.windows(bytes_oid.len())
+		.position(|window| window == bytes_oid)
+		.ok_or("Certificate does not contain 'FMSPC_OID'")?;
+	offset += 12; // length oid (10) + asn1 tag (1) + asn1 length10 (1)
+
+	let fmspc_size = std::mem::size_of::<Fmspc>() / std::mem::size_of::<u8>();
+	let data = der.get(offset..offset + fmspc_size).ok_or("Index out of bounds")?;
+	data.try_into().map_err(|_| "FMSPC must be 6 bytes long")
+}
+
+fn get_cpusvn(der: &[u8]) -> Result<Cpusvn, &'static str> {
+	let bytes_oid = OID_CPUSVN.as_bytes();
+	let mut offset = der
+		.windows(bytes_oid.len())
+		.position(|window| window == bytes_oid)
+		.ok_or("Certificate does not contain 'CPUSVN_OID'")?;
+	offset += 13; // length oid (11) + asn1 tag (1) + asn1 length10 (1)
+
+	// CPUSVN is specified to have length 16
+	let len = 16;
+	let data = der.get(offset..offset + len).ok_or("Index out of bounds")?;
+	data.try_into().map_err(|_| "CPUSVN must be 16 bytes long")
+}
+
+fn get_pcesvn(der: &[u8]) -> Result<Pcesvn, &'static str> {
+	let bytes_oid = OID_PCESVN.as_bytes();
+	let mut offset = der
+		.windows(bytes_oid.len())
+		.position(|window| window == bytes_oid)
+		.ok_or("Certificate does not contain 'PCESVN_OID'")?;
+	// length oid + asn1 tag (1 byte)
+	offset += bytes_oid.len() + 1;
+	// PCESVN can be 1 or 2 bytes
+	let len = length_from_raw_data(der, &mut offset)?;
+	offset += 1; // length_from_raw_data does not move the offset when the length is encoded in a single byte
+	ensure!(len == 1 || len == 2, "PCESVN must be 1 or 2 bytes");
+	let data = der.get(offset..offset + len).ok_or("Index out of bounds")?;
+	if data.len() == 1 {
+		Ok(u16::from(data[0]))
+	} else {
+		// Unwrap is fine here as we check the length above
+		// DER integers are encoded in big endian
+		Ok(u16::from_be_bytes(data.try_into().unwrap()))
+	}
+}
diff --git a/teerex/ias-verify/src/netscape_comment.rs b/teerex/sgx-verify/src/netscape_comment.rs
similarity index 96%
rename from teerex/ias-verify/src/netscape_comment.rs
rename to teerex/sgx-verify/src/netscape_comment.rs
index bc123705..b1f63c43 100644
--- a/teerex/ias-verify/src/netscape_comment.rs
+++ b/teerex/sgx-verify/src/netscape_comment.rs
@@ -34,7 +34,7 @@ impl<'a> TryFrom<CertDer<'a>> for NetscapeComment<'a> {
 		let netscape_raw = cert_der
 			.get(offset..offset + len)
 			.ok_or("Index out of bounds")?
-			.split(|x| *x == 0x7C)
+			.split(|x| *x == 0x7C) // 0x7C is the character '|'
 			.collect::<Vec<&[u8]>>();
 		ensure!(netscape_raw.len() == 3, "Invalid netscape payload");
 
diff --git a/teerex/ias-verify/src/tests.rs b/teerex/sgx-verify/src/tests.rs
similarity index 64%
rename from teerex/ias-verify/src/tests.rs
rename to teerex/sgx-verify/src/tests.rs
index 49239e20..1fa4253f 100644
--- a/teerex/ias-verify/src/tests.rs
+++ b/teerex/sgx-verify/src/tests.rs
@@ -1,7 +1,9 @@
 use super::*;
+use crate::collateral::{EnclaveIdentitySigned, TcbInfoSigned};
 use codec::Decode;
 use frame_support::assert_err;
 use hex_literal::hex;
+
 // reproduce with "integritee_service dump_ra"
 const TEST1_CERT: &[u8] = include_bytes!("../test/test_ra_cert_MRSIGNER1_MRENCLAVE1.der");
 const TEST2_CERT: &[u8] = include_bytes!("../test/test_ra_cert_MRSIGNER2_MRENCLAVE2.der");
@@ -31,6 +33,9 @@ const TEST4_SIGNER_PUB: &[u8] = include_bytes!("../test/enclave-signing-pubkey-T
 const TEST5_SIGNER_PUB: &[u8] = include_bytes!("../test/enclave-signing-pubkey-TEST5.bin");
 const TEST6_SIGNER_PUB: &[u8] = include_bytes!("../test/enclave-signing-pubkey-TEST6.bin");
 const TEST7_SIGNER_PUB: &[u8] = include_bytes!("../test/enclave-signing-pubkey-TEST7.bin");
+const QE_IDENTITY_CERT: &str = include_str!("../test/dcap/qe_identity_cert.pem");
+const DCAP_QUOTE_CERT: &str = include_str!("../test/dcap/dcap_quote_cert.der");
+const PCK_CRL: &[u8] = include_bytes!("../test/dcap/pck_crl.der");
 
 // reproduce with "make mrenclave" in worker repo root
 const TEST1_MRENCLAVE: &[u8] = &[
@@ -47,26 +52,26 @@ const TEST3_MRENCLAVE: &[u8] = &[
 ];
 
 // MRSIGNER is 83d719e77deaca1470f6baf62a4d774303c899db69020f9c70ee1dfc08c7ce9e
-const TEST4_MRENCLAVE: [u8; 32] =
+const TEST4_MRENCLAVE: MrEnclave =
 	hex!("7a3454ec8f42e265cb5be7dfd111e1d95ac6076ed82a0948b2e2a45cf17b62a0");
-const TEST5_MRENCLAVE: [u8; 32] =
+const TEST5_MRENCLAVE: MrEnclave =
 	hex!("f4dedfc9e5fcc48443332bc9b23161c34a3c3f5a692eaffdb228db27b704d9d1");
 // equal to TEST5!
-const TEST6_MRENCLAVE: [u8; 32] =
+const TEST6_MRENCLAVE: MrEnclave =
 	hex!("f4dedfc9e5fcc48443332bc9b23161c34a3c3f5a692eaffdb228db27b704d9d1");
 // equal to TEST6!
-const TEST7_MRENCLAVE: [u8; 32] =
+const TEST7_MRENCLAVE: MrEnclave =
 	hex!("f4dedfc9e5fcc48443332bc9b23161c34a3c3f5a692eaffdb228db27b704d9d1");
 
 // production mode
 // MRSIGNER is 117f95f65f06afb5764b572156b8b525c6230db7d6b1c94e8ebdb7fba068f4e8
-const TEST8_MRENCLAVE: [u8; 32] =
+const TEST8_MRENCLAVE: MrEnclave =
 	hex!("bcf66abfc6b3ef259e9ecfe4cf8df667a7f5a546525dee16822741b38f6e6050");
 
 // unix epoch. must be later than this
 const TEST1_TIMESTAMP: i64 = 1580587262i64;
-const TEST2_TIMESTAMP: i64 = 1581259412i64;
-const TEST3_TIMESTAMP: i64 = 1581259975i64;
+/// Collateral test data mus be valid at this time (2022-10-11 14:01:02) for the tests to work
+const COLLATERAL_VERIFICATION_TIMESTAMP: u64 = 1665489662000;
 
 //const CERT: &[u8] = b"0\x82\x0c\x8c0\x82\x0c2\xa0\x03\x02\x01\x02\x02\x01\x010\n\x06\x08*\x86H\xce=\x04\x03\x020\x121\x100\x0e\x06\x03U\x04\x03\x0c\x07MesaTEE0\x1e\x17\r190617124609Z\x17\r190915124609Z0\x121\x100\x0e\x06\x03U\x04\x03\x0c\x07MesaTEE0Y0\x13\x06\x07*\x86H\xce=\x02\x01\x06\x08*\x86H\xce=\x03\x01\x07\x03B\0\x04RT\x16\x16 \xef_\xd8\xe7\xc3\xb7\x03\x1d\xd6:\x1fF\xe3\xf2b!\xa9/\x8b\xd4\x82\x8f\xd1\xff[\x9c\x97\xbc\xf27\xb8,L\x8a\x01\xb0r;;\xa9\x83\xdc\x86\x9f\x1d%y\xf4;I\xe4Y\xc80'$K[\xd6\xa3\x82\x0bw0\x82\x0bs0\x82\x0bo\x06\t`\x86H\x01\x86\xf8B\x01\r\x04\x82\x0b`{\"id\":\"117077750682263877593646412006783680848\",\"timestamp\":\"2019-06-17T12:46:04.002066\",\"version\":3,\"isvEnclaveQuoteStatus\":\"GROUP_OUT_OF_DATE\",\"platformInfoBlob\":\"1502006504000900000909020401800000000000000000000008000009000000020000000000000B401A355B313FC939B4F48A54349C914A32A3AE2C4871BFABF22E960C55635869FC66293A3D9B2D58ED96CA620B65D669A444C80291314EF691E896F664317CF80C\",\"isvEnclaveQuoteBody\":\"AgAAAEALAAAIAAcAAAAAAOE6wgoHKsZsnVWSrsWX9kky0kWt9K4xcan0fQ996Ct+CAj//wGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAAAAAAAAAHAAAAAAAAAFJJYIbPVot9NzRCjW2z9+k+9K8BsHQKzVMEHOR14hNbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACD1xnnferKFHD2uvYqTXdDA8iZ22kCD5xw7h38CMfOngAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABSVBYWIO9f2OfDtwMd1jofRuPyYiGpL4vUgo/R/1ucl7zyN7gsTIoBsHI7O6mD3IafHSV59DtJ5FnIMCckS1vW\"}|EbPFH/ThUaS/dMZoDKC5EgmdUXUORFtQzF49Umi1P55oeESreJaUvmA0sg/ATSTn5t2e+e6ZoBQIUbLHjcWLMLzK4pJJUeHhok7EfVgoQ378i+eGR9v7ICNDGX7a1rroOe0s1OKxwo/0hid2KWvtAUBvf1BDkqlHy025IOiXWhXFLkb/qQwUZDWzrV4dooMfX5hfqJPi1q9s18SsdLPmhrGBheh9keazeCR9hiLhRO9TbnVgR9zJk43SPXW+pHkbNigW+2STpVAi5ugWaSwBOdK11ZjaEU1paVIpxQnlW1D6dj1Zc3LibMH+ly9ZGrbYtuJks4eRnjPhroPXxlJWpQ==|MIIEoTCCAwmgAwIBAgIJANEHdl0yo7CWMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExGjAYBgNVBAoMEUludGVsIENvcnBvcmF0aW9uMTAwLgYDVQQDDCdJbnRlbCBTR1ggQXR0ZXN0YXRpb24gUmVwb3J0IFNpZ25pbmcgQ0EwHhcNMTYxMTIyMDkzNjU4WhcNMjYxMTIwMDkzNjU4WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFDASBgNVBAcMC1NhbnRhIENsYXJhMRowGAYDVQQKDBFJbnRlbCBDb3Jwb3JhdGlvbjEtMCsGA1UEAwwkSW50ZWwgU0dYIEF0dGVzdGF0aW9uIFJlcG9ydCBTaWduaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXot4OZuphR8nudFrAFiaGxxkgma/Es/BA+tbeCTUR106AL1ENcWA4FX3K+E9BBL0/7X5rj5nIgX/R/1ubhkKWw9gfqPG3KeAtIdcv/uTO1yXv50vqaPvE1CRChvzdS/ZEBqQ5oVvLTPZ3VEicQjlytKgN9cLnxbwtuvLUK7eyRPfJW/ksddOzP8VBBniolYnRCD2jrMRZ8nBM2ZWYwnXnwYeOAHV+W9tOhAImwRwKF/95yAsVwd21ryHMJBcGH70qLagZ7Ttyt++qO/6+KAXJuKwZqjRlEtSEz8gZQeFfVYgcwSfo96oSMAzVr7V0L6HSDLRnpb6xxmbPdqNol4tQIDAQABo4GkMIGhMB8GA1UdIwQYMBaAFHhDe3amfrzQr35CN+s1fDuHAVE8MA4GA1UdDwEB/wQEAwIGwDAMBgNVHRMBAf8EAjAAMGAGA1UdHwRZMFcwVaBToFGGT2h0dHA6Ly90cnVzdGVkc2VydmljZXMuaW50ZWwuY29tL2NvbnRlbnQvQ1JML1NHWC9BdHRlc3RhdGlvblJlcG9ydFNpZ25pbmdDQS5jcmwwDQYJKoZIhvcNAQELBQADggGBAGcIthtcK9IVRz4rRq+ZKE+7k50/OxUsmW8aavOzKb0iCx07YQ9rzi5nU73tME2yGRLzhSViFs/LpFa9lpQL6JL1aQwmDR74TxYGBAIi5f4I5TJoCCEqRHz91kpG6Uvyn2tLmnIdJbPE4vYvWLrtXXfFBSSPD4Afn7+3/XUggAlc7oCTizOfbbtOFlYA4g5KcYgS1J2ZAeMQqbUdZseZCcaZZZn65tdqee8UXZlDvx0+NdO0LR+5pFy+juM0wWbu59MvzcmTXbjsi7HY6zd53Yq5K244fwFHRQ8eOB0IWB+4PfM7FeAApZvlfqlKOlLcZL2uyVmzRkyR5yW72uo9mehX44CiPJ2fse9Y6eQtcfEhMPkmHXI01sN+KwPbpA39+xOsStjhP9N1Y1a2tQAVo+yVgLgV2Hws73Fc0o3wC78qPEA+v2aRs/Be3ZFDgDyghc/1fgU+7C+P6kbqd4poyb6IW8KCJbxfMJvkordNOgOUUxndPHEi/tb/U7uLjLOgPA==0\n\x06\x08*\x86H\xce=\x04\x03\x02\x03H\00E\x02!\0\xae6\x06\t@Sy\x8f\x8ec\x9d\xdci^Ex*\x92}\xdcG\x15A\x97\xd7\xd7\xd1\xccx\xe0\x1e\x08\x02 \x15Q\xa0BT\xde'~\xec\xbd\x027\xd3\xd8\x83\xf7\xe6Z\xc5H\xb4D\xf7\xe2\r\xa7\xe4^f\x10\x85p";
 const CERT_FAKE_QUOTE_STATUS: &[u8] = b"0\x82\x0c\x8c0\x82\x0c2\xa0\x03\x02\x01\x02\x02\x01\x010\n\x06\x08*\x86H\xce=\x04\x03\x020\x121\x100\x0e\x06\x03U\x04\x03\x0c\x07MesaTEE0\x1e\x17\r190617124609Z\x17\r190915124609Z0\x121\x100\x0e\x06\x03U\x04\x03\x0c\x07MesaTEE0Y0\x13\x06\x07*\x86H\xce=\x02\x01\x06\x08*\x86H\xce=\x03\x01\x07\x03B\0\x04RT\x16\x16 \xef_\xd8\xe7\xc3\xb7\x03\x1d\xd6:\x1fF\xe3\xf2b!\xa9/\x8b\xd4\x82\x8f\xd1\xff[\x9c\x97\xbc\xf27\xb8,L\x8a\x01\xb0r;;\xa9\x83\xdc\x86\x9f\x1d%y\xf4;I\xe4Y\xc80'$K[\xd6\xa3\x82\x0bw0\x82\x0bs0\x82\x0bo\x06\t`\x86H\x01\x86\xf8B\x01\r\x04\x82\x0b`{\"id\":\"117077750682263877593646412006783680848\",\"timestamp\":\"2019-06-17T12:46:04.002066\",\"version\":3,\"isvEnclaveQuoteStatus\":\"OK\",\"platformInfoBlob\":\"1602006504000900000909020401800000000000000000000008000009000000020000000000000B401A355B313FC939B4F48A54349C914A32A3AE2C4871BFABF22E960C55635869FC66293A3D9B2D58ED96CA620B65D669A444C80291314EF691E896F664317CF80C\",\"isvEnclaveQuoteBody\":\"AgAAAEALAAAIAAcAAAAAAOE6wgoHKsZsnVWSrsWX9kky0kWt9K4xcan0fQ996Ct+CAj//wGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAAAAAAAAAHAAAAAAAAAFJJYIbPVot9NzRCjW2z9+k+9K8BsHQKzVMEHOR14hNbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACD1xnnferKFHD2uvYqTXdDA8iZ22kCD5xw7h38CMfOngAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABSVBYWIO9f2OfDtwMd1jofRuPyYiGpL4vUgo/R/1ucl7zyN7gsTIoBsHI7O6mD3IafHSV59DtJ5FnIMCckS1vW\"}|EbPFH/ThUaS/dMZoDKC5EgmdUXUORFtQzF49Umi1P55oeESreJaUvmA0sg/ATSTn5t2e+e6ZoBQIUbLHjcWLMLzK4pJJUeHhok7EfVgoQ378i+eGR9v7ICNDGX7a1rroOe0s1OKxwo/0hid2KWvtAUBvf1BDkqlHy025IOiXWhXFLkb/qQwUZDWzrV4dooMfX5hfqJPi1q9s18SsdLPmhrGBheh9keazeCR9hiLhRO9TbnVgR9zJk43SPXW+pHkbNigW+2STpVAi5ugWaSwBOdK11ZjaEU1paVIpxQnlW1D6dj1Zc3LibMH+ly9ZGrbYtuJks4eRnjPhroPXxlJWpQ==|MIIEoTCCAwmgAwIBAgIJANEHdl0yo7CWMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExGjAYBgNVBAoMEUludGVsIENvcnBvcmF0aW9uMTAwLgYDVQQDDCdJbnRlbCBTR1ggQXR0ZXN0YXRpb24gUmVwb3J0IFNpZ25pbmcgQ0EwHhcNMTYxMTIyMDkzNjU4WhcNMjYxMTIwMDkzNjU4WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFDASBgNVBAcMC1NhbnRhIENsYXJhMRowGAYDVQQKDBFJbnRlbCBDb3Jwb3JhdGlvbjEtMCsGA1UEAwwkSW50ZWwgU0dYIEF0dGVzdGF0aW9uIFJlcG9ydCBTaWduaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXot4OZuphR8nudFrAFiaGxxkgma/Es/BA+tbeCTUR106AL1ENcWA4FX3K+E9BBL0/7X5rj5nIgX/R/1ubhkKWw9gfqPG3KeAtIdcv/uTO1yXv50vqaPvE1CRChvzdS/ZEBqQ5oVvLTPZ3VEicQjlytKgN9cLnxbwtuvLUK7eyRPfJW/ksddOzP8VBBniolYnRCD2jrMRZ8nBM2ZWYwnXnwYeOAHV+W9tOhAImwRwKF/95yAsVwd21ryHMJBcGH70qLagZ7Ttyt++qO/6+KAXJuKwZqjRlEtSEz8gZQeFfVYgcwSfo96oSMAzVr7V0L6HSDLRnpb6xxmbPdqNol4tQIDAQABo4GkMIGhMB8GA1UdIwQYMBaAFHhDe3amfrzQr35CN+s1fDuHAVE8MA4GA1UdDwEB/wQEAwIGwDAMBgNVHRMBAf8EAjAAMGAGA1UdHwRZMFcwVaBToFGGT2h0dHA6Ly90cnVzdGVkc2VydmljZXMuaW50ZWwuY29tL2NvbnRlbnQvQ1JML1NHWC9BdHRlc3RhdGlvblJlcG9ydFNpZ25pbmdDQS5jcmwwDQYJKoZIhvcNAQELBQADggGBAGcIthtcK9IVRz4rRq+ZKE+7k50/OxUsmW8aavOzKb0iCx07YQ9rzi5nU73tME2yGRLzhSViFs/LpFa9lpQL6JL1aQwmDR74TxYGBAIi5f4I5TJoCCEqRHz91kpG6Uvyn2tLmnIdJbPE4vYvWLrtXXfFBSSPD4Afn7+3/XUggAlc7oCTizOfbbtOFlYA4g5KcYgS1J2ZAeMQqbUdZseZCcaZZZn65tdqee8UXZlDvx0+NdO0LR+5pFy+juM0wWbu59MvzcmTXbjsi7HY6zd53Yq5K244fwFHRQ8eOB0IWB+4PfM7FeAApZvlfqlKOlLcZL2uyVmzRkyR5yW72uo9mehX44CiPJ2fse9Y6eQtcfEhMPkmHXI01sN+KwPbpA39+xOsStjhP9N1Y1a2tQAVo+yVgLgV2Hws73Fc0o3wC78qPEA+v2aRs/Be3ZFDgDyghc/1fgU+7C+P6kbqd4poyb6IW8KCJbxfMJvkordNOgOUUxndPHEi/tb/U7uLjLOgPA==0\n\x06\x08*\x86H\xce=\x04\x03\x02\x03H\x000E\x02!\0\xae6\x06\t@Sy\x8f\x8ec\x9d\xdci^Ex*\x92}\xdcG\x15A\x97\xd7\xd7\xd1\xccx\xe0\x1e\x08\x02 \x15Q\xa0BT\xde'~\xec\xbd\x027\xd3\xd8\x83\xf7\xe6Z\xc5H\xb4D\xf7\xe2\r\xa7\xe4^f\x10\x85p";
@@ -151,3 +156,111 @@ fn verify_sgx_build_mode_works() {
 	let report = report.unwrap();
 	assert_eq!(report.build_mode, SgxBuildMode::Production);
 }
+
+#[test]
+fn decode_qe_authentication_data() {
+	assert!(QeAuthenticationData::decode(&mut &[0u8][..]).is_err());
+	assert!(QeAuthenticationData::decode(&mut &[1u8][..]).is_err());
+	assert_eq!(0, QeAuthenticationData::decode(&mut &[0u8, 0][..]).unwrap().size);
+	let d = QeAuthenticationData::decode(&mut &[1u8, 0, 5][..]).unwrap();
+	assert_eq!(1, d.size);
+	assert_eq!(5, d.certification_data[0]);
+}
+
+#[test]
+fn decode_qe_certification_data() {
+	assert!(QeCertificationData::decode(&mut &[0u8][..]).is_err());
+	assert!(QeCertificationData::decode(&mut &[1u8, 0, 0, 0, 0][..]).is_err());
+	assert_eq!(0, QeCertificationData::decode(&mut &[0u8, 0, 0, 0, 0, 0][..]).unwrap().size);
+	let d = QeCertificationData::decode(&mut &[0u8, 0, 1, 0, 0, 0, 5][..]).unwrap();
+	assert_eq!(1, d.size);
+	assert_eq!(5, d.certification_data[0]);
+	assert!(QeCertificationData::decode(&mut &[0u8, 0, 2, 0, 0, 0, 5][..]).is_err());
+}
+
+#[test]
+fn deserialize_qe_identity_works() {
+	let certs = extract_certs(include_bytes!("../test/dcap/qe_identity_issuer_chain.pem"));
+	let intermediate_slices: Vec<&[u8]> = certs[1..].iter().map(Vec::as_slice).collect();
+	let leaf_cert = verify_certificate_chain(
+		&certs[0],
+		&intermediate_slices,
+		COLLATERAL_VERIFICATION_TIMESTAMP,
+	)
+	.unwrap();
+	let json: EnclaveIdentitySigned =
+		serde_json::from_slice(include_bytes!("../test/dcap/qe_identity.json")).unwrap();
+	let json_data = serde_json::to_vec(&json.enclave_identity).unwrap();
+	let signature = hex::decode(json.signature).unwrap();
+
+	let e = deserialize_enclave_identity(&json_data, &signature, &leaf_cert).unwrap();
+	assert_eq!(1, e.isvprodid);
+	assert_eq!(5, e.tcb_levels.len());
+}
+
+#[test]
+fn deserialize_tcb_info_works() {
+	let certs = extract_certs(include_bytes!("../test/dcap/tcb_info_issuer_chain.pem"));
+	let intermediate_slices: Vec<&[u8]> = certs[1..].iter().map(Vec::as_slice).collect();
+	let leaf_cert = verify_certificate_chain(
+		&certs[0],
+		&intermediate_slices,
+		COLLATERAL_VERIFICATION_TIMESTAMP,
+	)
+	.unwrap();
+	let json: TcbInfoSigned =
+		serde_json::from_slice(include_bytes!("../test/dcap/tcb_info.json")).unwrap();
+
+	let json_data = serde_json::to_vec(&json.tcb_info).unwrap();
+	let signature = hex::decode(json.signature).unwrap();
+
+	let e = deserialize_tcb_info(&json_data, &signature, &leaf_cert).unwrap();
+	assert_eq!(hex!("00906EA10000"), json.tcb_info.fmspc);
+}
+
+#[test]
+fn verify_tcb_info_signature() {
+	let cert = QE_IDENTITY_CERT.replace('\n', "");
+	let leaf_cert = base64::decode(&cert).unwrap();
+	let cert = webpki::EndEntityCert::from(leaf_cert.as_slice()).unwrap();
+	let data = br#"{"version":2,"issueDate":"2022-10-18T21:45:02Z","nextUpdate":"2022-11-17T21:45:02Z","fmspc":"00906EA10000","pceId":"0000","tcbType":0,"tcbEvaluationDataNumber":12,"tcbLevels":[{"tcb":{"sgxtcbcomp01svn":17,"sgxtcbcomp02svn":17,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":7,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":11},"tcbDate":"2021-11-10T00:00:00Z","tcbStatus":"SWHardeningNeeded"},{"tcb":{"sgxtcbcomp01svn":17,"sgxtcbcomp02svn":17,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":7,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":10},"tcbDate":"2020-11-11T00:00:00Z","tcbStatus":"OutOfDate"},{"tcb":{"sgxtcbcomp01svn":17,"sgxtcbcomp02svn":17,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":11},"tcbDate":"2021-11-10T00:00:00Z","tcbStatus":"ConfigurationAndSWHardeningNeeded"},{"tcb":{"sgxtcbcomp01svn":17,"sgxtcbcomp02svn":17,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":10},"tcbDate":"2020-11-11T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded"},{"tcb":{"sgxtcbcomp01svn":15,"sgxtcbcomp02svn":15,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":7,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":10},"tcbDate":"2020-06-10T00:00:00Z","tcbStatus":"OutOfDate"},{"tcb":{"sgxtcbcomp01svn":15,"sgxtcbcomp02svn":15,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":10},"tcbDate":"2020-06-10T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded"},{"tcb":{"sgxtcbcomp01svn":14,"sgxtcbcomp02svn":14,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":7,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":10},"tcbDate":"2019-12-11T00:00:00Z","tcbStatus":"OutOfDate"},{"tcb":{"sgxtcbcomp01svn":14,"sgxtcbcomp02svn":14,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":10},"tcbDate":"2019-12-11T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded"},{"tcb":{"sgxtcbcomp01svn":13,"sgxtcbcomp02svn":13,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":3,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":9},"tcbDate":"2019-11-13T00:00:00Z","tcbStatus":"OutOfDate"},{"tcb":{"sgxtcbcomp01svn":13,"sgxtcbcomp02svn":13,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":9},"tcbDate":"2019-11-13T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded"},{"tcb":{"sgxtcbcomp01svn":6,"sgxtcbcomp02svn":6,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":1,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":7},"tcbDate":"2019-05-15T00:00:00Z","tcbStatus":"OutOfDate"},{"tcb":{"sgxtcbcomp01svn":6,"sgxtcbcomp02svn":6,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":7},"tcbDate":"2019-05-15T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded"},{"tcb":{"sgxtcbcomp01svn":5,"sgxtcbcomp02svn":5,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":1,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":7},"tcbDate":"2019-01-09T00:00:00Z","tcbStatus":"OutOfDate"},{"tcb":{"sgxtcbcomp01svn":5,"sgxtcbcomp02svn":5,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":1,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":6},"tcbDate":"2018-08-15T00:00:00Z","tcbStatus":"OutOfDate"},{"tcb":{"sgxtcbcomp01svn":5,"sgxtcbcomp02svn":5,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":7},"tcbDate":"2019-01-09T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded"},{"tcb":{"sgxtcbcomp01svn":5,"sgxtcbcomp02svn":5,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":6},"tcbDate":"2018-08-15T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded"},{"tcb":{"sgxtcbcomp01svn":4,"sgxtcbcomp02svn":4,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":5},"tcbDate":"2018-01-04T00:00:00Z","tcbStatus":"OutOfDate"},{"tcb":{"sgxtcbcomp01svn":2,"sgxtcbcomp02svn":2,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":4},"tcbDate":"2017-07-26T00:00:00Z","tcbStatus":"OutOfDate"}]}"#;
+	let signature = hex!("e0cc3102e9ffdb21cf156ba30f13d027210ab11f3bff349e670e4c49b2f0cb6889c7eeb436149c7efe53e15c97e6ec3fc9f34c3440e732a4c760f8eb91834a36");
+	let signature = encode_as_der(&signature).unwrap();
+	verify_signature(&cert, data, &signature, &webpki::ECDSA_P256_SHA256).unwrap();
+}
+
+/// This is demo code of how a CRL certificate can be parsed and how the revoked serials can be extracted
+/// The part that is missing/open is how to verify the certificate chain of the CRL
+/// TODO: Implement CRL handling
+#[test]
+fn parse_pck_crl() {
+	let crl_decoded = hex::decode(&PCK_CRL).unwrap();
+	let crl: x509_cert::crl::CertificateList = der::Decode::from_der(&crl_decoded).unwrap();
+
+	let mut serials = vec![];
+	if let Some(certs) = crl.tbs_cert_list.revoked_certificates {
+		for c in certs {
+			let serial = c.serial_number.as_bytes().to_vec();
+			serials.push(serial);
+		}
+	}
+	assert_eq!(3, serials.len());
+}
+
+#[test]
+fn parse_pck_certificate() {
+	let der = DCAP_QUOTE_CERT.replace('\n', "");
+	let der = base64::decode(&der).unwrap();
+
+	let ext = get_intel_extension(&der).unwrap();
+	assert_eq!(453, ext.len());
+
+	let fmspc = get_fmspc(&ext).unwrap();
+	assert_eq!(hex!("00906EA10000"), fmspc);
+
+	let cpusvn = get_cpusvn(&ext).unwrap();
+	assert_eq!(hex!("11110204018007000000000000000000"), cpusvn);
+
+	let pcesvn = get_pcesvn(&ext).unwrap();
+	assert_eq!(u16::from_be_bytes(hex!("000B")), pcesvn);
+}
diff --git a/teerex/ias-verify/src/utils.rs b/teerex/sgx-verify/src/utils.rs
similarity index 100%
rename from teerex/ias-verify/src/utils.rs
rename to teerex/sgx-verify/src/utils.rs
diff --git a/teerex/sgx-verify/test/dcap/dcap_quote_cert.der b/teerex/sgx-verify/test/dcap/dcap_quote_cert.der
new file mode 100644
index 00000000..accd665a
--- /dev/null
+++ b/teerex/sgx-verify/test/dcap/dcap_quote_cert.der
@@ -0,0 +1,25 @@
+MIIEjjCCBDSgAwIBAgIVAMyWqlD3mkxu2FhYuPtrCp2bId06MAoGCCqGSM49BAMC
+MHExIzAhBgNVBAMMGkludGVsIFNHWCBQQ0sgUHJvY2Vzc29yIENBMRowGAYDVQQK
+DBFJbnRlbCBDb3Jwb3JhdGlvbjEUMBIGA1UEBwwLU2FudGEgQ2xhcmExCzAJBgNV
+BAgMAkNBMQswCQYDVQQGEwJVUzAeFw0yMjA1MjMxNTA3MDRaFw0yOTA1MjMxNTA3
+MDRaMHAxIjAgBgNVBAMMGUludGVsIFNHWCBQQ0sgQ2VydGlmaWNhdGUxGjAYBgNV
+BAoMEUludGVsIENvcnBvcmF0aW9uMRQwEgYDVQQHDAtTYW50YSBDbGFyYTELMAkG
+A1UECAwCQ0ExCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
+7pMyqXdHOoVduZAG8j3Wliu0FYWhT+tjjYj9Tdlmr51x8iudHDGTxVU2oeZCnhea
+tQuqCBJ0hV7A6gLn5fvXbqOCAqgwggKkMB8GA1UdIwQYMBaAFNDoqtp11/kuSReY
+PHsUZdDV8llNMGwGA1UdHwRlMGMwYaBfoF2GW2h0dHBzOi8vYXBpLnRydXN0ZWRz
+ZXJ2aWNlcy5pbnRlbC5jb20vc2d4L2NlcnRpZmljYXRpb24vdjMvcGNrY3JsP2Nh
+PXByb2Nlc3NvciZlbmNvZGluZz1kZXIwHQYDVR0OBBYEFPW1Uov5Ucy1jHgCeBpx
+b6/tkgpoMA4GA1UdDwEB/wQEAwIGwDAMBgNVHRMBAf8EAjAAMIIB1AYJKoZIhvhN
+AQ0BBIIBxTCCAcEwHgYKKoZIhvhNAQ0BAQQQs95DBukqMBDQJyrEH4oTxDCCAWQG
+CiqGSIb4TQENAQIwggFUMBAGCyqGSIb4TQENAQIBAgERMBAGCyqGSIb4TQENAQIC
+AgERMBAGCyqGSIb4TQENAQIDAgECMBAGCyqGSIb4TQENAQIEAgEEMBAGCyqGSIb4
+TQENAQIFAgEBMBEGCyqGSIb4TQENAQIGAgIAgDAQBgsqhkiG+E0BDQECBwIBBzAQ
+BgsqhkiG+E0BDQECCAIBADAQBgsqhkiG+E0BDQECCQIBADAQBgsqhkiG+E0BDQEC
+CgIBADAQBgsqhkiG+E0BDQECCwIBADAQBgsqhkiG+E0BDQECDAIBADAQBgsqhkiG
++E0BDQECDQIBADAQBgsqhkiG+E0BDQECDgIBADAQBgsqhkiG+E0BDQECDwIBADAQ
+BgsqhkiG+E0BDQECEAIBADAQBgsqhkiG+E0BDQECEQIBCzAfBgsqhkiG+E0BDQEC
+EgQQERECBAGABwAAAAAAAAAAADAQBgoqhkiG+E0BDQEDBAIAADAUBgoqhkiG+E0B
+DQEEBAYAkG6hAAAwDwYKKoZIhvhNAQ0BBQoBADAKBggqhkjOPQQDAgNIADBFAiB4
+20uxl1Ncxh6j1CtI1cJHsZxvWg00c1eRWWY2prTWPQIhAIhmmQUOcyRxubRUyGHW
+/SbMjV5v6ZVVQn2IIuZUWM64
\ No newline at end of file
diff --git a/teerex/sgx-verify/test/dcap/pck_crl.der b/teerex/sgx-verify/test/dcap/pck_crl.der
new file mode 100644
index 00000000..5dad4cd4
--- /dev/null
+++ b/teerex/sgx-verify/test/dcap/pck_crl.der
@@ -0,0 +1 @@
+308201cd30820173020101300a06082a8648ce3d04030230703122302006035504030c19496e74656c205347582050434b20506c6174666f726d204341311a3018060355040a0c11496e74656c20436f72706f726174696f6e3114301206035504070c0b53616e746120436c617261310b300906035504080c024341310b3009060355040613025553170d3232313032333231353534345a170d3232313132323231353534345a3081a030330214639f139a5040fdcff191e8a4fb1bf086ed603971170d3232313032333231353534345a300c300a0603551d1504030a01013034021500959d533f9249dc1e513544cdc830bf19b7f1f301170d3232313032333231353534345a300c300a0603551d1504030a0101303302140fda43a00b68ea79b7c2deaeac0b498bdfb2af90170d3232313032333231353534345a300c300a0603551d1504030a0101a02f302d300a0603551d140403020101301f0603551d23041830168014956f5dcdbd1be1e94049c9d4f433ce01570bde54300a06082a8648ce3d040302034800304502200809ebf5477e3129f8efa8f3c67b4c204c879919efa78e08c7510a3631c0fe410221008e9cd32a3a1d97242a46cee7589013d220d7bf426607275af6fd3f17f78282a3
\ No newline at end of file
diff --git a/teerex/sgx-verify/test/dcap/pck_crl_issuer_chain.pem b/teerex/sgx-verify/test/dcap/pck_crl_issuer_chain.pem
new file mode 100644
index 00000000..265ae12b
--- /dev/null
+++ b/teerex/sgx-verify/test/dcap/pck_crl_issuer_chain.pem
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIICmDCCAj6gAwIBAgIVANDoqtp11/kuSReYPHsUZdDV8llNMAoGCCqGSM49BAMC
+MGgxGjAYBgNVBAMMEUludGVsIFNHWCBSb290IENBMRowGAYDVQQKDBFJbnRlbCBD
+b3Jwb3JhdGlvbjEUMBIGA1UEBwwLU2FudGEgQ2xhcmExCzAJBgNVBAgMAkNBMQsw
+CQYDVQQGEwJVUzAeFw0xODA1MjExMDUwMTBaFw0zMzA1MjExMDUwMTBaMHExIzAh
+BgNVBAMMGkludGVsIFNHWCBQQ0sgUHJvY2Vzc29yIENBMRowGAYDVQQKDBFJbnRl
+bCBDb3Jwb3JhdGlvbjEUMBIGA1UEBwwLU2FudGEgQ2xhcmExCzAJBgNVBAgMAkNB
+MQswCQYDVQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABL9q+NMp2IOg
+tdl1bk/uWZ5+TGQm8aCi8z78fs+fKCQ3d+uDzXnVTAT2ZhDCifyIuJwvN3wNBp9i
+HBSSMJMJrBOjgbswgbgwHwYDVR0jBBgwFoAUImUM1lqdNInzg7SVUr9QGzknBqww
+UgYDVR0fBEswSTBHoEWgQ4ZBaHR0cHM6Ly9jZXJ0aWZpY2F0ZXMudHJ1c3RlZHNl
+cnZpY2VzLmludGVsLmNvbS9JbnRlbFNHWFJvb3RDQS5kZXIwHQYDVR0OBBYEFNDo
+qtp11/kuSReYPHsUZdDV8llNMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAG
+AQH/AgEAMAoGCCqGSM49BAMCA0gAMEUCIQCJgTbtVqOyZ1m3jqiAXM6QYa6r5sWS
+4y/G7y8uIJGxdwIgRqPvBSKzzQagBLQq5s5A70pdoiaRJ8z/0uDz4NgV91k=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICjzCCAjSgAwIBAgIUImUM1lqdNInzg7SVUr9QGzknBqwwCgYIKoZIzj0EAwIw
+aDEaMBgGA1UEAwwRSW50ZWwgU0dYIFJvb3QgQ0ExGjAYBgNVBAoMEUludGVsIENv
+cnBvcmF0aW9uMRQwEgYDVQQHDAtTYW50YSBDbGFyYTELMAkGA1UECAwCQ0ExCzAJ
+BgNVBAYTAlVTMB4XDTE4MDUyMTEwNDUxMFoXDTQ5MTIzMTIzNTk1OVowaDEaMBgG
+A1UEAwwRSW50ZWwgU0dYIFJvb3QgQ0ExGjAYBgNVBAoMEUludGVsIENvcnBvcmF0
+aW9uMRQwEgYDVQQHDAtTYW50YSBDbGFyYTELMAkGA1UECAwCQ0ExCzAJBgNVBAYT
+AlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEC6nEwMDIYZOj/iPWsCzaEKi7
+1OiOSLRFhWGjbnBVJfVnkY4u3IjkDYYL0MxO4mqsyYjlBalTVYxFP2sJBK5zlKOB
+uzCBuDAfBgNVHSMEGDAWgBQiZQzWWp00ifODtJVSv1AbOScGrDBSBgNVHR8ESzBJ
+MEegRaBDhkFodHRwczovL2NlcnRpZmljYXRlcy50cnVzdGVkc2VydmljZXMuaW50
+ZWwuY29tL0ludGVsU0dYUm9vdENBLmRlcjAdBgNVHQ4EFgQUImUM1lqdNInzg7SV
+Ur9QGzknBqwwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwCgYI
+KoZIzj0EAwIDSQAwRgIhAOW/5QkR+S9CiSDcNoowLuPRLsWGf/Yi7GSX94BgwTwg
+AiEA4J0lrHoMs+Xo5o/sX6O9QWxHRAvZUGOdRQ7cvqRXaqI=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/teerex/sgx-verify/test/dcap/qe_identity.json b/teerex/sgx-verify/test/dcap/qe_identity.json
new file mode 100644
index 00000000..d977ca5f
--- /dev/null
+++ b/teerex/sgx-verify/test/dcap/qe_identity.json
@@ -0,0 +1 @@
+{"enclaveIdentity":{"id":"QE","version":2,"issueDate":"2022-12-04T22:45:33Z","nextUpdate":"2023-01-03T22:45:33Z","tcbEvaluationDataNumber":13,"miscselect":"00000000","miscselectMask":"FFFFFFFF","attributes":"11000000000000000000000000000000","attributesMask":"FBFFFFFFFFFFFFFF0000000000000000","mrsigner":"8C4F5775D796503E96137F77C68A829A0056AC8DED70140B081B094490C57BFF","isvprodid":1,"tcbLevels":[{"tcb":{"isvsvn":6},"tcbDate":"2022-11-09T00:00:00Z","tcbStatus":"UpToDate"},{"tcb":{"isvsvn":5},"tcbDate":"2020-11-11T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00477"]},{"tcb":{"isvsvn":4},"tcbDate":"2019-11-13T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00334","INTEL-SA-00477"]},{"tcb":{"isvsvn":2},"tcbDate":"2019-05-15T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00219","INTEL-SA-00293","INTEL-SA-00334","INTEL-SA-00477"]},{"tcb":{"isvsvn":1},"tcbDate":"2018-08-15T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00202","INTEL-SA-00219","INTEL-SA-00293","INTEL-SA-00334","INTEL-SA-00477"]}]},"signature":"47accba321e57c20722a0d3d1db11c9b52661239857dc578ca1bde13976ee288cf39f72111ffe445c7389ef56447c79e30e6b83a8863ed9880de5bde4a8d5c91"}
\ No newline at end of file
diff --git a/teerex/sgx-verify/test/dcap/qe_identity_cert.pem b/teerex/sgx-verify/test/dcap/qe_identity_cert.pem
new file mode 100644
index 00000000..6624ca38
--- /dev/null
+++ b/teerex/sgx-verify/test/dcap/qe_identity_cert.pem
@@ -0,0 +1,14 @@
+MIICizCCAjKgAwIBAgIUfjiC1ftVKUpASY5FhAPpFJG99FUwCgYIKoZIzj0EAwIw
+aDEaMBgGA1UEAwwRSW50ZWwgU0dYIFJvb3QgQ0ExGjAYBgNVBAoMEUludGVsIENv
+cnBvcmF0aW9uMRQwEgYDVQQHDAtTYW50YSBDbGFyYTELMAkGA1UECAwCQ0ExCzAJ
+BgNVBAYTAlVTMB4XDTE4MDUyMTEwNTAxMFoXDTI1MDUyMTEwNTAxMFowbDEeMBwG
+A1UEAwwVSW50ZWwgU0dYIFRDQiBTaWduaW5nMRowGAYDVQQKDBFJbnRlbCBDb3Jw
+b3JhdGlvbjEUMBIGA1UEBwwLU2FudGEgQ2xhcmExCzAJBgNVBAgMAkNBMQswCQYD
+VQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABENFG8xzydWRfK92bmGv
+P+mAh91PEyV7Jh6FGJd5ndE9aBH7R3E4A7ubrlh/zN3C4xvpoouGlirMba+W2lju
+ypajgbUwgbIwHwYDVR0jBBgwFoAUImUM1lqdNInzg7SVUr9QGzknBqwwUgYDVR0f
+BEswSTBHoEWgQ4ZBaHR0cHM6Ly9jZXJ0aWZpY2F0ZXMudHJ1c3RlZHNlcnZpY2Vz
+LmludGVsLmNvbS9JbnRlbFNHWFJvb3RDQS5kZXIwHQYDVR0OBBYEFH44gtX7VSlK
+QEmORYQD6RSRvfRVMA4GA1UdDwEB/wQEAwIGwDAMBgNVHRMBAf8EAjAAMAoGCCqG
+SM49BAMCA0cAMEQCIB9C8wOAN/ImxDtGACV246KcqjagZOR0kyctyBrsGGJVAiAj
+ftbrNGsGU8YH211dRiYNoPPu19Zp/ze8JmhujB0oBw==
\ No newline at end of file
diff --git a/teerex/sgx-verify/test/dcap/qe_identity_issuer_chain.pem b/teerex/sgx-verify/test/dcap/qe_identity_issuer_chain.pem
new file mode 100644
index 00000000..396841a8
--- /dev/null
+++ b/teerex/sgx-verify/test/dcap/qe_identity_issuer_chain.pem
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIICizCCAjKgAwIBAgIUfjiC1ftVKUpASY5FhAPpFJG99FUwCgYIKoZIzj0EAwIw
+aDEaMBgGA1UEAwwRSW50ZWwgU0dYIFJvb3QgQ0ExGjAYBgNVBAoMEUludGVsIENv
+cnBvcmF0aW9uMRQwEgYDVQQHDAtTYW50YSBDbGFyYTELMAkGA1UECAwCQ0ExCzAJ
+BgNVBAYTAlVTMB4XDTE4MDUyMTEwNTAxMFoXDTI1MDUyMTEwNTAxMFowbDEeMBwG
+A1UEAwwVSW50ZWwgU0dYIFRDQiBTaWduaW5nMRowGAYDVQQKDBFJbnRlbCBDb3Jw
+b3JhdGlvbjEUMBIGA1UEBwwLU2FudGEgQ2xhcmExCzAJBgNVBAgMAkNBMQswCQYD
+VQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABENFG8xzydWRfK92bmGv
+P+mAh91PEyV7Jh6FGJd5ndE9aBH7R3E4A7ubrlh/zN3C4xvpoouGlirMba+W2lju
+ypajgbUwgbIwHwYDVR0jBBgwFoAUImUM1lqdNInzg7SVUr9QGzknBqwwUgYDVR0f
+BEswSTBHoEWgQ4ZBaHR0cHM6Ly9jZXJ0aWZpY2F0ZXMudHJ1c3RlZHNlcnZpY2Vz
+LmludGVsLmNvbS9JbnRlbFNHWFJvb3RDQS5kZXIwHQYDVR0OBBYEFH44gtX7VSlK
+QEmORYQD6RSRvfRVMA4GA1UdDwEB/wQEAwIGwDAMBgNVHRMBAf8EAjAAMAoGCCqG
+SM49BAMCA0cAMEQCIB9C8wOAN/ImxDtGACV246KcqjagZOR0kyctyBrsGGJVAiAj
+ftbrNGsGU8YH211dRiYNoPPu19Zp/ze8JmhujB0oBw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICjzCCAjSgAwIBAgIUImUM1lqdNInzg7SVUr9QGzknBqwwCgYIKoZIzj0EAwIw
+aDEaMBgGA1UEAwwRSW50ZWwgU0dYIFJvb3QgQ0ExGjAYBgNVBAoMEUludGVsIENv
+cnBvcmF0aW9uMRQwEgYDVQQHDAtTYW50YSBDbGFyYTELMAkGA1UECAwCQ0ExCzAJ
+BgNVBAYTAlVTMB4XDTE4MDUyMTEwNDUxMFoXDTQ5MTIzMTIzNTk1OVowaDEaMBgG
+A1UEAwwRSW50ZWwgU0dYIFJvb3QgQ0ExGjAYBgNVBAoMEUludGVsIENvcnBvcmF0
+aW9uMRQwEgYDVQQHDAtTYW50YSBDbGFyYTELMAkGA1UECAwCQ0ExCzAJBgNVBAYT
+AlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEC6nEwMDIYZOj/iPWsCzaEKi7
+1OiOSLRFhWGjbnBVJfVnkY4u3IjkDYYL0MxO4mqsyYjlBalTVYxFP2sJBK5zlKOB
+uzCBuDAfBgNVHSMEGDAWgBQiZQzWWp00ifODtJVSv1AbOScGrDBSBgNVHR8ESzBJ
+MEegRaBDhkFodHRwczovL2NlcnRpZmljYXRlcy50cnVzdGVkc2VydmljZXMuaW50
+ZWwuY29tL0ludGVsU0dYUm9vdENBLmRlcjAdBgNVHQ4EFgQUImUM1lqdNInzg7SV
+Ur9QGzknBqwwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwCgYI
+KoZIzj0EAwIDSQAwRgIhAOW/5QkR+S9CiSDcNoowLuPRLsWGf/Yi7GSX94BgwTwg
+AiEA4J0lrHoMs+Xo5o/sX6O9QWxHRAvZUGOdRQ7cvqRXaqI=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/teerex/sgx-verify/test/dcap/root_ca_crl.der b/teerex/sgx-verify/test/dcap/root_ca_crl.der
new file mode 100644
index 00000000..0c1b57ca
--- /dev/null
+++ b/teerex/sgx-verify/test/dcap/root_ca_crl.der
@@ -0,0 +1 @@
+308201213081c8020101300a06082a8648ce3d0403023068311a301806035504030c11496e74656c2053475820526f6f74204341311a3018060355040a0c11496e74656c20436f72706f726174696f6e3114301206035504070c0b53616e746120436c617261310b300906035504080c024341310b3009060355040613025553170d3232303431393038333131385a170d3233303431393038333131385aa02f302d300a0603551d140403020101301f0603551d2304183016801422650cd65a9d3489f383b49552bf501b392706ac300a06082a8648ce3d0403020348003045022100b7805acf592113584c45c8b0e11b2b8a9db462a215bbf8d4fd416539d7f5ab7502207ff56984c5199cf2b23d97d37b104ec0ebb5243674f41346887a6bdfbfdfeb42
\ No newline at end of file
diff --git a/teerex/sgx-verify/test/dcap/tcb_info.json b/teerex/sgx-verify/test/dcap/tcb_info.json
new file mode 100644
index 00000000..0bf74af5
--- /dev/null
+++ b/teerex/sgx-verify/test/dcap/tcb_info.json
@@ -0,0 +1 @@
+{"tcbInfo":{"id":"SGX","version":3,"issueDate":"2022-11-17T12:45:32Z","nextUpdate":"2023-04-16T12:45:32Z","fmspc":"00906EA10000","pceId":"0000","tcbType":0,"tcbEvaluationDataNumber":12,"tcbLevels":[{"tcb":{"sgxtcbcomponents":[{"svn":17},{"svn":17},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":7},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":11},"tcbDate":"2021-11-10T00:00:00Z","tcbStatus":"SWHardeningNeeded","advisoryIDs":["INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":17},{"svn":17},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":7},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":10},"tcbDate":"2020-11-11T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":17},{"svn":17},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":11},"tcbDate":"2021-11-10T00:00:00Z","tcbStatus":"ConfigurationAndSWHardeningNeeded","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":17},{"svn":17},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":10},"tcbDate":"2020-11-11T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00477","INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":15},{"svn":15},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":7},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":10},"tcbDate":"2020-06-10T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":15},{"svn":15},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":10},"tcbDate":"2020-06-10T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":14},{"svn":14},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":7},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":10},"tcbDate":"2019-12-11T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":14},{"svn":14},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":10},"tcbDate":"2019-12-11T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":13},{"svn":13},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":3},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":9},"tcbDate":"2019-11-13T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":13},{"svn":13},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":9},"tcbDate":"2019-11-13T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":6},{"svn":6},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":1},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":7},"tcbDate":"2019-05-15T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":6},{"svn":6},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":7},"tcbDate":"2019-05-15T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":5},{"svn":5},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":1},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":7},"tcbDate":"2019-01-09T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00233","INTEL-SA-00161","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":5},{"svn":5},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":1},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":6},"tcbDate":"2018-08-15T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00233","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":5},{"svn":5},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":7},"tcbDate":"2019-01-09T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00233","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":5},{"svn":5},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":6},"tcbDate":"2018-08-15T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00203","INTEL-SA-00161","INTEL-SA-00233","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":4},{"svn":4},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":5},"tcbDate":"2018-01-04T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00106","INTEL-SA-00115","INTEL-SA-00135","INTEL-SA-00203","INTEL-SA-00161","INTEL-SA-00233","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":2},{"svn":2},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":4},"tcbDate":"2017-07-26T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00088","INTEL-SA-00106","INTEL-SA-00115","INTEL-SA-00135","INTEL-SA-00203","INTEL-SA-00161","INTEL-SA-00233","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]}]},"signature":"71746f2148ecba04e35cf1ac77a7e6267ce99f6781c1031f724bb5bd94b8c1b6e4c07c01dc151692aa75be80dfba7350bb80c58314a6975189597e28e9bbc75c"}
\ No newline at end of file
diff --git a/teerex/sgx-verify/test/dcap/tcb_info_issuer_chain.pem b/teerex/sgx-verify/test/dcap/tcb_info_issuer_chain.pem
new file mode 100644
index 00000000..396841a8
--- /dev/null
+++ b/teerex/sgx-verify/test/dcap/tcb_info_issuer_chain.pem
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIICizCCAjKgAwIBAgIUfjiC1ftVKUpASY5FhAPpFJG99FUwCgYIKoZIzj0EAwIw
+aDEaMBgGA1UEAwwRSW50ZWwgU0dYIFJvb3QgQ0ExGjAYBgNVBAoMEUludGVsIENv
+cnBvcmF0aW9uMRQwEgYDVQQHDAtTYW50YSBDbGFyYTELMAkGA1UECAwCQ0ExCzAJ
+BgNVBAYTAlVTMB4XDTE4MDUyMTEwNTAxMFoXDTI1MDUyMTEwNTAxMFowbDEeMBwG
+A1UEAwwVSW50ZWwgU0dYIFRDQiBTaWduaW5nMRowGAYDVQQKDBFJbnRlbCBDb3Jw
+b3JhdGlvbjEUMBIGA1UEBwwLU2FudGEgQ2xhcmExCzAJBgNVBAgMAkNBMQswCQYD
+VQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABENFG8xzydWRfK92bmGv
+P+mAh91PEyV7Jh6FGJd5ndE9aBH7R3E4A7ubrlh/zN3C4xvpoouGlirMba+W2lju
+ypajgbUwgbIwHwYDVR0jBBgwFoAUImUM1lqdNInzg7SVUr9QGzknBqwwUgYDVR0f
+BEswSTBHoEWgQ4ZBaHR0cHM6Ly9jZXJ0aWZpY2F0ZXMudHJ1c3RlZHNlcnZpY2Vz
+LmludGVsLmNvbS9JbnRlbFNHWFJvb3RDQS5kZXIwHQYDVR0OBBYEFH44gtX7VSlK
+QEmORYQD6RSRvfRVMA4GA1UdDwEB/wQEAwIGwDAMBgNVHRMBAf8EAjAAMAoGCCqG
+SM49BAMCA0cAMEQCIB9C8wOAN/ImxDtGACV246KcqjagZOR0kyctyBrsGGJVAiAj
+ftbrNGsGU8YH211dRiYNoPPu19Zp/ze8JmhujB0oBw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICjzCCAjSgAwIBAgIUImUM1lqdNInzg7SVUr9QGzknBqwwCgYIKoZIzj0EAwIw
+aDEaMBgGA1UEAwwRSW50ZWwgU0dYIFJvb3QgQ0ExGjAYBgNVBAoMEUludGVsIENv
+cnBvcmF0aW9uMRQwEgYDVQQHDAtTYW50YSBDbGFyYTELMAkGA1UECAwCQ0ExCzAJ
+BgNVBAYTAlVTMB4XDTE4MDUyMTEwNDUxMFoXDTQ5MTIzMTIzNTk1OVowaDEaMBgG
+A1UEAwwRSW50ZWwgU0dYIFJvb3QgQ0ExGjAYBgNVBAoMEUludGVsIENvcnBvcmF0
+aW9uMRQwEgYDVQQHDAtTYW50YSBDbGFyYTELMAkGA1UECAwCQ0ExCzAJBgNVBAYT
+AlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEC6nEwMDIYZOj/iPWsCzaEKi7
+1OiOSLRFhWGjbnBVJfVnkY4u3IjkDYYL0MxO4mqsyYjlBalTVYxFP2sJBK5zlKOB
+uzCBuDAfBgNVHSMEGDAWgBQiZQzWWp00ifODtJVSv1AbOScGrDBSBgNVHR8ESzBJ
+MEegRaBDhkFodHRwczovL2NlcnRpZmljYXRlcy50cnVzdGVkc2VydmljZXMuaW50
+ZWwuY29tL0ludGVsU0dYUm9vdENBLmRlcjAdBgNVHQ4EFgQUImUM1lqdNInzg7SV
+Ur9QGzknBqwwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwCgYI
+KoZIzj0EAwIDSQAwRgIhAOW/5QkR+S9CiSDcNoowLuPRLsWGf/Yi7GSX94BgwTwg
+AiEA4J0lrHoMs+Xo5o/sX6O9QWxHRAvZUGOdRQ7cvqRXaqI=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/teerex/ias-verify/test/enclave-signing-pubkey-TEST4.bin b/teerex/sgx-verify/test/enclave-signing-pubkey-TEST4.bin
similarity index 100%
rename from teerex/ias-verify/test/enclave-signing-pubkey-TEST4.bin
rename to teerex/sgx-verify/test/enclave-signing-pubkey-TEST4.bin
diff --git a/teerex/ias-verify/test/enclave-signing-pubkey-TEST5.bin b/teerex/sgx-verify/test/enclave-signing-pubkey-TEST5.bin
similarity index 100%
rename from teerex/ias-verify/test/enclave-signing-pubkey-TEST5.bin
rename to teerex/sgx-verify/test/enclave-signing-pubkey-TEST5.bin
diff --git a/teerex/ias-verify/test/enclave-signing-pubkey-TEST6.bin b/teerex/sgx-verify/test/enclave-signing-pubkey-TEST6.bin
similarity index 100%
rename from teerex/ias-verify/test/enclave-signing-pubkey-TEST6.bin
rename to teerex/sgx-verify/test/enclave-signing-pubkey-TEST6.bin
diff --git a/teerex/ias-verify/test/enclave-signing-pubkey-TEST7.bin b/teerex/sgx-verify/test/enclave-signing-pubkey-TEST7.bin
similarity index 100%
rename from teerex/ias-verify/test/enclave-signing-pubkey-TEST7.bin
rename to teerex/sgx-verify/test/enclave-signing-pubkey-TEST7.bin
diff --git a/teerex/ias-verify/test/enclave-signing-pubkey-TEST8-PRODUCTION.bin b/teerex/sgx-verify/test/enclave-signing-pubkey-TEST8-PRODUCTION.bin
similarity index 100%
rename from teerex/ias-verify/test/enclave-signing-pubkey-TEST8-PRODUCTION.bin
rename to teerex/sgx-verify/test/enclave-signing-pubkey-TEST8-PRODUCTION.bin
diff --git a/teerex/ias-verify/test/ra_dump_cert_TEST4.der b/teerex/sgx-verify/test/ra_dump_cert_TEST4.der
similarity index 100%
rename from teerex/ias-verify/test/ra_dump_cert_TEST4.der
rename to teerex/sgx-verify/test/ra_dump_cert_TEST4.der
diff --git a/teerex/ias-verify/test/ra_dump_cert_TEST5.der b/teerex/sgx-verify/test/ra_dump_cert_TEST5.der
similarity index 100%
rename from teerex/ias-verify/test/ra_dump_cert_TEST5.der
rename to teerex/sgx-verify/test/ra_dump_cert_TEST5.der
diff --git a/teerex/ias-verify/test/ra_dump_cert_TEST6.der b/teerex/sgx-verify/test/ra_dump_cert_TEST6.der
similarity index 100%
rename from teerex/ias-verify/test/ra_dump_cert_TEST6.der
rename to teerex/sgx-verify/test/ra_dump_cert_TEST6.der
diff --git a/teerex/ias-verify/test/ra_dump_cert_TEST7.der b/teerex/sgx-verify/test/ra_dump_cert_TEST7.der
similarity index 100%
rename from teerex/ias-verify/test/ra_dump_cert_TEST7.der
rename to teerex/sgx-verify/test/ra_dump_cert_TEST7.der
diff --git a/teerex/ias-verify/test/ra_dump_cert_TEST8_PRODUCTION.der b/teerex/sgx-verify/test/ra_dump_cert_TEST8_PRODUCTION.der
similarity index 100%
rename from teerex/ias-verify/test/ra_dump_cert_TEST8_PRODUCTION.der
rename to teerex/sgx-verify/test/ra_dump_cert_TEST8_PRODUCTION.der
diff --git a/teerex/ias-verify/test/test_ra_cert_MRSIGNER1_MRENCLAVE1.der b/teerex/sgx-verify/test/test_ra_cert_MRSIGNER1_MRENCLAVE1.der
similarity index 100%
rename from teerex/ias-verify/test/test_ra_cert_MRSIGNER1_MRENCLAVE1.der
rename to teerex/sgx-verify/test/test_ra_cert_MRSIGNER1_MRENCLAVE1.der
diff --git a/teerex/ias-verify/test/test_ra_cert_MRSIGNER2_MRENCLAVE2.der b/teerex/sgx-verify/test/test_ra_cert_MRSIGNER2_MRENCLAVE2.der
similarity index 100%
rename from teerex/ias-verify/test/test_ra_cert_MRSIGNER2_MRENCLAVE2.der
rename to teerex/sgx-verify/test/test_ra_cert_MRSIGNER2_MRENCLAVE2.der
diff --git a/teerex/ias-verify/test/test_ra_cert_MRSIGNER3_MRENCLAVE2.der b/teerex/sgx-verify/test/test_ra_cert_MRSIGNER3_MRENCLAVE2.der
similarity index 100%
rename from teerex/ias-verify/test/test_ra_cert_MRSIGNER3_MRENCLAVE2.der
rename to teerex/sgx-verify/test/test_ra_cert_MRSIGNER3_MRENCLAVE2.der
diff --git a/teerex/ias-verify/test/test_ra_signer_attn_MRSIGNER1_MRENCLAVE1.bin b/teerex/sgx-verify/test/test_ra_signer_attn_MRSIGNER1_MRENCLAVE1.bin
similarity index 100%
rename from teerex/ias-verify/test/test_ra_signer_attn_MRSIGNER1_MRENCLAVE1.bin
rename to teerex/sgx-verify/test/test_ra_signer_attn_MRSIGNER1_MRENCLAVE1.bin
diff --git a/teerex/ias-verify/test/test_ra_signer_attn_MRSIGNER2_MRENCLAVE2.bin b/teerex/sgx-verify/test/test_ra_signer_attn_MRSIGNER2_MRENCLAVE2.bin
similarity index 100%
rename from teerex/ias-verify/test/test_ra_signer_attn_MRSIGNER2_MRENCLAVE2.bin
rename to teerex/sgx-verify/test/test_ra_signer_attn_MRSIGNER2_MRENCLAVE2.bin
diff --git a/teerex/ias-verify/test/test_ra_signer_attn_MRSIGNER3_MRENCLAVE2.bin b/teerex/sgx-verify/test/test_ra_signer_attn_MRSIGNER3_MRENCLAVE2.bin
similarity index 100%
rename from teerex/ias-verify/test/test_ra_signer_attn_MRSIGNER3_MRENCLAVE2.bin
rename to teerex/sgx-verify/test/test_ra_signer_attn_MRSIGNER3_MRENCLAVE2.bin
diff --git a/teerex/ias-verify/test/test_ra_signer_pubkey_MRSIGNER1_MRENCLAVE1.bin b/teerex/sgx-verify/test/test_ra_signer_pubkey_MRSIGNER1_MRENCLAVE1.bin
similarity index 100%
rename from teerex/ias-verify/test/test_ra_signer_pubkey_MRSIGNER1_MRENCLAVE1.bin
rename to teerex/sgx-verify/test/test_ra_signer_pubkey_MRSIGNER1_MRENCLAVE1.bin
diff --git a/teerex/ias-verify/test/test_ra_signer_pubkey_MRSIGNER2_MRENCLAVE2.bin b/teerex/sgx-verify/test/test_ra_signer_pubkey_MRSIGNER2_MRENCLAVE2.bin
similarity index 100%
rename from teerex/ias-verify/test/test_ra_signer_pubkey_MRSIGNER2_MRENCLAVE2.bin
rename to teerex/sgx-verify/test/test_ra_signer_pubkey_MRSIGNER2_MRENCLAVE2.bin
diff --git a/teerex/ias-verify/test/test_ra_signer_pubkey_MRSIGNER3_MRENCLAVE2.bin b/teerex/sgx-verify/test/test_ra_signer_pubkey_MRSIGNER3_MRENCLAVE2.bin
similarity index 100%
rename from teerex/ias-verify/test/test_ra_signer_pubkey_MRSIGNER3_MRENCLAVE2.bin
rename to teerex/sgx-verify/test/test_ra_signer_pubkey_MRSIGNER3_MRENCLAVE2.bin
diff --git a/teerex/src/lib.rs b/teerex/src/lib.rs
index 8304ec9f..1fb55db0 100644
--- a/teerex/src/lib.rs
+++ b/teerex/src/lib.rs
@@ -29,11 +29,13 @@ use sp_runtime::traits::SaturatedConversion;
 use sp_std::{prelude::*, str};
 use teerex_primitives::*;
 
-#[cfg(not(feature = "skip-ias-check"))]
-use ias_verify::{verify_ias_report, SgxReport};
+use sgx_verify::{
+	deserialize_enclave_identity, deserialize_tcb_info, extract_certs, verify_certificate_chain,
+	verify_dcap_quote, verify_ias_report, SgxReport,
+};
 
 pub use crate::weights::WeightInfo;
-use ias_verify::SgxBuildMode;
+use teerex_primitives::SgxBuildMode;
 
 // Disambiguate associated types
 pub type AccountId<T> = <T as frame_system::Config>::AccountId;
@@ -42,6 +44,7 @@ pub type BalanceOf<T> = <<T as Config>::Currency as Currency<AccountId<T>>>::Bal
 pub use pallet::*;
 
 const MAX_RA_REPORT_LEN: usize = 4096;
+const MAX_DCAP_QUOTE_LEN: usize = 5000;
 const MAX_URL_LEN: usize = 256;
 
 #[frame_support::pallet]
@@ -89,6 +92,15 @@ pub mod pallet {
 	#[pallet::getter(fn enclave_count)]
 	pub type EnclaveCount<T: Config> = StorageValue<_, u64, ValueQuery>;
 
+	#[pallet::storage]
+	#[pallet::getter(fn quoting_enclave)]
+	pub type QuotingEnclaveRegistry<T: Config> = StorageValue<_, QuotingEnclave, ValueQuery>;
+
+	#[pallet::storage]
+	#[pallet::getter(fn tcb_info)]
+	pub type TcbInfo<T: Config> =
+		StorageMap<_, Blake2_128Concat, Fmspc, TcbInfoOnChain, ValueQuery>;
+
 	#[pallet::storage]
 	#[pallet::getter(fn enclave_index)]
 	pub type EnclaveIndex<T: Config> =
@@ -129,7 +141,7 @@ pub mod pallet {
 			let sender = ensure_signed(origin)?;
 			ensure!(ra_report.len() <= MAX_RA_REPORT_LEN, <Error<T>>::RaReportTooLong);
 			ensure!(worker_url.len() <= MAX_URL_LEN, <Error<T>>::EnclaveUrlTooLong);
-			log::info!("teerex: parameter lenght ok");
+			log::info!("teerex: parameter length ok");
 
 			#[cfg(not(feature = "skip-ias-check"))]
 			let enclave = Self::verify_report(&sender, ra_report).map(|report| {
@@ -155,7 +167,55 @@ pub mod pallet {
 			let enclave = Enclave::new(
 				sender.clone(),
 				// insert mrenclave if the ra_report represents one, otherwise insert default
-				<[u8; 32]>::decode(&mut ra_report.as_slice()).unwrap_or_default(),
+				<MrEnclave>::decode(&mut ra_report.as_slice()).unwrap_or_default(),
+				<timestamp::Pallet<T>>::get().saturated_into(),
+				worker_url.clone(),
+				SgxBuildMode::default(),
+			);
+
+			Self::add_enclave(&sender, &enclave)?;
+			Self::deposit_event(Event::AddedEnclave(sender, worker_url));
+			Ok(().into())
+		}
+
+		#[pallet::call_index(6)]
+		#[pallet::weight((<T as Config>::WeightInfo::register_dcap_enclave(), DispatchClass::Normal, Pays::Yes))]
+		pub fn register_dcap_enclave(
+			origin: OriginFor<T>,
+			dcap_quote: Vec<u8>,
+			worker_url: Vec<u8>,
+		) -> DispatchResultWithPostInfo {
+			log::info!("teerex: called into runtime call register_dcap_enclave()");
+			let sender = ensure_signed(origin)?;
+			ensure!(dcap_quote.len() <= MAX_DCAP_QUOTE_LEN, <Error<T>>::RaReportTooLong);
+			ensure!(worker_url.len() <= MAX_URL_LEN, <Error<T>>::EnclaveUrlTooLong);
+			log::info!("teerex: parameter length ok");
+
+			#[cfg(not(feature = "skip-ias-check"))]
+			let enclave = Self::verify_dcap_quote(&sender, dcap_quote).map(|report| {
+				Enclave::new(
+					sender.clone(),
+					report.mr_enclave,
+					report.timestamp,
+					worker_url.clone(),
+					report.build_mode,
+				)
+			})?;
+
+			#[cfg(not(feature = "skip-ias-check"))]
+			if !<AllowSGXDebugMode<T>>::get() && enclave.sgx_mode == SgxBuildMode::Debug {
+				log::error!("substraTEE_registry: debug mode is not allowed to attest!");
+				return Err(<Error<T>>::SgxModeNotAllowed.into())
+			}
+
+			#[cfg(feature = "skip-ias-check")]
+			log::warn!("[teerex]: Skipping remote attestation check. Only dev-chains are allowed to do this!");
+
+			#[cfg(feature = "skip-ias-check")]
+			let enclave = Enclave::new(
+				sender.clone(),
+				// insert mrenclave if the ra_report represents one, otherwise insert default
+				<MrEnclave>::decode(&mut dcap_quote.as_slice()).unwrap_or_default(),
 				<timestamp::Pallet<T>>::get().saturated_into(),
 				worker_url.clone(),
 				SgxBuildMode::default(),
@@ -166,9 +226,44 @@ pub mod pallet {
 			Ok(().into())
 		}
 
+		#[pallet::call_index(7)]
+		#[pallet::weight((<T as Config>::WeightInfo::register_quoting_enclave(), DispatchClass::Normal, Pays::Yes))]
+		pub fn register_quoting_enclave(
+			origin: OriginFor<T>,
+			enclave_identity: Vec<u8>,
+			signature: Vec<u8>,
+			certificate_chain: Vec<u8>,
+		) -> DispatchResultWithPostInfo {
+			log::info!("teerex: called into runtime call register_quoting_enclave()");
+			// Quoting enclaves are registered globally and not for a specific sender
+			let _sender = ensure_signed(origin)?;
+			let quoting_enclave =
+				Self::verify_quoting_enclave(enclave_identity, signature, certificate_chain)?;
+			<QuotingEnclaveRegistry<T>>::put(quoting_enclave);
+			Ok(().into())
+		}
+
+		#[pallet::call_index(8)]
+		#[pallet::weight((<T as Config>::WeightInfo::register_dcap_enclave(), DispatchClass::Normal, Pays::Yes))]
+		pub fn register_tcb_info(
+			origin: OriginFor<T>,
+			tcb_info: Vec<u8>,
+			signature: Vec<u8>,
+			certificate_chain: Vec<u8>,
+		) -> DispatchResultWithPostInfo {
+			log::info!("teerex: called into runtime call register_tcb_info()");
+			// TCB info is registered globally and not for a specific sender
+			let _sender = ensure_signed(origin)?;
+			let (fmspc, on_chain_info) =
+				Self::verify_tcb_info(tcb_info, signature, certificate_chain)?;
+			<TcbInfo<T>>::insert(fmspc, on_chain_info);
+			Ok(().into())
+		}
+
 		#[pallet::call_index(1)]
 		#[pallet::weight((<T as Config>::WeightInfo::unregister_enclave(), DispatchClass::Normal, Pays::Yes))]
 		pub fn unregister_enclave(origin: OriginFor<T>) -> DispatchResultWithPostInfo {
+			log::info!("teerex: called into runtime call unregister_enclave()");
 			let sender = ensure_signed(origin)?;
 
 			Self::remove_enclave(&sender)?;
@@ -294,6 +389,8 @@ pub mod pallet {
 		RaReportTooLong,
 		/// No enclave is registered.
 		EmptyEnclaveRegistry,
+		/// The provided collateral data is invalid
+		CollateralInvalid,
 	}
 }
 
@@ -382,13 +479,13 @@ impl<T: Config> Pallet<T> {
 	) -> Result<SgxReport, DispatchErrorWithPostInfo> {
 		let report = verify_ias_report(&ra_report)
 			.map_err(|_| <Error<T>>::RemoteAttestationVerificationFailed)?;
-		log::info!("RA Report: {:?}", report);
+		log::info!("teerex: IAS report successfully verified");
 
 		let enclave_signer = T::AccountId::decode(&mut &report.pubkey[..])
 			.map_err(|_| <Error<T>>::EnclaveSignerDecodeError)?;
 		ensure!(sender == &enclave_signer, <Error<T>>::SenderIsNotAttestedEnclave);
 
-		// TODO: activate state checks as soon as we've fixed our setup
+		// TODO: activate state checks as soon as we've fixed our setup #83
 		// ensure!((report.status == SgxStatus::Ok) | (report.status == SgxStatus::ConfigurationNeeded),
 		//     "RA status is insufficient");
 		// log::info!("teerex: status is acceptable");
@@ -397,6 +494,78 @@ impl<T: Config> Pallet<T> {
 		Ok(report)
 	}
 
+	#[cfg(not(feature = "skip-ias-check"))]
+	fn verify_dcap_quote(
+		sender: &T::AccountId,
+		dcap_quote: Vec<u8>,
+	) -> Result<SgxReport, DispatchErrorWithPostInfo> {
+		let verification_time = <timestamp::Pallet<T>>::get();
+
+		let qe = <QuotingEnclaveRegistry<T>>::get();
+		let (fmspc, tcb_info, report) =
+			verify_dcap_quote(&dcap_quote, verification_time.saturated_into(), &qe).map_err(
+				|e| {
+					log::warn!("verify_dcap_quote failed: {:?}", e);
+					<Error<T>>::RemoteAttestationVerificationFailed
+				},
+			)?;
+
+		log::info!("teerex: DCAP quote verified. FMSPC from quote: {:?}", fmspc);
+		let tcb_info_on_chain = <TcbInfo<T>>::get(fmspc);
+		ensure!(tcb_info_on_chain.verify_examinee(&tcb_info), "tcb_info is outdated");
+
+		let enclave_signer = T::AccountId::decode(&mut &report.pubkey[..])
+			.map_err(|_| <Error<T>>::EnclaveSignerDecodeError)?;
+		ensure!(sender == &enclave_signer, <Error<T>>::SenderIsNotAttestedEnclave);
+
+		// TODO: activate state checks as soon as we've fixed our setup #83
+		// ensure!((report.status == SgxStatus::Ok) | (report.status == SgxStatus::ConfigurationNeeded),
+		//     "RA status is insufficient");
+		// log::info!("teerex: status is acceptable");
+
+		Ok(report)
+	}
+
+	fn verify_quoting_enclave(
+		enclave_identity: Vec<u8>,
+		signature: Vec<u8>,
+		certificate_chain: Vec<u8>,
+	) -> Result<QuotingEnclave, DispatchErrorWithPostInfo> {
+		let verification_time: u64 = <timestamp::Pallet<T>>::get().saturated_into();
+		let certs = extract_certs(&certificate_chain);
+		ensure!(certs.len() >= 2, "Certificate chain must have at least two certificates");
+		let intermediate_slices: Vec<&[u8]> = certs[1..].iter().map(Vec::as_slice).collect();
+		let leaf_cert =
+			verify_certificate_chain(&certs[0], &intermediate_slices, verification_time)?;
+		let enclave_identity =
+			deserialize_enclave_identity(&enclave_identity, &signature, &leaf_cert)?;
+
+		if enclave_identity.is_valid(verification_time.try_into().unwrap()) {
+			Ok(enclave_identity.to_quoting_enclave())
+		} else {
+			Err(<Error<T>>::CollateralInvalid.into())
+		}
+	}
+
+	pub fn verify_tcb_info(
+		tcb_info: Vec<u8>,
+		signature: Vec<u8>,
+		certificate_chain: Vec<u8>,
+	) -> Result<(Fmspc, TcbInfoOnChain), DispatchErrorWithPostInfo> {
+		let verification_time: u64 = <timestamp::Pallet<T>>::get().saturated_into();
+		let certs = extract_certs(&certificate_chain);
+		ensure!(certs.len() >= 2, "Certificate chain must have at least two certificates");
+		let intermediate_slices: Vec<&[u8]> = certs[1..].iter().map(Vec::as_slice).collect();
+		let leaf_cert =
+			verify_certificate_chain(&certs[0], &intermediate_slices, verification_time)?;
+		let tcb_info = deserialize_tcb_info(&tcb_info, &signature, &leaf_cert)?;
+		if tcb_info.is_valid(verification_time.try_into().unwrap()) {
+			Ok(tcb_info.to_chain_tcb_info())
+		} else {
+			Err(<Error<T>>::CollateralInvalid.into())
+		}
+	}
+
 	#[cfg(not(feature = "skip-ias-check"))]
 	fn ensure_timestamp_within_24_hours(report_timestamp: u64) -> DispatchResultWithPostInfo {
 		use sp_runtime::traits::CheckedSub;
diff --git a/teerex/src/tests/test_cases.rs b/teerex/src/tests/test_cases.rs
index 1dd8c6ff..c549e8c5 100644
--- a/teerex/src/tests/test_cases.rs
+++ b/teerex/src/tests/test_cases.rs
@@ -20,9 +20,10 @@ use crate::{
 	ShardIdentifier,
 };
 use frame_support::{assert_err, assert_ok};
-use ias_verify::SgxBuildMode;
+use hex_literal::hex;
 use sp_core::H256;
 use sp_keyring::AccountKeyring;
+use teerex_primitives::SgxBuildMode;
 use test_utils::ias::consts::*;
 
 fn list_enclaves() -> Vec<(u64, Enclave<AccountId, Vec<u8>>)> {
@@ -34,6 +35,97 @@ fn get_signer(pubkey: &[u8; 32]) -> AccountId {
 	test_utils::get_signer(pubkey)
 }
 
+/// Timestamp for which the collateral data must be valid. Represents 2022-12-21 08:12:27
+const VALID_TIMESTAMP: Moment = 1671606747000;
+
+#[test]
+fn add_and_remove_dcap_enclave_works() {
+	new_test_ext().execute_with(|| {
+		Timestamp::set_timestamp(VALID_TIMESTAMP);
+		register_quoting_enclave();
+		register_tcb_info();
+
+		let pubkey: [u8; 32] = [
+			65, 89, 193, 118, 86, 172, 17, 149, 206, 160, 174, 75, 219, 151, 51, 235, 110, 135, 20,
+			55, 147, 162, 106, 110, 143, 207, 57, 64, 67, 63, 203, 95,
+		];
+		let signer = get_signer(&pubkey);
+		assert_ok!(Teerex::register_dcap_enclave(
+			RuntimeOrigin::signed(signer.clone()),
+			TEST1_DCAP_QUOTE.to_vec(),
+			URL.to_vec()
+		));
+		assert_eq!(Teerex::enclave_count(), 1);
+		assert_eq!(Teerex::enclave(1).unwrap().timestamp, VALID_TIMESTAMP);
+		assert_ok!(Teerex::unregister_enclave(RuntimeOrigin::signed(signer)));
+		assert_eq!(Teerex::enclave_count(), 0);
+		assert_eq!(list_enclaves(), vec![])
+	})
+}
+
+fn register_quoting_enclave() {
+	let quoting_enclave = br#"{"id":"QE","version":2,"issueDate":"2022-12-04T22:45:33Z","nextUpdate":"2023-01-03T22:45:33Z","tcbEvaluationDataNumber":13,"miscselect":"00000000","miscselectMask":"FFFFFFFF","attributes":"11000000000000000000000000000000","attributesMask":"FBFFFFFFFFFFFFFF0000000000000000","mrsigner":"8C4F5775D796503E96137F77C68A829A0056AC8DED70140B081B094490C57BFF","isvprodid":1,"tcbLevels":[{"tcb":{"isvsvn":6},"tcbDate":"2022-11-09T00:00:00Z","tcbStatus":"UpToDate"},{"tcb":{"isvsvn":5},"tcbDate":"2020-11-11T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00477"]},{"tcb":{"isvsvn":4},"tcbDate":"2019-11-13T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00334","INTEL-SA-00477"]},{"tcb":{"isvsvn":2},"tcbDate":"2019-05-15T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00219","INTEL-SA-00293","INTEL-SA-00334","INTEL-SA-00477"]},{"tcb":{"isvsvn":1},"tcbDate":"2018-08-15T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00202","INTEL-SA-00219","INTEL-SA-00293","INTEL-SA-00334","INTEL-SA-00477"]}]}"#;
+	let signature = hex!("47accba321e57c20722a0d3d1db11c9b52661239857dc578ca1bde13976ee288cf39f72111ffe445c7389ef56447c79e30e6b83a8863ed9880de5bde4a8d5c91");
+	let certificate_chain =
+		include_bytes!("../../sgx-verify/test/dcap/qe_identity_issuer_chain.pem");
+
+	let pubkey: [u8; 32] = [
+		65, 89, 193, 118, 86, 172, 17, 149, 206, 160, 174, 75, 219, 151, 51, 235, 110, 135, 20, 55,
+		147, 162, 106, 110, 143, 207, 57, 64, 67, 63, 203, 95,
+	];
+	let signer = get_signer(&pubkey);
+	assert_ok!(Teerex::register_quoting_enclave(
+		RuntimeOrigin::signed(signer.clone()),
+		quoting_enclave.to_vec(),
+		signature.to_vec(),
+		certificate_chain.to_vec(),
+	));
+}
+
+#[test]
+fn register_quoting_enclave_works() {
+	new_test_ext().execute_with(|| {
+		let qe = Teerex::quoting_enclave();
+		assert_eq!(qe.mrsigner, [0u8; 32]);
+		assert_eq!(qe.isvprodid, 0);
+		Timestamp::set_timestamp(VALID_TIMESTAMP);
+		register_quoting_enclave();
+		let qe = Teerex::quoting_enclave();
+		assert_eq!(qe.isvprodid, 1);
+	})
+}
+
+fn register_tcb_info() {
+	let tcb_info = br#"{"id":"SGX","version":3,"issueDate":"2022-11-17T12:45:32Z","nextUpdate":"2023-04-16T12:45:32Z","fmspc":"00906EA10000","pceId":"0000","tcbType":0,"tcbEvaluationDataNumber":12,"tcbLevels":[{"tcb":{"sgxtcbcomponents":[{"svn":17},{"svn":17},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":7},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":11},"tcbDate":"2021-11-10T00:00:00Z","tcbStatus":"SWHardeningNeeded","advisoryIDs":["INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":17},{"svn":17},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":7},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":10},"tcbDate":"2020-11-11T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":17},{"svn":17},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":11},"tcbDate":"2021-11-10T00:00:00Z","tcbStatus":"ConfigurationAndSWHardeningNeeded","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":17},{"svn":17},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":10},"tcbDate":"2020-11-11T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00477","INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":15},{"svn":15},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":7},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":10},"tcbDate":"2020-06-10T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":15},{"svn":15},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":10},"tcbDate":"2020-06-10T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":14},{"svn":14},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":7},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":10},"tcbDate":"2019-12-11T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":14},{"svn":14},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":10},"tcbDate":"2019-12-11T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":13},{"svn":13},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":3},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":9},"tcbDate":"2019-11-13T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":13},{"svn":13},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":9},"tcbDate":"2019-11-13T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":6},{"svn":6},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":1},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":7},"tcbDate":"2019-05-15T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":6},{"svn":6},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":7},"tcbDate":"2019-05-15T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":5},{"svn":5},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":1},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":7},"tcbDate":"2019-01-09T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00233","INTEL-SA-00161","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":5},{"svn":5},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":1},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":6},"tcbDate":"2018-08-15T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00233","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":5},{"svn":5},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":7},"tcbDate":"2019-01-09T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00233","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":5},{"svn":5},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":6},"tcbDate":"2018-08-15T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00203","INTEL-SA-00161","INTEL-SA-00233","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":4},{"svn":4},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":5},"tcbDate":"2018-01-04T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00106","INTEL-SA-00115","INTEL-SA-00135","INTEL-SA-00203","INTEL-SA-00161","INTEL-SA-00233","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":2},{"svn":2},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":4},"tcbDate":"2017-07-26T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00088","INTEL-SA-00106","INTEL-SA-00115","INTEL-SA-00135","INTEL-SA-00203","INTEL-SA-00161","INTEL-SA-00233","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]}]}"#;
+	let signature = hex!("71746f2148ecba04e35cf1ac77a7e6267ce99f6781c1031f724bb5bd94b8c1b6e4c07c01dc151692aa75be80dfba7350bb80c58314a6975189597e28e9bbc75c");
+	let certificate_chain = include_bytes!("../../sgx-verify/test/dcap/tcb_info_issuer_chain.pem");
+
+	let pubkey: [u8; 32] = [
+		65, 89, 193, 118, 86, 172, 17, 149, 206, 160, 174, 75, 219, 151, 51, 235, 110, 135, 20, 55,
+		147, 162, 106, 110, 143, 207, 57, 64, 67, 63, 203, 95,
+	];
+	let signer = get_signer(&pubkey);
+	assert_ok!(Teerex::register_tcb_info(
+		RuntimeOrigin::signed(signer.clone()),
+		tcb_info.to_vec(),
+		signature.to_vec(),
+		certificate_chain.to_vec(),
+	));
+}
+
+#[test]
+fn register_tcb_info_works() {
+	new_test_ext().execute_with(|| {
+		Timestamp::set_timestamp(VALID_TIMESTAMP);
+
+		register_tcb_info();
+		let fmspc = hex!("00906EA10000");
+		let tcb_info = Teerex::tcb_info(fmspc);
+		// This is the date that the is registered in register_tcb_info and represents the date 2023-04-16T12:45:32Z
+		assert_eq!(tcb_info.next_update, 1681649132000);
+	})
+}
+
 #[test]
 fn add_enclave_works() {
 	new_test_ext().execute_with(|| {
diff --git a/teerex/src/weights.rs b/teerex/src/weights.rs
index 3ce50d23..1a4d7107 100644
--- a/teerex/src/weights.rs
+++ b/teerex/src/weights.rs
@@ -51,6 +51,8 @@ use sp_std::marker::PhantomData;
 /// Weight functions needed for pallet_teerex.
 pub trait WeightInfo {
 	fn register_enclave() -> Weight;
+	fn register_dcap_enclave() -> Weight;
+	fn register_quoting_enclave() -> Weight;
 	fn unregister_enclave() -> Weight;
 	fn call_worker() -> Weight;
 	fn confirm_processed_parentchain_block() -> Weight;
@@ -64,6 +66,18 @@ impl<T: frame_system::Config> WeightInfo for IntegriteeWeight<T> {
 			.saturating_add(T::DbWeight::get().reads(2))
 			.saturating_add(T::DbWeight::get().writes(1))
 	}
+	// TODO benchmark dcap registration
+	fn register_dcap_enclave() -> Weight {
+		Weight::from_ref_time(1_969_500_000)
+			.saturating_add(RocksDbWeight::get().reads(2))
+			.saturating_add(RocksDbWeight::get().writes(1))
+	}
+	// TODO benchmark dcap registration
+	fn register_quoting_enclave() -> Weight {
+		Weight::from_ref_time(1_969_500_000)
+			.saturating_add(RocksDbWeight::get().reads(2))
+			.saturating_add(RocksDbWeight::get().writes(1))
+	}
 	fn unregister_enclave() -> Weight {
 		Weight::from_ref_time(53_300_000)
 			.saturating_add(T::DbWeight::get().reads(3))
@@ -86,6 +100,16 @@ impl WeightInfo for () {
 			.saturating_add(RocksDbWeight::get().reads(2))
 			.saturating_add(RocksDbWeight::get().writes(1))
 	}
+	fn register_dcap_enclave() -> Weight {
+		Weight::from_ref_time(1_969_500_000)
+			.saturating_add(RocksDbWeight::get().reads(2))
+			.saturating_add(RocksDbWeight::get().writes(1))
+	}
+	fn register_quoting_enclave() -> Weight {
+		Weight::from_ref_time(1_969_500_000)
+			.saturating_add(RocksDbWeight::get().reads(2))
+			.saturating_add(RocksDbWeight::get().writes(1))
+	}
 	fn unregister_enclave() -> Weight {
 		Weight::from_ref_time(53_300_000)
 			.saturating_add(RocksDbWeight::get().reads(3))
diff --git a/test-utils/src/ias-data/ra_dcap_dump_quote.ra b/test-utils/src/ias-data/ra_dcap_dump_quote.ra
new file mode 100644
index 0000000000000000000000000000000000000000..a9604a4f891599c31ac2af4ae7d4b0c577782066
GIT binary patch
literal 4599
zcmc&%d#oH)8NY3TmZ=r`fLahJpwV(;c6Ro0?<NSGGc!9gd-u%lnVp^48Bw#3duMm{
zF}ru~?CcII1{4C6070tOmS_ni5NHeqW2zw$MM?=YMgmAtBZ43ZF){KATF=~jx4pf$
zrBMEGlFd%O@0{~J&i8%4->eu}J`y~uM%IknzI{6K&W`lG-=o&-x#Q~7R{rGDv76pJ
zjrsM3cZ+{n(TzV9tXsc+^{LAatqfj2(lcB+{C93$xBAKpRuper_xis4OFLVuU;fuu
zwk*Hz?CpmRd7HlQtzVw#&}*OD^y)WX-@l>#_TINIK_0te-wzMgmY=bs{nmLOta|+E
zJ5RL#|E&kcuX@`3Ywvja$GayEen0X?>-r62x9_rBw;V`Z!CwC4*H7dhd*;Z<hUU*=
z7Z%q&`3Dm}2=#Y=f9Rc^*Y=)x_3n%IZuxUh+ky73xqjQ*|BgStX$$S%v+13Ud(OY<
zb6YO{=e?;_@44)<KYelc3x{g|c^`O<A8akXvR(T54d-qwzwy8&&8xop+Fe^?oBww6
zIhhw2`D@SLHD>PJvH!vQ?%luo8-Jx9SibU^$9{DB#ZR~&w+7Cd4{BHgTVJ{EyN|?Q
zE?)m=<nh1X`Rsq)gL^J_tp|2({Hgbk=MP---idOsHKV)FZOdM^ZT;2WZ*RP2`-pb`
z&2P3htX_5Q>D;Z4U3KV0`#-6E8R?c!^88}?TenQU`)25mx89h%Y**|3b$gzD=9CvJ
zx1En4+MJ0z<(}y5hmH1&t(UVGeQ@Qs`|e%4FWrA&_w;K!<JYYnTygM>bAHo$sQakc
zee!qL?cDeJJ&)`f-16}LF?isK%hb2_ef~Qy&FsHp^T^1u<tt7(^|Y0%PN!CXYR#w5
zICJf~^&8GQd*f#|opbJI&pZEuQ%4T285#Lf@IYRW<jpLvs8Uj5fy&QHDI`g}ZL=)o
zau)C;2rNkhXrOl*T%=j=yG*ibxY?O$w#}5J3LQtl5m>e(<WMvL0b(g6@_oq%RcOf?
z5g?)7a4Uk=m6Eckvk+stYvsjM&tNpa%p?X9FGHj_o&XF^!+3(?U@}!|DUA~Gp%h7Z
z<X5c-jb6#-^9V`;2<Lg|dFecpBnR^rX8P4~lkc-WNCieI;xhtuaw_h6ES^18;JuWV
z_rYY+qX)<aVPvDetbz#Qlwu&us7GW}AVebQOE$0$hml_z24=JY@vK?YW#VDJFWA7C
z_rO8?a04&*$}QL{H<NTxPq;|I9&gQhC30X!HS`#5<VdJOa$u-@nz$}dL5wUQ-qT0o
zg1}HgLsL<*?(v=>PB^CI+cXQXA<e&Y0GByz0iGIbqd})o5i^cfaZMnM+Y!A{bLpg^
zSJlxO+cxZkT4^+=W8waI&8>)>p!T&q<4l@tt2$YvX0Y2~VT!J5V<2v&Td}ELq14H+
zpksNKHBm=!Jh+L9<Y5EBB1p=d)0t_9!=bvHQzi{6D|Yi{h113x4H*gKddXtZQyNG>
zo>7ETPLdIHrb<^t=x1u<J);2I>6S966lB`e6`wK-DTZXWQ69wFbM+9jOAOsBGnHtX
zA@Y{eHk%FGC@Ad`6YW)O)GG_}v=K>lvy5D&vIRIO1q&nO25M%b)RcRs&~QyZTsI4n
zCkC~l&>08~KAF|Sd8Zf4mj_{6wAe}5?o*|BXr^wp9R#AY?sFawLmuWyUkDxtP;l3x
zf*_b0=Yb6X=^YpbMk=_CYOg9&0Mif>VP9ogQ06_+GA4$~KnF0!-9(IoZoPvbhf{-T
zUW__wpCjvaEKqEXbe2?#s+gAnmPqE4qz8b&4vvzOisu7A7Ry=cI0}x)*<)<riJV_3
zr{*mui2@=rGZtAE$b0}6sXJ(OJJotk80Bda2+u+?JD?9RwOGLdGE|PSfyKv`Q>=At
z1shDKV;saSGC&Po;*Mj1JB|Tv-oTO&_(c|m26$qCOrfd8AyZ^XVO}9g0Rn&?IP%Q8
z?<`Cl2Z01gSb1n2ky9k2Jn4Tj8sb&5+vB{W3khN;$i)P-EOMBg$zn{dSe5`8rl1C+
z6hpiHMp!QQt8qKb&Pd^MO6;2bo^H`}IXtQ8y1}%kRXvNPDv+wpCeCNd1Euell>9&t
zbt;rAAzO>};-;qI79&Znnb%P~O3lIsFLO(wWL9&0m|>eimD}+nFtccc95q3fz>HuW
zp0@$a93HoGFq11W33@TKEJPOSWT0gsvQWo>mVSl{V1(}@F7F`~2GHUo|7h6|AW2!B
z96}DmpiUMchhb1l5fYjRA^`^Dg#bEf`orK3JYEE}1YkPR8I@6+kunxFQ)z@t^^mKZ
zu~AjP&G8~z8~4Y?r@Et46D*EYMqSP?v@{i{j9KN_+SEXDQ(jMwcrt7!YLp0bIg~=F
zX_&FCQrELemM40%bJ>Q_@{$h7OU*nAH#!wrYWdb!PRmaxu;ABQu;Y1DK7dk%o`QVW
z%c)Rwc-_KL6Bb2<E{iCh9wcmnBm{cRw!tK6vw#TNrNZTi(lAB2L6uv9Li5wjIe<?S
zlqlsAa}*>frevyDiYOe;#g?K5saR?u>K$FOOHczs8{`(E2Fn2g_E-#&OoPQ#3eXlH
zb<IkcO<8JbM(bn-X1E!#J2g;1acmUh)3L6eqoRY5Fg6%>rIgUGc#@@bvOSoa@O@mg
zU>bK~-5407+ZCr)R8r%9h$fd3l`Sn1u7CLx^sns){d<@ue&{{1)?tzoz^6wQIlf2$
zbe7El&r@=Q2AR5N<>`tc&88e%0s9$pDhQ6IROH@19;aGNspi{no>ReSfm8V?>DvKP
zc~9o@eUx;F49Acv`N2<C>*0*%ctg);N!rP{KJ=XWsC00#>vMy{P^phf2ibUw_Yfx;
zX2uTHvU->Gi~K}wj0$IJnOs^)R&~KHwV;-o(pq&R>P95H&KX9UM*U2*+35}py8(+0
zRWtg@EYnTFiJ0G*$Uw^VS?F>B<Pj>AL%hHN-GaDgVqe$WG+mp@a5E__*9(JECRY}w
zIXK?{<9yDCDGKqEmQsXVwVre;qT-c(r?-gR1q_fbw=|!8M%2pz=O(N#=;I=(8HyB*
zYcPqKG(Fe9K>_8PiC%?#SEQRtqilo9tamudCoR0BN~wk8gqxct*`Or}I}2!%F#pX_
z;pf<&gb2wejF0ec-V4f_nkU~uU2{1MJjEgyn$bfsTvtYO3AUEw%Ch5lX*a8+ySgwH
zGHPQ&u8@e50jGKv1!_Eqrs&4B=%DUs!HGGcZXupYV7)IYpl9ZVOhv(C<z7cA6g$#~
H_3ZxuGSfQq

literal 0
HcmV?d00001

diff --git a/test-utils/src/ias.rs b/test-utils/src/ias.rs
index 791e6097..0c4e3bba 100644
--- a/test-utils/src/ias.rs
+++ b/test-utils/src/ias.rs
@@ -16,11 +16,11 @@
 */
 
 use core::default::Default;
-use teerex_primitives::Enclave;
+use teerex_primitives::{Enclave, MrEnclave};
 
 pub trait TestEnclave<AccountId, Url> {
 	fn test_enclave(pubkey: AccountId) -> Enclave<AccountId, Url>;
-	fn with_mr_enclave(self, mr_enclave: [u8; 32]) -> Enclave<AccountId, Url>;
+	fn with_mr_enclave(self, mr_enclave: MrEnclave) -> Enclave<AccountId, Url>;
 	fn with_timestamp(self, timestamp: u64) -> Enclave<AccountId, Url>;
 	fn with_url(self, url: Url) -> Enclave<AccountId, Url>;
 }
@@ -36,7 +36,7 @@ impl<AccountId, Url: Default> TestEnclave<AccountId, Url> for Enclave<AccountId,
 		)
 	}
 
-	fn with_mr_enclave(mut self, mr_enclave: [u8; 32]) -> Self {
+	fn with_mr_enclave(mut self, mr_enclave: MrEnclave) -> Self {
 		self.mr_enclave = mr_enclave;
 		self
 	}
@@ -54,12 +54,13 @@ impl<AccountId, Url: Default> TestEnclave<AccountId, Url> for Enclave<AccountId,
 
 pub mod setups {
 	use super::consts::*;
+	use teerex_primitives::MrEnclave;
 
 	#[derive(Copy, Clone)]
 	pub struct IasSetup {
 		pub cert: &'static [u8],
 		pub signer_pub: &'static [u8; 32],
-		pub mrenclave: [u8; 32],
+		pub mrenclave: MrEnclave,
 		pub timestamp: u64,
 	}
 
@@ -94,6 +95,7 @@ pub mod setups {
 
 pub mod consts {
 	use hex_literal::hex;
+	use teerex_primitives::{MrEnclave, MrSigner};
 
 	pub const INCOGNITO_ACCOUNT: [u8; 32] = [
 		44, 106, 196, 170, 141, 51, 4, 200, 143, 12, 167, 255, 252, 221, 15, 119, 228, 141, 94, 2,
@@ -107,32 +109,34 @@ pub mod consts {
 	pub const TEST7_CERT: &[u8] = include_bytes!("./ias-data/ra_dump_cert_TEST7.der");
 	pub const TEST8_CERT: &[u8] = include_bytes!("./ias-data/ra_dump_cert_TEST8_PRODUCTION.der");
 
+	pub const TEST1_DCAP_QUOTE: &[u8] = include_bytes!("./ias-data/ra_dcap_dump_quote.ra");
+
 	// reproduce with integritee-service signing-key
-	pub const TEST4_SIGNER_PUB: &[u8; 32] =
+	pub const TEST4_SIGNER_PUB: &MrSigner =
 		include_bytes!("./ias-data/enclave-signing-pubkey-TEST4.bin");
 	// equal to TEST4! because of MRSIGNER policy it was possible to change the MRENCLAVE but keep the secret
-	pub const TEST5_SIGNER_PUB: &[u8; 32] =
+	pub const TEST5_SIGNER_PUB: &MrSigner =
 		include_bytes!("./ias-data/enclave-signing-pubkey-TEST5.bin");
-	pub const TEST6_SIGNER_PUB: &[u8; 32] =
+	pub const TEST6_SIGNER_PUB: &MrSigner =
 		include_bytes!("./ias-data/enclave-signing-pubkey-TEST6.bin");
-	pub const TEST7_SIGNER_PUB: &[u8; 32] =
+	pub const TEST7_SIGNER_PUB: &MrSigner =
 		include_bytes!("./ias-data/enclave-signing-pubkey-TEST7.bin");
-	pub const TEST8_SIGNER_PUB: &[u8; 32] =
+	pub const TEST8_SIGNER_PUB: &MrSigner =
 		include_bytes!("./ias-data/enclave-signing-pubkey-TEST8-PRODUCTION.bin");
 
 	// reproduce with "make mrenclave" in worker repo root
 	// MRSIGNER is always 83d719e77deaca1470f6baf62a4d774303c899db69020f9c70ee1dfc08c7ce9e
-	pub const TEST4_MRENCLAVE: [u8; 32] =
+	pub const TEST4_MRENCLAVE: MrEnclave =
 		hex!("7a3454ec8f42e265cb5be7dfd111e1d95ac6076ed82a0948b2e2a45cf17b62a0");
-	pub const TEST5_MRENCLAVE: [u8; 32] =
+	pub const TEST5_MRENCLAVE: MrEnclave =
 		hex!("f4dedfc9e5fcc48443332bc9b23161c34a3c3f5a692eaffdb228db27b704d9d1");
-	pub const TEST6_MRENCLAVE: [u8; 32] =
+	pub const TEST6_MRENCLAVE: MrEnclave =
 		hex!("f4dedfc9e5fcc48443332bc9b23161c34a3c3f5a692eaffdb228db27b704d9d1");
-	pub const TEST7_MRENCLAVE: [u8; 32] =
+	pub const TEST7_MRENCLAVE: MrEnclave =
 		hex!("f4dedfc9e5fcc48443332bc9b23161c34a3c3f5a692eaffdb228db27b704d9d1");
 	// production mode
 	// MRSIGNER is 117f95f65f06afb5764b572156b8b525c6230db7d6b1c94e8ebdb7fba068f4e8
-	pub const TEST8_MRENCLAVE: [u8; 32] =
+	pub const TEST8_MRENCLAVE: MrEnclave =
 		hex!("bcf66abfc6b3ef259e9ecfe4cf8df667a7f5a546525dee16822741b38f6e6050");
 
 	// unix epoch. must be later than this