diff --git a/Cargo.lock b/Cargo.lock index 58752fa0..a9092787 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -990,7 +990,7 @@ dependencies = [ [[package]] name = "frame-benchmarking" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "frame-support", "frame-support-procedural", @@ -1027,7 +1027,7 @@ dependencies = [ [[package]] name = "frame-support" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "bitflags", "environmental", @@ -1060,7 +1060,7 @@ dependencies = [ [[package]] name = "frame-support-procedural" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "Inflector", "cfg-expr", @@ -1076,7 +1076,7 @@ dependencies = [ [[package]] name = "frame-support-procedural-tools" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "frame-support-procedural-tools-derive", "proc-macro-crate", @@ -1088,7 +1088,7 @@ dependencies = [ [[package]] name = "frame-support-procedural-tools-derive" version = "3.0.0" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "proc-macro2", "quote", @@ -1098,7 +1098,7 @@ dependencies = [ [[package]] name = "frame-system" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "frame-support", "log", @@ -2111,7 +2111,7 @@ checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" [[package]] name = "pallet-balances" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "frame-benchmarking", "frame-support", @@ -2264,6 +2264,7 @@ dependencies = [ "parity-scale-codec", "scale-info", "serde", + "serde_json", "sgx-verify", "sp-core", "sp-externalities", @@ -2278,7 +2279,7 @@ dependencies = [ [[package]] name = "pallet-timestamp" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "frame-benchmarking", "frame-support", @@ -2296,7 +2297,7 @@ dependencies = [ [[package]] name = "pallet-vesting" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "frame-benchmarking", "frame-support", @@ -3386,7 +3387,7 @@ dependencies = [ [[package]] name = "sp-api" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "hash-db", "log", @@ -3406,7 +3407,7 @@ dependencies = [ [[package]] name = "sp-api-proc-macro" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "Inflector", "blake2", @@ -3420,7 +3421,7 @@ dependencies = [ [[package]] name = "sp-application-crypto" version = "7.0.0" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "parity-scale-codec", "scale-info", @@ -3433,7 +3434,7 @@ dependencies = [ [[package]] name = "sp-arithmetic" version = "6.0.0" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "integer-sqrt", "num-traits", @@ -3447,7 +3448,7 @@ dependencies = [ [[package]] name = "sp-authority-discovery" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "parity-scale-codec", "scale-info", @@ -3460,7 +3461,7 @@ dependencies = [ [[package]] name = "sp-consensus-slots" version = "0.10.0-dev" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "parity-scale-codec", "scale-info", @@ -3472,7 +3473,7 @@ dependencies = [ [[package]] name = "sp-core" version = "7.0.0" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "array-bytes", "bitflags", @@ -3516,7 +3517,7 @@ dependencies = [ [[package]] name = "sp-core-hashing" version = "5.0.0" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "blake2b_simd", "byteorder", @@ -3545,7 +3546,7 @@ dependencies = [ [[package]] name = "sp-core-hashing-proc-macro" version = "5.0.0" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "proc-macro2", "quote", @@ -3556,7 +3557,7 @@ dependencies = [ [[package]] name = "sp-debug-derive" version = "5.0.0" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "proc-macro2", "quote", @@ -3566,7 +3567,7 @@ dependencies = [ [[package]] name = "sp-externalities" version = "0.13.0" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "environmental", "parity-scale-codec", @@ -3577,7 +3578,7 @@ dependencies = [ [[package]] name = "sp-inherents" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "async-trait", "impl-trait-for-tuples", @@ -3592,7 +3593,7 @@ dependencies = [ [[package]] name = "sp-io" version = "7.0.0" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "bytes", "ed25519", @@ -3618,7 +3619,7 @@ dependencies = [ [[package]] name = "sp-keyring" version = "7.0.0" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "lazy_static", "sp-core", @@ -3629,7 +3630,7 @@ dependencies = [ [[package]] name = "sp-keystore" version = "0.13.0" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "futures", "parity-scale-codec", @@ -3643,7 +3644,7 @@ dependencies = [ [[package]] name = "sp-metadata-ir" version = "0.1.0" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "frame-metadata", "parity-scale-codec", @@ -3654,7 +3655,7 @@ dependencies = [ [[package]] name = "sp-panic-handler" version = "5.0.0" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "backtrace", "lazy_static", @@ -3664,7 +3665,7 @@ dependencies = [ [[package]] name = "sp-runtime" version = "7.0.0" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "either", "hash256-std-hasher", @@ -3686,7 +3687,7 @@ dependencies = [ [[package]] name = "sp-runtime-interface" version = "7.0.0" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "bytes", "impl-trait-for-tuples", @@ -3704,7 +3705,7 @@ dependencies = [ [[package]] name = "sp-runtime-interface-proc-macro" version = "6.0.0" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "Inflector", "proc-macro-crate", @@ -3716,7 +3717,7 @@ dependencies = [ [[package]] name = "sp-staking" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "parity-scale-codec", "scale-info", @@ -3729,7 +3730,7 @@ dependencies = [ [[package]] name = "sp-state-machine" version = "0.13.0" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "hash-db", "log", @@ -3749,7 +3750,7 @@ dependencies = [ [[package]] name = "sp-std" version = "5.0.0" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" [[package]] name = "sp-std" @@ -3760,7 +3761,7 @@ checksum = "1de8eef39962b5b97478719c493bed2926cf70cb621005bbf68ebe58252ff986" [[package]] name = "sp-storage" version = "7.0.0" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "impl-serde", "parity-scale-codec", @@ -3773,7 +3774,7 @@ dependencies = [ [[package]] name = "sp-timestamp" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "async-trait", "futures-timer", @@ -3788,7 +3789,7 @@ dependencies = [ [[package]] name = "sp-tracing" version = "6.0.0" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "parity-scale-codec", "sp-std 5.0.0", @@ -3800,7 +3801,7 @@ dependencies = [ [[package]] name = "sp-trie" version = "7.0.0" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "ahash 0.8.3", "hash-db", @@ -3823,7 +3824,7 @@ dependencies = [ [[package]] name = "sp-version" version = "5.0.0" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "impl-serde", "parity-scale-codec", @@ -3840,7 +3841,7 @@ dependencies = [ [[package]] name = "sp-version-proc-macro" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "parity-scale-codec", "proc-macro2", @@ -3851,7 +3852,7 @@ dependencies = [ [[package]] name = "sp-wasm-interface" version = "7.0.0" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "anyhow", "impl-trait-for-tuples", @@ -3865,7 +3866,7 @@ dependencies = [ [[package]] name = "sp-weights" version = "4.0.0" -source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "parity-scale-codec", "scale-info", diff --git a/primitives/teerex/src/lib.rs b/primitives/teerex/src/lib.rs index 31e7d96c..99d05c33 100644 --- a/primitives/teerex/src/lib.rs +++ b/primitives/teerex/src/lib.rs @@ -376,7 +376,7 @@ impl SgxTcbInfoOnChain { for tb in &self.tcb_levels { log::debug!(target: TEEREX, "TcbInfoOnChain::verify_examinee: tb={:#?}", &tb,); if tb.verify_examinee(examinee) { - return Some(examinee.tcb_status.into()) + return Some(tb.tcb_status.into()) } } None @@ -404,15 +404,28 @@ mod tests { #[test] fn tcb_full_is_valid() { // The strings are the hex encodings of the 16-byte CPUSVN numbers - let reference = TcbVersionStatus::new(hex!("11110204018007000000000000000000"), 7); + let reference = + TcbVersionStatus::new(hex!("11110204018007000000000000000000"), 7, TcbStatus::UpToDate); assert!(reference.verify_examinee(&reference)); - assert!(reference - .verify_examinee(&TcbVersionStatus::new(hex!("11110204018007000000000000000000"), 7))); - assert!(reference - .verify_examinee(&TcbVersionStatus::new(hex!("21110204018007000000000000000001"), 7))); - assert!(!reference - .verify_examinee(&TcbVersionStatus::new(hex!("10110204018007000000000000000000"), 6))); - assert!(!reference - .verify_examinee(&TcbVersionStatus::new(hex!("11110204018007000000000000000000"), 6))); + assert!(reference.verify_examinee(&TcbVersionStatus::new( + hex!("11110204018007000000000000000000"), + 7, + TcbStatus::UpToDate + ))); + assert!(reference.verify_examinee(&TcbVersionStatus::new( + hex!("21110204018007000000000000000001"), + 7, + TcbStatus::UpToDate + ))); + assert!(!reference.verify_examinee(&TcbVersionStatus::new( + hex!("10110204018007000000000000000000"), + 6, + TcbStatus::UpToDate + ))); + assert!(!reference.verify_examinee(&TcbVersionStatus::new( + hex!("11110204018007000000000000000000"), + 6, + TcbStatus::UpToDate + ))); } } diff --git a/teerex/Cargo.toml b/teerex/Cargo.toml index 17917341..3646049f 100644 --- a/teerex/Cargo.toml +++ b/teerex/Cargo.toml @@ -42,6 +42,8 @@ hex-literal = "0.3.2" pallet-balances = { git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.42" } sp-keyring = { git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.42" } test-utils = { path = "../test-utils" } +serde = { version = "1.0.140", features = ["derive"] } +serde_json = { version = "1.0", features = ["alloc"] } [features] default = ["std"] diff --git a/teerex/sgx-verify/src/lib.rs b/teerex/sgx-verify/src/lib.rs index a7c4220c..1978b28b 100644 --- a/teerex/sgx-verify/src/lib.rs +++ b/teerex/sgx-verify/src/lib.rs @@ -547,7 +547,13 @@ pub fn verify_certificate_chain<'a>( let sig_algs = &[&webpki::ECDSA_P256_SHA256]; leaf_cert .verify_is_valid_tls_server_cert(sig_algs, &DCAP_SERVER_ROOTS, intermediate_certs, time) - .map_err(|_| Error::CertificateChainIsInvalid)?; + .map_err(|e| { + log::warn!(target: TEEREX, "certificate chain is invalid: {:?}", e); + #[cfg(test)] + println!("certificate chain is invalid: {:?}", e); + Error::CertificateChainIsInvalid + })?; + log::debug!(target: TEEREX, "Self::verify_certificate_chain, is valid tls server cert."); Ok(leaf_cert) } diff --git a/teerex/sgx-verify/test-data/dcap/test2_tcb_info.json b/teerex/sgx-verify/test-data/dcap/test2_tcb_info.json new file mode 100644 index 00000000..8cfe3fa0 --- /dev/null +++ b/teerex/sgx-verify/test-data/dcap/test2_tcb_info.json @@ -0,0 +1 @@ +{"tcbInfo":{"id":"SGX","version":3,"issueDate":"2023-09-13T09:19:56Z","nextUpdate":"2023-10-13T09:19:56Z","fmspc":"00606a000000","pceId":"0000","tcbType":0,"tcbEvaluationDataNumber":15,"tcbLevels":[{"tcb":{"sgxtcbcomponents":[{"svn":11,"category":"BIOS","type":"Early Microcode Update"},{"svn":11,"category":"OS/VMM","type":"SGX Late Microcode Update"},{"svn":3,"category":"OS/VMM","type":"TXT SINIT"},{"svn":3,"category":"BIOS"},{"svn":255},{"svn":255},{"svn":1},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":13},"tcbDate":"2023-02-15T00:00:00Z","tcbStatus":"SWHardeningNeeded","advisoryIDs":["INTEL-SA-00615"]},{"tcb":{"sgxtcbcomponents":[{"svn":11,"category":"BIOS","type":"Early Microcode Update"},{"svn":11,"category":"OS/VMM","type":"SGX Late Microcode Update"},{"svn":3,"category":"OS/VMM","type":"TXT SINIT"},{"svn":3,"category":"BIOS"},{"svn":255},{"svn":255},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":13},"tcbDate":"2023-02-15T00:00:00Z","tcbStatus":"ConfigurationAndSWHardeningNeeded","advisoryIDs":["INTEL-SA-00615"]},{"tcb":{"sgxtcbcomponents":[{"svn":7,"category":"BIOS","type":"Early Microcode Update"},{"svn":9,"category":"OS/VMM","type":"SGX Late Microcode Update"},{"svn":3,"category":"OS/VMM","type":"TXT SINIT"},{"svn":3,"category":"BIOS"},{"svn":255},{"svn":255},{"svn":1},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":13},"tcbDate":"2022-08-10T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00657","INTEL-SA-00730","INTEL-SA-00738","INTEL-SA-00767","INTEL-SA-00615"]},{"tcb":{"sgxtcbcomponents":[{"svn":7,"category":"BIOS","type":"Early Microcode Update"},{"svn":9,"category":"OS/VMM","type":"SGX Late Microcode Update"},{"svn":3,"category":"OS/VMM","type":"TXT SINIT"},{"svn":3,"category":"BIOS"},{"svn":255},{"svn":255},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":13},"tcbDate":"2022-08-10T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00657","INTEL-SA-00730","INTEL-SA-00738","INTEL-SA-00767","INTEL-SA-00615"]},{"tcb":{"sgxtcbcomponents":[{"svn":4,"category":"BIOS","type":"Early Microcode Update"},{"svn":4,"category":"OS/VMM","type":"SGX Late Microcode Update"},{"svn":3,"category":"OS/VMM","type":"TXT SINIT"},{"svn":3,"category":"BIOS"},{"svn":255},{"svn":255},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":11},"tcbDate":"2021-11-10T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00586","INTEL-SA-00614","INTEL-SA-00615","INTEL-SA-00657","INTEL-SA-00730","INTEL-SA-00738","INTEL-SA-00767"]},{"tcb":{"sgxtcbcomponents":[{"svn":4,"category":"BIOS","type":"Early Microcode Update"},{"svn":4,"category":"OS/VMM","type":"SGX Late Microcode Update"},{"svn":3,"category":"OS/VMM","type":"TXT SINIT"},{"svn":3,"category":"BIOS"},{"svn":255},{"svn":255},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":10},"tcbDate":"2020-11-11T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00477","INTEL-SA-00586","INTEL-SA-00614","INTEL-SA-00615","INTEL-SA-00657","INTEL-SA-00730","INTEL-SA-00738","INTEL-SA-00767"]},{"tcb":{"sgxtcbcomponents":[{"svn":4,"category":"BIOS","type":"Early Microcode Update"},{"svn":4,"category":"OS/VMM","type":"SGX Late Microcode Update"},{"svn":3,"category":"OS/VMM","type":"TXT SINIT"},{"svn":3,"category":"BIOS"},{"svn":255},{"svn":255},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":5},"tcbDate":"2018-01-04T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00106","INTEL-SA-00115","INTEL-SA-00135","INTEL-SA-00203","INTEL-SA-00220","INTEL-SA-00233","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00586","INTEL-SA-00614","INTEL-SA-00615","INTEL-SA-00657","INTEL-SA-00730","INTEL-SA-00738","INTEL-SA-00767"]}]},"signature":"bfedea1485a392d1d8062daa3f6dfd5d072ca9870041aa95150575d59bc5e568afa3c2803fd2c02eb7c018dac9b8137244eddd40fd04ed789f22714b1729b329"} diff --git a/teerex/src/tests/test_cases.rs b/teerex/src/tests/test_cases.rs index 5cdae364..8c11d09e 100644 --- a/teerex/src/tests/test_cases.rs +++ b/teerex/src/tests/test_cases.rs @@ -18,16 +18,24 @@ use crate::{ mock::*, test_helpers::{register_test_quoting_enclave, register_test_tcb_info}, - AllowSkippingAttestation, Error, Event as TeerexEvent, ProxiedEnclaves, SgxAllowDebugMode, - SgxEnclave, SovereignEnclaves, + AllowSkippingAttestation, Error, + Error::TcbInfoIsOutdated, + Event as TeerexEvent, ProxiedEnclaves, SgxAllowDebugMode, SgxEnclave, SovereignEnclaves, }; use frame_support::{assert_err, assert_ok}; use hex_literal::hex; -use sgx_verify::test_data::dcap::{TEST1_DCAP_QUOTE_MRENCLAVE, TEST1_DCAP_QUOTE_SIGNER}; +use sgx_verify::{ + collateral::EnclaveIdentity, + test_data::dcap::{ + QUOTING_ENCLAVE, TEST1_DCAP_QUOTE_MRENCLAVE, TEST1_DCAP_QUOTE_SIGNER, TEST2_DCAP_QUOTE_HEX, + }, + verify_dcap_quote, +}; use sp_keyring::AccountKeyring; +use std::default::Default; use teerex_primitives::{ - AnySigner, EnclaveInstanceAddress, MultiEnclave, SgxAttestationMethod, SgxBuildMode, - SgxReportData, SgxStatus, + AnySigner, Cpusvn, EnclaveInstanceAddress, MultiEnclave, SgxAttestationMethod, SgxBuildMode, + SgxQuotingEnclave, SgxReportData, SgxStatus, SgxTcbInfoOnChain, TcbStatus, TcbVersionStatus, }; use test_utils::test_data::{ consts::*, @@ -138,6 +146,26 @@ fn add_and_remove_dcap_proxied_enclave_works() { }) } +#[test] +fn outdated_tcb_status_is_reported_correctly() { + let tcb_info_onchain = SgxTcbInfoOnChain::new( + 1693476000000, + 1914399873000, + vec![TcbVersionStatus::new( + hex!("0C0C0303FFFF00000000000000000000"), + 13, + TcbStatus::OutOfDate, + )], + ); + let qe_identity: EnclaveIdentity = serde_json::from_slice(QUOTING_ENCLAVE).unwrap(); + let quoting_enclave = qe_identity.to_quoting_enclave(); + + let quote_bytes = hex::decode(TEST2_DCAP_QUOTE_HEX.trim()).unwrap(); + let (fmspc, tcb_info, report) = + verify_dcap_quote(quote_bytes.as_slice(), 1693475073000, "ing_enclave).unwrap(); + assert_eq!(tcb_info_onchain.verify_examinee(&tcb_info), Some(SgxStatus::GroupOutOfDate)); +} + #[test] fn skip_attestation_add_sovereign_enclave_works_if_allowed() { new_test_ext().execute_with(|| {