improve quote parser validation

Signed-off-by: Jun Kimura <jun.kimura@datachain.jp>

Author: bluele

crates/types/src/lib.rs

@@ -20,6 +20,8 @@ pub const ECDSA_256_WITH_P256_CURVE: u16 = 2;
 pub const INTEL_QE_VENDOR_ID: [u8; 16] = [
     0x93, 0x9A, 0x72, 0x33, 0xF7, 0x9C, 0x4C, 0xA9, 0x94, 0x0A, 0x0D, 0xB3, 0x95, 0x7F, 0x06, 0x07,
 ];
+/// ref. p.67 <https://download.01.org/intel-sgx/sgx-dcap/1.22/linux/docs/Intel_SGX_ECDSA_QuoteLibReference_DCAP_API.pdf>
+pub const QUOTE_HEADER_LEN: usize = 48;
 /// ref. p.69 <https://download.01.org/intel-sgx/sgx-dcap/1.22/linux/docs/Intel_SGX_ECDSA_QuoteLibReference_DCAP_API.pdf>
 pub const ENCLAVE_REPORT_LEN: usize = 384;
 /// ref. p.37 <https://download.01.org/intel-sgx/sgx-dcap/1.22/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf>

crates/types/src/quotes/body.rs

@@ -1,6 +1,6 @@
 use anyhow::bail;
 
-use crate::Result;
+use crate::{Result, ENCLAVE_REPORT_LEN};
 
 #[derive(Debug, Copy, Clone, PartialEq, Eq)]
 pub enum QuoteBody {
@@ -59,7 +59,7 @@ pub struct EnclaveReport {
 impl EnclaveReport {
     /// Parse raw bytes into EnclaveReport
     pub fn from_bytes(raw_bytes: &[u8]) -> Result<EnclaveReport> {
-        if raw_bytes.len() != 384 {
+        if raw_bytes.len() != ENCLAVE_REPORT_LEN {
             bail!("Invalid length of bytes for EnclaveReport");
         }
         let mut obj = EnclaveReport {
@@ -341,7 +341,7 @@ pub(crate) mod tests {
     }
 
     // proptest strategy for EnclaveReport
-    pub fn enclave_report_strategy() -> impl Strategy<Value = EnclaveReport> {
+    pub(crate) fn enclave_report_strategy() -> impl Strategy<Value = EnclaveReport> {
         (
             any::<[u8; 16]>(),
             any::<[u8; 4]>(),
@@ -388,7 +388,7 @@ pub(crate) mod tests {
     }
 
     // proptest strategy for TD10ReportBody
-    fn td10_report_body_strategy() -> impl Strategy<Value = TD10ReportBody> {
+    pub(crate) fn td10_report_body_strategy() -> impl Strategy<Value = TD10ReportBody> {
         (
             (
                 any::<[u8; 16]>(),

crates/types/src/quotes/mod.rs

@@ -1,6 +1,6 @@
 use crate::{
     utils::{parse_x509_der_multi, pem_to_der},
-    Result,
+    Result, QUOTE_HEADER_LEN,
 };
 
 pub mod body;
@@ -25,7 +25,7 @@ pub enum Quote {
 impl Quote {
     /// Parse a byte slice into a `Quote` structure.
     pub fn from_bytes(bytes: &[u8]) -> Result<Self> {
-        if bytes.len() < 48 {
+        if bytes.len() < QUOTE_HEADER_LEN {
             bail!("Invalid quote length");
         }
         let version = u16::from_le_bytes([bytes[0], bytes[1]]);
@@ -81,8 +81,8 @@ pub struct QuoteHeader {
 impl QuoteHeader {
     /// Parse a QuoteHeader from a byte slice.
     pub fn from_bytes(raw_bytes: &[u8]) -> Result<Self> {
-        if raw_bytes.len() < 48 {
-            return Err(anyhow::anyhow!("QuoteHeader is too short"));
+        if raw_bytes.len() != QUOTE_HEADER_LEN {
+            return Err(anyhow::anyhow!("Invalid QuoteHeader length"));
         }
         let version = u16::from_le_bytes([raw_bytes[0], raw_bytes[1]]);
         let att_key_type = u16::from_le_bytes([raw_bytes[2], raw_bytes[3]]);
@@ -186,6 +186,16 @@ pub struct CertData {
 }
 
 impl CertData {
+    /// Create a new CertData instance.
+    pub fn new(cert_data_type: u16, cert_data: Vec<u8>) -> Self {
+        let cert_data_size = cert_data.len() as u32;
+        CertData {
+            cert_data_type,
+            cert_data_size,
+            cert_data,
+        }
+    }
+
     /// Parse a CertData from a byte slice.
     pub fn from_bytes(raw_bytes: &[u8]) -> Result<Self> {
         let len = raw_bytes.len();
@@ -322,7 +332,7 @@ pub(crate) mod tests {
 
     proptest! {
         #[test]
-        fn test_quote_header_roundtrip(quote_header in quote_header_strategy(None)) {
+        fn test_quote_header_roundtrip(quote_header in quote_header_strategy(None, None)) {
             let raw_bytes = quote_header.to_bytes();
             let parsed_quote_header = QuoteHeader::from_bytes(&raw_bytes).unwrap();
             prop_assert_eq!(quote_header, parsed_quote_header, "raw_bytes: {:?}", raw_bytes);
@@ -352,6 +362,7 @@ pub(crate) mod tests {
 
     pub(crate) fn quote_header_strategy(
         version: Option<u16>,
+        tee_type: Option<u32>,
     ) -> impl Strategy<Value = QuoteHeader> {
         (
             any::<u16>(),
@@ -366,7 +377,7 @@ pub(crate) mod tests {
                 move |(
                     version_,
                     att_key_type,
-                    tee_type,
+                    tee_type_,
                     qe_svn,
                     pce_svn,
                     qe_vendor_id,
@@ -375,7 +386,7 @@ pub(crate) mod tests {
                     QuoteHeader {
                         version: version.unwrap_or(version_),
                         att_key_type,
-                        tee_type,
+                        tee_type: tee_type.unwrap_or(tee_type_),
                         qe_svn,
                         pce_svn,
                         qe_vendor_id,

crates/types/src/quotes/version_3.rs

@@ -1,6 +1,11 @@
 use super::{body::EnclaveReport, CertData, QeAuthData, QuoteHeader};
-use crate::Result;
-use anyhow::anyhow;
+use crate::{Result, ENCLAVE_REPORT_LEN, QUOTE_HEADER_LEN};
+use anyhow::{anyhow, bail};
+
+const SIGNATURE_DATA_SIZE_OFFSET: usize = QUOTE_HEADER_LEN + ENCLAVE_REPORT_LEN;
+const SIGNATURE_DATA_SIZE_LEN: usize = 4;
+const SIGNATURE_DATA_OFFSET: usize =
+    QUOTE_HEADER_LEN + ENCLAVE_REPORT_LEN + SIGNATURE_DATA_SIZE_LEN;
 
 /// Quote structure for DCAP version 3.
 /// The structure is defined in the Intel SGX ECDSA Quote Library Reference.
@@ -29,30 +34,31 @@ pub struct QuoteV3 {
 impl QuoteV3 {
     /// Parse a QuoteV3 from a byte slice.
     pub fn from_bytes(raw_bytes: &[u8]) -> Result<QuoteV3> {
-        if raw_bytes.len() < 436 {
-            return Err(anyhow!("QuoteV3 data is too short"));
+        if raw_bytes.len() < SIGNATURE_DATA_OFFSET {
+            bail!("QuoteV3 data is too short");
         }
-        let header = QuoteHeader::from_bytes(&raw_bytes[0..48])?;
+        let header = QuoteHeader::from_bytes(&raw_bytes[..QUOTE_HEADER_LEN])?;
         if header.version != 3 {
-            return Err(anyhow!("QuoteV3 version is not 3"));
+            bail!("QuoteV3 version is not 3");
         }
-        let isv_enclave_report = EnclaveReport::from_bytes(&raw_bytes[48..432])?;
+        let isv_enclave_report =
+            EnclaveReport::from_bytes(&raw_bytes[QUOTE_HEADER_LEN..SIGNATURE_DATA_SIZE_OFFSET])?;
         let signature_len = u32::from_le_bytes([
-            raw_bytes[432],
-            raw_bytes[433],
-            raw_bytes[434],
-            raw_bytes[435],
+            raw_bytes[SIGNATURE_DATA_SIZE_OFFSET],
+            raw_bytes[SIGNATURE_DATA_SIZE_OFFSET + 1],
+            raw_bytes[SIGNATURE_DATA_SIZE_OFFSET + 2],
+            raw_bytes[SIGNATURE_DATA_SIZE_OFFSET + 3],
         ]);
-        if raw_bytes.len() != 436 + signature_len as usize {
-            return Err(anyhow!(
+        if raw_bytes.len() < SIGNATURE_DATA_OFFSET + signature_len as usize {
+            bail!(
                 "QuoteV3 data is not the expected length: expected {}, got {}",
-                436 + signature_len,
+                SIGNATURE_DATA_OFFSET + signature_len as usize,
                 raw_bytes.len()
-            ));
+            );
         }
-        // allocate and create a buffer for signature
-        let signature_slice = &raw_bytes[436..436 + signature_len as usize];
-        let signature = QuoteSignatureDataV3::from_bytes(signature_slice)?;
+        let signature = QuoteSignatureDataV3::from_bytes(
+            &raw_bytes[SIGNATURE_DATA_OFFSET..SIGNATURE_DATA_OFFSET + signature_len as usize],
+        )?;
 
         Ok(QuoteV3 {
             header,
@@ -130,10 +136,13 @@ impl QuoteSignatureDataV3 {
 #[cfg(test)]
 mod tests {
     use super::*;
-    use crate::quotes::{
-        body::tests::enclave_report_strategy,
-        tests::{cert_data_strategy, qe_auth_data_strategy, quote_header_strategy},
-        Quote,
+    use crate::{
+        quotes::{
+            body::tests::enclave_report_strategy,
+            tests::{cert_data_strategy, qe_auth_data_strategy, quote_header_strategy},
+            Quote,
+        },
+        SGX_TEE_TYPE,
     };
     use proptest::{collection::vec, prelude::*};
 
@@ -174,7 +183,7 @@ mod tests {
 
     pub(crate) fn quote_v3_strategy() -> impl Strategy<Value = QuoteV3> {
         (
-            quote_header_strategy(Some(3)),
+            quote_header_strategy(Some(3), Some(SGX_TEE_TYPE)),
             enclave_report_strategy(),
             quote_signature_data_v3_strategy(),
         )