Merge pull request #19 from datachainlab/fix-collateral-json-string

Fix type of `QvCollateral`'s json values to string

Signed-off-by: Jun Kimura <jun.kimura@datachain.jp>

Author: bluele

crates/pcs/src/client.rs

@@ -82,13 +82,12 @@ impl PCSClient {
             ))?;
             let issuer_chain =
                 extract_raw_certs(get_header(&res, "TCB-Info-Issuer-Chain")?.as_bytes())?;
-            (res.bytes()?.to_vec(), issuer_chain[0].clone())
+            (res.text()?, issuer_chain[0].clone())
         };
 
         // get the QE identity
-        let qe_identity_json = http_get(format!("{base_url}/qe/identity?update={update_policy}"))?
-            .bytes()?
-            .to_vec();
+        let qe_identity_json =
+            http_get(format!("{base_url}/qe/identity?update={update_policy}"))?.text()?;
 
         let pck_crl_url = match get_x509_subject_cn(pck_cert_issuer).as_str() {
             "Intel SGX PCK Platform CA" => format!("{base_url}/pckcrl?ca=platform&encoding=der"),

crates/quote-verifier/src/collateral.rs

@@ -12,10 +12,10 @@ use crate::Result;
 pub struct QvCollateral {
     /// TCBInfo in JSON format
     /// ref. <https://api.portal.trustedservices.intel.com/content/documentation.html#pcs-tcb-info-model-v3>
-    pub tcb_info_json: Vec<u8>,
+    pub tcb_info_json: String,
     /// QEIdentity in JSON format
     /// ref. <https://api.portal.trustedservices.intel.com/content/documentation.html#pcs-enclave-identity-model-v2>
-    pub qe_identity_json: Vec<u8>,
+    pub qe_identity_json: String,
     /// SGX Intel Root CA certificate in DER format
     /// ref. <https://certificates.trustedservices.intel.com/Intel_SGX_Provisioning_Certification_RootCA.pem>
     pub sgx_intel_root_ca_der: Vec<u8>,
@@ -58,8 +58,8 @@ impl QvCollateral {
         data.extend_from_slice(&(self.sgx_intel_root_ca_crl_der.len() as u32).to_le_bytes());
         data.extend_from_slice(&(self.sgx_pck_crl_der.len() as u32).to_le_bytes());
 
-        data.extend_from_slice(&self.tcb_info_json);
-        data.extend_from_slice(&self.qe_identity_json);
+        data.extend_from_slice(self.tcb_info_json.as_bytes());
+        data.extend_from_slice(self.qe_identity_json.as_bytes());
         data.extend_from_slice(&self.sgx_intel_root_ca_der);
         data.extend_from_slice(&self.sgx_tcb_signing_der);
         data.extend_from_slice(&self.sgx_intel_root_ca_crl_der);
@@ -98,9 +98,10 @@ impl QvCollateral {
             bail!("Invalid QvCollateral length");
         }
 
-        let tcb_info_json = slice[offset..offset + tcb_info_json_len].to_vec();
+        let tcb_info_json = String::from_utf8(slice[offset..offset + tcb_info_json_len].to_vec())?;
         offset += tcb_info_json_len;
-        let qe_identity_json = slice[offset..offset + qe_identity_json_len].to_vec();
+        let qe_identity_json =
+            String::from_utf8(slice[offset..offset + qe_identity_json_len].to_vec())?;
         offset += qe_identity_json_len;
         let sgx_intel_root_ca_der = slice[offset..offset + sgx_intel_root_ca_der_len].to_vec();
         offset += sgx_intel_root_ca_der_len;
@@ -124,7 +125,7 @@ impl QvCollateral {
 
     /// Returns the TCBInfoV3 struct from the TCBInfo JSON bytes
     pub fn get_tcb_info_v3(&self) -> Result<TcbInfoV3> {
-        let tcb_info_v3: TcbInfoV3 = serde_json::from_slice(&self.tcb_info_json)?;
+        let tcb_info_v3: TcbInfoV3 = serde_json::from_str(&self.tcb_info_json)?;
         if tcb_info_v3.tcb_info.version != 3 {
             bail!("Invalid TCB Info version: {}", tcb_info_v3.tcb_info.version);
         }
@@ -133,7 +134,7 @@ impl QvCollateral {
 
     /// Returns the EnclaveIdentityV2 struct from the QEIdentity JSON bytes
     pub fn get_qe_identity_v2(&self) -> Result<EnclaveIdentityV2> {
-        let qe: EnclaveIdentityV2 = serde_json::from_slice(&self.qe_identity_json)?;
+        let qe: EnclaveIdentityV2 = serde_json::from_str(&self.qe_identity_json)?;
         if qe.enclave_identity.version != 2 {
             bail!(
                 "Invalid QE Identity version: {}",

crates/quote-verifier/src/lib.rs

@@ -76,8 +76,8 @@ mod quote_verifier_tests {
     #[test]
     fn test_verifyv3() {
         let collaterals = QvCollateral {
-            tcb_info_json: include_bytes!("../../../data/v3/tcbinfov3_00906ED50000.json").to_vec(),
-            qe_identity_json: include_bytes!("../../../data/v3/qeidentityv2.json").to_vec(),
+            tcb_info_json: include_str!("../../../data/v3/tcbinfov3_00906ED50000.json").to_string(),
+            qe_identity_json: include_str!("../../../data/v3/qeidentityv2.json").to_string(),
             sgx_intel_root_ca_der: include_bytes!(
                 "../../../data/Intel_SGX_Provisioning_Certification_RootCA.cer"
             )
@@ -134,8 +134,8 @@ mod quote_verifier_tests {
     #[test]
     fn test_verifyv4() {
         let collaterals = QvCollateral {
-            tcb_info_json: include_bytes!("../../../data/v4/tcbinfov3_00806f050000.json").to_vec(),
-            qe_identity_json: include_bytes!("../../../data/v4/qeidentityv2_apiv4.json").to_vec(),
+            tcb_info_json: include_str!("../../../data/v4/tcbinfov3_00806f050000.json").to_string(),
+            qe_identity_json: include_str!("../../../data/v4/qeidentityv2_apiv4.json").to_string(),
             sgx_intel_root_ca_der: include_bytes!(
                 "../../../data/Intel_SGX_Provisioning_Certification_RootCA.cer"
             )

crates/quote-verifier/src/quotes/version_3.rs

@@ -182,8 +182,8 @@ mod tests {
             .unwrap();
 
         let collateral = QvCollateral {
-            tcb_info_json: serde_json::to_vec(&tcb_info).unwrap(),
-            qe_identity_json: serde_json::to_vec(&qe_identity).unwrap(),
+            tcb_info_json: serde_json::to_string(&tcb_info).unwrap(),
+            qe_identity_json: serde_json::to_string(&qe_identity).unwrap(),
             sgx_intel_root_ca_der: root_ca.cert.to_der().unwrap(),
             sgx_tcb_signing_der: tcb_certchain.cert.to_der().unwrap(),
             sgx_intel_root_ca_crl_der: root_ca_crl,

zkvm/risc0/artifacts/dcap-quote-verifier

@@ -1,4 +1,4 @@
 
-pub const DCAP_QUOTE_VERIFIER_ID: [u32; 8] = [1899810625, 477674516, 2284155673, 144601314, 1476267439, 1192845965, 2114671039, 4035334195];
-pub const DCAP_QUOTE_VERIFIER_ID_STR: &str = "41cf3c7114bc781c19732588e2709e08af0dfe578d621947bf510b7e335086f0";
+pub const DCAP_QUOTE_VERIFIER_ID: [u32; 8] = [483828460, 459610919, 1188057978, 2178293476, 1749789425, 4194043372, 1381224536, 1377785701];
+pub const DCAP_QUOTE_VERIFIER_ID_STR: &str = "eca2d61c271b651b7a53d046e41ed681f1aa4b68ec05fcf958d0535265571f52";
 pub const DCAP_QUOTE_VERIFIER_ELF: &[u8] = include_bytes!("../artifacts/dcap-quote-verifier");