Merge pull request #896 from fortanix/gilang/bug-invalid-serializing-pckcrl

Mistakenly serializing `VerificationType` field preventing deserialization to work correctly (e.g., `PckCrl`)

Author: gilanghamidy

Cargo.lock

@@ -1,6 +1,6 @@
 [package]
 name = "pcs"
-version = "0.8.0"
+version = "0.8.1"
 authors = ["Fortanix, Inc."]
 license = "MPL-2.0"
 edition = "2018"

intel-sgx/pcs/Cargo.toml

@@ -208,14 +208,14 @@ impl TryFrom<&str> for DcapArtifactIssuer {
 
 /// A trait type to define a bound of a type that signifies a Verified or Unverified
 /// instance of a type.
-pub trait VerificationType : Serialize { }
+pub trait VerificationType { }
 
-#[derive(Clone, Serialize, Debug, Eq, PartialEq)]
+#[derive(Clone, Debug, Eq, PartialEq)]
 pub struct Verified;
 
 impl VerificationType for Verified {}
 
-#[derive(Clone, Serialize, Debug, Eq, PartialEq)]
+#[derive(Clone, Debug, Eq, PartialEq)]
 pub struct Unverified;
 
 impl VerificationType for Unverified {}

intel-sgx/pcs/src/lib.rs

@@ -26,12 +26,13 @@ use crate::{DcapArtifactIssuer, Error, Unverified, VerificationType, Verified};
 pub struct PckCrl<V: VerificationType = Verified> {
     crl: String,
     ca_chain: Vec<String>,
-    type_: V,
+    #[serde(skip_serializing)]
+    _type: V,
 }
 
 impl PckCrl<Unverified> {
     pub fn new(crl: String, ca_chain: Vec<String>) -> Result<PckCrl<Unverified>, Error> {
-        let crl = PckCrl { crl, ca_chain, type_: Unverified };
+        let crl = PckCrl { crl, ca_chain, _type: Unverified };
         Ok(crl)
     }
 
@@ -70,7 +71,7 @@ impl PckCrl<Unverified> {
         self.ca()?;
 
         let PckCrl { crl, ca_chain, .. } = self;
-        Ok(PckCrl::<Verified>{ crl, ca_chain, type_: Verified})
+        Ok(PckCrl::<Verified>{ crl, ca_chain, _type: Verified})
     }
 
     pub fn read_from_file(input_dir: &str, ca: DcapArtifactIssuer) -> Result<Self, Error> {
@@ -158,6 +159,16 @@ mod tests {
         crl.verify(&root_cas).unwrap();
     }
 
+    #[cfg(all(not(target_env = "sgx"), feature = "verify"))]
+    #[test]
+    fn serialize_deserialize_pck_crl() {
+        let crl = PckCrl::read_from_file("./tests/data/", DcapArtifactIssuer::PCKProcessorCA).unwrap();
+
+        let serialized_bytes = serde_json::ser::to_vec(&crl).unwrap();
+        let crt_deserialized: PckCrl<crate::Unverified> = serde_json::de::from_slice(&serialized_bytes[..]).unwrap();
+        assert_eq!(crt_deserialized, crl);
+    }
+
     #[cfg(all(not(target_env = "sgx"), feature = "verify"))]
     #[test]
     fn read_platform_pck_crl() {

intel-sgx/pcs/src/pckcrl.rs

@@ -505,7 +505,8 @@ impl PckCerts {
 pub struct PckCert<V: VerificationType = Verified> {
     cert: String,
     ca_chain: Vec<String>,
-    type_: V,
+    #[serde(skip_serializing)]
+    _type: V,
 }
 
 impl PckCert<Unverified> {
@@ -527,7 +528,7 @@ impl PckCert<Unverified> {
         PckCert {
             cert,
             ca_chain,
-            type_: Unverified
+            _type: Unverified
         }
     }
 
@@ -558,7 +559,7 @@ impl PckCert<Unverified> {
         Ok(PckCert {
             cert: self.cert,
             ca_chain: self.ca_chain,
-            type_: Verified,
+            _type: Verified,
         })
     }
 

intel-sgx/pcs/src/pckcrt.rs

@@ -118,7 +118,8 @@ pub struct QeIdentity<V: VerificationType = Verified> {
     mrsigner: [u8; 32],
     isvprodid: u16,
     tcb_levels: Vec<TcbLevel>,
-    type_: V,
+    #[serde(skip_serializing)]
+    _type: V,
 }
 
 impl QeIdentity {
@@ -348,7 +349,7 @@ impl QeIdentitySigned {
             mrsigner,
             isvprodid,
             tcb_levels,
-            type_: _
+            _type: _
         } = serde_json::from_str(&self.raw_enclave_identity).map_err(|e| Error::ParseError(e))?;
 
         if version != 2 {
@@ -381,7 +382,7 @@ impl QeIdentitySigned {
             mrsigner,
             isvprodid,
             tcb_levels,
-            type_: Verified,
+            _type: Verified,
         })
     }
 }