Add function to extract PPID from quote

Author: yanchengchen7

verify/verify.go

@@ -1405,6 +1405,19 @@ func SupportedTcbLevelsFromCollateral(quote any, options *Options) (pcs.TcbLevel
 	}
 }
 
+// GetPPID extracts the PPID from the PCK certificate chain in the quote.
+func GetPPID(quote any) (string, error) {
+	chain, err := ExtractChainFromQuote(quote)
+	if err != nil {
+		return "", err
+	}
+	exts, err := pcs.PckCertificateExtensions(chain.PCKCertificate)
+	if err != nil {
+		return "", err
+	}
+	return exts.PPID, nil
+}
+
 // tdxQuoteV4 verifies the QuoteV4 protobuf representation of an attestation quote's signature
 // based on the quote's SignatureAlgo, provided the certificate chain is valid.
 func tdxQuoteV4(ctx context.Context, quote *pb.QuoteV4, options *Options) error {

verify/verify_test.go

@@ -932,6 +932,24 @@ func TestSupportedTcbLevelsFromCollateral(t *testing.T) {
 	})
 }
 
+func TestGetPPID(t *testing.T) {
+	quote, err := abi.QuoteToProto(testdata.RawQuote)
+	if err != nil {
+		t.Fatal(err)
+	}
+	ppid, err := GetPPID(quote)
+	if err != nil {
+		t.Fatal(err)
+	}
+	// The PPID is bytes 89d... which is hex encoded in pcs.PckExtensions
+	// In TestPckCertificateExtensions, expected ppidBytes is []byte{8, 157, 223, 219, 156, 3, 89, 200, 42, 59, 199, 113, 146, 57, 87, 78}
+	// Hex: 089ddfdb9c0359c82a3bc7719239574e
+	wantPPID := "089ddfdb9c0359c82a3bc7719239574e"
+	if ppid != wantPPID {
+		t.Errorf("GetPPID() = %q, want %q", ppid, wantPPID)
+	}
+}
+
 var rawTdxQuoteFuncs = map[string]func([]byte, *Options) error{
 	"RawTdxQuote": RawTdxQuote,
 	"RawTdxQuoteContext": func(quote []byte, options *Options) error {