go/common/sgx: Make quote policy YAML serializable

oasisprotocol · Aug 7, 2024 · fc760b9 · fc760b9
1 parent bd31bcf
commit fc760b9
Show file tree

Hide file tree

Showing 6 changed files with 58 additions and 12 deletions.
diff --git a/.changelog/5804.internal.md b/.changelog/5804.internal.md
@@ -0,0 +1 @@
+go/common/sgx: Make quote policy YAML serializable
diff --git a/go/common/sgx/common_test.go b/go/common/sgx/common_test.go
@@ -5,6 +5,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/require"
+	"gopkg.in/yaml.v3"
 )
 
 func TestMrSignerDerivation(t *testing.T) {
@@ -18,3 +19,14 @@ func TestMrSignerDerivation(t *testing.T) {
 
 	require.Equal(mrSigner.String(), "9affcfae47b848ec2caf1c49b4b283531e1cc425f93582b36806e52a43d78d1a")
 }
+
+func TestSerializationYAML(t *testing.T) {
+	require := require.New(t)
+
+	const testCase1 = `"pKgjl8iaPXez72EYTefLI+fIOR5dyoLW9aCdDCyY15qoN79uRyzpbZpzSyXQIkXu+qm+r7/VJPY+Im3P4riXDg=="`
+	var dec EnclaveIdentity
+	err := yaml.Unmarshal([]byte(testCase1), &dec)
+	require.NoError(err, "yaml.Unmarshal")
+	require.EqualValues("a837bf6e472ce96d9a734b25d02245eefaa9beafbfd524f63e226dcfe2b8970e", dec.MrSigner.String())
+	require.EqualValues("a4a82397c89a3d77b3ef61184de7cb23e7c8391e5dca82d6f5a09d0c2c98d79a", dec.MrEnclave.String())
+}
diff --git a/go/common/sgx/ias/avr.go b/go/common/sgx/ias/avr.go
@@ -78,19 +78,19 @@ var (
 // QuotePolicy is the quote validity policy.
 type QuotePolicy struct {
 	// Disabled specifies whether IAS quotes are disabled and will always be rejected.
-	Disabled bool `json:"disabled,omitempty"`
+	Disabled bool `json:"disabled,omitempty" yaml:"disabled,omitempty"`
 
 	// AllowedQuoteStatuses are the allowed quote statuses.
 	//
 	// Note: QuoteOK and QuoteSwHardeningNeeded are ALWAYS allowed, and do not need to be specified.
-	AllowedQuoteStatuses []ISVEnclaveQuoteStatus `json:"allowed_quote_statuses,omitempty"`
+	AllowedQuoteStatuses []ISVEnclaveQuoteStatus `json:"allowed_quote_statuses,omitempty" yaml:"allowed_quote_statuses,omitempty"`
 
 	// GIDBlackList is a list of blocked platform EPID group IDs.
-	GIDBlacklist []uint32 `json:"gid_blacklist,omitempty"`
+	GIDBlacklist []uint32 `json:"gid_blacklist,omitempty" yaml:"gid_blacklist,omitempty"`
 
 	// MinTCBEvaluationDataNumber is the minimum acceptable TCB Evaluation Data number,
 	// as used in the attestation verification report structure.
-	MinTCBEvaluationDataNumber uint32 `json:"min_tcb_evaluation_data_number,omitempty"`
+	MinTCBEvaluationDataNumber uint32 `json:"min_tcb_evaluation_data_number,omitempty" yaml:"min_tcb_evaluation_data_number,omitempty"`
 }
 
 // AttestationType is the type of the SGX attestation.

diff --git a/go/common/sgx/pcs/quote.go b/go/common/sgx/pcs/quote.go
@@ -40,18 +40,18 @@ const (
 // QuotePolicy is the quote validity policy.
 type QuotePolicy struct {
 	// Disabled specifies whether PCS quotes are disabled and will always be rejected.
-	Disabled bool `json:"disabled,omitempty"`
+	Disabled bool `json:"disabled,omitempty" yaml:"disabled,omitempty"`
 
 	// TCBValidityPeriod is the validity (in days) of the TCB collateral.
-	TCBValidityPeriod uint16 `json:"tcb_validity_period"`
+	TCBValidityPeriod uint16 `json:"tcb_validity_period" yaml:"tcb_validity_period"`
 
 	// MinTCBEvaluationDataNumber is the minimum TCB evaluation data number that is considered to be
 	// valid. TCB bundles containing smaller values will be invalid.
-	MinTCBEvaluationDataNumber uint32 `json:"min_tcb_evaluation_data_number"`
+	MinTCBEvaluationDataNumber uint32 `json:"min_tcb_evaluation_data_number" yaml:"min_tcb_evaluation_data_number"`
 
 	// FMSPCBlacklist is a list of hexadecimal encoded FMSPCs specifying which processor
 	// packages and platform instances are blocked.
-	FMSPCBlacklist []string `json:"fmspc_blacklist,omitempty"`
+	FMSPCBlacklist []string `json:"fmspc_blacklist,omitempty" yaml:"fmspc_blacklist,omitempty"`
 }
 
 // Quote is an enclave quote.

diff --git a/go/common/sgx/quote/quote.go b/go/common/sgx/quote/quote.go
@@ -12,8 +12,8 @@ import (
 
 // Quote is an unverified SGX remote attestation quote, depending on the attestation scheme.
 type Quote struct {
-	IAS *ias.AVRBundle   `json:"ias,omitempty"`
-	PCS *pcs.QuoteBundle `json:"pcs,omitempty"`
+	IAS *ias.AVRBundle   `json:"ias,omitempty" yaml:"ias,omitempty"`
+	PCS *pcs.QuoteBundle `json:"pcs,omitempty" yaml:"pcs,omitempty"`
 }
 
 // Verify verifies the SGX remote attestation quote.
@@ -61,6 +61,6 @@ func (q *Quote) Verify(policy *Policy, ts time.Time) (*sgx.VerifiedQuote, error)
 
 // Policy is the quote validity policy.
 type Policy struct {
-	IAS *ias.QuotePolicy `json:"ias,omitempty"`
-	PCS *pcs.QuotePolicy `json:"pcs,omitempty"`
+	IAS *ias.QuotePolicy `json:"ias,omitempty" yaml:"ias,omitempty"`
+	PCS *pcs.QuotePolicy `json:"pcs,omitempty" yaml:"pcs,omitempty"`
 }
diff --git a/go/common/sgx/quote/quote_test.go b/go/common/sgx/quote/quote_test.go
@@ -0,0 +1,33 @@
+package quote
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	"gopkg.in/yaml.v3"
+)
+
+func TestSerializationYAML(t *testing.T) {
+	require := require.New(t)
+
+	const testCase1 = `
+pcs:
+    disabled: false
+    tcb_validity_period: 30
+    min_tcb_evaluation_data_number: 17
+    fmspc_blacklist:
+        - "000000000000"
+        - "00606A000000"
+`
+	var dec Policy
+	err := yaml.Unmarshal([]byte(testCase1), &dec)
+	require.NoError(err, "yaml.Unmarshal")
+	require.NotNil(dec.PCS)
+	require.Nil(dec.IAS)
+	require.EqualValues(false, dec.PCS.Disabled)
+	require.EqualValues(30, dec.PCS.TCBValidityPeriod)
+	require.EqualValues(17, dec.PCS.MinTCBEvaluationDataNumber)
+	require.Len(dec.PCS.FMSPCBlacklist, 2)
+	require.EqualValues("000000000000", dec.PCS.FMSPCBlacklist[0])
+	require.EqualValues("00606A000000", dec.PCS.FMSPCBlacklist[1])
+}