Implement PCS fetch function and bump dcap-qvl to 0.4#32
Implement PCS fetch function and bump dcap-qvl to 0.4#32
Conversation
|
|
||
| /// Fetches a PCK certificate chain from PCCS/PCS using encrypted PPID | ||
| /// parameters | ||
| pub(super) async fn fetch_pck_certificate( |
There was a problem hiding this comment.
This is only to handle quotes without an embedded PCK certificate chain - meaning certification data type 2 or 3.
I have never come across one of these, and dcap-qvl also does not have one in their test fixtures. So we can't actually test this code against a real quote.
There was a problem hiding this comment.
I'd suggest to put this as a comment into the code
| #[derive(Debug, serde::Deserialize)] | ||
| struct TcbInfoResponse { | ||
| #[serde(rename = "tcbInfo")] | ||
| tcb_info: serde_json::Value, |
There was a problem hiding this comment.
if serde_json::Value alphabetizes keys on re-serialization, would that cause a fail signature on real intel collateral? Take a look at verify_tcb_info_signature which does collateral.tcb_info.as_bytes()
For example:
INPUT : {"id":"TDX","version":3,"issueDate":"2026-04-23T09:13:04Z","fmspc":"90C06F000000"}
OUTPUT: {"fmspc":"90C06F000000","id":"TDX","issueDate":"2026-04-23T09:13:04Z","version":3}
If you verify it, then you could consider serde_json::value::RawValue to preserve the exact bytes Intel signed
There was a problem hiding this comment.
Very good catch. Yes i think you are right.
If this is the case, its an issue for dcap-qvl too because this was lifted from there. and also applies to QeIndentityResponse (below).
We can fix this here but probably should make an issue for dcap-qvl.
There was a problem hiding this comment.
ah, I think I oversaw something there. They do have this feature "preserve_order" enabled for serde_json in Cargo.toml. See here
This probably avoids such issue without dealing with rawbytes
There was a problem hiding this comment.
hmm yeah that would help a lot. but it still feels a bit brittle - there are other reasons why it might not serialize back to the exact same bytes. using RawValue feels a lot safer.
There was a problem hiding this comment.
indeed, it would be a safer approach to go with raw bytes but it would add code complexity to maintain. Also, if at some point the feature graph shifts in the future, it would potentially break.
However, since this repo is mainly relying on dcap-qvl dependency, it is not a big problem since the feature preserve_order would be pulled transitively for the whole repo.
cargo tree -p pccs -e features --prefix depth | grep serde_json
…gnature checks are not effected by serialization
3 participants
dcap-qvl 0.4.0 has some breaking changes meaning we can no longer fetch collateral for a specific fmspc.
The related issue #31 proposes several options for resolving this, one of which is to implement the collateral fetch function ourselves. This PR does that.
I'm not sure this is the best path forwards but i wanted to show that its not so much code and has some big advantages of things we could do as follow-ups:
ureqfor http, so that collateral can be fetched at the point of attestation verification during TLS handsahke Calling async verify function from synchronousverify_server_certfunction #2