search

CCC-Attestation / interoperable-ra-tls

Design documents and interoperability tests for Interoperable RA-TLS projects
Apache License 2.0
10 stars 3 forks source link

Clarify the format of `<VERSION-as-integer>` in SGX / TDX Endorsement Data Format #3

Closed imlk0 closed 1 year ago

imlk0 commented 1 year ago

https://github.com/CCC-Attestation/interoperable-ra-tls/blob/a2c2323377007aa27b5ceb453a741a860e0245a0/docs/Interoperable%20Attested%20TLS%5CInteroperable-RA-TLS-SGX-TDX-evidence-formats.md?plain=1#L43

In my understanding, the array in Endorsement Data Format and its mapping to fields in sgx_ql_qve_collateral_t are as follows:

CBOR array ->
   [
     0: CBOR uint (<VERSION-as-integer> -- equals to collateral.version),
     1: CBOR bstr (<TCB_INFO> -- equals to collateral.tcb_info)
     2: CBOR bstr (<TCB_ISSUER_CHAIN> -- equals to collateral.tcb_info_issuer_chain)
     3: CBOR bstr (<CRL_PCK_CERT> -- equals to collateral.pck_crl)
     4: CBOR bstr (<CRL_PCK_PROC_CA> -- equals to collateral.root_ca_crl)
     5: CBOR bstr (<CRL_ISSUER_CHAIN_PCK_CERT> -- equals to collateral.pck_crl_issuer_chain)
     6: CBOR bstr (<QE_ID_INFO> -- equals to collateral.qe_identity)
     7: CBOR bstr (<QE_ID_ISSUER_CHAIN> -- equals to collateral.qe_identity_issuer_chain)
     8: CBOR bstr (<CREATION_DATETIME>, opt -- the time when collateral is generated)
   ]

Is there any mistake here?

In addition, since collateral.version is uint32_t, I suggest clearly defining <VERSION-as-integer> as a CBOR 32 bit width unsigned integer.

shnwc commented 1 year ago

Let's make the first entry an unsigned integer, as CBOR does not have a specific 32-bit uint type. Commit 5bc013a contains the edit for this change.