blueprint-tee 0.2.0-alpha.3

First-class TEE (Trusted Execution Environment) support for the Blueprint SDK
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106

//! AWS Nitro Enclave attestation verifier.
//!
//! Currently validates Nitro attestation structurally:
//! - PCR0 measurement comparison (enclave image hash)
//! - Enclave debug mode detection
//!
//! **Limitation:** COSE signature verification and certificate chain validation
//! against the AWS Nitro root CA are not yet implemented. These require
//! provider-specific dependencies (`aws-nitro-enclaves-cose`) that will be
//! added in a future release. Until then, the evidence blob should be
//! verified externally or via the on-chain attestation hash.

use crate::attestation::report::AttestationReport;
use crate::attestation::verifier::{AttestationVerifier, VerifiedAttestation};
use crate::config::TeeProvider;
use crate::errors::TeeError;

/// Verifier for AWS Nitro Enclave attestation documents.
pub struct NitroVerifier {
    /// Expected PCR0 measurement (enclave image hash), if enforced.
    pub expected_pcr0: Option<String>,
    /// Whether to allow debug-mode enclaves.
    pub allow_debug: bool,
}

impl NitroVerifier {
    /// Create a new Nitro verifier.
    pub fn new() -> Self {
        Self {
            expected_pcr0: None,
            allow_debug: false,
        }
    }

    /// Set the expected PCR0 measurement.
    pub fn with_expected_pcr0(mut self, pcr0: impl Into<String>) -> Self {
        self.expected_pcr0 = Some(pcr0.into());
        self
    }

    /// Allow debug-mode enclaves (not recommended for production).
    pub fn allow_debug(mut self, allow: bool) -> Self {
        self.allow_debug = allow;
        self
    }
}

impl Default for NitroVerifier {
    fn default() -> Self {
        Self::new()
    }
}

impl AttestationVerifier for NitroVerifier {
    /// Verify an AWS Nitro attestation report.
    ///
    /// # Security Warning
    ///
    /// This verifier performs structural validation only (provider match, PCR0,
    /// debug mode). It does **not** verify COSE signatures or the AWS Nitro root
    /// CA certificate chain. Full cryptographic verification requires the
    /// `aws-nitro-enclaves-cose` crate.
    fn verify(&self, report: &AttestationReport) -> Result<VerifiedAttestation, TeeError> {
        if report.provider != TeeProvider::AwsNitro {
            return Err(TeeError::AttestationVerification(format!(
                "expected AWS Nitro provider, got {}",
                report.provider
            )));
        }

        if report.claims.debug_mode && !self.allow_debug {
            return Err(TeeError::AttestationVerification(
                "debug mode enclaves are not permitted".to_string(),
            ));
        }

        if let Some(expected) = &self.expected_pcr0 {
            if report.measurement.digest != *expected {
                return Err(TeeError::MeasurementMismatch {
                    expected: expected.clone(),
                    actual: report.measurement.digest.clone(),
                });
            }
        }

        // NOTE: This verifier performs structural checks (provider, PCR0, debug mode)
        // but does not yet validate COSE signatures or the certificate chain against
        // the AWS Nitro root CA. Full cryptographic verification requires the
        // `aws-nitro-enclaves-cose` crate and will be added when provider-specific
        // dependencies are integrated. Until then, the evidence blob should be
        // verified externally (e.g., by the on-chain contract's attestation hash).

        tracing::debug!(
            "structural validation only — cryptographic signature verification requires aws-nitro-enclaves-cose"
        );

        Ok(VerifiedAttestation::new(
            report.clone(),
            TeeProvider::AwsNitro,
        ))
    }

    fn supported_provider(&self) -> TeeProvider {
        TeeProvider::AwsNitro
    }
}