pub fn verify_report(
report: &AttestationReport,
userdata: &[u8; 64],
cert_data: &[u8],
) -> Result<(), Error>Expand description
Performs complete verification of a single attestation report.
§Verification Pipeline
- Nonce Verification:
- Compares provided mnonce with report’s embedded nonce
- Certificate Chain Decoding:
- HRK (Hygon Root Key) ← Predefined
- HSK (Hygon Signing Key) ← From cert_data
- CEK (Chip Endorsement Key) ← From cert_data
- Certificate Chain Validation:
- HRK → HSK → CEK → Report signature
§Arguments
report- Individual attestation report to verifymnonce- Expected 16-byte nonce valuecert_data- DER-encoded certificate chain (HSK + CEK)
§Errors
Returns specific validation errors for:
- Certificate decoding failures
- Chain validation failures
- Nonce mismatches