td-shim-AzCVMEmu/tdx-tdcall: support mock quote file

Load a quote from a file and emulate REPORT and QUOTE using the data
from the file.
Check in a v4 quote binary as example
Update AzCVMEmu scripts to use this feature

Signed-off-by: Haitao Huang <[email protected]>

Author: haitaohuang

config/AzCVMEmu/az_migtd_quote.blob

@@ -13,7 +13,6 @@ use az_tdx_vtpm::tdx;
 #[cfg(not(feature = "test_mock_report"))]
 use az_tdx_vtpm::{hcl, imds, vtpm};
 use log::{debug, info};
-#[cfg(not(feature = "test_mock_report"))]
 use log::error;
 use original_tdx_tdcall::TdCallError;
 
@@ -196,7 +195,12 @@ pub fn get_quote_emulated(td_report_data: &[u8]) -> Result<Vec<u8>, QuoteError>
 /// Create a mock TD report for testing purposes
 #[cfg(any(feature = "test_mock_report", feature = "mock_report_tools"))]
 pub fn create_mock_td_report() -> tdx::TdReport {
-    debug!("Creating mock TD report");
+    // Check if a custom quote file is specified
+    if let Ok(quote_file_path) = std::env::var("MOCK_QUOTE_FILE") {
+        return create_td_report_from_file(quote_file_path);
+    }
+    // No custom quote file - use hardcoded default TD report
+    debug!("Creating mock TD report with hardcoded data");
 
     // Use actual TD report data from logs
     let report_bytes = [
@@ -282,11 +286,247 @@ pub fn create_mock_td_report() -> tdx::TdReport {
     unsafe { core::mem::transmute(td_report) }
 }
 
-/// Create a mock quote for testing purposes
 #[cfg(any(feature = "test_mock_report", feature = "mock_report_tools"))]
-pub fn create_mock_quote(td_report_data: &[u8]) -> Vec<u8> {
-    debug!("Creating mock quote from TD report data (size: {})", td_report_data.len());
+fn create_td_report_from_file(quote_file_path: String) -> tdx::TdReport {
+    // Custom quote file specified - must load and parse it
+    use original_tdx_tdcall::tdreport::{ReportMac, ReportType, TdInfo, TdxReport, TeeTcbInfo};
+
+    debug!("Creating mock TD report from custom quote file: {}", quote_file_path);
+
+    let quote_data = match std::fs::read(&quote_file_path) {
+        Ok(data) => {
+            debug!("Successfully loaded quote file ({} bytes)", data.len());
+            data
+        }
+        Err(e) => {
+            error!("Failed to load quote from {}: {:?}", quote_file_path, e);
+            if let Ok(cwd) = std::env::current_dir() {
+                error!("Current working directory: {:?}", cwd);
+                error!("Hint: Use absolute path or ensure the path is relative to: {:?}", cwd);
+            }
+            panic!("Cannot create mock TD report without valid quote file");
+        }
+    };
+
+    // Parse the quote structure (v4 or v5 format)
+    // Quote v4 layout: header (48 bytes) + sgx_report2_body_t (584 bytes) + signature_data_len (4 bytes) + signature_data
+    // Quote v5 layout: header (48 bytes) + type (2 bytes) + size (4 bytes) + body (variable) + signature_data_len (4 bytes) + signature_data
+    const QUOTE_HEADER_SIZE: usize = 48;
+    const QUOTE_V4_BODY_SIZE: usize = 584;  // sgx_report2_body_t size for TDX 1.0
+    const QUOTE_V5_BODY_SIZE_10: usize = 584;  // TD Report 1.0 (type=2)
+    const QUOTE_V5_BODY_SIZE_15: usize = 648;  // TD Report 1.5 (type=3)
+    const MIN_QUOTE_V4_SIZE: usize = QUOTE_HEADER_SIZE + QUOTE_V4_BODY_SIZE + 4;
+    const MIN_QUOTE_V5_SIZE: usize = QUOTE_HEADER_SIZE + 2 + 4 + QUOTE_V5_BODY_SIZE_10 + 4;
+
+    if quote_data.len() < QUOTE_HEADER_SIZE + 2 {
+        error!("Quote file too small: {} bytes (expected at least {})", quote_data.len(), QUOTE_HEADER_SIZE + 2);
+        panic!("Invalid quote file: too small");
+    }
+
+    // Parse quote header (48 bytes)
+    let header_version = u16::from_le_bytes([quote_data[0], quote_data[1]]);
+    let tee_type = u32::from_le_bytes([quote_data[4], quote_data[5], quote_data[6], quote_data[7]]);
+
+    debug!("Quote header - version: {}, tee_type: 0x{:02x}", header_version, tee_type);
 
+    // Determine quote version and parse accordingly
+    let (body_offset, body_size) = if header_version == 4 {
+        // Quote v4: body starts immediately after header
+        if quote_data.len() < MIN_QUOTE_V4_SIZE {
+            error!("Quote v4 file too small: {} bytes (expected at least {})", quote_data.len(), MIN_QUOTE_V4_SIZE);
+            panic!("Invalid quote v4 file: too small");
+        }
+        debug!("Parsing Quote v4 format");
+        (QUOTE_HEADER_SIZE, QUOTE_V4_BODY_SIZE)
+    } else if header_version == 5 {
+        // Quote v5: has type and size fields after header
+        if quote_data.len() < MIN_QUOTE_V5_SIZE {
+            error!("Quote v5 file too small: {} bytes (expected at least {})", quote_data.len(), MIN_QUOTE_V5_SIZE);
+            panic!("Invalid quote v5 file: too small");
+        }
+
+        let body_type = u16::from_le_bytes([quote_data[48], quote_data[49]]);
+        let body_size = u32::from_le_bytes([quote_data[50], quote_data[51], quote_data[52], quote_data[53]]) as usize;
+
+        debug!("Parsing Quote v5 format - body_type: {}, body_size: {}", body_type, body_size);
+
+        // Body type 2 = TD Report 1.0 (584 bytes), type 3 = TD Report 1.5 (648 bytes)
+        let expected_size = match body_type {
+            2 => QUOTE_V5_BODY_SIZE_10,
+            3 => QUOTE_V5_BODY_SIZE_15,
+            _ => {
+                error!("Unsupported Quote v5 body type: {}", body_type);
+                panic!("Unsupported Quote v5 body type");
+            }
+        };
+
+        if body_size != expected_size {
+            error!("Quote v5 body size mismatch: {} (expected {})", body_size, expected_size);
+            panic!("Invalid Quote v5 body size");
+        }
+
+        (QUOTE_HEADER_SIZE + 6, body_size)
+    } else {
+        error!("Unsupported quote version: {}", header_version);
+        panic!("Unsupported quote version");
+    };
+
+    // Quote body structure (sgx_report2_body_t from Intel DCAP):
+    // Offset 0:   tee_tcb_svn       [16 bytes]
+    // Offset 16:  mr_seam           [48 bytes]
+    // Offset 64:  mrsigner_seam     [48 bytes]
+    // Offset 112: seam_attributes   [8 bytes]
+    // Offset 120: td_attributes     [8 bytes]
+    // Offset 128: xfam              [8 bytes]
+    // Offset 136: mr_td             [48 bytes]
+    // Offset 184: mr_config_id      [48 bytes]
+    // Offset 232: mr_owner          [48 bytes]
+    // Offset 280: mr_owner_config   [48 bytes]
+    // Offset 328: rt_mr[4]          [192 bytes = 4 x 48]
+    // Offset 520: report_data       [64 bytes]
+    // [v5 only] Offset 584: tee_tcb_svn2  [16 bytes] (for TD preserving)
+    // [v5 only] Offset 600: mr_servicetd  [48 bytes] (service TD hash)
+    // Total v4/v5.0: 584 bytes, v5.5: 648 bytes
+
+    #[repr(C, packed)]
+    struct SgxReport2Body {
+        tee_tcb_svn: [u8; 16],
+        mr_seam: [u8; 48],
+        mrsigner_seam: [u8; 48],
+        seam_attributes: [u8; 8],
+        td_attributes: [u8; 8],
+        xfam: [u8; 8],
+        mr_td: [u8; 48],
+        mr_config_id: [u8; 48],
+        mr_owner: [u8; 48],
+        mr_owner_config: [u8; 48],
+        rt_mr: [[u8; 48]; 4],
+        report_data: [u8; 64],
+    }
+
+    #[repr(C, packed)]
+    struct SgxReport2BodyV15 {
+        tee_tcb_svn: [u8; 16],
+        mr_seam: [u8; 48],
+        mrsigner_seam: [u8; 48],
+        seam_attributes: [u8; 8],
+        td_attributes: [u8; 8],
+        xfam: [u8; 8],
+        mr_td: [u8; 48],
+        mr_config_id: [u8; 48],
+        mr_owner: [u8; 48],
+        mr_owner_config: [u8; 48],
+        rt_mr: [[u8; 48]; 4],
+        report_data: [u8; 64],
+        tee_tcb_svn2: [u8; 16],
+        mr_servicetd: [u8; 48],
+    }
+
+    // Get report body from quote
+    let (report_body, servtd_hash) = if body_size == QUOTE_V5_BODY_SIZE_15 {
+        // v5 with TD Report 1.5 (648 bytes) - includes mr_servicetd
+        let report_v15 = unsafe {
+            &*(quote_data[body_offset..body_offset + body_size].as_ptr() as *const SgxReport2BodyV15)
+        };
+        debug!("Successfully parsed TD quote v5.5 body (648 bytes) from file");
+
+        // Extract the base report body fields
+        let base_body = SgxReport2Body {
+            tee_tcb_svn: report_v15.tee_tcb_svn,
+            mr_seam: report_v15.mr_seam,
+            mrsigner_seam: report_v15.mrsigner_seam,
+            seam_attributes: report_v15.seam_attributes,
+            td_attributes: report_v15.td_attributes,
+            xfam: report_v15.xfam,
+            mr_td: report_v15.mr_td,
+            mr_config_id: report_v15.mr_config_id,
+            mr_owner: report_v15.mr_owner,
+            mr_owner_config: report_v15.mr_owner_config,
+            rt_mr: report_v15.rt_mr,
+            report_data: report_v15.report_data,
+        };
+        (base_body, report_v15.mr_servicetd)
+    } else {
+        // v4 or v5 with TD Report 1.0 (584 bytes)
+        let report = unsafe {
+            &*(quote_data[body_offset..body_offset + body_size].as_ptr() as *const SgxReport2Body)
+        };
+        debug!("Successfully parsed TD quote v{} body (584 bytes) from file", header_version);
+
+        // Copy the struct to move it out of the unsafe block
+        let base_body = SgxReport2Body {
+            tee_tcb_svn: report.tee_tcb_svn,
+            mr_seam: report.mr_seam,
+            mrsigner_seam: report.mrsigner_seam,
+            seam_attributes: report.seam_attributes,
+            td_attributes: report.td_attributes,
+            xfam: report.xfam,
+            mr_td: report.mr_td,
+            mr_config_id: report.mr_config_id,
+            mr_owner: report.mr_owner,
+            mr_owner_config: report.mr_owner_config,
+            rt_mr: report.rt_mr,
+            report_data: report.report_data,
+        };
+        (base_body, [0u8; 48]) // SERVTD_HASH always zero for MigTD
+    };
+
+    // Create TD report with values from parsed quote body
+    let td_report = TdxReport {
+        report_mac: ReportMac {
+            report_type: ReportType {
+                r#type: tee_type as u8,
+                subtype: 0x00,
+                version: header_version as u8,
+                reserved: 0x00,
+            },
+            reserved0: [0u8; 12],
+            cpu_svn: report_body.tee_tcb_svn,
+            tee_tcb_info_hash: [0x42; 48], // Mock hash (not in quote)
+            tee_info_hash: [0x43; 48],     // Mock hash (not in quote)
+            report_data: report_body.report_data,
+            reserved1: [0u8; 32],
+            mac: [0xBB; 32], // Mock MAC, not used for policy tests
+        },
+        tee_tcb_info: TeeTcbInfo {
+            valid: [0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00],
+            tee_tcb_svn: report_body.tee_tcb_svn,
+            mrseam: report_body.mr_seam,
+            mrsigner_seam: report_body.mrsigner_seam,
+            attributes: report_body.seam_attributes,
+            reserved: [0u8; 111],
+        },
+        reserved: [0u8; 17],
+        td_info: TdInfo {
+            attributes: report_body.td_attributes,
+            xfam: report_body.xfam,
+            mrtd: report_body.mr_td,
+            mrconfig_id: report_body.mr_config_id,
+            mrowner: report_body.mr_owner,
+            mrownerconfig: report_body.mr_owner_config,
+            rtmr0: report_body.rt_mr[0],
+            rtmr1: report_body.rt_mr[1],
+            rtmr2: report_body.rt_mr[2],
+            rtmr3: report_body.rt_mr[3],
+            servtd_hash: servtd_hash,
+            reserved: [0u8; 64],
+        },
+    };
+
+    debug!("Mock TD report created successfully from quote file");
+
+    // Convert to az-tdx-vtpm TdReport for compatibility
+    unsafe { core::mem::transmute(td_report) }
+}
+
+#[cfg(any(feature = "test_mock_report", feature = "mock_report_tools"))]
+pub fn create_mock_quote(_td_report_data: &[u8]) -> Vec<u8> {
+    // Check if a custom quote file is specified
+    if let Ok(quote_file_path) = std::env::var("MOCK_QUOTE_FILE") {
+        return create_td_quote_from_file(quote_file_path);
+    }
+    // No custom quote file - use hardcoded default quote
+    debug!("Creating mock TD quote with hardcoded data");
     // Using actual quote data captured from Azure CVM environment
     let quote = [
      0x04, 0x00, 0x02, 0x00, 0x81, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x93, 0x9a, 0x72, 0x33, 0xf7, 0x9c, 0x4c, 0xa9, 0x94, 0x0a, 0x0d, 0xb3, 0x95, 0x7f, 0x06, 0x07, 0xe3, 0xe9, 0x78, 0xc1, 0x07, 0x97, 0xc3, 0x24, 0xb3, 0xea, 0xac, 0x4a, 0xd8, 0xa6, 0xdd, 0x8e, 0x00, 0x00, 0x00, 0x00, 0x07, 0x01, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -372,3 +612,23 @@ pub fn create_mock_quote(td_report_data: &[u8]) -> Vec<u8> {
     debug!("Mock quote created with size: {}", quote.len());
     quote.to_vec()
 }
+
+#[cfg(any(feature = "test_mock_report", feature = "mock_report_tools"))]
+fn create_td_quote_from_file(quote_file_path: String) -> Vec<u8> {
+    debug!("Creating TD quote from file: {}", quote_file_path);
+
+    match std::fs::read(&quote_file_path) {
+        Ok(quote) => {
+            debug!("Successfully loaded mock quote from {} ({} bytes)", quote_file_path, quote.len());
+            quote
+        }
+        Err(e) => {
+            error!("Failed to load mock quote from {}: {:?}", quote_file_path, e);
+            if let Ok(cwd) = std::env::current_dir() {
+                error!("Current working directory: {:?}", cwd);
+                error!("Hint: Use absolute path or ensure the path is relative to: {:?}", cwd);
+            }
+            Vec::new()
+        }
+    }
+}