fix: harden attestation V1 wire format and verification

kvinwang · kvinwang · commit 98f03f890a03 · 2026-04-07T00:59:20.000-07:00
- Fix is_cbor_map_prefix to cover full CBOR map range (0xa0..=0xbf)
- Remove SCALE Encode/Decode impls for VersionedAttestation to avoid
  consuming all remaining input on decode
- Remove ambiguous 0x01 prefix fallback in from_bytes
- Change to_bytes to return Result instead of panicking via or_panic
- Add report_data_payload binding validation in verify_with_time
diff --git a/dstack-attest/src/attestation.rs b/dstack-attest/src/attestation.rs
@@ -22,7 +22,7 @@ use dstack_types::SysConfig;
 use dstack_types::{Platform, VmConfig};
 use ez_hash::{sha256, Hasher, Sha384};
 use or_panic::ResultOrPanic;
-use scale::{Decode, Encode, Error as ScaleError, Input, Output};
+use scale::{Decode, Encode};
 use serde::{Deserialize, Serialize};
 use serde_human_bytes as hex_bytes;
 use sha2::Digest as _;
@@ -53,7 +53,7 @@ fn read_vm_config() -> Result<String> {
 }
 
 fn is_cbor_map_prefix(byte: u8) -> bool {
-    matches!(byte, 0xa0..=0xbb | 0xbf)
+    matches!(byte, 0xa0..=0xbf)
 }
 
 impl From<Attestation> for AttestationV1 {
@@ -344,34 +344,6 @@ pub enum VersionedAttestation {
     },
 }
 
-impl Encode for VersionedAttestation {
-    fn size_hint(&self) -> usize {
-        self.to_bytes().len()
-    }
-
-    fn encode_to<T: Output + ?Sized>(&self, dest: &mut T) {
-        dest.write(&self.to_bytes());
-    }
-}
-
-impl Decode for VersionedAttestation {
-    fn decode<I: Input>(input: &mut I) -> Result<Self, ScaleError> {
-        let Some(remaining_len) = input.remaining_len()? else {
-            return Err(ScaleError::from(
-                "VersionedAttestation requires a bounded input to decode",
-            ));
-        };
-        let mut bytes = vec![0u8; remaining_len];
-        input.read(&mut bytes)?;
-        Self::from_bytes(&bytes).map_err(|err| {
-            ScaleError::from(std::io::Error::new(
-                std::io::ErrorKind::InvalidData,
-                err.to_string(),
-            ))
-        })
-    }
-}
-
 impl VersionedAttestation {
     /// Decode versioned attestation bytes.
     pub fn from_bytes(bytes: &[u8]) -> Result<Self> {
@@ -389,23 +361,17 @@ impl VersionedAttestation {
             let attestation = AttestationV1::from_cbor(bytes)?;
             return Ok(Self::V1 { attestation });
         }
-        if first == 0x01 && bytes.get(1).is_some_and(|byte| is_cbor_map_prefix(*byte)) {
-            let attestation = AttestationV1::from_cbor(&bytes[1..])?;
-            return Ok(Self::V1 { attestation });
-        }
         bail!("Unknown attestation wire format");
     }
 
     /// Encode versioned attestation bytes.
-    pub fn to_bytes(&self) -> Vec<u8> {
+    pub fn to_bytes(&self) -> Result<Vec<u8>> {
         match self {
-            Self::V0 { attestation } => LegacyVersionedAttestation::V0 {
+            Self::V0 { attestation } => Ok(LegacyVersionedAttestation::V0 {
                 attestation: attestation.clone(),
             }
-            .encode(),
-            Self::V1 { attestation } => attestation
-                .to_cbor()
-                .or_panic("attestation schema should encode as CBOR"),
+            .encode()),
+            Self::V1 { attestation } => attestation.to_cbor(),
         }
     }
 
@@ -415,7 +381,7 @@ impl VersionedAttestation {
     }
 
     #[doc(hidden)]
-    pub fn to_scale(&self) -> Vec<u8> {
+    pub fn to_scale(&self) -> Result<Vec<u8>> {
         self.to_bytes()
     }
 
@@ -548,6 +514,15 @@ impl AttestationV1 {
             platform,
             stack,
         } = self;
+        // Verify report_data_payload binding: if present, the report_data must
+        // be derived from the payload via the AppData content type scheme.
+        if let Some(payload) = stack.report_data_payload() {
+            let report_data: [u8; 64] = stack.report_data()?;
+            let expected = QuoteContentType::AppData.to_report_data(payload.as_bytes());
+            if report_data != expected {
+                bail!("report_data does not match report_data_payload");
+            }
+        }
         let (report_data, runtime_events, config) = match stack {
             StackEvidence::Dstack {
                 report_data,
@@ -1308,7 +1283,7 @@ mod tests {
         let attestation = dummy_tdx_attestation(report_data)
             .into_v1()
             .into_dstack_pod(payload.clone());
-        let encoded = VersionedAttestation::V1 { attestation }.to_bytes();
+        let encoded = VersionedAttestation::V1 { attestation }.to_bytes().unwrap();
         assert!(matches!(encoded.first(), Some(0xa0..=0xbf)));
         let decoded = VersionedAttestation::from_bytes(&encoded)
             .expect("decode attestation")
diff --git a/guest-agent-simulator/src/main.rs b/guest-agent-simulator/src/main.rs
@@ -70,11 +70,11 @@ impl PlatformBackend for SimulatorPlatform {
     }
 
     fn certificate_attestation(&self, pubkey: &[u8]) -> Result<VersionedAttestation> {
-        Ok(simulator::simulated_certificate_attestation(
+        simulator::simulated_certificate_attestation(
             &self.attestation,
             pubkey,
             self.patch_report_data,
-        ))
+        )
     }
 
     fn quote_response(&self, report_data: [u8; 64], vm_config: &str) -> Result<GetQuoteResponse> {
@@ -87,11 +87,11 @@ impl PlatformBackend for SimulatorPlatform {
     }
 
     fn attest_response(&self, report_data: [u8; 64]) -> Result<AttestResponse> {
-        Ok(simulator::simulated_attest_response(
+        simulator::simulated_attest_response(
             &self.attestation,
             report_data,
             self.patch_report_data,
-        ))
+        )
     }
 
     fn emit_event(&self, event: &str, _payload: &[u8]) -> Result<()> {
diff --git a/guest-agent-simulator/src/simulator.rs b/guest-agent-simulator/src/simulator.rs
@@ -48,12 +48,12 @@ pub fn simulated_attest_response(
     attestation: &VersionedAttestation,
     report_data: [u8; 64],
     patch_report_data: bool,
-) -> AttestResponse {
+) -> Result<AttestResponse> {
     let attestation =
         maybe_patch_report_data(attestation, report_data, patch_report_data, "attest");
-    AttestResponse {
-        attestation: VersionedAttestation::V1 { attestation }.to_bytes(),
-    }
+    Ok(AttestResponse {
+        attestation: VersionedAttestation::V1 { attestation }.to_bytes()?,
+    })
 }
 
 pub fn simulated_info_attestation(attestation: &VersionedAttestation) -> VersionedAttestation {
@@ -64,15 +64,15 @@ pub fn simulated_certificate_attestation(
     attestation: &VersionedAttestation,
     pubkey: &[u8],
     patch_report_data: bool,
-) -> VersionedAttestation {
+) -> Result<VersionedAttestation> {
     let report_data = QuoteContentType::RaTlsCert.to_report_data(pubkey);
     let attestation = maybe_patch_report_data(
         attestation,
         report_data,
         patch_report_data,
         "certificate_attestation",
     );
-    VersionedAttestation::V1 { attestation }
+    Ok(VersionedAttestation::V1 { attestation })
 }
 
 fn maybe_patch_report_data(
diff --git a/guest-agent/src/backend.rs b/guest-agent/src/backend.rs
@@ -48,7 +48,7 @@ impl PlatformBackend for RealPlatform {
     fn attest_response(&self, report_data: [u8; 64]) -> Result<AttestResponse> {
         let attestation = Attestation::quote(&report_data).context("Failed to get attestation")?;
         Ok(AttestResponse {
-            attestation: attestation.into_versioned().to_bytes(),
+            attestation: attestation.into_versioned().to_bytes()?,
         })
     }
 
diff --git a/guest-agent/src/rpc_service.rs b/guest-agent/src/rpc_service.rs
@@ -899,7 +899,7 @@ pNs85uhOZE8z2jr8Pg==
             fn attest_response(&self, report_data: [u8; 64]) -> Result<AttestResponse> {
                 let attestation = patch_report_data(&self.attestation, report_data);
                 Ok(AttestResponse {
-                    attestation: VersionedAttestation::V1 { attestation }.to_bytes(),
+                    attestation: VersionedAttestation::V1 { attestation }.to_bytes()?,
                 })
             }
 
diff --git a/ra-tls/src/cert.rs b/ra-tls/src/cert.rs
@@ -388,7 +388,7 @@ impl<Key> CertRequest<'_, Key> {
             add_ext(&mut params, PHALA_RATLS_CERT_USAGE, usage);
         }
         if let Some(ver_att) = self.attestation {
-            let attestation_bytes = ver_att.clone().into_stripped().to_bytes();
+            let attestation_bytes = ver_att.clone().into_stripped().to_bytes()?;
             add_ext(&mut params, PHALA_RATLS_ATTESTATION, &attestation_bytes);
         }
         if let Some(ca_level) = self.ca_level {

Original file line number	Diff line number	Diff line change
`@@ -70,11 +70,11 @@ impl PlatformBackend for SimulatorPlatform {`
`70`	`70`	`}`
`71`	`71`
`72`	`72`	`fn certificate_attestation(&self, pubkey: &[u8]) -> Result<VersionedAttestation> {`
`73`		`- Ok(simulator::simulated_certificate_attestation(`
	`73`	`+ simulator::simulated_certificate_attestation(`
`74`	`74`	`&self.attestation,`
`75`	`75`	`pubkey,`
`76`	`76`	`self.patch_report_data,`
`77`		`- ))`
	`77`	`+ )`
`78`	`78`	`}`
`79`	`79`
`80`	`80`	`fn quote_response(&self, report_data: [u8; 64], vm_config: &str) -> Result<GetQuoteResponse> {`
`@@ -87,11 +87,11 @@ impl PlatformBackend for SimulatorPlatform {`
`87`	`87`	`}`
`88`	`88`
`89`	`89`	`fn attest_response(&self, report_data: [u8; 64]) -> Result<AttestResponse> {`
`90`		`- Ok(simulator::simulated_attest_response(`
	`90`	`+ simulator::simulated_attest_response(`
`91`	`91`	`&self.attestation,`
`92`	`92`	`report_data,`
`93`	`93`	`self.patch_report_data,`
`94`		`- ))`
	`94`	`+ )`
`95`	`95`	`}`
`96`	`96`
`97`	`97`	`fn emit_event(&self, event: &str, _payload: &[u8]) -> Result<()> {`
Original file line number	Diff line number	Diff line change
`@@ -48,7 +48,7 @@ impl PlatformBackend for RealPlatform {`
`48`	`48`	`fn attest_response(&self, report_data: [u8; 64]) -> Result<AttestResponse> {`
`49`	`49`	`let attestation = Attestation::quote(&report_data).context("Failed to get attestation")?;`
`50`	`50`	`Ok(AttestResponse {`
`51`		`- attestation: attestation.into_versioned().to_bytes(),`
	`51`	`+ attestation: attestation.into_versioned().to_bytes()?,`
`52`	`52`	`})`
`53`	`53`	`}`
`54`	`54`
Original file line number	Diff line number	Diff line change
`@@ -899,7 +899,7 @@ pNs85uhOZE8z2jr8Pg==`
`899`	`899`	`fn attest_response(&self, report_data: [u8; 64]) -> Result<AttestResponse> {`
`900`	`900`	`let attestation = patch_report_data(&self.attestation, report_data);`
`901`	`901`	`Ok(AttestResponse {`
`902`		`- attestation: VersionedAttestation::V1 { attestation }.to_bytes(),`
	`902`	`+ attestation: VersionedAttestation::V1 { attestation }.to_bytes()?,`
`903`	`903`	`})`
`904`	`904`	`}`
`905`	`905`
Original file line number	Diff line number	Diff line change
`@@ -388,7 +388,7 @@ impl<Key> CertRequest<'_, Key> {`
`388`	`388`	`add_ext(&mut params, PHALA_RATLS_CERT_USAGE, usage);`
`389`	`389`	`}`
`390`	`390`	`if let Some(ver_att) = self.attestation {`
`391`		`- let attestation_bytes = ver_att.clone().into_stripped().to_bytes();`
	`391`	`+ let attestation_bytes = ver_att.clone().into_stripped().to_bytes()?;`
`392`	`392`	`add_ext(&mut params, PHALA_RATLS_ATTESTATION, &attestation_bytes);`
`393`	`393`	`}`
`394`	`394`	`if let Some(ca_level) = self.ca_level {`