Extract identity from ReportBody, not Report

This updates ParseSgxIdentityFromHardwareReport to accept a ReportBody
parameter, as the identity is extracted from the ReportBody. None of the
other fields in Report are used by this function.

PiperOrigin-RevId: 302560636
Change-Id: I30ed1e7540f75bf479ddfc1c3aca47d00e18d786

Author: annasapek

asylo/identity/attestation/sgx/internal/attestation_key_certificate_impl.cc

@@ -205,7 +205,7 @@ AttestationKeyCertificateImpl::Create(const Certificate &certificate) {
 }
 
 SgxIdentity AttestationKeyCertificateImpl::GetAssertedSgxIdentity() const {
-  return ParseSgxIdentityFromHardwareReport(report_);
+  return ParseSgxIdentityFromHardwareReport(report_.body);
 }
 
 bool AttestationKeyCertificateImpl::operator==(

asylo/identity/sgx/self_identity_internal.h

@@ -53,7 +53,7 @@ SelfIdentity::SelfIdentity() {
   isvprodid = report.body.isvprodid;
   isvsvn = report.body.isvsvn;
 
-  sgx_identity = ParseSgxIdentityFromHardwareReport(report);
+  sgx_identity = ParseSgxIdentityFromHardwareReport(report.body);
 }
 
 }  // namespace sgx

asylo/identity/sgx/sgx_identity_util_internal.cc

@@ -184,17 +184,16 @@ bool IsValidMatchSpec(const CodeIdentityMatchSpec &match_spec) {
          match_spec.has_attributes_match_mask();
 }
 
-CodeIdentity ParseCodeIdentityFromHardwareReport(const Report &report) {
+CodeIdentity ParseCodeIdentityFromHardwareReport(const ReportBody &report) {
   CodeIdentity identity;
-  identity.mutable_mrenclave()->set_hash(report.body.mrenclave.data(),
-                                          report.body.mrenclave.size());
+  identity.mutable_mrenclave()->set_hash(report.mrenclave.data(),
+                                         report.mrenclave.size());
   identity.mutable_signer_assigned_identity()->mutable_mrsigner()->set_hash(
-      report.body.mrsigner.data(), report.body.mrsigner.size());
-  identity.mutable_signer_assigned_identity()->set_isvprodid(
-      report.body.isvprodid);
-  identity.mutable_signer_assigned_identity()->set_isvsvn(report.body.isvsvn);
-  *identity.mutable_attributes() = report.body.attributes.ToProtoAttributes();
-  identity.set_miscselect(report.body.miscselect);
+      report.mrsigner.data(), report.mrsigner.size());
+  identity.mutable_signer_assigned_identity()->set_isvprodid(report.isvprodid);
+  identity.mutable_signer_assigned_identity()->set_isvsvn(report.isvsvn);
+  *identity.mutable_attributes() = report.attributes.ToProtoAttributes();
+  identity.set_miscselect(report.miscselect);
   return identity;
 }
 
@@ -442,10 +441,10 @@ bool IsValidExpectation(const SgxIdentityExpectation &expectation,
   return IsIdentityCompatibleWithMatchSpec(identity, spec, is_legacy);
 }
 
-SgxIdentity ParseSgxIdentityFromHardwareReport(const Report &report) {
+SgxIdentity ParseSgxIdentityFromHardwareReport(const ReportBody &report) {
   SgxIdentity identity;
   identity.mutable_machine_configuration()->mutable_cpu_svn()->set_value(
-      report.body.cpusvn.data(), report.body.cpusvn.size());
+      report.cpusvn.data(), report.cpusvn.size());
   *identity.mutable_code_identity() =
       ParseCodeIdentityFromHardwareReport(report);
   return identity;

asylo/identity/sgx/sgx_identity_util_internal.h

@@ -70,8 +70,7 @@ bool IsValidExpectation(const SgxIdentityExpectation &expectation,
                         bool is_legacy = false);
 
 // Parses SgxIdentity from |report| and places the result in |identity|.
-// Does not verify |report|.
-SgxIdentity ParseSgxIdentityFromHardwareReport(const Report &report);
+SgxIdentity ParseSgxIdentityFromHardwareReport(const ReportBody &report);
 
 // Sets |spec| to the default local SGX match spec, which requires a match on
 // MRSIGNER, all MISCSELECT bits, and all ATTRIBUTES bits that do not fall into

asylo/identity/sgx/sgx_identity_util_internal_test.cc

@@ -911,7 +911,7 @@ TEST_F(SgxIdentityUtilInternalTest, ParseSgxIdentityFromHardwareReport) {
 
   Report report;
   ASYLO_ASSERT_OK_AND_ASSIGN(report, hardware_->GetReport(*tinfo, *reportdata));
-  SgxIdentity identity = ParseSgxIdentityFromHardwareReport(report);
+  SgxIdentity identity = ParseSgxIdentityFromHardwareReport(report.body);
   CodeIdentity code_identity = identity.code_identity();
   EXPECT_TRUE(std::equal(
       report.body.mrenclave.cbegin(), report.body.mrenclave.cend(),

asylo/identity/sgx/sgx_local_assertion_generator_test.cc

@@ -408,7 +408,7 @@ TEST_F(SgxLocalAssertionGeneratorTest, GenerateSuccess) {
   EXPECT_EQ(report->body.reportdata.data, expected_reportdata);
 
   // Verify that the asserted identity is the self identity.
-  SgxIdentity sgx_identity = ParseSgxIdentityFromHardwareReport(*report);
+  SgxIdentity sgx_identity = ParseSgxIdentityFromHardwareReport(report->body);
 
   SgxIdentity expected_identity = sgx::GetSelfIdentity()->sgx_identity;
   EXPECT_THAT(sgx_identity, EqualsProto(expected_identity))

asylo/identity/sgx/sgx_local_assertion_verifier.cc

@@ -183,7 +183,8 @@ Status SgxLocalAssertionVerifier::Verify(const std::string &user_data,
 
   // Serialize the protobuf representation of the peer's SGX identity and save
   // it in |peer_identity|.
-  SgxIdentity sgx_identity = sgx::ParseSgxIdentityFromHardwareReport(report);
+  SgxIdentity sgx_identity =
+      sgx::ParseSgxIdentityFromHardwareReport(report.body);
   ASYLO_RETURN_IF_ERROR(sgx::SerializeSgxIdentity(sgx_identity, peer_identity));
 
   return Status::OkStatus();