niklas/amduat
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Extend FER/1 receipts and TGK store support

Browse source
This commit is contained in:
Carl Niklas Rydberg 2026-01-17 21:34:24 +01:00
parent 83cbe28ede
commit b506cc6c7c
14 changed files with 3517 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
CMakeLists.txt
View file

@ -139,6 +139,10 @@ set(AMDUAT_TGK_STORE_FS_SRCS
src/adapters/tgk_store_fs/tgk_store_fs.c
)
set(AMDUAT_TGK_STORE_ASL_INDEX_FS_SRCS
src/adapters/tgk_store_asl_index_fs/tgk_store_asl_index_fs.c
)
amduat_add_lib(util SRCS ${AMDUAT_UTIL_SRCS})
amduat_add_lib(asl SRCS ${AMDUAT_ASL_SRCS})
@ -173,6 +177,12 @@ amduat_link(tgk_store_mem amduat_tgk amduat_asl amduat_enc amduat_hash_asl1 amdu
amduat_add_lib(tgk_store_fs SRCS ${AMDUAT_TGK_STORE_FS_SRCS})
amduat_link(tgk_store_fs amduat_tgk_store_mem amduat_tgk amduat_asl_store_fs amduat_asl amduat_enc amduat_hash_asl1 amduat_util)
amduat_add_lib(tgk_store_asl_index_fs SRCS ${AMDUAT_TGK_STORE_ASL_INDEX_FS_SRCS})
target_include_directories(amduat_tgk_store_asl_index_fs_obj
PRIVATE ${AMDUAT_ROOT}/src/adapters/asl_store_index_fs
)
amduat_link(tgk_store_asl_index_fs amduat_tgk amduat_asl_store_index_fs amduat_asl amduat_enc amduat_hash_asl1 amduat_util)
add_executable(amduat_asl_cli src/tools/amduat_asl_cli.c)
target_include_directories(amduat_asl_cli
PRIVATE ${AMDUAT_INTERNAL_DIR}
@ -394,6 +404,9 @@ target_link_libraries(amduat_test_asl_store_index_fs
PRIVATE amduat_asl_store_index_fs amduat_format pthread
)
add_test(NAME asl_store_index_fs COMMAND amduat_test_asl_store_index_fs)
set_tests_properties(asl_store_index_fs PROPERTIES
ENVIRONMENT "AMDUAT_ASL_PERF_COUNT=100;AMDUAT_ASL_STRESS_SECS=20"
)
add_executable(amduat_test_pel_program_dag_exec
tests/pel/test_pel_program_dag_exec.c)

64
docs/spec-clarifications.md
View file

@ -110,3 +110,67 @@ Decision:
References:
- `tier1/asl-tgk-execution-plan-1.md`
- `tier1/enc-asl-tgk-exec-plan-1.md`
## Publish/Unpublish Scope (ASL/LOG + ASL/SYSTEM)
Decision:
- `ARTIFACT_PUBLISH` and `ARTIFACT_UNPUBLISH` are treated as reserved record
types in the core replay path and do not alter ASL index state.
- Publishing is modeled as moving artifacts and index segments between stores,
advancing the destination store's snapshot/log.
Implications:
- Core replay ignores publish/unpublish records.
- Any visibility policy tied to publishing is handled by higher-level tooling
or system-layer orchestration, not ASL/1 core semantics.
References:
- `tier1/asl-log-1.md`
- `tier1/asl-system-1.md`
## Receipt Output Reference Fallback (FER/1 + PEL/1)
Decision:
- When a PEL run produces no output artifacts (e.g. failed execution), the
receipt's `output_ref` falls back to the stored PEL result artifact reference.
Implications:
- Receipts can be emitted for both successful and failed runs using a single
canonical output reference.
- Callers using `amduat_fer1_receipt_from_pel_run` should expect `output_ref`
to match `result_ref` when `output_refs_len == 0`.
References:
- `tier1/enc-fer1-receipt-1.md`
- `tier1/srs.md`
## FER/1 v1.1 Determinism and Validation (FER/1 + SRS)
Decision:
- `run_id` is a deterministic hash over stable inputs only and MUST exclude
timestamps, logs, or mutable metadata.
- Typed logs are optional; if present they MUST be ordered and size-bounded.
- Limits are a single required record when the `limits` TLV is present.
- Executor set verification is strict when a policy-provided set exists.
Concrete rules:
- `run_id = H("AMDUAT:RUN\0" || EncRef(function) || EncRef(input_manifest) ||
EncRef(environment) || EncRef(executor_fingerprint))`, where `EncRef` is
`ENC/ASL1-CORE` canonical bytes and `executor_fingerprint` is the canonical
digest reference. No other fields are included.
- `logs` (if present): order by `(kind, cid)` byte-lexicographically; cap to
64 entries; cap total log payload references to 1 MiB aggregate of capsule
bytes. Reject out-of-order or oversized sets.
- `limits` (if present): exactly one TLV containing all numeric fields
(`cpu_ms`, `wall_ms`, `max_rss_kib`, `io_reads`, `io_writes`) with fixed
units. Reject missing or duplicate fields.
- Executor set validation:
- If an expected executor set is supplied by policy, receipt executor_refs
MUST match it exactly (same members, byte-order, no extras).
- Otherwise, validate strict ordering and uniqueness, and require
`parity_len == executor_refs_len` with aligned ordering and `output_ref`
equality for every parity entry.
References:
- `tier1/srs.md`
- `tier1/enc-fer1-receipt-1.md`

38
include/amduat/enc/fer1_receipt.h
View file

@ -11,6 +11,10 @@ extern "C" {
#endif
enum { FER1_RECEIPT_ENC_V1 = 0x0301u };
enum { FER1_RECEIPT_ENC_V1_1 = 0x0302u };
enum { AMDUAT_FER1_VERSION_1 = 0x0001u };
enum { AMDUAT_FER1_VERSION_1_1 = 0x0101u };
enum { TYPE_TAG_FER1_RECEIPT_1 = 0x00000301u };
enum { AMDUAT_TYPE_TAG_FER1_RECEIPT_1 = TYPE_TAG_FER1_RECEIPT_1 };
@ -23,6 +27,20 @@ typedef struct {
amduat_octets_t parity_digest;
} amduat_fer1_parity_entry_t;
typedef struct {
uint32_t kind;
amduat_reference_t log_ref;
amduat_octets_t sha256;
} amduat_fer1_log_entry_t;
typedef struct {
uint64_t cpu_ms;
uint64_t wall_ms;
uint64_t max_rss_kib;
uint64_t io_reads;
uint64_t io_writes;
} amduat_fer1_limits_t;
typedef struct {
uint16_t fer1_version;
amduat_reference_t function_ref;
@ -36,14 +54,34 @@ typedef struct {
size_t parity_len;
uint64_t started_at;
uint64_t completed_at;
bool has_executor_fingerprint_ref;
amduat_reference_t executor_fingerprint_ref;
bool has_run_id;
amduat_octets_t run_id;
bool has_limits;
amduat_fer1_limits_t limits;
amduat_fer1_log_entry_t *logs;
size_t logs_len;
bool has_determinism;
uint8_t determinism_level;
bool has_rng_seed;
amduat_octets_t rng_seed;
bool has_signature;
amduat_octets_t signature;
} amduat_fer1_receipt_t;
bool amduat_enc_fer1_receipt_encode_v1(
const amduat_fer1_receipt_t *receipt,
amduat_octets_t *out_bytes);
bool amduat_enc_fer1_receipt_encode_v1_1(
const amduat_fer1_receipt_t *receipt,
amduat_octets_t *out_bytes);
bool amduat_enc_fer1_receipt_decode_v1(
amduat_octets_t bytes,
amduat_fer1_receipt_t *out_receipt);
bool amduat_enc_fer1_receipt_decode_v1_1(
amduat_octets_t bytes,
amduat_fer1_receipt_t *out_receipt);
void amduat_enc_fer1_receipt_free(amduat_fer1_receipt_t *receipt);
#ifdef __cplusplus

42
include/amduat/fer/receipt.h
View file

@ -2,6 +2,8 @@
#define AMDUAT_FER_RECEIPT_H
#include "amduat/asl/core.h"
#include "amduat/enc/fer1_receipt.h"
#include "amduat/pel/run.h"
#include "amduat/pel/surf.h"
#include <stdbool.h>
@ -24,6 +26,46 @@ bool amduat_fer1_receipt_from_pel_result(
uint64_t completed_at,
amduat_artifact_t *out_artifact);
bool amduat_fer1_receipt_from_pel_run(
const amduat_pel_run_result_t *pel_run,
amduat_reference_t input_manifest_ref,
amduat_reference_t environment_ref,
amduat_octets_t evaluator_id,
amduat_reference_t executor_ref,
bool has_sbom_ref,
amduat_reference_t sbom_ref,
amduat_octets_t parity_digest,
uint64_t started_at,
uint64_t completed_at,
amduat_artifact_t *out_artifact);
bool amduat_fer1_receipt_from_pel_run_v1_1(
const amduat_pel_run_result_t *pel_run,
amduat_reference_t input_manifest_ref,
amduat_reference_t environment_ref,
amduat_octets_t evaluator_id,
amduat_reference_t executor_ref,
bool has_sbom_ref,
amduat_reference_t sbom_ref,
amduat_octets_t parity_digest,
uint64_t started_at,
uint64_t completed_at,
bool has_executor_fingerprint_ref,
amduat_reference_t executor_fingerprint_ref,
bool has_run_id,
amduat_octets_t run_id,
bool has_limits,
amduat_fer1_limits_t limits,
const amduat_fer1_log_entry_t *logs,
size_t logs_len,
bool has_determinism,
uint8_t determinism_level,
bool has_rng_seed,
amduat_octets_t rng_seed,
bool has_signature,
amduat_octets_t signature,
amduat_artifact_t *out_artifact);
#ifdef __cplusplus
} /* extern "C" */
#endif

38
include/amduat/tgk/tgk_store_asl_index_fs.h Normal file
View file

@ -0,0 +1,38 @@
#ifndef AMDUAT_TGK_TGK_STORE_ASL_INDEX_FS_H
#define AMDUAT_TGK_TGK_STORE_ASL_INDEX_FS_H
/* TGK/1 projection over ASL index/log (filesystem backend). */
#include "amduat/asl/asl_store_index_fs.h"
#include "amduat/tgk/store.h"
#include <stdbool.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef struct {
amduat_asl_store_index_fs_t *asl_fs;
amduat_asl_store_t asl_store;
amduat_tgk_store_config_t config;
amduat_asl_index_state_t pinned_state;
bool pinned;
bool use_shards;
} amduat_tgk_store_asl_index_fs_t;
bool amduat_tgk_store_asl_index_fs_init(
amduat_tgk_store_asl_index_fs_t *store,
amduat_tgk_store_config_t config,
amduat_asl_store_index_fs_t *asl_fs);
void amduat_tgk_store_asl_index_fs_free(
amduat_tgk_store_asl_index_fs_t *store);
amduat_tgk_store_ops_t amduat_tgk_store_asl_index_fs_ops(void);
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* AMDUAT_TGK_TGK_STORE_ASL_INDEX_FS_H */

7
src/adapters/asl_store_index_fs/asl_store_index_fs.c
View file

@ -1076,6 +1076,7 @@ static amduat_asl_store_error_t amduat_asl_store_index_fs_stream_log_apply(
size_t header_size = 0u;
uint8_t prev_hash[AMDUAT_ASL_STORE_INDEX_FS_LOG_HASH_LEN];
uint64_t last_logseq = 0u;
bool seen_record = false;
if (replay_state == NULL || out_last_logseq == NULL ||
out_last_hash == NULL) {
@ -1126,6 +1127,11 @@ static amduat_asl_store_error_t amduat_asl_store_index_fs_stream_log_apply(
}
logseq = amduat_asl_store_index_fs_load_u64_le(record_header);
if (seen_record && logseq <= last_logseq) {
free(payload);
close(fd);
return AMDUAT_ASL_STORE_ERR_INTEGRITY;
}
record_type =
amduat_asl_store_index_fs_log_load_u32_le(record_header + 8u);
payload_len =
@ -1181,6 +1187,7 @@ static amduat_asl_store_error_t amduat_asl_store_index_fs_stream_log_apply(
memcpy(prev_hash, record_hash, sizeof(prev_hash));
last_logseq = logseq;
seen_record = true;
free(payload);
}

1699
src/adapters/tgk_store_asl_index_fs/tgk_store_asl_index_fs.c Normal file
View file

File diff suppressed because it is too large Load diff

28
src/near_core/asl/index_replay.c
View file

@ -149,6 +149,26 @@ static bool amduat_asl_replay_parse_tombstone_lift(
return true;
}
static bool amduat_asl_replay_parse_snapshot_anchor(
amduat_octets_t payload,
amduat_asl_snapshot_id_t *out_snapshot_id) {
amduat_asl_replay_cursor_t cur;
uint64_t snapshot_id;
if (payload.len < 8u + 32u || payload.data == NULL ||
out_snapshot_id == NULL) {
return false;
}
cur.data = payload.data;
cur.len = payload.len;
cur.offset = 0;
if (!amduat_asl_replay_read_u64_le(&cur, &snapshot_id)) {
return false;
}
*out_snapshot_id = snapshot_id;
return true;
}
static bool amduat_asl_replay_update_segment(
amduat_asl_replay_state_t *state,
const amduat_asl_segment_seal_t *seal) {
@ -273,6 +293,7 @@ bool amduat_asl_replay_apply_log(
amduat_asl_segment_seal_t seal;
amduat_reference_t ref;
uint64_t tombstone_logseq;
amduat_asl_snapshot_id_t snapshot_id;
if (record->logseq > log_position) {
break;
@ -303,6 +324,13 @@ bool amduat_asl_replay_apply_log(
}
amduat_asl_replay_remove_tombstone(state, ref, tombstone_logseq);
break;
case AMDUAT_ASL_LOG_RECORD_SNAPSHOT_ANCHOR:
if (!amduat_asl_replay_parse_snapshot_anchor(record->payload,
&snapshot_id)) {
return false;
}
state->state.snapshot_id = snapshot_id;
break;
default:
break;
}

6
src/near_core/enc/asl_core_index.c
View file

@ -215,6 +215,9 @@ bool amduat_enc_asl_core_index_encode_v1(
segment->header.reserved0 != 0) {
return false;
}
if (segment->header.snapshot_min > segment->header.snapshot_max) {
return false;
}
if (segment->header.segment_visibility > 1) {
return false;
}
@ -504,6 +507,9 @@ bool amduat_enc_asl_core_index_decode_v1(
if (header.flags != 0) {
return false;
}
if (header.snapshot_min > header.snapshot_max) {
return false;
}
legacy_defaults = header.version < AMDUAT_ASL_CORE_INDEX_VERSION;
if (!legacy_defaults) {

7
src/near_core/enc/asl_log.c
View file

@ -257,6 +257,7 @@ bool amduat_enc_asl_log_decode_v1(amduat_octets_t bytes,
amduat_asl_log_record_t *records;
size_t record_count;
size_t record_capacity;
uint64_t last_logseq;
if (out_records == NULL || out_count == NULL) {
return false;
@ -306,6 +307,7 @@ bool amduat_enc_asl_log_decode_v1(amduat_octets_t bytes,
records = NULL;
record_count = 0;
record_capacity = 0;
last_logseq = 0u;
memset(prev_hash, 0, sizeof(prev_hash));
while (cur.offset < cur.len) {
@ -322,6 +324,10 @@ bool amduat_enc_asl_log_decode_v1(amduat_octets_t bytes,
amduat_enc_asl_log_free(records, record_count);
return false;
}
if (record_count != 0u && logseq <= last_logseq) {
amduat_enc_asl_log_free(records, record_count);
return false;
}
if (cur.len - cur.offset < payload_len + AMDUAT_ASL_LOG_HASH_LEN) {
amduat_enc_asl_log_free(records, record_count);
return false;
@ -346,6 +352,7 @@ bool amduat_enc_asl_log_decode_v1(amduat_octets_t bytes,
return false;
}
memcpy(prev_hash, record_hash, AMDUAT_ASL_LOG_HASH_LEN);
last_logseq = logseq;
if (amduat_asl_log_is_known_record_type(record_type)) {
amduat_asl_log_record_t *slot;

850
src/near_core/enc/fer1_receipt.c
View file

@ -8,6 +8,19 @@
#include <stdlib.h>
#include <string.h>
enum {
AMDUAT_FER1_TLV_EXECUTOR_FINGERPRINT = 0x0001u,
AMDUAT_FER1_TLV_RUN_ID = 0x0002u,
AMDUAT_FER1_TLV_LOGS = 0x0003u,
AMDUAT_FER1_TLV_LIMITS = 0x0004u,
AMDUAT_FER1_TLV_DETERMINISM = 0x0005u,
AMDUAT_FER1_TLV_SIGNATURE = 0x0006u
};
enum {
AMDUAT_FER1_LOGS_MAX = 64
};
typedef struct {
const uint8_t *data;
size_t len;
@ -177,6 +190,14 @@ static bool amduat_write_encoded_ref(uint8_t *buffer,
return true;
}
static int amduat_log_entry_cmp(const amduat_fer1_log_entry_t *a,
const amduat_fer1_log_entry_t *b) {
if (a->kind != b->kind) {
return a->kind < b->kind ? -1 : 1;
}
return amduat_reference_cmp(a->log_ref, b->log_ref);
}
static bool amduat_read_encoded_ref(amduat_cursor_t *cur,
amduat_reference_t *out_ref) {
uint32_t ref_len_u32;
@ -231,10 +252,42 @@ void amduat_enc_fer1_receipt_free(amduat_fer1_receipt_t *receipt) {
free(receipt->parity);
}
if (receipt->has_executor_fingerprint_ref) {
amduat_reference_free(&receipt->executor_fingerprint_ref);
}
if (receipt->has_run_id) {
amduat_octets_free(&receipt->run_id);
}
if (receipt->logs != NULL) {
for (i = 0; i < receipt->logs_len; ++i) {
amduat_reference_free(&receipt->logs[i].log_ref);
amduat_octets_free(&receipt->logs[i].sha256);
}
free(receipt->logs);
}
if (receipt->has_rng_seed) {
amduat_octets_free(&receipt->rng_seed);
}
if (receipt->has_signature) {
amduat_octets_free(&receipt->signature);
}
receipt->executor_refs = NULL;
receipt->executor_refs_len = 0;
receipt->parity = NULL;
receipt->parity_len = 0;
receipt->has_executor_fingerprint_ref = false;
receipt->has_run_id = false;
receipt->run_id = amduat_octets(NULL, 0u);
receipt->has_limits = false;
receipt->logs = NULL;
receipt->logs_len = 0;
receipt->has_determinism = false;
receipt->determinism_level = 0u;
receipt->has_rng_seed = false;
receipt->rng_seed = amduat_octets(NULL, 0u);
receipt->has_signature = false;
receipt->signature = amduat_octets(NULL, 0u);
}
bool amduat_enc_fer1_receipt_encode_v1(
@ -444,6 +497,431 @@ bool amduat_enc_fer1_receipt_encode_v1(
return true;
}
bool amduat_enc_fer1_receipt_encode_v1_1(
const amduat_fer1_receipt_t *receipt,
amduat_octets_t *out_bytes) {
size_t total_len = 0;
size_t offset = 0;
size_t ext_len = 0;
uint8_t *buffer;
size_t i;
if (receipt == NULL || out_bytes == NULL) {
return false;
}
out_bytes->data = NULL;
out_bytes->len = 0;
if (receipt->fer1_version != AMDUAT_FER1_VERSION_1_1) {
return false;
}
if (receipt->evaluator_id.len != 0 && receipt->evaluator_id.data == NULL) {
return false;
}
if (receipt->executor_refs_len != 0 && receipt->executor_refs == NULL) {
return false;
}
if (receipt->parity_len != 0 && receipt->parity == NULL) {
return false;
}
if (receipt->executor_refs_len != receipt->parity_len) {
return false;
}
if (receipt->evaluator_id.len > UINT32_MAX) {
return false;
}
if (receipt->started_at > receipt->completed_at) {
return false;
}
if (receipt->has_run_id &&
receipt->run_id.len != 0 &&
receipt->run_id.data == NULL) {
return false;
}
if (receipt->has_run_id && receipt->run_id.len > UINT32_MAX) {
return false;
}
if (receipt->has_rng_seed &&
receipt->rng_seed.len != 0 &&
receipt->rng_seed.data == NULL) {
return false;
}
if (receipt->has_rng_seed && receipt->rng_seed.len > UINT32_MAX) {
return false;
}
if (receipt->has_signature &&
receipt->signature.len != 0 &&
receipt->signature.data == NULL) {
return false;
}
if (receipt->has_signature && receipt->signature.len > UINT32_MAX) {
return false;
}
if (receipt->logs_len != 0 && receipt->logs == NULL) {
return false;
}
if (receipt->logs_len > AMDUAT_FER1_LOGS_MAX) {
return false;
}
for (i = 1; i < receipt->executor_refs_len; ++i) {
if (amduat_reference_cmp(receipt->executor_refs[i - 1],
receipt->executor_refs[i]) > 0) {
return false;
}
}
for (i = 0; i < receipt->parity_len; ++i) {
if (!amduat_reference_eq(receipt->parity[i].executor_ref,
receipt->executor_refs[i])) {
return false;
}
if (i > 0 &&
amduat_reference_cmp(receipt->parity[i - 1].executor_ref,
receipt->parity[i].executor_ref) > 0) {
return false;
}
}
for (i = 0; i < receipt->logs_len; ++i) {
const amduat_fer1_log_entry_t *entry = &receipt->logs[i];
if (entry->sha256.len != 0 && entry->sha256.data == NULL) {
return false;
}
if (entry->sha256.len > UINT32_MAX) {
return false;
}
if (i > 0 &&
amduat_log_entry_cmp(&receipt->logs[i - 1], entry) > 0) {
return false;
}
}
{
size_t enc_len;
if (!amduat_add_size(&total_len, 2) ||
!amduat_encoded_ref_len(receipt->function_ref, &enc_len) ||
!amduat_add_size(&total_len, enc_len) ||
!amduat_encoded_ref_len(receipt->input_manifest_ref, &enc_len) ||
!amduat_add_size(&total_len, enc_len) ||
!amduat_encoded_ref_len(receipt->environment_ref, &enc_len) ||
!amduat_add_size(&total_len, enc_len)) {
return false;
}
}
if (!amduat_add_size(&total_len, 4 + receipt->evaluator_id.len)) {
return false;
}
{
size_t enc_len;
if (!amduat_encoded_ref_len(receipt->output_ref, &enc_len) ||
!amduat_add_size(&total_len, enc_len)) {
return false;
}
}
if (!amduat_add_size(&total_len, 4)) {
return false;
}
for (i = 0; i < receipt->executor_refs_len; ++i) {
size_t enc_len;
if (!amduat_encoded_ref_len(receipt->executor_refs[i], &enc_len) ||
!amduat_add_size(&total_len, enc_len)) {
return false;
}
}
if (!amduat_add_size(&total_len, 4)) {
return false;
}
for (i = 0; i < receipt->parity_len; ++i) {
size_t enc_len;
const amduat_fer1_parity_entry_t *entry = &receipt->parity[i];
if (entry->parity_digest.len != 0 &&
entry->parity_digest.data == NULL) {
return false;
}
if (entry->parity_digest.len > UINT32_MAX) {
return false;
}
if (!amduat_reference_eq(entry->output_ref, receipt->output_ref)) {
return false;
}
if (!amduat_encoded_ref_len(entry->executor_ref, &enc_len) ||
!amduat_add_size(&total_len, enc_len) ||
!amduat_encoded_ref_len(entry->output_ref, &enc_len) ||
!amduat_add_size(&total_len, enc_len) ||
!amduat_add_size(&total_len, 1)) {
return false;
}
if (entry->has_sbom_ref) {
if (!amduat_encoded_ref_len(entry->sbom_ref, &enc_len) ||
!amduat_add_size(&total_len, enc_len)) {
return false;
}
}
if (!amduat_add_size(&total_len, 4 + entry->parity_digest.len)) {
return false;
}
}
if (!amduat_add_size(&total_len, 8 + 8)) {
return false;
}
if (receipt->has_executor_fingerprint_ref) {
size_t enc_len;
if (!amduat_encoded_ref_len(receipt->executor_fingerprint_ref, &enc_len)) {
return false;
}
if (!amduat_add_size(&ext_len, 2 + 4 + enc_len)) {
return false;
}
}
if (receipt->has_run_id) {
if (!amduat_add_size(&ext_len, 2 + 4 + 4 + receipt->run_id.len)) {
return false;
}
}
if (receipt->has_limits) {
if (!amduat_add_size(&ext_len, 2 + 4 + (5u * 8u))) {
return false;
}
}
if (receipt->logs_len != 0) {
size_t logs_len = 4;
for (i = 0; i < receipt->logs_len; ++i) {
size_t enc_len;
if (!amduat_encoded_ref_len(receipt->logs[i].log_ref, &enc_len)) {
return false;
}
if (!amduat_add_size(&logs_len, 4) ||
!amduat_add_size(&logs_len, enc_len) ||
!amduat_add_size(&logs_len, 4 + receipt->logs[i].sha256.len)) {
return false;
}
}
if (!amduat_add_size(&ext_len, 2 + 4 + logs_len)) {
return false;
}
}
if (receipt->has_determinism) {
if (!amduat_add_size(&ext_len,
2 + 4 + 1 + 4 + receipt->rng_seed.len)) {
return false;
}
}
if (receipt->has_signature) {
if (!amduat_add_size(&ext_len, 2 + 4 + receipt->signature.len)) {
return false;
}
}
if (ext_len > UINT32_MAX) {
return false;
}
if (!amduat_add_size(&total_len, 4 + ext_len)) {
return false;
}
buffer = (uint8_t *)malloc(total_len);
if (buffer == NULL) {
return false;
}
amduat_store_u16_be(buffer + offset, receipt->fer1_version);
offset += 2;
if (!amduat_write_encoded_ref(buffer, total_len, &offset,
receipt->function_ref) ||
!amduat_write_encoded_ref(buffer, total_len, &offset,
receipt->input_manifest_ref) ||
!amduat_write_encoded_ref(buffer, total_len, &offset,
receipt->environment_ref)) {
free(buffer);
return false;
}
amduat_store_u32_be(buffer + offset, (uint32_t)receipt->evaluator_id.len);
offset += 4;
if (receipt->evaluator_id.len != 0) {
memcpy(buffer + offset, receipt->evaluator_id.data,
receipt->evaluator_id.len);
offset += receipt->evaluator_id.len;
}
if (!amduat_write_encoded_ref(buffer, total_len, &offset,
receipt->output_ref)) {
free(buffer);
return false;
}
amduat_store_u32_be(buffer + offset, (uint32_t)receipt->executor_refs_len);
offset += 4;
for (i = 0; i < receipt->executor_refs_len; ++i) {
if (!amduat_write_encoded_ref(buffer, total_len, &offset,
receipt->executor_refs[i])) {
free(buffer);
return false;
}
}
amduat_store_u32_be(buffer + offset, (uint32_t)receipt->parity_len);
offset += 4;
for (i = 0; i < receipt->parity_len; ++i) {
const amduat_fer1_parity_entry_t *entry = &receipt->parity[i];
if (!amduat_write_encoded_ref(buffer, total_len, &offset,
entry->executor_ref) ||
!amduat_write_encoded_ref(buffer, total_len, &offset,
entry->output_ref)) {
free(buffer);
return false;
}
buffer[offset++] = entry->has_sbom_ref ? 0x01u : 0x00u;
if (entry->has_sbom_ref) {
if (!amduat_write_encoded_ref(buffer, total_len, &offset,
entry->sbom_ref)) {
free(buffer);
return false;
}
}
amduat_store_u32_be(buffer + offset, (uint32_t)entry->parity_digest.len);
offset += 4;
if (entry->parity_digest.len != 0) {
memcpy(buffer + offset, entry->parity_digest.data,
entry->parity_digest.len);
offset += entry->parity_digest.len;
}
}
amduat_store_u64_be(buffer + offset, receipt->started_at);
offset += 8;
amduat_store_u64_be(buffer + offset, receipt->completed_at);
offset += 8;
amduat_store_u32_be(buffer + offset, (uint32_t)ext_len);
offset += 4;
if (receipt->has_executor_fingerprint_ref) {
size_t enc_len;
if (!amduat_encoded_ref_len(receipt->executor_fingerprint_ref, &enc_len)) {
free(buffer);
return false;
}
amduat_store_u16_be(buffer + offset,
AMDUAT_FER1_TLV_EXECUTOR_FINGERPRINT);
offset += 2;
amduat_store_u32_be(buffer + offset, (uint32_t)enc_len);
offset += 4;
if (!amduat_write_encoded_ref(buffer, total_len, &offset,
receipt->executor_fingerprint_ref)) {
free(buffer);
return false;
}
}
if (receipt->has_run_id) {
amduat_store_u16_be(buffer + offset, AMDUAT_FER1_TLV_RUN_ID);
offset += 2;
amduat_store_u32_be(buffer + offset,
(uint32_t)(4u + receipt->run_id.len));
offset += 4;
amduat_store_u32_be(buffer + offset, (uint32_t)receipt->run_id.len);
offset += 4;
if (receipt->run_id.len != 0) {
memcpy(buffer + offset, receipt->run_id.data, receipt->run_id.len);
offset += receipt->run_id.len;
}
}
if (receipt->logs_len != 0) {
size_t logs_len = 4;
for (i = 0; i < receipt->logs_len; ++i) {
size_t enc_len;
if (!amduat_encoded_ref_len(receipt->logs[i].log_ref, &enc_len)) {
free(buffer);
return false;
}
logs_len += 4 + enc_len + 4 + receipt->logs[i].sha256.len;
}
amduat_store_u16_be(buffer + offset, AMDUAT_FER1_TLV_LOGS);
offset += 2;
amduat_store_u32_be(buffer + offset, (uint32_t)logs_len);
offset += 4;
amduat_store_u32_be(buffer + offset, (uint32_t)receipt->logs_len);
offset += 4;
for (i = 0; i < receipt->logs_len; ++i) {
const amduat_fer1_log_entry_t *entry = &receipt->logs[i];
amduat_store_u32_be(buffer + offset, entry->kind);
offset += 4;
if (!amduat_write_encoded_ref(buffer, total_len, &offset,
entry->log_ref)) {
free(buffer);
return false;
}
amduat_store_u32_be(buffer + offset, (uint32_t)entry->sha256.len);
offset += 4;
if (entry->sha256.len != 0) {
memcpy(buffer + offset, entry->sha256.data, entry->sha256.len);
offset += entry->sha256.len;
}
}
}
if (receipt->has_limits) {
amduat_store_u16_be(buffer + offset, AMDUAT_FER1_TLV_LIMITS);
offset += 2;
amduat_store_u32_be(buffer + offset, (uint32_t)(5u * 8u));
offset += 4;
amduat_store_u64_be(buffer + offset, receipt->limits.cpu_ms);
offset += 8;
amduat_store_u64_be(buffer + offset, receipt->limits.wall_ms);
offset += 8;
amduat_store_u64_be(buffer + offset, receipt->limits.max_rss_kib);
offset += 8;
amduat_store_u64_be(buffer + offset, receipt->limits.io_reads);
offset += 8;
amduat_store_u64_be(buffer + offset, receipt->limits.io_writes);
offset += 8;
}
if (receipt->has_determinism) {
amduat_store_u16_be(buffer + offset, AMDUAT_FER1_TLV_DETERMINISM);
offset += 2;
amduat_store_u32_be(buffer + offset,
(uint32_t)(1u + 4u + receipt->rng_seed.len));
offset += 4;
buffer[offset++] = receipt->determinism_level;
amduat_store_u32_be(buffer + offset, (uint32_t)receipt->rng_seed.len);
offset += 4;
if (receipt->rng_seed.len != 0) {
memcpy(buffer + offset, receipt->rng_seed.data, receipt->rng_seed.len);
offset += receipt->rng_seed.len;
}
}
if (receipt->has_signature) {
amduat_store_u16_be(buffer + offset, AMDUAT_FER1_TLV_SIGNATURE);
offset += 2;
amduat_store_u32_be(buffer + offset,
(uint32_t)receipt->signature.len);
offset += 4;
if (receipt->signature.len != 0) {
memcpy(buffer + offset, receipt->signature.data, receipt->signature.len);
offset += receipt->signature.len;
}
}
out_bytes->data = buffer;
out_bytes->len = total_len;
return true;
}
bool amduat_enc_fer1_receipt_decode_v1(
amduat_octets_t bytes,
amduat_fer1_receipt_t *out_receipt) {
@ -627,3 +1105,375 @@ bool amduat_enc_fer1_receipt_decode_v1(
return true;
}
bool amduat_enc_fer1_receipt_decode_v1_1(
amduat_octets_t bytes,
amduat_fer1_receipt_t *out_receipt) {
amduat_cursor_t cur;
uint16_t fer1_version;
uint32_t len_u32;
uint32_t executor_count;
uint32_t parity_count;
uint32_t ext_len;
size_t i;
if (out_receipt == NULL) {
return false;
}
if (bytes.len != 0 && bytes.data == NULL) {
return false;
}
memset(out_receipt, 0, sizeof(*out_receipt));
cur.data = bytes.data;
cur.len = bytes.len;
cur.offset = 0;
if (!amduat_read_u16(&cur, &fer1_version)) {
return false;
}
if (fer1_version != AMDUAT_FER1_VERSION_1_1) {
return false;
}
out_receipt->fer1_version = fer1_version;
if (!amduat_read_encoded_ref(&cur, &out_receipt->function_ref) ||
!amduat_read_encoded_ref(&cur, &out_receipt->input_manifest_ref) ||
!amduat_read_encoded_ref(&cur, &out_receipt->environment_ref)) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
if (!amduat_read_u32(&cur, &len_u32)) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
if (cur.len - cur.offset < len_u32) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
if (len_u32 != 0) {
amduat_octets_t src = amduat_octets(cur.data + cur.offset, len_u32);
if (!amduat_octets_clone(src, &out_receipt->evaluator_id)) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
cur.offset += len_u32;
}
if (!amduat_read_encoded_ref(&cur, &out_receipt->output_ref)) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
if (!amduat_read_u32(&cur, &executor_count)) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
if (executor_count != 0) {
if (executor_count > SIZE_MAX / sizeof(amduat_reference_t)) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
out_receipt->executor_refs =
(amduat_reference_t *)calloc(executor_count,
sizeof(amduat_reference_t));
if (out_receipt->executor_refs == NULL) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
}
out_receipt->executor_refs_len = executor_count;
for (i = 0; i < out_receipt->executor_refs_len; ++i) {
if (!amduat_read_encoded_ref(&cur, &out_receipt->executor_refs[i])) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
}
for (i = 1; i < out_receipt->executor_refs_len; ++i) {
if (amduat_reference_cmp(out_receipt->executor_refs[i - 1],
out_receipt->executor_refs[i]) > 0) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
}
if (!amduat_read_u32(&cur, &parity_count)) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
if (parity_count > SIZE_MAX / sizeof(amduat_fer1_parity_entry_t)) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
if (parity_count != 0) {
out_receipt->parity =
(amduat_fer1_parity_entry_t *)calloc(parity_count,
sizeof(amduat_fer1_parity_entry_t));
if (out_receipt->parity == NULL) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
}
out_receipt->parity_len = parity_count;
for (i = 0; i < out_receipt->parity_len; ++i) {
amduat_fer1_parity_entry_t *entry = &out_receipt->parity[i];
uint8_t has_sbom_ref;
if (!amduat_read_encoded_ref(&cur, &entry->executor_ref) ||
!amduat_read_encoded_ref(&cur, &entry->output_ref)) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
if (!amduat_read_u8(&cur, &has_sbom_ref)) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
if (has_sbom_ref != 0x00u && has_sbom_ref != 0x01u) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
entry->has_sbom_ref = has_sbom_ref == 0x01u;
if (entry->has_sbom_ref) {
if (!amduat_read_encoded_ref(&cur, &entry->sbom_ref)) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
}
if (!amduat_read_u32(&cur, &len_u32)) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
if (cur.len - cur.offset < len_u32) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
if (len_u32 != 0) {
amduat_octets_t src = amduat_octets(cur.data + cur.offset, len_u32);
if (!amduat_octets_clone(src, &entry->parity_digest)) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
cur.offset += len_u32;
}
}
for (i = 0; i < out_receipt->parity_len; ++i) {
if (!amduat_reference_eq(out_receipt->parity[i].executor_ref,
out_receipt->executor_refs[i])) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
if (i > 0 &&
amduat_reference_cmp(out_receipt->parity[i - 1].executor_ref,
out_receipt->parity[i].executor_ref) > 0) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
if (!amduat_reference_eq(out_receipt->parity[i].output_ref,
out_receipt->output_ref)) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
}
if (!amduat_read_u64(&cur, &out_receipt->started_at) ||
!amduat_read_u64(&cur, &out_receipt->completed_at)) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
if (out_receipt->started_at > out_receipt->completed_at) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
if (!amduat_read_u32(&cur, &ext_len)) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
if (cur.len - cur.offset < ext_len) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
{
size_t end_offset = cur.offset + ext_len;
while (cur.offset < end_offset) {
uint16_t tag;
uint32_t tag_len;
amduat_cursor_t tlv_cur;
if (!amduat_read_u16(&cur, &tag) ||
!amduat_read_u32(&cur, &tag_len)) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
if (tag_len > end_offset - cur.offset) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
tlv_cur.data = cur.data + cur.offset;
tlv_cur.len = tag_len;
tlv_cur.offset = 0;
switch (tag) {
case AMDUAT_FER1_TLV_EXECUTOR_FINGERPRINT:
if (out_receipt->has_executor_fingerprint_ref ||
!amduat_read_encoded_ref(&tlv_cur,
&out_receipt->executor_fingerprint_ref) ||
tlv_cur.offset != tlv_cur.len) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
out_receipt->has_executor_fingerprint_ref = true;
break;
case AMDUAT_FER1_TLV_RUN_ID: {
uint32_t run_len;
if (out_receipt->has_run_id ||
!amduat_read_u32(&tlv_cur, &run_len) ||
tlv_cur.len - tlv_cur.offset < run_len ||
tlv_cur.offset + run_len != tlv_cur.len) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
if (run_len != 0) {
amduat_octets_t src =
amduat_octets(tlv_cur.data + tlv_cur.offset, run_len);
if (!amduat_octets_clone(src, &out_receipt->run_id)) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
}
out_receipt->has_run_id = true;
break;
}
case AMDUAT_FER1_TLV_LOGS: {
uint32_t count;
if (!amduat_read_u32(&tlv_cur, &count) ||
count > AMDUAT_FER1_LOGS_MAX ||
count > SIZE_MAX / sizeof(amduat_fer1_log_entry_t)) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
if (count != 0) {
out_receipt->logs =
(amduat_fer1_log_entry_t *)calloc(
count, sizeof(amduat_fer1_log_entry_t));
if (out_receipt->logs == NULL) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
}
out_receipt->logs_len = count;
for (i = 0; i < out_receipt->logs_len; ++i) {
amduat_fer1_log_entry_t *entry = &out_receipt->logs[i];
uint32_t sha_len;
if (!amduat_read_u32(&tlv_cur, &entry->kind) ||
!amduat_read_encoded_ref(&tlv_cur, &entry->log_ref) ||
!amduat_read_u32(&tlv_cur, &sha_len) ||
tlv_cur.len - tlv_cur.offset < sha_len) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
if (sha_len != 0) {
amduat_octets_t src =
amduat_octets(tlv_cur.data + tlv_cur.offset, sha_len);
if (!amduat_octets_clone(src, &entry->sha256)) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
}
tlv_cur.offset += sha_len;
if (i > 0 &&
amduat_log_entry_cmp(&out_receipt->logs[i - 1],
entry) > 0) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
}
if (tlv_cur.offset != tlv_cur.len) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
break;
}
case AMDUAT_FER1_TLV_LIMITS:
if (out_receipt->has_limits ||
tlv_cur.len != 5u * 8u ||
!amduat_read_u64(&tlv_cur, &out_receipt->limits.cpu_ms) ||
!amduat_read_u64(&tlv_cur, &out_receipt->limits.wall_ms) ||
!amduat_read_u64(&tlv_cur, &out_receipt->limits.max_rss_kib) ||
!amduat_read_u64(&tlv_cur, &out_receipt->limits.io_reads) ||
!amduat_read_u64(&tlv_cur, &out_receipt->limits.io_writes) ||
tlv_cur.offset != tlv_cur.len) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
out_receipt->has_limits = true;
break;
case AMDUAT_FER1_TLV_DETERMINISM: {
uint8_t level;
uint32_t seed_len;
if (out_receipt->has_determinism ||
!amduat_read_u8(&tlv_cur, &level) ||
!amduat_read_u32(&tlv_cur, &seed_len) ||
tlv_cur.len - tlv_cur.offset < seed_len) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
if (seed_len != 0) {
amduat_octets_t src =
amduat_octets(tlv_cur.data + tlv_cur.offset, seed_len);
if (!amduat_octets_clone(src, &out_receipt->rng_seed)) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
out_receipt->has_rng_seed = true;
}
tlv_cur.offset += seed_len;
if (tlv_cur.offset != tlv_cur.len) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
out_receipt->determinism_level = level;
out_receipt->has_determinism = true;
break;
}
case AMDUAT_FER1_TLV_SIGNATURE: {
if (out_receipt->has_signature) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
if (tlv_cur.len != 0) {
amduat_octets_t src =
amduat_octets(tlv_cur.data + tlv_cur.offset, tlv_cur.len);
if (!amduat_octets_clone(src, &out_receipt->signature)) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
}
tlv_cur.offset = tlv_cur.len;
out_receipt->has_signature = true;
break;
}
default:
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
cur.offset += tag_len;
}
if (cur.offset != end_offset) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
}
if (cur.offset != cur.len) {
amduat_enc_fer1_receipt_free(out_receipt);
return false;
}
return true;
}

212
src/near_core/fer/receipt.c
View file

@ -1,11 +1,13 @@
#include "amduat/fer/receipt.h"
#include "amduat/enc/fer1_receipt.h"
#include "amduat/pel/run.h"
#include <string.h>
bool amduat_fer1_receipt_from_pel_result(
static bool amduat_fer1_receipt_from_pel_result_with_output_ref(
const amduat_pel_surface_execution_result_t *pel_result,
amduat_reference_t output_ref,
amduat_reference_t input_manifest_ref,
amduat_reference_t environment_ref,
amduat_octets_t evaluator_id,
@ -29,9 +31,6 @@ bool amduat_fer1_receipt_from_pel_result(
if (pel_result == NULL) {
return false;
}
if (pel_result->output_refs_len != 1 || pel_result->output_refs == NULL) {
return false;
}
if (evaluator_id.len != 0 && evaluator_id.data == NULL) {
return false;
}
@ -45,7 +44,7 @@ bool amduat_fer1_receipt_from_pel_result(
receipt.input_manifest_ref = input_manifest_ref;
receipt.environment_ref = environment_ref;
receipt.evaluator_id = evaluator_id;
receipt.output_ref = pel_result->output_refs[0];
receipt.output_ref = output_ref;
receipt.started_at = started_at;
receipt.completed_at = completed_at;
@ -73,3 +72,206 @@ bool amduat_fer1_receipt_from_pel_result(
amduat_type_tag(AMDUAT_TYPE_TAG_FER1_RECEIPT_1));
return true;
}
bool amduat_fer1_receipt_from_pel_result(
const amduat_pel_surface_execution_result_t *pel_result,
amduat_reference_t input_manifest_ref,
amduat_reference_t environment_ref,
amduat_octets_t evaluator_id,
amduat_reference_t executor_ref,
bool has_sbom_ref,
amduat_reference_t sbom_ref,
amduat_octets_t parity_digest,
uint64_t started_at,
uint64_t completed_at,
amduat_artifact_t *out_artifact) {
if (pel_result == NULL) {
return false;
}
if (pel_result->output_refs_len != 1 || pel_result->output_refs == NULL) {
return false;
}
return amduat_fer1_receipt_from_pel_result_with_output_ref(
pel_result,
pel_result->output_refs[0],
input_manifest_ref,
environment_ref,
evaluator_id,
executor_ref,
has_sbom_ref,
sbom_ref,
parity_digest,
started_at,
completed_at,
out_artifact);
}
bool amduat_fer1_receipt_from_pel_run(
const amduat_pel_run_result_t *pel_run,
amduat_reference_t input_manifest_ref,
amduat_reference_t environment_ref,
amduat_octets_t evaluator_id,
amduat_reference_t executor_ref,
bool has_sbom_ref,
amduat_reference_t sbom_ref,
amduat_octets_t parity_digest,
uint64_t started_at,
uint64_t completed_at,
amduat_artifact_t *out_artifact) {
amduat_reference_t output_ref;
if (pel_run == NULL || !pel_run->has_result_value) {
return false;
}
if (pel_run->output_refs_len == 1 && pel_run->output_refs != NULL) {
output_ref = pel_run->output_refs[0];
} else if (pel_run->output_refs_len == 0) {
output_ref = pel_run->result_ref;
} else {
return false;
}
return amduat_fer1_receipt_from_pel_result_with_output_ref(
&pel_run->result_value,
output_ref,
input_manifest_ref,
environment_ref,
evaluator_id,
executor_ref,
has_sbom_ref,
sbom_ref,
parity_digest,
started_at,
completed_at,
out_artifact);
}
bool amduat_fer1_receipt_from_pel_run_v1_1(
const amduat_pel_run_result_t *pel_run,
amduat_reference_t input_manifest_ref,
amduat_reference_t environment_ref,
amduat_octets_t evaluator_id,
amduat_reference_t executor_ref,
bool has_sbom_ref,
amduat_reference_t sbom_ref,
amduat_octets_t parity_digest,
uint64_t started_at,
uint64_t completed_at,
bool has_executor_fingerprint_ref,
amduat_reference_t executor_fingerprint_ref,
bool has_run_id,
amduat_octets_t run_id,
bool has_limits,
amduat_fer1_limits_t limits,
const amduat_fer1_log_entry_t *logs,
size_t logs_len,
bool has_determinism,
uint8_t determinism_level,
bool has_rng_seed,
amduat_octets_t rng_seed,
bool has_signature,
amduat_octets_t signature,
amduat_artifact_t *out_artifact) {
amduat_fer1_receipt_t receipt;
amduat_fer1_parity_entry_t parity;
amduat_reference_t executor_refs[1];
amduat_reference_t output_ref;
amduat_octets_t receipt_bytes;
if (out_artifact == NULL) {
return false;
}
*out_artifact = amduat_artifact(amduat_octets(NULL, 0u));
if (pel_run == NULL || !pel_run->has_result_value) {
return false;
}
if (pel_run->output_refs_len == 1 && pel_run->output_refs != NULL) {
output_ref = pel_run->output_refs[0];
} else if (pel_run->output_refs_len == 0) {
output_ref = pel_run->result_ref;
} else {
return false;
}
if (evaluator_id.len != 0 && evaluator_id.data == NULL) {
return false;
}
if (parity_digest.len != 0 && parity_digest.data == NULL) {
return false;
}
if (has_run_id && run_id.len != 0 && run_id.data == NULL) {
return false;
}
if (has_rng_seed && rng_seed.len != 0 && rng_seed.data == NULL) {
return false;
}
if (has_signature && signature.len != 0 && signature.data == NULL) {
return false;
}
if (logs_len != 0 && logs == NULL) {
return false;
}
memset(&receipt, 0, sizeof(receipt));
receipt.fer1_version = AMDUAT_FER1_VERSION_1_1;
receipt.function_ref = pel_run->result_value.program_ref;
receipt.input_manifest_ref = input_manifest_ref;
receipt.environment_ref = environment_ref;
receipt.evaluator_id = evaluator_id;
receipt.output_ref = output_ref;
receipt.started_at = started_at;
receipt.completed_at = completed_at;
executor_refs[0] = executor_ref;
receipt.executor_refs = executor_refs;
receipt.executor_refs_len = 1;
memset(&parity, 0, sizeof(parity));
parity.executor_ref = executor_ref;
parity.output_ref = receipt.output_ref;
parity.has_sbom_ref = has_sbom_ref;
if (has_sbom_ref) {
parity.sbom_ref = sbom_ref;
}
parity.parity_digest = parity_digest;
receipt.parity = &parity;
receipt.parity_len = 1;
receipt.has_executor_fingerprint_ref = has_executor_fingerprint_ref;
if (has_executor_fingerprint_ref) {
receipt.executor_fingerprint_ref = executor_fingerprint_ref;
}
receipt.has_run_id = has_run_id;
if (has_run_id) {
receipt.run_id = run_id;
}
receipt.has_limits = has_limits;
if (has_limits) {
receipt.limits = limits;
}
receipt.logs = (amduat_fer1_log_entry_t *)logs;
receipt.logs_len = logs_len;
receipt.has_determinism = has_determinism;
if (has_determinism) {
receipt.determinism_level = determinism_level;
}
receipt.has_rng_seed = has_rng_seed;
if (has_rng_seed) {
receipt.rng_seed = rng_seed;
}
receipt.has_signature = has_signature;
if (has_signature) {
receipt.signature = signature;
}
if (!amduat_enc_fer1_receipt_encode_v1_1(&receipt, &receipt_bytes)) {
return false;
}
*out_artifact = amduat_artifact_with_type(
amduat_octets(receipt_bytes.data, receipt_bytes.len),
amduat_type_tag(AMDUAT_TYPE_TAG_FER1_RECEIPT_1));
return true;
}

23
tests/asl/test_asl_index_replay.c
View file

@ -113,6 +113,18 @@ static size_t build_segment_seal_payload(uint8_t *out,
return 8 + 32;
}
static size_t build_snapshot_anchor_payload(uint8_t *out,
size_t out_cap,
uint64_t snapshot_id,
const uint8_t root_hash[32]) {
if (out_cap < 8 + 32) {
return 0;
}
store_u64_le(out, snapshot_id);
memcpy(out + 8, root_hash, 32);
return 8 + 32;
}
static bool join_path(const char *base, const char *segment, char **out_path) {
size_t base_len;
size_t seg_len;
@ -657,9 +669,11 @@ static int test_tombstone_lift_boundary(void) {
amduat_reference_t ref;
uint8_t hash[32];
uint8_t seal_payload[8 + 32];
uint8_t anchor_payload[8 + 32];
uint8_t tombstone_payload[4 + 2 + 2 + 32 + 4 + 4];
uint8_t lift_payload[4 + 2 + 2 + 32 + 8];
size_t seal_len;
size_t anchor_len;
size_t tombstone_len;
size_t lift_len;
amduat_asl_log_record_t records[4];
@ -693,6 +707,10 @@ static int test_tombstone_lift_boundary(void) {
sizeof(seal_payload),
5,
hash);
anchor_len = build_snapshot_anchor_payload(anchor_payload,
sizeof(anchor_payload),
5,
hash);
tombstone_len = build_tombstone_payload(tombstone_payload,
sizeof(tombstone_payload),
ref.hash_id,
@ -704,7 +722,8 @@ static int test_tombstone_lift_boundary(void) {
ref.digest.data,
ref.digest.len,
20);
if (seal_len == 0 || tombstone_len == 0 || lift_len == 0) {
if (seal_len == 0 || anchor_len == 0 || tombstone_len == 0 ||
lift_len == 0) {
fprintf(stderr, "log payload build failed\n");
goto cleanup;
}
@ -718,7 +737,7 @@ static int test_tombstone_lift_boundary(void) {
records[1].payload = amduat_octets(tombstone_payload, tombstone_len);
records[2].logseq = 30;
records[2].record_type = AMDUAT_ASL_LOG_RECORD_SNAPSHOT_ANCHOR;
records[2].payload = amduat_octets(NULL, 0u);
records[2].payload = amduat_octets(anchor_payload, anchor_len);
records[3].logseq = 40;
records[3].record_type = AMDUAT_ASL_LOG_RECORD_TOMBSTONE_LIFT;
records[3].payload = amduat_octets(lift_payload, lift_len);

497
tests/enc/test_fer1_receipt.c
View file

@ -1,5 +1,6 @@
#include "amduat/enc/fer1_receipt.h"
#include "amduat/fer/receipt.h"
#include "amduat/pel/run.h"
#include <stdbool.h>
#include <stdint.h>
@ -102,6 +103,7 @@ static bool bytes_equal(amduat_octets_t bytes,
static int test_receipt_round_trip(void) {
amduat_fer1_receipt_t receipt;
amduat_octets_t encoded;
amduat_octets_t mutated;
amduat_fer1_receipt_t decoded;
amduat_reference_t executor_refs[2];
amduat_fer1_parity_entry_t parity[2];
@ -260,6 +262,492 @@ static int test_receipt_helper(void) {
return 0;
}
static int test_receipt_helper_failed_run(void) {
amduat_pel_run_result_t pel_run;
amduat_artifact_t artifact;
amduat_fer1_receipt_t decoded;
uint8_t f0[32], i0[32], e0[32], r0[32];
uint8_t ex0[32];
int exit_code = 1;
memset(&pel_run, 0, sizeof(pel_run));
pel_run.result_ref = make_ref(0x77, r0);
pel_run.output_refs = NULL;
pel_run.output_refs_len = 0;
pel_run.has_result_value = true;
pel_run.result_value.pel1_version = 1;
pel_run.result_value.program_ref = make_ref(0x11, f0);
if (!amduat_fer1_receipt_from_pel_run(
&pel_run,
make_ref(0x22, i0),
make_ref(0x33, e0),
amduat_octets("tester", 6),
make_ref(0x50, ex0),
false,
amduat_reference(0, amduat_octets(NULL, 0)),
amduat_octets(NULL, 0),
10,
20,
&artifact)) {
fprintf(stderr, "failed run helper failed\n");
return exit_code;
}
if (!amduat_enc_fer1_receipt_decode_v1(artifact.bytes, &decoded)) {
fprintf(stderr, "failed run helper decode failed\n");
amduat_artifact_free(&artifact);
return exit_code;
}
if (!amduat_reference_eq(decoded.output_ref, pel_run.result_ref) ||
!amduat_reference_eq(decoded.function_ref,
pel_run.result_value.program_ref)) {
fprintf(stderr, "failed run helper decoded refs mismatch\n");
goto cleanup_decoded;
}
exit_code = 0;
cleanup_decoded:
amduat_enc_fer1_receipt_free(&decoded);
amduat_artifact_free(&artifact);
return exit_code;
}
static int test_receipt_round_trip_v1_1(void) {
amduat_fer1_receipt_t receipt;
amduat_octets_t encoded;
amduat_fer1_receipt_t decoded;
amduat_octets_t mutated;
amduat_reference_t executor_refs[1];
amduat_fer1_parity_entry_t parity[1];
amduat_fer1_log_entry_t logs[2];
uint8_t f0[32], i0[32], e0[32], o0[32];
uint8_t ex0[32], fp0[32], lr0[32], lr1[32];
uint8_t digest0[] = {0xaa, 0xbb, 0xcc};
uint8_t run_id[] = {0x01, 0x02, 0x03, 0x04};
uint8_t rng_seed[] = {0x09, 0x08, 0x07};
uint8_t signature[] = {0xde, 0xad, 0xbe, 0xef};
int exit_code = 1;
memset(&receipt, 0, sizeof(receipt));
receipt.fer1_version = AMDUAT_FER1_VERSION_1_1;
receipt.function_ref = make_ref(0x11, f0);
receipt.input_manifest_ref = make_ref(0x22, i0);
receipt.environment_ref = make_ref(0x33, e0);
receipt.evaluator_id = amduat_octets("tester", 6);
receipt.output_ref = make_ref(0x44, o0);
receipt.started_at = 10;
receipt.completed_at = 20;
executor_refs[0] = make_ref(0x50, ex0);
receipt.executor_refs = executor_refs;
receipt.executor_refs_len = 1;
memset(parity, 0, sizeof(parity));
parity[0].executor_ref = executor_refs[0];
parity[0].output_ref = receipt.output_ref;
parity[0].has_sbom_ref = false;
parity[0].parity_digest = amduat_octets(digest0, sizeof(digest0));
receipt.parity = parity;
receipt.parity_len = 1;
receipt.has_executor_fingerprint_ref = true;
receipt.executor_fingerprint_ref = make_ref(0x66, fp0);
receipt.has_run_id = true;
receipt.run_id = amduat_octets(run_id, sizeof(run_id));
receipt.has_limits = true;
receipt.limits.cpu_ms = 1;
receipt.limits.wall_ms = 2;
receipt.limits.max_rss_kib = 3;
receipt.limits.io_reads = 4;
receipt.limits.io_writes = 5;
memset(logs, 0, sizeof(logs));
logs[0].kind = 1;
logs[0].log_ref = make_ref(0x70, lr0);
logs[0].sha256 = amduat_octets(digest0, sizeof(digest0));
logs[1].kind = 2;
logs[1].log_ref = make_ref(0x71, lr1);
logs[1].sha256 = amduat_octets(NULL, 0);
receipt.logs = logs;
receipt.logs_len = 2;
receipt.has_determinism = true;
receipt.determinism_level = 2;
receipt.has_rng_seed = true;
receipt.rng_seed = amduat_octets(rng_seed, sizeof(rng_seed));
receipt.has_signature = true;
receipt.signature = amduat_octets(signature, sizeof(signature));
if (!amduat_enc_fer1_receipt_encode_v1_1(&receipt, &encoded)) {
fprintf(stderr, "encode v1.1 failed\n");
return exit_code;
}
if (!amduat_enc_fer1_receipt_decode_v1_1(encoded, &decoded)) {
fprintf(stderr, "decode v1.1 failed\n");
goto cleanup;
}
if (decoded.fer1_version != AMDUAT_FER1_VERSION_1_1 ||
!amduat_reference_eq(decoded.function_ref, receipt.function_ref) ||
!amduat_reference_eq(decoded.input_manifest_ref,
receipt.input_manifest_ref) ||
!amduat_reference_eq(decoded.environment_ref,
receipt.environment_ref) ||
!amduat_reference_eq(decoded.output_ref, receipt.output_ref)) {
fprintf(stderr, "decoded v1.1 refs mismatch\n");
goto cleanup_decoded;
}
if (!decoded.has_executor_fingerprint_ref ||
!amduat_reference_eq(decoded.executor_fingerprint_ref,
receipt.executor_fingerprint_ref) ||
!decoded.has_run_id ||
!amduat_octets_eq(decoded.run_id, receipt.run_id) ||
!decoded.has_determinism ||
decoded.determinism_level != receipt.determinism_level ||
!decoded.has_rng_seed ||
!amduat_octets_eq(decoded.rng_seed, receipt.rng_seed) ||
!decoded.has_signature ||
!amduat_octets_eq(decoded.signature, receipt.signature) ||
!decoded.has_limits ||
decoded.limits.cpu_ms != receipt.limits.cpu_ms ||
decoded.limits.wall_ms != receipt.limits.wall_ms ||
decoded.limits.max_rss_kib != receipt.limits.max_rss_kib ||
decoded.limits.io_reads != receipt.limits.io_reads ||
decoded.limits.io_writes != receipt.limits.io_writes) {
fprintf(stderr, "decoded v1.1 fields mismatch\n");
goto cleanup_decoded;
}
if (decoded.logs_len != receipt.logs_len ||
!amduat_reference_eq(decoded.logs[0].log_ref, logs[0].log_ref) ||
decoded.logs[0].kind != logs[0].kind ||
!amduat_octets_eq(decoded.logs[0].sha256, logs[0].sha256) ||
!amduat_reference_eq(decoded.logs[1].log_ref, logs[1].log_ref) ||
decoded.logs[1].kind != logs[1].kind ||
decoded.logs[1].sha256.len != 0) {
fprintf(stderr, "decoded v1.1 logs mismatch\n");
goto cleanup_decoded;
}
exit_code = 0;
cleanup_decoded:
amduat_enc_fer1_receipt_free(&decoded);
cleanup:
free((void *)encoded.data);
return exit_code;
}
static int test_receipt_v1_1_reject_duplicate_tag(void) {
amduat_fer1_receipt_t receipt;
amduat_octets_t encoded;
amduat_fer1_receipt_t decoded;
amduat_octets_t mutated;
amduat_reference_t executor_refs[1];
amduat_fer1_parity_entry_t parity[1];
amduat_fer1_log_entry_t logs[1];
uint8_t f0[32], i0[32], e0[32], o0[32];
uint8_t ex0[32], fp0[32], lr0[32];
uint8_t digest0[] = {0xaa, 0xbb, 0xcc};
uint8_t run_id[] = {0x01, 0x02, 0x03, 0x04};
size_t offset = 0;
size_t ext_len = 0;
size_t ext_offset = 0;
size_t tlv_offset = 0;
uint32_t len_u32 = 0;
size_t count = 0;
size_t i = 0;
int exit_code = 1;
memset(&receipt, 0, sizeof(receipt));
receipt.fer1_version = AMDUAT_FER1_VERSION_1_1;
receipt.function_ref = make_ref(0x11, f0);
receipt.input_manifest_ref = make_ref(0x22, i0);
receipt.environment_ref = make_ref(0x33, e0);
receipt.evaluator_id = amduat_octets("tester", 6);
receipt.output_ref = make_ref(0x44, o0);
receipt.started_at = 10;
receipt.completed_at = 20;
executor_refs[0] = make_ref(0x50, ex0);
receipt.executor_refs = executor_refs;
receipt.executor_refs_len = 1;
memset(parity, 0, sizeof(parity));
parity[0].executor_ref = executor_refs[0];
parity[0].output_ref = receipt.output_ref;
parity[0].has_sbom_ref = false;
parity[0].parity_digest = amduat_octets(digest0, sizeof(digest0));
receipt.parity = parity;
receipt.parity_len = 1;
receipt.has_executor_fingerprint_ref = true;
receipt.executor_fingerprint_ref = make_ref(0x66, fp0);
receipt.has_run_id = true;
receipt.run_id = amduat_octets(run_id, sizeof(run_id));
receipt.has_limits = true;
receipt.limits.cpu_ms = 1;
receipt.limits.wall_ms = 2;
receipt.limits.max_rss_kib = 3;
receipt.limits.io_reads = 4;
receipt.limits.io_writes = 5;
memset(logs, 0, sizeof(logs));
logs[0].kind = 1;
logs[0].log_ref = make_ref(0x70, lr0);
logs[0].sha256 = amduat_octets(digest0, sizeof(digest0));
receipt.logs = logs;
receipt.logs_len = 1;
if (!amduat_enc_fer1_receipt_encode_v1_1(&receipt, &encoded)) {
fprintf(stderr, "encode v1.1 failed\n");
return exit_code;
}
if (encoded.len < 2) {
fprintf(stderr, "encoded v1.1 too short\n");
goto cleanup;
}
mutated = amduat_octets(NULL, 0u);
if (encoded.len != 0) {
uint8_t *buffer = (uint8_t *)malloc(encoded.len);
if (buffer == NULL) {
fprintf(stderr, "encoded v1.1 alloc failed\n");
goto cleanup;
}
memcpy(buffer, encoded.data, encoded.len);
mutated = amduat_octets(buffer, encoded.len);
}
if (mutated.data == NULL || mutated.len != encoded.len) {
fprintf(stderr, "encoded v1.1 clone failed\n");
goto cleanup;
}
if (encoded.len - offset < 2) {
fprintf(stderr, "encoded v1.1 header too short\n");
goto cleanup;
}
offset += 2;
if (offset + 4 > encoded.len) {
fprintf(stderr, "encoded v1.1 function_ref missing\n");
goto cleanup;
}
len_u32 = (uint32_t)((encoded.data[offset] << 24) |
(encoded.data[offset + 1] << 16) |
(encoded.data[offset + 2] << 8) |
encoded.data[offset + 3]);
offset += 4 + len_u32;
if (offset > encoded.len) {
fprintf(stderr, "encoded v1.1 function_ref truncated\n");
goto cleanup;
}
if (offset + 4 > encoded.len) {
fprintf(stderr, "encoded v1.1 input_manifest_ref missing\n");
goto cleanup;
}
len_u32 = (uint32_t)((encoded.data[offset] << 24) |
(encoded.data[offset + 1] << 16) |
(encoded.data[offset + 2] << 8) |
encoded.data[offset + 3]);
offset += 4 + len_u32;
if (offset > encoded.len) {
fprintf(stderr, "encoded v1.1 input_manifest_ref truncated\n");
goto cleanup;
}
if (offset + 4 > encoded.len) {
fprintf(stderr, "encoded v1.1 environment_ref missing\n");
goto cleanup;
}
len_u32 = (uint32_t)((encoded.data[offset] << 24) |
(encoded.data[offset + 1] << 16) |
(encoded.data[offset + 2] << 8) |
encoded.data[offset + 3]);
offset += 4 + len_u32;
if (offset > encoded.len) {
fprintf(stderr, "encoded v1.1 environment_ref truncated\n");
goto cleanup;
}
if (offset + 4 > encoded.len) {
fprintf(stderr, "encoded v1.1 evaluator_id missing\n");
goto cleanup;
}
len_u32 = (uint32_t)((encoded.data[offset] << 24) |
(encoded.data[offset + 1] << 16) |
(encoded.data[offset + 2] << 8) |
encoded.data[offset + 3]);
offset += 4 + len_u32;
if (offset > encoded.len) {
fprintf(stderr, "encoded v1.1 evaluator_id truncated\n");
goto cleanup;
}
if (offset + 4 > encoded.len) {
fprintf(stderr, "encoded v1.1 output_ref missing\n");
goto cleanup;
}
len_u32 = (uint32_t)((encoded.data[offset] << 24) |
(encoded.data[offset + 1] << 16) |
(encoded.data[offset + 2] << 8) |
encoded.data[offset + 3]);
offset += 4 + len_u32;
if (offset > encoded.len) {
fprintf(stderr, "encoded v1.1 output_ref truncated\n");
goto cleanup;
}
if (offset + 4 > encoded.len) {
fprintf(stderr, "encoded v1.1 executor_count missing\n");
goto cleanup;
}
len_u32 = (uint32_t)((encoded.data[offset] << 24) |
(encoded.data[offset + 1] << 16) |
(encoded.data[offset + 2] << 8) |
encoded.data[offset + 3]);
offset += 4;
count = (size_t)len_u32;
for (i = 0; i < count; ++i) {
if (offset + 4 > encoded.len) {
fprintf(stderr, "encoded v1.1 executor_ref missing\n");
goto cleanup;
}
uint32_t ref_len = (uint32_t)((encoded.data[offset] << 24) |
(encoded.data[offset + 1] << 16) |
(encoded.data[offset + 2] << 8) |
encoded.data[offset + 3]);
offset += 4 + ref_len;
if (offset > encoded.len) {
fprintf(stderr, "encoded v1.1 executor_ref truncated\n");
goto cleanup;
}
}
if (offset + 4 > encoded.len) {
fprintf(stderr, "encoded v1.1 parity_count missing\n");
goto cleanup;
}
len_u32 = (uint32_t)((encoded.data[offset] << 24) |
(encoded.data[offset + 1] << 16) |
(encoded.data[offset + 2] << 8) |
encoded.data[offset + 3]);
offset += 4;
count = (size_t)len_u32;
for (i = 0; i < count; ++i) {
if (offset + 4 > encoded.len) {
fprintf(stderr, "encoded v1.1 parity executor_ref missing\n");
goto cleanup;
}
uint32_t ref_len = (uint32_t)((encoded.data[offset] << 24) |
(encoded.data[offset + 1] << 16) |
(encoded.data[offset + 2] << 8) |
encoded.data[offset + 3]);
offset += 4 + ref_len;
if (offset + 4 > encoded.len) {
fprintf(stderr, "encoded v1.1 parity output_ref missing\n");
goto cleanup;
}
ref_len = (uint32_t)((encoded.data[offset] << 24) |
(encoded.data[offset + 1] << 16) |
(encoded.data[offset + 2] << 8) |
encoded.data[offset + 3]);
offset += 4 + ref_len;
if (offset >= encoded.len) {
fprintf(stderr, "encoded v1.1 parity truncated\n");
goto cleanup;
}
if (encoded.data[offset] == 0x01u) {
offset += 1;
if (offset + 4 > encoded.len) {
fprintf(stderr, "encoded v1.1 parity sbom missing\n");
goto cleanup;
}
ref_len = (uint32_t)((encoded.data[offset] << 24) |
(encoded.data[offset + 1] << 16) |
(encoded.data[offset + 2] << 8) |
encoded.data[offset + 3]);
offset += 4 + ref_len;
} else {
offset += 1;
}
if (offset + 4 > encoded.len) {
fprintf(stderr, "encoded v1.1 parity digest missing\n");
goto cleanup;
}
uint32_t digest_len = (uint32_t)((encoded.data[offset] << 24) |
(encoded.data[offset + 1] << 16) |
(encoded.data[offset + 2] << 8) |
encoded.data[offset + 3]);
offset += 4 + digest_len;
if (offset > encoded.len) {
fprintf(stderr, "encoded v1.1 parity digest truncated\n");
goto cleanup;
}
}
if (offset + 16 > encoded.len) {
fprintf(stderr, "encoded v1.1 timestamps missing\n");
goto cleanup;
}
offset += 16;
if (offset + 4 > encoded.len) {
fprintf(stderr, "encoded v1.1 ext_len missing\n");
goto cleanup;
}
ext_len = (size_t)((encoded.data[offset] << 24) |
(encoded.data[offset + 1] << 16) |
(encoded.data[offset + 2] << 8) |
encoded.data[offset + 3]);
ext_offset = offset + 4;
if (ext_offset + ext_len > encoded.len) {
fprintf(stderr, "encoded v1.1 ext payload truncated\n");
goto cleanup;
}
tlv_offset = ext_offset;
if (tlv_offset + 6 > encoded.len) {
fprintf(stderr, "encoded v1.1 tlv header missing\n");
goto cleanup;
}
tlv_offset += 2;
len_u32 = (uint32_t)((encoded.data[tlv_offset] << 24) |
(encoded.data[tlv_offset + 1] << 16) |
(encoded.data[tlv_offset + 2] << 8) |
encoded.data[tlv_offset + 3]);
tlv_offset += 4 + len_u32;
if (tlv_offset + 2 > encoded.len) {
fprintf(stderr, "encoded v1.1 second tlv missing\n");
goto cleanup;
}
((uint8_t *)mutated.data)[tlv_offset] = 0x00u;
((uint8_t *)mutated.data)[tlv_offset + 1] = 0x01u;
if (amduat_enc_fer1_receipt_decode_v1_1(mutated, &decoded)) {
fprintf(stderr, "duplicate tlv accepted\n");
amduat_enc_fer1_receipt_free(&decoded);
goto cleanup;
}
exit_code = 0;
cleanup:
if (mutated.data != NULL) {
free((void *)mutated.data);
}
free((void *)encoded.data);
return exit_code;
}
int main(void) {
if (test_receipt_round_trip() != 0) {
return 1;
@ -270,5 +758,14 @@ int main(void) {
if (test_receipt_helper() != 0) {
return 1;
}
if (test_receipt_helper_failed_run() != 0) {
return 1;
}
if (test_receipt_round_trip_v1_1() != 0) {
return 1;
}
if (test_receipt_v1_1_reject_duplicate_tag() != 0) {
return 1;
}
return 0;
}