#include "amduat/enc/fer1_receipt.h" #include "amduat/fer/receipt.h" #include "amduat/pel/run.h" #include #include #include #include #include static const uint8_t k_expected_receipt_bytes[] = { 0x00, 0x01, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00, 0x06, 0x74, 0x65, 0x73, 0x74, 0x65, 0x72, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x01, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x60, 0x00, 0x00, 0x00, 0x03, 0xaa, 0xbb, 0xcc, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x51, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14 }; static const uint8_t k_expected_receipt_helper_bytes[] = { 0x00, 0x01, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00, 0x06, 0x74, 0x65, 0x73, 0x74, 0x65, 0x72, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x50, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14, }; static void fill_digest(uint8_t *out, uint8_t value) { memset(out, value, 32); } static amduat_reference_t make_ref(uint8_t value, uint8_t *storage) { fill_digest(storage, value); return amduat_reference(0x0001, amduat_octets(storage, 32)); } static bool bytes_equal(amduat_octets_t bytes, const uint8_t *expected, size_t expected_len) { if (bytes.len != expected_len) { return false; } if (bytes.len == 0) { return true; } return memcmp(bytes.data, expected, expected_len) == 0; } static int test_receipt_round_trip(void) { amduat_fer1_receipt_t receipt; amduat_octets_t encoded; amduat_octets_t mutated; amduat_fer1_receipt_t decoded; amduat_reference_t executor_refs[2]; amduat_fer1_parity_entry_t parity[2]; uint8_t f0[32], i0[32], e0[32], o0[32]; uint8_t ex0[32], ex1[32], sb0[32]; uint8_t digest0[] = {0xaa, 0xbb, 0xcc}; int exit_code = 1; memset(&receipt, 0, sizeof(receipt)); receipt.fer1_version = 1; receipt.function_ref = make_ref(0x11, f0); receipt.input_manifest_ref = make_ref(0x22, i0); receipt.environment_ref = make_ref(0x33, e0); receipt.evaluator_id = amduat_octets("tester", 6); receipt.output_ref = make_ref(0x44, o0); receipt.started_at = 10; receipt.completed_at = 20; executor_refs[0] = make_ref(0x50, ex0); executor_refs[1] = make_ref(0x51, ex1); receipt.executor_refs = executor_refs; receipt.executor_refs_len = 2; memset(parity, 0, sizeof(parity)); parity[0].executor_ref = executor_refs[0]; parity[0].output_ref = receipt.output_ref; parity[0].has_sbom_ref = true; parity[0].sbom_ref = make_ref(0x60, sb0); parity[0].parity_digest = amduat_octets(digest0, sizeof(digest0)); parity[1].executor_ref = executor_refs[1]; parity[1].output_ref = receipt.output_ref; parity[1].has_sbom_ref = false; parity[1].parity_digest = amduat_octets(NULL, 0); receipt.parity = parity; receipt.parity_len = 2; if (!amduat_enc_fer1_receipt_encode_v1(&receipt, &encoded)) { fprintf(stderr, "encode failed\n"); return exit_code; } if (!bytes_equal(encoded, k_expected_receipt_bytes, sizeof(k_expected_receipt_bytes))) { fprintf(stderr, "encoded bytes mismatch\n"); goto cleanup; } if (!amduat_enc_fer1_receipt_decode_v1(encoded, &decoded)) { fprintf(stderr, "decode failed\n"); goto cleanup; } if (!amduat_reference_eq(decoded.function_ref, receipt.function_ref) || !amduat_reference_eq(decoded.input_manifest_ref, receipt.input_manifest_ref) || !amduat_reference_eq(decoded.environment_ref, receipt.environment_ref) || !amduat_reference_eq(decoded.output_ref, receipt.output_ref)) { fprintf(stderr, "decoded refs mismatch\n"); goto cleanup_decoded; } if (!amduat_octets_eq(decoded.evaluator_id, receipt.evaluator_id) || decoded.executor_refs_len != 2 || decoded.parity_len != 2 || decoded.started_at != receipt.started_at || decoded.completed_at != receipt.completed_at) { fprintf(stderr, "decoded fields mismatch\n"); goto cleanup_decoded; } if (!amduat_reference_eq(decoded.executor_refs[0], executor_refs[0]) || !amduat_reference_eq(decoded.executor_refs[1], executor_refs[1]) || !amduat_reference_eq(decoded.parity[0].executor_ref, executor_refs[0]) || !amduat_reference_eq(decoded.parity[0].output_ref, receipt.output_ref) || !decoded.parity[0].has_sbom_ref || !amduat_reference_eq(decoded.parity[0].sbom_ref, parity[0].sbom_ref) || !amduat_octets_eq(decoded.parity[0].parity_digest, parity[0].parity_digest) || !amduat_reference_eq(decoded.parity[1].executor_ref, executor_refs[1]) || !amduat_reference_eq(decoded.parity[1].output_ref, receipt.output_ref) || decoded.parity[1].has_sbom_ref || decoded.parity[1].parity_digest.len != 0) { fprintf(stderr, "decoded parity mismatch\n"); goto cleanup_decoded; } exit_code = 0; cleanup_decoded: amduat_enc_fer1_receipt_free(&decoded); cleanup: free((void *)encoded.data); return exit_code; } static int test_invalid_receipt_version(void) { uint8_t bad_bytes[sizeof(k_expected_receipt_bytes)]; amduat_octets_t bytes; amduat_fer1_receipt_t decoded; memcpy(bad_bytes, k_expected_receipt_bytes, sizeof(bad_bytes)); bad_bytes[1] = 0x02; bytes = amduat_octets(bad_bytes, sizeof(bad_bytes)); if (amduat_enc_fer1_receipt_decode_v1(bytes, &decoded)) { fprintf(stderr, "invalid receipt version accepted\n"); amduat_enc_fer1_receipt_free(&decoded); return 1; } return 0; } static int test_receipt_helper(void) { amduat_pel_surface_execution_result_t pel_result; amduat_artifact_t artifact; amduat_reference_t output_ref; uint8_t f0[32], i0[32], e0[32], o0[32]; uint8_t ex0[32]; memset(&pel_result, 0, sizeof(pel_result)); pel_result.pel1_version = 1; pel_result.program_ref = make_ref(0x11, f0); pel_result.output_refs = &output_ref; pel_result.output_refs_len = 1; output_ref = make_ref(0x44, o0); if (!amduat_fer1_receipt_from_pel_result( &pel_result, make_ref(0x22, i0), make_ref(0x33, e0), amduat_octets("tester", 6), make_ref(0x50, ex0), false, amduat_reference(0, amduat_octets(NULL, 0)), amduat_octets(NULL, 0), 10, 20, &artifact)) { fprintf(stderr, "helper failed\n"); return 1; } if (!bytes_equal(artifact.bytes, k_expected_receipt_helper_bytes, sizeof(k_expected_receipt_helper_bytes))) { fprintf(stderr, "helper bytes mismatch\n"); amduat_artifact_free(&artifact); return 1; } amduat_artifact_free(&artifact); return 0; } static int test_receipt_helper_failed_run(void) { amduat_pel_run_result_t pel_run; amduat_artifact_t artifact; amduat_fer1_receipt_t decoded; uint8_t f0[32], i0[32], e0[32], r0[32]; uint8_t ex0[32]; int exit_code = 1; memset(&pel_run, 0, sizeof(pel_run)); pel_run.result_ref = make_ref(0x77, r0); pel_run.output_refs = NULL; pel_run.output_refs_len = 0; pel_run.has_result_value = true; pel_run.result_value.pel1_version = 1; pel_run.result_value.program_ref = make_ref(0x11, f0); if (!amduat_fer1_receipt_from_pel_run( &pel_run, make_ref(0x22, i0), make_ref(0x33, e0), amduat_octets("tester", 6), make_ref(0x50, ex0), false, amduat_reference(0, amduat_octets(NULL, 0)), amduat_octets(NULL, 0), 10, 20, &artifact)) { fprintf(stderr, "failed run helper failed\n"); return exit_code; } if (!amduat_enc_fer1_receipt_decode_v1(artifact.bytes, &decoded)) { fprintf(stderr, "failed run helper decode failed\n"); amduat_artifact_free(&artifact); return exit_code; } if (!amduat_reference_eq(decoded.output_ref, pel_run.result_ref) || !amduat_reference_eq(decoded.function_ref, pel_run.result_value.program_ref)) { fprintf(stderr, "failed run helper decoded refs mismatch\n"); goto cleanup_decoded; } exit_code = 0; cleanup_decoded: amduat_enc_fer1_receipt_free(&decoded); amduat_artifact_free(&artifact); return exit_code; } static int test_receipt_round_trip_v1_1(void) { amduat_fer1_receipt_t receipt; amduat_octets_t encoded; amduat_fer1_receipt_t decoded; amduat_octets_t mutated; amduat_reference_t executor_refs[1]; amduat_fer1_parity_entry_t parity[1]; amduat_fer1_log_entry_t logs[2]; uint8_t f0[32], i0[32], e0[32], o0[32]; uint8_t ex0[32], fp0[32], lr0[32], lr1[32]; uint8_t digest0[] = {0xaa, 0xbb, 0xcc}; uint8_t run_id[] = {0x01, 0x02, 0x03, 0x04}; uint8_t rng_seed[] = {0x09, 0x08, 0x07}; uint8_t signature[] = {0xde, 0xad, 0xbe, 0xef}; int exit_code = 1; memset(&receipt, 0, sizeof(receipt)); receipt.fer1_version = AMDUAT_FER1_VERSION_1_1; receipt.function_ref = make_ref(0x11, f0); receipt.input_manifest_ref = make_ref(0x22, i0); receipt.environment_ref = make_ref(0x33, e0); receipt.evaluator_id = amduat_octets("tester", 6); receipt.output_ref = make_ref(0x44, o0); receipt.started_at = 10; receipt.completed_at = 20; executor_refs[0] = make_ref(0x50, ex0); receipt.executor_refs = executor_refs; receipt.executor_refs_len = 1; memset(parity, 0, sizeof(parity)); parity[0].executor_ref = executor_refs[0]; parity[0].output_ref = receipt.output_ref; parity[0].has_sbom_ref = false; parity[0].parity_digest = amduat_octets(digest0, sizeof(digest0)); receipt.parity = parity; receipt.parity_len = 1; receipt.has_executor_fingerprint_ref = true; receipt.executor_fingerprint_ref = make_ref(0x66, fp0); receipt.has_run_id = true; receipt.run_id = amduat_octets(run_id, sizeof(run_id)); receipt.has_limits = true; receipt.limits.cpu_ms = 1; receipt.limits.wall_ms = 2; receipt.limits.max_rss_kib = 3; receipt.limits.io_reads = 4; receipt.limits.io_writes = 5; memset(logs, 0, sizeof(logs)); logs[0].kind = 1; logs[0].log_ref = make_ref(0x70, lr0); logs[0].sha256 = amduat_octets(digest0, sizeof(digest0)); logs[1].kind = 2; logs[1].log_ref = make_ref(0x71, lr1); logs[1].sha256 = amduat_octets(NULL, 0); receipt.logs = logs; receipt.logs_len = 2; receipt.has_determinism = true; receipt.determinism_level = 2; receipt.has_rng_seed = true; receipt.rng_seed = amduat_octets(rng_seed, sizeof(rng_seed)); receipt.has_signature = true; receipt.signature = amduat_octets(signature, sizeof(signature)); if (!amduat_enc_fer1_receipt_encode_v1_1(&receipt, &encoded)) { fprintf(stderr, "encode v1.1 failed\n"); return exit_code; } if (!amduat_enc_fer1_receipt_decode_v1_1(encoded, &decoded)) { fprintf(stderr, "decode v1.1 failed\n"); goto cleanup; } if (decoded.fer1_version != AMDUAT_FER1_VERSION_1_1 || !amduat_reference_eq(decoded.function_ref, receipt.function_ref) || !amduat_reference_eq(decoded.input_manifest_ref, receipt.input_manifest_ref) || !amduat_reference_eq(decoded.environment_ref, receipt.environment_ref) || !amduat_reference_eq(decoded.output_ref, receipt.output_ref)) { fprintf(stderr, "decoded v1.1 refs mismatch\n"); goto cleanup_decoded; } if (!decoded.has_executor_fingerprint_ref || !amduat_reference_eq(decoded.executor_fingerprint_ref, receipt.executor_fingerprint_ref) || !decoded.has_run_id || !amduat_octets_eq(decoded.run_id, receipt.run_id) || !decoded.has_determinism || decoded.determinism_level != receipt.determinism_level || !decoded.has_rng_seed || !amduat_octets_eq(decoded.rng_seed, receipt.rng_seed) || !decoded.has_signature || !amduat_octets_eq(decoded.signature, receipt.signature) || !decoded.has_limits || decoded.limits.cpu_ms != receipt.limits.cpu_ms || decoded.limits.wall_ms != receipt.limits.wall_ms || decoded.limits.max_rss_kib != receipt.limits.max_rss_kib || decoded.limits.io_reads != receipt.limits.io_reads || decoded.limits.io_writes != receipt.limits.io_writes) { fprintf(stderr, "decoded v1.1 fields mismatch\n"); goto cleanup_decoded; } if (decoded.logs_len != receipt.logs_len || !amduat_reference_eq(decoded.logs[0].log_ref, logs[0].log_ref) || decoded.logs[0].kind != logs[0].kind || !amduat_octets_eq(decoded.logs[0].sha256, logs[0].sha256) || !amduat_reference_eq(decoded.logs[1].log_ref, logs[1].log_ref) || decoded.logs[1].kind != logs[1].kind || decoded.logs[1].sha256.len != 0) { fprintf(stderr, "decoded v1.1 logs mismatch\n"); goto cleanup_decoded; } exit_code = 0; cleanup_decoded: amduat_enc_fer1_receipt_free(&decoded); cleanup: free((void *)encoded.data); return exit_code; } static int test_receipt_v1_1_reject_duplicate_tag(void) { amduat_fer1_receipt_t receipt; amduat_octets_t encoded; amduat_fer1_receipt_t decoded; amduat_octets_t mutated; amduat_reference_t executor_refs[1]; amduat_fer1_parity_entry_t parity[1]; amduat_fer1_log_entry_t logs[1]; uint8_t f0[32], i0[32], e0[32], o0[32]; uint8_t ex0[32], fp0[32], lr0[32]; uint8_t digest0[] = {0xaa, 0xbb, 0xcc}; uint8_t run_id[] = {0x01, 0x02, 0x03, 0x04}; size_t offset = 0; size_t ext_len = 0; size_t ext_offset = 0; size_t tlv_offset = 0; uint32_t len_u32 = 0; size_t count = 0; size_t i = 0; int exit_code = 1; memset(&receipt, 0, sizeof(receipt)); receipt.fer1_version = AMDUAT_FER1_VERSION_1_1; receipt.function_ref = make_ref(0x11, f0); receipt.input_manifest_ref = make_ref(0x22, i0); receipt.environment_ref = make_ref(0x33, e0); receipt.evaluator_id = amduat_octets("tester", 6); receipt.output_ref = make_ref(0x44, o0); receipt.started_at = 10; receipt.completed_at = 20; executor_refs[0] = make_ref(0x50, ex0); receipt.executor_refs = executor_refs; receipt.executor_refs_len = 1; memset(parity, 0, sizeof(parity)); parity[0].executor_ref = executor_refs[0]; parity[0].output_ref = receipt.output_ref; parity[0].has_sbom_ref = false; parity[0].parity_digest = amduat_octets(digest0, sizeof(digest0)); receipt.parity = parity; receipt.parity_len = 1; receipt.has_executor_fingerprint_ref = true; receipt.executor_fingerprint_ref = make_ref(0x66, fp0); receipt.has_run_id = true; receipt.run_id = amduat_octets(run_id, sizeof(run_id)); receipt.has_limits = true; receipt.limits.cpu_ms = 1; receipt.limits.wall_ms = 2; receipt.limits.max_rss_kib = 3; receipt.limits.io_reads = 4; receipt.limits.io_writes = 5; memset(logs, 0, sizeof(logs)); logs[0].kind = 1; logs[0].log_ref = make_ref(0x70, lr0); logs[0].sha256 = amduat_octets(digest0, sizeof(digest0)); receipt.logs = logs; receipt.logs_len = 1; if (!amduat_enc_fer1_receipt_encode_v1_1(&receipt, &encoded)) { fprintf(stderr, "encode v1.1 failed\n"); return exit_code; } if (encoded.len < 2) { fprintf(stderr, "encoded v1.1 too short\n"); goto cleanup; } mutated = amduat_octets(NULL, 0u); if (encoded.len != 0) { uint8_t *buffer = (uint8_t *)malloc(encoded.len); if (buffer == NULL) { fprintf(stderr, "encoded v1.1 alloc failed\n"); goto cleanup; } memcpy(buffer, encoded.data, encoded.len); mutated = amduat_octets(buffer, encoded.len); } if (mutated.data == NULL || mutated.len != encoded.len) { fprintf(stderr, "encoded v1.1 clone failed\n"); goto cleanup; } if (encoded.len - offset < 2) { fprintf(stderr, "encoded v1.1 header too short\n"); goto cleanup; } offset += 2; if (offset + 4 > encoded.len) { fprintf(stderr, "encoded v1.1 function_ref missing\n"); goto cleanup; } len_u32 = (uint32_t)((encoded.data[offset] << 24) | (encoded.data[offset + 1] << 16) | (encoded.data[offset + 2] << 8) | encoded.data[offset + 3]); offset += 4 + len_u32; if (offset > encoded.len) { fprintf(stderr, "encoded v1.1 function_ref truncated\n"); goto cleanup; } if (offset + 4 > encoded.len) { fprintf(stderr, "encoded v1.1 input_manifest_ref missing\n"); goto cleanup; } len_u32 = (uint32_t)((encoded.data[offset] << 24) | (encoded.data[offset + 1] << 16) | (encoded.data[offset + 2] << 8) | encoded.data[offset + 3]); offset += 4 + len_u32; if (offset > encoded.len) { fprintf(stderr, "encoded v1.1 input_manifest_ref truncated\n"); goto cleanup; } if (offset + 4 > encoded.len) { fprintf(stderr, "encoded v1.1 environment_ref missing\n"); goto cleanup; } len_u32 = (uint32_t)((encoded.data[offset] << 24) | (encoded.data[offset + 1] << 16) | (encoded.data[offset + 2] << 8) | encoded.data[offset + 3]); offset += 4 + len_u32; if (offset > encoded.len) { fprintf(stderr, "encoded v1.1 environment_ref truncated\n"); goto cleanup; } if (offset + 4 > encoded.len) { fprintf(stderr, "encoded v1.1 evaluator_id missing\n"); goto cleanup; } len_u32 = (uint32_t)((encoded.data[offset] << 24) | (encoded.data[offset + 1] << 16) | (encoded.data[offset + 2] << 8) | encoded.data[offset + 3]); offset += 4 + len_u32; if (offset > encoded.len) { fprintf(stderr, "encoded v1.1 evaluator_id truncated\n"); goto cleanup; } if (offset + 4 > encoded.len) { fprintf(stderr, "encoded v1.1 output_ref missing\n"); goto cleanup; } len_u32 = (uint32_t)((encoded.data[offset] << 24) | (encoded.data[offset + 1] << 16) | (encoded.data[offset + 2] << 8) | encoded.data[offset + 3]); offset += 4 + len_u32; if (offset > encoded.len) { fprintf(stderr, "encoded v1.1 output_ref truncated\n"); goto cleanup; } if (offset + 4 > encoded.len) { fprintf(stderr, "encoded v1.1 executor_count missing\n"); goto cleanup; } len_u32 = (uint32_t)((encoded.data[offset] << 24) | (encoded.data[offset + 1] << 16) | (encoded.data[offset + 2] << 8) | encoded.data[offset + 3]); offset += 4; count = (size_t)len_u32; for (i = 0; i < count; ++i) { if (offset + 4 > encoded.len) { fprintf(stderr, "encoded v1.1 executor_ref missing\n"); goto cleanup; } uint32_t ref_len = (uint32_t)((encoded.data[offset] << 24) | (encoded.data[offset + 1] << 16) | (encoded.data[offset + 2] << 8) | encoded.data[offset + 3]); offset += 4 + ref_len; if (offset > encoded.len) { fprintf(stderr, "encoded v1.1 executor_ref truncated\n"); goto cleanup; } } if (offset + 4 > encoded.len) { fprintf(stderr, "encoded v1.1 parity_count missing\n"); goto cleanup; } len_u32 = (uint32_t)((encoded.data[offset] << 24) | (encoded.data[offset + 1] << 16) | (encoded.data[offset + 2] << 8) | encoded.data[offset + 3]); offset += 4; count = (size_t)len_u32; for (i = 0; i < count; ++i) { if (offset + 4 > encoded.len) { fprintf(stderr, "encoded v1.1 parity executor_ref missing\n"); goto cleanup; } uint32_t ref_len = (uint32_t)((encoded.data[offset] << 24) | (encoded.data[offset + 1] << 16) | (encoded.data[offset + 2] << 8) | encoded.data[offset + 3]); offset += 4 + ref_len; if (offset + 4 > encoded.len) { fprintf(stderr, "encoded v1.1 parity output_ref missing\n"); goto cleanup; } ref_len = (uint32_t)((encoded.data[offset] << 24) | (encoded.data[offset + 1] << 16) | (encoded.data[offset + 2] << 8) | encoded.data[offset + 3]); offset += 4 + ref_len; if (offset >= encoded.len) { fprintf(stderr, "encoded v1.1 parity truncated\n"); goto cleanup; } if (encoded.data[offset] == 0x01u) { offset += 1; if (offset + 4 > encoded.len) { fprintf(stderr, "encoded v1.1 parity sbom missing\n"); goto cleanup; } ref_len = (uint32_t)((encoded.data[offset] << 24) | (encoded.data[offset + 1] << 16) | (encoded.data[offset + 2] << 8) | encoded.data[offset + 3]); offset += 4 + ref_len; } else { offset += 1; } if (offset + 4 > encoded.len) { fprintf(stderr, "encoded v1.1 parity digest missing\n"); goto cleanup; } uint32_t digest_len = (uint32_t)((encoded.data[offset] << 24) | (encoded.data[offset + 1] << 16) | (encoded.data[offset + 2] << 8) | encoded.data[offset + 3]); offset += 4 + digest_len; if (offset > encoded.len) { fprintf(stderr, "encoded v1.1 parity digest truncated\n"); goto cleanup; } } if (offset + 16 > encoded.len) { fprintf(stderr, "encoded v1.1 timestamps missing\n"); goto cleanup; } offset += 16; if (offset + 4 > encoded.len) { fprintf(stderr, "encoded v1.1 ext_len missing\n"); goto cleanup; } ext_len = (size_t)((encoded.data[offset] << 24) | (encoded.data[offset + 1] << 16) | (encoded.data[offset + 2] << 8) | encoded.data[offset + 3]); ext_offset = offset + 4; if (ext_offset + ext_len > encoded.len) { fprintf(stderr, "encoded v1.1 ext payload truncated\n"); goto cleanup; } tlv_offset = ext_offset; if (tlv_offset + 6 > encoded.len) { fprintf(stderr, "encoded v1.1 tlv header missing\n"); goto cleanup; } tlv_offset += 2; len_u32 = (uint32_t)((encoded.data[tlv_offset] << 24) | (encoded.data[tlv_offset + 1] << 16) | (encoded.data[tlv_offset + 2] << 8) | encoded.data[tlv_offset + 3]); tlv_offset += 4 + len_u32; if (tlv_offset + 2 > encoded.len) { fprintf(stderr, "encoded v1.1 second tlv missing\n"); goto cleanup; } ((uint8_t *)mutated.data)[tlv_offset] = 0x00u; ((uint8_t *)mutated.data)[tlv_offset + 1] = 0x01u; if (amduat_enc_fer1_receipt_decode_v1_1(mutated, &decoded)) { fprintf(stderr, "duplicate tlv accepted\n"); amduat_enc_fer1_receipt_free(&decoded); goto cleanup; } exit_code = 0; cleanup: if (mutated.data != NULL) { free((void *)mutated.data); } free((void *)encoded.data); return exit_code; } static int test_receipt_helper_v1_1(void) { amduat_pel_run_result_t pel_run; amduat_artifact_t artifact; amduat_fer1_receipt_t decoded; amduat_fer1_log_entry_t log_entry; amduat_fer1_limits_t limits; uint8_t f0[32], i0[32], e0[32], o0[32], ex0[32], fp0[32], lr0[32]; uint8_t run_id[] = {0x01, 0x02, 0x03, 0x04}; uint8_t rng_seed[] = {0x09, 0x08, 0x07}; uint8_t signature[] = {0xde, 0xad, 0xbe, 0xef}; uint8_t digest0[] = {0xaa, 0xbb, 0xcc}; int exit_code = 1; memset(&pel_run, 0, sizeof(pel_run)); pel_run.result_ref = make_ref(0x77, o0); pel_run.output_refs = &pel_run.result_ref; pel_run.output_refs_len = 1; pel_run.has_result_value = true; pel_run.result_value.pel1_version = 1; pel_run.result_value.program_ref = make_ref(0x11, f0); memset(&limits, 0, sizeof(limits)); limits.cpu_ms = 1; limits.wall_ms = 2; limits.max_rss_kib = 3; limits.io_reads = 4; limits.io_writes = 5; memset(&log_entry, 0, sizeof(log_entry)); log_entry.kind = 1; log_entry.log_ref = make_ref(0x70, lr0); log_entry.sha256 = amduat_octets(digest0, sizeof(digest0)); if (!amduat_fer1_receipt_from_pel_run_v1_1( &pel_run, make_ref(0x22, i0), make_ref(0x33, e0), amduat_octets("tester", 6), make_ref(0x50, ex0), false, amduat_reference(0, amduat_octets(NULL, 0)), amduat_octets(NULL, 0), 10, 20, true, make_ref(0x66, fp0), true, amduat_octets(run_id, sizeof(run_id)), true, limits, &log_entry, 1, true, 2, true, amduat_octets(rng_seed, sizeof(rng_seed)), true, amduat_octets(signature, sizeof(signature)), &artifact)) { fprintf(stderr, "v1.1 helper failed\n"); return exit_code; } if (!amduat_enc_fer1_receipt_decode_v1_1(artifact.bytes, &decoded)) { fprintf(stderr, "v1.1 helper decode failed\n"); amduat_artifact_free(&artifact); return exit_code; } if (!decoded.has_run_id || !decoded.has_limits || !decoded.has_determinism || !decoded.has_signature || !amduat_reference_eq(decoded.output_ref, pel_run.result_ref)) { fprintf(stderr, "v1.1 helper decoded fields mismatch\n"); goto cleanup_decoded; } exit_code = 0; cleanup_decoded: amduat_enc_fer1_receipt_free(&decoded); amduat_artifact_free(&artifact); return exit_code; } static int test_receipt_helper_v1_1_failed_run(void) { amduat_pel_run_result_t pel_run; amduat_artifact_t artifact; amduat_fer1_receipt_t decoded; uint8_t f0[32], i0[32], e0[32], r0[32], ex0[32]; int exit_code = 1; memset(&pel_run, 0, sizeof(pel_run)); pel_run.result_ref = make_ref(0x77, r0); pel_run.output_refs = NULL; pel_run.output_refs_len = 0; pel_run.has_result_value = true; pel_run.result_value.pel1_version = 1; pel_run.result_value.program_ref = make_ref(0x11, f0); if (!amduat_fer1_receipt_from_pel_run_v1_1( &pel_run, make_ref(0x22, i0), make_ref(0x33, e0), amduat_octets("tester", 6), make_ref(0x50, ex0), false, amduat_reference(0, amduat_octets(NULL, 0)), amduat_octets(NULL, 0), 10, 20, false, amduat_reference(0, amduat_octets(NULL, 0)), false, amduat_octets(NULL, 0), false, (amduat_fer1_limits_t){0}, NULL, 0, false, 0, false, amduat_octets(NULL, 0), false, amduat_octets(NULL, 0), &artifact)) { fprintf(stderr, "v1.1 failed run helper failed\n"); return exit_code; } if (!amduat_enc_fer1_receipt_decode_v1_1(artifact.bytes, &decoded)) { fprintf(stderr, "v1.1 failed run helper decode failed\n"); amduat_artifact_free(&artifact); return exit_code; } if (!amduat_reference_eq(decoded.output_ref, pel_run.result_ref)) { fprintf(stderr, "v1.1 failed run output_ref mismatch\n"); goto cleanup_decoded; } exit_code = 0; cleanup_decoded: amduat_enc_fer1_receipt_free(&decoded); amduat_artifact_free(&artifact); return exit_code; } int main(void) { if (test_receipt_round_trip() != 0) { return 1; } if (test_invalid_receipt_version() != 0) { return 1; } if (test_receipt_helper() != 0) { return 1; } if (test_receipt_helper_failed_run() != 0) { return 1; } if (test_receipt_round_trip_v1_1() != 0) { return 1; } if (test_receipt_v1_1_reject_duplicate_tag() != 0) { return 1; } if (test_receipt_helper_v1_1() != 0) { return 1; } if (test_receipt_helper_v1_1_failed_run() != 0) { return 1; } return 0; }