policy: add detailed information in error results

Print out the policy error detail if policy check failed.

Signed-off-by: Jiaqi Gao <[email protected]>

src/migtd/src/ratls.rs

@@ -5,6 +5,7 @@
 use alloc::{string::ToString, vec::Vec};
 use policy::PolicyError;
 use rust_std_stub::io::{Read, Write};
+use td_payload::println;
 use tdx_tdcall::TdCallError;
 
 use crate::{event_log::get_event_log, mig_policy};
@@ -189,13 +190,19 @@ fn verify_peer_cert(
         verify_signature(&cert, verified_report_peer.as_slice())?;
 
         // MigTD-src acts as TLS client
-        return mig_policy::authenticate_policy(
+        let policy_check_result = mig_policy::authenticate_policy(
             is_client,
             verified_report_local.as_slice(),
             verified_report_peer.as_slice(),
             event_log,
-        )
-        .map_err(|e| match e {
+        );
+
+        if let Err(e) = &policy_check_result {
+            println!("Policy check failed, below is the detail information:");
+            println!("{:x?}", e);
+        }
+
+        return policy_check_result.map_err(|e| match e {
             PolicyError::InvalidPolicy => {
                 CryptoError::TlsVerifyPeerCert(INVALID_MIG_POLICY_ERROR.to_string())
             }

src/policy/src/config.rs

@@ -112,7 +112,7 @@ pub(crate) struct TdInfo {
     pub(crate) event_log: Option<BTreeMap<String, Property>>,
 }
 
-#[derive(Debug, Deserialize)]
+#[derive(Debug, Deserialize, Clone)]
 pub struct Property {
     pub(crate) operation: Operation,
     pub(crate) reference: Reference,
@@ -151,7 +151,7 @@ impl Property {
     }
 }
 
-#[derive(Debug)]
+#[derive(Debug, Clone)]
 pub(crate) enum Reference {
     Integer(Integer),
     String(RefString),
@@ -214,7 +214,7 @@ impl<'de> Deserialize<'de> for Reference {
     }
 }
 
-#[derive(Debug, PartialEq)]
+#[derive(Debug, PartialEq, Clone)]
 pub(crate) enum Operation {
     Equal,
     GreaterOrEqual,
@@ -244,7 +244,7 @@ impl<'de> Deserialize<'de> for Operation {
     }
 }
 
-#[derive(Debug)]
+#[derive(Debug, Clone)]
 pub(crate) struct Integer(usize);
 
 impl Integer {
@@ -257,7 +257,7 @@ impl Integer {
     }
 }
 
-#[derive(Debug)]
+#[derive(Debug, Clone)]
 pub(crate) struct RefString(pub(crate) String);
 
 impl RefString {
@@ -269,7 +269,7 @@ impl RefString {
     }
 }
 
-#[derive(Debug)]
+#[derive(Debug, Clone)]
 pub(crate) struct RefLocal;
 
 impl RefLocal {
@@ -299,7 +299,7 @@ impl RefLocal {
     }
 }
 
-#[derive(Debug)]
+#[derive(Debug, Clone)]
 pub(crate) struct IntegerRange(ops::Range<usize>);
 
 impl IntegerRange {
@@ -334,7 +334,7 @@ fn parse_range(input: &str) -> Option<ops::Range<usize>> {
     Some(start..end)
 }
 
-#[derive(Debug)]
+#[derive(Debug, Clone)]
 pub(crate) struct Array(Vec<u8>);
 
 impl Array {

src/policy/src/lib.rs

@@ -8,19 +8,40 @@ extern crate alloc;
 mod config;
 mod verify;
 
+use alloc::{format, string::String};
 pub use config::*;
 pub use verify::*;
 
 #[repr(C)]
-#[derive(Debug, PartialEq, Eq)]
+#[derive(Debug)]
 pub enum PolicyError {
     FailGetReport,
     InvalidParameter,
     InvalidPolicy,
     InvalidEventLog,
-    UnqulifiedPlatformInfo,
-    UnqulifiedQeInfo,
-    UnqulifiedTdxModuleInfo,
-    UnqulifiedMigTdInfo,
+    PlatformNotFound(String),
+    UnqulifiedPlatformInfo(PolicyErrorDetails),
+    UnqulifiedQeInfo(PolicyErrorDetails),
+    UnqulifiedTdxModuleInfo(PolicyErrorDetails),
+    UnqulifiedMigTdInfo(PolicyErrorDetails),
     Crypto,
 }
+
+#[derive(Debug)]
+pub struct PolicyErrorDetails {
+    pub property: String,
+    pub policy: Property,
+    pub local: String,
+    pub remote: String,
+}
+
+impl PolicyErrorDetails {
+    pub(crate) fn new(property: String, policy: Property, local: &[u8], remote: &[u8]) -> Self {
+        Self {
+            property,
+            policy,
+            local: format!("{:x?}", local),
+            remote: format!("{:x?}", remote),
+        }
+    }
+}