runtime: Add conditional SGX attestation parsing for rofl.Register txs

.changelog/876.feature.md

@@ -0,0 +1 @@
+runtime: Add conditional SGX attestation parsing for rofl.Register txs

analyzer/runtime/extract.go

@@ -17,7 +17,10 @@ import (
 	"github.com/ethereum/go-ethereum/accounts/abi"
 	ethCommon "github.com/ethereum/go-ethereum/common"
 	"github.com/oasisprotocol/oasis-core/go/common/cbor"
+	"github.com/oasisprotocol/oasis-core/go/common/crypto/signature"
 	"github.com/oasisprotocol/oasis-core/go/common/quantity"
+	"github.com/oasisprotocol/oasis-core/go/common/sgx/pcs"
+	"github.com/oasisprotocol/oasis-core/go/common/sgx/quote"
 	sdkConfig "github.com/oasisprotocol/oasis-sdk/client-sdk/go/config"
 	"github.com/oasisprotocol/oasis-sdk/client-sdk/go/modules/accounts"
 	"github.com/oasisprotocol/oasis-sdk/client-sdk/go/modules/consensusaccounts"
@@ -35,6 +38,7 @@ import (
 	"github.com/oasisprotocol/nexus/analyzer/util/eth"
 	apiTypes "github.com/oasisprotocol/nexus/api/v1/types"
 	"github.com/oasisprotocol/nexus/common"
+	"github.com/oasisprotocol/nexus/coreapi/v24.0/common/node"
 	"github.com/oasisprotocol/nexus/log"
 	"github.com/oasisprotocol/nexus/storage"
 	"github.com/oasisprotocol/nexus/storage/oasis/nodeapi"
@@ -534,7 +538,63 @@ func ExtractRound(blockHeader nodeapi.RuntimeBlockHeader, txrs []nodeapi.Runtime
 					return nil
 				},
 				RoflRegister: func(body *rofl.Register) error {
-					blockTransactionData.Body = body
+					// Serialize the transaction body with enhanced attestation parsing for SGX hardware.
+					// If the CapabilityTEE's hardware type is SGX, attempts to parse the attestation field,
+					// replacing it with a structured SGXAttestation. If parsing fails or the hardware type
+					// is not SGX, the original transaction body is returned unchanged.
+					customSerialize := func(body *rofl.Register) interface{} {
+						// If not SGX attestation, return original body.
+						if uint8(body.EndorsedCapability.CapabilityTEE.Hardware) != uint8(node.TEEHardwareIntelSGX) {
+							return body
+						}
+
+						// Try parsing the SGX Attestation.
+						var sa node.SGXAttestation
+						if err := cbor.Unmarshal(body.EndorsedCapability.CapabilityTEE.Attestation, &sa); err != nil {
+							logger.Error("error unmarshalling SGX attestation", "err", err)
+							return body
+						}
+
+						// Try parsing the PCS Quote. (We don't try parsing the IAS quote since it's deprecated).
+						var pcsQuote pcs.Quote
+						if sa.Quote.PCS != nil {
+							if err := pcsQuote.UnmarshalBinary(sa.Quote.PCS.Quote); err != nil {
+								return body
+							}
+						}
+
+						type ParsedAttestation struct {
+							node.SGXAttestation
+							Quote struct {
+								quote.Quote
+								PCS *struct {
+									pcs.QuoteBundle
+									Quote pcs.Quote `json:"quote"`
+								}
+							} `json:"quote"`
+						}
+						parsedRegister := struct {
+							rofl.Register
+							// Override Attestation field.
+							EndorsedCapability struct {
+								CapabilityTEE struct {
+									node.CapabilityTEE
+									Attestation ParsedAttestation `json:"attestation"`
+								} `json:"capability_tee"`
+								NodeEndorsement signature.Signature `json:"node_endorsement"`
+							} `json:"ect"` //nolint: misspell
+						}{
+							Register: *body,
+						}
+						parsedRegister.EndorsedCapability.CapabilityTEE.Attestation = ParsedAttestation{
+							SGXAttestation: sa,
+						}
+						parsedRegister.EndorsedCapability.CapabilityTEE.Attestation.Quote.Quote = sa.Quote
+
+						return parsedRegister
+					}
+
+					blockTransactionData.Body = customSerialize(body)
 					return nil
 				},
 				UnknownMethod: func(methodName string) error {