Skip to content

Commit

Permalink
Resolve suggestions made to PR from community
Browse files Browse the repository at this point in the history
1. In deps\verifier\src\snp\mod.rs:

i. Rename function request_endorsement_key_kds() -> fetch_vcek_from_kds()
ii. KDS URL Parameter consts shifted to top of file
iii. Corrected spacing around key and curly baces in vcek_rsp.status() match

2. In deps/verifier/Cargo.toml
i. set reqwest = workspace.true

Signed-off-by: Adithya Krishnan Kannan <[email protected]>
  • Loading branch information
AdithyaKrishnan committed Nov 4, 2024
1 parent 557b9ab commit 0494cab
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 64 deletions.
64 changes: 7 additions & 57 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion deps/verifier/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ strum.workspace = true
veraison-apiclient = { git = "https://github.com/chendave/rust-apiclient", branch = "token", optional = true }
ear = { git = "https://github.com/veraison/rust-ear", rev = "43f7f480d09ea2ebc03137af8fbcd70fe3df3468", optional = true }
x509-parser = { version = "0.14.0", optional = true }
reqwest = { version="0.12.9", features = ["blocking"] }
reqwest.workspace = true

[build-dependencies]
shadow-rs.workspace = true
Expand Down
13 changes: 7 additions & 6 deletions deps/verifier/src/snp/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,10 @@ const SNP_SPL_OID: Oid<'static> = oid!(1.3.6 .1 .4 .1 .3704 .1 .3 .3);
const TEE_SPL_OID: Oid<'static> = oid!(1.3.6 .1 .4 .1 .3704 .1 .3 .2);
const LOADER_SPL_OID: Oid<'static> = oid!(1.3.6 .1 .4 .1 .3704 .1 .3 .1);

// KDS URL parameters
const KDS_CERT_SITE: &str = "https://kdsintf.amd.com";
const KDS_VCEK: &str = "/vcek/v1";

#[derive(Debug)]
pub struct Snp {
vendor_certs: VendorCertificates,
Expand Down Expand Up @@ -88,7 +92,7 @@ impl Verifier for Snp {
let cert_chain = if let Some(chain) = cert_chain{
chain
} else {
request_endorsement_key_kds(report)?
fetch_vcek_from_kds(report)?
};

verify_report_signature(&report, &cert_chain, &self.vendor_certs)?;
Expand Down Expand Up @@ -311,12 +315,9 @@ fn get_common_name(cert: &x509::X509) -> Result<String> {
}

// Function to request vcek from KDS. Return vcek in der format.
fn request_endorsement_key_kds(
fn fetch_vcek_from_kds(
att_report: AttestationReport,
) -> Result<Vec<CertTableEntry>, anyhow::Error> {
// KDS URL parameters
const KDS_CERT_SITE: &str = "https://kdsintf.amd.com";
const KDS_VCEK: &str = "/vcek/v1";
// Use attestation report to get data for URL
let hw_id: String = hex::encode(att_report.chip_id);

Expand All @@ -335,7 +336,7 @@ fn request_endorsement_key_kds(
StatusCode::OK => {
let vcek_rsp_bytes: Vec<u8> =
vcek_rsp.bytes().context("Unable to parse VCEK")?.to_vec();
let key= CertTableEntry{cert_type: CertType::VCEK, data: vcek_rsp_bytes};
let key = CertTableEntry { cert_type: CertType::VCEK, data: vcek_rsp_bytes };
Ok(vec![key])
}
status => Err(anyhow::anyhow!("Unable to fetch VCEK from URL: {status:?}")),
Expand Down

0 comments on commit 0494cab

Please sign in to comment.