Skip to content

Commit

Permalink
chore(deps): Bump kbs-types from 0.6.0 to 0.7.0
Browse files Browse the repository at this point in the history
Signed-off-by: Mikko Ylinen <[email protected]>
  • Loading branch information
mythi committed Jul 26, 2024
1 parent 5e27ab3 commit 6a263c4
Show file tree
Hide file tree
Showing 7 changed files with 51 additions and 18 deletions.
22 changes: 16 additions & 6 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ env_logger = "0.10.0"
hex = "0.4.3"
jwt-simple = "0.11"
kbs_protocol = { git = "https://github.com/confidential-containers/guest-components.git", rev="9bd6f06a9704e01808e91abde130dffb20e632a5", default-features = false }
kbs-types = "0.6.0"
kbs-types = "0.7.0"
kms = { git = "https://github.com/confidential-containers/guest-components.git", rev="9bd6f06a9704e01808e91abde130dffb20e632a5", default-features = false }
jsonwebtoken = { version = "9", default-features = false }
log = "0.4.17"
Expand All @@ -49,4 +49,4 @@ thiserror = "1.0"
tokio = { version = "1", features = ["full"] }
tempfile = "3.4.0"
tonic = "0.11"
tonic-build = "0.11"
tonic-build = "0.11"
6 changes: 5 additions & 1 deletion kbs/src/attestation/coco/builtin.rs
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,11 @@ impl Attest for BuiltInCoCoAs {
.await
}

async fn generate_challenge(&self, tee: Tee, tee_parameters: String) -> Result<Challenge> {
async fn generate_challenge(
&self,
tee: Tee,
tee_parameters: serde_json::Value,
) -> Result<Challenge> {
let nonce = match tee {
Tee::Se => {
self.inner
Expand Down
6 changes: 5 additions & 1 deletion kbs/src/attestation/coco/grpc.rs
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,11 @@ impl Attest for GrpcClientPool {
Ok(token)
}

async fn generate_challenge(&self, tee: Tee, tee_parameters: String) -> Result<Challenge> {
async fn generate_challenge(
&self,
tee: Tee,
tee_parameters: serde_json::Value,
) -> Result<Challenge> {
let nonce = match tee {
Tee::Se => {
let mut inner = HashMap::new();
Expand Down
2 changes: 1 addition & 1 deletion kbs/src/attestation/intel_trust_authority/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ impl Attest for IntelTrustAuthority {
let attestation = serde_json::from_str::<Attestation>(attestation)
.map_err(|e| anyhow!("Deserialize Attestation failed: {:?}", e))?;
let evidence =
serde_json::from_str::<IntelTrustAuthorityTeeEvidence>(&attestation.tee_evidence)
serde_json::from_value::<IntelTrustAuthorityTeeEvidence>(attestation.tee_evidence)
.map_err(|e| anyhow!("Deserialize supported TEE Evidence failed: {:?}", e))?;

let runtime_data = json!({
Expand Down
14 changes: 11 additions & 3 deletions kbs/src/attestation/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,11 @@ pub trait Attest: Send + Sync {
async fn verify(&self, tee: Tee, nonce: &str, attestation: &str) -> Result<String>;

/// generate the Challenge to pass to attester based on Tee and nonce
async fn generate_challenge(&self, _tee: Tee, _tee_parameters: String) -> Result<Challenge> {
async fn generate_challenge(
&self,
_tee: Tee,
_tee_parameters: serde_json::Value,
) -> Result<Challenge> {
let mut nonce: Vec<u8> = vec![0; 32];

thread_rng()
Expand All @@ -51,7 +55,7 @@ pub trait Attest: Send + Sync {
let nonce = STANDARD.encode(&nonce);
Ok(Challenge {
nonce,
extra_params: String::new(),
extra_params: serde_json::Value::String(String::new()),
})
}
}
Expand Down Expand Up @@ -112,7 +116,11 @@ impl AttestationService {
}
}

pub async fn generate_challenge(&self, tee: Tee, tee_parameters: String) -> Result<Challenge> {
pub async fn generate_challenge(
&self,
tee: Tee,
tee_parameters: serde_json::Value,
) -> Result<Challenge> {
match self {
#[cfg(feature = "coco-as-grpc")]
AttestationService::CoCoASgRPC(inner) => {
Expand Down
15 changes: 11 additions & 4 deletions kbs/src/http/resource.rs
Original file line number Diff line number Diff line change
Expand Up @@ -189,10 +189,17 @@ const RSA_ALGORITHM: &str = "RSA1_5";
const AES_GCM_256_ALGORITHM: &str = "A256GCM";

pub(crate) fn jwe(tee_pub_key: TeePubKey, payload_data: Vec<u8>) -> Result<Response> {
if tee_pub_key.alg != *RSA_ALGORITHM {
let TeePubKey::RSA { alg, k_mod, k_exp } = tee_pub_key else {
raise_error!(Error::JWEFailed(format!(
"key type is not TeePubKey::RSA but {:?}",
tee_pub_key
)));
};

if alg != *RSA_ALGORITHM {
raise_error!(Error::JWEFailed(format!(
"algorithm is not {RSA_ALGORITHM} but {}",
tee_pub_key.alg
alg
)));
}

Expand All @@ -207,11 +214,11 @@ pub(crate) fn jwe(tee_pub_key: TeePubKey, payload_data: Vec<u8>) -> Result<Respo
.map_err(|e| Error::JWEFailed(format!("AES encrypt Resource payload failed: {e:?}")))?;

let k_mod = URL_SAFE_NO_PAD
.decode(&tee_pub_key.k_mod)
.decode(&k_mod)
.map_err(|e| Error::JWEFailed(format!("base64 decode k_mod failed: {e:?}")))?;
let n = BigUint::from_bytes_be(&k_mod);
let k_exp = URL_SAFE_NO_PAD
.decode(&tee_pub_key.k_exp)
.decode(&k_exp)
.map_err(|e| Error::JWEFailed(format!("base64 decode k_exp failed: {e:?}")))?;
let e = BigUint::from_bytes_be(&k_exp);

Expand Down

0 comments on commit 6a263c4

Please sign in to comment.