diff --git a/.github/workflows/kbs-docker-e2e.yaml b/.github/workflows/kbs-docker-e2e.yaml new file mode 100644 index 000000000..2faff86ad --- /dev/null +++ b/.github/workflows/kbs-docker-e2e.yaml @@ -0,0 +1,61 @@ +name: KBS End-to-End test with Docker Compose and Sample Attester + +on: + pull_request: + branches: + - main + +env: + TEST_SECRET_CONTENT: shhhhh + TEST_SECRET_PATH: test-org/test-repo/test-secret + +jobs: + e2e-test: + runs-on: ubuntu-latest + steps: + - name: Checkout KBS + uses: actions/checkout@v4 + + - name: Install Rust (for client) + uses: actions-rs/toolchain@v1 + with: + profile: minimal + toolchain: stable + + - name: Build client + uses: actions-rs/cargo@v1 + with: + command: build + args: --manifest-path kbs/tools/client/Cargo.toml --no-default-features --features sample_only --release + + - name: Setup Keys + run: | + openssl genpkey -algorithm ed25519 > kbs/config/private.key + openssl pkey -in kbs/config/private.key -pubout -out kbs/config/public.pub + + - name: Build KBS Cluster + run: docker compose build + + - name: Start KBS cluster + run: docker compose up -d + + - name: Set Resource + working-directory: target/release/ + run: | + echo "$TEST_SECRET_CONTENT" > test-secret + ./kbs-client --url http://127.0.0.1:8080 config --auth-private-key ../../kbs/config/private.key set-resource --path "$TEST_SECRET_PATH" --resource-file test-secret + + - name: Get Resource (negative) + working-directory: target/release/ + run: | + ! ./kbs-client --url http://127.0.0.1:8080 get-resource --path "$TEST_SECRET_PATH" + + - name: Update policy + working-directory: target/release/ + run: ./kbs-client --url http://127.0.0.1:8080 config --auth-private-key ../../kbs/config/private.key set-resource-policy --policy-file "$policy_path" + env: + policy_path: ../../kbs/test/data/policy_2.rego + + - name: Get Resource + working-directory: target/release/ + run: ./kbs-client --url http://127.0.0.1:8080 get-resource --path "$TEST_SECRET_PATH" diff --git a/Cargo.lock b/Cargo.lock index 8acb187b1..c65fb16ca 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -21,17 +21,17 @@ dependencies = [ [[package]] name = "actix-http" -version = "3.4.0" +version = "3.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a92ef85799cba03f76e4f7c10f533e66d87c9a7e7055f3391f09000ad8351bc9" +checksum = "129d4c88e98860e1758c5de288d1632b07970a16d59bdf7b8d66053d582bb71f" dependencies = [ "actix-codec", "actix-rt", "actix-service", "actix-tls", "actix-utils", - "ahash 0.8.6", - "base64 0.21.5", + "ahash 0.8.7", + "base64 0.21.6", "bitflags 2.4.1", "brotli", "bytes", @@ -66,14 +66,14 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e01ed3140b2f8d422c68afa1ed2e85d996ea619c988ac834d255db32138655cb" dependencies = [ "quote", - "syn 2.0.39", + "syn 2.0.48", ] [[package]] name = "actix-router" -version = "0.5.1" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d66ff4d247d2b160861fa2866457e85706833527840e4133f8f49aa423a38799" +checksum = "d22475596539443685426b6bdadb926ad0ecaefdfc5fb05e5e3441f15463c511" dependencies = [ "bytestring", "http", @@ -104,7 +104,7 @@ dependencies = [ "futures-core", "futures-util", "mio", - "socket2 0.5.5", + "socket2", "tokio", "tracing", ] @@ -133,7 +133,7 @@ dependencies = [ "impl-more", "openssl", "pin-project-lite", - "rustls 0.21.9", + "rustls 0.21.10", "rustls-webpki", "tokio", "tokio-openssl", @@ -155,9 +155,9 @@ dependencies = [ [[package]] name = "actix-web" -version = "4.4.0" +version = "4.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0e4a5b5e29603ca8c94a77c65cf874718ceb60292c5a5c3e5f4ace041af462b9" +checksum = "e43428f3bf11dee6d166b00ec2df4e3aa8cc1606aaa0b7433c146852e2f4e03b" dependencies = [ "actix-codec", "actix-http", @@ -169,7 +169,7 @@ dependencies = [ "actix-tls", "actix-utils", "actix-web-codegen", - "ahash 0.8.6", + "ahash 0.8.7", "bytes", "bytestring", "cfg-if", @@ -189,7 +189,7 @@ dependencies = [ "serde_json", "serde_urlencoded", "smallvec", - "socket2 0.5.5", + "socket2", "time", "url", ] @@ -203,7 +203,7 @@ dependencies = [ "actix-router", "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.48", ] [[package]] @@ -214,7 +214,7 @@ checksum = "1d613edf08a42ccc6864c941d30fe14e1b676a77d16f1dbadc1174d065a0a775" dependencies = [ "actix-utils", "actix-web", - "base64 0.21.5", + "base64 0.21.6", "futures-core", "futures-util", "log", @@ -284,9 +284,9 @@ dependencies = [ [[package]] name = "ahash" -version = "0.8.6" +version = "0.8.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "91429305e9f0a25f6205c5b8e0d2db09e0708a7a6df0f42212bb56c32c8ac97a" +checksum = "77c3a9648d43b9cd48db467b3f87fdd6e146bcc88ab0180006cef2179fe11d01" dependencies = [ "cfg-if", "getrandom", @@ -345,9 +345,9 @@ dependencies = [ [[package]] name = "anstream" -version = "0.6.4" +version = "0.6.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2ab91ebe16eb252986481c5b62f6098f3b698a45e34b5b98200cf20dd2484a44" +checksum = "d664a92ecae85fd0a7392615844904654d1d5f5514837f471ddef4a057aba1b6" dependencies = [ "anstyle", "anstyle-parse", @@ -365,20 +365,20 @@ checksum = "7079075b41f533b8c61d2a4d073c4676e1f8b249ff94a393b0595db304e0dd87" [[package]] name = "anstyle-parse" -version = "0.2.2" +version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "317b9a89c1868f5ea6ff1d9539a69f45dffc21ce321ac1fd1160dfa48c8e2140" +checksum = "c75ac65da39e5fe5ab759307499ddad880d724eed2f6ce5b5e8a26f4f387928c" dependencies = [ "utf8parse", ] [[package]] name = "anstyle-query" -version = "1.0.0" +version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ca11d4be1bab0c8bc8734a9aa7bf4ee8316d462a08c6ac5052f888fef5b494b" +checksum = "e28923312444cdd728e4738b3f9c9cac739500909bb3d3c94b43551b16517648" dependencies = [ - "windows-sys 0.48.0", + "windows-sys 0.52.0", ] [[package]] @@ -407,9 +407,9 @@ dependencies = [ "anyhow", "async-trait", "attestation-service", - "base64 0.21.5", + "base64 0.21.6", "cfg-if", - "clap 4.4.10", + "clap 4.4.14", "config", "env_logger 0.10.1", "jsonwebtoken", @@ -427,7 +427,7 @@ dependencies = [ "rustls 0.20.9", "rustls-pemfile", "scc", - "semver 1.0.20", + "semver 1.0.21", "serde", "serde_json", "strum", @@ -509,18 +509,18 @@ checksum = "16e62a023e7c117e27523144c5d2459f4397fcc3cab0085af8e2224f643a0193" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.48", ] [[package]] name = "async-trait" -version = "0.1.74" +version = "0.1.77" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a66537f1bb974b254c98ed142ff995236e81b9d0fe4db0575f46612cb15eb0f9" +checksum = "c980ee35e870bd1a4d2c8294d4c04d0499e67bca1e4b5cefcc693c2fa00caea9" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.48", ] [[package]] @@ -531,9 +531,9 @@ dependencies = [ "anyhow", "assert-json-diff", "async-trait", - "base64 0.21.5", + "base64 0.21.6", "cfg-if", - "clap 4.4.10", + "clap 4.4.14", "env_logger 0.10.1", "futures", "hex", @@ -566,12 +566,13 @@ dependencies = [ [[package]] name = "attester" version = "0.1.0" -source = "git+https://github.com/confidential-containers/guest-components.git?rev=1e76429#1e76429b46f9da61485dba229b2fffca94025a61" +source = "git+https://github.com/confidential-containers/guest-components.git?rev=7ddecc780c1ec03b0ef3ca9e161eea0f75fcaac0#7ddecc780c1ec03b0ef3ca9e161eea0f75fcaac0" dependencies = [ "anyhow", "async-trait", "az-snp-vtpm", - "base64 0.21.5", + "az-tdx-vtpm", + "base64 0.21.6", "codicon", "csv-rs", "hyper", @@ -652,9 +653,9 @@ dependencies = [ [[package]] name = "az-cvm-vtpm" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6239da1e7629eabf1ee6bf5e7dd78b532c029e2fc477afe846db201c67325233" +checksum = "8810a74cfe3024bdfd6bf13e1829114a3ce5431b7d2ef4e4a718a78ffaf03f79" dependencies = [ "bincode", "jsonwebkey", @@ -673,13 +674,13 @@ dependencies = [ [[package]] name = "az-snp-vtpm" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a26f68465245c4571f5f4a47c5b76bab5cb394f53a3eaa5827a9a794e6556e8d" +checksum = "b0703ff4c71faae6f5ab21ac8590104e771d17ff117f6941a48deb3db6f75769" dependencies = [ "az-cvm-vtpm", "bincode", - "clap 4.4.10", + "clap 4.4.14", "openssl", "serde", "sev", @@ -687,6 +688,22 @@ dependencies = [ "ureq", ] +[[package]] +name = "az-tdx-vtpm" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b42775a99133b9c0edff34fb463713bb197f744b96d74dee5c1f953434721001" +dependencies = [ + "az-cvm-vtpm", + "base64-url", + "bincode", + "serde", + "serde_json", + "thiserror", + "ureq", + "zerocopy", +] + [[package]] name = "backtrace" version = "0.3.69" @@ -716,9 +733,18 @@ checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8" [[package]] name = "base64" -version = "0.21.5" +version = "0.21.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35636a1494ede3b646cc98f74f8e62c773a38a659ebc777a2cf26b9b74171df9" +checksum = "c79fed4cdb43e993fcdadc7e58a09fd0e3e649c4436fa11da71c9f1f3ee7feb9" + +[[package]] +name = "base64-url" +version = "2.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fb9fb9fb058cc3063b5fc88d9a21eefa2735871498a04e1650da76ed511c8569" +dependencies = [ + "base64 0.21.6", +] [[package]] name = "base64ct" @@ -975,9 +1001,9 @@ dependencies = [ [[package]] name = "clang-sys" -version = "1.6.1" +version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c688fc74432808e3eb684cae8830a86be1d66a2bd58e1f248ed0960a590baf6f" +checksum = "67523a3b4be3ce1989d607a828d036249522dd9c1c8de7f4dd2dae43a37369d1" dependencies = [ "glob", "libc", @@ -1016,9 +1042,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.4.10" +version = "4.4.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41fffed7514f420abec6d183b1d3acfd9099c79c3a10a06ade4f8203f1411272" +checksum = "33e92c5c1a78c62968ec57dbc2440366a2d6e5a23faf829970ff1585dc6b18e2" dependencies = [ "clap_builder", "clap_derive", @@ -1026,9 +1052,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.4.9" +version = "4.4.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "63361bae7eef3771745f02d8d892bec2fee5f6e34af316ba556e7f97a7069ff1" +checksum = "f4323769dc8a61e2c39ad7dc26f6f2800524691a44d74fe3d1071a5c24db6370" dependencies = [ "anstream", "anstyle", @@ -1045,7 +1071,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.48", ] [[package]] @@ -1108,9 +1134,9 @@ dependencies = [ [[package]] name = "const-oid" -version = "0.9.5" +version = "0.9.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "28c122c3980598d243d63d9a704629a2d748d101f278052ff068be5a4423ab6f" +checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" [[package]] name = "const_fn" @@ -1201,9 +1227,9 @@ dependencies = [ [[package]] name = "cpufeatures" -version = "0.2.11" +version = "0.2.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ce420fe07aecd3e67c5f910618fe65e94158f6dcc0adf44e00d69ce2bdfe0fd0" +checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504" dependencies = [ "libc", ] @@ -1219,34 +1245,27 @@ dependencies = [ [[package]] name = "crossbeam-epoch" -version = "0.9.15" +version = "0.9.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae211234986c545741a7dc064309f67ee1e5ad243d0e48335adc0484d960bcc7" +checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e" dependencies = [ - "autocfg", - "cfg-if", "crossbeam-utils", - "memoffset 0.9.0", - "scopeguard", ] [[package]] name = "crossbeam-utils" -version = "0.8.16" +version = "0.8.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a22b2d63d4d1dc0b7f1b6b2747dd0088008a9be28b6ddf0b1e7d335e3037294" -dependencies = [ - "cfg-if", -] +checksum = "248e3bacc7dc6baa3b21e405ee045c3047101a49145e7e9eca583ab4c2ca5345" [[package]] name = "crypto" version = "0.1.0" -source = "git+https://github.com/confidential-containers/guest-components.git?rev=1e76429#1e76429b46f9da61485dba229b2fffca94025a61" +source = "git+https://github.com/confidential-containers/guest-components.git?rev=7ddecc780c1ec03b0ef3ca9e161eea0f75fcaac0#7ddecc780c1ec03b0ef3ca9e161eea0f75fcaac0" dependencies = [ "aes-gcm", "anyhow", - "base64 0.21.5", + "base64 0.21.6", "ctr", "kbs-types", "rand", @@ -1408,9 +1427,9 @@ dependencies = [ [[package]] name = "deranged" -version = "0.3.10" +version = "0.3.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8eb30d70a07a3b04884d2677f06bec33509dc67ca60d92949e5535352d3191dc" +checksum = "b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4" dependencies = [ "powerfmt", ] @@ -1469,7 +1488,7 @@ checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.48", ] [[package]] @@ -1483,7 +1502,7 @@ name = "ear" version = "0.1.0" source = "git+https://github.com/veraison/rust-ear?rev=cc6ea53#cc6ea5318b91f3038e337bdbaad0e9fb0fa2af2a" dependencies = [ - "base64 0.21.5", + "base64 0.21.6", "ciborium", "cose-rust", "hex", @@ -1511,9 +1530,9 @@ dependencies = [ [[package]] name = "ed25519-compact" -version = "2.0.4" +version = "2.0.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a3d382e8464107391c8706b4c14b087808ecb909f6c15c34114bc42e53a9e4c" +checksum = "a667e6426df16c2ac478efa4a439d0e674cba769c5556e8cf221739251640c8c" dependencies = [ "ct-codecs", "getrandom", @@ -1572,7 +1591,7 @@ checksum = "f95e2801cd355d4a1a3e3953ce6ee5ae9603a5c833455343a8bfe3f44d418246" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.48", ] [[package]] @@ -1719,9 +1738,9 @@ dependencies = [ [[package]] name = "futures" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da0290714b38af9b4a7b094b8a37086d1b4e61f2df9122c3cad2577669145335" +checksum = "645c6916888f6cb6350d2550b80fb63e734897a8498abe35cfb732b6487804b0" dependencies = [ "futures-channel", "futures-core", @@ -1734,9 +1753,9 @@ dependencies = [ [[package]] name = "futures-channel" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff4dd66668b557604244583e3e1e1eada8c5c2e96a6d0d6653ede395b78bbacb" +checksum = "eac8f7d7865dcb88bd4373ab671c8cf4508703796caa2b1985a9ca867b3fcb78" dependencies = [ "futures-core", "futures-sink", @@ -1744,15 +1763,15 @@ dependencies = [ [[package]] name = "futures-core" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eb1d22c66e66d9d72e1758f0bd7d4fd0bee04cad842ee34587d68c07e45d088c" +checksum = "dfc6580bb841c5a68e9ef15c77ccc837b40a7504914d52e47b8b0e9bbda25a1d" [[package]] name = "futures-executor" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0f4fb8693db0cf099eadcca0efe2a5a22e4550f98ed16aba6c48700da29597bc" +checksum = "a576fc72ae164fca6b9db127eaa9a9dda0d61316034f33a0a0d4eda41f02b01d" dependencies = [ "futures-core", "futures-task", @@ -1761,32 +1780,32 @@ dependencies = [ [[package]] name = "futures-io" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8bf34a163b5c4c52d0478a4d757da8fb65cabef42ba90515efee0f6f9fa45aaa" +checksum = "a44623e20b9681a318efdd71c299b6b222ed6f231972bfe2f224ebad6311f0c1" [[package]] name = "futures-macro" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53b153fd91e4b0147f4aced87be237c98248656bb01050b96bf3ee89220a8ddb" +checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.48", ] [[package]] name = "futures-sink" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e36d3378ee38c2a36ad710c5d30c2911d752cb941c00c72dbabfb786a7970817" +checksum = "9fb8e00e87438d937621c1c6269e53f536c14d3fbd6a042bb24879e57d474fb5" [[package]] name = "futures-task" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "efd193069b0ddadc69c46389b740bbccdd97203899b48d09c5f7969591d6bae2" +checksum = "38d84fa142264698cdce1a9f9172cf383a0c82de1bddcf3092901442c4097004" [[package]] name = "futures-timer" @@ -1796,9 +1815,9 @@ checksum = "e64b03909df88034c26dc1547e8970b91f98bdb65165d6a4e9110d94263dbb2c" [[package]] name = "futures-util" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a19526d624e703a3179b3d322efec918b6246ea0fa51d41124525f00f1cc8104" +checksum = "3d6401deb83407ab3da39eba7e33987a73c3df0c82b4bb5813ee871c19c41d48" dependencies = [ "futures-channel", "futures-core", @@ -1834,13 +1853,15 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.11" +version = "0.2.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fe9006bed769170c11f845cf00c7c1e9092aeb3f268e007c3e760ac68008070f" +checksum = "190092ea657667030ac6a35e305e62fc4dd69fd98ac98631e5d3a2b1575a12b5" dependencies = [ "cfg-if", + "js-sys", "libc", "wasi", + "wasm-bindgen", ] [[package]] @@ -1891,9 +1912,9 @@ dependencies = [ [[package]] name = "h2" -version = "0.3.22" +version = "0.3.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d6250322ef6e60f93f9a2162799302cd6f68f79f6e5d85c8c16f14d1d958178" +checksum = "b553656127a00601c8ae5590fcfdc118e4083a7924b6cf4ffc1ea4b99dc429d7" dependencies = [ "bytes", "fnv", @@ -1958,9 +1979,9 @@ checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" [[package]] name = "hkdf" -version = "0.12.3" +version = "0.12.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "791a029f6b9fc27657f6f188ec6e5e43f6911f6f878e0dc5501396e09809d437" +checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7" dependencies = [ "hmac", ] @@ -2000,11 +2021,11 @@ dependencies = [ [[package]] name = "home" -version = "0.5.5" +version = "0.5.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5444c27eef6923071f7ebcc33e3444508466a76f7a2b93da00ed6e19f30c1ddb" +checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5" dependencies = [ - "windows-sys 0.48.0", + "windows-sys 0.52.0", ] [[package]] @@ -2026,9 +2047,9 @@ dependencies = [ [[package]] name = "http-body" -version = "0.4.5" +version = "0.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d5f38f16d184e36f2408a55281cd658ecbd3ca05cce6d6510a176eca393e26d1" +checksum = "7ceab25649e9960c0311ea418d17bee82c0dcec1bd053b5f9a66e265a693bed2" dependencies = [ "bytes", "http", @@ -2055,9 +2076,9 @@ checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" [[package]] name = "hyper" -version = "0.14.27" +version = "0.14.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ffb1cfd654a8219eaef89881fdb3bb3b1cdc5fa75ded05d6933b2b382e395468" +checksum = "bf96e135eb83a2a8ddf766e426a841d8ddd7449d5f00d34ea02b41d2f19eef80" dependencies = [ "bytes", "futures-channel", @@ -2070,7 +2091,7 @@ dependencies = [ "httpdate", "itoa", "pin-project-lite", - "socket2 0.4.10", + "socket2", "tokio", "tower-service", "tracing", @@ -2086,7 +2107,7 @@ dependencies = [ "futures-util", "http", "hyper", - "rustls 0.21.9", + "rustls 0.21.10", "tokio", "tokio-rustls 0.24.1", ] @@ -2118,9 +2139,9 @@ dependencies = [ [[package]] name = "iana-time-zone" -version = "0.1.58" +version = "0.1.59" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8326b86b6cff230b97d0d312a6c40a60726df3332e721f72a1b035f451663b20" +checksum = "b6a67363e2aa4443928ce15e57ebae94fd8949958fd1223c4cfc0cd473ad7539" dependencies = [ "android_system_properties", "core-foundation-sys", @@ -2261,9 +2282,9 @@ dependencies = [ [[package]] name = "itoa" -version = "1.0.9" +version = "1.0.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38" +checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c" [[package]] name = "jobserver" @@ -2317,7 +2338,7 @@ version = "8.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6971da4d9c3aa03c3d8f3ff0f4155b534aad021292003895a469716b2a230378" dependencies = [ - "base64 0.21.5", + "base64 0.21.6", "pem", "ring 0.16.20", "serde", @@ -2353,9 +2374,9 @@ dependencies = [ [[package]] name = "k256" -version = "0.13.2" +version = "0.13.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3f01b677d82ef7a676aa37e099defd83a28e15687112cafdd112d60236b6115b" +checksum = "956ff9b67e26e1a6a866cb758f12c6f8746208489e3e4a4b5580802f2f0a587b" dependencies = [ "cfg-if", "ecdsa", @@ -2372,7 +2393,7 @@ dependencies = [ "anyhow", "api-server", "cfg-if", - "clap 4.4.10", + "clap 4.4.14", "env_logger 0.10.1", "log", "tokio", @@ -2383,8 +2404,8 @@ name = "kbs-client" version = "0.1.0" dependencies = [ "anyhow", - "base64 0.21.5", - "clap 4.4.10", + "base64 0.21.6", + "clap 4.4.14", "env_logger 0.10.1", "jwt-simple", "kbs_protocol", @@ -2408,12 +2429,12 @@ dependencies = [ [[package]] name = "kbs_protocol" version = "0.1.0" -source = "git+https://github.com/confidential-containers/guest-components.git?rev=1e76429#1e76429b46f9da61485dba229b2fffca94025a61" +source = "git+https://github.com/confidential-containers/guest-components.git?rev=7ddecc780c1ec03b0ef3ca9e161eea0f75fcaac0#7ddecc780c1ec03b0ef3ca9e161eea0f75fcaac0" dependencies = [ "anyhow", "async-trait", "attester", - "base64 0.21.5", + "base64 0.21.6", "crypto", "jwt-simple", "kbs-types", @@ -2431,19 +2452,20 @@ dependencies = [ [[package]] name = "kvm-bindings" -version = "0.6.0" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "efe70e65a5b092161d17f5005b66e5eefe7a94a70c332e755036fc4af78c4e79" +checksum = "081fbd8164229a990fbf24a1f35d287740db110c2b5d42addf460165f1b0e032" dependencies = [ "vmm-sys-util", ] [[package]] name = "kvm-ioctls" -version = "0.15.0" +version = "0.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9bdde2b46ee7b6587ef79f751019c4726c4f2d3e4628df5d69f3f9c5cb6c6bd4" +checksum = "9002dff009755414f22b962ec6ae6980b07d6d8b06e5297b1062019d72bd6a8c" dependencies = [ + "bitflags 2.4.1", "kvm-bindings", "libc", "vmm-sys-util", @@ -2472,9 +2494,9 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" [[package]] name = "libc" -version = "0.2.150" +version = "0.2.152" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89d92a4743f9a61002fae18374ed11e7973f530cb3a3255fb354818118b2203c" +checksum = "13e3bf6590cbc649f4d1a3eefc9d5d6eb746f5200ffb04e5e142700b8faa56e7" [[package]] name = "libgit2-sys" @@ -2490,12 +2512,12 @@ dependencies = [ [[package]] name = "libloading" -version = "0.7.4" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b67380fd3b2fbe7527a606e18729d21c6f3951633d0500574c4dc22d2d638b9f" +checksum = "c571b676ddfc9a8c12f1f3d3085a7b163966a8fd8098a90640953ce5f6170161" dependencies = [ "cfg-if", - "winapi", + "windows-sys 0.48.0", ] [[package]] @@ -2517,9 +2539,9 @@ dependencies = [ [[package]] name = "libz-sys" -version = "1.1.12" +version = "1.1.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d97137b25e321a73eef1418d1d5d2eda4d77e12813f8e6dead84bc52c5870a7b" +checksum = "295c17e837573c8c821dbaeb3cceb3d745ad082f7572191409e69cbc1b3fd050" dependencies = [ "cc", "libc", @@ -2663,9 +2685,9 @@ dependencies = [ [[package]] name = "mio" -version = "0.8.9" +version = "0.8.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3dce281c5e46beae905d4de1870d8b1509a9142b62eedf18b443b011ca8343d0" +checksum = "8f3d0b296e374a4e6f3c7b0a1f5a51d748a0d34c85e7dc48fc3fa9a87657fe09" dependencies = [ "libc", "log", @@ -2785,7 +2807,7 @@ checksum = "cfb77679af88f8b125209d354a202862602672222e7f2313fdd6dc349bad4712" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.48", ] [[package]] @@ -2840,9 +2862,9 @@ dependencies = [ [[package]] name = "object" -version = "0.32.1" +version = "0.32.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9cf5f9dd3933bd50a9e1f149ec995f39ae2c496d31fd772c1fd45ebc27e902b0" +checksum = "a6a622008b6e321afc04970976f62ee297fdbaa6f95318ca343e3eebb9648441" dependencies = [ "memchr", ] @@ -2877,9 +2899,9 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.18.0" +version = "1.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" +checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "opaque-debug" @@ -2889,9 +2911,9 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" [[package]] name = "openssl" -version = "0.10.60" +version = "0.10.62" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "79a4c6c3a2b158f7f8f2a2fc5a969fa3a068df6fc9dbb4a43845436e3af7c800" +checksum = "8cde4d2d9200ad5909f8dac647e29482e07c3a35de8a13fce7c9c7747ad9f671" dependencies = [ "bitflags 2.4.1", "cfg-if", @@ -2910,7 +2932,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.48", ] [[package]] @@ -2930,9 +2952,9 @@ dependencies = [ [[package]] name = "openssl-sys" -version = "0.9.96" +version = "0.9.98" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3812c071ba60da8b5677cc12bcb1d42989a65553772897a7e0355545a819838f" +checksum = "c1665caf8ab2dc9aef43d1c0023bd904633a6a05cb30b0ad59bec2ae986e57a7" dependencies = [ "cc", "libc", @@ -3109,9 +3131,9 @@ checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e" [[package]] name = "pest" -version = "2.7.5" +version = "2.7.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae9cee2a55a544be8b89dc6848072af97a20f2422603c10865be2a42b580fff5" +checksum = "1f200d8d83c44a45b21764d1916299752ca035d15ecd46faca3e9a2a2bf6ad06" dependencies = [ "memchr", "thiserror", @@ -3120,9 +3142,9 @@ dependencies = [ [[package]] name = "pest_derive" -version = "2.7.5" +version = "2.7.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81d78524685f5ef2a3b3bd1cafbc9fcabb036253d9b1463e726a91cd16e2dfc2" +checksum = "bcd6ab1236bbdb3a49027e920e693192ebfe8913f6d60e294de57463a493cfde" dependencies = [ "pest", "pest_generator", @@ -3130,22 +3152,22 @@ dependencies = [ [[package]] name = "pest_generator" -version = "2.7.5" +version = "2.7.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "68bd1206e71118b5356dae5ddc61c8b11e28b09ef6a31acbd15ea48a28e0c227" +checksum = "2a31940305ffc96863a735bef7c7994a00b325a7138fdbc5bda0f1a0476d3275" dependencies = [ "pest", "pest_meta", "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.48", ] [[package]] name = "pest_meta" -version = "2.7.5" +version = "2.7.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7c747191d4ad9e4a4ab9c8798f1e82a39affe7ef9648390b7e5548d18e099de6" +checksum = "a7ff62f5259e53b78d1af898941cdcdccfae7385cf7d793a6e55de5d05bb4b7d" dependencies = [ "once_cell", "pest", @@ -3193,7 +3215,7 @@ dependencies = [ "phf_shared", "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.48", ] [[package]] @@ -3233,7 +3255,7 @@ version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2c5f20f71a68499ff32310f418a6fad8816eac1a2859ed3f0c5c741389dd6208" dependencies = [ - "base64 0.21.5", + "base64 0.21.6", "oid", "picky-asn1", "picky-asn1-der", @@ -3257,7 +3279,7 @@ checksum = "4359fd9c9171ec6e8c62926d6faaf553a8dc3f64e1507e76da7911b4f6a04405" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.48", ] [[package]] @@ -3335,9 +3357,9 @@ dependencies = [ [[package]] name = "pkg-config" -version = "0.3.27" +version = "0.3.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964" +checksum = "69d3587f8a9e599cc7ec2c00e331f71c4e69a5f9a4b8a6efd5b07466b9736f9a" [[package]] name = "polyval" @@ -3408,9 +3430,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.70" +version = "1.0.76" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39278fbbf5fb4f646ce651690877f89d1c5811a3d4acb27700c1cb3cdb78fd3b" +checksum = "95fc56cda0b5c3325f5fbbd7ff9fda9e02bb00bb3dac51252d2f1bfa1cb8cc8c" dependencies = [ "unicode-ident", ] @@ -3487,9 +3509,9 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.33" +version = "1.0.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" +checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" dependencies = [ "proc-macro2", ] @@ -3560,10 +3582,10 @@ dependencies = [ "anyhow", "assert-json-diff", "async-trait", - "base64 0.21.5", + "base64 0.21.6", "cfg-if", "chrono", - "clap 4.4.10", + "clap 4.4.14", "env_logger 0.10.1", "log", "path-clean", @@ -3614,17 +3636,17 @@ checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" [[package]] name = "relative-path" -version = "1.9.0" +version = "1.9.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c707298afce11da2efef2f600116fa93ffa7a032b5d7b628aa17711ec81383ca" +checksum = "e898588f33fdd5b9420719948f9f2a32c922a246964576f71ba7f24f80610fbc" [[package]] name = "reqwest" -version = "0.11.22" +version = "0.11.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "046cd98826c46c2ac8ddecae268eb5c2e58628688a5fc7a2643704a73faba95b" +checksum = "37b1ae8d9ac08420c66222fb9096fc5de435c3c48542bc5336c51892cffafb41" dependencies = [ - "base64 0.21.5", + "base64 0.21.6", "bytes", "cookie", "cookie_store", @@ -3645,7 +3667,7 @@ dependencies = [ "once_cell", "percent-encoding", "pin-project-lite", - "rustls 0.21.9", + "rustls 0.21.10", "rustls-pemfile", "serde", "serde_json", @@ -3666,7 +3688,7 @@ dependencies = [ [[package]] name = "resource_uri" version = "0.1.0" -source = "git+https://github.com/confidential-containers/guest-components.git?rev=1e76429#1e76429b46f9da61485dba229b2fffca94025a61" +source = "git+https://github.com/confidential-containers/guest-components.git?rev=7ddecc780c1ec03b0ef3ca9e161eea0f75fcaac0#7ddecc780c1ec03b0ef3ca9e161eea0f75fcaac0" dependencies = [ "anyhow", "serde", @@ -3701,9 +3723,9 @@ dependencies = [ [[package]] name = "ring" -version = "0.17.6" +version = "0.17.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "684d5e6e18f669ccebf64a92236bb7db9a34f07be010e3627368182027180866" +checksum = "688c63d65483050968b2a8937f7995f443e27041a0f7700aa59b0822aedebb74" dependencies = [ "cc", "getrandom", @@ -3812,7 +3834,7 @@ dependencies = [ "regex", "relative-path", "rustc_version 0.4.0", - "syn 2.0.39", + "syn 2.0.48", "unicode-ident", ] @@ -3853,7 +3875,7 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" dependencies = [ - "semver 1.0.20", + "semver 1.0.21", ] [[package]] @@ -3892,12 +3914,12 @@ dependencies = [ [[package]] name = "rustls" -version = "0.21.9" +version = "0.21.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "629648aced5775d558af50b2b4c7b02983a04b312126d45eeead26e7caa498b9" +checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba" dependencies = [ "log", - "ring 0.17.6", + "ring 0.17.7", "rustls-webpki", "sct", ] @@ -3908,7 +3930,7 @@ version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c" dependencies = [ - "base64 0.21.5", + "base64 0.21.6", ] [[package]] @@ -3917,7 +3939,7 @@ version = "0.101.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" dependencies = [ - "ring 0.17.6", + "ring 0.17.7", "untrusted 0.9.0", ] @@ -3929,9 +3951,9 @@ checksum = "7ffc183a10b4478d04cbbbfc96d0873219d962dd5accaff2ffbd4ceb7df837f4" [[package]] name = "ryu" -version = "1.0.15" +version = "1.0.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ad4cc8da4ef723ed60bced201181d83791ad433213d8c24efffda1eec85d741" +checksum = "f98d2aa92eebf49b69786be48e4477826b256916e84a57ff2a4f21923b48eb4c" [[package]] name = "salsa20" @@ -3953,17 +3975,17 @@ dependencies = [ [[package]] name = "scc" -version = "2.0.7" +version = "2.0.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "60da9a72c824ff528dbae0c744d24b9f039dcde49cca9dd2f34438d5b0a1578c" +checksum = "0a11062137cca11873a7204f971abf920c32660d0396009d5acbab11e431d437" [[package]] name = "schannel" -version = "0.1.22" +version = "0.1.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c3733bf4cf7ea0880754e19cb5a462007c4a8c1914bff372ccc95b464f1df88" +checksum = "fbc91545643bcf3a0bbb6569265615222618bdf33ce4ffbbd13c4bbd4c093534" dependencies = [ - "windows-sys 0.48.0", + "windows-sys 0.52.0", ] [[package]] @@ -3989,7 +4011,7 @@ checksum = "1db149f81d46d2deba7cd3c50772474707729550221e69588478ebf9ada425ae" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.48", ] [[package]] @@ -4010,7 +4032,7 @@ version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" dependencies = [ - "ring 0.17.6", + "ring 0.17.7", "untrusted 0.9.0", ] @@ -4062,9 +4084,9 @@ dependencies = [ [[package]] name = "semver" -version = "1.0.20" +version = "1.0.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "836fa6a3e1e547f9a2c4040802ec865b5d85f4014efe00555d7090a3dcaa1090" +checksum = "b97ed7a9823b74f99c7742f5336af7be5ecd3eeafcb1507d1fa93347b1d589b0" [[package]] name = "semver-parser" @@ -4077,9 +4099,9 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.193" +version = "1.0.195" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25dd9975e68d0cb5aa1120c288333fc98731bd1dd12f561e468ea4728c042b89" +checksum = "63261df402c67811e9ac6def069e4786148c4563f4b50fd4bf30aa370d626b02" dependencies = [ "serde_derive", ] @@ -4095,29 +4117,29 @@ dependencies = [ [[package]] name = "serde_bytes" -version = "0.11.12" +version = "0.11.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ab33ec92f677585af6d88c65593ae2375adde54efdbf16d597f2cbc7a6d368ff" +checksum = "8b8497c313fd43ab992087548117643f6fcd935cbf36f176ffda0aacf9591734" dependencies = [ "serde", ] [[package]] name = "serde_derive" -version = "1.0.193" +version = "1.0.195" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "43576ca501357b9b071ac53cdc7da8ef0cbd9493d8df094cd821777ea6e894d3" +checksum = "46fe8f8603d81ba86327b23a2e9cdf49e1255fb94a4c5f297f6ee0547178ea2c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.48", ] [[package]] name = "serde_json" -version = "1.0.108" +version = "1.0.111" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d1c7e3eac408d115102c4c24ad393e0821bb3a5df4d506a80f85f7a742a526b" +checksum = "176e46fa42316f18edd598015a5166857fc835ec732f5215eac6b7bdbf0a84f4" dependencies = [ "itoa", "ryu", @@ -4270,7 +4292,7 @@ dependencies = [ "git2", "is_debug", "time", - "tzdb", + "tzdb 0.5.10", ] [[package]] @@ -4366,16 +4388,6 @@ version = "1.11.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4dccd0940a2dcdf68d092b8cbab7dc0ad8fa938bf95787e1b916b0e3d0e8e970" -[[package]] -name = "socket2" -version = "0.4.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9f7916fc008ca5542385b89a3d3ce689953c143e9304a9bf8beec1de48994c0d" -dependencies = [ - "libc", - "winapi", -] - [[package]] name = "socket2" version = "0.5.5" @@ -4474,7 +4486,7 @@ dependencies = [ "proc-macro2", "quote", "rustversion", - "syn 2.0.39", + "syn 2.0.48", ] [[package]] @@ -4496,9 +4508,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.39" +version = "2.0.48" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23e78b90f2fcf45d3e842032ce32e3f2d1545ba6636271dcbf24fa306d87be7a" +checksum = "0f3531638e407dfc0814761abb7c00a5b54992b849452a0646b7f65c9f770f3f" dependencies = [ "proc-macro2", "quote", @@ -4546,9 +4558,9 @@ dependencies = [ [[package]] name = "target-lexicon" -version = "0.12.12" +version = "0.12.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "14c39fd04924ca3a864207c66fc2cd7d22d7c016007f9ce846cbb9326331930a" +checksum = "69758bda2e78f098e4ccb393021a0963bb3442eac05f135c30f61b7370bbafae" [[package]] name = "tdx-attest-rs" @@ -4568,22 +4580,22 @@ dependencies = [ [[package]] name = "tempfile" -version = "3.8.1" +version = "3.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ef1adac450ad7f4b3c28589471ade84f25f731a7a0fe30d71dfa9f60fd808e5" +checksum = "01ce4141aa927a6d1bd34a041795abd0db1cccba5d5f24b009f694bdf3a1f3fa" dependencies = [ "cfg-if", "fastrand", "redox_syscall 0.4.1", "rustix", - "windows-sys 0.48.0", + "windows-sys 0.52.0", ] [[package]] name = "termcolor" -version = "1.4.0" +version = "1.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff1bc3d3f05aff0403e8ac0d92ced918ec05b666a43f83297ccef5bea8a3d449" +checksum = "06794f8f6c5c898b3275aebefa6b8a1cb24cd2c6c79397ab15774837a0bc5755" dependencies = [ "winapi-util", ] @@ -4614,22 +4626,22 @@ checksum = "222a222a5bfe1bba4a77b45ec488a741b3cb8872e5e499451fd7d0129c9c7c3d" [[package]] name = "thiserror" -version = "1.0.50" +version = "1.0.56" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f9a7210f5c9a7156bb50aa36aed4c95afb51df0df00713949448cf9e97d382d2" +checksum = "d54378c645627613241d077a3a79db965db602882668f9136ac42af9ecb730ad" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.50" +version = "1.0.56" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "266b2e40bc00e5a6c09c3584011e08b06f123c00362c92b975ba9843aaaa14b8" +checksum = "fa0faa943b50f3db30a20aa7e265dbc66076993efed8463e8de414e5d06d3471" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.48", ] [[package]] @@ -4644,9 +4656,9 @@ dependencies = [ [[package]] name = "time" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c4a34ab300f2dee6e562c10a046fc05e358b29f9bf92277f30c3c8d82275f6f5" +checksum = "f657ba42c3f86e7680e53c8cd3af8abbe56b5491790b46e22e19c0d57463583e" dependencies = [ "deranged", "itoa", @@ -4666,9 +4678,9 @@ checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3" [[package]] name = "time-macros" -version = "0.2.15" +version = "0.2.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4ad70d68dba9e1f8aceda7aa6711965dfec1cac869f311a51bd08b3a2ccbce20" +checksum = "26197e33420244aeb70c3e8c78376ca46571bc4e701e4791c2cd9f57dcb3a43f" dependencies = [ "time-core", ] @@ -4690,9 +4702,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.34.0" +version = "1.35.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d0c014766411e834f7af5b8f4cf46257aab4036ca95e9d2c144a10f59ad6f5b9" +checksum = "c89b4efa943be685f629b149f53829423f8f5531ea21249408e8e2f8671ec104" dependencies = [ "backtrace", "bytes", @@ -4702,7 +4714,7 @@ dependencies = [ "parking_lot 0.12.1", "pin-project-lite", "signal-hook-registry", - "socket2 0.5.5", + "socket2", "tokio-macros", "windows-sys 0.48.0", ] @@ -4725,7 +4737,7 @@ checksum = "5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.48", ] [[package]] @@ -4740,9 +4752,9 @@ dependencies = [ [[package]] name = "tokio-openssl" -version = "0.6.3" +version = "0.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c08f9ffb7809f1b20c1b398d92acf4cc719874b3b2b2d9ea2f09b4a80350878a" +checksum = "6ffab79df67727f6acf57f1ff743091873c24c579b1e2ce4d8f53e47ded4d63d" dependencies = [ "futures-util", "openssl", @@ -4767,7 +4779,7 @@ version = "0.24.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" dependencies = [ - "rustls 0.21.9", + "rustls 0.21.10", "tokio", ] @@ -4845,7 +4857,7 @@ checksum = "3082666a3a6433f7f511c7192923fa1fe07c69332d3c6a2e6bb040b569199d5a" dependencies = [ "async-trait", "axum", - "base64 0.21.5", + "base64 0.21.6", "bytes", "futures-core", "futures-util", @@ -4930,7 +4942,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.48", ] [[package]] @@ -4980,9 +4992,9 @@ dependencies = [ [[package]] name = "try-lock" -version = "0.2.4" +version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3528ecfd12c466c6f163363caf2d02a71161dd5e1cc6ae7b34207ea2d42d81ed" +checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b" [[package]] name = "tss-esapi" @@ -5033,12 +5045,33 @@ dependencies = [ [[package]] name = "tzdb" -version = "0.5.7" +version = "0.5.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6a18ee5bde3433d683d41859650804a5ad89cad17f153a53f1e6a96e0da2d969" +dependencies = [ + "iana-time-zone", + "tz-rs", + "tzdb 0.6.1", +] + +[[package]] +name = "tzdb" +version = "0.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ec758958f2fb5069cd7fae385be95cc8eceb8cdfd270c7d14de6034f0108d99e" +checksum = "1b580f6b365fa89f5767cdb619a55d534d04a4e14c2d7e5b9a31e94598687fb1" dependencies = [ "iana-time-zone", "tz-rs", + "tzdb_data", +] + +[[package]] +name = "tzdb_data" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "629555d2921f3f0dc0de98699415a8b2b61dfcd3a0b082a327f7ed748bbb2b76" +dependencies = [ + "tz-rs", ] [[package]] @@ -5049,9 +5082,9 @@ checksum = "ed646292ffc8188ef8ea4d1e0e0150fb15a5c2e12ad9b8fc191ae7a8a7f3c4b9" [[package]] name = "unicode-bidi" -version = "0.3.13" +version = "0.3.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92888ba5573ff080736b3648696b70cafad7d250551175acbaa4e0385b3e1460" +checksum = "6f2528f27a9eb2b21e69c95319b30bd0efd85d09c379741b0f78ea1d86be2416" [[package]] name = "unicode-ident" @@ -5108,10 +5141,10 @@ version = "2.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f8cdd25c339e200129fe4de81451814e5228c9b771d57378817d6117cc2b3f97" dependencies = [ - "base64 0.21.5", + "base64 0.21.6", "log", "once_cell", - "rustls 0.21.9", + "rustls 0.21.10", "rustls-webpki", "serde", "serde_json", @@ -5189,7 +5222,7 @@ dependencies = [ "assert-json-diff", "async-trait", "az-snp-vtpm", - "base64 0.21.5", + "base64 0.21.6", "bincode", "byteorder", "cfg-if", @@ -5225,9 +5258,9 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "vmm-sys-util" -version = "0.11.2" +version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48b7b084231214f7427041e4220d77dfe726897a6d41fddee450696e66ff2a29" +checksum = "1d1435039746e20da4f8d507a72ee1b916f7b4b05af7a91c093d2c6561934ede" dependencies = [ "bitflags 1.3.2", "libc", @@ -5279,7 +5312,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.48", "wasm-bindgen-shared", ] @@ -5313,7 +5346,7 @@ checksum = "f0eb82fcb7930ae6219a7ecfd55b217f5f0893484b7a13022ebb2b2bf20b5283" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.48", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -5340,7 +5373,7 @@ version = "0.22.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ed63aea5ce73d0ff405984102c42de94fc55a6b75765d621c65262469b3c9b53" dependencies = [ - "ring 0.17.6", + "ring 0.17.7", "untrusted 0.9.0", ] @@ -5404,11 +5437,11 @@ checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" [[package]] name = "windows-core" -version = "0.51.1" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1f8cf84f35d2db49a46868f947758c7a1138116f7fac3bc844f43ade1292e64" +checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9" dependencies = [ - "windows-targets 0.48.5", + "windows-targets 0.52.0", ] [[package]] @@ -5591,9 +5624,9 @@ dependencies = [ [[package]] name = "zerocopy" -version = "0.7.28" +version = "0.7.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7d6f15f7ade05d2a4935e34a457b936c23dc70a05cc1d97133dc99e7a3fe0f0e" +checksum = "74d4d3961e53fa4c9a25a8637fc2bfaf2595b3d3ae34875568a5cf64787716be" dependencies = [ "byteorder", "zerocopy-derive", @@ -5601,13 +5634,13 @@ dependencies = [ [[package]] name = "zerocopy-derive" -version = "0.7.28" +version = "0.7.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dbbad221e3f78500350ecbd7dfa4e63ef945c05f4c61cb7f4d3f84cd0bba649b" +checksum = "9ce1b18ccd8e73a9321186f97e46f9f04b778851177567b1975109d26a08d2a6" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.48", ] [[package]] @@ -5627,25 +5660,24 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.48", ] [[package]] name = "zstd" -version = "0.12.4" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a27595e173641171fc74a1232b7b1c7a7cb6e18222c11e9dfb9888fa424c53c" +checksum = "bffb3309596d527cfcba7dfc6ed6052f1d39dfbd7c867aa2e865e4a449c10110" dependencies = [ "zstd-safe", ] [[package]] name = "zstd-safe" -version = "6.0.6" +version = "7.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ee98ffd0b48ee95e6c5168188e44a54550b1564d9d530ee21d5f0eaed1069581" +checksum = "43747c7422e2924c11144d5229878b98180ef8b06cca4ab5af37afc8a8d8ea3e" dependencies = [ - "libc", "zstd-sys", ] diff --git a/attestation-service/attestation-service/src/lib.rs b/attestation-service/attestation-service/src/lib.rs index 0e54ad3be..85370f72b 100644 --- a/attestation-service/attestation-service/src/lib.rs +++ b/attestation-service/attestation-service/src/lib.rs @@ -19,6 +19,7 @@ use log::debug; use policy_engine::{PolicyEngine, PolicyEngineType, SetPolicyInput}; use rvps::RvpsApi; use serde_json::{json, Value}; +use serde_variant::to_variant_name; use sha2::{Digest, Sha256, Sha384, Sha512}; use std::{collections::HashMap, str::FromStr}; use strum::{AsRefStr, EnumString}; @@ -204,6 +205,7 @@ impl AttestationService { .collect(); let token_claims = json!({ + "tee": to_variant_name(&tee)?, "evaluation-reports": policies, "tcb-status": flattened_claims, "reference-data": reference_data_map, diff --git a/attestation-service/docs/example.token.json b/attestation-service/docs/example.token.json index da0afc6df..742ba2a95 100644 --- a/attestation-service/docs/example.token.json +++ b/attestation-service/docs/example.token.json @@ -47,5 +47,6 @@ "sgx.header.user_data": "dccde9b31ce8860548173bb4a2a57a1600000000", "sgx.header.vendor_id": "939a7233f79c4ca9940a0db3957f0607", "sgx.header.version": "0300" - } -} \ No newline at end of file + }, + "tee": "sgx" +} diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 000000000..9960a28bb --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,73 @@ +version: '3.2' +services: + kbs: + build: + context: . + dockerfile: ./kbs/docker/Dockerfile.coco-as-grpc + #image: ghcr.io/confidential-containers/key-broker-service:latest + command: [ + "/usr/local/bin/kbs", + "--config-file", + "/etc/kbs-config.toml", + ] + restart: always # keep the server running + ports: + - "8080:8080" + volumes: + - ./kbs/data/kbs-storage:/opt/confidential-containers/kbs/repository:rw + - ./kbs/config/public.pub:/opt/confidential-containers/kbs/user-keys/public.pub + - ./kbs/config/docker-compose/kbs-config.toml:/etc/kbs-config.toml + depends_on: + - as + + as: + build: + context: . + dockerfile: ./attestation-service/Dockerfile.as-grpc + #image: ghcr.io/confidential-containers/attestation-service:latest + ports: + - "50004:50004" + restart: always + volumes: + - ./kbs/data/attestation-service:/opt/confidential-containers/attestation-service:rw + - ./kbs/config/as-config.json:/etc/as-config.json:rw + - ./kbs/config/sgx_default_qcnl.conf:/etc/sgx_default_qcnl.conf:rw + command: [ + "grpc-as", + "--socket", + "0.0.0.0:50004", + "--config-file", + "/etc/as-config.json" + ] + depends_on: + - rvps + + rvps: + #image: ghcr.io/confidential-containers/reference-value-provider-service:latest + build: + context: . + dockerfile: ./attestation-service/rvps/Dockerfile + restart: always # keep the server running + ports: + - "50003:50003" + volumes: + - ./kbs/data/reference-values:/opt/confidential-containers/attestation-service/reference_values:rw + + keyprovider: + image: ghcr.io/confidential-containers/coco-keyprovider:latest + restart: always + ports: + - "50000:50000" + volumes: + - ./kbs/config/private.key:/etc/private.key + command: [ + "coco_keyprovider", + "--socket", + "0.0.0.0:50000", + "--kbs", + "http://kbs:8080", + "--auth-private-key", + "/etc/private.key" + ] + depends_on: + - kbs diff --git a/kbs/config/as-config.json b/kbs/config/as-config.json index 27b83fdc4..d71d86e8c 100644 --- a/kbs/config/as-config.json +++ b/kbs/config/as-config.json @@ -2,6 +2,9 @@ "work_dir": "/opt/confidential-containers/attestation-service", "policy_engine": "opa", "rvps_store_type": "LocalFs", + "rvps_config": { + "remote_addr":"http://rvps:50003" + }, "attestation_token_broker": "Simple", "attestation_token_config": { "duration_min": 5 diff --git a/kbs/docker-compose.yml b/kbs/docker-compose.yml deleted file mode 100644 index 5fdd3cab9..000000000 --- a/kbs/docker-compose.yml +++ /dev/null @@ -1,69 +0,0 @@ -version: '3.2' -services: - kbs: - # build: - # context: . - # dockerfile: ./docker/Dockerfile.coco-as-grpc - image: ghcr.io/confidential-containers/key-broker-service:latest - command: [ - "/usr/local/bin/kbs", - "--config-file", - "/etc/kbs-config.toml", - ] - restart: always # keep the server running - ports: - - "8080:8080" - volumes: - - ./data/kbs-storage:/opt/confidential-containers/kbs/repository:rw - - ./config/public.pub:/opt/confidential-containers/kbs/user-keys/public.pub - - ./config/docker-compose/kbs-config.toml:/etc/kbs-config.toml - depends_on: - - as - - as: - image: ghcr.io/confidential-containers/attestation-service:latest - ports: - - "50004:50004" - restart: always - volumes: - - ./data/attestation-service:/opt/confidential-containers/attestation-service:rw - - ./config/as-config.json:/etc/as-config.json:rw - - ./config/sgx_default_qcnl.conf:/etc/sgx_default_qcnl.conf:rw - command: [ - "grpc-as", - "--socket", - "0.0.0.0:50004", - "--rvps-address", - "http://rvps:50003", - "--config", - "/etc/as-config.json" - ] - depends_on: - - rvps - - rvps: - image: ghcr.io/confidential-containers/reference-value-provider-service:latest - restart: always # keep the server running - ports: - - "50003:50003" - volumes: - - ./data/reference-values:/opt/confidential-containers/attestation-service/reference_values:rw - - keyprovider: - image: ghcr.io/confidential-containers/coco-keyprovider:latest - restart: always - ports: - - "50000:50000" - volumes: - - ./config/private.key:/etc/private.key - command: [ - "coco_keyprovider", - "--socket", - "0.0.0.0:50000", - "--kbs", - "http://kbs:8080", - "--auth-private-key", - "/etc/private.key" - ] - depends_on: - - kbs diff --git a/kbs/docs/cluster.md b/kbs/docs/cluster.md index bb95de30b..981182150 100644 --- a/kbs/docs/cluster.md +++ b/kbs/docs/cluster.md @@ -1,6 +1,6 @@ # KBS Cluster -KBS provides a simple cluster defined by `docker-compose`, include itself, [Attestation Service](https://github.com/confidential-containers/attestation-service), [Reference Value Provider Service](https://github.com/confidential-containers/attestation-service/tree/main/bin/rvps) and [CoCo Keyprovider](https://github.com/confidential-containers/attestation-agent/tree/cc4e84c/sample_keyprovider) +KBS provides a simple cluster defined by `docker-compose`, include itself, [Attestation Service](https://github.com/confidential-containers/kbs/tree/main/attestation-service), [Reference Value Provider Service](https://github.com/confidential-containers/kbs/tree/main/attestation-service/rvps) and [CoCo Keyprovider](https://github.com/confidential-containers/guest-components/tree/main/attestation-agent/coco_keyprovider) Users can use very simple command to: - launch KBS service. @@ -19,8 +19,8 @@ Users can use very simple command to: Generate a user auth key pair ``` cd $KBS -openssl genpkey -algorithm ed25519 > config/private.key -openssl pkey -in config/private.key -pubout -out config/public.pub +openssl genpkey -algorithm ed25519 > kbs/config/private.key +openssl pkey -in kbs/config/private.key -pubout -out kbs/config/public.pub ``` Run the cluster @@ -28,6 +28,10 @@ Run the cluster docker-compose up -d ``` +Note that by defaultthe KBS cluster blocks sample evidence. +If you are testing with sample evidence you will need to +set a more permissive resource policy. + Then the kbs cluster is launched. Use `skopeo` to encrypt an image @@ -51,4 +55,4 @@ The image will be encrypted, and things happens in the background include: - `CoCo Keyprovider` generates a random KEK and a key id. Then encrypts the image using the KEK. - `CoCo Keyprovider` registers the KEK with key id into KBS. -If use the same KBS for key brokering, the image can be decrypted. \ No newline at end of file +If use the same KBS for key brokering, the image can be decrypted. diff --git a/kbs/quickstart.md b/kbs/quickstart.md index c3f21db19..0c047d90c 100644 --- a/kbs/quickstart.md +++ b/kbs/quickstart.md @@ -75,9 +75,14 @@ Run following command to get resource data from KBS: kbs-client --url http://127.0.0.1:50000 get-resource --path default/test/dummy ``` -By default, the attestation mechanism of KBS requires that the above commands can only correctly obtain -by running within a real TEE. -But you can directly test locally using the sample TEE type by setting the environment variable `AA_SAMPLE_ATTESTER_TEST` to `yes`. +If you run the client outside of a TEE, the sample attester will be used. +By default the KBS rejects all sample evidence. +To test the KBS with sample evidence, you'll need to update the resource policy +to something more permissive. +This can be done with a command such as +```shell +./kbs-client --url http://127.0.0.1:50000 config --auth-private-key config/private.key set-resource-policy --policy-file allow_all.rego +``` ## Passport Mode @@ -179,4 +184,4 @@ Where `/path/to/policy` should be replaced by the real path to your policy file. Resource policy also needs to be the `rego` syntax defined by [Open Policy Agent](https://www.openpolicyagent.org/). -You can read the notes of [default resource policy file](./src/api/src/policy_engine/opa/default_policy.rego) for more details of resource policy. \ No newline at end of file +You can read the notes of [default resource policy file](./src/api/src/policy_engine/opa/default_policy.rego) for more details of resource policy. diff --git a/kbs/src/api/src/http/error.rs b/kbs/src/api/src/http/error.rs index b563cf0ac..961ad6809 100644 --- a/kbs/src/api/src/http/error.rs +++ b/kbs/src/api/src/http/error.rs @@ -54,6 +54,9 @@ pub enum Error { #[error("Resource policy engine evaluate failed: {0}")] PolicyEngineFailed(String), + #[error("Resource not permitted.")] + PolicyReject, + #[error("Public key get failed: {0}")] PublicKeyGetFailed(String), @@ -133,6 +136,7 @@ mod tests { #[case(Error::InvalidRequest("test".into()))] #[case(Error::JWEFailed("test".into()))] #[case(Error::PolicyEndpoint("test".into()))] + #[case(Error::PolicyReject)] #[case(Error::PublicKeyGetFailed("test".into()))] #[case(Error::ReadSecretFailed("test".into()))] #[case(Error::SetSecretFailed("test".into()))] diff --git a/kbs/src/api/src/http/resource.rs b/kbs/src/api/src/http/resource.rs index 1fd4fe925..3cb93f9a1 100644 --- a/kbs/src/api/src/http/resource.rs +++ b/kbs/src/api/src/http/resource.rs @@ -103,13 +103,17 @@ pub(crate) async fn get_resource( resource_description.resource_type, resource_description.resource_tag ); - policy_engine + let (resource_allowed, _extra_policy_output) = policy_engine .0 .lock() .await .evaluate(resource_path, claims_str) .await .map_err(|e| Error::PolicyEngineFailed(e.to_string()))?; + + if !resource_allowed { + raise_error!(Error::PolicyReject); + } } let resource_byte = repository diff --git a/kbs/src/api/src/policy_engine/opa/default_policy.rego b/kbs/src/api/src/policy_engine/opa/default_policy.rego index 813c84dd6..207717bda 100644 --- a/kbs/src/api/src/policy_engine/opa/default_policy.rego +++ b/kbs/src/api/src/policy_engine/opa/default_policy.rego @@ -31,7 +31,11 @@ # } # ``` +package policy +default allow = false + +allow { + input["tee"] != "sample" +} -package policy -default allow = true \ No newline at end of file diff --git a/kbs/test/Makefile b/kbs/test/Makefile index 53bab7eed..532afbee5 100644 --- a/kbs/test/Makefile +++ b/kbs/test/Makefile @@ -98,6 +98,9 @@ stop-resource-kbs: resource-kbs.PID kill $$(cat $<) && rm $< test-bgcheck: client start-kbs + RUST_LOG=kbs_protocol=warn ./client \ + config --auth-private-key kbs.key \ + set-resource-policy --policy-file $(MAKEFILE_DIR)/data/policy_2.rego && \ RUST_LOG=kbs_protocol=error ./client get-resource \ --path one/two/three \ | base64 -d > roundtrip_secret && \ @@ -111,6 +114,9 @@ attestation_token: client tee.key start-kbs > attestation_token test-passport: client attestation_token start-resource-kbs + RUST_LOG=kbs_protocol=warn ./client --url http://127.0.0.1:50002 \ + config --auth-private-key kbs.key \ + set-resource-policy --policy-file $(MAKEFILE_DIR)/data/policy_2.rego && \ RUST_LOG=kbs_protocol=warn ./client --url http://127.0.0.1:50002 get-resource \ --attestation-token attestation_token \ --tee-key-file tee.key \ diff --git a/kbs/test/data/policy_2.rego b/kbs/test/data/policy_2.rego index 4edf5cdf1..2a379fc37 100644 --- a/kbs/test/data/policy_2.rego +++ b/kbs/test/data/policy_2.rego @@ -1,2 +1,5 @@ + package policy -default allow = true \ No newline at end of file + +default allow = true + diff --git a/kbs/tools/client/Cargo.toml b/kbs/tools/client/Cargo.toml index 95288dd08..c5b3cfdc6 100644 --- a/kbs/tools/client/Cargo.toml +++ b/kbs/tools/client/Cargo.toml @@ -18,9 +18,13 @@ base64.workspace = true clap = { version = "4.0.29", features = ["derive"] } env_logger.workspace = true jwt-simple = "0.11.4" -kbs_protocol = { git = "https://github.com/confidential-containers/guest-components.git", rev = "1e76429" } +kbs_protocol = { git = "https://github.com/confidential-containers/guest-components.git", rev = "7ddecc780c1ec03b0ef3ca9e161eea0f75fcaac0", default-features = false } log.workspace = true reqwest = { version = "0.11.18", default-features = false, features = ["cookies", "json"] } serde = { version = "1.0", features = ["derive"] } serde_json.workspace = true tokio.workspace = true + +[features] +default = ["kbs_protocol/default"] +sample_only = ["kbs_protocol/background_check", "kbs_protocol/passport", "kbs_protocol/rust-crypto"] diff --git a/kbs/tools/client/README.md b/kbs/tools/client/README.md index 35b63e0a1..7f07d7f91 100644 --- a/kbs/tools/client/README.md +++ b/kbs/tools/client/README.md @@ -1,8 +1,14 @@ # KBS Client Tool -This is a simple KBS Client cmdline tool for test. +This is a simple client for the KBS that facilitates testing of the KBS +and other basic attestation flows. -## Usage +You can run this tool inside of a TEE to make a request with real attestation evidence. +You can also provide pre-existing evidence or use the sample attester as a fallback. + +The client tool can also be used to provision the KBS/AS with resources and policies. + +For more sophisticated attestation clients, please refer to [guest components](https://github.com/confidential-containers/guest-components) For help: @@ -10,12 +16,22 @@ For help: ./client -h ``` -If you want use this client to test KBS APIs that need attestation, make sure this client runs -inside an [Attestation Agent](https://github.com/confidential-containers/attestation-agent) -supported TEE, otherwise attestation will fail. +## Examples + +Get a resource from the KBS (after attesting) + +```shell +./kbs-client --url http://127.0.0.1:8080 get-resource --path my_repo/resource_type/123abc +``` -If you want to use Sample TEE attester in CC-KBC, set the following environment variable first: +Add a resource to the KBS +```shell +./kbs-client --url http://127.0.0.1:8080 config --auth-private-key ../../kbs/config/private.key set-resource --path my_repo/resource_type/123abc --resource-file test_resource ``` -export AA_SAMPLE_ATTESTER_TEST=yes + +Set a resource policy +```shell +./kbs-client --url http://127.0.0.1:8080 config --auth-private-key ../../kbs/config/private.key set-resource-policy --policy-file allow_all.rego ``` +