diff --git a/.github/workflows/as-e2e.yml b/.github/workflows/as-e2e.yml index 1ba4b9cdd..d9afd26b2 100644 --- a/.github/workflows/as-e2e.yml +++ b/.github/workflows/as-e2e.yml @@ -28,7 +28,7 @@ jobs: name: TEE=${{ matrix.restful_tee_enum }} Generate Evidence Dynamically=${{ matrix.generate_evidence }} runs-on: ${{ matrix.runner }} env: - RUSTC_VERSION: 1.76.0 + RUSTC_VERSION: 1.83.0 GRPC_TEE_ENUM: ${{ matrix.grpc_tee_enum }} RESTFUL_TEE_ENUM: ${{ matrix.restful_tee_enum }} steps: diff --git a/.github/workflows/as-rust.yml b/.github/workflows/as-rust.yml index 3235d38d0..a6791a6f7 100644 --- a/.github/workflows/as-rust.yml +++ b/.github/workflows/as-rust.yml @@ -24,7 +24,7 @@ jobs: name: Check runs-on: ubuntu-22.04 env: - RUSTC_VERSION: 1.76.0 + RUSTC_VERSION: 1.83.0 steps: - name: Code checkout uses: actions/checkout@v4 diff --git a/.github/workflows/kbs-docker-e2e.yml b/.github/workflows/kbs-docker-e2e.yml index 3d75f6f9c..849e6ead1 100644 --- a/.github/workflows/kbs-docker-e2e.yml +++ b/.github/workflows/kbs-docker-e2e.yml @@ -13,7 +13,7 @@ jobs: e2e-test: runs-on: ubuntu-latest env: - RUSTC_VERSION: 1.76.0 + RUSTC_VERSION: 1.83.0 steps: - name: Checkout KBS uses: actions/checkout@v4 diff --git a/.github/workflows/kbs-e2e.yml b/.github/workflows/kbs-e2e.yml index 5d03733fc..4c5882739 100644 --- a/.github/workflows/kbs-e2e.yml +++ b/.github/workflows/kbs-e2e.yml @@ -24,7 +24,7 @@ jobs: build-binaries: runs-on: ubuntu-22.04 env: - RUSTC_VERSION: 1.76.0 + RUSTC_VERSION: 1.83.0 steps: - name: Download artifacts uses: actions/download-artifact@v4 diff --git a/.github/workflows/kbs-rust.yml b/.github/workflows/kbs-rust.yml index eacd5a6aa..0d6aa1b30 100644 --- a/.github/workflows/kbs-rust.yml +++ b/.github/workflows/kbs-rust.yml @@ -23,7 +23,7 @@ jobs: strategy: fail-fast: false env: - RUSTC_VERSION: 1.76.0 + RUSTC_VERSION: 1.83.0 runs-on: ubuntu-22.04 steps: @@ -52,11 +52,7 @@ jobs: sudo apt-get update sudo apt-get install -y libtdx-attest-dev libsgx-dcap-quote-verify-dev - - name: KBS Build [Default] - working-directory: kbs - run: make - - - name: KBS Build [Built-in CoCo AS] + - name: KBS Build [Default/Built-in CoCo AS] working-directory: kbs run: make diff --git a/.github/workflows/push-kbs-client-to-ghcr.yml b/.github/workflows/push-kbs-client-to-ghcr.yml index 22d5c28d1..a78bb26bb 100644 --- a/.github/workflows/push-kbs-client-to-ghcr.yml +++ b/.github/workflows/push-kbs-client-to-ghcr.yml @@ -14,7 +14,7 @@ jobs: - x86_64 - s390x env: - RUSTC_VERSION: 1.76.0 + RUSTC_VERSION: 1.83.0 runs-on: ${{ matrix.arch == 'x86_64' && 'ubuntu-22.04' || 's390x' }} permissions: contents: read diff --git a/Cargo.lock b/Cargo.lock index bd4d0c590..e09e1d689 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1,6 +1,6 @@ # This file is automatically @generated by Cargo. # It is not intended for manual editing. -version = 3 +version = 4 [[package]] name = "actix-codec" @@ -66,7 +66,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e01ed3140b2f8d422c68afa1ed2e85d996ea619c988ac834d255db32138655cb" dependencies = [ "quote", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] @@ -203,7 +203,7 @@ dependencies = [ "actix-router", "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] @@ -271,6 +271,15 @@ dependencies = [ "subtle", ] +[[package]] +name = "aes-kw" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "69fa2b352dcefb5f7f3a5fb840e02665d311d878955380515e4fd50095dd3d8c" +dependencies = [ + "aes", +] + [[package]] name = "ahash" version = "0.7.8" @@ -394,9 +403,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.93" +version = "1.0.94" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c95c10ba0b00a02636238b814946408b1322d5ac4760326e6fb8ec956d85775" +checksum = "c1fd03a028ef38ba2276dce7e33fcd6369c158a1bca17946c4b1b701891c1ff7" [[package]] name = "arrayref" @@ -478,7 +487,7 @@ checksum = "c7c24de15d275a1ecfd47a380fb4d5ec9bfe0933f309ed5e705b775596a3574d" dependencies = [ "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] @@ -489,7 +498,7 @@ checksum = "721cae7de5c34fbb2acd27e21e6d2cf7b886dce0c27388d46c4e6c47ea4318dd" dependencies = [ "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] @@ -505,19 +514,19 @@ source = "git+https://github.com/confidential-containers/guest-components.git?re dependencies = [ "anyhow", "async-trait", - "attester", + "attester 0.1.0 (git+https://github.com/confidential-containers/guest-components.git?rev=e6999a3c0fd877dae9e68ea78b8b483062db32b8)", "base64 0.22.1", "config", "const_format", - "crypto", - "kbs-types", + "crypto 0.1.0 (git+https://github.com/confidential-containers/guest-components.git?rev=e6999a3c0fd877dae9e68ea78b8b483062db32b8)", + "kbs-types 0.7.0", "log", "serde", "serde_json", "sha2", "strum", "tempfile", - "thiserror 2.0.3", + "thiserror 2.0.7", "tokio", "toml 0.8.19", ] @@ -532,13 +541,13 @@ dependencies = [ "async-trait", "base64 0.22.1", "cfg-if", - "clap 4.5.21", + "clap 4.5.23", "ear 0.3.0", "env_logger 0.10.2", "futures", "hex", "jsonwebtoken", - "kbs-types", + "kbs-types 0.9.1", "lazy_static", "log", "openssl", @@ -557,7 +566,7 @@ dependencies = [ "strum", "tempfile", "testing_logger", - "thiserror 2.0.3", + "thiserror 2.0.7", "time", "tokio", "tonic", @@ -570,6 +579,25 @@ dependencies = [ name = "attester" version = "0.1.0" source = "git+https://github.com/confidential-containers/guest-components.git?rev=e6999a3c0fd877dae9e68ea78b8b483062db32b8#e6999a3c0fd877dae9e68ea78b8b483062db32b8" +dependencies = [ + "anyhow", + "async-trait", + "base64 0.22.1", + "hex", + "kbs-types 0.7.0", + "log", + "serde", + "serde_json", + "serde_with", + "sha2", + "strum", + "thiserror 2.0.7", +] + +[[package]] +name = "attester" +version = "0.1.0" +source = "git+https://github.com/Xynnn007/guest-components.git?rev=ff56818#ff5681809df12e0e94c9d4a60f168f69d7f3e6e0" dependencies = [ "anyhow", "async-trait", @@ -579,9 +607,9 @@ dependencies = [ "codicon", "csv-rs", "hex", - "hyper 0.14.31", + "hyper 0.14.32", "hyper-tls 0.5.0", - "kbs-types", + "kbs-types 0.9.1", "log", "occlum_dcap", "s390_pv", @@ -589,12 +617,12 @@ dependencies = [ "serde", "serde_json", "serde_with", - "sev 3.2.0", + "sev", "sha2", "strum", "tdx-attest-rs", "tempfile", - "thiserror 2.0.3", + "thiserror 2.0.7", "tokio", ] @@ -625,7 +653,7 @@ dependencies = [ "axum-core", "bytes", "futures-util", - "http 1.1.0", + "http 1.2.0", "http-body 1.0.1", "http-body-util", "itoa", @@ -637,7 +665,7 @@ dependencies = [ "rustversion", "serde", "sync_wrapper 1.0.2", - "tower 0.5.1", + "tower 0.5.2", "tower-layer", "tower-service", ] @@ -651,7 +679,7 @@ dependencies = [ "async-trait", "bytes", "futures-util", - "http 1.1.0", + "http 1.2.0", "http-body 1.0.1", "http-body-util", "mime", @@ -675,9 +703,9 @@ dependencies = [ "serde", "serde-big-array", "serde_json", - "sev 4.0.0", + "sev", "sha2", - "thiserror 2.0.3", + "thiserror 2.0.7", "tss-esapi", "zerocopy", ] @@ -690,11 +718,11 @@ checksum = "7c16506502dc64f7111f7241ca400f3ee0f54e69dfd1f4be5cef29b96332f22e" dependencies = [ "az-cvm-vtpm", "bincode", - "clap 4.5.21", + "clap 4.5.23", "openssl", "serde", - "sev 4.0.0", - "thiserror 2.0.3", + "sev", + "thiserror 2.0.7", "ureq", ] @@ -709,7 +737,7 @@ dependencies = [ "bincode", "serde", "serde_json", - "thiserror 2.0.3", + "thiserror 2.0.7", "ureq", "zerocopy", ] @@ -819,15 +847,15 @@ dependencies = [ "regex", "rustc-hash 1.1.0", "shlex", - "syn 2.0.87", + "syn 2.0.90", "which", ] [[package]] name = "binstring" -version = "0.1.1" +version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7e0d60973d9320722cb1206f412740e162a33b8547ea8d6be75d7cff237c7a85" +checksum = "ed79c2a8151273c70956b5e3cdfdc1ff6c1a8b9779ba59c6807d281b32ee2f86" [[package]] name = "bitfield" @@ -929,9 +957,9 @@ checksum = "325918d6fe32f23b19878fe4b34794ae41fc19ddbe53b10571a4874d44ffd39b" [[package]] name = "bytestring" -version = "1.3.1" +version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "74d80203ea6b29df88012294f62733de21cfeab47f17b41af3a38bc30a03ee72" +checksum = "e465647ae23b2823b0753f50decb2d5a86d2bb2cac04788fafd1f80e45378e5f" dependencies = [ "bytes", ] @@ -957,9 +985,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.2.1" +version = "1.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fd9de9f2205d5ef3fd67e685b0df337994ddd4495e2a28d185500d0e1edfea47" +checksum = "9157bbaa6b165880c27a4293a474c91cdcf265cc68cc829bf10be0964a391caf" dependencies = [ "jobserver", "libc", @@ -989,9 +1017,9 @@ checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724" [[package]] name = "chrono" -version = "0.4.38" +version = "0.4.39" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a21f936df1771bf62b77f047b726c4625ff2e8aa607c01ec06e5a05bd8463401" +checksum = "7e36cc9d416881d2e24f9a963be5fb1cd90966419ac844274161d10488b3e825" dependencies = [ "android-tzdata", "iana-time-zone", @@ -1068,7 +1096,7 @@ checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" dependencies = [ "glob", "libc", - "libloading 0.8.5", + "libloading 0.8.6", ] [[package]] @@ -1088,9 +1116,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.21" +version = "4.5.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fb3b4b9e5a7c7514dfa52869339ee98b3156b0bfb4e8a77c4ff4babb64b1604f" +checksum = "3135e7ec2ef7b10c6ed8950f0f792ed96ee093fa088608f1c76e569722700c84" dependencies = [ "clap_builder", "clap_derive", @@ -1098,9 +1126,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.21" +version = "4.5.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b17a95aa67cc7b5ebd32aa5370189aa0d79069ef1c64ce893bd30fb24bff20ec" +checksum = "30582fc632330df2bd26877bde0c1f4470d57c582bbc070376afcd04d8cb4838" dependencies = [ "anstream", "anstyle", @@ -1117,20 +1145,20 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] name = "clap_lex" -version = "0.7.3" +version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "afb84c814227b90d6895e01398aee0d8033c00e7466aca416fb6a8e0eb19d8a7" +checksum = "f46ad14479a25103f283c0f10005961cf086d8dc42205bb44c46ac563475dca6" [[package]] name = "coarsetime" -version = "0.1.34" +version = "0.1.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "13b3839cf01bb7960114be3ccf2340f541b6d0c81f8690b007b2b39f750f7e5d" +checksum = "4252bf230cb600c19826a575b31c8c9c84c6f11acfab6dfcad2e941b10b6f8e2" dependencies = [ "libc", "wasix", @@ -1149,6 +1177,15 @@ version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5b63caa9aa9397e2d9480a9b13673856c78d8ac123288526c37d7839f2a86990" +[[package]] +name = "concat-kdf" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2d72c1252426a83be2092dd5884a5f6e3b8e7180f6891b6263d2c21b92ec8816" +dependencies = [ + "digest", +] + [[package]] name = "config" version = "0.13.4" @@ -1182,18 +1219,18 @@ checksum = "373e9fafaa20882876db20562275ff58d50e0caa2590077fe7ce7bef90211d0d" [[package]] name = "const_format" -version = "0.2.33" +version = "0.2.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "50c655d81ff1114fb0dcdea9225ea9f0cc712a6f8d189378e82bdf62a473a64b" +checksum = "126f97965c8ad46d6d9163268ff28432e8f6a1196a55578867832e3049df63dd" dependencies = [ "const_format_proc_macros", ] [[package]] name = "const_format_proc_macros" -version = "0.2.33" +version = "0.2.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eff1a44b93f47b1bac19a27932f5c591e43d1ba357ee4f61526c8a25603f0eb1" +checksum = "1d57c2eccfb16dbac1f4e61e206105db5820c9d26c3c472bc17c774259ef7744" dependencies = [ "proc-macro2", "quote", @@ -1308,9 +1345,9 @@ dependencies = [ [[package]] name = "crossbeam-utils" -version = "0.8.20" +version = "0.8.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "22ec99545bb0ed0ea7bb9b8e1e9122ea386ff8a48c0922e43f36d45ab09e0e80" +checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" [[package]] name = "crunchy" @@ -1327,7 +1364,29 @@ dependencies = [ "anyhow", "base64 0.22.1", "ctr", - "kbs-types", + "kbs-types 0.7.0", + "rand", + "rsa", + "serde", + "serde_json", + "sha2", + "strum", + "zeroize", +] + +[[package]] +name = "crypto" +version = "0.1.0" +source = "git+https://github.com/Xynnn007/guest-components.git?rev=ff56818#ff5681809df12e0e94c9d4a60f168f69d7f3e6e0" +dependencies = [ + "aes-gcm", + "aes-kw", + "anyhow", + "base64 0.22.1", + "concat-kdf", + "ctr", + "kbs-types 0.9.1", + "p256", "rand", "rsa", "serde", @@ -1392,7 +1451,7 @@ dependencies = [ "bitflags 1.3.2", "codicon", "dirs", - "hyper 0.14.31", + "hyper 0.14.32", "hyper-tls 0.5.0", "iocuddle", "libc", @@ -1407,9 +1466,9 @@ dependencies = [ [[package]] name = "ct-codecs" -version = "1.1.2" +version = "1.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "026ac6ceace6298d2c557ef5ed798894962296469ec7842288ea64674201a2d1" +checksum = "b916ba8ce9e4182696896f015e8a5ae6081b305f74690baa8465e35f5a142ea4" [[package]] name = "ctr" @@ -1559,7 +1618,7 @@ dependencies = [ "proc-macro2", "quote", "rustc_version", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] @@ -1612,7 +1671,7 @@ checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] @@ -1743,7 +1802,7 @@ checksum = "de0d48a183585823424a4ce1aa132d174a6a81bd540895822eb4c8373a8e49e8" dependencies = [ "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] @@ -1793,12 +1852,12 @@ checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" [[package]] name = "errno" -version = "0.3.9" +version = "0.3.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba" +checksum = "33d852cb9b869c2a9b3df2f71a3074817f01e1844f839a144f5fcef059a4eb5d" dependencies = [ "libc", - "windows-sys 0.52.0", + "windows-sys 0.59.0", ] [[package]] @@ -1944,7 +2003,7 @@ checksum = "162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650" dependencies = [ "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] @@ -2074,7 +2133,7 @@ dependencies = [ "futures-sink", "futures-util", "http 0.2.12", - "indexmap 2.6.0", + "indexmap 2.7.0", "slab", "tokio", "tokio-util", @@ -2092,8 +2151,8 @@ dependencies = [ "fnv", "futures-core", "futures-sink", - "http 1.1.0", - "indexmap 2.6.0", + "http 1.2.0", + "indexmap 2.7.0", "slab", "tokio", "tokio-util", @@ -2127,9 +2186,9 @@ checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1" [[package]] name = "hashbrown" -version = "0.15.1" +version = "0.15.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3a9bfc1af68b1726ea47d3d5109de126281def866b33970e10fbab11b5dafab3" +checksum = "bf151400ff0baff5465007dd2f3e717f3fe502074ca563069ce3a6629d07b289" [[package]] name = "heck" @@ -2146,12 +2205,6 @@ dependencies = [ "libc", ] -[[package]] -name = "hermit-abi" -version = "0.3.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024" - [[package]] name = "hermit-abi" version = "0.4.0" @@ -2184,35 +2237,35 @@ dependencies = [ [[package]] name = "hmac-sha1-compact" -version = "1.1.4" +version = "1.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dff9d405ec732fa3fcde87264e54a32a84956a377b3e3107de96e59b798c84a7" +checksum = "18492c9f6f9a560e0d346369b665ad2bdbc89fa9bceca75796584e79042694c3" [[package]] name = "hmac-sha256" -version = "1.1.7" +version = "1.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3688e69b38018fec1557254f64c8dc2cc8ec502890182f395dbb0aa997aa5735" +checksum = "4a8575493d277c9092b988c780c94737fb9fd8651a1001e16bee3eccfc1baedb" dependencies = [ "digest", ] [[package]] name = "hmac-sha512" -version = "1.1.5" +version = "1.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e4ce1f4656bae589a3fab938f9f09bf58645b7ed01a2c5f8a3c238e01a4ef78a" +checksum = "b0b3a0f572aa8389d325f5852b9e0a333a15b0f86ecccbb3fdb6e97cd86dc67c" dependencies = [ "digest", ] [[package]] name = "home" -version = "0.5.9" +version = "0.5.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5" +checksum = "589533453244b0995c858700322199b2becb13b627df2851f64a2775d024abcf" dependencies = [ - "windows-sys 0.52.0", + "windows-sys 0.59.0", ] [[package]] @@ -2234,9 +2287,9 @@ dependencies = [ [[package]] name = "http" -version = "1.1.0" +version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "21b9ddb458710bc376481b842f5da65cdf31522de232c1ca8146abce2a358258" +checksum = "f16ca2af56261c99fba8bac40a10251ce8188205a4c448fbb745a2e4daa76fea" dependencies = [ "bytes", "fnv", @@ -2261,7 +2314,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184" dependencies = [ "bytes", - "http 1.1.0", + "http 1.2.0", ] [[package]] @@ -2272,7 +2325,7 @@ checksum = "793429d76616a256bcb62c2a2ec2bed781c8307e797e2598c50010f2bee2544f" dependencies = [ "bytes", "futures-util", - "http 1.1.0", + "http 1.2.0", "http-body 1.0.1", "pin-project-lite", ] @@ -2297,9 +2350,9 @@ checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" [[package]] name = "hyper" -version = "0.14.31" +version = "0.14.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8c08302e8fa335b151b788c775ff56e7a03ae64ff85c548ee820fecb70356e85" +checksum = "41dfc780fdec9373c01bae43289ea34c972e40ee3c9f6b3c8801a35f35586ce7" dependencies = [ "bytes", "futures-channel", @@ -2321,15 +2374,15 @@ dependencies = [ [[package]] name = "hyper" -version = "1.5.1" +version = "1.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97818827ef4f364230e16705d4706e2897df2bb60617d6ca15d598025a3c481f" +checksum = "256fb8d4bd6413123cc9d91832d78325c48ff41677595be797d90f42969beae0" dependencies = [ "bytes", "futures-channel", "futures-util", "h2 0.4.7", - "http 1.1.0", + "http 1.2.0", "http-body 1.0.1", "httparse", "httpdate", @@ -2348,7 +2401,7 @@ checksum = "ec3efd23720e2049821a693cbc7e65ea87c72f1c58ff2f9522ff332b1491e590" dependencies = [ "futures-util", "http 0.2.12", - "hyper 0.14.31", + "hyper 0.14.32", "rustls 0.21.12", "tokio", "tokio-rustls 0.24.1", @@ -2361,15 +2414,15 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "08afdbb5c31130e3034af566421053ab03787c640246a446327f550d11bcb333" dependencies = [ "futures-util", - "http 1.1.0", - "hyper 1.5.1", + "http 1.2.0", + "hyper 1.5.2", "hyper-util", - "rustls 0.23.17", + "rustls 0.23.20", "rustls-pki-types", "tokio", - "tokio-rustls 0.26.0", + "tokio-rustls 0.26.1", "tower-service", - "webpki-roots 0.26.6", + "webpki-roots 0.26.7", ] [[package]] @@ -2378,7 +2431,7 @@ version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2b90d566bffbce6a75bd8b09a05aa8c2cb1fabb6cb348f8840c9e4c90a0d83b0" dependencies = [ - "hyper 1.5.1", + "hyper 1.5.2", "hyper-util", "pin-project-lite", "tokio", @@ -2392,7 +2445,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905" dependencies = [ "bytes", - "hyper 0.14.31", + "hyper 0.14.32", "native-tls", "tokio", "tokio-native-tls", @@ -2406,7 +2459,7 @@ checksum = "70206fc6890eaca9fde8a0bf71caa2ddfc9fe045ac9e5c70df101a7dbde866e0" dependencies = [ "bytes", "http-body-util", - "hyper 1.5.1", + "hyper 1.5.2", "hyper-util", "native-tls", "tokio", @@ -2423,9 +2476,9 @@ dependencies = [ "bytes", "futures-channel", "futures-util", - "http 1.1.0", + "http 1.2.0", "http-body 1.0.1", - "hyper 1.5.1", + "hyper 1.5.2", "pin-project-lite", "socket2", "tokio", @@ -2571,7 +2624,7 @@ checksum = "1ec89e9337638ecdc08744df490b221a7399bf8d164eb52a665454e60e075ad6" dependencies = [ "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] @@ -2619,12 +2672,12 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.6.0" +version = "2.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "707907fe3c25f5424cce2cb7e1cbcafee6bdbe735ca90ef77c29e84591e5b9da" +checksum = "62f822373a4fe84d4bb149bf54e584a7f4abec90e072ed49cda0edea5b95471f" dependencies = [ "equivalent", - "hashbrown 0.15.1", + "hashbrown 0.15.2", ] [[package]] @@ -2688,9 +2741,9 @@ dependencies = [ [[package]] name = "is_debug" -version = "1.0.1" +version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "06d198e9919d9822d5f7083ba8530e04de87841eaf21ead9af8f2304efd57c89" +checksum = "e8ea828c9d6638a5bd3d8b14e37502b4d56cae910ccf8a5b7f51c7a0eb1d0508" [[package]] name = "is_terminal_polyfill" @@ -2700,18 +2753,18 @@ checksum = "7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf" [[package]] name = "itertools" -version = "0.12.1" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569" +checksum = "413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186" dependencies = [ "either", ] [[package]] name = "itoa" -version = "1.0.13" +version = "1.0.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "540654e97a3f4470a492cd30ff187bc95d89557a903a2bbf112e2fae98104ef2" +checksum = "d75a2a4b1b190afb6f5425f10f6a8f959d2ea0b9c2b1d79553551850539e4674" [[package]] name = "jobserver" @@ -2722,12 +2775,30 @@ dependencies = [ "libc", ] +[[package]] +name = "josekit" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a603084e34e151e215d232e401df0d9299bdced264b8054e4888ea614e59bb06" +dependencies = [ + "anyhow", + "base64 0.22.1", + "flate2", + "openssl", + "regex", + "serde", + "serde_json", + "thiserror 1.0.69", + "time", +] + [[package]] name = "js-sys" -version = "0.3.72" +version = "0.3.76" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a88f1bda2bd75b0452a14784937d796722fdebfe50df998aeb3f0b7603019a9" +checksum = "6717b6b5b077764fb5966237269cb3c64edddde4b14ce42647430a78ced9e7b7" dependencies = [ + "once_cell", "wasm-bindgen", ] @@ -2776,9 +2847,9 @@ dependencies = [ [[package]] name = "jwt-simple" -version = "0.12.10" +version = "0.12.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "50ae7e0018905a795d6f2a60ac32a547490abdd8df509906a8c6171e6d861711" +checksum = "b00e03c08ce71da10a3ad9267b963c03fc4234a56713d87648547b3fdda872a6" dependencies = [ "anyhow", "binstring", @@ -2796,7 +2867,7 @@ dependencies = [ "serde", "serde_json", "superboring", - "thiserror 1.0.69", + "thiserror 2.0.7", "zeroize", ] @@ -2821,25 +2892,29 @@ dependencies = [ "actix-web", "actix-web-httpauth", "aes-gcm", + "aes-kw", "anyhow", "async-trait", "attestation-service", "az-cvm-vtpm", "base64 0.22.1", "cfg-if", - "clap 4.5.21", + "clap 4.5.23", + "concat-kdf", "config", "cryptoki", "derivative", "env_logger 0.10.2", + "josekit", "jsonwebtoken", "jwt-simple", - "kbs-types", + "kbs-types 0.9.1", "kms", "lazy_static", "log", "mobc", "openssl", + "p256", "prost", "rand", "regex", @@ -2853,7 +2928,7 @@ dependencies = [ "serde_json", "strum", "tempfile", - "thiserror 2.0.3", + "thiserror 2.0.7", "time", "tokio", "tonic", @@ -2867,7 +2942,7 @@ version = "0.1.0" dependencies = [ "anyhow", "base64 0.22.1", - "clap 4.5.21", + "clap 4.5.23", "env_logger 0.10.2", "jwt-simple", "kbs_protocol", @@ -2888,25 +2963,36 @@ dependencies = [ "serde_json", ] +[[package]] +name = "kbs-types" +version = "0.9.1" +source = "git+https://github.com/Xynnn007/kbs-types.git?rev=f56c565#f56c5651f86ea0da43e1db02d13be87ee1363018" +dependencies = [ + "base64 0.22.1", + "serde", + "serde_json", + "thiserror 2.0.7", +] + [[package]] name = "kbs_protocol" version = "0.1.0" -source = "git+https://github.com/confidential-containers/guest-components.git?rev=e6999a3c0fd877dae9e68ea78b8b483062db32b8#e6999a3c0fd877dae9e68ea78b8b483062db32b8" +source = "git+https://github.com/Xynnn007/guest-components.git?rev=ff56818#ff5681809df12e0e94c9d4a60f168f69d7f3e6e0" dependencies = [ "anyhow", "async-trait", - "attester", + "attester 0.1.0 (git+https://github.com/Xynnn007/guest-components.git?rev=ff56818)", "base64 0.22.1", - "crypto", + "crypto 0.1.0 (git+https://github.com/Xynnn007/guest-components.git?rev=ff56818)", "jwt-simple", - "kbs-types", + "kbs-types 0.9.1", "log", "reqwest 0.12.9", - "resource_uri", + "resource_uri 0.1.0 (git+https://github.com/Xynnn007/guest-components.git?rev=ff56818)", "serde", "serde_json", "sha2", - "thiserror 2.0.3", + "thiserror 2.0.7", "tokio", "url", "zeroize", @@ -2930,13 +3016,13 @@ dependencies = [ "prost", "rand", "reqwest 0.12.9", - "resource_uri", + "resource_uri 0.1.0 (git+https://github.com/confidential-containers/guest-components.git?rev=e6999a3c0fd877dae9e68ea78b8b483062db32b8)", "ring", "serde", "serde_json", "sha2", "strum", - "thiserror 2.0.3", + "thiserror 2.0.7", "tokio", "toml 0.8.19", "tonic", @@ -2996,12 +3082,12 @@ dependencies = [ [[package]] name = "libloading" -version = "0.8.5" +version = "0.8.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4979f22fdb869068da03c9f7528f8297c6fd2606bc3a4affe42e6a823fdb8da4" +checksum = "fc2f4eb4bc735547cfed7c0a4922cbd04a4655978c09b54f1f7b228750664c34" dependencies = [ "cfg-if", - "windows-targets 0.48.5", + "windows-targets 0.52.6", ] [[package]] @@ -3046,9 +3132,9 @@ checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89" [[package]] name = "litemap" -version = "0.7.3" +version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "643cb0b8d4fcc284004d5fd0d67ccf61dfffadb7f75e1e71bc420f4688a3a704" +checksum = "4ee93343901ab17bd981295f2cf0026d4ad018c7c31ba84549a4ddbb47a45104" [[package]] name = "litrs" @@ -3153,11 +3239,10 @@ dependencies = [ [[package]] name = "mio" -version = "1.0.2" +version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "80e04d1dcff3aae0704555fe5fee3bcfaf3d1fdf8a7e521d5b9d2b42acb52cec" +checksum = "2886843bf800fba2e3377cff24abf6379b4c4d5c6681eaf9ea5b0d15090450bd" dependencies = [ - "hermit-abi 0.3.9", "libc", "log", "wasi", @@ -3267,7 +3352,7 @@ checksum = "ed3955f1a9c7c0c15e092f9c887db08b1fc683305fdf6eb6684f22555355e202" dependencies = [ "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] @@ -3381,7 +3466,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] @@ -3518,7 +3603,7 @@ checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8" dependencies = [ "cfg-if", "libc", - "redox_syscall 0.5.7", + "redox_syscall 0.5.8", "smallvec", "windows-targets 0.52.6", ] @@ -3583,20 +3668,20 @@ checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e" [[package]] name = "pest" -version = "2.7.14" +version = "2.7.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "879952a81a83930934cbf1786752d6dedc3b1f29e8f8fb2ad1d0a36f377cf442" +checksum = "8b7cafe60d6cf8e62e1b9b2ea516a089c008945bb5a275416789e7db0bc199dc" dependencies = [ "memchr", - "thiserror 1.0.69", + "thiserror 2.0.7", "ucd-trie", ] [[package]] name = "pest_derive" -version = "2.7.14" +version = "2.7.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d214365f632b123a47fd913301e14c946c61d1c183ee245fa76eb752e59a02dd" +checksum = "816518421cfc6887a0d62bf441b6ffb4536fcc926395a69e1a85852d4363f57e" dependencies = [ "pest", "pest_generator", @@ -3604,22 +3689,22 @@ dependencies = [ [[package]] name = "pest_generator" -version = "2.7.14" +version = "2.7.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eb55586734301717aea2ac313f50b2eb8f60d2fc3dc01d190eefa2e625f60c4e" +checksum = "7d1396fd3a870fc7838768d171b4616d5c91f6cc25e377b673d714567d99377b" dependencies = [ "pest", "pest_meta", "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] name = "pest_meta" -version = "2.7.14" +version = "2.7.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b75da2a70cf4d9cb76833c990ac9cd3923c9a8905a8929789ce347c84564d03d" +checksum = "e1e58089ea25d717bfd31fb534e4f3afcc2cc569c70de3e239778991ea3b7dea" dependencies = [ "once_cell", "pest", @@ -3633,7 +3718,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b4c5cc86750666a3ed20bdaf5ca2a0344f9c67674cae0515bec2da16fbaa47db" dependencies = [ "fixedbitset", - "indexmap 2.6.0", + "indexmap 2.7.0", ] [[package]] @@ -3677,7 +3762,7 @@ dependencies = [ "phf_shared", "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] @@ -3741,7 +3826,7 @@ checksum = "3c0f5fad0874fc7abcd4d750e76917eaebbecaa2c20bde22e1dbeeba8beb758c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] @@ -3797,9 +3882,9 @@ dependencies = [ [[package]] name = "portable-atomic" -version = "1.9.0" +version = "1.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cc9c68a3f6da06753e9335d63e27f6b9754dd1920d941135b7ea8224f141adb2" +checksum = "280dc24453071f1b63954171985a0b0d30058d287960968b9b2aca264c8d4ee6" [[package]] name = "powerfmt" @@ -3823,7 +3908,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "64d1ec885c64d0457d564db4ec299b2dae3f9c02808b8ad9c3a089c591b18033" dependencies = [ "proc-macro2", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] @@ -3861,18 +3946,18 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.89" +version = "1.0.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f139b0662de085916d1fb67d2b4169d1addddda1919e696f3252b740b629986e" +checksum = "37d3544b3f2748c54e147655edb5025752e2303145b5aefb3c3ea2c78b973bb0" dependencies = [ "unicode-ident", ] [[package]] name = "prost" -version = "0.13.3" +version = "0.13.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b0487d90e047de87f984913713b85c601c05609aad5b0df4b4573fbf69aa13f" +checksum = "2c0fef6c4230e4ccf618a35c59d7ede15dea37de8427500f50aff708806e42ec" dependencies = [ "bytes", "prost-derive", @@ -3880,11 +3965,10 @@ dependencies = [ [[package]] name = "prost-build" -version = "0.13.3" +version = "0.13.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c1318b19085f08681016926435853bbf7858f9c082d0999b80550ff5d9abe15" +checksum = "d0f3e5beed80eb580c68e2c600937ac2c4eedabdfd5ef1e5b7ea4f3fba84497b" dependencies = [ - "bytes", "heck", "itertools", "log", @@ -3895,28 +3979,28 @@ dependencies = [ "prost", "prost-types", "regex", - "syn 2.0.87", + "syn 2.0.90", "tempfile", ] [[package]] name = "prost-derive" -version = "0.13.3" +version = "0.13.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e9552f850d5f0964a4e4d0bf306459ac29323ddfbae05e35a7c0d35cb0803cc5" +checksum = "157c5a9d7ea5c2ed2d9fb8f495b64759f7816c7eaea54ba3978f0d63000162e3" dependencies = [ "anyhow", "itertools", "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] name = "prost-types" -version = "0.13.3" +version = "0.13.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4759aa0d3a6232fb8dbdb97b61de2c20047c68aca932c7ed76da9d788508d670" +checksum = "cc2f1e56baa61e93533aebc21af4d2134b70f66275e0fcdf3cbe43d77ff7e8fc" dependencies = [ "prost", ] @@ -3947,10 +4031,10 @@ dependencies = [ "pin-project-lite", "quinn-proto", "quinn-udp", - "rustc-hash 2.0.0", - "rustls 0.23.17", + "rustc-hash 2.1.0", + "rustls 0.23.20", "socket2", - "thiserror 2.0.3", + "thiserror 2.0.7", "tokio", "tracing", ] @@ -3965,11 +4049,11 @@ dependencies = [ "getrandom", "rand", "ring", - "rustc-hash 2.0.0", - "rustls 0.23.17", + "rustc-hash 2.1.0", + "rustls 0.23.20", "rustls-pki-types", "slab", - "thiserror 2.0.3", + "thiserror 2.0.7", "tinyvec", "tracing", "web-time", @@ -4057,9 +4141,9 @@ dependencies = [ [[package]] name = "redox_syscall" -version = "0.5.7" +version = "0.5.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9b6dfecf2c74bce2466cabf93f6664d6998a69eb21e39f4207930065b27b771f" +checksum = "03a862b389f93e68874fbf580b9de08dd02facb9a788ebadaf4a3fd33cf58834" dependencies = [ "bitflags 2.6.0", ] @@ -4085,7 +4169,7 @@ dependencies = [ "base64 0.22.1", "cfg-if", "chrono", - "clap 4.5.21", + "clap 4.5.23", "config", "env_logger 0.10.2", "log", @@ -4179,7 +4263,7 @@ dependencies = [ "h2 0.3.26", "http 0.2.12", "http-body 0.4.6", - "hyper 0.14.31", + "hyper 0.14.32", "hyper-rustls 0.24.2", "hyper-tls 0.5.0", "ipnet", @@ -4221,10 +4305,10 @@ dependencies = [ "cookie_store", "futures-core", "futures-util", - "http 1.1.0", + "http 1.2.0", "http-body 1.0.1", "http-body-util", - "hyper 1.5.1", + "hyper 1.5.2", "hyper-rustls 0.27.3", "hyper-tls 0.6.0", "hyper-util", @@ -4237,7 +4321,7 @@ dependencies = [ "percent-encoding", "pin-project-lite", "quinn", - "rustls 0.23.17", + "rustls 0.23.20", "rustls-pemfile 2.2.0", "rustls-pki-types", "serde", @@ -4246,13 +4330,13 @@ dependencies = [ "sync_wrapper 1.0.2", "tokio", "tokio-native-tls", - "tokio-rustls 0.26.0", + "tokio-rustls 0.26.1", "tower-service", "url", "wasm-bindgen", "wasm-bindgen-futures", "web-sys", - "webpki-roots 0.26.6", + "webpki-roots 0.26.7", "windows-registry", ] @@ -4267,6 +4351,17 @@ dependencies = [ "url", ] +[[package]] +name = "resource_uri" +version = "0.1.0" +source = "git+https://github.com/Xynnn007/guest-components.git?rev=ff56818#ff5681809df12e0e94c9d4a60f168f69d7f3e6e0" +dependencies = [ + "anyhow", + "serde", + "serde_json", + "url", +] + [[package]] name = "rfc6979" version = "0.4.0" @@ -4305,9 +4400,9 @@ dependencies = [ [[package]] name = "rsa" -version = "0.9.6" +version = "0.9.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5d0e5124fcb30e76a7e79bfee683a2746db83784b86289f6251b54b7950a0dfc" +checksum = "47c75d7c5c6b673e58bf54d8544a9f432e3a925b0e80f7cd3602ab5c50c55519" dependencies = [ "const-oid", "digest", @@ -4349,7 +4444,7 @@ dependencies = [ "regex", "relative-path", "rustc_version", - "syn 2.0.87", + "syn 2.0.90", "unicode-ident", ] @@ -4377,9 +4472,9 @@ checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" [[package]] name = "rustc-hash" -version = "2.0.0" +version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "583034fd73374156e66797ed8e5b0d5690409c9226b22d87cb7f19821c05d152" +checksum = "c7fb8039b3032c191086b10f11f319a6e99e1e82889c5cc6046f515c9db1d497" [[package]] name = "rustc_version" @@ -4401,15 +4496,15 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.41" +version = "0.38.42" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7f649912bc1495e167a6edee79151c84b1bad49748cb4f1f1167f459f6224f6" +checksum = "f93dc38ecbab2eb790ff964bb77fa94faf256fd3e73285fd7ba0903b76bedb85" dependencies = [ "bitflags 2.6.0", "errno", "libc", "linux-raw-sys", - "windows-sys 0.52.0", + "windows-sys 0.59.0", ] [[package]] @@ -4426,9 +4521,9 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.17" +version = "0.23.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f1a745511c54ba6d4465e8d5dfbd81b45791756de28d4981af70d6dca128f1e" +checksum = "5065c3f250cbd332cd894be57c40fa52387247659b14a2d6041d121547903b1b" dependencies = [ "log", "once_cell", @@ -4459,9 +4554,9 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "1.10.0" +version = "1.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "16f1201b3c9a7ee8039bcadc17b7e605e2945b27eee7631788c1bd2b0643674b" +checksum = "d2bf47e6ff922db3825eb750c4e2ff784c6ff8fb9e13046ef6a1d1c5401b0b37" dependencies = [ "web-time", ] @@ -4542,9 +4637,9 @@ dependencies = [ [[package]] name = "scc" -version = "2.2.5" +version = "2.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "66b202022bb57c049555430e11fc22fea12909276a80a4c3d368da36ac1d88ed" +checksum = "94b13f8ea6177672c49d12ed964cca44836f59621981b04a3e26b87e675181de" dependencies = [ "sdd", ] @@ -4575,7 +4670,7 @@ checksum = "d2ee4885492bb655bfa05d039cd9163eb8fe9f79ddebf00ca23a1637510c2fd2" dependencies = [ "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] @@ -4610,7 +4705,7 @@ checksum = "1db149f81d46d2deba7cd3c50772474707729550221e69588478ebf9ada425ae" dependencies = [ "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] @@ -4621,7 +4716,7 @@ checksum = "7f81c2fde025af7e69b1d1420531c8a8811ca898919db177141a85313b1cb932" dependencies = [ "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] @@ -4636,9 +4731,9 @@ dependencies = [ [[package]] name = "sdd" -version = "3.0.4" +version = "3.0.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49c1eeaf4b6a87c7479688c6d52b9f1153cedd3c489300564f932b065c6eab95" +checksum = "478f121bb72bbf63c52c93011ea1791dca40140dfe13f8336c4c5ac952c33aa9" [[package]] name = "sec1" @@ -4688,9 +4783,9 @@ dependencies = [ [[package]] name = "semver" -version = "1.0.23" +version = "1.0.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" +checksum = "3cb6eb87a131f756572d7fb904f6e7b68633f09cca868c5df1c4b8d1a694bbba" [[package]] name = "serde" @@ -4727,7 +4822,7 @@ checksum = "46f859dbbf73865c6627ed570e78961cd3ac92407a2d117204c49232485da55e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] @@ -4736,6 +4831,7 @@ version = "1.0.133" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c7fceb2473b9166b2294ef05efcb65a3db80803f0b03ef86a5fc88a2b85ee377" dependencies = [ + "indexmap 2.7.0", "itoa", "memchr", "ryu", @@ -4823,30 +4919,6 @@ dependencies = [ "syn 1.0.109", ] -[[package]] -name = "sev" -version = "3.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35156eab65ff1b63432b5a11a06b770e92120033e2831c7dee064865de5dbbbd" -dependencies = [ - "base64 0.22.1", - "bincode", - "bitfield 0.15.0", - "bitflags 1.3.2", - "byteorder", - "codicon", - "dirs", - "hex", - "iocuddle", - "lazy_static", - "libc", - "serde", - "serde-big-array", - "serde_bytes", - "static_assertions", - "uuid", -] - [[package]] name = "sev" version = "4.0.0" @@ -4998,9 +5070,9 @@ checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" [[package]] name = "socket2" -version = "0.5.7" +version = "0.5.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ce305eb0b4296696835b71df73eb912e0f1ffd2556a501fcede6e0c50349191c" +checksum = "c970269d99b64e60ec3bd6ad27270092a5394c4e309314b18ae3fe575695fbe8" dependencies = [ "libc", "windows-sys 0.52.0", @@ -5071,7 +5143,7 @@ dependencies = [ "proc-macro2", "quote", "rustversion", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] @@ -5082,9 +5154,9 @@ checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "superboring" -version = "0.1.3" +version = "0.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cee25cd9d145d2c1ef92a52720376eeb510c8870dfa0f84edb371901ec6a12ca" +checksum = "515cce34a781d7250b8a65706e0f2a5b99236ea605cb235d4baed6685820478f" dependencies = [ "getrandom", "hmac-sha256", @@ -5106,9 +5178,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.87" +version = "2.0.90" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25aa4ce346d03a6dcd68dd8b4010bcb74e54e62c90c573f394c46eae99aba32d" +checksum = "919d3b74a5dd0ccd15aeb8f93e7006bd9e14c295087c9896a110f490752bcf31" dependencies = [ "proc-macro2", "quote", @@ -5150,7 +5222,7 @@ checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971" dependencies = [ "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] @@ -5247,11 +5319,11 @@ dependencies = [ [[package]] name = "thiserror" -version = "2.0.3" +version = "2.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c006c85c7651b3cf2ada4584faa36773bd07bac24acfb39f3c431b36d7e667aa" +checksum = "93605438cbd668185516ab499d589afb7ee1859ea3d5fc8f6b0755e1c7443767" dependencies = [ - "thiserror-impl 2.0.3", + "thiserror-impl 2.0.7", ] [[package]] @@ -5262,18 +5334,18 @@ checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1" dependencies = [ "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] name = "thiserror-impl" -version = "2.0.3" +version = "2.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f077553d607adc1caf65430528a576c757a71ed73944b66ebb58ef2bbd243568" +checksum = "e1d8749b4531af2117677a5fcd12b1348a3fe2b81e36e61ffeac5c4aa3273e36" dependencies = [ "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] @@ -5288,9 +5360,9 @@ dependencies = [ [[package]] name = "time" -version = "0.3.36" +version = "0.3.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5dfd88e563464686c916c7e46e623e520ddc6d79fa6641390f2e3fa86e83e885" +checksum = "35e7868883861bd0e56d9ac6efcaaca0d6d5d82a2a7ec8209ff492c07cf37b21" dependencies = [ "deranged", "itoa", @@ -5311,9 +5383,9 @@ checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3" [[package]] name = "time-macros" -version = "0.2.18" +version = "0.2.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3f252a68540fde3a3877aeea552b832b40ab9a69e318efd078774a01ddee1ccf" +checksum = "2834e6017e3e5e4b9834939793b282bc03b37a3336245fa820e35e233e2a85de" dependencies = [ "num-conv", "time-core", @@ -5346,9 +5418,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.41.1" +version = "1.42.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "22cfb5bee7a6a52939ca9224d6ac897bb669134078daa8735560897f69de4d33" +checksum = "5cec9b21b0450273377fc97bd4c33a8acffc8c996c987a7c5b319a0083707551" dependencies = [ "backtrace", "bytes", @@ -5370,7 +5442,7 @@ checksum = "693d596312e88961bc67d7f1f97af8a70227d9f90c31bba5806eec004978d752" dependencies = [ "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] @@ -5406,20 +5478,19 @@ dependencies = [ [[package]] name = "tokio-rustls" -version = "0.26.0" +version = "0.26.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c7bc40d0e5a97695bb96e27995cd3a08538541b0a846f65bba7a359f36700d4" +checksum = "5f6d0975eaace0cf0fcadee4e4aaa5da15b5c079146f2cffb67c113be122bf37" dependencies = [ - "rustls 0.23.17", - "rustls-pki-types", + "rustls 0.23.20", "tokio", ] [[package]] name = "tokio-stream" -version = "0.1.16" +version = "0.1.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4f4e6ce100d0eb49a2734f8c0812bcd324cf357d21810932c5df6b96ef2b86f1" +checksum = "eca58d7bba4a75707817a2c44174253f9236b2d5fbd055602e9d5c07c139a047" dependencies = [ "futures-core", "pin-project-lite", @@ -5428,9 +5499,9 @@ dependencies = [ [[package]] name = "tokio-util" -version = "0.7.12" +version = "0.7.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61e7c3654c13bcd040d4a03abee2c75b1d14a37b423cf5a813ceae1cc903ec6a" +checksum = "d7fcaa8d55a2bdd6b83ace262b016eca0d79ee02818c5c1bcdf0305114081078" dependencies = [ "bytes", "futures-core", @@ -5475,7 +5546,7 @@ version = "0.22.22" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4ae48d6208a266e853d946088ed816055e556cc6028c5e8e2b84d9fa5dd7c7f5" dependencies = [ - "indexmap 2.6.0", + "indexmap 2.7.0", "serde", "serde_spanned", "toml_datetime", @@ -5494,10 +5565,10 @@ dependencies = [ "base64 0.22.1", "bytes", "h2 0.4.7", - "http 1.1.0", + "http 1.2.0", "http-body 1.0.1", "http-body-util", - "hyper 1.5.1", + "hyper 1.5.2", "hyper-timeout", "hyper-util", "percent-encoding", @@ -5523,7 +5594,7 @@ dependencies = [ "prost-build", "prost-types", "quote", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] @@ -5548,14 +5619,14 @@ dependencies = [ [[package]] name = "tower" -version = "0.5.1" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2873938d487c3cfb9aed7546dc9f2711d867c9f90c46b889989a2cb84eba6b4f" +checksum = "d039ad9159c98b70ecfd540b2573b97f7f52c3e8d9f8ad57a24b916a536975f9" dependencies = [ "futures-core", "futures-util", "pin-project-lite", - "sync_wrapper 0.1.2", + "sync_wrapper 1.0.2", "tower-layer", "tower-service", ] @@ -5574,9 +5645,9 @@ checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3" [[package]] name = "tracing" -version = "0.1.40" +version = "0.1.41" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef" +checksum = "784e0ac535deb450455cbfa28a6f0df145ea1bb7ae51b821cf5e7927fdcfbdd0" dependencies = [ "log", "pin-project-lite", @@ -5592,14 +5663,14 @@ checksum = "395ae124c09f9e6918a2310af6038fba074bcf474ac352496d5910dd59a2226d" dependencies = [ "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] name = "tracing-core" -version = "0.1.32" +version = "0.1.33" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c06d3da6113f116aaee68e4d601191614c9053067f9ab7f6edbcb161237daa54" +checksum = "e672c95779cf947c5311f83787af4fa8fffd12fb27e4993211a84bdfd9610f9c" dependencies = [ "once_cell", "valuable", @@ -5618,9 +5689,9 @@ dependencies = [ [[package]] name = "tracing-subscriber" -version = "0.3.18" +version = "0.3.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ad0f048c97dbd9faa9b7df56362b8ebcaa52adb06b498c050d2f4e32f90a7a8b" +checksum = "e8189decb5ac0fa7bc8b96b7cb9b2701d60d48805aca84a238004d665fcc4008" dependencies = [ "nu-ansi-term", "sharded-slab", @@ -5638,9 +5709,9 @@ checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b" [[package]] name = "tss-esapi" -version = "7.5.1" +version = "7.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a9ba6594ded739cb539f8ffcd3713f6c21d4525c47314bbc6de15c0cd251aedf" +checksum = "78ea9ccde878b029392ac97b5be1f470173d06ea41d18ad0bb3c92794c16a0f2" dependencies = [ "bitfield 0.14.0", "enumflags2", @@ -5757,26 +5828,26 @@ checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" [[package]] name = "ureq" -version = "2.10.1" +version = "2.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b74fc6b57825be3373f7054754755f03ac3a8f5d70015ccad699ba2029956f4a" +checksum = "02d1a66277ed75f640d608235660df48c8e3c19f3b4edb6a263315626cc3c01d" dependencies = [ "base64 0.22.1", "log", "once_cell", - "rustls 0.23.17", + "rustls 0.23.20", "rustls-pki-types", "serde", "serde_json", "url", - "webpki-roots 0.26.6", + "webpki-roots 0.26.7", ] [[package]] name = "url" -version = "2.5.3" +version = "2.5.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8d157f1b96d14500ffdc1f10ba712e780825526c03d9a49b4d0324b0d9113ada" +checksum = "32f8b686cadd1473f4bd0117a5d28d36b1ade384ea9b5069a1c40aefed7fda60" dependencies = [ "form_urlencoded", "idna", @@ -5867,7 +5938,7 @@ dependencies = [ "intel-tee-quote-verification-rs", "jsonwebkey", "jsonwebtoken", - "kbs-types", + "kbs-types 0.9.1", "log", "openssl", "reqwest 0.12.9", @@ -5878,11 +5949,11 @@ dependencies = [ "serde_json", "serde_with", "serial_test", - "sev 4.0.0", + "sev", "sha2", "shadow-rs", "strum", - "thiserror 2.0.3", + "thiserror 2.0.7", "tokio", "tonic-build", "veraison-apiclient", @@ -5931,9 +6002,9 @@ dependencies = [ [[package]] name = "wasm-bindgen" -version = "0.2.95" +version = "0.2.99" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "128d1e363af62632b8eb57219c8fd7877144af57558fb2ef0368d0087bddeb2e" +checksum = "a474f6281d1d70c17ae7aa6a613c87fce69a127e2624002df63dcb39d6cf6396" dependencies = [ "cfg-if", "once_cell", @@ -5942,36 +6013,36 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.95" +version = "0.2.99" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cb6dd4d3ca0ddffd1dd1c9c04f94b868c37ff5fac97c30b97cff2d74fce3a358" +checksum = "5f89bb38646b4f81674e8f5c3fb81b562be1fd936d84320f3264486418519c79" dependencies = [ "bumpalo", "log", - "once_cell", "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-futures" -version = "0.4.45" +version = "0.4.49" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cc7ec4f8827a71586374db3e87abdb5a2bb3a15afed140221307c3ec06b1f63b" +checksum = "38176d9b44ea84e9184eff0bc34cc167ed044f816accfe5922e54d84cf48eca2" dependencies = [ "cfg-if", "js-sys", + "once_cell", "wasm-bindgen", "web-sys", ] [[package]] name = "wasm-bindgen-macro" -version = "0.2.95" +version = "0.2.99" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e79384be7f8f5a9dd5d7167216f022090cf1f9ec128e6e6a482a2cb5c5422c56" +checksum = "2cc6181fd9a7492eef6fef1f33961e3695e4579b9872a6f7c83aee556666d4fe" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -5979,28 +6050,28 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.95" +version = "0.2.99" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26c6ab57572f7a24a4985830b120de1594465e5d500f24afe89e16b4e833ef68" +checksum = "30d7a95b763d3c45903ed6c81f156801839e5ee968bb07e534c44df0fcd330c2" dependencies = [ "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", "wasm-bindgen-backend", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-shared" -version = "0.2.95" +version = "0.2.99" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "65fc09f10666a9f147042251e0dda9c18f166ff7de300607007e96bdebc1068d" +checksum = "943aab3fdaaa029a6e0271b35ea10b72b943135afe9bffca82384098ad0e06a6" [[package]] name = "web-sys" -version = "0.3.72" +version = "0.3.76" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f6488b90108c040df0fe62fa815cbdee25124641df01814dd7282749234c6112" +checksum = "04dd7223427d52553d3702c004d3b2fe07c148165faa56313cb00211e31c12bc" dependencies = [ "js-sys", "wasm-bindgen", @@ -6024,9 +6095,9 @@ checksum = "5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1" [[package]] name = "webpki-roots" -version = "0.26.6" +version = "0.26.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "841c67bff177718f1d4dfefde8d8f0e78f9b6589319ba88312f567fc5841a958" +checksum = "5d642ff16b7e79272ae451b7322067cdc17cadf68c23264be9d94a32319efe7e" dependencies = [ "rustls-pki-types", ] @@ -6065,7 +6136,7 @@ version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb" dependencies = [ - "windows-sys 0.48.0", + "windows-sys 0.59.0", ] [[package]] @@ -6336,9 +6407,9 @@ checksum = "e17bb3549cc1321ae1296b9cdc2698e2b6cb1992adfa19a8c72e5b7a738f44cd" [[package]] name = "yoke" -version = "0.7.4" +version = "0.7.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c5b1314b079b0930c31e3af543d8ee1757b1951ae1e1565ec704403a7240ca5" +checksum = "120e6aef9aa629e3d4f52dc8cc43a015c7724194c97dfaf45180d2daf2b77f40" dependencies = [ "serde", "stable_deref_trait", @@ -6348,13 +6419,13 @@ dependencies = [ [[package]] name = "yoke-derive" -version = "0.7.4" +version = "0.7.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "28cc31741b18cb6f1d5ff12f5b7523e3d6eb0852bbbad19d73905511d9849b95" +checksum = "2380878cad4ac9aac1e2435f3eb4020e8374b5f13c296cb75b4620ff8e229154" dependencies = [ "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", "synstructure 0.13.1", ] @@ -6376,27 +6447,27 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] name = "zerofrom" -version = "0.1.4" +version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "91ec111ce797d0e0784a1116d0ddcdbea84322cd79e5d5ad173daeba4f93ab55" +checksum = "cff3ee08c995dee1859d998dea82f7374f2826091dd9cd47def953cae446cd2e" dependencies = [ "zerofrom-derive", ] [[package]] name = "zerofrom-derive" -version = "0.1.4" +version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ea7b4a3637ea8669cedf0f1fd5c286a17f3de97b8dd5a70a6c167a1730e63a5" +checksum = "595eed982f7d355beb85837f651fa22e90b3c044842dc7f2c2842c086f295808" dependencies = [ "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", "synstructure 0.13.1", ] @@ -6417,7 +6488,7 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] @@ -6439,7 +6510,7 @@ checksum = "6eafa6dfb17584ea3e2bd6e76e0cc15ad7af12b09abdd1ca55961bed9b1063c6" dependencies = [ "proc-macro2", "quote", - "syn 2.0.87", + "syn 2.0.90", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index 9c5db45fc..9873d8353 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -32,11 +32,12 @@ hex = "0.4.3" jwt-simple = { version = "0.12", default-features = false, features = [ "pure-rust", ] } -kbs_protocol = { git = "https://github.com/confidential-containers/guest-components.git", rev = "e6999a3c0fd877dae9e68ea78b8b483062db32b8", default-features = false } -kbs-types = "0.7.0" +kbs_protocol = { git = "https://github.com/Xynnn007/guest-components.git", rev = "ff56818", default-features = false } +kbs-types = { git = "https://github.com/Xynnn007/kbs-types.git", rev = "f56c565" } kms = { git = "https://github.com/confidential-containers/guest-components.git", rev = "e6999a3c0fd877dae9e68ea78b8b483062db32b8", default-features = false } jsonwebtoken = { version = "9", default-features = false } log = "0.4.17" +p256 = "0.13.2" prost = "0.13" regorus = { version = "0.2.6", default-features = false, features = [ "regex", diff --git a/kbs/Cargo.toml b/kbs/Cargo.toml index 663dcc03a..7753cbebc 100644 --- a/kbs/Cargo.toml +++ b/kbs/Cargo.toml @@ -37,12 +37,14 @@ pkcs11 = ["cryptoki"] actix-web = { workspace = true, features = ["openssl"] } actix-web-httpauth.workspace = true aes-gcm = "0.10.1" +aes-kw = "0.2.1" anyhow.workspace = true async-trait.workspace = true base64.workspace = true cfg-if.workspace = true clap = { workspace = true, features = ["derive", "env"] } config.workspace = true +concat-kdf = "0.1.0" cryptoki = { version = "0.7.0", optional = true } env_logger.workspace = true jsonwebtoken = { workspace = true, default-features = false } @@ -52,6 +54,7 @@ kms = { workspace = true, default-features = false } lazy_static = "1.4.0" log.workspace = true mobc = { version = "0.8.5", optional = true } +p256 = { workspace = true, features = ["ecdh"] } prost = { workspace = true, optional = true } rand = "0.8.5" regex = "1.11.1" @@ -83,6 +86,7 @@ attestation-service = { path = "../attestation-service", default-features = fals ], optional = true } [dev-dependencies] +josekit = "0.10.0" tempfile.workspace = true rstest.workspace = true diff --git a/kbs/docs/kbs_attestation_protocol.md b/kbs/docs/kbs_attestation_protocol.md index 8a77e84b8..f2f49454f 100644 --- a/kbs/docs/kbs_attestation_protocol.md +++ b/kbs/docs/kbs_attestation_protocol.md @@ -191,6 +191,7 @@ payload that follows the [JSON Web Encryption](https://www.rfc-editor.org/rfc/rf { "protected": "$jose_header", "encrypted_key": "$encrypted_key", + "aad": "$aad", "iv": "$iv", "ciphertext": "$ciphertext", "tag": "$tag" @@ -204,6 +205,7 @@ The above JWE JSON fields are defined as follows: let jose_header_string = format!(r#"{{"alg": "{}","enc": "{}"}}"#, alg, enc); let jose_header = base64_url::encode(&jose_header_string); let encrypted_key = base64_url::encode(enc_kbs_symkey); +let aad = base64_url::encode(additional_authenticated_data); let iv = base64_url::encode(initialization_vector); let ciphertext = base64_url::encode(response_output); @@ -212,13 +214,13 @@ tag = base64_url::encode(authentication_tag); ``` -- `alg` +- `protected.alg` Algorithm used to encrypt the encryption key at `encrypted_key`. Since the key is encrypted using the HW-TEE public key, `alg` must be the same value as described in the [`Attestation`](#attestation)'s `tee-pubkey` field. -- `enc` +- `protected.enc` Encryption algorithm used to encrypt the output of the KBS service API. @@ -227,6 +229,12 @@ Encryption algorithm used to encrypt the output of the KBS service API. The output of the KBS service API. It must be encrypted with the KBS-generated ephemeral key. +- `aad` (Required if AEAD is used) + +An input to an AEAD operation that is integrity protected but not encrypted. +Due to [JSON Web Encryption](https://www.rfc-editor.org/rfc/rfc7516), AAD field +should be calculated by `ASCII(BASE64URL(UTF8(JWE Protected Header)))` + - `iv` The input to a cryptographic primitive is used to provide the initial state. @@ -239,6 +247,11 @@ The encrypted symmetric key is used to encrypt `ciphertext`. This key is encrypted with the HW-TEE's public key, using the algorithm defined in `alg`. +- `tag` + +The authentication tag is used to authenticate the ciphertext. If the algorithm +described by `enc` used does not need it, this field is left blank. + ## Key Format ### Public Key diff --git a/kbs/src/attestation/backend.rs b/kbs/src/attestation/backend.rs index 6e130d0e8..d76374371 100644 --- a/kbs/src/attestation/backend.rs +++ b/kbs/src/attestation/backend.rs @@ -25,8 +25,8 @@ use super::{ }; static KBS_MAJOR_VERSION: u64 = 0; -static KBS_MINOR_VERSION: u64 = 1; -static KBS_PATCH_VERSION: u64 = 1; +static KBS_MINOR_VERSION: u64 = 2; +static KBS_PATCH_VERSION: u64 = 0; lazy_static! { static ref VERSION_REQ: VersionReq = { diff --git a/kbs/src/attestation/session.rs b/kbs/src/attestation/session.rs index 22cde081f..ef3b9ec14 100644 --- a/kbs/src/attestation/session.rs +++ b/kbs/src/attestation/session.rs @@ -80,7 +80,7 @@ impl SessionStatus { impl_member!(timeout, OffsetDateTime); pub fn is_expired(&self) -> bool { - return *self.timeout() < OffsetDateTime::now_utc(); + *self.timeout() < OffsetDateTime::now_utc() } pub fn attest(&mut self, token: String) { diff --git a/kbs/src/jwe.rs b/kbs/src/jwe.rs index 44e68d1b1..0e282b90e 100644 --- a/kbs/src/jwe.rs +++ b/kbs/src/jwe.rs @@ -2,34 +2,112 @@ // Licensed under the Apache License, Version 2.0, see LICENSE for details. // SPDX-License-Identifier: Apache-2.0 -use aes_gcm::{aead::Aead, Aes256Gcm, KeyInit, Nonce}; +use core::{clone::Clone, convert::TryInto}; + +use aes_gcm::{ + aead::{generic_array::GenericArray, AeadMutInPlace}, + Aes256Gcm, KeyInit, Nonce, +}; +use aes_kw::{Kek, KekAes256}; use anyhow::{anyhow, bail, Context, Result}; use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine}; -use kbs_types::{Response, TeePubKey}; +use kbs_types::{ProtectedHeader, Response, TeePubKey}; +use log::warn; +use p256::{ + ecdh::EphemeralSecret, elliptic_curve::sec1::FromEncodedPoint, EncodedPoint, PublicKey, +}; use rand::{rngs::OsRng, Rng}; -use rsa::{BigUint, Pkcs1v15Encrypt, RsaPublicKey}; -use serde_json::json; +use rsa::{sha2::Sha256, BigUint, Oaep, Pkcs1v15Encrypt, RsaPublicKey}; +use serde_json::{json, Map}; + +/// RSA PKCS#1 v1.5 +const RSA1_5_ALGORITHM: &str = "RSA1_5"; + +/// RSAES OAEP using SHA-256 and MGF1 with SHA-256 +const RSA_OAEP256_ALGORITHM: &str = "RSA-OAEP-256"; + +/// ECDH-ES using Concat KDF and CEK wrapped with "A256KW" +const ECDH_ES_A256KW: &str = "ECDH-ES+A256KW"; + +/// The elliptic curve key type +const EC_KTY: &str = "EC"; + +/// The elliptic curve name of p256. +const P256_CURVE: &str = "P-256"; -const RSA_ALGORITHM: &str = "RSA1_5"; +/// AES 256 GCM const AES_GCM_256_ALGORITHM: &str = "A256GCM"; -pub fn jwe(tee_pub_key: TeePubKey, payload_data: Vec) -> Result { - let TeePubKey::RSA { alg, k_mod, k_exp } = tee_pub_key else { - bail!("Only RSA key is support for TEE pub key") +/// AES 256 GCM Key length in bits +const AES_GCM_256_KEY_BITS: u32 = 256; + +/// Use RSAv1.5 to encrypt the payload data. +/// Warning: This algorithm is deprecated per +/// +#[deprecated(note = "This algorithm is no longer recommended.")] +fn rsa_1v15(k_mod: String, k_exp: String, mut payload_data: Vec) -> Result { + warn!("Get JWE request using deprecated kcs#1 v1.5 encryption, which has potential security issues."); + let mut rng = rand::thread_rng(); + + let aes_sym_key = Aes256Gcm::generate_key(&mut OsRng); + let mut cipher = Aes256Gcm::new(&aes_sym_key); + let iv = rng.gen::<[u8; 12]>(); + let nonce = Nonce::from_slice(&iv); + let protected = ProtectedHeader { + alg: RSA1_5_ALGORITHM.to_string(), + enc: AES_GCM_256_ALGORITHM.to_string(), + other_fields: Map::new(), }; - if alg != *RSA_ALGORITHM { - bail!("algorithm is not {RSA_ALGORITHM} but {alg}"); - } + let aad = protected.generate_aad().context("Generate JWE AAD")?; + + let tag = cipher + .encrypt_in_place_detached(nonce, &aad, &mut payload_data) + .map_err(|e| anyhow!("AES encrypt Resource payload failed: {e}"))?; + let k_mod = URL_SAFE_NO_PAD + .decode(k_mod) + .context("base64 decode k_mod failed")?; + let n = BigUint::from_bytes_be(&k_mod); + let k_exp = URL_SAFE_NO_PAD + .decode(k_exp) + .context("base64 decode k_exp failed")?; + let e = BigUint::from_bytes_be(&k_exp); + + let rsa_pub_key = + RsaPublicKey::new(n, e).context("Building RSA key from modulus and exponent failed")?; + let encrypted_key = rsa_pub_key + .encrypt(&mut rng, Pkcs1v15Encrypt, aes_sym_key.as_slice()) + .context("RSA encrypt sym key failed")?; + + Ok(Response { + protected, + encrypted_key, + iv: iv.into(), + ciphertext: payload_data, + aad: None, + tag: tag.to_vec(), + }) +} + +/// Use RSA-OAEP SHA-256 to encrypt the payload data. +fn rsa_oaep256(k_mod: String, k_exp: String, mut payload_data: Vec) -> Result { let mut rng = rand::thread_rng(); let aes_sym_key = Aes256Gcm::generate_key(&mut OsRng); - let cipher = Aes256Gcm::new(&aes_sym_key); + let mut cipher = Aes256Gcm::new(&aes_sym_key); let iv = rng.gen::<[u8; 12]>(); let nonce = Nonce::from_slice(&iv); - let encrypted_payload_data = cipher - .encrypt(nonce, payload_data.as_slice()) + let protected = ProtectedHeader { + alg: RSA_OAEP256_ALGORITHM.to_string(), + enc: AES_GCM_256_ALGORITHM.to_string(), + other_fields: Map::new(), + }; + + let aad = protected.generate_aad().context("Generate JWE AAD")?; + + let tag = cipher + .encrypt_in_place_detached(nonce, &aad, &mut payload_data) .map_err(|e| anyhow!("AES encrypt Resource payload failed: {e}"))?; let k_mod = URL_SAFE_NO_PAD @@ -43,23 +121,277 @@ pub fn jwe(tee_pub_key: TeePubKey, payload_data: Vec) -> Result { let rsa_pub_key = RsaPublicKey::new(n, e).context("Building RSA key from modulus and exponent failed")?; - let sym_key: &[u8] = aes_sym_key.as_slice(); - let wrapped_sym_key = rsa_pub_key - .encrypt(&mut rng, Pkcs1v15Encrypt, sym_key) + let padding = Oaep::new::(); + let encrypted_key = rsa_pub_key + .encrypt(&mut rng, padding, aes_sym_key.as_slice()) .context("RSA encrypt sym key failed")?; - let protected_header = json!( - { - "alg": RSA_ALGORITHM.to_string(), - "enc": AES_GCM_256_ALGORITHM.to_string(), - }); + Ok(Response { + protected, + encrypted_key, + iv: iv.into(), + ciphertext: payload_data, + aad: None, + tag: tag.to_vec(), + }) +} + +/// Use ECDH-ES-A256KW to encrypt the payload data. The EC curve is P256. +fn ecdh_es_a256kw_p256(x: String, y: String, mut payload_data: Vec) -> Result { + let mut rng = rand::thread_rng(); + + // 1. Generate a random CEK + let cek = Aes256Gcm::generate_key(&mut rng); + + // 2. Wrap the CEK and generate ProtectedHeader + let x: [u8; 32] = URL_SAFE_NO_PAD + .decode(x) + .context("base64 decode x failed")? + .try_into() + .map_err(|_| anyhow!("invalid bytes length of coordinates X"))?; + let y: [u8; 32] = URL_SAFE_NO_PAD + .decode(y) + .context("base64 decode y failed")? + .try_into() + .map_err(|_| anyhow!("invalid bytes length of coordinates Y"))?; + let client_point = EncodedPoint::from_affine_coordinates( + &GenericArray::from(x), + &GenericArray::from(y), + false, + ); + let public_key = PublicKey::from_encoded_point(&client_point) + .into_option() + .ok_or(anyhow!("invalid TEE public key"))?; + let encrypter_secret = EphemeralSecret::random(&mut rng); + let z = encrypter_secret + .diffie_hellman(&public_key) + .raw_secret_bytes() + .to_vec(); + let mut key_derivation_materials = Vec::new(); + key_derivation_materials.extend_from_slice(&(ECDH_ES_A256KW.len() as u32).to_be_bytes()); + key_derivation_materials.extend_from_slice(ECDH_ES_A256KW.as_bytes()); + key_derivation_materials.extend_from_slice(&(0_u32).to_be_bytes()); + key_derivation_materials.extend_from_slice(&(0_u32).to_be_bytes()); + key_derivation_materials.extend_from_slice(&AES_GCM_256_KEY_BITS.to_be_bytes()); + let mut wrapping_key = vec![0; 32]; + concat_kdf::derive_key_into::( + &z, + &key_derivation_materials, + &mut wrapping_key, + ) + .map_err(|e| anyhow!("failed to do concat KDF: {e:?}"))?; + let wrapping_key: [u8; 32] = wrapping_key + .try_into() + .map_err(|_| anyhow!("invalid bytes length of AES wrapping key"))?; + let wrapping_key: KekAes256 = Kek::new(&GenericArray::from(wrapping_key)); + let mut encrypted_key = vec![0; 40]; + encrypted_key.resize(40, 0); + let cek = cek.to_vec(); + wrapping_key + .wrap(&cek, &mut encrypted_key) + .map_err(|e| anyhow!("failed to do AES wrapping: {e:?}"))?; + + let point = EncodedPoint::from(encrypter_secret.public_key()); + let epk_x = point + .x() + .ok_or(anyhow!("invalid public key: without coordicate X"))?; + let epk_y = point + .y() + .ok_or(anyhow!("invalid public key: without coordicate Y"))?; + let epk_x = URL_SAFE_NO_PAD.encode(epk_x); + let epk_y = URL_SAFE_NO_PAD.encode(epk_y); + let protected = ProtectedHeader { + alg: ECDH_ES_A256KW.to_string(), + enc: AES_GCM_256_ALGORITHM.to_string(), + other_fields: json!({ + "epk": { + "crv": P256_CURVE, + "kty": EC_KTY, + "x": epk_x, + "y": epk_y + } + }) + .as_object() + .unwrap() + .clone(), + }; + + // 3. Encrypt content with CEK + let mut cek_cipher = Aes256Gcm::new(GenericArray::from_slice(&cek)); + + let iv = rand::thread_rng().gen::<[u8; 12]>(); + let nonce = Nonce::from_slice(&iv); + let aad = protected.generate_aad().context("Generate JWE AAD")?; + + let tag = cek_cipher + .encrypt_in_place_detached(nonce, &aad, &mut payload_data) + .map_err(|e| anyhow!("AES encrypt Resource payload failed: {e}"))?; Ok(Response { - protected: serde_json::to_string(&protected_header) - .context("serde protected_header failed")?, - encrypted_key: URL_SAFE_NO_PAD.encode(wrapped_sym_key), - iv: URL_SAFE_NO_PAD.encode(iv), - ciphertext: URL_SAFE_NO_PAD.encode(encrypted_payload_data), - tag: "".to_string(), + protected, + encrypted_key, + iv: iv.into(), + ciphertext: payload_data, + aad: None, + tag: tag.to_vec(), }) } + +pub fn jwe(tee_pub_key: TeePubKey, payload_data: Vec) -> Result { + match tee_pub_key { + TeePubKey::RSA { alg, k_mod, k_exp } => match &alg[..] { + #[allow(deprecated)] + RSA1_5_ALGORITHM => rsa_1v15(k_mod, k_exp, payload_data), + RSA_OAEP256_ALGORITHM => rsa_oaep256(k_mod, k_exp, payload_data), + others => bail!("algorithm {others} is not supported"), + }, + TeePubKey::EC { crv, alg, x, y } => match (&crv[..], &alg[..]) { + (P256_CURVE, ECDH_ES_A256KW) => ecdh_es_a256kw_p256(x, y, payload_data), + (crv, alg) => bail!("curve {crv} and algorithm {alg} is not supported"), + }, + } +} + +#[cfg(test)] +mod tests { + use core::assert_eq; + + use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine}; + use josekit::jwe::{ + alg::{ecdh_es::EcdhEsJweAlgorithm::EcdhEsA256kw, rsaes::RsaesJweAlgorithm::RsaOaep256}, + JweContext, JweHeader, JweHeaderSet, + }; + use kbs_types::TeePubKey; + use openssl::rsa::Rsa; + use p256::{pkcs8::EncodePrivateKey, EncodedPoint, SecretKey}; + + use crate::jwe::{ + AES_GCM_256_ALGORITHM, ECDH_ES_A256KW, P256_CURVE, RSA1_5_ALGORITHM, RSA_OAEP256_ALGORITHM, + }; + + use super::jwe; + + #[allow(deprecated)] + #[test] + fn jwe_rsav15_compatibility() { + let test_data = b"this is a test data"; + + // Generate a 4096-bit RSA key pair + let rsa_key = Rsa::generate(4096).unwrap(); + let k_mod = URL_SAFE_NO_PAD.encode(rsa_key.n().to_vec()); + let k_exp = URL_SAFE_NO_PAD.encode(rsa_key.e().to_vec()); + let tee_key = TeePubKey::RSA { + alg: RSA1_5_ALGORITHM.into(), + k_mod, + k_exp, + }; + + // Generate a JWE response + let response = jwe(tee_key, test_data.to_vec()).unwrap(); + let response_string = serde_json::to_string(&response).unwrap(); + + // Decrypt with josekit crate + let decrypter = josekit::jwe::alg::rsaes::RsaesJweAlgorithm::Rsa1_5 + .decrypter_from_pem(rsa_key.private_key_to_pem().unwrap()) + .unwrap(); + let mut header = JweHeader::new(); + header.set_token_type("JWT"); + header.set_content_encryption(AES_GCM_256_ALGORITHM); + let context = JweContext::new(); + let (decrypted_data, header) = context + .deserialize_json(&response_string, &decrypter) + .unwrap(); + assert_eq!(decrypted_data, test_data); + + let mut jwe_header = JweHeader::new(); + jwe_header + .set_claim("alg", Some(RSA1_5_ALGORITHM.into())) + .unwrap(); + jwe_header + .set_claim("enc", Some(AES_GCM_256_ALGORITHM.into())) + .unwrap(); + assert_eq!(header, jwe_header); + } + + #[test] + fn jwe_rsa_oaep_compatibility() { + let test_data = b"this is a test data"; + + // Generate a 4096-bit RSA key pair + let rsa_key = Rsa::generate(4096).unwrap(); + let k_mod = URL_SAFE_NO_PAD.encode(rsa_key.n().to_vec()); + let k_exp = URL_SAFE_NO_PAD.encode(rsa_key.e().to_vec()); + let tee_key = TeePubKey::RSA { + alg: RSA_OAEP256_ALGORITHM.into(), + k_mod, + k_exp, + }; + + // Generate a JWE response + let response = jwe(tee_key, test_data.to_vec()).unwrap(); + let response_string = serde_json::to_string(&response).unwrap(); + + // Decrypt with josekit crate + let decrypter = RsaOaep256 + .decrypter_from_pem(rsa_key.private_key_to_pem().unwrap()) + .unwrap(); + let mut header = JweHeader::new(); + header.set_token_type("JWT"); + header.set_content_encryption(AES_GCM_256_ALGORITHM); + let context = JweContext::new(); + let (decrypted_data, header) = context + .deserialize_json(&response_string, &decrypter) + .unwrap(); + assert_eq!(decrypted_data, test_data); + + let mut jwe_header = JweHeader::new(); + jwe_header + .set_claim("alg", Some(RSA_OAEP256_ALGORITHM.into())) + .unwrap(); + jwe_header + .set_claim("enc", Some(AES_GCM_256_ALGORITHM.into())) + .unwrap(); + assert_eq!(header, jwe_header); + } + + #[test] + fn jwe_ec_compatibility() { + let test_data = b"this is a test data"; + + // Generate a EC key pair + let mut rng = rand::thread_rng(); + let private_key = SecretKey::random(&mut rng); + let point = EncodedPoint::from(private_key.public_key()); + let x = point.x().unwrap(); + let y = point.y().unwrap(); + let x = URL_SAFE_NO_PAD.encode(x); + let y = URL_SAFE_NO_PAD.encode(y); + + let tee_key = TeePubKey::EC { + crv: P256_CURVE.into(), + alg: ECDH_ES_A256KW.into(), + x, + y, + }; + + // Generate a JWE response + let response = jwe(tee_key, test_data.to_vec()).unwrap(); + let response_string = serde_json::to_string(&response).unwrap(); + + let mut header = JweHeaderSet::new(); + header.set_algorithm("ECDH-ES+A256KW", true); + header.set_content_encryption("A256GCM", true); + + // Decrypt JWE with JOSEkit crate + let private_key = private_key + .to_pkcs8_pem(rsa::pkcs8::LineEnding::LF) + .unwrap(); + let decrypter = EcdhEsA256kw.decrypter_from_pem(&private_key).unwrap(); + + let context = JweContext::new(); + let (decrypted_data, _) = context + .deserialize_json(&response_string, &decrypter) + .unwrap(); + assert_eq!(decrypted_data, test_data); + } +} diff --git a/rvps/src/extractors/mod.rs b/rvps/src/extractors/mod.rs index 04677692e..ea6c764d1 100644 --- a/rvps/src/extractors/mod.rs +++ b/rvps/src/extractors/mod.rs @@ -22,7 +22,7 @@ use super::{Message, ReferenceValue}; /// reference value (degest, s.t. hash value and name of the artifact) /// from the provenance. If the verification fails, no reference value /// will be extracted. - +/// /// `Extractors` defines the interfaces of Extractors. pub trait Extractors { /// Process the message, e.g. verifying