diff --git a/Cargo.lock b/Cargo.lock index 5491e7e..7cf5e8e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -205,7 +205,7 @@ checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" [[package]] name = "azure_cvm" -version = "1.6.1" +version = "1.6.2" dependencies = [ "base64 0.22.1", "bincode", @@ -628,7 +628,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e9b3460f44bea8cd47f45a0c70892f1eff856d97cd55358b2f73f663789f6190" dependencies = [ "ct-codecs", - "getrandom 0.2.15", + "getrandom", ] [[package]] @@ -831,22 +831,10 @@ dependencies = [ "cfg-if", "js-sys", "libc", - "wasi 0.11.0+wasi-snapshot-preview1", + "wasi", "wasm-bindgen", ] -[[package]] -name = "getrandom" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "43a49c392881ce6d5c3b8cb70f98717b7c07aabbdff06687b9030dbfbe2725f8" -dependencies = [ - "cfg-if", - "libc", - "wasi 0.13.3+wasi-0.2.2", - "windows-targets 0.52.6", -] - [[package]] name = "gimli" version = "0.28.1" @@ -1417,7 +1405,7 @@ checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94" [[package]] name = "maa_client" -version = "1.6.1" +version = "1.6.2" dependencies = [ "base64 0.22.1", "hex", @@ -1501,7 +1489,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2886843bf800fba2e3377cff24abf6379b4c4d5c6681eaf9ea5b0d15090450bd" dependencies = [ "libc", - "wasi 0.11.0+wasi-snapshot-preview1", + "wasi", "windows-sys 0.52.0", ] @@ -1688,7 +1676,7 @@ dependencies = [ [[package]] name = "pccs_client" -version = "1.6.1" +version = "1.6.2" dependencies = [ "hex", "reqwest", @@ -1857,7 +1845,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a2fe5ef3495d7d2e377ff17b1a8ce2ee2ec2a18cde8b6ad6619d65d0701c135d" dependencies = [ "bytes", - "getrandom 0.2.15", + "getrandom", "rand", "ring", "rustc-hash 2.1.1", @@ -1920,12 +1908,12 @@ version = "0.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" dependencies = [ - "getrandom 0.2.15", + "getrandom", ] [[package]] name = "ratls" -version = "1.6.1" +version = "1.6.2" dependencies = [ "const-oid", "der", @@ -1947,7 +1935,7 @@ version = "0.4.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bd283d9651eeda4b2a83a43c1c91b266c40fd76ecd39a50a8c630ae69dc72891" dependencies = [ - "getrandom 0.2.15", + "getrandom", "libredox", "thiserror 1.0.60", ] @@ -2058,7 +2046,7 @@ checksum = "a4689e6c2294d81e88dc6261c768b63bc4fcdb852be6d1352498b114f61383b7" dependencies = [ "cc", "cfg-if", - "getrandom 0.2.15", + "getrandom", "libc", "untrusted", "windows-sys 0.52.0", @@ -2317,7 +2305,7 @@ dependencies = [ [[package]] name = "sev_quote" -version = "1.6.1" +version = "1.6.2" dependencies = [ "asn1-rs", "bincode", @@ -2331,13 +2319,12 @@ dependencies = [ "sev", "sha2", "thiserror 2.0.12", - "uuid", "x509-parser", ] [[package]] name = "sgx_pck_extension" -version = "1.6.1" +version = "1.6.2" dependencies = [ "asn1", "asn1-rs", @@ -2347,7 +2334,7 @@ dependencies = [ [[package]] name = "sgx_quote" -version = "1.6.1" +version = "1.6.2" dependencies = [ "chrono", "env_logger 0.11.3", @@ -2494,7 +2481,7 @@ version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fbde97f499e51ef384f585dc8f8fb6a9c3a71b274b8d12469b516758e6540607" dependencies = [ - "getrandom 0.2.15", + "getrandom", "hmac-sha256", "hmac-sha512", "rand", @@ -2556,7 +2543,7 @@ dependencies = [ [[package]] name = "tdx_quote" -version = "1.6.1" +version = "1.6.2" dependencies = [ "env_logger 0.11.3", "hex", @@ -2575,7 +2562,7 @@ dependencies = [ [[package]] name = "tee_attestation" -version = "1.6.1" +version = "1.6.2" dependencies = [ "azure_cvm", "env_logger 0.11.3", @@ -2810,7 +2797,7 @@ checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3" [[package]] name = "tpm_quote" -version = "1.6.1" +version = "1.6.2" dependencies = [ "env_logger 0.11.3", "hex", @@ -2886,7 +2873,7 @@ checksum = "78ea9ccde878b029392ac97b5be1f470173d06ea41d18ad0bb3c92794c16a0f2" dependencies = [ "bitfield 0.14.0", "enumflags2", - "getrandom 0.2.15", + "getrandom", "hostname-validator", "log", "mbox", @@ -2976,7 +2963,6 @@ version = "1.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "458f7a779bf54acc9f347480ac654f68407d3aab21269a6e3c9f922acd9e2da9" dependencies = [ - "getrandom 0.3.1", "serde", ] @@ -3013,22 +2999,13 @@ version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" -[[package]] -name = "wasi" -version = "0.13.3+wasi-0.2.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26816d2e1a4a36a2940b96c5296ce403917633dff8f3440e9b236ed6f6bacad2" -dependencies = [ - "wit-bindgen-rt", -] - [[package]] name = "wasix" version = "0.12.21" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c1fbb4ef9bbca0c1170e0b00dd28abc9e3b68669821600cad1caaed606583c6d" dependencies = [ - "wasi 0.11.0+wasi-snapshot-preview1", + "wasi", ] [[package]] @@ -3420,15 +3397,6 @@ version = "0.53.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "271414315aff87387382ec3d271b52d7ae78726f5d44ac98b4f4030c91880486" -[[package]] -name = "wit-bindgen-rt" -version = "0.33.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3268f3d866458b787f390cf61f4bbb563b922d091359f9608842999eaee3943c" -dependencies = [ - "bitflags 2.5.0", -] - [[package]] name = "write16" version = "1.0.0" diff --git a/Cargo.toml b/Cargo.toml index fd3d58c..4474432 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -14,7 +14,7 @@ members = [ ] [workspace.package] -version = "1.6.1" +version = "1.6.2" edition = "2021" license = "BUSL-1.1" # "Business Source License 1.1" license-file = "LICENSE" diff --git a/crate/sev_quote/Cargo.toml b/crate/sev_quote/Cargo.toml index 336c9a8..4e46aa9 100644 --- a/crate/sev_quote/Cargo.toml +++ b/crate/sev_quote/Cargo.toml @@ -26,7 +26,6 @@ sev = { workspace = true, features = [ ] } sha2 = { workspace = true } thiserror = { workspace = true } -uuid = { version = "1.16", features = ["serde", "v4"] } x509-parser = { workspace = true } [dev-dependencies] diff --git a/crate/sev_quote/data/report-vlek-aws.bin b/crate/sev_quote/data/report-vlek-aws.bin index 521ceea..b20f6b1 100644 Binary files a/crate/sev_quote/data/report-vlek-aws.bin and b/crate/sev_quote/data/report-vlek-aws.bin differ diff --git a/crate/sev_quote/src/quote.rs b/crate/sev_quote/src/quote.rs index 604b932..0af5c9b 100644 --- a/crate/sev_quote/src/quote.rs +++ b/crate/sev_quote/src/quote.rs @@ -25,19 +25,11 @@ use sev::{ firmware::host::CertType, }; -use uuid::Uuid; use x509_parser::{self, pem::parse_x509_pem}; #[cfg(target_os = "linux")] use crate::REPORT_DATA_SIZE; -const AWS_VLEK_TYPE: Uuid = Uuid::from_fields( - 0xa807_4bc2, - 0xa25a, - 0x483e, - &[0xaa, 0xe6, 0x39, 0xc0, 0x45, 0xa0, 0xb8, 0xa1], -); - const SEV_PROD_NAME: SevProdName = SevProdName::Milan; const KDS_CERT_SITE: &str = "https://kdsintf.amd.com"; @@ -117,7 +109,7 @@ pub fn verify_quote(quote: &Quote, policy: &SevQuoteVerificationPolicy) -> Resul let vlek = quote .certs .iter() - .find(|item| item.cert_type == CertType::OTHER(AWS_VLEK_TYPE)); + .find(|item| item.cert_type == CertType::VLEK); let ark = quote .certs .iter() @@ -219,8 +211,8 @@ mod tests { verify_quote( "e, &SevQuoteVerificationPolicy { - measurement: Some(hex::decode("c2c84b9364fc9f0f54b04534768c860c6e0e386ad98b96e8b98eca46ac8971d05c531ba48373f054c880cfd1f4a0a84e").unwrap().try_into().unwrap()), - report_data: Some(hex::decode("0d155251f139f682dc4ea2798feceed7c475461c8faecf7496401500956624540000000000000000000000000000000000000000000000000000000000000000").unwrap().try_into().unwrap()) , + measurement: Some(hex::decode("ac3e4d8516634a5e0180338175cc827c90061414bd699b5af30712caa291fa34ed06cc622792bc1177126bd115a826ba").unwrap().try_into().unwrap()), + report_data: Some(hex::decode("00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000").unwrap().try_into().unwrap()) , ..Default::default() } )