From 1d562ce875d730274668bcc83976bafae387a076 Mon Sep 17 00:00:00 2001 From: Thibaud Genty Date: Fri, 29 Mar 2024 08:28:21 +0100 Subject: [PATCH 1/2] Update SEV dep and other deps --- Cargo.lock | 555 ++++++++++++++++--------------- Cargo.toml | 13 +- crate/maa_client/Cargo.toml | 4 +- crate/sev_quote/Cargo.toml | 6 +- crate/sev_quote/src/quote.rs | 8 +- crate/sev_quote/src/verify.rs | 4 +- crate/sgx_quote/Cargo.toml | 4 +- crate/tdx_quote/Cargo.toml | 6 +- crate/tee_attestation/Cargo.toml | 4 +- crate/tpm_quote/Cargo.toml | 2 +- 10 files changed, 306 insertions(+), 300 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 716dc79..bca2f11 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -41,6 +41,54 @@ dependencies = [ "libc", ] +[[package]] +name = "anstream" +version = "0.6.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d96bd03f33fe50a863e394ee9718a706f988b9079b20c3784fb726e7678b62fb" +dependencies = [ + "anstyle", + "anstyle-parse", + "anstyle-query", + "anstyle-wincon", + "colorchoice", + "utf8parse", +] + +[[package]] +name = "anstyle" +version = "1.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8901269c6307e8d93993578286ac0edf7f195079ffff5ebdeea6a59ffb7e36bc" + +[[package]] +name = "anstyle-parse" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c75ac65da39e5fe5ab759307499ddad880d724eed2f6ce5b5e8a26f4f387928c" +dependencies = [ + "utf8parse", +] + +[[package]] +name = "anstyle-query" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e28923312444cdd728e4738b3f9c9cac739500909bb3d3c94b43551b16517648" +dependencies = [ + "windows-sys 0.52.0", +] + +[[package]] +name = "anstyle-wincon" +version = "3.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1cd54b81ec8d6180e24654d0b371ad22fc3dd083b6ff8ba325b72e00c87660a7" +dependencies = [ + "anstyle", + "windows-sys 0.52.0", +] + [[package]] name = "anyhow" version = "1.0.79" @@ -70,18 +118,18 @@ checksum = "96d30a06541fbafbc7f82ed10c06164cfbd2c401138f6addd8404629c4b16711" [[package]] name = "asn1" -version = "0.15.5" +version = "0.16.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae3ecbce89a22627b5e8e6e11d69715617138290289e385cde773b1fe50befdb" +checksum = "889adc8fd6c1344619926529e605cccad1f832b3a2a5a3fe6d7c8557c8f05368" dependencies = [ "asn1_derive", ] [[package]] name = "asn1-rs" -version = "0.5.2" +version = "0.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f6fd5ddaf0351dff5b8da21b2fb4ff8e08ddd02857f0bf69c47639106c0fff0" +checksum = "22ad1373757efa0f70ec53939aabc7152e1591cb485208052993070ac8d2429d" dependencies = [ "asn1-rs-derive", "asn1-rs-impl", @@ -95,36 +143,36 @@ dependencies = [ [[package]] name = "asn1-rs-derive" -version = "0.4.0" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "726535892e8eae7e70657b4c8ea93d26b8553afb1ce617caee529ef96d7dee6c" +checksum = "7378575ff571966e99a744addeff0bff98b8ada0dedf1956d59e634db95eaac1" dependencies = [ "proc-macro2", "quote", - "syn 1.0.109", + "syn", "synstructure", ] [[package]] name = "asn1-rs-impl" -version = "0.1.0" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2777730b2039ac0f95f093556e61b6d26cebed5393ca6f152717777cec3a42ed" +checksum = "7b18050c2cd6fe86c3a76584ef5e0baf286d038cda203eb6223df2cc413565f7" dependencies = [ "proc-macro2", "quote", - "syn 1.0.109", + "syn", ] [[package]] name = "asn1_derive" -version = "0.15.5" +version = "0.16.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "861af988fac460ac69a09f41e6217a8fb9178797b76fcc9478444be6a59be19c" +checksum = "e2271cec9b830009b9c3b9e21767083c553f51f996b690c476c27f541199aa99" dependencies = [ "proc-macro2", "quote", - "syn 2.0.48", + "syn", ] [[package]] @@ -168,6 +216,12 @@ version = "0.21.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c79fed4cdb43e993fcdadc7e58a09fd0e3e649c4436fa11da71c9f1f3ee7feb9" +[[package]] +name = "base64" +version = "0.22.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9475866fec1451be56a3c2400fd081ff546538961565ccb5b7142cbd22bc7a51" + [[package]] name = "base64ct" version = "1.6.0" @@ -200,7 +254,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.48", + "syn", ] [[package]] @@ -320,6 +374,12 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" +[[package]] +name = "cfg_aliases" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fd16c4719339c4530435d38e511904438d07cce7950afa3718a84ac36c10e89e" + [[package]] name = "chrono" version = "0.4.31" @@ -371,6 +431,12 @@ version = "3.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "12170080f3533d6f09a19f81596f836854d0fa4867dc32c8172b8474b4e9de61" +[[package]] +name = "colorchoice" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "acbf1af155f9b9ef647e42cdc158db4b64a1b61f743629225fde6f3e0be2a7c7" + [[package]] name = "const-oid" version = "0.9.6" @@ -383,16 +449,6 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f7144d30dcf0fafbce74250a3963025d8d52177934239851c917d29f1df280c2" -[[package]] -name = "core-foundation" -version = "0.9.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f" -dependencies = [ - "core-foundation-sys", - "libc", -] - [[package]] name = "core-foundation-sys" version = "0.8.6" @@ -457,9 +513,9 @@ dependencies = [ [[package]] name = "der-parser" -version = "8.2.0" +version = "9.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dbd676fbbab537128ef0278adb5576cf363cff6aa22a7b24effe97347cfab61e" +checksum = "5cd0a5c643689626bec213c4d8bd4d96acc8ffdb4ad4bb6bc16abf27d5f4b553" dependencies = [ "asn1-rs", "displaydoc", @@ -477,7 +533,7 @@ checksum = "5fe87ce4529967e0ba1dcf8450bab64d97dfd5010a6256187ffe2e43e6f0e049" dependencies = [ "proc-macro2", "quote", - "syn 2.0.48", + "syn", ] [[package]] @@ -530,7 +586,7 @@ checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d" dependencies = [ "proc-macro2", "quote", - "syn 2.0.48", + "syn", ] [[package]] @@ -579,15 +635,6 @@ dependencies = [ "zeroize", ] -[[package]] -name = "encoding_rs" -version = "0.8.33" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7268b386296a025e474d5140678f75d6de9493ae55a5d709eeb9dd08149945e1" -dependencies = [ - "cfg-if", -] - [[package]] name = "enumflags2" version = "0.7.8" @@ -605,7 +652,17 @@ checksum = "f95e2801cd355d4a1a3e3953ce6ee5ae9603a5c833455343a8bfe3f44d418246" dependencies = [ "proc-macro2", "quote", - "syn 2.0.48", + "syn", +] + +[[package]] +name = "env_filter" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a009aa4810eb158359dda09d0c87378e4bbb89b5a801f016885a4707ba24f7ea" +dependencies = [ + "log", + "regex", ] [[package]] @@ -614,11 +671,20 @@ version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "95b3f3e67048839cb0d0781f445682a35113da7121f7c949db0e2be96a4fbece" dependencies = [ + "log", +] + +[[package]] +name = "env_logger" +version = "0.11.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "38b35839ba51819680ba087cd351788c9a3c476841207e0b8cee0b04722343b9" +dependencies = [ + "anstream", + "anstyle", + "env_filter", "humantime", - "is-terminal", "log", - "regex", - "termcolor", ] [[package]] @@ -627,16 +693,6 @@ version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" -[[package]] -name = "errno" -version = "0.3.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245" -dependencies = [ - "libc", - "windows-sys 0.52.0", -] - [[package]] name = "ff" version = "0.13.0" @@ -686,7 +742,7 @@ checksum = "1a5c6c585bc94aaf2c7b51dd4c2ba22680844aba4c687be581871a6f518c5742" dependencies = [ "proc-macro2", "quote", - "syn 2.0.48", + "syn", ] [[package]] @@ -733,6 +789,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "eac8f7d7865dcb88bd4373ab671c8cf4508703796caa2b1985a9ca867b3fcb78" dependencies = [ "futures-core", + "futures-sink", ] [[package]] @@ -767,6 +824,7 @@ checksum = "3d6401deb83407ab3da39eba7e33987a73c3df0c82b4bb5813ee871c19c41d48" dependencies = [ "futures-core", "futures-io", + "futures-sink", "futures-task", "memchr", "pin-project-lite", @@ -821,25 +879,6 @@ dependencies = [ "subtle", ] -[[package]] -name = "h2" -version = "0.3.23" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b553656127a00601c8ae5590fcfdc118e4083a7924b6cf4ffc1ea4b99dc429d7" -dependencies = [ - "bytes", - "fnv", - "futures-core", - "futures-sink", - "futures-util", - "http", - "indexmap", - "slab", - "tokio", - "tokio-util", - "tracing", -] - [[package]] name = "hashbrown" version = "0.14.3" @@ -911,9 +950,9 @@ checksum = "f558a64ac9af88b5ba400d99b579451af0d39c6d360980045b91aac966d705e2" [[package]] name = "http" -version = "0.2.11" +version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8947b1a6fad4393052c7ba1f4cd97bed3e953a95c79c92ad9b051a04611d9fbb" +checksum = "21b9ddb458710bc376481b842f5da65cdf31522de232c1ca8146abce2a358258" dependencies = [ "bytes", "fnv", @@ -922,12 +961,24 @@ dependencies = [ [[package]] name = "http-body" -version = "0.4.6" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1cac85db508abc24a2e48553ba12a996e87244a0395ce011e62b37158745d643" +dependencies = [ + "bytes", + "http", +] + +[[package]] +name = "http-body-util" +version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ceab25649e9960c0311ea418d17bee82c0dcec1bd053b5f9a66e265a693bed2" +checksum = "0475f8b2ac86659c21b64320d5d653f9efe42acd2a4e560073ec61a155a34f1d" dependencies = [ "bytes", + "futures-core", "http", + "http-body", "pin-project-lite", ] @@ -937,12 +988,6 @@ version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d897f394bad6a705d5f4104762e116a75639e470d80901eed05a860a95cb1904" -[[package]] -name = "httpdate" -version = "1.0.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" - [[package]] name = "humantime" version = "2.1.0" @@ -951,40 +996,58 @@ checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" [[package]] name = "hyper" -version = "0.14.28" +version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bf96e135eb83a2a8ddf766e426a841d8ddd7449d5f00d34ea02b41d2f19eef80" +checksum = "186548d73ac615b32a73aafe38fb4f56c0d340e110e5a200bcadbaf2e199263a" dependencies = [ "bytes", "futures-channel", - "futures-core", "futures-util", - "h2", "http", "http-body", "httparse", - "httpdate", "itoa", "pin-project-lite", - "socket2", + "smallvec 1.13.2", "tokio", - "tower-service", - "tracing", "want", ] [[package]] name = "hyper-rustls" -version = "0.24.2" +version = "0.26.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ec3efd23720e2049821a693cbc7e65ea87c72f1c58ff2f9522ff332b1491e590" +checksum = "a0bea761b46ae2b24eb4aef630d8d1c398157b6fc29e6350ecf090a0b70c952c" dependencies = [ "futures-util", "http", "hyper", + "hyper-util", "rustls", + "rustls-pki-types", "tokio", "tokio-rustls", + "tower-service", +] + +[[package]] +name = "hyper-util" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ca38ef113da30126bbff9cd1705f9273e15d45498615d138b0c20279ac7a76aa" +dependencies = [ + "bytes", + "futures-channel", + "futures-util", + "http", + "http-body", + "hyper", + "pin-project-lite", + "socket2", + "tokio", + "tower", + "tower-service", + "tracing", ] [[package]] @@ -1042,17 +1105,6 @@ version = "2.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8f518f335dce6725a761382244631d86cf0ccb2863413590b31338feb467f9c3" -[[package]] -name = "is-terminal" -version = "0.4.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0bad00257d07be169d870ab665980b06cdb366d792ad690bf2e76876dc503455" -dependencies = [ - "hermit-abi", - "rustix", - "windows-sys 0.52.0", -] - [[package]] name = "itoa" version = "1.0.10" @@ -1177,9 +1229,9 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" [[package]] name = "libc" -version = "0.2.152" +version = "0.2.153" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "13e3bf6590cbc649f4d1a3eefc9d5d6eb746f5200ffb04e5e142700b8faa56e7" +checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd" [[package]] name = "libloading" @@ -1208,23 +1260,17 @@ dependencies = [ "redox_syscall", ] -[[package]] -name = "linux-raw-sys" -version = "0.4.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c4cd1a83af159aa67994778be9070f0ae1bd732942279cabb14f86f986a21456" - [[package]] name = "log" -version = "0.4.20" +version = "0.4.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" +checksum = "90ed8c1e510134f979dbc4f070f87d4313098b704861a105fe34231c70a3901c" [[package]] name = "maa_client" version = "0.1.0" dependencies = [ - "base64", + "base64 0.22.0", "hex", "jose-jwk", "jose-jws", @@ -1303,12 +1349,13 @@ dependencies = [ [[package]] name = "nix" -version = "0.27.1" +version = "0.28.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2eb04e9c688eff1c89d72b407f168cf79bb9e867a9d3323ed6c01519eb9cc053" +checksum = "ab2156c4fce2f8df6c499cc1c763e4394b7482525bf2a9701c9d79d215f519e4" dependencies = [ "bitflags 2.4.1", "cfg-if", + "cfg_aliases", "libc", ] @@ -1352,7 +1399,7 @@ dependencies = [ "num-iter", "num-traits", "rand", - "smallvec 1.11.2", + "smallvec 1.13.2", "zeroize", ] @@ -1364,7 +1411,7 @@ checksum = "cfb77679af88f8b125209d354a202862602672222e7f2313fdd6dc349bad4712" dependencies = [ "proc-macro2", "quote", - "syn 2.0.48", + "syn", ] [[package]] @@ -1428,9 +1475,9 @@ dependencies = [ [[package]] name = "oid-registry" -version = "0.6.1" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9bedf36ffb6ba96c2eb7144ef6270557b52e54b20c0a8e1eb2ff99a6c6959bff" +checksum = "1c958dd45046245b9c3c2547369bb634eb461670b2e7e0de552905801a648d1d" dependencies = [ "asn1-rs", ] @@ -1464,7 +1511,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.48", + "syn", ] [[package]] @@ -1580,13 +1627,33 @@ version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2c5f20f71a68499ff32310f418a6fad8816eac1a2859ed3f0c5c741389dd6208" dependencies = [ - "base64", + "base64 0.21.6", "oid", "picky-asn1", "picky-asn1-der", "serde", ] +[[package]] +name = "pin-project" +version = "1.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6bf43b791c5b9e34c3d182969b4abb522f9343702850a2e57f460d00d09b4b3" +dependencies = [ + "pin-project-internal", +] + +[[package]] +name = "pin-project-internal" +version = "1.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "pin-project-lite" version = "0.2.13" @@ -1779,20 +1846,21 @@ checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" [[package]] name = "reqwest" -version = "0.11.23" +version = "0.12.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "37b1ae8d9ac08420c66222fb9096fc5de435c3c48542bc5336c51892cffafb41" +checksum = "2d66674f2b6fb864665eea7a3c1ac4e3dfacd2fda83cf6f935a612e01b0e3338" dependencies = [ - "base64", + "base64 0.21.6", "bytes", - "encoding_rs", + "futures-channel", "futures-core", "futures-util", - "h2", "http", "http-body", + "http-body-util", "hyper", "hyper-rustls", + "hyper-util", "ipnet", "js-sys", "log", @@ -1802,10 +1870,11 @@ dependencies = [ "pin-project-lite", "rustls", "rustls-pemfile", + "rustls-pki-types", "serde", "serde_json", "serde_urlencoded", - "system-configuration", + "sync_wrapper", "tokio", "tokio-rustls", "tower-service", @@ -1827,21 +1896,6 @@ dependencies = [ "subtle", ] -[[package]] -name = "ring" -version = "0.16.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" -dependencies = [ - "cc", - "libc", - "once_cell", - "spin 0.5.2", - "untrusted 0.7.1", - "web-sys", - "winapi", -] - [[package]] name = "ring" version = "0.17.7" @@ -1852,7 +1906,7 @@ dependencies = [ "getrandom", "libc", "spin 0.9.8", - "untrusted 0.9.0", + "untrusted", "windows-sys 0.48.0", ] @@ -1907,29 +1961,18 @@ dependencies = [ "nom", ] -[[package]] -name = "rustix" -version = "0.38.28" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72e572a5e8ca657d7366229cdde4bd14c4eb5499a9573d4d366fe1b599daa316" -dependencies = [ - "bitflags 2.4.1", - "errno", - "libc", - "linux-raw-sys", - "windows-sys 0.52.0", -] - [[package]] name = "rustls" -version = "0.21.10" +version = "0.22.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba" +checksum = "99008d7ad0bbbea527ec27bddbc0e432c5b87d8175178cee68d2eec9c4a1813c" dependencies = [ "log", - "ring 0.17.7", + "ring", + "rustls-pki-types", "rustls-webpki", - "sct", + "subtle", + "zeroize", ] [[package]] @@ -1938,17 +1981,24 @@ version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c" dependencies = [ - "base64", + "base64 0.21.6", ] +[[package]] +name = "rustls-pki-types" +version = "1.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ecd36cc4259e3e4514335c4a138c6b43171a8d61d8f5c9348f9fc7529416f247" + [[package]] name = "rustls-webpki" -version = "0.101.7" +version = "0.102.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" +checksum = "faaa0a62740bedb9b2ef5afa303da42764c012f743917351dc9a237ea1663610" dependencies = [ - "ring 0.17.7", - "untrusted 0.9.0", + "ring", + "rustls-pki-types", + "untrusted", ] [[package]] @@ -1959,32 +2009,22 @@ checksum = "f98d2aa92eebf49b69786be48e4477826b256916e84a57ff2a4f21923b48eb4c" [[package]] name = "scroll" -version = "0.11.0" +version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "04c565b551bafbef4157586fa379538366e4385d42082f255bfd96e4fe8519da" +checksum = "6ab8598aa408498679922eff7fa985c25d58a90771bd6be794434c5277eab1a6" dependencies = [ "scroll_derive", ] [[package]] name = "scroll_derive" -version = "0.11.1" +version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1db149f81d46d2deba7cd3c50772474707729550221e69588478ebf9ada425ae" +checksum = "7f81c2fde025af7e69b1d1420531c8a8811ca898919db177141a85313b1cb932" dependencies = [ "proc-macro2", "quote", - "syn 2.0.48", -] - -[[package]] -name = "sct" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" -dependencies = [ - "ring 0.17.7", - "untrusted 0.9.0", + "syn", ] [[package]] @@ -2065,7 +2105,7 @@ checksum = "33c85360c95e7d137454dc81d9a4ed2b8efd8fbe19cee57357b32b9771fccb67" dependencies = [ "proc-macro2", "quote", - "syn 2.0.48", + "syn", ] [[package]] @@ -2094,9 +2134,10 @@ dependencies = [ [[package]] name = "sev" -version = "2.0.2" -source = "git+https://github.com/virtee/sev?rev=6a176a5f6068d30ac629fe59c13634a55076e7ae#6a176a5f6068d30ac629fe59c13634a55076e7ae" +version = "3.1.1" +source = "git+https://github.com/virtee/sev?branch=main#fb28b1dffc5b52aad055cff810cae094cf66c8d9" dependencies = [ + "base64 0.22.0", "bincode", "bitfield 0.13.2", "bitflags 1.3.2", @@ -2121,7 +2162,7 @@ version = "0.2.0" dependencies = [ "asn1-rs", "bincode", - "env_logger", + "env_logger 0.11.3", "hex", "hkdf", "log", @@ -2150,7 +2191,7 @@ name = "sgx_quote" version = "0.2.1" dependencies = [ "chrono", - "env_logger", + "env_logger 0.11.3", "hex", "hkdf", "log", @@ -2234,9 +2275,9 @@ dependencies = [ [[package]] name = "smallvec" -version = "1.11.2" +version = "1.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4dccd0940a2dcdf68d092b8cbab7dc0ad8fa938bf95787e1b916b0e3d0e8e970" +checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" [[package]] name = "socket2" @@ -2303,9 +2344,9 @@ dependencies = [ [[package]] name = "syn" -version = "1.0.109" +version = "2.0.48" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" +checksum = "0f3531638e407dfc0814761abb7c00a5b54992b849452a0646b7f65c9f770f3f" dependencies = [ "proc-macro2", "quote", @@ -2313,47 +2354,20 @@ dependencies = [ ] [[package]] -name = "syn" -version = "2.0.48" +name = "sync_wrapper" +version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0f3531638e407dfc0814761abb7c00a5b54992b849452a0646b7f65c9f770f3f" -dependencies = [ - "proc-macro2", - "quote", - "unicode-ident", -] +checksum = "2047c6ded9c721764247e62cd3b03c09ffc529b2ba5b10ec482ae507a4a70160" [[package]] name = "synstructure" -version = "0.12.6" +version = "0.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f" +checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971" dependencies = [ "proc-macro2", "quote", - "syn 1.0.109", - "unicode-xid", -] - -[[package]] -name = "system-configuration" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba3a3adc5c275d719af8cb4272ea1c4a6d668a777f37e115f6d11ddbc1c8e0e7" -dependencies = [ - "bitflags 1.3.2", - "core-foundation", - "system-configuration-sys", -] - -[[package]] -name = "system-configuration-sys" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a75fb188eb626b924683e3b95e3a48e63551fcfb51949de2f06a9d91dbee93c9" -dependencies = [ - "core-foundation-sys", - "libc", + "syn", ] [[package]] @@ -2366,7 +2380,7 @@ checksum = "69758bda2e78f098e4ccb393021a0963bb3442eac05f135c30f61b7370bbafae" name = "tdx_quote" version = "0.1.1" dependencies = [ - "env_logger", + "env_logger 0.11.3", "hex", "log", "nix", @@ -2385,7 +2399,7 @@ name = "tee_attestation" version = "0.1.1" dependencies = [ "azure_sev_quote", - "env_logger", + "env_logger 0.11.3", "serde", "sev_quote", "sgx_quote", @@ -2394,22 +2408,13 @@ dependencies = [ "thiserror", ] -[[package]] -name = "termcolor" -version = "1.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "06794f8f6c5c898b3275aebefa6b8a1cb24cd2c6c79397ab15774837a0bc5755" -dependencies = [ - "winapi-util", -] - [[package]] name = "test-log" version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6159ab4116165c99fc88cce31f99fa2c9dbe08d3691cb38da02fc3b45f357d2b" dependencies = [ - "env_logger", + "env_logger 0.10.1", "test-log-macros", "tracing-subscriber", ] @@ -2422,7 +2427,7 @@ checksum = "7ba277e77219e9eea169e8508942db1bf5d8a41ff2db9b20aab5a5aadc9fa25d" dependencies = [ "proc-macro2", "quote", - "syn 2.0.48", + "syn", ] [[package]] @@ -2442,7 +2447,7 @@ checksum = "fa0faa943b50f3db30a20aa7e265dbc66076993efed8463e8de414e5d06d3471" dependencies = [ "proc-macro2", "quote", - "syn 2.0.48", + "syn", ] [[package]] @@ -2517,7 +2522,7 @@ checksum = "d8e00e3e7a54e0f1c8834ce72ed49c8487fbd3f801d8cfe1a0ad0640382f8e15" dependencies = [ "proc-macro2", "quote", - "syn 2.0.48", + "syn", ] [[package]] @@ -2538,28 +2543,37 @@ dependencies = [ [[package]] name = "tokio-rustls" -version = "0.24.1" +version = "0.25.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" +checksum = "775e0c0f0adb3a2f22a00c4745d728b479985fc15ee7ca6a2608388c5569860f" dependencies = [ "rustls", + "rustls-pki-types", "tokio", ] [[package]] -name = "tokio-util" -version = "0.7.10" +name = "tower" +version = "0.4.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5419f34732d9eb6ee4c3578b7989078579b7f039cbbb9ca2c4da015749371e15" +checksum = "b8fa9be0de6cf49e536ce1851f987bd21a43b771b09473c3549a6c853db37c1c" dependencies = [ - "bytes", "futures-core", - "futures-sink", + "futures-util", + "pin-project", "pin-project-lite", "tokio", + "tower-layer", + "tower-service", "tracing", ] +[[package]] +name = "tower-layer" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c20c8dbed6283a09604c3e69b4b7eeb54e298b8a600d4d5ecb5ad39de609f1d0" + [[package]] name = "tower-service" version = "0.3.2" @@ -2570,7 +2584,7 @@ checksum = "b6bc1c9ce2b5135ac7f93c72918fc37feb872bdc6a5533a8b85eb4b86bfdae52" name = "tpm_quote" version = "0.2.1" dependencies = [ - "env_logger", + "env_logger 0.11.3", "hex", "log", "p256", @@ -2588,6 +2602,7 @@ version = "0.1.40" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef" dependencies = [ + "log", "pin-project-lite", "tracing-core", ] @@ -2687,18 +2702,6 @@ dependencies = [ "tinyvec", ] -[[package]] -name = "unicode-xid" -version = "0.2.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c" - -[[package]] -name = "untrusted" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" - [[package]] name = "untrusted" version = "0.9.0" @@ -2722,11 +2725,17 @@ version = "2.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "daf8dba3b7eb870caf1ddeed7bc9d2a049f3cfdfae7cb521b087cc33ae4c49da" +[[package]] +name = "utf8parse" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a" + [[package]] name = "uuid" -version = "1.6.1" +version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5e395fcf16a7a3d8127ec99782007af141946b4795001f876d54fb0d55978560" +checksum = "a183cf7feeba97b4dd1c0d46788634f6221d87fa961b305bed08c851829efcc0" dependencies = [ "getrandom", "serde", @@ -2789,7 +2798,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.48", + "syn", "wasm-bindgen-shared", ] @@ -2823,7 +2832,7 @@ checksum = "f0eb82fcb7930ae6219a7ecfd55b217f5f0893484b7a13022ebb2b2bf20b5283" dependencies = [ "proc-macro2", "quote", - "syn 2.0.48", + "syn", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -2846,9 +2855,12 @@ dependencies = [ [[package]] name = "webpki-roots" -version = "0.25.4" +version = "0.26.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1" +checksum = "b3de34ae270483955a94f4b21bdaaeb83d508bb84a01435f393818edb0012009" +dependencies = [ + "rustls-pki-types", +] [[package]] name = "winapi" @@ -2866,15 +2878,6 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" -[[package]] -name = "winapi-util" -version = "0.1.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596" -dependencies = [ - "winapi", -] - [[package]] name = "winapi-x86_64-pc-windows-gnu" version = "0.4.0" @@ -3048,9 +3051,9 @@ dependencies = [ [[package]] name = "x509-parser" -version = "0.15.1" +version = "0.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7069fba5b66b9193bd2c5d3d4ff12b839118f6bcbef5328efafafb5395cf63da" +checksum = "fcbc162f30700d6f3f82a24bf7cc62ffe7caea42c0b2cba8bf7f3ae50cf51f69" dependencies = [ "asn1-rs", "data-encoding", @@ -3058,7 +3061,7 @@ dependencies = [ "lazy_static", "nom", "oid-registry", - "ring 0.16.20", + "ring", "rusticata-macros", "thiserror", "time", @@ -3082,5 +3085,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.48", + "syn", ] diff --git a/Cargo.toml b/Cargo.toml index f0dc7a4..32e9d4c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -15,11 +15,10 @@ members = [ [workspace.dependencies] -asn1-rs = "0.5" -asn1 = "0.15" +asn1-rs = "0.6" +asn1 = "0.16" bincode = "1.3" const-oid = "0.9" -curve25519-dalek = "3.2" der = { version = "0.7", features = ["alloc", "derive", "flagset", "oid"] } ecdsa = { version = "0.16", features = ["sha2", "spki"] } elliptic-curve = "0.13" @@ -27,7 +26,11 @@ hex = { version = "0.4", features = ["serde"] } hkdf = "0.12" log = "0.4" openssl = { version = "0.10", features = ["vendored"] } -reqwest = { version = "0.11", default-features = false, features = ["json", "rustls-tls", "blocking"] } +reqwest = { version = "0.12", default-features = false, features = [ + "json", + "rustls-tls", + "blocking", +] } rand = "0.8" rand_chacha = "0.3" rsa = "0.9" @@ -39,4 +42,4 @@ spki = "0.7" p256 = { version = "0.13", features = ["arithmetic", "pkcs8", "ecdsa-core"] } thiserror = "1.0" x509-cert = { version = "0.2", features = ["builder", "hazmat"] } -x509-parser = "0.15" +x509-parser = "0.16" diff --git a/crate/maa_client/Cargo.toml b/crate/maa_client/Cargo.toml index 214781f..a66ce6b 100644 --- a/crate/maa_client/Cargo.toml +++ b/crate/maa_client/Cargo.toml @@ -4,14 +4,14 @@ version = "0.1.0" edition = "2021" [dependencies] -base64 = "0.21" +base64 = "0.22" hex = { workspace = true } jose-jwk = { version = "0.1", features = ["rsa"] } jose-jws = "0.1" jwt-simple = "0.12" reqwest = { workspace = true } rsa = "0.9" -serde = {version = "1.0", features = ["derive"] } +serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" thiserror = { workspace = true } x509-cert = "0.2" diff --git a/crate/sev_quote/Cargo.toml b/crate/sev_quote/Cargo.toml index 9982c88..662606a 100644 --- a/crate/sev_quote/Cargo.toml +++ b/crate/sev_quote/Cargo.toml @@ -18,15 +18,15 @@ log = { workspace = true } reqwest = { workspace = true } serde = { workspace = true } serde-hex = { workspace = true } -sev = { git = "https://github.com/virtee/sev", rev = "6a176a5f6068d30ac629fe59c13634a55076e7ae", features = [ # TODO: update after releasing +sev = { git = "https://github.com/virtee/sev", branch = "main", features = [ "snp", "openssl", "sev", ] } sha2 = { workspace = true } thiserror = { workspace = true } -uuid = { version = "1.3", features = ["serde", "v4"] } +uuid = { version = "1.8", features = ["serde", "v4"] } x509-parser = { workspace = true } [dev-dependencies] -env_logger = "0.10" +env_logger = "0.11" diff --git a/crate/sev_quote/src/quote.rs b/crate/sev_quote/src/quote.rs index 57d9009..d55cc71 100644 --- a/crate/sev_quote/src/quote.rs +++ b/crate/sev_quote/src/quote.rs @@ -132,15 +132,15 @@ pub fn verify_quote(quote: &Quote, policy: &SevQuoteVerificationPolicy) -> Resul let chain = match (vlek, ark, ask, vcek) { (Some(vlek), _, _, _) => Ok(Chain { ca: bytes_to_chain(&fetch_amd_vlek_cert_chain(KDS_CERT_SITE, SEV_PROD_NAME)?)?, - vcek: Certificate::from_der(&vlek.data)?, + vek: Certificate::from_der(&vlek.data)?, }), (None, Some(ark), Some(ask), Some(vcek)) => Ok(Chain { ca: ca::Chain::from_der(&ark.data, &ask.data)?, - vcek: Certificate::from_der(&vcek.data)?, + vek: Certificate::from_der(&vcek.data)?, }), (None, None, None, None) => Ok(Chain { ca: bytes_to_chain(&fetch_amd_vcek_cert_chain(KDS_CERT_SITE, SEV_PROD_NAME)?)?, - vcek: Certificate::from_der(&fetch_vcek( + vek: Certificate::from_der(&fetch_vcek( KDS_CERT_SITE, SEV_PROD_NAME, "e.report.chip_id, @@ -162,7 +162,7 @@ pub fn verify_quote(quote: &Quote, policy: &SevQuoteVerificationPolicy) -> Resul let crl = fetch_revocation_list(KDS_CERT_SITE, SEV_PROD_NAME)?; verify_revocation_list(&chain, &crl)?; - let vcek_pem = chain.vcek.to_pem()?; + let vcek_pem = chain.vek.to_pem()?; let (rem, pem) = parse_x509_pem(&vcek_pem)?; if !rem.is_empty() || &pem.label != "CERTIFICATE" { diff --git a/crate/sev_quote/src/verify.rs b/crate/sev_quote/src/verify.rs index 5e2839c..701e7a9 100644 --- a/crate/sev_quote/src/verify.rs +++ b/crate/sev_quote/src/verify.rs @@ -47,7 +47,7 @@ pub(crate) fn verify_revocation_list(chain: &Chain, crl: &[u8]) -> Result<(), Er } // Verify VCEK is not revoked - let vcek = &chain.vcek.to_der()?; + let vcek = &chain.vek.to_der()?; let (_, cert) = X509Certificate::from_der(vcek)?; let is_revoked = crl @@ -67,7 +67,7 @@ pub(crate) fn verify_revocation_list(chain: &Chain, crl: &[u8]) -> Result<(), Er pub(crate) fn verify_chain_certificates(cert_chain: &Chain) -> Result<(), Error> { let ark = &cert_chain.ca.ark; let ask = &cert_chain.ca.ask; - let vcek = &cert_chain.vcek; + let vcek = &cert_chain.vek; if (ark, ark).verify().is_err() { return Err(Error::VerificationFailure( diff --git a/crate/sgx_quote/Cargo.toml b/crate/sgx_quote/Cargo.toml index aa0eb52..f2174b2 100644 --- a/crate/sgx_quote/Cargo.toml +++ b/crate/sgx_quote/Cargo.toml @@ -17,7 +17,7 @@ log = { workspace = true } p256 = { workspace = true } rsa = { workspace = true } pccs_client = { path = "../pccs_client" } -scroll = { version = "0.11", features = ["derive"] } +scroll = { version = "0.12", features = ["derive"] } serde = { workspace = true } serde_json = { workspace = true } serde-hex = { workspace = true } @@ -27,4 +27,4 @@ thiserror = { workspace = true } x509-parser = { workspace = true, features = ["verify"] } [dev-dependencies] -env_logger = "0.10" +env_logger = "0.11" diff --git a/crate/tdx_quote/Cargo.toml b/crate/tdx_quote/Cargo.toml index 8d5c1aa..2fe4b90 100644 --- a/crate/tdx_quote/Cargo.toml +++ b/crate/tdx_quote/Cargo.toml @@ -12,10 +12,10 @@ crate-type = ["cdylib", "rlib"] [dependencies] hex = { workspace = true } log = { workspace = true } -nix = { version = "0.27", features = ["ioctl"] } +nix = { version = "0.28", features = ["ioctl"] } p256 = { workspace = true } pccs_client = { path = "../pccs_client" } -scroll = { version = "0.11", features = ["derive"] } +scroll = { version = "0.12", features = ["derive"] } serde = { workspace = true } serde-hex = { workspace = true } sgx_quote = { path = "../sgx_quote" } @@ -23,4 +23,4 @@ sha2 = { workspace = true } thiserror = { workspace = true } [dev-dependencies] -env_logger = "0.10" +env_logger = "0.11" diff --git a/crate/tee_attestation/Cargo.toml b/crate/tee_attestation/Cargo.toml index 76964d8..f71158d 100644 --- a/crate/tee_attestation/Cargo.toml +++ b/crate/tee_attestation/Cargo.toml @@ -11,7 +11,7 @@ crate-type = ["cdylib", "rlib"] [dependencies] azure_sev_quote = { path = "../azure_sev_quote" } -sha2 = "0.10" +sha2 = { workspace = true } sev_quote = { path = "../sev_quote" } serde = { workspace = true } sgx_quote = { path = "../sgx_quote" } @@ -19,4 +19,4 @@ tdx_quote = { path = "../tdx_quote" } thiserror = { workspace = true } [dev-dependencies] -env_logger = "0.10" +env_logger = "0.11" diff --git a/crate/tpm_quote/Cargo.toml b/crate/tpm_quote/Cargo.toml index 65bda26..15b2faf 100644 --- a/crate/tpm_quote/Cargo.toml +++ b/crate/tpm_quote/Cargo.toml @@ -12,7 +12,7 @@ thiserror = { workspace = true } tss-esapi = "7.4" [dev-dependencies] -env_logger = "0.10" +env_logger = "0.11" log = "0.4" test-log = { version = "0.2", features = ["trace"] } tracing-subscriber = { version = "0.3", default-features = false, features = [ From f4e128c100d79abf07f27a72b113bcdfb0640e11 Mon Sep 17 00:00:00 2001 From: Thibaud Genty Date: Fri, 29 Mar 2024 09:43:03 +0100 Subject: [PATCH 2/2] Try to update to sev crate 3.x --- Cargo.lock | 127 +++++++++++++++++++++++------------ Cargo.toml | 6 +- crate/ratls/src/verify.rs | 22 +++--- crate/sev_quote/Cargo.toml | 2 +- crate/sev_quote/src/quote.rs | 12 ++-- 5 files changed, 106 insertions(+), 63 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index bca2f11..93601a8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -118,18 +118,18 @@ checksum = "96d30a06541fbafbc7f82ed10c06164cfbd2c401138f6addd8404629c4b16711" [[package]] name = "asn1" -version = "0.16.1" +version = "0.15.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "889adc8fd6c1344619926529e605cccad1f832b3a2a5a3fe6d7c8557c8f05368" +checksum = "ae3ecbce89a22627b5e8e6e11d69715617138290289e385cde773b1fe50befdb" dependencies = [ "asn1_derive", ] [[package]] name = "asn1-rs" -version = "0.6.1" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "22ad1373757efa0f70ec53939aabc7152e1591cb485208052993070ac8d2429d" +checksum = "7f6fd5ddaf0351dff5b8da21b2fb4ff8e08ddd02857f0bf69c47639106c0fff0" dependencies = [ "asn1-rs-derive", "asn1-rs-impl", @@ -143,36 +143,36 @@ dependencies = [ [[package]] name = "asn1-rs-derive" -version = "0.5.0" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7378575ff571966e99a744addeff0bff98b8ada0dedf1956d59e634db95eaac1" +checksum = "726535892e8eae7e70657b4c8ea93d26b8553afb1ce617caee529ef96d7dee6c" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.109", "synstructure", ] [[package]] name = "asn1-rs-impl" -version = "0.2.0" +version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b18050c2cd6fe86c3a76584ef5e0baf286d038cda203eb6223df2cc413565f7" +checksum = "2777730b2039ac0f95f093556e61b6d26cebed5393ca6f152717777cec3a42ed" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.109", ] [[package]] name = "asn1_derive" -version = "0.16.1" +version = "0.15.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2271cec9b830009b9c3b9e21767083c553f51f996b690c476c27f541199aa99" +checksum = "861af988fac460ac69a09f41e6217a8fb9178797b76fcc9478444be6a59be19c" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 2.0.48", ] [[package]] @@ -254,7 +254,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn", + "syn 2.0.48", ] [[package]] @@ -513,9 +513,9 @@ dependencies = [ [[package]] name = "der-parser" -version = "9.0.0" +version = "8.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5cd0a5c643689626bec213c4d8bd4d96acc8ffdb4ad4bb6bc16abf27d5f4b553" +checksum = "dbd676fbbab537128ef0278adb5576cf363cff6aa22a7b24effe97347cfab61e" dependencies = [ "asn1-rs", "displaydoc", @@ -533,7 +533,7 @@ checksum = "5fe87ce4529967e0ba1dcf8450bab64d97dfd5010a6256187ffe2e43e6f0e049" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 2.0.48", ] [[package]] @@ -586,7 +586,7 @@ checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 2.0.48", ] [[package]] @@ -652,7 +652,7 @@ checksum = "f95e2801cd355d4a1a3e3953ce6ee5ae9603a5c833455343a8bfe3f44d418246" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 2.0.48", ] [[package]] @@ -742,7 +742,7 @@ checksum = "1a5c6c585bc94aaf2c7b51dd4c2ba22680844aba4c687be581871a6f518c5742" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 2.0.48", ] [[package]] @@ -1411,7 +1411,7 @@ checksum = "cfb77679af88f8b125209d354a202862602672222e7f2313fdd6dc349bad4712" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 2.0.48", ] [[package]] @@ -1475,9 +1475,9 @@ dependencies = [ [[package]] name = "oid-registry" -version = "0.7.0" +version = "0.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1c958dd45046245b9c3c2547369bb634eb461670b2e7e0de552905801a648d1d" +checksum = "9bedf36ffb6ba96c2eb7144ef6270557b52e54b20c0a8e1eb2ff99a6c6959bff" dependencies = [ "asn1-rs", ] @@ -1511,7 +1511,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 2.0.48", ] [[package]] @@ -1651,7 +1651,7 @@ checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 2.0.48", ] [[package]] @@ -1896,6 +1896,21 @@ dependencies = [ "subtle", ] +[[package]] +name = "ring" +version = "0.16.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" +dependencies = [ + "cc", + "libc", + "once_cell", + "spin 0.5.2", + "untrusted 0.7.1", + "web-sys", + "winapi", +] + [[package]] name = "ring" version = "0.17.7" @@ -1906,7 +1921,7 @@ dependencies = [ "getrandom", "libc", "spin 0.9.8", - "untrusted", + "untrusted 0.9.0", "windows-sys 0.48.0", ] @@ -1968,7 +1983,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "99008d7ad0bbbea527ec27bddbc0e432c5b87d8175178cee68d2eec9c4a1813c" dependencies = [ "log", - "ring", + "ring 0.17.7", "rustls-pki-types", "rustls-webpki", "subtle", @@ -1996,9 +2011,9 @@ version = "0.102.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "faaa0a62740bedb9b2ef5afa303da42764c012f743917351dc9a237ea1663610" dependencies = [ - "ring", + "ring 0.17.7", "rustls-pki-types", - "untrusted", + "untrusted 0.9.0", ] [[package]] @@ -2024,7 +2039,7 @@ checksum = "7f81c2fde025af7e69b1d1420531c8a8811ca898919db177141a85313b1cb932" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 2.0.48", ] [[package]] @@ -2105,7 +2120,7 @@ checksum = "33c85360c95e7d137454dc81d9a4ed2b8efd8fbe19cee57357b32b9771fccb67" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 2.0.48", ] [[package]] @@ -2135,7 +2150,7 @@ dependencies = [ [[package]] name = "sev" version = "3.1.1" -source = "git+https://github.com/virtee/sev?branch=main#fb28b1dffc5b52aad055cff810cae094cf66c8d9" +source = "git+https://github.com/virtee/sev#fb28b1dffc5b52aad055cff810cae094cf66c8d9" dependencies = [ "base64 0.22.0", "bincode", @@ -2342,6 +2357,17 @@ dependencies = [ "rsa", ] +[[package]] +name = "syn" +version = "1.0.109" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + [[package]] name = "syn" version = "2.0.48" @@ -2361,13 +2387,14 @@ checksum = "2047c6ded9c721764247e62cd3b03c09ffc529b2ba5b10ec482ae507a4a70160" [[package]] name = "synstructure" -version = "0.13.1" +version = "0.12.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971" +checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.109", + "unicode-xid", ] [[package]] @@ -2427,7 +2454,7 @@ checksum = "7ba277e77219e9eea169e8508942db1bf5d8a41ff2db9b20aab5a5aadc9fa25d" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 2.0.48", ] [[package]] @@ -2447,7 +2474,7 @@ checksum = "fa0faa943b50f3db30a20aa7e265dbc66076993efed8463e8de414e5d06d3471" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 2.0.48", ] [[package]] @@ -2522,7 +2549,7 @@ checksum = "d8e00e3e7a54e0f1c8834ce72ed49c8487fbd3f801d8cfe1a0ad0640382f8e15" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 2.0.48", ] [[package]] @@ -2702,6 +2729,18 @@ dependencies = [ "tinyvec", ] +[[package]] +name = "unicode-xid" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c" + +[[package]] +name = "untrusted" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" + [[package]] name = "untrusted" version = "0.9.0" @@ -2798,7 +2837,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn", + "syn 2.0.48", "wasm-bindgen-shared", ] @@ -2832,7 +2871,7 @@ checksum = "f0eb82fcb7930ae6219a7ecfd55b217f5f0893484b7a13022ebb2b2bf20b5283" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 2.0.48", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -3051,9 +3090,9 @@ dependencies = [ [[package]] name = "x509-parser" -version = "0.16.0" +version = "0.15.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fcbc162f30700d6f3f82a24bf7cc62ffe7caea42c0b2cba8bf7f3ae50cf51f69" +checksum = "7069fba5b66b9193bd2c5d3d4ff12b839118f6bcbef5328efafafb5395cf63da" dependencies = [ "asn1-rs", "data-encoding", @@ -3061,7 +3100,7 @@ dependencies = [ "lazy_static", "nom", "oid-registry", - "ring", + "ring 0.16.20", "rusticata-macros", "thiserror", "time", @@ -3085,5 +3124,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 2.0.48", ] diff --git a/Cargo.toml b/Cargo.toml index 32e9d4c..75fcf43 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -15,8 +15,8 @@ members = [ [workspace.dependencies] -asn1-rs = "0.6" -asn1 = "0.16" +asn1-rs = "0.5" +asn1 = "0.15" bincode = "1.3" const-oid = "0.9" der = { version = "0.7", features = ["alloc", "derive", "flagset", "oid"] } @@ -42,4 +42,4 @@ spki = "0.7" p256 = { version = "0.13", features = ["arithmetic", "pkcs8", "ecdsa-core"] } thiserror = "1.0" x509-cert = { version = "0.2", features = ["builder", "hazmat"] } -x509-parser = "0.16" +x509-parser = "0.15" diff --git a/crate/ratls/src/verify.rs b/crate/ratls/src/verify.rs index ec346a5..bf0f633 100644 --- a/crate/ratls/src/verify.rs +++ b/crate/ratls/src/verify.rs @@ -119,13 +119,13 @@ mod tests { let mrenclave = mrenclave.as_slice().try_into().unwrap(); let public_signer_key = include_str!("../data/signer-key.pem"); - assert!(verify_ratls( + verify_ratls( cert, Some(&mut TeePolicy::Sgx( - SgxQuoteVerificationPolicy::new(mrenclave, public_signer_key).unwrap() - )) + SgxQuoteVerificationPolicy::new(mrenclave, public_signer_key).unwrap(), + )), ) - .is_ok()); + .unwrap(); } #[test] @@ -136,23 +136,23 @@ mod tests { hex::decode(b"c2c84b9364fc9f0f54b04534768c860c6e0e386ad98b96e8b98eca46ac8971d05c531ba48373f054c880cfd1f4a0a84e") .unwrap().try_into().unwrap(); - assert!(verify_ratls( + verify_ratls( cert, Some(&mut TeePolicy::Sev(SevQuoteVerificationPolicy::new( - measurement - ))) + measurement, + ))), ) - .is_ok()); + .unwrap(); } #[test] fn test_ratls_tdx_verify_ratls() { let cert = include_bytes!("../data/tdx-cert.ratls.pem"); - assert!(verify_ratls( + verify_ratls( cert, - Some(&mut TeePolicy::Tdx(TdxQuoteVerificationPolicy::new())) + Some(&mut TeePolicy::Tdx(TdxQuoteVerificationPolicy::new())), ) - .is_ok()); + .unwrap(); } } diff --git a/crate/sev_quote/Cargo.toml b/crate/sev_quote/Cargo.toml index 662606a..bf4f665 100644 --- a/crate/sev_quote/Cargo.toml +++ b/crate/sev_quote/Cargo.toml @@ -18,7 +18,7 @@ log = { workspace = true } reqwest = { workspace = true } serde = { workspace = true } serde-hex = { workspace = true } -sev = { git = "https://github.com/virtee/sev", branch = "main", features = [ +sev = { git = "https://github.com/virtee/sev", version = "3.1", features = [ "snp", "openssl", "sev", diff --git a/crate/sev_quote/src/quote.rs b/crate/sev_quote/src/quote.rs index d55cc71..23f14b9 100644 --- a/crate/sev_quote/src/quote.rs +++ b/crate/sev_quote/src/quote.rs @@ -111,11 +111,11 @@ pub fn verify_quote(quote: &Quote, policy: &SevQuoteVerificationPolicy) -> Resul // Check the policy verify_quote_policy("e.report, policy)?; + println!("{:?}", quote.certs); // Try to build the Chain object by dealing with various cases. - let vlek = quote - .certs - .iter() - .find(|item| item.cert_type == CertType::OTHER(AWS_VLEK_TYPE)); + let vlek = quote.certs.iter().find(|item| { + item.cert_type == CertType::OTHER(AWS_VLEK_TYPE) || item.cert_type == CertType::VLEK + }); let ark = quote .certs .iter() @@ -147,6 +147,10 @@ pub fn verify_quote(quote: &Quote, policy: &SevQuoteVerificationPolicy) -> Resul quote.report.reported_tcb, )?)?, }), + (_, _, _, Some(vcek)) => Ok(Chain { + ca: bytes_to_chain(&fetch_amd_vcek_cert_chain(KDS_CERT_SITE, SEV_PROD_NAME)?)?, + vek: Certificate::from_der(&vcek.data)?, + }), (_, _, _, _) => Err(Error::Unimplemented( "Unhandled combination of ARK/ASK/VCEK/VLEK certificates".to_owned(), )),