From a2995f2bc1b68faa2b84bee87ec82fa0d92db268 Mon Sep 17 00:00:00 2001 From: grydz Date: Wed, 12 Mar 2025 11:59:37 +0400 Subject: [PATCH 1/4] Bump a bunch of crates --- .devcontainer/Dockerfile | 2 +- .github/workflows/ci.yml | 4 +- Cargo.lock | 980 ++++++++++++++-------- Cargo.toml | 15 +- crate/azure_cvm/Cargo.toml | 8 +- crate/azure_cvm/src/attestation_report.rs | 12 +- crate/azure_cvm/src/imds.rs | 2 +- crate/ratls/Cargo.toml | 5 +- crate/ratls/src/verify.rs | 2 +- crate/sev_quote/Cargo.toml | 2 +- crate/sgx_quote/Cargo.toml | 4 +- crate/tdx_quote/Cargo.toml | 6 +- crate/tee_attestation/Cargo.toml | 2 +- crate/tpm_quote/Cargo.toml | 4 +- deny.toml | 8 +- 15 files changed, 655 insertions(+), 401 deletions(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 75a9c92..23302de 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/cosmian/intel-sgx:2.24 +FROM ghcr.io/cosmian/intel-sgx:2.25 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9b4441a..6626ae6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,7 +21,7 @@ jobs: - env: "sgx" docker-opt: "--device /dev/sgx_enclave --device /dev/sgx_provision" container: - image: ghcr.io/cosmian/intel-sgx:2.24 # We work in a container because we need root access for some tests (get quote for example) + image: ghcr.io/cosmian/intel-sgx:2.25 # We work in a container because we need root access for some tests (get quote for example) options: ${{ matrix.docker-opt }} # We need the device to get TPM, TDX or SEV quote steps: - name: Install dependencies @@ -40,7 +40,7 @@ jobs: - run: rustup component add rustfmt && rustup component add clippy && cargo install cargo-machete - name: Security Audit - uses: EmbarkStudios/cargo-deny-action@v1 + uses: EmbarkStudios/cargo-deny-action@v2 - name: Cargo fmt uses: actions-rs/cargo@v1 diff --git a/Cargo.lock b/Cargo.lock index 2997089..f1b77b8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1,6 +1,6 @@ # This file is automatically @generated by Cargo. # It is not intended for manual editing. -version = 3 +version = 4 [[package]] name = "addr2line" @@ -128,18 +128,19 @@ checksum = "96d30a06541fbafbc7f82ed10c06164cfbd2c401138f6addd8404629c4b16711" [[package]] name = "asn1" -version = "0.15.5" +version = "0.21.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae3ecbce89a22627b5e8e6e11d69715617138290289e385cde773b1fe50befdb" +checksum = "9c48ea2b435a08bc0fc63de853bda3d5dd1b794ce5f188edd036ad39a7c069d9" dependencies = [ "asn1_derive", + "itoa", ] [[package]] name = "asn1-rs" -version = "0.5.2" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f6fd5ddaf0351dff5b8da21b2fb4ff8e08ddd02857f0bf69c47639106c0fff0" +checksum = "607495ec7113b178fbba7a6166a27f99e774359ef4823adbefd756b5b81d7970" dependencies = [ "asn1-rs-derive", "asn1-rs-impl", @@ -147,42 +148,42 @@ dependencies = [ "nom", "num-traits", "rusticata-macros", - "thiserror", + "thiserror 2.0.12", "time", ] [[package]] name = "asn1-rs-derive" -version = "0.4.0" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "726535892e8eae7e70657b4c8ea93d26b8553afb1ce617caee529ef96d7dee6c" +checksum = "3109e49b1e4909e9db6515a30c633684d68cdeaa252f215214cb4fa1a5bfee2c" dependencies = [ "proc-macro2", "quote", - "syn 1.0.109", + "syn", "synstructure", ] [[package]] name = "asn1-rs-impl" -version = "0.1.0" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2777730b2039ac0f95f093556e61b6d26cebed5393ca6f152717777cec3a42ed" +checksum = "7b18050c2cd6fe86c3a76584ef5e0baf286d038cda203eb6223df2cc413565f7" dependencies = [ "proc-macro2", "quote", - "syn 1.0.109", + "syn", ] [[package]] name = "asn1_derive" -version = "0.15.5" +version = "0.21.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "861af988fac460ac69a09f41e6217a8fb9178797b76fcc9478444be6a59be19c" +checksum = "67c7e14dc2fafd01c4c68c054e128b770d5a4a07b04d76bfaedca40dce3cb2c0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.63", + "syn", ] [[package]] @@ -191,7 +192,7 @@ version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8" dependencies = [ - "hermit-abi 0.1.19", + "hermit-abi", "libc", "winapi", ] @@ -216,7 +217,7 @@ dependencies = [ "serde_json", "sev", "sha2", - "thiserror", + "thiserror 2.0.12", "tss-esapi", "zerocopy", ] @@ -287,7 +288,7 @@ dependencies = [ "proc-macro2", "quote", "regex", - "rustc-hash", + "rustc-hash 1.1.0", "shlex", "which", ] @@ -356,15 +357,18 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "bytes" -version = "1.6.0" +version = "1.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "514de17de45fdb8dc022b1a7975556c53c86f9f0aa5f534b98977b171857c2c9" +checksum = "d71b6127be86fdcfddb610f7182ac57211d4b18a3e9c82eb2d17662f2227ad6a" [[package]] name = "cc" -version = "1.0.97" +version = "1.2.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "099a5357d84c4c61eb35fc8eafa9a79a902c2f76911e5747ced4e032edd8d9b4" +checksum = "be714c154be609ec7f5dad223a33bf1482fff90472de28f7362806e6d4832b8c" +dependencies = [ + "shlex", +] [[package]] name = "cexpr" @@ -381,6 +385,12 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" +[[package]] +name = "cfg_aliases" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724" + [[package]] name = "chrono" version = "0.4.38" @@ -392,7 +402,7 @@ dependencies = [ "js-sys", "num-traits", "wasm-bindgen", - "windows-targets 0.52.5", + "windows-targets 0.52.6", ] [[package]] @@ -456,16 +466,6 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f7144d30dcf0fafbce74250a3963025d8d52177934239851c917d29f1df280c2" -[[package]] -name = "core-foundation" -version = "0.9.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f" -dependencies = [ - "core-foundation-sys", - "libc", -] - [[package]] name = "core-foundation-sys" version = "0.8.6" @@ -530,9 +530,9 @@ dependencies = [ [[package]] name = "der-parser" -version = "8.2.0" +version = "10.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dbd676fbbab537128ef0278adb5576cf363cff6aa22a7b24effe97347cfab61e" +checksum = "07da5016415d5a3c4dd39b11ed26f915f52fc4e0dc197d87908bc916e51bc1a6" dependencies = [ "asn1-rs", "displaydoc", @@ -550,7 +550,7 @@ checksum = "5fe87ce4529967e0ba1dcf8450bab64d97dfd5010a6256187ffe2e43e6f0e049" dependencies = [ "proc-macro2", "quote", - "syn 2.0.63", + "syn", ] [[package]] @@ -603,7 +603,7 @@ checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d" dependencies = [ "proc-macro2", "quote", - "syn 2.0.63", + "syn", ] [[package]] @@ -658,15 +658,6 @@ dependencies = [ "zeroize", ] -[[package]] -name = "encoding_rs" -version = "0.8.34" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b45de904aa0b010bce2ab45264d0631681847fa7b6f2eaa7dab7619943bc4f59" -dependencies = [ - "cfg-if", -] - [[package]] name = "enumflags2" version = "0.7.9" @@ -684,7 +675,7 @@ checksum = "5c785274071b1b420972453b306eeca06acf4633829db4223b58a2a8c5953bc4" dependencies = [ "proc-macro2", "quote", - "syn 2.0.63", + "syn", ] [[package]] @@ -694,6 +685,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a009aa4810eb158359dda09d0c87378e4bbb89b5a801f016885a4707ba24f7ea" dependencies = [ "log", + "regex", ] [[package]] @@ -709,19 +701,6 @@ dependencies = [ "termcolor", ] -[[package]] -name = "env_logger" -version = "0.10.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4cd405aab171cb85d6735e5c8d9db038c17d3ca007a4d2c25f337935c3d90580" -dependencies = [ - "humantime", - "is-terminal", - "log", - "regex", - "termcolor", -] - [[package]] name = "env_logger" version = "0.11.3" @@ -731,6 +710,7 @@ dependencies = [ "anstream", "anstyle", "env_filter", + "humantime", "log", ] @@ -803,40 +783,42 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "eac8f7d7865dcb88bd4373ab671c8cf4508703796caa2b1985a9ca867b3fcb78" dependencies = [ "futures-core", + "futures-sink", ] [[package]] name = "futures-core" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dfc6580bb841c5a68e9ef15c77ccc837b40a7504914d52e47b8b0e9bbda25a1d" +checksum = "05f29059c0c2090612e8d742178b0580d2dc940c837851ad723096f87af6663e" [[package]] name = "futures-io" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a44623e20b9681a318efdd71c299b6b222ed6f231972bfe2f224ebad6311f0c1" +checksum = "9e5c1b78ca4aae1ac06c48a526a655760685149f0d465d21f37abfe57ce075c6" [[package]] name = "futures-sink" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9fb8e00e87438d937621c1c6269e53f536c14d3fbd6a042bb24879e57d474fb5" +checksum = "e575fab7d1e0dcb8d0c7bcf9a63ee213816ab51902e6d244a95819acacf1d4f7" [[package]] name = "futures-task" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "38d84fa142264698cdce1a9f9172cf383a0c82de1bddcf3092901442c4097004" +checksum = "f90f7dce0722e95104fcb095585910c0977252f286e354b5e3bd38902cd99988" [[package]] name = "futures-util" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d6401deb83407ab3da39eba7e33987a73c3df0c82b4bb5813ee871c19c41d48" +checksum = "9fa08315bb612088cc391249efdc3bc77536f16c91f6cf495e6fbe85b20a4a81" dependencies = [ "futures-core", "futures-io", + "futures-sink", "futures-task", "memchr", "pin-project-lite", @@ -891,25 +873,6 @@ dependencies = [ "subtle", ] -[[package]] -name = "h2" -version = "0.3.26" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81fe527a889e1532da5c525686d96d4c2e74cdd345badf8dfef9f6b39dd5f5e8" -dependencies = [ - "bytes", - "fnv", - "futures-core", - "futures-sink", - "futures-util", - "http", - "indexmap", - "slab", - "tokio", - "tokio-util", - "tracing", -] - [[package]] name = "hashbrown" version = "0.14.5" @@ -925,12 +888,6 @@ dependencies = [ "libc", ] -[[package]] -name = "hermit-abi" -version = "0.3.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024" - [[package]] name = "hex" version = "0.4.3" @@ -999,9 +956,9 @@ checksum = "f558a64ac9af88b5ba400d99b579451af0d39c6d360980045b91aac966d705e2" [[package]] name = "http" -version = "0.2.12" +version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "601cbb57e577e2f5ef5be8e7b83f0f63994f25aa94d673e54a92d5c516d101f1" +checksum = "f16ca2af56261c99fba8bac40a10251ce8188205a4c448fbb745a2e4daa76fea" dependencies = [ "bytes", "fnv", @@ -1010,26 +967,32 @@ dependencies = [ [[package]] name = "http-body" -version = "0.4.6" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ceab25649e9960c0311ea418d17bee82c0dcec1bd053b5f9a66e265a693bed2" +checksum = "1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184" dependencies = [ "bytes", "http", - "pin-project-lite", ] [[package]] -name = "httparse" -version = "1.8.0" +name = "http-body-util" +version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d897f394bad6a705d5f4104762e116a75639e470d80901eed05a860a95cb1904" +checksum = "793429d76616a256bcb62c2a2ec2bed781c8307e797e2598c50010f2bee2544f" +dependencies = [ + "bytes", + "futures-util", + "http", + "http-body", + "pin-project-lite", +] [[package]] -name = "httpdate" -version = "1.0.3" +name = "httparse" +version = "1.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" +checksum = "6dbf3de79e51f3d586ab4cb9d5c3e2c14aa28ed23d180cf89b4df0454a69cc87" [[package]] name = "humantime" @@ -1039,40 +1002,58 @@ checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" [[package]] name = "hyper" -version = "0.14.28" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bf96e135eb83a2a8ddf766e426a841d8ddd7449d5f00d34ea02b41d2f19eef80" +checksum = "cc2b571658e38e0c01b1fdca3bbbe93c00d3d71693ff2770043f8c29bc7d6f80" dependencies = [ "bytes", "futures-channel", - "futures-core", "futures-util", - "h2", "http", "http-body", "httparse", - "httpdate", "itoa", "pin-project-lite", - "socket2", + "smallvec 1.13.2", "tokio", - "tower-service", - "tracing", "want", ] [[package]] name = "hyper-rustls" -version = "0.24.2" +version = "0.27.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ec3efd23720e2049821a693cbc7e65ea87c72f1c58ff2f9522ff332b1491e590" +checksum = "2d191583f3da1305256f22463b9bb0471acad48a4e534a5218b9963e9c1f59b2" dependencies = [ "futures-util", "http", "hyper", + "hyper-util", "rustls", + "rustls-pki-types", "tokio", "tokio-rustls", + "tower-service", + "webpki-roots", +] + +[[package]] +name = "hyper-util" +version = "0.1.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "df2dcfbe0677734ab2f3ffa7fa7bfd4706bfdc1ef393f2ee30184aed67e631b4" +dependencies = [ + "bytes", + "futures-channel", + "futures-util", + "http", + "http-body", + "hyper", + "pin-project-lite", + "socket2", + "tokio", + "tower-service", + "tracing", ] [[package]] @@ -1098,14 +1079,143 @@ dependencies = [ "cc", ] +[[package]] +name = "icu_collections" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "db2fa452206ebee18c4b5c2274dbf1de17008e874b4dc4f0aea9d01ca79e4526" +dependencies = [ + "displaydoc", + "yoke", + "zerofrom", + "zerovec", +] + +[[package]] +name = "icu_locid" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13acbb8371917fc971be86fc8057c41a64b521c184808a698c02acc242dbf637" +dependencies = [ + "displaydoc", + "litemap", + "tinystr", + "writeable", + "zerovec", +] + +[[package]] +name = "icu_locid_transform" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "01d11ac35de8e40fdeda00d9e1e9d92525f3f9d887cdd7aa81d727596788b54e" +dependencies = [ + "displaydoc", + "icu_locid", + "icu_locid_transform_data", + "icu_provider", + "tinystr", + "zerovec", +] + +[[package]] +name = "icu_locid_transform_data" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fdc8ff3388f852bede6b579ad4e978ab004f139284d7b28715f773507b946f6e" + +[[package]] +name = "icu_normalizer" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "19ce3e0da2ec68599d193c93d088142efd7f9c5d6fc9b803774855747dc6a84f" +dependencies = [ + "displaydoc", + "icu_collections", + "icu_normalizer_data", + "icu_properties", + "icu_provider", + "smallvec 1.13.2", + "utf16_iter", + "utf8_iter", + "write16", + "zerovec", +] + +[[package]] +name = "icu_normalizer_data" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8cafbf7aa791e9b22bec55a167906f9e1215fd475cd22adfcf660e03e989516" + +[[package]] +name = "icu_properties" +version = "1.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93d6020766cfc6302c15dbbc9c8778c37e62c14427cb7f6e601d849e092aeef5" +dependencies = [ + "displaydoc", + "icu_collections", + "icu_locid_transform", + "icu_properties_data", + "icu_provider", + "tinystr", + "zerovec", +] + +[[package]] +name = "icu_properties_data" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "67a8effbc3dd3e4ba1afa8ad918d5684b8868b3b26500753effea8d2eed19569" + +[[package]] +name = "icu_provider" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ed421c8a8ef78d3e2dbc98a973be2f3770cb42b606e3ab18d6237c4dfde68d9" +dependencies = [ + "displaydoc", + "icu_locid", + "icu_provider_macros", + "stable_deref_trait", + "tinystr", + "writeable", + "yoke", + "zerofrom", + "zerovec", +] + +[[package]] +name = "icu_provider_macros" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ec89e9337638ecdc08744df490b221a7399bf8d164eb52a665454e60e075ad6" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "idna" -version = "0.5.0" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "686f825264d630750a544639377bae737628043f20d38bbc029e8f29ea968a7e" +dependencies = [ + "idna_adapter", + "smallvec 1.13.2", + "utf8_iter", +] + +[[package]] +name = "idna_adapter" +version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "634d9b1461af396cad843f47fdba5597a4f9e6ddd4bfb6ff5d85028c25cb12f6" +checksum = "daca1df1c957320b2cf139ac61e7bd64fed304c5040df000a745aa1de3b4ef71" dependencies = [ - "unicode-bidi", - "unicode-normalization", + "icu_normalizer", + "icu_properties", ] [[package]] @@ -1130,17 +1240,6 @@ version = "2.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8f518f335dce6725a761382244631d86cf0ccb2863413590b31338feb467f9c3" -[[package]] -name = "is-terminal" -version = "0.4.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f23ff5ef2b80d608d61efee834934d862cd92461afc0560dedf493e4c033738b" -dependencies = [ - "hermit-abi 0.3.9", - "libc", - "windows-sys 0.52.0", -] - [[package]] name = "is_terminal_polyfill" version = "1.70.0" @@ -1235,7 +1334,7 @@ dependencies = [ "serde", "serde_json", "superboring", - "thiserror", + "thiserror 1.0.60", "zeroize", ] @@ -1259,7 +1358,7 @@ version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" dependencies = [ - "spin 0.5.2", + "spin", ] [[package]] @@ -1270,9 +1369,9 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" [[package]] name = "libc" -version = "0.2.154" +version = "0.2.170" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae743338b92ff9146ce83992f766a31066a91a8c84a45e0e9f21e7cf6de6d346" +checksum = "875b3680cb2f8f71bdcf9a30f38d48282f5d3c95cbf9b3fa57269bb5d5c06828" [[package]] name = "libloading" @@ -1306,11 +1405,17 @@ version = "0.4.14" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89" +[[package]] +name = "litemap" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "23fb14cb19457329c82206317a5663005a4d404783dc74f4252769b0d5f42856" + [[package]] name = "log" -version = "0.4.21" +version = "0.4.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90ed8c1e510134f979dbc4f070f87d4313098b704861a105fe34231c70a3901c" +checksum = "30bde2b3dc3671ae49d8e2e9f044c7c005836e7a023ee57cffa25ab82764bb9e" [[package]] name = "maa_client" @@ -1326,7 +1431,7 @@ dependencies = [ "rsa", "serde", "serde_json", - "thiserror", + "thiserror 2.0.12", "x509-cert", ] @@ -1404,12 +1509,13 @@ dependencies = [ [[package]] name = "nix" -version = "0.27.1" +version = "0.29.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2eb04e9c688eff1c89d72b407f168cf79bb9e867a9d3323ed6c01519eb9cc053" +checksum = "71e2746dc3a24dd78b3cfcb7be93368c6de9963d30f43a6a73998a9cf4b17b46" dependencies = [ "bitflags 2.5.0", "cfg-if", + "cfg_aliases", "libc", ] @@ -1480,7 +1586,7 @@ checksum = "ed3955f1a9c7c0c15e092f9c887db08b1fc683305fdf6eb6684f22555355e202" dependencies = [ "proc-macro2", "quote", - "syn 2.0.63", + "syn", ] [[package]] @@ -1533,9 +1639,9 @@ dependencies = [ [[package]] name = "oid-registry" -version = "0.6.1" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9bedf36ffb6ba96c2eb7144ef6270557b52e54b20c0a8e1eb2ff99a6c6959bff" +checksum = "12f40cff3dde1b6087cc5d5f5d4d65712f34016a03ed60e9c08dcc392736b5b7" dependencies = [ "asn1-rs", ] @@ -1548,9 +1654,9 @@ checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "openssl" -version = "0.10.64" +version = "0.10.71" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95a0481286a310808298130d22dd1fef0fa571e05a8f44ec801801e84b216b1f" +checksum = "5e14130c6a98cd258fdcb0fb6d744152343ff729cbfcb28c656a9d12b999fbcd" dependencies = [ "bitflags 2.5.0", "cfg-if", @@ -1569,14 +1675,14 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.63", + "syn", ] [[package]] name = "openssl-sys" -version = "0.9.102" +version = "0.9.106" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c597637d56fbc83893a35eb0dd04b2b8e7a50c91e64e9493e398b5df4fb45fa2" +checksum = "8bb61ea9811cc39e3c2069f40b8b8e2e70d8569b361f879786cc7ed48b777cdd" dependencies = [ "cc", "libc", @@ -1626,7 +1732,7 @@ version = "1.4.0" dependencies = [ "hex", "reqwest", - "thiserror", + "thiserror 2.0.12", "urlencoding", "x509-cert", ] @@ -1759,13 +1865,65 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.82" +version = "1.0.94" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ad3d49ab951a01fbaafe34f2ec74122942fe18a3f9814c3268f1bb72042131b" +checksum = "a31971752e70b8b2686d7e46ec17fb38dad4051d94024c88df49b667caea9c84" dependencies = [ "unicode-ident", ] +[[package]] +name = "quinn" +version = "0.11.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "62e96808277ec6f97351a2380e6c25114bc9e67037775464979f3037c92d05ef" +dependencies = [ + "bytes", + "pin-project-lite", + "quinn-proto", + "quinn-udp", + "rustc-hash 2.1.1", + "rustls", + "socket2", + "thiserror 2.0.12", + "tokio", + "tracing", +] + +[[package]] +name = "quinn-proto" +version = "0.11.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a2fe5ef3495d7d2e377ff17b1a8ce2ee2ec2a18cde8b6ad6619d65d0701c135d" +dependencies = [ + "bytes", + "getrandom", + "rand", + "ring", + "rustc-hash 2.1.1", + "rustls", + "rustls-pki-types", + "slab", + "thiserror 2.0.12", + "tinyvec", + "tracing", + "web-time", +] + +[[package]] +name = "quinn-udp" +version = "0.5.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e46f3055866785f6b92bc6164b76be02ca8f2eb4b002c0354b28cf4c119e5944" +dependencies = [ + "cfg_aliases", + "libc", + "once_cell", + "socket2", + "tracing", + "windows-sys 0.52.0", +] + [[package]] name = "quote" version = "1.0.36" @@ -1818,7 +1976,7 @@ dependencies = [ "sha2", "spki", "tee_attestation", - "thiserror", + "thiserror 2.0.12", "x509-cert", "x509-parser", ] @@ -1831,7 +1989,7 @@ checksum = "bd283d9651eeda4b2a83a43c1c91b266c40fd76ecd39a50a8c630ae69dc72891" dependencies = [ "getrandom", "libredox", - "thiserror", + "thiserror 1.0.60", ] [[package]] @@ -1880,20 +2038,21 @@ checksum = "adad44e29e4c806119491a7f06f03de4d1af22c3a680dd47f1e6e179439d1f56" [[package]] name = "reqwest" -version = "0.11.27" +version = "0.12.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd67538700a17451e7cba03ac727fb961abb7607553461627b97de0b89cf4a62" +checksum = "43e734407157c3c2034e0258f5e4473ddb361b1e85f95a66690d67264d7cd1da" dependencies = [ - "base64 0.21.7", + "base64 0.22.1", "bytes", - "encoding_rs", + "futures-channel", "futures-core", "futures-util", - "h2", "http", "http-body", + "http-body-util", "hyper", "hyper-rustls", + "hyper-util", "ipnet", "js-sys", "log", @@ -1901,22 +2060,24 @@ dependencies = [ "once_cell", "percent-encoding", "pin-project-lite", + "quinn", "rustls", "rustls-pemfile", + "rustls-pki-types", "serde", "serde_json", "serde_urlencoded", "sync_wrapper", - "system-configuration", "tokio", "tokio-rustls", + "tower", "tower-service", "url", "wasm-bindgen", "wasm-bindgen-futures", "web-sys", "webpki-roots", - "winreg", + "windows-registry", ] [[package]] @@ -1931,39 +2092,23 @@ dependencies = [ [[package]] name = "ring" -version = "0.16.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" -dependencies = [ - "cc", - "libc", - "once_cell", - "spin 0.5.2", - "untrusted 0.7.1", - "web-sys", - "winapi", -] - -[[package]] -name = "ring" -version = "0.17.8" +version = "0.17.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c17fa4cb658e3583423e915b9f3acc01cceaee1860e33d59ebae66adc3a2dc0d" +checksum = "a4689e6c2294d81e88dc6261c768b63bc4fcdb852be6d1352498b114f61383b7" dependencies = [ "cc", "cfg-if", "getrandom", "libc", - "spin 0.9.8", - "untrusted 0.9.0", + "untrusted", "windows-sys 0.52.0", ] [[package]] name = "rsa" -version = "0.9.6" +version = "0.9.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5d0e5124fcb30e76a7e79bfee683a2746db83784b86289f6251b54b7950a0dfc" +checksum = "47c75d7c5c6b673e58bf54d8544a9f432e3a925b0e80f7cd3602ab5c50c55519" dependencies = [ "const-oid", "digest", @@ -1992,6 +2137,12 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" +[[package]] +name = "rustc-hash" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "357703d41365b4b27c590e3ed91eabb1b663f07c4c084095e60cbed4362dff0d" + [[package]] name = "rusticata-macros" version = "4.1.0" @@ -2016,33 +2167,45 @@ dependencies = [ [[package]] name = "rustls" -version = "0.21.12" +version = "0.23.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3f56a14d1f48b391359b22f731fd4bd7e43c97f3c50eee276f3aa09c94784d3e" +checksum = "47796c98c480fce5406ef69d1c76378375492c3b0a0de587be0c1d9feb12f395" dependencies = [ - "log", - "ring 0.17.8", + "once_cell", + "ring", + "rustls-pki-types", "rustls-webpki", - "sct", + "subtle", + "zeroize", ] [[package]] name = "rustls-pemfile" -version = "1.0.4" +version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c" +checksum = "dce314e5fee3f39953d46bb63bb8a46d40c2f8fb7cc5a3b6cab2bde9721d6e50" dependencies = [ - "base64 0.21.7", + "rustls-pki-types", +] + +[[package]] +name = "rustls-pki-types" +version = "1.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "917ce264624a4b4db1c364dcc35bfca9ded014d0a958cd47ad3e960e988ea51c" +dependencies = [ + "web-time", ] [[package]] name = "rustls-webpki" -version = "0.101.7" +version = "0.102.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" +checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9" dependencies = [ - "ring 0.17.8", - "untrusted 0.9.0", + "ring", + "rustls-pki-types", + "untrusted", ] [[package]] @@ -2053,32 +2216,22 @@ checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" [[package]] name = "scroll" -version = "0.11.0" +version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "04c565b551bafbef4157586fa379538366e4385d42082f255bfd96e4fe8519da" +checksum = "6ab8598aa408498679922eff7fa985c25d58a90771bd6be794434c5277eab1a6" dependencies = [ "scroll_derive", ] [[package]] name = "scroll_derive" -version = "0.11.1" +version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1db149f81d46d2deba7cd3c50772474707729550221e69588478ebf9ada425ae" +checksum = "7f81c2fde025af7e69b1d1420531c8a8811ca898919db177141a85313b1cb932" dependencies = [ "proc-macro2", "quote", - "syn 2.0.63", -] - -[[package]] -name = "sct" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" -dependencies = [ - "ring 0.17.8", - "untrusted 0.9.0", + "syn", ] [[package]] @@ -2097,9 +2250,9 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.202" +version = "1.0.219" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "226b61a0d411b2ba5ff6d7f73a476ac4f8bb900373459cd00fab8512828ba395" +checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6" dependencies = [ "serde_derive", ] @@ -2135,23 +2288,24 @@ dependencies = [ [[package]] name = "serde_derive" -version = "1.0.202" +version = "1.0.219" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6048858004bcff69094cd972ed40a32500f153bd3be9f716b2eed2e8217c4838" +checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00" dependencies = [ "proc-macro2", "quote", - "syn 2.0.63", + "syn", ] [[package]] name = "serde_json" -version = "1.0.117" +version = "1.0.140" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "455182ea6142b14f93f4bc5320a2b31c1f266b66a4a5c858b013302a5d8cbfc3" +checksum = "20068b6e96dc6c9bd23e01df8827e6c7e1f2fddd43c21810382803c136b99373" dependencies = [ "indexmap", "itoa", + "memchr", "ryu", "serde", ] @@ -2197,7 +2351,7 @@ version = "1.4.0" dependencies = [ "asn1-rs", "bincode", - "env_logger 0.10.2", + "env_logger 0.11.3", "hex", "hkdf", "log", @@ -2206,7 +2360,7 @@ dependencies = [ "serde-hex", "sev", "sha2", - "thiserror", + "thiserror 2.0.12", "uuid", "x509-parser", ] @@ -2217,7 +2371,7 @@ version = "1.4.0" dependencies = [ "asn1", "asn1-rs", - "thiserror", + "thiserror 2.0.12", "x509-parser", ] @@ -2226,7 +2380,7 @@ name = "sgx_quote" version = "1.4.0" dependencies = [ "chrono", - "env_logger 0.10.2", + "env_logger 0.11.3", "hex", "hkdf", "log", @@ -2239,7 +2393,7 @@ dependencies = [ "serde_json", "sgx_pck_extension", "sha2", - "thiserror", + "thiserror 2.0.12", "x509-parser", ] @@ -2330,12 +2484,6 @@ version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" -[[package]] -name = "spin" -version = "0.9.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" - [[package]] name = "spki" version = "0.7.3" @@ -2385,9 +2533,9 @@ dependencies = [ [[package]] name = "syn" -version = "1.0.109" +version = "2.0.100" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" +checksum = "b09a44accad81e1ba1cd74a32461ba89dee89095ba17b32f5d03683b1b1fc2a0" dependencies = [ "proc-macro2", "quote", @@ -2395,53 +2543,23 @@ dependencies = [ ] [[package]] -name = "syn" -version = "2.0.63" +name = "sync_wrapper" +version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bf5be731623ca1a1fb7d8be6f261a3be6d3e2337b8a1f97be944d020c8fcb704" +checksum = "0bf256ce5efdfa370213c1dabab5935a12e49f2c58d15e9eac2870d3b4f27263" dependencies = [ - "proc-macro2", - "quote", - "unicode-ident", + "futures-core", ] -[[package]] -name = "sync_wrapper" -version = "0.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2047c6ded9c721764247e62cd3b03c09ffc529b2ba5b10ec482ae507a4a70160" - [[package]] name = "synstructure" -version = "0.12.6" +version = "0.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f" +checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971" dependencies = [ "proc-macro2", "quote", - "syn 1.0.109", - "unicode-xid", -] - -[[package]] -name = "system-configuration" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba3a3adc5c275d719af8cb4272ea1c4a6d668a777f37e115f6d11ddbc1c8e0e7" -dependencies = [ - "bitflags 1.3.2", - "core-foundation", - "system-configuration-sys", -] - -[[package]] -name = "system-configuration-sys" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a75fb188eb626b924683e3b95e3a48e63551fcfb51949de2f06a9d91dbee93c9" -dependencies = [ - "core-foundation-sys", - "libc", + "syn", ] [[package]] @@ -2470,7 +2588,7 @@ dependencies = [ name = "tdx_quote" version = "1.4.0" dependencies = [ - "env_logger 0.10.2", + "env_logger 0.11.3", "hex", "log", "nix", @@ -2482,7 +2600,7 @@ dependencies = [ "sgx_quote", "sha2", "tdx-attest-rs", - "thiserror", + "thiserror 2.0.12", ] [[package]] @@ -2490,7 +2608,7 @@ name = "tee_attestation" version = "1.4.0" dependencies = [ "azure_cvm", - "env_logger 0.10.2", + "env_logger 0.11.3", "hex", "maa_client", "serde", @@ -2498,7 +2616,7 @@ dependencies = [ "sgx_quote", "sha2", "tdx_quote", - "thiserror", + "thiserror 2.0.12", ] [[package]] @@ -2529,7 +2647,7 @@ checksum = "5999e24eaa32083191ba4e425deb75cdf25efefabe5aaccb7446dd0d4122a3f5" dependencies = [ "proc-macro2", "quote", - "syn 2.0.63", + "syn", ] [[package]] @@ -2547,7 +2665,16 @@ version = "1.0.60" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "579e9083ca58dd9dcf91a9923bb9054071b9ebbd800b342194c9feb0ee89fc18" dependencies = [ - "thiserror-impl", + "thiserror-impl 1.0.60", +] + +[[package]] +name = "thiserror" +version = "2.0.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "567b8a2dae586314f7be2a752ec7474332959c6460e02bde30d702a66d488708" +dependencies = [ + "thiserror-impl 2.0.12", ] [[package]] @@ -2558,7 +2685,18 @@ checksum = "e2470041c06ec3ac1ab38d0356a6119054dedaea53e12fbefc0de730a1c08524" dependencies = [ "proc-macro2", "quote", - "syn 2.0.63", + "syn", +] + +[[package]] +name = "thiserror-impl" +version = "2.0.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f7cf42b4507d8ea322120659672cf1b9dbb93f8f2d4ecfd6e51350ff5b17a1d" +dependencies = [ + "proc-macro2", + "quote", + "syn", ] [[package]] @@ -2602,6 +2740,16 @@ dependencies = [ "time-core", ] +[[package]] +name = "tinystr" +version = "0.7.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9117f5d4db391c1cf6927e7bea3db74b9a1c1add8f7eda9ffd5364f40f57b82f" +dependencies = [ + "displaydoc", + "zerovec", +] + [[package]] name = "tinyvec" version = "1.6.0" @@ -2635,7 +2783,7 @@ checksum = "8d9ef545650e79f30233c0003bcc2504d7efac6dad25fca40744de773fe2049c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.63", + "syn", ] [[package]] @@ -2655,45 +2803,53 @@ dependencies = [ [[package]] name = "tokio-rustls" -version = "0.24.1" +version = "0.26.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" +checksum = "8e727b36a1a0e8b74c376ac2211e40c2c8af09fb4013c60d910495810f008e9b" dependencies = [ "rustls", "tokio", ] [[package]] -name = "tokio-util" -version = "0.7.11" +name = "tower" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9cf6b47b3771c49ac75ad09a6162f53ad4b8088b76ac60e8ec1455b31a189fe1" +checksum = "d039ad9159c98b70ecfd540b2573b97f7f52c3e8d9f8ad57a24b916a536975f9" dependencies = [ - "bytes", "futures-core", - "futures-sink", + "futures-util", "pin-project-lite", + "sync_wrapper", "tokio", + "tower-layer", + "tower-service", ] +[[package]] +name = "tower-layer" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "121c2a6cda46980bb0fcd1647ffaf6cd3fc79a013de288782836f6df9c48780e" + [[package]] name = "tower-service" -version = "0.3.2" +version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b6bc1c9ce2b5135ac7f93c72918fc37feb872bdc6a5533a8b85eb4b86bfdae52" +checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3" [[package]] name = "tpm_quote" version = "1.4.0" dependencies = [ - "env_logger 0.10.2", + "env_logger 0.11.3", "hex", "log", "p256", "serde", "sha2", "test-log", - "thiserror", + "thiserror 2.0.12", "tracing-subscriber", "tss-esapi", ] @@ -2754,9 +2910,9 @@ checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b" [[package]] name = "tss-esapi" -version = "7.5.1" +version = "7.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a9ba6594ded739cb539f8ffcd3713f6c21d4525c47314bbc6de15c0cd251aedf" +checksum = "78ea9ccde878b029392ac97b5be1f470173d06ea41d18ad0bb3c92794c16a0f2" dependencies = [ "bitfield 0.14.0", "enumflags2", @@ -2791,45 +2947,18 @@ version = "1.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" -[[package]] -name = "unicode-bidi" -version = "0.3.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "08f95100a766bf4f8f28f90d77e0a5461bbdb219042e7679bebe79004fed8d75" - [[package]] name = "unicode-ident" version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" -[[package]] -name = "unicode-normalization" -version = "0.1.23" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a56d1686db2308d901306f92a263857ef59ea39678a5458e7cb17f01415101f5" -dependencies = [ - "tinyvec", -] - [[package]] name = "unicode-width" version = "0.1.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "68f5e5f3158ecfd4b8ff6fe086db7c8467a2dfdac97fe420f2b7c4aa97af66d6" -[[package]] -name = "unicode-xid" -version = "0.2.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c" - -[[package]] -name = "untrusted" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" - [[package]] name = "untrusted" version = "0.9.0" @@ -2838,9 +2967,9 @@ checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" [[package]] name = "url" -version = "2.5.0" +version = "2.5.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "31e6302e3bb753d46e83516cae55ae196fc0c309407cf11ab35cc51a4c2a4633" +checksum = "32f8b686cadd1473f4bd0117a5d28d36b1ade384ea9b5069a1c40aefed7fda60" dependencies = [ "form_urlencoded", "idna", @@ -2853,6 +2982,18 @@ version = "2.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "daf8dba3b7eb870caf1ddeed7bc9d2a049f3cfdfae7cb521b087cc33ae4c49da" +[[package]] +name = "utf16_iter" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8232dd3cdaed5356e0f716d285e4b40b932ac434100fe9b7e0e8e935b9e6246" + +[[package]] +name = "utf8_iter" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be" + [[package]] name = "utf8parse" version = "0.2.1" @@ -2938,7 +3079,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.63", + "syn", "wasm-bindgen-shared", ] @@ -2972,7 +3113,7 @@ checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.63", + "syn", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -2993,11 +3134,24 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "web-time" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a6580f308b1fad9207618087a65c04e7a10bc77e02c8e84e9b00dd4b12fa0bb" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + [[package]] name = "webpki-roots" -version = "0.25.4" +version = "0.26.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1" +checksum = "2210b291f7ea53617fbafcc4939f10914214ec15aace5ba62293a668f322c5c9" +dependencies = [ + "rustls-pki-types", +] [[package]] name = "which" @@ -3048,7 +3202,37 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9" dependencies = [ - "windows-targets 0.52.5", + "windows-targets 0.52.6", +] + +[[package]] +name = "windows-registry" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e400001bb720a623c1c69032f8e3e4cf09984deec740f007dd2b03ec864804b0" +dependencies = [ + "windows-result", + "windows-strings", + "windows-targets 0.52.6", +] + +[[package]] +name = "windows-result" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d1043d8214f791817bab27572aaa8af63732e11bf84aa21a45a78d6c317ae0e" +dependencies = [ + "windows-targets 0.52.6", +] + +[[package]] +name = "windows-strings" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4cd9b125c486025df0eabcb585e62173c6c9eddcec5d117d3b6e8c30e2ee4d10" +dependencies = [ + "windows-result", + "windows-targets 0.52.6", ] [[package]] @@ -3066,7 +3250,7 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" dependencies = [ - "windows-targets 0.52.5", + "windows-targets 0.52.6", ] [[package]] @@ -3086,18 +3270,18 @@ dependencies = [ [[package]] name = "windows-targets" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f0713a46559409d202e70e28227288446bf7841d3211583a4b53e3f6d96e7eb" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" dependencies = [ - "windows_aarch64_gnullvm 0.52.5", - "windows_aarch64_msvc 0.52.5", - "windows_i686_gnu 0.52.5", + "windows_aarch64_gnullvm 0.52.6", + "windows_aarch64_msvc 0.52.6", + "windows_i686_gnu 0.52.6", "windows_i686_gnullvm", - "windows_i686_msvc 0.52.5", - "windows_x86_64_gnu 0.52.5", - "windows_x86_64_gnullvm 0.52.5", - "windows_x86_64_msvc 0.52.5", + "windows_i686_msvc 0.52.6", + "windows_x86_64_gnu 0.52.6", + "windows_x86_64_gnullvm 0.52.6", + "windows_x86_64_msvc 0.52.6", ] [[package]] @@ -3108,9 +3292,9 @@ checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" [[package]] name = "windows_aarch64_gnullvm" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7088eed71e8b8dda258ecc8bac5fb1153c5cffaf2578fc8ff5d61e23578d3263" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" [[package]] name = "windows_aarch64_msvc" @@ -3120,9 +3304,9 @@ checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" [[package]] name = "windows_aarch64_msvc" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9985fd1504e250c615ca5f281c3f7a6da76213ebd5ccc9561496568a2752afb6" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" [[package]] name = "windows_i686_gnu" @@ -3132,15 +3316,15 @@ checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" [[package]] name = "windows_i686_gnu" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "88ba073cf16d5372720ec942a8ccbf61626074c6d4dd2e745299726ce8b89670" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" [[package]] name = "windows_i686_gnullvm" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87f4261229030a858f36b459e748ae97545d6f1ec60e5e0d6a3d32e0dc232ee9" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" [[package]] name = "windows_i686_msvc" @@ -3150,9 +3334,9 @@ checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" [[package]] name = "windows_i686_msvc" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "db3c2bf3d13d5b658be73463284eaf12830ac9a26a90c717b7f771dfe97487bf" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" [[package]] name = "windows_x86_64_gnu" @@ -3162,9 +3346,9 @@ checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" [[package]] name = "windows_x86_64_gnu" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4e4246f76bdeff09eb48875a0fd3e2af6aada79d409d33011886d3e1581517d9" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" [[package]] name = "windows_x86_64_gnullvm" @@ -3174,9 +3358,9 @@ checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" [[package]] name = "windows_x86_64_gnullvm" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "852298e482cd67c356ddd9570386e2862b5673c85bd5f88df9ab6802b334c596" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" [[package]] name = "windows_x86_64_msvc" @@ -3186,19 +3370,21 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" [[package]] name = "windows_x86_64_msvc" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bec47e5bfd1bff0eeaf6d8b485cc1074891a197ab4225d504cb7a1ab88b02bf0" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" [[package]] -name = "winreg" -version = "0.50.0" +name = "write16" +version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "524e57b2c537c0f9b1e69f1965311ec12182b4122e45035b1508cd24d2adadb1" -dependencies = [ - "cfg-if", - "windows-sys 0.48.0", -] +checksum = "d1890f4022759daae28ed4fe62859b1236caebfc61ede2f63ed4e695f3f6d936" + +[[package]] +name = "writeable" +version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e9df38ee2d2c3c5948ea468a8406ff0db0b29ae1ffde1bcf20ef305bcc95c51" [[package]] name = "x509-cert" @@ -3216,9 +3402,9 @@ dependencies = [ [[package]] name = "x509-parser" -version = "0.15.1" +version = "0.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7069fba5b66b9193bd2c5d3d4ff12b839118f6bcbef5328efafafb5395cf63da" +checksum = "4569f339c0c402346d4a75a9e39cf8dad310e287eef1ff56d4c68e5067f53460" dependencies = [ "asn1-rs", "data-encoding", @@ -3226,31 +3412,75 @@ dependencies = [ "lazy_static", "nom", "oid-registry", - "ring 0.16.20", + "ring", "rusticata-macros", - "thiserror", + "thiserror 2.0.12", "time", ] +[[package]] +name = "yoke" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "120e6aef9aa629e3d4f52dc8cc43a015c7724194c97dfaf45180d2daf2b77f40" +dependencies = [ + "serde", + "stable_deref_trait", + "yoke-derive", + "zerofrom", +] + +[[package]] +name = "yoke-derive" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2380878cad4ac9aac1e2435f3eb4020e8374b5f13c296cb75b4620ff8e229154" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "synstructure", +] + [[package]] name = "zerocopy" -version = "0.7.34" +version = "0.8.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae87e3fcd617500e5d106f0380cf7b77f3c6092aae37191433159dda23cfb087" +checksum = "fd97444d05a4328b90e75e503a34bad781f14e28a823ad3557f0750df1ebcbc6" dependencies = [ - "byteorder", "zerocopy-derive", ] [[package]] name = "zerocopy-derive" -version = "0.7.34" +version = "0.8.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "15e934569e47891f7d9411f1a451d947a60e000ab3bd24fbb970f000387d1b3b" +checksum = "6352c01d0edd5db859a63e2605f4ea3183ddbd15e2c4a9e7d32184df75e4f154" dependencies = [ "proc-macro2", "quote", - "syn 2.0.63", + "syn", +] + +[[package]] +name = "zerofrom" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "50cc42e0333e05660c3587f3bf9d0478688e15d870fab3346451ce7f8c9fbea5" +dependencies = [ + "zerofrom-derive", +] + +[[package]] +name = "zerofrom-derive" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d71e5d6e06ab090c67b5e44993ec16b72dcbaabc526db883a360057678b48502" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "synstructure", ] [[package]] @@ -3271,5 +3501,27 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.63", + "syn", +] + +[[package]] +name = "zerovec" +version = "0.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aa2b893d79df23bfb12d5461018d408ea19dfafe76c2c7ef6d4eba614f8ff079" +dependencies = [ + "yoke", + "zerofrom", + "zerovec-derive", +] + +[[package]] +name = "zerovec-derive" +version = "0.10.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6eafa6dfb17584ea3e2bd6e76e0cc15ad7af12b09abdd1ca55961bed9b1063c6" +dependencies = [ + "proc-macro2", + "quote", + "syn", ] diff --git a/Cargo.toml b/Cargo.toml index d3b57ca..6010177 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -22,11 +22,9 @@ repository = "https://github.com/Cosmian/tee-tools" [workspace.dependencies] base64 = "0.22" -asn1-rs = "0.5" -asn1 = "0.15" +asn1-rs = "0.7" +asn1 = "0.21" bincode = "1.3" -const-oid = "0.9" -curve25519-dalek = "3.2" der = { version = "0.7", features = ["alloc", "derive", "flagset", "oid"] } ecdsa = { version = "0.16", features = ["sha2", "spki"] } elliptic-curve = "0.13" @@ -35,20 +33,19 @@ hkdf = "0.12" log = "0.4" openssl = { version = "0.10", features = ["vendored"] } p256 = { version = "0.13", features = ["arithmetic", "pkcs8", "ecdsa-core"] } -reqwest = { version = "0.11", default-features = false, features = [ +reqwest = { version = "0.12", default-features = false, features = [ "json", "rustls-tls", "blocking", ] } -rand = "0.8" -rand_chacha = "0.3" rsa = "0.9" +scroll = { version = "0.12", features = ["derive"] } serde = { version = "1.0", features = ["derive"] } serde_json = { version = "1.0", features = ["preserve_order"] } serde-hex = "0.1" sev = { git = "https://github.com/virtee/sev", rev = "6a176a5f6068d30ac629fe59c13634a55076e7ae", default-features = false } sha2 = "0.10" spki = "0.7" -thiserror = "1.0" +thiserror = "2.0" x509-cert = { version = "0.2", features = ["builder", "hazmat"] } -x509-parser = "0.15" +x509-parser = "0.17" diff --git a/crate/azure_cvm/Cargo.toml b/crate/azure_cvm/Cargo.toml index 5839e6f..c16fcc4 100644 --- a/crate/azure_cvm/Cargo.toml +++ b/crate/azure_cvm/Cargo.toml @@ -7,10 +7,10 @@ repository.workspace = true [dependencies] base64 = { workspace = true } -bincode = "1.3" +bincode = { workspace = true } jose-jwk = { version = "0.1", features = ["rsa"] } memoffset = "0.9" -reqwest = { version = "0.11", default-features = false, features = [ +reqwest = { version = "0.12", default-features = false, features = [ "json", "blocking", ] } @@ -19,6 +19,6 @@ serde-big-array = "0.5" serde_json = "1.0" sev = { workspace = true, features = ["sev", "snp"] } sha2 = "0.10" -thiserror = "1.0" +thiserror = { workspace = true } tss-esapi = "7.4" -zerocopy = { version = "0.7", features = ["derive"] } +zerocopy = { version = "0.8", features = ["derive"] } diff --git a/crate/azure_cvm/src/attestation_report.rs b/crate/azure_cvm/src/attestation_report.rs index 954df7c..5ca4ff4 100644 --- a/crate/azure_cvm/src/attestation_report.rs +++ b/crate/azure_cvm/src/attestation_report.rs @@ -3,7 +3,7 @@ use serde::{Deserialize, Serialize}; use serde_big_array::BigArray; -use zerocopy::AsBytes; +use zerocopy::{Immutable, IntoBytes}; // reuse attestation report from sev crate pub use sev::firmware::guest::AttestationReport as SnpReport; @@ -12,7 +12,7 @@ pub use sev::firmware::guest::AttestationReport as SnpReport; // Module 1.0", Feb 2023, Section 22.6 #[repr(C)] -#[derive(AsBytes, Copy, Clone, Debug, Serialize, Deserialize, PartialEq)] +#[derive(IntoBytes, Immutable, Copy, Clone, Debug, Serialize, Deserialize, PartialEq)] pub struct ReportType { pub r#type: u8, pub subtype: u8, @@ -21,7 +21,7 @@ pub struct ReportType { } #[repr(C)] -#[derive(AsBytes, Copy, Clone, Debug, Serialize, Deserialize, PartialEq)] +#[derive(IntoBytes, Immutable, Copy, Clone, Debug, Serialize, Deserialize, PartialEq)] pub struct ReportMac { pub reporttype: ReportType, pub _reserved_1: [u8; 12], @@ -37,14 +37,14 @@ pub struct ReportMac { } #[repr(C)] -#[derive(AsBytes, Copy, Clone, Debug, Serialize, Deserialize, PartialEq)] +#[derive(IntoBytes, Immutable, Copy, Clone, Debug, Serialize, Deserialize, PartialEq)] pub struct Rtmr { #[serde(with = "BigArray")] pub register_data: [u8; 48], } #[repr(C)] -#[derive(AsBytes, Copy, Clone, Debug, Serialize, Deserialize, PartialEq)] +#[derive(IntoBytes, Immutable, Copy, Clone, Debug, Serialize, Deserialize, PartialEq)] pub struct TdInfo { pub attributes: [u8; 8], pub xfam: [u8; 8], @@ -62,7 +62,7 @@ pub struct TdInfo { } #[repr(C)] -#[derive(AsBytes, Copy, Clone, Debug, Serialize, Deserialize, PartialEq)] +#[derive(IntoBytes, Immutable, Copy, Clone, Debug, Serialize, Deserialize, PartialEq)] pub struct TdReport { pub report_mac: ReportMac, #[serde(with = "BigArray")] diff --git a/crate/azure_cvm/src/imds.rs b/crate/azure_cvm/src/imds.rs index 3114c15..688b8a7 100644 --- a/crate/azure_cvm/src/imds.rs +++ b/crate/azure_cvm/src/imds.rs @@ -6,7 +6,7 @@ use std::str::FromStr; use crate::{attestation_report::TdReport, error::Error}; use base64::{engine::general_purpose, Engine as _}; -use zerocopy::AsBytes; +use zerocopy::IntoBytes; // IMDS endpoint for VCEK certificate, AMD SEV CA and AMD Root CA const IMDS_THIM_ENDPOINT: &str = "http://169.254.169.254/metadata/THIM/amd/certification"; diff --git a/crate/ratls/Cargo.toml b/crate/ratls/Cargo.toml index ae4a85e..3cd73e3 100644 --- a/crate/ratls/Cargo.toml +++ b/crate/ratls/Cargo.toml @@ -7,11 +7,12 @@ repository.workspace = true description = "Intel SGX/AMD SEV verification of Remote Attestation based TLS certificate" [dependencies] -const-oid = { workspace = true } +const-oid = "0.9" der = { workspace = true } ecdsa = { workspace = true } p256 = { workspace = true } -rand_chacha = { workspace = true } +# rand = "0.9" +rand_chacha = { version = "0.3" } sha2 = { workspace = true } spki = { workspace = true } tee_attestation = { path = "../tee_attestation" } diff --git a/crate/ratls/src/verify.rs b/crate/ratls/src/verify.rs index c3c20a5..2190c03 100644 --- a/crate/ratls/src/verify.rs +++ b/crate/ratls/src/verify.rs @@ -27,7 +27,7 @@ pub fn forge_report_data( let mut hasher = Sha256::new(); // Hash the public key of the certificate - hasher.update(&ratls_public_key.to_sec1_bytes()); + hasher.update(ratls_public_key.to_sec1_bytes()); let mut user_report_data = hasher.finalize()[..].to_vec(); diff --git a/crate/sev_quote/Cargo.toml b/crate/sev_quote/Cargo.toml index 2e2faa7..b37a875 100644 --- a/crate/sev_quote/Cargo.toml +++ b/crate/sev_quote/Cargo.toml @@ -30,4 +30,4 @@ uuid = { version = "1.3", features = ["serde", "v4"] } x509-parser = { workspace = true } [dev-dependencies] -env_logger = "0.10" +env_logger = "0.11" diff --git a/crate/sgx_quote/Cargo.toml b/crate/sgx_quote/Cargo.toml index aa5cbc3..2ffbd41 100644 --- a/crate/sgx_quote/Cargo.toml +++ b/crate/sgx_quote/Cargo.toml @@ -18,7 +18,7 @@ log = { workspace = true } p256 = { workspace = true } pccs_client = { path = "../pccs_client" } rsa = { workspace = true } -scroll = { version = "0.11", features = ["derive"] } +scroll = { workspace = true } serde = { workspace = true } serde-hex = { workspace = true } serde_json = { workspace = true } @@ -28,4 +28,4 @@ thiserror = { workspace = true } x509-parser = { workspace = true, features = ["verify"] } [dev-dependencies] -env_logger = "0.10" +env_logger = "0.11" diff --git a/crate/tdx_quote/Cargo.toml b/crate/tdx_quote/Cargo.toml index 25a767f..c627f2b 100644 --- a/crate/tdx_quote/Cargo.toml +++ b/crate/tdx_quote/Cargo.toml @@ -13,10 +13,10 @@ crate-type = ["cdylib", "rlib"] [dependencies] hex = { workspace = true } log = { workspace = true } -nix = { version = "0.27", features = ["ioctl"] } +nix = { version = "0.29", features = ["ioctl"] } p256 = { workspace = true } pccs_client = { path = "../pccs_client" } -scroll = { version = "0.11", features = ["derive"] } +scroll = { workspace = true } serde = { workspace = true } serde-hex = { workspace = true } sgx_quote = { path = "../sgx_quote" } @@ -25,4 +25,4 @@ tdx-attest-rs = { git = "https://github.com/intel/SGXDataCenterAttestationPrimit thiserror = { workspace = true } [dev-dependencies] -env_logger = "0.10" +env_logger = "0.11" diff --git a/crate/tee_attestation/Cargo.toml b/crate/tee_attestation/Cargo.toml index 6b7d918..5d3b9fd 100644 --- a/crate/tee_attestation/Cargo.toml +++ b/crate/tee_attestation/Cargo.toml @@ -26,4 +26,4 @@ tdx_quote = { path = "../tdx_quote" } thiserror = { workspace = true } [dev-dependencies] -env_logger = "0.10" +env_logger = "0.11" diff --git a/crate/tpm_quote/Cargo.toml b/crate/tpm_quote/Cargo.toml index 0e94f76..e933251 100644 --- a/crate/tpm_quote/Cargo.toml +++ b/crate/tpm_quote/Cargo.toml @@ -11,10 +11,10 @@ p256 = { workspace = true } serde = { workspace = true } sha2 = { workspace = true } thiserror = { workspace = true } -tss-esapi = "7.4" +tss-esapi = "7.6" [dev-dependencies] -env_logger = "0.10" +env_logger = "0.11" log = "0.4" test-log = { version = "0.2", features = ["trace"] } tracing-subscriber = { version = "0.3", default-features = false, features = [ diff --git a/deny.toml b/deny.toml index 5d1c5c4..8da856c 100644 --- a/deny.toml +++ b/deny.toml @@ -72,10 +72,14 @@ feature-depth = 1 # A list of advisory IDs to ignore. Note that ignored advisories will still # output a note when they are encountered. ignore = [ - "RUSTSEC-2023-0071", # rsa # { id = "RUSTSEC-0000-0000", reason = "you can specify a reason the advisory is ignored" }, # "a-crate-that-is-yanked@0.1.1", # you can also ignore yanked crate versions if you wish # { crate = "a-crate-that-is-yanked@0.1.1", reason = "you can specify why you are ignoring the yanked crate" }, + { id = "RUSTSEC-2023-0071", reason = "[rsa] vulnerable to the Marvin Attack which could enable private key recovery by a network attacker" }, + { id = "RUSTSEC-2025-0014", reason = "[humantime] unmaintained"}, + { id = "RUSTSEC-2024-0375", reason = "[atty] unmaintained"}, + { id = "RUSTSEC-2021-0145", reason = "[atty] potential unaligned read on Windows"}, + { id = "RUSTSEC-2021-0139", reason = "[ansi_term] unmaintained"}, ] # If this is true, then cargo deny will use the git executable to fetch advisory database. # If this is false, then it uses a built-in git library. @@ -94,13 +98,13 @@ allow = [ "MIT", "Apache-2.0", "Apache-2.0 WITH LLVM-exception", - "OpenSSL", "ISC", "MPL-2.0", "BSD-2-Clause", "BSD-3-Clause", "Unicode-DFS-2016", "BUSL-1.1", + "Unicode-3.0", ] # The confidence threshold for detecting a license from license text. # The higher the value, the more closely the license text must be to the From aafb822a87e7991efa1cb732d792bc8647552c95 Mon Sep 17 00:00:00 2001 From: grydz Date: Wed, 12 Mar 2025 16:56:04 +0400 Subject: [PATCH 2/4] Fix: stop fetching Root CA CRL from PCCS Stop querying PCCS and use Intel PCS API and Intel Trusted Services because PCCS is not maintained anymore. See https://github.com/intel/SGXDataCenterAttestationPrimitives/pull/426#issuecomment-2386432510. --- crate/pccs_client/src/lib.rs | 53 ++++++++++++----------------------- crate/sgx_quote/src/quote.rs | 4 +-- crate/sgx_quote/src/verify.rs | 10 +++---- crate/tdx_quote/src/quote.rs | 4 +-- 4 files changed, 27 insertions(+), 44 deletions(-) diff --git a/crate/pccs_client/src/lib.rs b/crate/pccs_client/src/lib.rs index 906dd95..d677eb3 100644 --- a/crate/pccs_client/src/lib.rs +++ b/crate/pccs_client/src/lib.rs @@ -37,7 +37,7 @@ impl IntelTeeType { } } -/// Fetch Intel SGX Root CA Certificate Revocation List (CRL) from PCCS URL. +/// Fetch Intel SGX Root CA Certificate Revocation List (CRL) from Intel Trusted Services. /// /// # Returns /// @@ -48,29 +48,8 @@ impl IntelTeeType { /// See section 3.7 of [`SGX_DCAP_Caching_Service_Design_Guide.pdf`]. /// /// [`SGX_DCAP_Caching_Service_Design_Guide.pdf`]: https://download.01.org/intel-sgx/sgx-dcap/1.18/linux/docs/SGX_DCAP_Caching_Service_Design_Guide.pdf -pub fn get_root_ca_crl(pccs_url: &str) -> Result, Error> { - let url = reqwest::Url::from_str(&format!("{pccs_url}/sgx/certification/v4/rootcacrl")) - .map_err(|e| Error::URLError(e.to_string()))?; - - let r = reqwest::blocking::get(url)?; - - let body = match r.status() { - StatusCode::OK => Ok(r.bytes()?[..].to_vec()), - StatusCode::NOT_FOUND => Err(Error::PccsResponseError( - "Root CA CRL cannot be found".to_owned(), - )), - StatusCode::INTERNAL_SERVER_ERROR => Err(Error::PccsResponseError( - "Internal server error occurred".to_owned(), - )), - StatusCode::BAD_GATEWAY => Err(Error::PccsResponseError( - "Unable to retrieve the collateral from the Intel PCS API".to_owned(), - )), - s => Err(Error::UnexpectedError(format!("HTTP status code {s}"))), - }?; - - let root_ca_crl = hex::decode(body).map_err(|e| Error::DecodeError(e.to_string()))?; - - Ok(root_ca_crl) +pub fn get_root_ca_crl() -> Result, Error> { + get_root_ca_crl_from_uri("https://certificates.trustedservices.intel.com/IntelSGXRootCA.der") } /// Fetch Intel SGX Root CA Certificate Revocation List (CRL) from a given URI. @@ -111,10 +90,10 @@ pub fn get_root_ca_crl_from_uri(uri: &str) -> Result, Error> { /// See section 3.2 of [`SGX_DCAP_Caching_Service_Design_Guide.pdf`]. /// /// [`SGX_DCAP_Caching_Service_Design_Guide.pdf`]: https://download.01.org/intel-sgx/sgx-dcap/1.18/linux/docs/SGX_DCAP_Caching_Service_Design_Guide.pdf -pub fn get_pck_crl(pccs_url: &str, ca: PckCa) -> Result<(Vec, Vec), Error> { +pub fn get_pck_crl(pcs_url: &str, ca: PckCa) -> Result<(Vec, Vec), Error> { let ca = ca.to_string(); let url = reqwest::Url::parse_with_params( - &format!("{pccs_url}/sgx/certification/v4/pckcrl"), + &format!("{pcs_url}/sgx/certification/v4/pckcrl"), &[("ca", ca.as_str()), ("encoding", "der")], ) .map_err(|e| Error::URLError(e.to_string()))?; @@ -175,12 +154,12 @@ pub fn get_pck_crl(pccs_url: &str, ca: PckCa) -> Result<(Vec, Vec), Erro /// [`SGX_DCAP_Caching_Service_Design_Guide.pdf`]: https://download.01.org/intel-sgx/sgx-dcap/1.18/linux/docs/SGX_DCAP_Caching_Service_Design_Guide.pdf /// [`PCS API documentation`]: https://api.portal.trustedservices.intel.com/documentation#pcs-tcb-info-model-v3 pub fn get_tcbinfo( - pccs_url: &str, + pcs_url: &str, tee: IntelTeeType, fmscp: &[u8], ) -> Result<(Vec, Vec), Error> { let url = reqwest::Url::parse_with_params( - &format!("{pccs_url}/{}/certification/v4/tcb", tee.as_str()), + &format!("{pcs_url}/{}/certification/v4/tcb", tee.as_str()), &[("fmspc", hex::encode(fmscp))], ) .map_err(|e| Error::URLError(e.to_string()))?; @@ -235,9 +214,9 @@ pub fn get_tcbinfo( // /// [`SGX_DCAP_Caching_Service_Design_Guide.pdf`]: https://download.01.org/intel-sgx/sgx-dcap/1.18/linux/docs/SGX_DCAP_Caching_Service_Design_Guide.pdf /// [`PCS API documentation`]: https://api.portal.trustedservices.intel.com/documentation#pcs-enclave-identity-model-v2 -pub fn get_qe_identity(pccs_url: &str, tee: IntelTeeType) -> Result<(Vec, Vec), Error> { +pub fn get_qe_identity(pcs_url: &str, tee: IntelTeeType) -> Result<(Vec, Vec), Error> { let url = reqwest::Url::from_str(&format!( - "{pccs_url}/{}/certification/v4/qe/identity", + "{pcs_url}/{}/certification/v4/qe/identity", tee.as_str() )) .map_err(|e| Error::URLError(e.to_string()))?; @@ -290,7 +269,7 @@ mod tests { #[test] fn test_intel_root_ca_crl() { - let root_ca_crl = get_root_ca_crl("https://pccs.mse.cosmian.com").unwrap(); + let root_ca_crl = get_root_ca_crl().unwrap(); let root_ca_crl = CertificateList::from_der(&root_ca_crl).unwrap(); assert_eq!( root_ca_crl.tbs_cert_list.issuer.to_string(), @@ -301,7 +280,7 @@ mod tests { #[test] fn test_intel_pck_crl() { let (pck_issuer_chain, pck_crl) = - get_pck_crl("https://pccs.mse.cosmian.com", PckCa::Platform).unwrap(); + get_pck_crl("https://api.trustedservices.intel.com", PckCa::Platform).unwrap(); let (pck_issuer_chain, pck_crl) = ( Certificate::load_pem_chain(&pck_issuer_chain).unwrap(), CertificateList::from_der(&pck_crl).unwrap(), @@ -340,8 +319,12 @@ mod tests { #[test] fn test_tcb_info_sgx() { let fmspc = hex::decode("30606a000000").unwrap(); - let (tcb_info_issuer_chain, tcb_info) = - get_tcbinfo("https://pccs.mse.cosmian.com", IntelTeeType::Sgx, &fmspc).unwrap(); + let (tcb_info_issuer_chain, tcb_info) = get_tcbinfo( + "https://api.trustedservices.intel.com", + IntelTeeType::Sgx, + &fmspc, + ) + .unwrap(); assert!(String::from_utf8(tcb_info).is_ok()); @@ -386,7 +369,7 @@ mod tests { #[test] fn test_qe_identity_sgx() { let (qe_identity_issuer_chain, qe_identity) = - get_qe_identity("https://pccs.mse.cosmian.com", IntelTeeType::Sgx).unwrap(); + get_qe_identity("https://api.trustedservices.intel.com", IntelTeeType::Sgx).unwrap(); assert!(String::from_utf8(qe_identity).is_ok()); diff --git a/crate/sgx_quote/src/quote.rs b/crate/sgx_quote/src/quote.rs index 640e9f4..a3885a5 100644 --- a/crate/sgx_quote/src/quote.rs +++ b/crate/sgx_quote/src/quote.rs @@ -24,7 +24,7 @@ pub const QUOTE_QE_REPORT_SIZE: usize = 384; const QUOTE_MAX_SIZE: usize = 8192; -const PCCS_URL: &str = "https://pccs.staging.mse.cosmian.com"; +const PCS_URL: &str = "https://api.trustedservices.intel.com"; /// Header of Quote data structure (48 bytes). /// See [sgx_quote_3.h#L165](https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/DCAP_1.16/QuoteGeneration/quote_wrapper/common/inc/sgx_quote_3.h#L165). @@ -246,7 +246,7 @@ pub fn verify_quote(raw_quote: &[u8], policy: &SgxQuoteVerificationPolicy) -> Re &signature.qe_report.report_data, &signature.attest_pub_key, &auth_data.auth_data, - PCCS_URL, + PCS_URL, IntelTeeType::Sgx, )?; diff --git a/crate/sgx_quote/src/verify.rs b/crate/sgx_quote/src/verify.rs index 4602912..20cb965 100644 --- a/crate/sgx_quote/src/verify.rs +++ b/crate/sgx_quote/src/verify.rs @@ -124,7 +124,7 @@ pub fn verify_collaterals( qe_report_data: &[u8], signature_attest_pub_key: &[u8], auth_data: &[u8], - pccs_url: &str, + pcs_url: &str, tee_type: IntelTeeType, ) -> Result<(), Error> { debug!("Extracting certificate chain..."); @@ -149,10 +149,10 @@ pub fn verify_collaterals( if tee_type == IntelTeeType::Sgx { debug!("Verifying root ca crl..."); - let root_ca_crl = get_root_ca_crl(pccs_url)?; + let root_ca_crl = get_root_ca_crl()?; verify_root_ca_crl(&root_ca_cert, &root_ca_crl)?; } else { - let (qe_identity_issuer_chain, raw_qe_identity) = get_qe_identity(pccs_url, tee_type)?; + let (qe_identity_issuer_chain, raw_qe_identity) = get_qe_identity(pcs_url, tee_type)?; let (qe_identity, crl_distribution_points) = verify_qe_identity(&qe_identity_issuer_chain, &raw_qe_identity, &root_ca_cert)?; @@ -174,13 +174,13 @@ pub fn verify_collaterals( } debug!("Verifying pck crl..."); - let (pck_crl_issuer_chain, pck_crl) = get_pck_crl(pccs_url, get_pck_ca(&pck_ca_cert)?)?; + let (pck_crl_issuer_chain, pck_crl) = get_pck_crl(pcs_url, get_pck_ca(&pck_ca_cert)?)?; verify_pck_cert_crl(&pck_crl_issuer_chain, &pck_crl, &root_ca_cert, &pck_ca_cert)?; debug!("Verifying tcb info..."); let pck_extension = SgxPckExtension::from_pem_certificate_content(&chain[0])?; let (tcb_info_issuer_chain, raw_tcb_info) = - get_tcbinfo(pccs_url, tee_type, &pck_extension.fmspc)?; + get_tcbinfo(pcs_url, tee_type, &pck_extension.fmspc)?; verify_tcb_info( &tcb_info_issuer_chain, &raw_tcb_info, diff --git a/crate/tdx_quote/src/quote.rs b/crate/tdx_quote/src/quote.rs index 7700a08..106dad1 100644 --- a/crate/tdx_quote/src/quote.rs +++ b/crate/tdx_quote/src/quote.rs @@ -19,7 +19,7 @@ use tdx_attest_rs::{tdx_att_get_quote, tdx_report_data_t, tdx_uuid_t}; pub const QUOTE_HEADER_SIZE: usize = 48; pub const QUOTE_REPORT_BODY_SIZE: usize = 584; -const PCCS_URL: &str = "https://api.trustedservices.intel.com"; +const PCS_URL: &str = "https://api.trustedservices.intel.com"; /// Header of Quote data structure (48 bytes) #[repr(C)] @@ -400,7 +400,7 @@ pub fn verify_quote(raw_quote: &[u8], policy: &TdxQuoteVerificationPolicy) -> Re .qe_report_certification_data .qe_auth_data .qe_auth_data, - PCCS_URL, + PCS_URL, IntelTeeType::Tdx, )?; From 01352b71e4f47874d5b23da4fbc430397d7f0d45 Mon Sep 17 00:00:00 2001 From: grydz Date: Wed, 12 Mar 2025 17:14:52 +0400 Subject: [PATCH 3/4] [CI] Fix: remove SGX runner which does not exist anymore --- .github/workflows/ci.yml | 21 +++------------------ 1 file changed, 3 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6626ae6..a8b68a5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,24 +5,9 @@ name: Continuous integration jobs: check: name: Check - runs-on: ${{ matrix.env }} - - strategy: - matrix: - include: - - env: "no-tee" - docker-opt: "--device /dev/tpmrm0" - # TODO: enable this when SEV runner is working - # - env: "sev" - # docker-opt: "--device /dev/sev-guest --device /dev/tpmrm0" - # TODO: enable this when TDX runner is working - # - env: "tdx" - # docker-opt: "--device /dev/tdx_guest --device /dev/tpmrm0" - - env: "sgx" - docker-opt: "--device /dev/sgx_enclave --device /dev/sgx_provision" + runs-on: ubuntu-latest container: - image: ghcr.io/cosmian/intel-sgx:2.25 # We work in a container because we need root access for some tests (get quote for example) - options: ${{ matrix.docker-opt }} # We need the device to get TPM, TDX or SEV quote + image: ghcr.io/cosmian/intel-sgx:2.25 steps: - name: Install dependencies run: | @@ -68,4 +53,4 @@ jobs: uses: actions-rs/cargo@v1 with: command: test - args: -- --nocapture # We want to display messages concerning skipped tests + args: -- --nocapture From 472cb77b1ca001f1c3056a4c31118cb3d6e52359 Mon Sep 17 00:00:00 2001 From: grydz Date: Wed, 12 Mar 2025 17:52:16 +0400 Subject: [PATCH 4/4] Bump version to 1.5.0 --- Cargo.lock | 20 ++++++++++---------- Cargo.toml | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index f1b77b8..efef11f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -205,7 +205,7 @@ checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" [[package]] name = "azure_cvm" -version = "1.4.0" +version = "1.5.0" dependencies = [ "base64 0.22.1", "bincode", @@ -1419,7 +1419,7 @@ checksum = "30bde2b3dc3671ae49d8e2e9f044c7c005836e7a023ee57cffa25ab82764bb9e" [[package]] name = "maa_client" -version = "1.4.0" +version = "1.5.0" dependencies = [ "base64 0.22.1", "hex", @@ -1728,7 +1728,7 @@ dependencies = [ [[package]] name = "pccs_client" -version = "1.4.0" +version = "1.5.0" dependencies = [ "hex", "reqwest", @@ -1965,7 +1965,7 @@ dependencies = [ [[package]] name = "ratls" -version = "1.4.0" +version = "1.5.0" dependencies = [ "const-oid", "der", @@ -2347,7 +2347,7 @@ dependencies = [ [[package]] name = "sev_quote" -version = "1.4.0" +version = "1.5.0" dependencies = [ "asn1-rs", "bincode", @@ -2367,7 +2367,7 @@ dependencies = [ [[package]] name = "sgx_pck_extension" -version = "1.4.0" +version = "1.5.0" dependencies = [ "asn1", "asn1-rs", @@ -2377,7 +2377,7 @@ dependencies = [ [[package]] name = "sgx_quote" -version = "1.4.0" +version = "1.5.0" dependencies = [ "chrono", "env_logger 0.11.3", @@ -2586,7 +2586,7 @@ dependencies = [ [[package]] name = "tdx_quote" -version = "1.4.0" +version = "1.5.0" dependencies = [ "env_logger 0.11.3", "hex", @@ -2605,7 +2605,7 @@ dependencies = [ [[package]] name = "tee_attestation" -version = "1.4.0" +version = "1.5.0" dependencies = [ "azure_cvm", "env_logger 0.11.3", @@ -2840,7 +2840,7 @@ checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3" [[package]] name = "tpm_quote" -version = "1.4.0" +version = "1.5.0" dependencies = [ "env_logger 0.11.3", "hex", diff --git a/Cargo.toml b/Cargo.toml index 6010177..45fd16e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -14,7 +14,7 @@ members = [ ] [workspace.package] -version = "1.4.0" +version = "1.5.0" edition = "2021" license = "BUSL-1.1" # "Business Source License 1.1" license-file = "LICENSE"