From 9adf9e9b5bc068a614ff9fb9a0f92f3cfe54ce3c Mon Sep 17 00:00:00 2001 From: Magnus Kulke Date: Fri, 24 Nov 2023 17:50:12 +0100 Subject: [PATCH] attestation-service: add az-tdx-vtpm verifier - Added verification code - Added tdx fixtures and test cases - Reorganized snp fixtures - Added missing dependency for tdx e2e test - Added entry for e2e test Signed-off-by: Magnus Kulke --- .github/workflows/kbs-e2e.yaml | 3 +- Cargo.lock | 459 ++++++++++-------- Cargo.toml | 2 +- .../attestation-service/Cargo.toml | 2 +- attestation-service/verifier/Cargo.toml | 4 +- .../verifier/src/az_snp_vtpm/mod.rs | 12 +- .../verifier/src/az_tdx_vtpm/mod.rs | 144 ++++++ attestation-service/verifier/src/lib.rs | 12 + attestation-service/verifier/src/tdx/mod.rs | 4 +- .../hcl-report.bin} | Bin .../tpm-quote.msg} | Bin .../tpm-quote.sig} | Bin .../{az-vcek.pem => az-snp-vtpm/vcek.pem} | 0 .../test_data/az-tdx-vtpm/hcl-report.bin | Bin 0 -> 2600 bytes .../test_data/az-tdx-vtpm/td-quote.bin | Bin 0 -> 5006 bytes .../test_data/az-tdx-vtpm/tpm-quote.msg | Bin 0 -> 126 bytes .../test_data/az-tdx-vtpm/tpm-quote.sig | Bin 0 -> 256 bytes kbs/src/api/src/attestation/coco/grpc.rs | 1 + kbs/test/Makefile | 1 + kbs/tools/client/Cargo.toml | 2 +- 20 files changed, 422 insertions(+), 224 deletions(-) create mode 100644 attestation-service/verifier/src/az_tdx_vtpm/mod.rs rename attestation-service/verifier/test_data/{az-hcl-data.bin => az-snp-vtpm/hcl-report.bin} (100%) rename attestation-service/verifier/test_data/{az-vtpm-quote-msg.bin => az-snp-vtpm/tpm-quote.msg} (100%) rename attestation-service/verifier/test_data/{az-vtpm-quote-sig.bin => az-snp-vtpm/tpm-quote.sig} (100%) rename attestation-service/verifier/test_data/{az-vcek.pem => az-snp-vtpm/vcek.pem} (100%) create mode 100644 attestation-service/verifier/test_data/az-tdx-vtpm/hcl-report.bin create mode 100644 attestation-service/verifier/test_data/az-tdx-vtpm/td-quote.bin create mode 100644 attestation-service/verifier/test_data/az-tdx-vtpm/tpm-quote.msg create mode 100644 attestation-service/verifier/test_data/az-tdx-vtpm/tpm-quote.sig diff --git a/.github/workflows/kbs-e2e.yaml b/.github/workflows/kbs-e2e.yaml index a26d1e2a98..4d95234a02 100644 --- a/.github/workflows/kbs-e2e.yaml +++ b/.github/workflows/kbs-e2e.yaml @@ -16,8 +16,9 @@ jobs: tee: - sample # - az-snp-vtpm + # - az-tdx-vtpm - runs-on: ${{ ((matrix.tee == 'az-snp-vtpm') && fromJSON('["self-hosted","azure-cvm"]')) || 'ubuntu-22.04' }} + runs-on: ${{ ((matrix.tee == 'az-snp-vtpm') && fromJSON('["self-hosted","az-snp-vtpm"]')) || ((matrix.tee == 'az-tdx-vtpm') && fromJSON('["self-hosted","az-tdx-vtpm"]')) || 'ubuntu-22.04' }} steps: - uses: actions/checkout@v4 diff --git a/Cargo.lock b/Cargo.lock index cc314b1697..7156679fe0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -21,16 +21,16 @@ dependencies = [ [[package]] name = "actix-http" -version = "3.4.0" +version = "3.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a92ef85799cba03f76e4f7c10f533e66d87c9a7e7055f3391f09000ad8351bc9" +checksum = "129d4c88e98860e1758c5de288d1632b07970a16d59bdf7b8d66053d582bb71f" dependencies = [ "actix-codec", "actix-rt", "actix-service", "actix-tls", "actix-utils", - "ahash 0.8.6", + "ahash 0.8.7", "base64 0.21.5", "bitflags 2.4.1", "brotli", @@ -66,14 +66,14 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e01ed3140b2f8d422c68afa1ed2e85d996ea619c988ac834d255db32138655cb" dependencies = [ "quote", - "syn 2.0.39", + "syn 2.0.46", ] [[package]] name = "actix-router" -version = "0.5.1" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d66ff4d247d2b160861fa2866457e85706833527840e4133f8f49aa423a38799" +checksum = "d22475596539443685426b6bdadb926ad0ecaefdfc5fb05e5e3441f15463c511" dependencies = [ "bytestring", "http", @@ -104,7 +104,7 @@ dependencies = [ "futures-core", "futures-util", "mio", - "socket2 0.5.5", + "socket2", "tokio", "tracing", ] @@ -133,7 +133,7 @@ dependencies = [ "impl-more", "openssl", "pin-project-lite", - "rustls 0.21.9", + "rustls 0.21.10", "rustls-webpki", "tokio", "tokio-openssl", @@ -155,9 +155,9 @@ dependencies = [ [[package]] name = "actix-web" -version = "4.4.0" +version = "4.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0e4a5b5e29603ca8c94a77c65cf874718ceb60292c5a5c3e5f4ace041af462b9" +checksum = "e43428f3bf11dee6d166b00ec2df4e3aa8cc1606aaa0b7433c146852e2f4e03b" dependencies = [ "actix-codec", "actix-http", @@ -169,7 +169,7 @@ dependencies = [ "actix-tls", "actix-utils", "actix-web-codegen", - "ahash 0.8.6", + "ahash 0.8.7", "bytes", "bytestring", "cfg-if", @@ -189,7 +189,7 @@ dependencies = [ "serde_json", "serde_urlencoded", "smallvec", - "socket2 0.5.5", + "socket2", "time", "url", ] @@ -203,7 +203,7 @@ dependencies = [ "actix-router", "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.46", ] [[package]] @@ -284,9 +284,9 @@ dependencies = [ [[package]] name = "ahash" -version = "0.8.6" +version = "0.8.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "91429305e9f0a25f6205c5b8e0d2db09e0708a7a6df0f42212bb56c32c8ac97a" +checksum = "77c3a9648d43b9cd48db467b3f87fdd6e146bcc88ab0180006cef2179fe11d01" dependencies = [ "cfg-if", "getrandom", @@ -345,9 +345,9 @@ dependencies = [ [[package]] name = "anstream" -version = "0.6.4" +version = "0.6.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2ab91ebe16eb252986481c5b62f6098f3b698a45e34b5b98200cf20dd2484a44" +checksum = "d664a92ecae85fd0a7392615844904654d1d5f5514837f471ddef4a057aba1b6" dependencies = [ "anstyle", "anstyle-parse", @@ -365,20 +365,20 @@ checksum = "7079075b41f533b8c61d2a4d073c4676e1f8b249ff94a393b0595db304e0dd87" [[package]] name = "anstyle-parse" -version = "0.2.2" +version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "317b9a89c1868f5ea6ff1d9539a69f45dffc21ce321ac1fd1160dfa48c8e2140" +checksum = "c75ac65da39e5fe5ab759307499ddad880d724eed2f6ce5b5e8a26f4f387928c" dependencies = [ "utf8parse", ] [[package]] name = "anstyle-query" -version = "1.0.0" +version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ca11d4be1bab0c8bc8734a9aa7bf4ee8316d462a08c6ac5052f888fef5b494b" +checksum = "e28923312444cdd728e4738b3f9c9cac739500909bb3d3c94b43551b16517648" dependencies = [ - "windows-sys 0.48.0", + "windows-sys 0.52.0", ] [[package]] @@ -393,9 +393,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.75" +version = "1.0.79" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4668cab20f66d8d020e1fbc0ebe47217433c1b6c8f2040faf858554e394ace6" +checksum = "080e9890a082662b09c1ad45f567faeeb47f22b5fb23895fbe1e651e718e25ca" [[package]] name = "api-server" @@ -409,7 +409,7 @@ dependencies = [ "attestation-service", "base64 0.21.5", "cfg-if", - "clap 4.4.10", + "clap 4.4.12", "config", "env_logger 0.10.1", "jsonwebtoken", @@ -507,18 +507,18 @@ checksum = "16e62a023e7c117e27523144c5d2459f4397fcc3cab0085af8e2224f643a0193" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.46", ] [[package]] name = "async-trait" -version = "0.1.74" +version = "0.1.77" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a66537f1bb974b254c98ed142ff995236e81b9d0fe4db0575f46612cb15eb0f9" +checksum = "c980ee35e870bd1a4d2c8294d4c04d0499e67bca1e4b5cefcc693c2fa00caea9" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.46", ] [[package]] @@ -531,7 +531,7 @@ dependencies = [ "async-trait", "base64 0.21.5", "cfg-if", - "clap 4.4.10", + "clap 4.4.12", "env_logger 0.10.1", "futures", "hex", @@ -564,11 +564,12 @@ dependencies = [ [[package]] name = "attester" version = "0.1.0" -source = "git+https://github.com/confidential-containers/guest-components.git?rev=1e76429#1e76429b46f9da61485dba229b2fffca94025a61" +source = "git+https://github.com/confidential-containers/guest-components.git?rev=a1d5eed#a1d5eed229ecbde0f71e30b5d2b493c0a7c5209e" dependencies = [ "anyhow", "async-trait", "az-snp-vtpm", + "az-tdx-vtpm", "base64 0.21.5", "codicon", "csv-rs", @@ -650,9 +651,9 @@ dependencies = [ [[package]] name = "az-cvm-vtpm" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6239da1e7629eabf1ee6bf5e7dd78b532c029e2fc477afe846db201c67325233" +checksum = "8810a74cfe3024bdfd6bf13e1829114a3ce5431b7d2ef4e4a718a78ffaf03f79" dependencies = [ "bincode", "jsonwebkey", @@ -671,13 +672,13 @@ dependencies = [ [[package]] name = "az-snp-vtpm" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a26f68465245c4571f5f4a47c5b76bab5cb394f53a3eaa5827a9a794e6556e8d" +checksum = "b0703ff4c71faae6f5ab21ac8590104e771d17ff117f6941a48deb3db6f75769" dependencies = [ "az-cvm-vtpm", "bincode", - "clap 4.4.10", + "clap 4.4.12", "openssl", "serde", "sev", @@ -685,6 +686,22 @@ dependencies = [ "ureq", ] +[[package]] +name = "az-tdx-vtpm" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b42775a99133b9c0edff34fb463713bb197f744b96d74dee5c1f953434721001" +dependencies = [ + "az-cvm-vtpm", + "base64-url", + "bincode", + "serde", + "serde_json", + "thiserror", + "ureq", + "zerocopy", +] + [[package]] name = "backtrace" version = "0.3.69" @@ -718,6 +735,15 @@ version = "0.21.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "35636a1494ede3b646cc98f74f8e62c773a38a659ebc777a2cf26b9b74171df9" +[[package]] +name = "base64-url" +version = "2.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fb9fb9fb058cc3063b5fc88d9a21eefa2735871498a04e1650da76ed511c8569" +dependencies = [ + "base64 0.21.5", +] + [[package]] name = "base64ct" version = "1.6.0" @@ -973,9 +999,9 @@ dependencies = [ [[package]] name = "clang-sys" -version = "1.6.1" +version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c688fc74432808e3eb684cae8830a86be1d66a2bd58e1f248ed0960a590baf6f" +checksum = "67523a3b4be3ce1989d607a828d036249522dd9c1c8de7f4dd2dae43a37369d1" dependencies = [ "glob", "libc", @@ -1014,9 +1040,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.4.10" +version = "4.4.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41fffed7514f420abec6d183b1d3acfd9099c79c3a10a06ade4f8203f1411272" +checksum = "dcfab8ba68f3668e89f6ff60f5b205cea56aa7b769451a59f34b8682f51c056d" dependencies = [ "clap_builder", "clap_derive", @@ -1024,9 +1050,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.4.9" +version = "4.4.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "63361bae7eef3771745f02d8d892bec2fee5f6e34af316ba556e7f97a7069ff1" +checksum = "fb7fb5e4e979aec3be7791562fcba452f94ad85e954da024396433e0e25a79e9" dependencies = [ "anstream", "anstyle", @@ -1043,7 +1069,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.46", ] [[package]] @@ -1106,9 +1132,9 @@ dependencies = [ [[package]] name = "const-oid" -version = "0.9.5" +version = "0.9.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "28c122c3980598d243d63d9a704629a2d748d101f278052ff068be5a4423ab6f" +checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" [[package]] name = "const_fn" @@ -1217,22 +1243,20 @@ dependencies = [ [[package]] name = "crossbeam-epoch" -version = "0.9.15" +version = "0.9.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae211234986c545741a7dc064309f67ee1e5ad243d0e48335adc0484d960bcc7" +checksum = "0e3681d554572a651dda4186cd47240627c3d0114d45a95f6ad27f2f22e7548d" dependencies = [ "autocfg", "cfg-if", "crossbeam-utils", - "memoffset 0.9.0", - "scopeguard", ] [[package]] name = "crossbeam-utils" -version = "0.8.16" +version = "0.8.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a22b2d63d4d1dc0b7f1b6b2747dd0088008a9be28b6ddf0b1e7d335e3037294" +checksum = "c3a430a770ebd84726f584a90ee7f020d28db52c6d02138900f22341f866d39c" dependencies = [ "cfg-if", ] @@ -1240,7 +1264,7 @@ dependencies = [ [[package]] name = "crypto" version = "0.1.0" -source = "git+https://github.com/confidential-containers/guest-components.git?rev=1e76429#1e76429b46f9da61485dba229b2fffca94025a61" +source = "git+https://github.com/confidential-containers/guest-components.git?rev=a1d5eed#a1d5eed229ecbde0f71e30b5d2b493c0a7c5209e" dependencies = [ "aes-gcm", "anyhow", @@ -1406,9 +1430,9 @@ dependencies = [ [[package]] name = "deranged" -version = "0.3.10" +version = "0.3.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8eb30d70a07a3b04884d2677f06bec33509dc67ca60d92949e5535352d3191dc" +checksum = "b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4" dependencies = [ "powerfmt", ] @@ -1467,7 +1491,7 @@ checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.46", ] [[package]] @@ -1509,9 +1533,9 @@ dependencies = [ [[package]] name = "ed25519-compact" -version = "2.0.4" +version = "2.0.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a3d382e8464107391c8706b4c14b087808ecb909f6c15c34114bc42e53a9e4c" +checksum = "a667e6426df16c2ac478efa4a439d0e674cba769c5556e8cf221739251640c8c" dependencies = [ "ct-codecs", "getrandom", @@ -1570,7 +1594,7 @@ checksum = "f95e2801cd355d4a1a3e3953ce6ee5ae9603a5c833455343a8bfe3f44d418246" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.46", ] [[package]] @@ -1717,9 +1741,9 @@ dependencies = [ [[package]] name = "futures" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da0290714b38af9b4a7b094b8a37086d1b4e61f2df9122c3cad2577669145335" +checksum = "645c6916888f6cb6350d2550b80fb63e734897a8498abe35cfb732b6487804b0" dependencies = [ "futures-channel", "futures-core", @@ -1732,9 +1756,9 @@ dependencies = [ [[package]] name = "futures-channel" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff4dd66668b557604244583e3e1e1eada8c5c2e96a6d0d6653ede395b78bbacb" +checksum = "eac8f7d7865dcb88bd4373ab671c8cf4508703796caa2b1985a9ca867b3fcb78" dependencies = [ "futures-core", "futures-sink", @@ -1742,15 +1766,15 @@ dependencies = [ [[package]] name = "futures-core" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eb1d22c66e66d9d72e1758f0bd7d4fd0bee04cad842ee34587d68c07e45d088c" +checksum = "dfc6580bb841c5a68e9ef15c77ccc837b40a7504914d52e47b8b0e9bbda25a1d" [[package]] name = "futures-executor" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0f4fb8693db0cf099eadcca0efe2a5a22e4550f98ed16aba6c48700da29597bc" +checksum = "a576fc72ae164fca6b9db127eaa9a9dda0d61316034f33a0a0d4eda41f02b01d" dependencies = [ "futures-core", "futures-task", @@ -1759,32 +1783,32 @@ dependencies = [ [[package]] name = "futures-io" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8bf34a163b5c4c52d0478a4d757da8fb65cabef42ba90515efee0f6f9fa45aaa" +checksum = "a44623e20b9681a318efdd71c299b6b222ed6f231972bfe2f224ebad6311f0c1" [[package]] name = "futures-macro" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53b153fd91e4b0147f4aced87be237c98248656bb01050b96bf3ee89220a8ddb" +checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.46", ] [[package]] name = "futures-sink" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e36d3378ee38c2a36ad710c5d30c2911d752cb941c00c72dbabfb786a7970817" +checksum = "9fb8e00e87438d937621c1c6269e53f536c14d3fbd6a042bb24879e57d474fb5" [[package]] name = "futures-task" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "efd193069b0ddadc69c46389b740bbccdd97203899b48d09c5f7969591d6bae2" +checksum = "38d84fa142264698cdce1a9f9172cf383a0c82de1bddcf3092901442c4097004" [[package]] name = "futures-timer" @@ -1794,9 +1818,9 @@ checksum = "e64b03909df88034c26dc1547e8970b91f98bdb65165d6a4e9110d94263dbb2c" [[package]] name = "futures-util" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a19526d624e703a3179b3d322efec918b6246ea0fa51d41124525f00f1cc8104" +checksum = "3d6401deb83407ab3da39eba7e33987a73c3df0c82b4bb5813ee871c19c41d48" dependencies = [ "futures-channel", "futures-core", @@ -1837,8 +1861,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fe9006bed769170c11f845cf00c7c1e9092aeb3f268e007c3e760ac68008070f" dependencies = [ "cfg-if", + "js-sys", "libc", "wasi", + "wasm-bindgen", ] [[package]] @@ -1956,9 +1982,9 @@ checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" [[package]] name = "hkdf" -version = "0.12.3" +version = "0.12.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "791a029f6b9fc27657f6f188ec6e5e43f6911f6f878e0dc5501396e09809d437" +checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7" dependencies = [ "hmac", ] @@ -1998,11 +2024,11 @@ dependencies = [ [[package]] name = "home" -version = "0.5.5" +version = "0.5.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5444c27eef6923071f7ebcc33e3444508466a76f7a2b93da00ed6e19f30c1ddb" +checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5" dependencies = [ - "windows-sys 0.48.0", + "windows-sys 0.52.0", ] [[package]] @@ -2024,9 +2050,9 @@ dependencies = [ [[package]] name = "http-body" -version = "0.4.5" +version = "0.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d5f38f16d184e36f2408a55281cd658ecbd3ca05cce6d6510a176eca393e26d1" +checksum = "7ceab25649e9960c0311ea418d17bee82c0dcec1bd053b5f9a66e265a693bed2" dependencies = [ "bytes", "http", @@ -2053,9 +2079,9 @@ checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" [[package]] name = "hyper" -version = "0.14.27" +version = "0.14.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ffb1cfd654a8219eaef89881fdb3bb3b1cdc5fa75ded05d6933b2b382e395468" +checksum = "bf96e135eb83a2a8ddf766e426a841d8ddd7449d5f00d34ea02b41d2f19eef80" dependencies = [ "bytes", "futures-channel", @@ -2068,7 +2094,7 @@ dependencies = [ "httpdate", "itoa", "pin-project-lite", - "socket2 0.4.10", + "socket2", "tokio", "tower-service", "tracing", @@ -2084,7 +2110,7 @@ dependencies = [ "futures-util", "http", "hyper", - "rustls 0.21.9", + "rustls 0.21.10", "tokio", "tokio-rustls 0.24.1", ] @@ -2116,9 +2142,9 @@ dependencies = [ [[package]] name = "iana-time-zone" -version = "0.1.58" +version = "0.1.59" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8326b86b6cff230b97d0d312a6c40a60726df3332e721f72a1b035f451663b20" +checksum = "b6a67363e2aa4443928ce15e57ebae94fd8949958fd1223c4cfc0cd473ad7539" dependencies = [ "android_system_properties", "core-foundation-sys", @@ -2259,9 +2285,9 @@ dependencies = [ [[package]] name = "itoa" -version = "1.0.9" +version = "1.0.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38" +checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c" [[package]] name = "jobserver" @@ -2370,7 +2396,7 @@ dependencies = [ "anyhow", "api-server", "cfg-if", - "clap 4.4.10", + "clap 4.4.12", "env_logger 0.10.1", "log", "tokio", @@ -2383,7 +2409,7 @@ dependencies = [ "anyhow", "api-server", "base64 0.21.5", - "clap 4.4.10", + "clap 4.4.12", "env_logger 0.10.1", "jwt-simple", "kbs_protocol", @@ -2407,7 +2433,7 @@ dependencies = [ [[package]] name = "kbs_protocol" version = "0.1.0" -source = "git+https://github.com/confidential-containers/guest-components.git?rev=1e76429#1e76429b46f9da61485dba229b2fffca94025a61" +source = "git+https://github.com/confidential-containers/guest-components.git?rev=a1d5eed#a1d5eed229ecbde0f71e30b5d2b493c0a7c5209e" dependencies = [ "anyhow", "async-trait", @@ -2471,9 +2497,9 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" [[package]] name = "libc" -version = "0.2.150" +version = "0.2.151" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89d92a4743f9a61002fae18374ed11e7973f530cb3a3255fb354818118b2203c" +checksum = "302d7ab3130588088d277783b1e2d2e10c9e9e4a16dd9050e6ec93fb3e7048f4" [[package]] name = "libgit2-sys" @@ -2489,12 +2515,12 @@ dependencies = [ [[package]] name = "libloading" -version = "0.7.4" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b67380fd3b2fbe7527a606e18729d21c6f3951633d0500574c4dc22d2d638b9f" +checksum = "c571b676ddfc9a8c12f1f3d3085a7b163966a8fd8098a90640953ce5f6170161" dependencies = [ "cfg-if", - "winapi", + "windows-sys 0.48.0", ] [[package]] @@ -2596,9 +2622,9 @@ dependencies = [ [[package]] name = "memchr" -version = "2.6.4" +version = "2.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f665ee40bc4a3c5590afb1e9677db74a508659dfd71e126420da8274909a0167" +checksum = "523dc4f511e55ab87b694dc30d0f820d60906ef06413f93d4d7a1385599cc149" [[package]] name = "memoffset" @@ -2641,9 +2667,9 @@ dependencies = [ [[package]] name = "mio" -version = "0.8.9" +version = "0.8.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3dce281c5e46beae905d4de1870d8b1509a9142b62eedf18b443b011ca8343d0" +checksum = "8f3d0b296e374a4e6f3c7b0a1f5a51d748a0d34c85e7dc48fc3fa9a87657fe09" dependencies = [ "libc", "log", @@ -2734,7 +2760,7 @@ checksum = "cfb77679af88f8b125209d354a202862602672222e7f2313fdd6dc349bad4712" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.46", ] [[package]] @@ -2789,9 +2815,9 @@ dependencies = [ [[package]] name = "object" -version = "0.32.1" +version = "0.32.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9cf5f9dd3933bd50a9e1f149ec995f39ae2c496d31fd772c1fd45ebc27e902b0" +checksum = "a6a622008b6e321afc04970976f62ee297fdbaa6f95318ca343e3eebb9648441" dependencies = [ "memchr", ] @@ -2826,9 +2852,9 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.18.0" +version = "1.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" +checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "opaque-debug" @@ -2838,9 +2864,9 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" [[package]] name = "openssl" -version = "0.10.60" +version = "0.10.62" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "79a4c6c3a2b158f7f8f2a2fc5a969fa3a068df6fc9dbb4a43845436e3af7c800" +checksum = "8cde4d2d9200ad5909f8dac647e29482e07c3a35de8a13fce7c9c7747ad9f671" dependencies = [ "bitflags 2.4.1", "cfg-if", @@ -2859,7 +2885,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.46", ] [[package]] @@ -2870,18 +2896,18 @@ checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" [[package]] name = "openssl-src" -version = "300.1.6+3.1.4" +version = "300.2.1+3.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "439fac53e092cd7442a3660c85dde4643ab3b5bd39040912388dcdabf6b88085" +checksum = "3fe476c29791a5ca0d1273c697e96085bbabbbea2ef7afd5617e78a4b40332d3" dependencies = [ "cc", ] [[package]] name = "openssl-sys" -version = "0.9.96" +version = "0.9.98" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3812c071ba60da8b5677cc12bcb1d42989a65553772897a7e0355545a819838f" +checksum = "c1665caf8ab2dc9aef43d1c0023bd904633a6a05cb30b0ad59bec2ae986e57a7" dependencies = [ "cc", "libc", @@ -3081,7 +3107,7 @@ dependencies = [ "pest_meta", "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.46", ] [[package]] @@ -3136,7 +3162,7 @@ dependencies = [ "phf_shared", "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.46", ] [[package]] @@ -3200,7 +3226,7 @@ checksum = "4359fd9c9171ec6e8c62926d6faaf553a8dc3f64e1507e76da7911b4f6a04405" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.46", ] [[package]] @@ -3278,9 +3304,9 @@ dependencies = [ [[package]] name = "pkg-config" -version = "0.3.27" +version = "0.3.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964" +checksum = "69d3587f8a9e599cc7ec2c00e331f71c4e69a5f9a4b8a6efd5b07466b9736f9a" [[package]] name = "polyval" @@ -3351,9 +3377,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.70" +version = "1.0.74" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39278fbbf5fb4f646ce651690877f89d1c5811a3d4acb27700c1cb3cdb78fd3b" +checksum = "2de98502f212cfcea8d0bb305bd0f49d7ebdd75b64ba0a68f937d888f4e0d6db" dependencies = [ "unicode-ident", ] @@ -3430,9 +3456,9 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.33" +version = "1.0.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" +checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" dependencies = [ "proc-macro2", ] @@ -3506,7 +3532,7 @@ dependencies = [ "base64 0.21.5", "cfg-if", "chrono", - "clap 4.4.10", + "clap 4.4.12", "env_logger 0.10.1", "log", "path-clean", @@ -3557,15 +3583,15 @@ checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" [[package]] name = "relative-path" -version = "1.9.0" +version = "1.9.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c707298afce11da2efef2f600116fa93ffa7a032b5d7b628aa17711ec81383ca" +checksum = "e898588f33fdd5b9420719948f9f2a32c922a246964576f71ba7f24f80610fbc" [[package]] name = "reqwest" -version = "0.11.22" +version = "0.11.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "046cd98826c46c2ac8ddecae268eb5c2e58628688a5fc7a2643704a73faba95b" +checksum = "37b1ae8d9ac08420c66222fb9096fc5de435c3c48542bc5336c51892cffafb41" dependencies = [ "base64 0.21.5", "bytes", @@ -3588,7 +3614,7 @@ dependencies = [ "once_cell", "percent-encoding", "pin-project-lite", - "rustls 0.21.9", + "rustls 0.21.10", "rustls-pemfile", "serde", "serde_json", @@ -3609,7 +3635,7 @@ dependencies = [ [[package]] name = "resource_uri" version = "0.1.0" -source = "git+https://github.com/confidential-containers/guest-components.git?rev=1e76429#1e76429b46f9da61485dba229b2fffca94025a61" +source = "git+https://github.com/confidential-containers/guest-components.git?rev=a1d5eed#a1d5eed229ecbde0f71e30b5d2b493c0a7c5209e" dependencies = [ "anyhow", "serde", @@ -3644,9 +3670,9 @@ dependencies = [ [[package]] name = "ring" -version = "0.17.6" +version = "0.17.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "684d5e6e18f669ccebf64a92236bb7db9a34f07be010e3627368182027180866" +checksum = "688c63d65483050968b2a8937f7995f443e27041a0f7700aa59b0822aedebb74" dependencies = [ "cc", "getrandom", @@ -3755,7 +3781,7 @@ dependencies = [ "regex", "relative-path", "rustc_version 0.4.0", - "syn 2.0.39", + "syn 2.0.46", "unicode-ident", ] @@ -3810,9 +3836,9 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.26" +version = "0.38.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9470c4bf8246c8daf25f9598dca807fb6510347b1e1cfa55749113850c79d88a" +checksum = "72e572a5e8ca657d7366229cdde4bd14c4eb5499a9573d4d366fe1b599daa316" dependencies = [ "bitflags 2.4.1", "errno", @@ -3835,12 +3861,12 @@ dependencies = [ [[package]] name = "rustls" -version = "0.21.9" +version = "0.21.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "629648aced5775d558af50b2b4c7b02983a04b312126d45eeead26e7caa498b9" +checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba" dependencies = [ "log", - "ring 0.17.6", + "ring 0.17.7", "rustls-webpki", "sct", ] @@ -3860,7 +3886,7 @@ version = "0.101.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" dependencies = [ - "ring 0.17.6", + "ring 0.17.7", "untrusted 0.9.0", ] @@ -3872,9 +3898,9 @@ checksum = "7ffc183a10b4478d04cbbbfc96d0873219d962dd5accaff2ffbd4ceb7df837f4" [[package]] name = "ryu" -version = "1.0.15" +version = "1.0.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ad4cc8da4ef723ed60bced201181d83791ad433213d8c24efffda1eec85d741" +checksum = "f98d2aa92eebf49b69786be48e4477826b256916e84a57ff2a4f21923b48eb4c" [[package]] name = "salsa20" @@ -3896,11 +3922,11 @@ dependencies = [ [[package]] name = "schannel" -version = "0.1.22" +version = "0.1.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c3733bf4cf7ea0880754e19cb5a462007c4a8c1914bff372ccc95b464f1df88" +checksum = "fbc91545643bcf3a0bbb6569265615222618bdf33ce4ffbbd13c4bbd4c093534" dependencies = [ - "windows-sys 0.48.0", + "windows-sys 0.52.0", ] [[package]] @@ -3926,7 +3952,7 @@ checksum = "1db149f81d46d2deba7cd3c50772474707729550221e69588478ebf9ada425ae" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.46", ] [[package]] @@ -3947,7 +3973,7 @@ version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" dependencies = [ - "ring 0.17.6", + "ring 0.17.7", "untrusted 0.9.0", ] @@ -4032,9 +4058,9 @@ dependencies = [ [[package]] name = "serde_bytes" -version = "0.11.12" +version = "0.11.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ab33ec92f677585af6d88c65593ae2375adde54efdbf16d597f2cbc7a6d368ff" +checksum = "8bb1879ea93538b78549031e2d54da3e901fd7e75f2e4dc758d760937b123d10" dependencies = [ "serde", ] @@ -4047,14 +4073,14 @@ checksum = "43576ca501357b9b071ac53cdc7da8ef0cbd9493d8df094cd821777ea6e894d3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.46", ] [[package]] name = "serde_json" -version = "1.0.108" +version = "1.0.109" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d1c7e3eac408d115102c4c24ad393e0821bb3a5df4d506a80f85f7a742a526b" +checksum = "cb0652c533506ad7a2e353cce269330d6afd8bdfb6d75e0ace5b35aacbd7b9e9" dependencies = [ "itoa", "ryu", @@ -4207,7 +4233,7 @@ dependencies = [ "git2", "is_debug", "time", - "tzdb", + "tzdb 0.5.10", ] [[package]] @@ -4294,16 +4320,6 @@ version = "1.11.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4dccd0940a2dcdf68d092b8cbab7dc0ad8fa938bf95787e1b916b0e3d0e8e970" -[[package]] -name = "socket2" -version = "0.4.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9f7916fc008ca5542385b89a3d3ce689953c143e9304a9bf8beec1de48994c0d" -dependencies = [ - "libc", - "winapi", -] - [[package]] name = "socket2" version = "0.5.5" @@ -4402,7 +4418,7 @@ dependencies = [ "proc-macro2", "quote", "rustversion", - "syn 2.0.39", + "syn 2.0.46", ] [[package]] @@ -4424,9 +4440,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.39" +version = "2.0.46" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23e78b90f2fcf45d3e842032ce32e3f2d1545ba6636271dcbf24fa306d87be7a" +checksum = "89456b690ff72fddcecf231caedbe615c59480c93358a93dfae7fc29e3ebbf0e" dependencies = [ "proc-macro2", "quote", @@ -4496,15 +4512,15 @@ dependencies = [ [[package]] name = "tempfile" -version = "3.8.1" +version = "3.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ef1adac450ad7f4b3c28589471ade84f25f731a7a0fe30d71dfa9f60fd808e5" +checksum = "01ce4141aa927a6d1bd34a041795abd0db1cccba5d5f24b009f694bdf3a1f3fa" dependencies = [ "cfg-if", "fastrand", "redox_syscall 0.4.1", "rustix", - "windows-sys 0.48.0", + "windows-sys 0.52.0", ] [[package]] @@ -4542,29 +4558,29 @@ checksum = "222a222a5bfe1bba4a77b45ec488a741b3cb8872e5e499451fd7d0129c9c7c3d" [[package]] name = "thiserror" -version = "1.0.50" +version = "1.0.56" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f9a7210f5c9a7156bb50aa36aed4c95afb51df0df00713949448cf9e97d382d2" +checksum = "d54378c645627613241d077a3a79db965db602882668f9136ac42af9ecb730ad" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.50" +version = "1.0.56" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "266b2e40bc00e5a6c09c3584011e08b06f123c00362c92b975ba9843aaaa14b8" +checksum = "fa0faa943b50f3db30a20aa7e265dbc66076993efed8463e8de414e5d06d3471" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.46", ] [[package]] name = "time" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c4a34ab300f2dee6e562c10a046fc05e358b29f9bf92277f30c3c8d82275f6f5" +checksum = "f657ba42c3f86e7680e53c8cd3af8abbe56b5491790b46e22e19c0d57463583e" dependencies = [ "deranged", "itoa", @@ -4584,9 +4600,9 @@ checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3" [[package]] name = "time-macros" -version = "0.2.15" +version = "0.2.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4ad70d68dba9e1f8aceda7aa6711965dfec1cac869f311a51bd08b3a2ccbce20" +checksum = "26197e33420244aeb70c3e8c78376ca46571bc4e701e4791c2cd9f57dcb3a43f" dependencies = [ "time-core", ] @@ -4608,9 +4624,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.34.0" +version = "1.35.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d0c014766411e834f7af5b8f4cf46257aab4036ca95e9d2c144a10f59ad6f5b9" +checksum = "c89b4efa943be685f629b149f53829423f8f5531ea21249408e8e2f8671ec104" dependencies = [ "backtrace", "bytes", @@ -4620,7 +4636,7 @@ dependencies = [ "parking_lot 0.12.1", "pin-project-lite", "signal-hook-registry", - "socket2 0.5.5", + "socket2", "tokio-macros", "windows-sys 0.48.0", ] @@ -4643,7 +4659,7 @@ checksum = "5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.46", ] [[package]] @@ -4658,9 +4674,9 @@ dependencies = [ [[package]] name = "tokio-openssl" -version = "0.6.3" +version = "0.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c08f9ffb7809f1b20c1b398d92acf4cc719874b3b2b2d9ea2f09b4a80350878a" +checksum = "6ffab79df67727f6acf57f1ff743091873c24c579b1e2ce4d8f53e47ded4d63d" dependencies = [ "futures-util", "openssl", @@ -4685,7 +4701,7 @@ version = "0.24.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" dependencies = [ - "rustls 0.21.9", + "rustls 0.21.10", "tokio", ] @@ -4848,7 +4864,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.46", ] [[package]] @@ -4872,9 +4888,9 @@ dependencies = [ [[package]] name = "try-lock" -version = "0.2.4" +version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3528ecfd12c466c6f163363caf2d02a71161dd5e1cc6ae7b34207ea2d42d81ed" +checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b" [[package]] name = "tss-esapi" @@ -4925,12 +4941,33 @@ dependencies = [ [[package]] name = "tzdb" -version = "0.5.7" +version = "0.5.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6a18ee5bde3433d683d41859650804a5ad89cad17f153a53f1e6a96e0da2d969" +dependencies = [ + "iana-time-zone", + "tz-rs", + "tzdb 0.6.1", +] + +[[package]] +name = "tzdb" +version = "0.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ec758958f2fb5069cd7fae385be95cc8eceb8cdfd270c7d14de6034f0108d99e" +checksum = "1b580f6b365fa89f5767cdb619a55d534d04a4e14c2d7e5b9a31e94598687fb1" dependencies = [ "iana-time-zone", "tz-rs", + "tzdb_data", +] + +[[package]] +name = "tzdb_data" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "629555d2921f3f0dc0de98699415a8b2b61dfcd3a0b082a327f7ed748bbb2b76" +dependencies = [ + "tz-rs", ] [[package]] @@ -4941,9 +4978,9 @@ checksum = "ed646292ffc8188ef8ea4d1e0e0150fb15a5c2e12ad9b8fc191ae7a8a7f3c4b9" [[package]] name = "unicode-bidi" -version = "0.3.13" +version = "0.3.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92888ba5573ff080736b3648696b70cafad7d250551175acbaa4e0385b3e1460" +checksum = "6f2528f27a9eb2b21e69c95319b30bd0efd85d09c379741b0f78ea1d86be2416" [[package]] name = "unicode-ident" @@ -5003,7 +5040,7 @@ dependencies = [ "base64 0.21.5", "log", "once_cell", - "rustls 0.21.9", + "rustls 0.21.10", "rustls-webpki", "serde", "serde_json", @@ -5075,6 +5112,7 @@ dependencies = [ "assert-json-diff", "async-trait", "az-snp-vtpm", + "az-tdx-vtpm", "base64 0.21.5", "bincode", "byteorder", @@ -5165,7 +5203,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.46", "wasm-bindgen-shared", ] @@ -5199,7 +5237,7 @@ checksum = "f0eb82fcb7930ae6219a7ecfd55b217f5f0893484b7a13022ebb2b2bf20b5283" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.46", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -5226,7 +5264,7 @@ version = "0.22.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ed63aea5ce73d0ff405984102c42de94fc55a6b75765d621c65262469b3c9b53" dependencies = [ - "ring 0.17.6", + "ring 0.17.7", "untrusted 0.9.0", ] @@ -5290,11 +5328,11 @@ checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" [[package]] name = "windows-core" -version = "0.51.1" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1f8cf84f35d2db49a46868f947758c7a1138116f7fac3bc844f43ade1292e64" +checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9" dependencies = [ - "windows-targets 0.48.5", + "windows-targets 0.52.0", ] [[package]] @@ -5477,9 +5515,9 @@ dependencies = [ [[package]] name = "zerocopy" -version = "0.7.28" +version = "0.7.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7d6f15f7ade05d2a4935e34a457b936c23dc70a05cc1d97133dc99e7a3fe0f0e" +checksum = "74d4d3961e53fa4c9a25a8637fc2bfaf2595b3d3ae34875568a5cf64787716be" dependencies = [ "byteorder", "zerocopy-derive", @@ -5487,13 +5525,13 @@ dependencies = [ [[package]] name = "zerocopy-derive" -version = "0.7.28" +version = "0.7.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dbbad221e3f78500350ecbd7dfa4e63ef945c05f4c61cb7f4d3f84cd0bba649b" +checksum = "9ce1b18ccd8e73a9321186f97e46f9f04b778851177567b1975109d26a08d2a6" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.46", ] [[package]] @@ -5513,25 +5551,24 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.39", + "syn 2.0.46", ] [[package]] name = "zstd" -version = "0.12.4" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a27595e173641171fc74a1232b7b1c7a7cb6e18222c11e9dfb9888fa424c53c" +checksum = "bffb3309596d527cfcba7dfc6ed6052f1d39dfbd7c867aa2e865e4a449c10110" dependencies = [ "zstd-safe", ] [[package]] name = "zstd-safe" -version = "6.0.6" +version = "7.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ee98ffd0b48ee95e6c5168188e44a54550b1564d9d530ee21d5f0eaed1069581" +checksum = "43747c7422e2924c11144d5229878b98180ef8b06cca4ab5af37afc8a8d8ea3e" dependencies = [ - "libc", "zstd-sys", ] diff --git a/Cargo.toml b/Cargo.toml index 2bc3afc89a..90ec327d47 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -28,7 +28,7 @@ chrono = "0.4.19" clap = { version = "4", features = ["derive"] } env_logger = "0.10.0" hex = "0.4.3" -kbs-types = "0.5" +kbs-types = "0.5.3" log = "0.4.17" prost = "0.11.0" rstest = "0.18.1" diff --git a/attestation-service/attestation-service/Cargo.toml b/attestation-service/attestation-service/Cargo.toml index f24cd1894f..cf381d5aa3 100644 --- a/attestation-service/attestation-service/Cargo.toml +++ b/attestation-service/attestation-service/Cargo.toml @@ -9,6 +9,7 @@ all-verifier = [ "verifier/all-verifier" ] tdx-verifier = [ "verifier/tdx-verifier" ] sgx-verifier = [ "verifier/sgx-verifier" ] az-snp-vtpm-verifier = [ "verifier/az-snp-vtpm-verifier" ] +az-tdx-vtpm-verifier = [ "verifier/az-tdx-vtpm-verifier" ] snp-verifier = [ "verifier/snp-verifier" ] csv-verifier = [ "verifier/csv-verifier" ] cca-verifier = [ "verifier/cca-verifier" ] @@ -42,7 +43,6 @@ clap = { workspace = true, optional = true } env_logger = { workspace = true, optional = true } futures = "0.3.17" hex.workspace = true -# TODO: change it to "0.5", once released. kbs-types.workspace = true lazy_static = "1.4.0" log.workspace = true diff --git a/attestation-service/verifier/Cargo.toml b/attestation-service/verifier/Cargo.toml index 9f3bd157fd..afb6f8817a 100644 --- a/attestation-service/verifier/Cargo.toml +++ b/attestation-service/verifier/Cargo.toml @@ -5,10 +5,11 @@ edition = "2021" [features] default = [ "all-verifier" ] -all-verifier = [ "tdx-verifier", "sgx-verifier", "snp-verifier", "az-snp-vtpm-verifier", "csv-verifier", "cca-verifier" ] +all-verifier = [ "tdx-verifier", "sgx-verifier", "snp-verifier", "az-snp-vtpm-verifier", "az-tdx-vtpm-verifier", "csv-verifier", "cca-verifier" ] tdx-verifier = [ "eventlog-rs", "scroll", "sgx-dcap-quoteverify-rs" ] sgx-verifier = [ "scroll", "sgx-dcap-quoteverify-rs" ] az-snp-vtpm-verifier = [ "az-snp-vtpm", "sev", "snp-verifier" ] +az-tdx-vtpm-verifier = [ "az-tdx-vtpm", "openssl", "tdx-verifier" ] snp-verifier = [ "asn1-rs", "openssl", "sev", "x509-parser" ] csv-verifier = [ "openssl", "csv-rs", "codicon" ] cca-verifier = [ "ear", "veraison-apiclient" ] @@ -18,6 +19,7 @@ anyhow.workspace = true asn1-rs = { version = "0.5.1", optional = true } async-trait.workspace = true az-snp-vtpm = { version = "0.4", default-features = false, features = ["verifier"], optional = true } +az-tdx-vtpm = { version = "0.4", default-features = false, features = ["verifier"], optional = true } base64 = "0.21" bincode = "1.3.3" byteorder = "1" diff --git a/attestation-service/verifier/src/az_snp_vtpm/mod.rs b/attestation-service/verifier/src/az_snp_vtpm/mod.rs index 3c306db1ef..34a41da1c5 100644 --- a/attestation-service/verifier/src/az_snp_vtpm/mod.rs +++ b/attestation-service/verifier/src/az_snp_vtpm/mod.rs @@ -122,16 +122,16 @@ fn verify_snp_report( mod tests { use super::*; - const REPORT: &[u8; 2048] = include_bytes!("../../test_data/az-hcl-data.bin"); - const SIGNATURE: &[u8; 256] = include_bytes!("../../test_data/az-vtpm-quote-sig.bin"); - const MESSAGE: &[u8; 122] = include_bytes!("../../test_data/az-vtpm-quote-msg.bin"); + const REPORT: &[u8; 2048] = include_bytes!("../../test_data/az-snp-vtpm/hcl-report.bin"); + const SIGNATURE: &[u8; 256] = include_bytes!("../../test_data/az-snp-vtpm/tpm-quote.sig"); + const MESSAGE: &[u8; 122] = include_bytes!("../../test_data/az-snp-vtpm/tpm-quote.msg"); const REPORT_DATA: &[u8] = "challenge".as_bytes(); #[test] fn test_verify_snp_report() { let hcl_report = HclReport::new(REPORT.to_vec()).unwrap(); let snp_report = hcl_report.try_into().unwrap(); - let vcek = Vcek::from_pem(include_str!("../../test_data/az-vcek.pem")).unwrap(); + let vcek = Vcek::from_pem(include_str!("../../test_data/az-snp-vtpm/vcek.pem")).unwrap(); let vendor_certs = load_milan_cert_chain().as_ref().unwrap(); verify_snp_report(&snp_report, &vcek, vendor_certs).unwrap(); } @@ -143,7 +143,7 @@ mod tests { wrong_report[0x00b0] = 0; let hcl_report = HclReport::new(wrong_report.to_vec()).unwrap(); let snp_report = hcl_report.try_into().unwrap(); - let vcek = Vcek::from_pem(include_str!("../../test_data/az-vcek.pem")).unwrap(); + let vcek = Vcek::from_pem(include_str!("../../test_data/az-snp-vtpm/vcek.pem")).unwrap(); let vendor_certs = load_milan_cert_chain().as_ref().unwrap(); verify_snp_report(&snp_report, &vcek, vendor_certs).unwrap_err(); } @@ -194,7 +194,7 @@ mod tests { signature: SIGNATURE.to_vec(), message: MESSAGE.to_vec(), }; - let report = include_bytes!("../../test_data/az-hcl-data.bin"); + let report = include_bytes!("../../test_data/az-snp-vtpm/hcl-report.bin"); let hcl_report = HclReport::new(report.to_vec()).unwrap(); let mut report_data = REPORT_DATA.to_vec(); report_data.reverse(); diff --git a/attestation-service/verifier/src/az_tdx_vtpm/mod.rs b/attestation-service/verifier/src/az_tdx_vtpm/mod.rs new file mode 100644 index 0000000000..0e65599b1b --- /dev/null +++ b/attestation-service/verifier/src/az_tdx_vtpm/mod.rs @@ -0,0 +1,144 @@ +// Copyright (c) Microsoft Corporation. +// +// SPDX-License-Identifier: Apache-2.0 +// + +use super::tdx::claims::generate_parsed_claim; +use super::tdx::quote::{ecdsa_quote_verification, parse_tdx_quote, Quote as TdQuote}; +use super::{TeeEvidenceParsedClaim, Verifier}; +use crate::{InitDataHash, ReportData}; +use anyhow::{bail, Context, Result}; +use async_trait::async_trait; +use az_tdx_vtpm::hcl::HclReport; +use az_tdx_vtpm::vtpm::Quote as TpmQuote; +use log::{debug, warn}; +use openssl::pkey::PKey; +use serde::{Deserialize, Serialize}; + +#[derive(Serialize, Deserialize)] +struct Evidence { + tpm_quote: TpmQuote, + hcl_report: Vec, + td_quote: Vec, +} + +#[derive(Default)] +pub struct AzTdxVtpm; + +#[async_trait] +impl Verifier for AzTdxVtpm { + /// The following verification steps are performed: + /// 1. TPM Quote has been signed by AK included in the HCL variable data + /// 2. Attestation nonce matches TPM Quote nonce + /// 3. TD Quote is genuine + /// 4. TD Report's report_data field matches hashed HCL variable data + async fn evaluate( + &self, + evidence: &[u8], + expected_report_data: &ReportData, + expected_init_data_hash: &InitDataHash, + ) -> Result { + let ReportData::Value(expected_report_data) = expected_report_data else { + bail!("unexpected empty report data"); + }; + + if let InitDataHash::Value(_) = expected_init_data_hash { + warn!("Azure TDX vTPM verifier does not support verify init data hash, will ignore the input `init_data_hash`"); + } + + let evidence = serde_json::from_slice::(evidence) + .context("Failed to deserialize Azure vTPM TDX evidence")?; + + let hcl_report = HclReport::new(evidence.hcl_report)?; + verify_tpm_quote(&evidence.tpm_quote, &hcl_report, expected_report_data)?; + + ecdsa_quote_verification(&evidence.td_quote).await?; + let td_quote = parse_tdx_quote(&evidence.td_quote)?; + + verify_report_data(&hcl_report, &td_quote)?; + + let claim = generate_parsed_claim(td_quote, None)?; + Ok(claim) + } +} + +fn verify_report_data(hcl_report: &HclReport, td_quote: &TdQuote) -> Result<()> { + let var_data_hash = hcl_report.var_data_sha256(); + if var_data_hash != td_quote.report_body.report_data[..32] { + bail!("TDX Quote report data mismatch"); + } + debug!("Report data verification completed successfully."); + Ok(()) +} + +fn verify_tpm_quote(quote: &TpmQuote, hcl_report: &HclReport, report_data: &[u8]) -> Result<()> { + let ak_pub = hcl_report.ak_pub().context("Failed to get AKpub")?; + let der = ak_pub.key.try_to_der()?; + let ak_pub = PKey::public_key_from_der(&der).context("Failed to parse AKpub")?; + + quote + .verify(&ak_pub, report_data) + .context("Failed to verify vTPM quote")?; + Ok(()) +} + +#[cfg(test)] +mod tests { + use super::*; + + const REPORT: &[u8; 2600] = include_bytes!("../../test_data/az-tdx-vtpm/hcl-report.bin"); + const SIGNATURE: &[u8; 256] = include_bytes!("../../test_data/az-tdx-vtpm/tpm-quote.sig"); + const MESSAGE: &[u8; 126] = include_bytes!("../../test_data/az-tdx-vtpm/tpm-quote.msg"); + const TD_QUOTE: &[u8; 5006] = include_bytes!("../../test_data/az-tdx-vtpm/td-quote.bin"); + + #[test] + fn test_verify_report_data() { + let hcl_report = HclReport::new(REPORT.to_vec()).unwrap(); + let td_quote = parse_tdx_quote(TD_QUOTE).unwrap(); + verify_report_data(&hcl_report, &td_quote).unwrap(); + } + + #[test] + fn test_verify_report_data_failure() { + let mut wrong_report = REPORT.clone(); + wrong_report[0x0880] += 1; + let hcl_report = HclReport::new(wrong_report.to_vec()).unwrap(); + let td_quote = parse_tdx_quote(TD_QUOTE).unwrap(); + verify_report_data(&hcl_report, &td_quote).unwrap_err(); + } + + #[test] + fn test_verify_quote() { + let quote = TpmQuote { + signature: SIGNATURE.to_vec(), + message: MESSAGE.to_vec(), + }; + let hcl_report = HclReport::new(REPORT.to_vec()).unwrap(); + let nonce = "tdx challenge".as_bytes(); + verify_tpm_quote("e, &hcl_report, nonce).unwrap(); + } + + #[test] + fn test_verify_quote_signature_failure() { + let mut wrong_message = MESSAGE.clone(); + wrong_message.reverse(); + let wrong_quote = TpmQuote { + signature: SIGNATURE.to_vec(), + message: wrong_message.to_vec(), + }; + let hcl_report = HclReport::new(REPORT.to_vec()).unwrap(); + let nonce = "tdx challenge".as_bytes(); + verify_tpm_quote(&wrong_quote, &hcl_report, nonce).unwrap_err(); + } + + #[test] + fn test_verify_quote_nonce_failure() { + let quote = TpmQuote { + signature: SIGNATURE.to_vec(), + message: MESSAGE.to_vec(), + }; + let hcl_report = HclReport::new(REPORT.to_vec()).unwrap(); + let nonce = "wrong".as_bytes(); + verify_tpm_quote("e, &hcl_report, nonce).unwrap_err(); + } +} diff --git a/attestation-service/verifier/src/lib.rs b/attestation-service/verifier/src/lib.rs index b82e7cceb7..da0966183a 100644 --- a/attestation-service/verifier/src/lib.rs +++ b/attestation-service/verifier/src/lib.rs @@ -7,6 +7,9 @@ pub mod sample; #[cfg(feature = "az-snp-vtpm-verifier")] pub mod az_snp_vtpm; +#[cfg(feature = "az-tdx-vtpm-verifier")] +pub mod az_tdx_vtpm; + #[cfg(feature = "snp-verifier")] pub mod snp; @@ -35,6 +38,15 @@ pub fn to_verifier(tee: &Tee) -> Result> { } } } + Tee::AzTdxVtpm => { + cfg_if::cfg_if! { + if #[cfg(feature = "az-tdx-vtpm-verifier")] { + Ok(Box::::default() as Box) + } else { + bail!("feature `az-tdx-vtpm-verifier` is not enabled for `verifier` crate."); + } + } + } Tee::Tdx => { cfg_if::cfg_if! { if #[cfg(feature = "tdx-verifier")] { diff --git a/attestation-service/verifier/src/tdx/mod.rs b/attestation-service/verifier/src/tdx/mod.rs index a6bc70b425..e62fcfd1eb 100644 --- a/attestation-service/verifier/src/tdx/mod.rs +++ b/attestation-service/verifier/src/tdx/mod.rs @@ -10,9 +10,9 @@ use eventlog::{CcEventLog, Rtmr}; use quote::{ecdsa_quote_verification, parse_tdx_quote}; use serde::{Deserialize, Serialize}; -mod claims; +pub(crate) mod claims; mod eventlog; -mod quote; +pub(crate) mod quote; #[derive(Serialize, Deserialize, Debug)] struct TdxEvidence { diff --git a/attestation-service/verifier/test_data/az-hcl-data.bin b/attestation-service/verifier/test_data/az-snp-vtpm/hcl-report.bin similarity index 100% rename from attestation-service/verifier/test_data/az-hcl-data.bin rename to attestation-service/verifier/test_data/az-snp-vtpm/hcl-report.bin diff --git a/attestation-service/verifier/test_data/az-vtpm-quote-msg.bin b/attestation-service/verifier/test_data/az-snp-vtpm/tpm-quote.msg similarity index 100% rename from attestation-service/verifier/test_data/az-vtpm-quote-msg.bin rename to attestation-service/verifier/test_data/az-snp-vtpm/tpm-quote.msg diff --git a/attestation-service/verifier/test_data/az-vtpm-quote-sig.bin b/attestation-service/verifier/test_data/az-snp-vtpm/tpm-quote.sig similarity index 100% rename from attestation-service/verifier/test_data/az-vtpm-quote-sig.bin rename to attestation-service/verifier/test_data/az-snp-vtpm/tpm-quote.sig diff --git a/attestation-service/verifier/test_data/az-vcek.pem b/attestation-service/verifier/test_data/az-snp-vtpm/vcek.pem similarity index 100% rename from attestation-service/verifier/test_data/az-vcek.pem rename to attestation-service/verifier/test_data/az-snp-vtpm/vcek.pem diff --git a/attestation-service/verifier/test_data/az-tdx-vtpm/hcl-report.bin b/attestation-service/verifier/test_data/az-tdx-vtpm/hcl-report.bin new file mode 100644 index 0000000000000000000000000000000000000000..cca12d37ac75906a76e04f71b0f01a00671efb41 GIT binary patch literal 2600 zcmeHHYp4`e9N+7`Uh-N{L}nOaTS5;fc4v2IcBR1C=j`mx?(FW}$IQj1d7Ryyotd4T z=iXVpWJ+q07bK#T&_WQC8$w1Al|3wp>|t5>B{NAV`XZHJSz&WCA#WeT5bA^H%m06V z|K~aX^E-GVkInP>d>a<{e6w=ydT0(XI(q#L!{>a%7vN1p`-Lap7~8k((KXv&zRTQy z^5EIR-V1xpVf zq!(TLzz=I*({B?-cAIa4Rg1-sYu9~t@{7Z`_*aK6oto zrGyyE%roMa^;?&W(MK=z@o(ke^`|y3y{5JGm1mdCUx@y8__;e4UahbB{C>Ll#f|Up zR_31@I)Bu8L!%d!K!!(-5R3MFG`9GwZJ!>Vx_ifww=8se;`^(jYu$AZK5~wqdH1Jx z%wsEi!tLt|OYcly6nqJrxpglg^s>5sv-te^?H^~}K5_iO%;}M%-|gCVbb>}QUF zMW-fq9$FuJntO52&B8R|e-(_Ca=&&T-n8MeHgP4{l^d9I0|!TZz9A3u#2@knPg(7k zfou9#On8bU`d9dI?~{`$oA)oDwXj-m*625-R@cAEgDltcDOWJh3_J}hVR29Gda5ZT z@gRm_ZY!7;IW~w|{e;~|2vO4OT{u>tY|WrKkgK;t49fyLR%mC5lGRLL$tFw@pkF0R zd?!CSs7ab45`jnpr5LhMEDYc@ETU>P(5V$Wb*Wq_IK+6XjKK;e+fr=YzZI}OWmO{LUG4RCr=wQ3EXRggkZ%vmK~Xw<@zi|CwUAd{|R6!WQG zF(rsXzM{0N0Vv3_?MAOk&`3sSGGW@FppeXod|8wla42L$2?7zyBpi&_xM+l>+zeG0 zuAn)UE5+ruLjg9|Yyr8h_tahoBPTN~o3%vSt|m}89Typ< zY*_hvzK^xgXqQx#I>Y2Rv0V<4X&IFxa>A`MY$2(%YDK1*qKRa!G|*CcD*}`7z#Zoq zCsPFjijt!!#^@;0a{T^Uy3V=YD;}zi1$}()Q+;3=_1qr~gAggVwe9w@&md6~V%P?J< zBZP2HuQIIbV32AHX^}2ywxdwp?0C08HcVWB0v^{)AlL?gcrTZKMUzuZFR|5A=hm8q zdcZIx)0%DIPe(_sb|u{g*;%T?DKr_5A}AC~gb*m4MqnuBVNg00h2!Z6mPR9p_x}90 X2@FW&EY6Dw{Kv~bHRn_NA8vmK;dRTMGZRPeir;rDcJ_lmxMul^-+kd>-}deA z9=>tsB`>V-t@ye7)si!o&wf38gqM!J#I4)?JhuL?cmDpxtGz#Z>B;uwjw{|ibL!gu zH?H~id-*+k|NWcR!OI)^#oL69m(V9UpT>{F>xc0>|J?J`q1T_@^Um0TH}AdkvbUZa z>+CvMT=&)$_dL5Ta#!x5-5c~B;Z2VgF)?^XQa2lch@A5ts*m3VSw3}aA`k$ja zZoDI&+kX@JmvVUKGp(bAo44I@0j3>zAJ@Uq{#72&roBfp`yROd@h$i4Uv}S_@^hQs zdG*~}_Z=Mj{@v%|n?65&+rPLsrUmfEl>G8d)Ax^`b>*Q|tBRsxR~>!Z+%tau4}X2(ue2=tUr*w#Z=7cc2uIOlh&=W9DRUuE6;-SZeB_>*JA-08h@`EP->{lmV-F?RAHvZ|r=B-=v;+J-WaRDd@8-r_N8&VdrTdL5#VXn!sp z>F|l~v6Rr#GF*ulTWIMT ziJ=@>5^$tAk{2xTL@LGGX$2_I(3_=dC6N?a2n}QQorlmC2mquA)(NU?!fXc#(w7K% z+aw{HPN*GMsufT&TV&OzrizkK!f_>MM2kEpb7rzu#T}qF#ff;ffmNEg=FRo^fWz6E z7I(tawS*O9Ns=T`eGNNmqn(ia6%^j4Eufm|NWsbb^TDDCWWBCp5i*$oDLp=6igs@J z@ib&aTdP3BqQgdp&E|4Z$*)KGaJ(NW=}fg#h;jjaLNc>a!Nl~sTiKKouMHb0UK6@` zIpSm|j4rbG3yfLIr3KVTW;b7s-~th`HN0KXYqn3rsR*W@=(1Wi9jfGUv;#Fgl4VkT z9{Sy_Dv*YlhETFNBAG18y%>yJR+A0KO0BdXlY?Y=Mga+TyQ1P01k+QL+vBhWY!VFe zSAZDxLBQI;txKiK5Hi97n-3}?C16052~f6d!(eNu`xv5pVi1TFMZwI}jA)yaA+r(3 zDPJaT_sYOP-_vfDnpmk?X1tUik|ISQWJ1*eA~afPzfahK+XIzF>;?<5MF(71FXDjG zSYXH8$Ph&Ui$sPf0zeg*zar=cAcyvoQXt$2i%dkg0cIUWQzP6I79ALgFzP_M0p?9K zNP#>>1kz1mo`ah*ITGNc6sScaxDFHwfDWAL`L&=7QN*C35y0Rf06aK;4We43TS=lF z0BAL;yZ0k$Q5XaoFqkPCIoqVI#bQ>LEpb9`3AEKy3p>KA#Mr#lS27UTS7BJ~bbN|e_F-%& zo@;ctLZwZ#`i(-e8k-bD9ZSb)hQnn(PR(;sO^RA-hyJqvH|A8*PYG zoeLyI$1&&(5ecaa$&N8b$cyKXbJvjUUNPKP3G`+Erz z1o#To<4M)#6_`Udhj&i4&CxXK&C}!Qxl}Qf-)Zsm98F^jc$%)-l&wYGCU+`+0*D$r z`;MAUCq)BLf((6=Z9HIRcvL6ca(ZbS20QcrYt99apdMXV0IN`(yM$|0R#2`wLxL5&Rcs?$oU z(Y1oA)i29hZ-z|AYpR6s9T8&v>7?NO7}%{iE_UTP?5b={*goK1>$tB>D``30_CHN)48U1dwv#rqvDhbBFy%A zg|Y=w?eVlLPQ?)KidJ+BN;Qy3S@zt@F<0)M&eG>rj(rqeJ-YPap`j_*Kv#bVyb|F$ zg+w;1WfK)&Ihk$|PL7I|C$T`HoRH%ZT}m^Rd>y8^=~TU{1v?XLrAi{<>F0ZiV6EBe zYZVjbOeLlD=p^3aU@YXAu>{0U2d@M4%)%8r9lVah6+?duJ`!H%cPTd7rXLosL%33d zw#H^p#{phtgki~GOCXWfNT4$u-$6?}OP7`jh)1$NvlHo^IFx literal 0 HcmV?d00001 diff --git a/attestation-service/verifier/test_data/az-tdx-vtpm/tpm-quote.msg b/attestation-service/verifier/test_data/az-tdx-vtpm/tpm-quote.msg new file mode 100644 index 0000000000000000000000000000000000000000..6653c5d5dd96239361531f106f08c11320f972f0 GIT binary patch literal 126 zcmew#;_Tia!Jx#z{nm43>yC5RrFk9v>bdS~)cp!K-|~B2y(h!fvJ!=(+4v8GSiAy!dLWdDWSlI!ps=V(RJBD0CL|7?Gyp2MUJZ~JV9D GrpcTee { match tee { Tee::AzSnpVtpm => GrpcTee::AzSnpVtpm, + Tee::AzTdxVtpm => GrpcTee::AzTdxVtpm, Tee::Cca => GrpcTee::Cca, Tee::Csv => GrpcTee::Csv, Tee::Sample => GrpcTee::Sample, diff --git a/kbs/test/Makefile b/kbs/test/Makefile index 545a5c9934..6de002cf61 100644 --- a/kbs/test/Makefile +++ b/kbs/test/Makefile @@ -25,6 +25,7 @@ install-dependencies: sudo apt-get install -y \ build-essential \ clang \ + libsgx-dcap-default-qpl \ libsgx-dcap-quote-verify-dev \ libtdx-attest-dev \ libtss2-dev \ diff --git a/kbs/tools/client/Cargo.toml b/kbs/tools/client/Cargo.toml index e43faa4333..cb1851e0c5 100644 --- a/kbs/tools/client/Cargo.toml +++ b/kbs/tools/client/Cargo.toml @@ -19,7 +19,7 @@ base64.workspace = true clap = { version = "4.0.29", features = ["derive"] } env_logger.workspace = true jwt-simple = "0.11.4" -kbs_protocol = { git = "https://github.com/confidential-containers/guest-components.git", rev = "1e76429" } +kbs_protocol = { git = "https://github.com/confidential-containers/guest-components.git", rev = "a1d5eed" } log.workspace = true reqwest = { version = "0.11.18", default-features = false, features = ["cookies", "json"] } serde = { version = "1.0", features = ["derive"] }