Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remove unused functions in attestation and crypto #304

Merged
merged 1 commit into from
Oct 23, 2024
Merged

remove unused functions in attestation and crypto #304

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 0 additions & 18 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

65 changes: 1 addition & 64 deletions src/attestation/src/attest.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,20 +6,14 @@ use crate::{
binding::get_quote as get_quote_inner, binding::init_heap, binding::verify_quote_integrity,
binding::AttestLibError, root_ca::ROOT_CA, Error,
};
use alloc::{string::String, vec, vec::Vec};
use alloc::{vec, vec::Vec};
use core::{alloc::Layout, ffi::c_void, ops::Range};
use crypto::{
x509,
x509::{Decode, ObjectIdentifier, OctetStringRef, Reader},
};
use tdx_tdcall::tdreport::*;

const TD_QUOTE_SIZE: usize = 0x2000;
const TD_REPORT_VERIFY_SIZE: usize = 1024;
const ATTEST_HEAP_SIZE: usize = 0x80000;
const TD_VERIFIED_REPORT_SIZE: usize = 734;
const PEM_CERT_BEGIN: &str = "-----BEGIN CERTIFICATE-----\n";
const PEM_CERT_END: &str = "-----END CERTIFICATE-----\n";

pub fn attest_init_heap() -> Option<usize> {
unsafe {
Expand Down Expand Up @@ -87,63 +81,6 @@ pub fn verify_quote(quote: &[u8]) -> Result<Vec<u8>, Error> {
Ok(td_report_verify[..report_verify_size as usize].to_vec())
}

pub fn get_fmspc_from_quote(quote: &[u8]) -> Result<[u8; 6], Error> {
let mid = String::from_utf8_lossy(quote);
let start_index = mid.find(PEM_CERT_BEGIN).ok_or(Error::InvalidQuote)?;
let end_index = mid.find(PEM_CERT_END).ok_or(Error::InvalidQuote)? + PEM_CERT_END.len();

let pck_cert = mid[start_index..end_index].as_bytes();
let pck_der = crypto::pem_cert_to_der(pck_cert)
.map_err(|_| Error::InvalidQuote)?
.to_vec();

parse_fmspc_from_pck_cert(&pck_der)
}

#[derive(Clone, Copy, Debug, Eq, PartialEq)]
pub struct InnerValue<'a> {
pub id: ObjectIdentifier,
pub value: Option<OctetStringRef<'a>>,
}

impl<'a> Decode<'a> for InnerValue<'a> {
fn decode<R: der::Reader<'a>>(decoder: &mut R) -> der::Result<Self> {
decoder.sequence(|decoder| {
let id = decoder.decode()?;
let value = decoder.decode()?;

Ok(Self { id, value })
})
}
}

fn parse_fmspc_from_pck_cert(pck_der: &[u8]) -> Result<[u8; 6], Error> {
const PCK_FMSPC_EXTENSION_OID: ObjectIdentifier =
ObjectIdentifier::new_unwrap("1.2.840.113741.1.13.1");
const PCK_FMSPC_OID: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113741.1.13.1.4");

let x509 = x509::Certificate::from_der(pck_der).map_err(|_| Error::InvalidQuote)?;
let extensions = x509.tbs_certificate.extensions.ok_or(Error::InvalidQuote)?;
for ext in extensions.get() {
if ext.extn_id == PCK_FMSPC_EXTENSION_OID {
let vals =
Vec::<InnerValue>::from_der(ext.extn_value.ok_or(Error::InvalidQuote)?.as_bytes())
.map_err(|_| Error::InvalidQuote)?;
for val in vals {
if val.id == PCK_FMSPC_OID {
return val
.value
.ok_or(Error::InvalidQuote)?
.as_bytes()
.try_into()
.map_err(|_| Error::InvalidQuote);
}
}
}
}
Err(Error::InvalidQuote)
}

fn mask_verified_report_values(report: &mut [u8]) {
const R_MISC_SELECT: Range<usize> = 626..630;
const R_MISC_SELECT_MASK: Range<usize> = 630..634;
Expand Down
1 change: 0 additions & 1 deletion src/crypto/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ der = {version = "0.7.9", features = ["oid", "alloc", "derive"]}
pki-types = { package = "rustls-pki-types", version = "1" }
rust_std_stub = { path = "../std-support/rust-std-stub" }
rustls = { version = "=0.23.12", default-features = false, features = ["ring" ], optional = true }
rustls-pemfile = { version = "2.0.0", default-features = false }
ring = { path = "../../deps/td-shim/library/ring", default-features = false, features = ["alloc", "less-safe-getrandom-custom-or-rdrand"], optional = true }
sys_time = { path = "../std-support/sys_time" }
zeroize = "1.5.7"
Expand Down
13 changes: 0 additions & 13 deletions src/crypto/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,6 @@
extern crate alloc;

use alloc::string::String;
use pki_types::CertificateDer;
use rustls_pemfile::Item;

cfg_if::cfg_if! {
if #[cfg(feature = "rustls")] {
Expand Down Expand Up @@ -79,14 +77,3 @@ impl From<x509::DerError> for Error {
Error::GenerateCertificate(e)
}
}

pub fn pem_cert_to_der(cert: &[u8]) -> Result<CertificateDer<'static>> {
let item = rustls_pemfile::read_one_from_slice(cert)
.map_err(|_| Error::DecodePemCert)?
.map(|(item, _)| item)
.ok_or(Error::DecodePemCert)?;
match item {
Item::X509Certificate(cert) => Ok(cert),
_ => Err(Error::DecodePemCert),
}
}
1 change: 0 additions & 1 deletion src/migtd/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,6 @@ virtio_serial = { path="../devices/virtio_serial", optional = true }
x86 = "0.47.0"
x86_64 = "0.14.9"
zerocopy = { version = "0.7", features = ["derive"] }
base64 = { version = "0.21.5", default-features = false, features = ["alloc"] }

minicov = { version = "0.2", default-features = false, optional = true }
td-benchmark = { path = "../../deps/td-shim/devtools/td-benchmark", default-features = false, optional = true }
Expand Down
Loading