Consolidate snp and tdx crates (#39)

Since Azure TDX CVMs are in public preview now, this PR consolidates both
crates. There is shared logic, which has been organized into a `az-cvm-vtpm`
crate that is imported by both `az-snp-vtpm` and `az-tdx-vtpm`.

This constitutes a breaking change in the API, hence the version bump to
0.4 for all crates.

Signed-off-by: Magnus Kulke <[email protected]>

az-cvm-vtpm/Cargo.toml

@@ -1,7 +1,50 @@
+[package]
+name = "az-cvm-vtpm"
+version = "0.4.0"
+edition = "2021"
+repository = "https://github.com/kinvolk/azure-cvm-tooling/"
+license = "MIT"
+keywords = ["azure", "tpm", "sev-snp", "tdx"]
+categories = ["cryptography", "virtualization"]
+description = "Package with shared code for Azure Confidential VMs"
+
 [workspace]
 members = [
 	"az-snp-vtpm",
 	"az-tdx-vtpm",
-	"az-snp-vtpm/example",
+    "az-snp-vtpm/example",
 ]
-resolver = "2"
+
+[lib]
+path = "src/lib.rs"
+
+[dependencies]
+bincode.workspace = true
+jsonwebkey = { version = "0.3.5", features = ["pkcs-convert"] }
+memoffset = "0.9.0"
+openssl = { workspace = true, optional = true }
+rsa = { version = "0.8.2", features = ["pkcs5", "sha2"] }
+serde.workspace = true
+serde_json.workspace = true
+serde-big-array = "0.5.1"
+sev.workspace = true
+sha2 = "0.10.8"
+thiserror.workspace = true
+tss-esapi = "7.4"
+zerocopy.workspace = true
+
+[features]
+default = ["attester", "verifier"]
+attester = []
+verifier = ["openssl", "sev/openssl"]
+
+[workspace.dependencies]
+bincode = "1.3.1"
+clap = { version = "4", features = ["derive"] }
+openssl = "0.10"
+serde = { version = "1.0.189", features = ["derive"] }
+serde_json = "1.0.107"
+thiserror = "1.0.38"
+sev = "1.2.0"
+ureq = { version = "2.6.2", default-features = false, features = ["json"] }
+zerocopy = { version = "0.7.26", features = ["derive"] }

az-cvm-vtpm/README.md

@@ -8,4 +8,4 @@ Attestation Library for Azure AMD SEV-SNP Confidential Virtual Machines.
 
 ## az-tdx-vtpm
 
-Attestation Library for Azure Intel TDX Confidential Virtual Machines (Limited Preview).
+Attestation Library for Azure Intel TDX Confidential Virtual Machines.

az-cvm-vtpm/az-snp-vtpm/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "az-snp-vtpm"
-version = "0.3.0"
+version = "0.4.0"
 edition = "2021"
 repository = "https://github.com/kinvolk/azure-cvm-tooling/"
 license = "MIT"
@@ -17,22 +17,16 @@ path = "src/main.rs"
 required-features = ["attester", "verifier"]
 
 [dependencies]
-bincode = "1"
-clap = { version = "4", features = ["derive"] }
-jsonwebkey = { version = "0.3.5", features = ["pkcs-convert"] }
-memoffset = "0.8.0"
-openssl = { version = "0.10", optional = true }
-rsa = { version = "0.8.2", features = ["pkcs5", "sha2"] }
-serde = { version = "1", features = ["derive"] }
-serde_json = "1"
-sev = "1.2.0"
-sha2 = "0.10.6"
-static_assertions = "^1.1.0"
-thiserror = "1.0.38"
-tss-esapi = "7.4"
-ureq = { version = "2.6.2", default-features = false, features = ["json"] }
+az-cvm-vtpm = { path = "..", version = "0.4.0" }
+bincode.workspace = true
+clap.workspace = true
+openssl = { workspace = true, optional = true }
+serde.workspace = true
+sev.workspace = true
+thiserror.workspace = true
+ureq.workspace = true
 
 [features]
 default = ["attester", "verifier"]
 attester = []
-verifier = ["openssl", "sev/openssl", "ureq/tls"]
+verifier = ["az-cvm-vtpm/openssl", "openssl", "ureq/tls"]

az-cvm-vtpm/az-snp-vtpm/example/Cargo.toml

@@ -6,4 +6,5 @@ edition = "2021"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-az-snp-vtpm = { path = "../" }
+az-snp-vtpm.path = "../"
+openssl.workspace = true

az-cvm-vtpm/az-snp-vtpm/example/src/main.rs

@@ -1,13 +1,11 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-use az_snp_vtpm::amd_kds;
 use az_snp_vtpm::certs::Vcek;
-use az_snp_vtpm::hcl;
-use az_snp_vtpm::imds;
-use az_snp_vtpm::report::Validateable;
-use az_snp_vtpm::vtpm;
-use az_snp_vtpm::vtpm::VerifyVTpmQuote;
+use az_snp_vtpm::hcl::HclReport;
+use az_snp_vtpm::report::{AttestationReport, Validateable};
+use az_snp_vtpm::{amd_kds, imds, vtpm};
+use openssl::pkey::PKey;
 use std::error::Error;
 
 struct Evidence {
@@ -36,8 +34,12 @@ struct Verifier;
 
 impl Verifier {
     fn verify(nonce: &[u8], evidence: &Evidence) -> Result<(), Box<dyn Error>> {
-        let hcl_data: hcl::HclData = evidence.report[..].try_into()?;
-        let snp_report = hcl_data.report().snp_report();
+        let Evidence { quote, report, .. } = evidence;
+
+        let hcl_report = HclReport::new(report.clone())?;
+        let var_data_hash = hcl_report.var_data_sha256();
+        let ak_pub = hcl_report.ak_pub()?;
+        let snp_report: AttestationReport = hcl_report.try_into()?;
 
         let cert_chain = amd_kds::get_cert_chain()?;
         let vcek = Vcek::from_pem(&evidence.certs.vcek)?;
@@ -46,11 +48,12 @@ impl Verifier {
         vcek.validate(&cert_chain)?;
         snp_report.validate(&vcek)?;
 
-        let var_data = hcl_data.var_data();
-        hcl_data.report().verify_report_data(var_data)?;
-
-        let ak_pub = var_data.ak_pub()?;
-        ak_pub.verify_quote(&evidence.quote, nonce)?;
+        if var_data_hash != snp_report.report_data[..32] {
+            return Err("var_data_hash mismatch".into());
+        }
+        let der = ak_pub.key.try_to_der()?;
+        let pub_key = PKey::public_key_from_der(&der)?;
+        quote.verify(&pub_key, nonce)?;
 
         Ok(())
     }

az-cvm-vtpm/az-snp-vtpm/src/certs.rs

@@ -88,7 +88,7 @@ mod tests {
 
     #[test]
     fn test_validate_certificates() {
-        let bytes = include_bytes!("../test/certs.pem");
+        let bytes = include_bytes!("../../test/certs.pem");
         let certs = X509::stack_from_pem(bytes).unwrap();
         let (vcek, ask, ark) = (certs[0].clone(), certs[1].clone(), certs[2].clone());
         let vcek = Vcek(vcek);