address review

kinvolk · Jan 15, 2024 · 289cbfa · 289cbfa
1 parent 41bac86
commit 289cbfa
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 13 deletions.
diff --git a/az-cvm-vtpm/Cargo.toml b/az-cvm-vtpm/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "az-cvm-vtpm"
-version = "0.4.2"
+version = "0.5.0"
 edition = "2021"
 repository = "https://github.com/kinvolk/azure-cvm-tooling/"
 license = "MIT"

diff --git a/az-cvm-vtpm/az-snp-vtpm/Cargo.toml b/az-cvm-vtpm/az-snp-vtpm/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "az-snp-vtpm"
-version = "0.4.1"
+version = "0.5.0"
 edition = "2021"
 repository = "https://github.com/kinvolk/azure-cvm-tooling/"
 license = "MIT"
@@ -17,7 +17,7 @@ path = "src/main.rs"
 required-features = ["attester", "verifier"]
 
 [dependencies]
-az-cvm-vtpm = { path = "..", version = "0.4.1" }
+az-cvm-vtpm = { path = "..", version = "0.5.0" }
 bincode.workspace = true
 clap.workspace = true
 openssl = { workspace = true, optional = true }

diff --git a/az-cvm-vtpm/az-tdx-vtpm/Cargo.toml b/az-cvm-vtpm/az-tdx-vtpm/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "az-tdx-vtpm"
-version = "0.4.1"
+version = "0.5.0"
 edition = "2021"
 repository = "https://github.com/kinvolk/azure-cvm-tooling/"
 license = "MIT"
@@ -16,7 +16,7 @@ name = "tdx-vtpm"
 path = "src/main.rs"
 
 [dependencies]
-az-cvm-vtpm = { path = "..", version = "0.4.1" }
+az-cvm-vtpm = { path = "..", version = "0.5.0" }
 base64-url = "2.0.0"
 bincode.workspace = true
 serde.workspace = true

diff --git a/az-cvm-vtpm/src/vtpm/mod.rs b/az-cvm-vtpm/src/vtpm/mod.rs
@@ -102,6 +102,7 @@ pub fn get_ak_pub() -> Result<RsaPublicKey, AKPubError> {
     Ok(pkey)
 }
 
+#[non_exhaustive]
 #[derive(Error, Debug)]
 pub enum QuoteError {
     #[error("tpm error")]
@@ -120,9 +121,9 @@ pub enum QuoteError {
 
 #[derive(Serialize, Deserialize, Debug, Clone)]
 pub struct Quote {
-    pub signature: Vec<u8>,
-    pub message: Vec<u8>,
-    pub pcrs: Vec<Vec<u8>>,
+    signature: Vec<u8>,
+    message: Vec<u8>,
+    pcrs: Vec<Vec<u8>>,
 }
 
 impl Quote {

diff --git a/az-cvm-vtpm/src/vtpm/verify.rs b/az-cvm-vtpm/src/vtpm/verify.rs
@@ -10,6 +10,7 @@ use thiserror::Error;
 use tss_esapi::structures::{Attest, AttestInfo};
 use tss_esapi::traits::UnMarshall;
 
+#[non_exhaustive]
 #[derive(Error, Debug)]
 pub enum VerifyError {
     #[error("tss error")]
@@ -62,7 +63,7 @@ impl Quote {
         Ok(())
     }
 
-    /// Verify a Quote's PCR values
+    /// Verify that the TPM Quote's PCR digest matches the digest of the bundled PCR values
     ///
     pub fn verify_pcrs(&self) -> Result<(), VerifyError> {
         let attest = Attest::unmarshall(&self.message)?;
@@ -128,8 +129,8 @@ mod tests {
         //
         // For PCR values:
         // sudo tpm2_pcrread sha256:0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23
-        let quote_bytes: Vec<u8> = include_bytes!("../../test/quote.bin").to_vec();
-        let quote: Quote = bincode::deserialize(&quote_bytes[..]).unwrap();
+        let quote_bytes = include_bytes!("../../test/quote.bin");
+        let quote: Quote = bincode::deserialize(quote_bytes).unwrap();
 
         // proper nonce in message
         let nonce = "challenge".as_bytes().to_vec();
@@ -158,8 +159,8 @@ mod tests {
 
     #[test]
     fn test_pcr_values() {
-        let quote_bytes: Vec<u8> = include_bytes!("../../test/quote.bin").to_vec();
-        let quote: Quote = bincode::deserialize(&quote_bytes[..]).unwrap();
+        let quote_bytes = include_bytes!("../../test/quote.bin");
+        let quote: Quote = bincode::deserialize(quote_bytes).unwrap();
         let result = quote.verify_pcrs();
         assert!(result.is_ok(), "PCR verification should not fail");
     }