From 289cbfa1933ee0428f3a5e2a7166137a34fca01b Mon Sep 17 00:00:00 2001 From: Suraj Deshmukh Date: Mon, 15 Jan 2024 11:37:16 +0000 Subject: [PATCH] address review --- az-cvm-vtpm/Cargo.toml | 2 +- az-cvm-vtpm/az-snp-vtpm/Cargo.toml | 4 ++-- az-cvm-vtpm/az-tdx-vtpm/Cargo.toml | 4 ++-- az-cvm-vtpm/src/vtpm/mod.rs | 7 ++++--- az-cvm-vtpm/src/vtpm/verify.rs | 11 ++++++----- 5 files changed, 15 insertions(+), 13 deletions(-) diff --git a/az-cvm-vtpm/Cargo.toml b/az-cvm-vtpm/Cargo.toml index eb30e69..ae07219 100644 --- a/az-cvm-vtpm/Cargo.toml +++ b/az-cvm-vtpm/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "az-cvm-vtpm" -version = "0.4.2" +version = "0.5.0" edition = "2021" repository = "https://github.com/kinvolk/azure-cvm-tooling/" license = "MIT" diff --git a/az-cvm-vtpm/az-snp-vtpm/Cargo.toml b/az-cvm-vtpm/az-snp-vtpm/Cargo.toml index 47f3fae..c04f9a1 100644 --- a/az-cvm-vtpm/az-snp-vtpm/Cargo.toml +++ b/az-cvm-vtpm/az-snp-vtpm/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "az-snp-vtpm" -version = "0.4.1" +version = "0.5.0" edition = "2021" repository = "https://github.com/kinvolk/azure-cvm-tooling/" license = "MIT" @@ -17,7 +17,7 @@ path = "src/main.rs" required-features = ["attester", "verifier"] [dependencies] -az-cvm-vtpm = { path = "..", version = "0.4.1" } +az-cvm-vtpm = { path = "..", version = "0.5.0" } bincode.workspace = true clap.workspace = true openssl = { workspace = true, optional = true } diff --git a/az-cvm-vtpm/az-tdx-vtpm/Cargo.toml b/az-cvm-vtpm/az-tdx-vtpm/Cargo.toml index 2fa78c3..52bb46a 100644 --- a/az-cvm-vtpm/az-tdx-vtpm/Cargo.toml +++ b/az-cvm-vtpm/az-tdx-vtpm/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "az-tdx-vtpm" -version = "0.4.1" +version = "0.5.0" edition = "2021" repository = "https://github.com/kinvolk/azure-cvm-tooling/" license = "MIT" @@ -16,7 +16,7 @@ name = "tdx-vtpm" path = "src/main.rs" [dependencies] -az-cvm-vtpm = { path = "..", version = "0.4.1" } +az-cvm-vtpm = { path = "..", version = "0.5.0" } base64-url = "2.0.0" bincode.workspace = true serde.workspace = true diff --git a/az-cvm-vtpm/src/vtpm/mod.rs b/az-cvm-vtpm/src/vtpm/mod.rs index 83adb1d..4bcc447 100644 --- a/az-cvm-vtpm/src/vtpm/mod.rs +++ b/az-cvm-vtpm/src/vtpm/mod.rs @@ -102,6 +102,7 @@ pub fn get_ak_pub() -> Result { Ok(pkey) } +#[non_exhaustive] #[derive(Error, Debug)] pub enum QuoteError { #[error("tpm error")] @@ -120,9 +121,9 @@ pub enum QuoteError { #[derive(Serialize, Deserialize, Debug, Clone)] pub struct Quote { - pub signature: Vec, - pub message: Vec, - pub pcrs: Vec>, + signature: Vec, + message: Vec, + pcrs: Vec>, } impl Quote { diff --git a/az-cvm-vtpm/src/vtpm/verify.rs b/az-cvm-vtpm/src/vtpm/verify.rs index c5dc44c..454060f 100644 --- a/az-cvm-vtpm/src/vtpm/verify.rs +++ b/az-cvm-vtpm/src/vtpm/verify.rs @@ -10,6 +10,7 @@ use thiserror::Error; use tss_esapi::structures::{Attest, AttestInfo}; use tss_esapi::traits::UnMarshall; +#[non_exhaustive] #[derive(Error, Debug)] pub enum VerifyError { #[error("tss error")] @@ -62,7 +63,7 @@ impl Quote { Ok(()) } - /// Verify a Quote's PCR values + /// Verify that the TPM Quote's PCR digest matches the digest of the bundled PCR values /// pub fn verify_pcrs(&self) -> Result<(), VerifyError> { let attest = Attest::unmarshall(&self.message)?; @@ -128,8 +129,8 @@ mod tests { // // For PCR values: // sudo tpm2_pcrread sha256:0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 - let quote_bytes: Vec = include_bytes!("../../test/quote.bin").to_vec(); - let quote: Quote = bincode::deserialize("e_bytes[..]).unwrap(); + let quote_bytes = include_bytes!("../../test/quote.bin"); + let quote: Quote = bincode::deserialize(quote_bytes).unwrap(); // proper nonce in message let nonce = "challenge".as_bytes().to_vec(); @@ -158,8 +159,8 @@ mod tests { #[test] fn test_pcr_values() { - let quote_bytes: Vec = include_bytes!("../../test/quote.bin").to_vec(); - let quote: Quote = bincode::deserialize("e_bytes[..]).unwrap(); + let quote_bytes = include_bytes!("../../test/quote.bin"); + let quote: Quote = bincode::deserialize(quote_bytes).unwrap(); let result = quote.verify_pcrs(); assert!(result.is_ok(), "PCR verification should not fail"); }