Skip to content

Commit

Permalink
Move building of proto generated files to their own crates.
Browse files Browse the repository at this point in the history
  • Loading branch information
ernoc committed Jan 5, 2024
1 parent 5aa70a1 commit 384ab31
Show file tree
Hide file tree
Showing 36 changed files with 234 additions and 137 deletions.
27 changes: 24 additions & 3 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,8 @@ oak_grpc_utils = { path = "./oak_grpc_utils" }
oak_launcher_utils = { path = "./oak_launcher_utils" }
oak_linux_boot_params = { path = "./linux_boot_params" }
oak_logger = { path = "./oak_functions/logger" }
oak_attestation_proto = { path = "./proto/attestation" }
oak_functions_proto = { path = "./proto/oak_functions" }
oak_remote_attestation = { path = "./oak_remote_attestation" }
oak_restricted_kernel_dice = { path = "./oak_restricted_kernel_dice" }
oak_restricted_kernel_sdk = { path = "./oak_restricted_kernel_sdk" }
Expand Down
10 changes: 9 additions & 1 deletion enclave_apps/Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 0 additions & 1 deletion fuzz/Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 1 addition & 3 deletions oak_attestation_verification/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,11 @@ coset = { version = "*", default-features = false }
ecdsa = { version = "*", features = ["pkcs8", "pem"] }
hex = "*"
oak_dice = { workspace = true }
oak_attestation_proto = { workspace = true }
prost = { workspace = true }
p256 = { version = "*", features = ["ecdsa-core", "ecdsa", "pem"] }
serde = { version = "*", features = ["derive"] }
serde_jcs = "*"
serde_json = "*"
sha2 = { version = "*", default-features = false }
time = { version = "0.3.28", features = ["serde", "parsing", "formatting"] }

[build-dependencies]
prost-build = { workspace = true }
2 changes: 1 addition & 1 deletion oak_attestation_verification/src/claims.rs
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,9 @@
extern crate alloc;

use crate::proto::oak::HexDigest;
use alloc::{collections::BTreeMap, string::String, vec::Vec};
use anyhow::Context;
use oak_attestation_proto::oak::HexDigest;
use serde::{Deserialize, Serialize};
use time::OffsetDateTime;

Expand Down
2 changes: 1 addition & 1 deletion oak_attestation_verification/src/endorsement.rs
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,12 @@ use crate::{
get_digest, parse_endorsement_statement, validate_endorsement, verify_validity_duration,
EndorsementStatement,
},
proto::oak::HexDigest,
rekor::{get_rekor_log_entry_body, verify_rekor_log_entry},
util::{convert_pem_to_raw, equal_keys, is_hex_digest_match, MatchResult},
};
use anyhow::Context;
use base64::{prelude::BASE64_STANDARD, Engine as _};
use oak_attestation_proto::oak::HexDigest;

/// Compares the digest contained in the endorsement against the given one.
pub fn verify_binary_digest(
Expand Down
18 changes: 0 additions & 18 deletions oak_attestation_verification/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -19,24 +19,6 @@

extern crate alloc;

// Inlined from tonic::include_proto in order to cut dependency on tonic.
macro_rules! include_proto {
($package: tt) => {
include!(concat!(env!("OUT_DIR"), concat!("/", $package, ".rs")));
};
}

pub mod proto {
pub mod oak {
include_proto!("oak");
pub mod attestation {
pub mod v1 {
include_proto!("oak.attestation.v1");
}
}
}
}

pub mod claims;
pub mod endorsement;
pub mod rekor;
Expand Down
2 changes: 1 addition & 1 deletion oak_attestation_verification/src/util.rs
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,12 @@
// limitations under the License.
//

use crate::proto::oak::{HexDigest, RawDigest};
use alloc::{string::String, vec::Vec};
use anyhow::Context;
use base64::{prelude::BASE64_STANDARD, Engine as _};
use core::{cmp::Ordering, str::FromStr};
use ecdsa::{signature::Verifier, Signature};
use oak_attestation_proto::oak::{HexDigest, RawDigest};
use p256::ecdsa::VerifyingKey;
use sha2::{Digest, Sha256, Sha384, Sha512};

Expand Down
58 changes: 29 additions & 29 deletions oak_attestation_verification/src/verifier.rs
Original file line number Diff line number Diff line change
Expand Up @@ -20,20 +20,6 @@ use crate::{
alloc::string::ToString,
claims::{get_digest, parse_endorsement_statement},
endorsement::verify_binary_endorsement,
proto::oak::{
attestation::v1::{
attestation_results::Status, binary_reference_value, endorsements, reference_values,
ApplicationKeys, ApplicationLayerEndorsements, ApplicationLayerReferenceValues,
AttestationResults, BinaryReferenceValue, CbEndorsements, CbReferenceValues,
ContainerLayerEndorsements, ContainerLayerReferenceValues, Endorsements, Evidence,
KernelLayerEndorsements, KernelLayerReferenceValues, LayerEvidence,
OakContainersEndorsements, OakContainersReferenceValues,
OakRestrictedKernelEndorsements, OakRestrictedKernelReferenceValues, ReferenceValues,
RootLayerEndorsements, RootLayerEvidence, RootLayerReferenceValues,
SystemLayerEndorsements, SystemLayerReferenceValues, TransparentReleaseEndorsement,
},
RawDigest,
},
util::{
hex_to_raw_digest, is_hex_digest_match, is_raw_digest_match, raw_to_hex_digest, MatchResult,
},
Expand All @@ -42,6 +28,20 @@ use crate::{
use alloc::vec::Vec;
use coset::{cbor::Value, cwt::ClaimsSet, CborSerializable, CoseKey, RegisteredLabelWithPrivate};
use ecdsa::{signature::Verifier, Signature};
use oak_attestation_proto::oak::{
attestation::v1::{
attestation_results::Status, binary_reference_value, endorsements, reference_values,
ApplicationKeys, ApplicationLayerEndorsements, ApplicationLayerReferenceValues,
AttestationResults, BinaryReferenceValue, CbEndorsements, CbReferenceValues,
ContainerLayerEndorsements, ContainerLayerReferenceValues, Endorsements, Evidence,
KernelLayerEndorsements, KernelLayerReferenceValues, LayerEvidence,
OakContainersEndorsements, OakContainersReferenceValues, OakRestrictedKernelEndorsements,
OakRestrictedKernelReferenceValues, ReferenceValues, RootLayerEndorsements,
RootLayerEvidence, RootLayerReferenceValues, SystemLayerEndorsements,
SystemLayerReferenceValues, TransparentReleaseEndorsement,
},
RawDigest,
};
use oak_dice::cert::{
cose_key_to_hpke_public_key, cose_key_to_verifying_key, get_public_key_from_claims_set,
ACPI_MEASUREMENT_ID, CONTAINER_IMAGE_ID, ENCLAVE_APPLICATION_LAYER_ID, INITRD_MEASUREMENT_ID,
Expand All @@ -58,21 +58,21 @@ pub struct DiceChainResult {
signing_public_key: Vec<u8>,
}

impl From<&anyhow::Result<DiceChainResult>> for AttestationResults {
fn from(value: &anyhow::Result<DiceChainResult>) -> Self {
match value {
Ok(dice_chain_result) => AttestationResults {
status: Status::Success.into(),
encryption_public_key: dice_chain_result.encryption_public_key.clone(),
signing_public_key: dice_chain_result.signing_public_key.clone(),
..Default::default()
},
Err(err) => AttestationResults {
status: Status::GenericFailure.into(),
reason: err.to_string(),
..Default::default()
},
}
pub fn to_attestation_results(
verify_result: &anyhow::Result<DiceChainResult>,
) -> AttestationResults {
match verify_result {
Ok(dice_chain_result) => AttestationResults {
status: Status::Success.into(),
encryption_public_key: dice_chain_result.encryption_public_key.clone(),
signing_public_key: dice_chain_result.signing_public_key.clone(),
..Default::default()
},
Err(err) => AttestationResults {
status: Status::GenericFailure.into(),
reason: err.to_string(),
..Default::default()
},
}
}

Expand Down
3 changes: 2 additions & 1 deletion oak_attestation_verification/tests/endorsement_tests.rs
Original file line number Diff line number Diff line change
Expand Up @@ -25,11 +25,12 @@ use oak_attestation_verification::{
verify_binary_digest, verify_binary_endorsement, verify_endorsement_statement,
verify_endorser_public_key,
},
proto::oak::HexDigest,
rekor::{verify_rekor_log_entry, verify_rekor_signature},
util::{convert_pem_to_raw, MatchResult},
};

use oak_attestation_proto::oak::HexDigest;

const BINARY_DIGEST: &str = "39051983bbb600bbfb91bd22ee4c976420f8f0c6a895fd083dcb0d153ddd5fd6";
const ENDORSEMENT_PATH: &str = "testdata/endorsement.json";

Expand Down
Loading

0 comments on commit 384ab31

Please sign in to comment.