Skip to content

Commit

Permalink
Attester: Update CSV evidence format
Browse files Browse the repository at this point in the history 
Signed-off-by: Jiale Zhang <[email protected]>
  • Loading branch information
@jialez0
jialez0 committed Nov 28, 2023
1 parent 3b0708e commit 92889e7
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 4 deletions.
21 changes: 20 additions & 1 deletion Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions attestation-agent/attester/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ anyhow.workspace = true
async-trait.workspace = true
az-snp-vtpm = { git = "https://github.com/kinvolk/azure-cvm-tooling", rev = "2c2e411", default-features = false, features = ["attester"], optional = true }
base64.workspace = true
bincode = "1.3.3"
kbs-types.workspace = true
log.workspace = true
nix = {version = "0.26.2", optional = true }
Expand Down
16 changes: 13 additions & 3 deletions attestation-agent/attester/src/csv/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,13 @@ use super::Attester;
use anyhow::{bail, Context, Ok, Result};
use codicon::Decoder;
use csv_rs::{
api::guest::{AttestationReport, CsvGuest},
api::guest::CsvGuest,
certs::{ca, csv},
};
use serde::{Deserialize, Serialize};
use std::path::Path;

use base64::Engine;
use hyper::body::HttpBody as _;
use hyper::Client;
use hyper_tls::HttpsConnector;
Expand All @@ -30,8 +31,11 @@ struct CertificateChain {

#[derive(Serialize, Deserialize)]
struct CsvEvidence {
attestation_report: AttestationReport,
// Base64 Encoded CSV AttestationReport Structure
attestation_report: String,
cert_chain: CertificateChain,
// Base64 Encoded CSV Seriail Number (Used to identify HYGON chip ID)
serial_number: String,
}

#[derive(Debug, Default)]
Expand All @@ -56,9 +60,15 @@ impl Attester for CsvAttester {
let cek = csv::Certificate::decode(&mut cert_data, ()).unwrap();
let pek = csv::Certificate::decode(&mut &report_signer.pek_cert[..], ())?;

let attestation_report_bin =
bincode::serialize(&attestation_report).context("Serialize CSV report failed")?;

let evidence = CsvEvidence {
attestation_report,
attestation_report: base64::engine::general_purpose::STANDARD
.encode(attestation_report_bin),
cert_chain: CertificateChain { hsk, cek, pek },
serial_number: base64::engine::general_purpose::STANDARD
.encode(report_signer.sn.to_vec()),

Check failure on line 71 in attestation-agent/attester/src/csv/mod.rs

View workflow job for this annotation

GitHub Actions / Check (stable) 

unnecessary use of `to_vec`
};
serde_json::to_string(&evidence).context("Serialize CSV evidence failed")
}
Expand Down

0 comments on commit 92889e7

Please sign in to comment.