Skip to content

Commit

Permalink
release
Browse files Browse the repository at this point in the history
Releasing version 2.0.1!

Signed-off-by: Larry Dewey <larry.dewey@amd.com>
  • Loading branch information
larrydewey committed Nov 3, 2023
1 parent 59cd7ab commit 72dcbbc
Show file tree
Hide file tree
Showing 5 changed files with 72 additions and 79 deletions.
2 changes: 1 addition & 1 deletion Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "sev"
version = "1.2.1"
version = "2.0.1"
authors = [
"Nathaniel McCallum <npmccallum@redhat.com>",
"The VirTee Project Developers",
Expand Down
6 changes: 0 additions & 6 deletions src/firmware/guest/types/mod.rs
Original file line number Diff line number Diff line change
@@ -1,13 +1,7 @@
// SPDX-License-Identifier: Apache-2.0

#[cfg(feature = "sev")]
mod sev;

#[cfg(feature = "snp")]
mod snp;

#[cfg(feature = "sev")]
pub use self::sev::*;

#[cfg(feature = "snp")]
pub use self::snp::*;
71 changes: 0 additions & 71 deletions src/firmware/guest/types/sev.rs

This file was deleted.

70 changes: 70 additions & 0 deletions src/firmware/host/types/sev.rs
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,29 @@ pub use crate::firmware::linux::host::types::PlatformStatusFlags;

use crate::{firmware::host::State, Build};

#[cfg(feature = "openssl")]
use std::convert::TryInto;

#[cfg(feature = "openssl")]
use crate::certs::sev::{
sev::{Certificate, Usage},
PublicKey, Verifiable,
};

#[cfg(feature = "openssl")]
use openssl::{ec::EcKey, ecdsa::EcdsaSig, pkey::Public};

use crate::certs::snp::ecdsa::Signature;
use serde::{Deserialize, Serialize};

use std::fmt::Debug;

const MNONCE_SIZE: usize = 128 / 8;
const DIGEST_SIZE: usize = 256 / 8;
const POLICY_SIZE: usize = 32 / 8;
const POLICY_OFFSET: usize = MNONCE_SIZE + DIGEST_SIZE;
const MEASURABLE_BYTES: usize = MNONCE_SIZE + DIGEST_SIZE + POLICY_SIZE;

/// Information regarding the SEV platform's current status.
#[derive(Clone, Debug, PartialEq, Eq)]
pub struct Status {
Expand All @@ -26,3 +47,52 @@ pub struct Status {
/// The number of valid guests supervised by this platform.
pub guests: u32,
}

/// An attestation report structure.
#[derive(Default, Serialize, Deserialize)]
#[repr(C)]
pub struct LegacyAttestationReport {
/// 128-bit Nonce from the Command Buffer.
pub mnonce: [u8; MNONCE_SIZE], // 0x00
/// SHA-256 digest of launched guest.
pub launch_digest: [u8; POLICY_SIZE], // 0x10
/// Policy guest was launched with.
pub policy: u32, // 0x30
/// Key usage of SIG1 signing key.
pub sig_usage: u32, // 0x34
/// Signature Algorithm
pub sig_algo: u32, // 0x38
/// Reserved
_reserved_0: u32, // 0x3C
/// Signature of the report.
// #[serde(with = "BigArray")]
// pub signature: [u8; 144], // 0x40 - 0xCF
pub signature: Signature,
}

impl LegacyAttestationReport {
/// Provides the measured bytes of the report. This should include bits 0x0 - 0x34 inclusively.
pub fn measurable_bytes(&self) -> [u8; MEASURABLE_BYTES] {
let mut bytes: [u8; MEASURABLE_BYTES] = [0; 52];
bytes[0..MNONCE_SIZE].copy_from_slice(&self.mnonce);
bytes[MNONCE_SIZE..POLICY_OFFSET].copy_from_slice(&self.launch_digest);
bytes[POLICY_OFFSET..].copy_from_slice(&self.policy.to_ne_bytes());
bytes
}
}

#[cfg(feature = "openssl")]
impl Verifiable for (&Certificate, &LegacyAttestationReport) {
type Output = ();

fn verify(self) -> std::io::Result<Self::Output> {
let sev_pub_key: PublicKey<Usage> = self.0.try_into()?;
let pub_key: &EcKey<Public> = &sev_pub_key.ec_key()?;

let sig: EcdsaSig = (&self.1.signature).try_into()?;

sig.verify(&self.1.measurable_bytes(), pub_key)?;

Ok(())
}
}

0 comments on commit 72dcbbc

Please sign in to comment.