diff --git a/Cargo.lock b/Cargo.lock index 9c0e9cc4..1e8caa52 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -349,19 +349,27 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "79b71cca7d95d7681a4b3b9cdf63c8dbc3730d0584c2c74e31416d64a90493f4" dependencies = [ "const-oid", +] + +[[package]] +name = "der" +version = "0.7.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0" +dependencies = [ "der_derive", + "zeroize", ] [[package]] name = "der_derive" -version = "0.4.1" +version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8aed3b3c608dc56cf36c45fe979d04eda51242e6703d8d0bb03426ef7c41db6a" +checksum = "8034092389675178f570469e6c3b0465d3d30b4505c294a6550db47f3c17ad18" dependencies = [ "proc-macro2", "quote", - "syn 1.0.109", - "synstructure", + "syn 2.0.48", ] [[package]] @@ -1070,18 +1078,6 @@ dependencies = [ "unicode-ident", ] -[[package]] -name = "synstructure" -version = "0.12.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f" -dependencies = [ - "proc-macro2", - "quote", - "syn 1.0.109", - "unicode-xid", -] - [[package]] name = "td-benchmark" version = "0.1.0" @@ -1197,7 +1193,7 @@ dependencies = [ "anyhow", "cc", "cc-measurement", - "der", + "der 0.7.9", "lazy_static", "linked_list_allocator", "log", @@ -1238,7 +1234,7 @@ dependencies = [ "byteorder", "cfg-if", "clap", - "der", + "der 0.4.5", "env_logger", "hex", "log", @@ -1463,12 +1459,6 @@ version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" -[[package]] -name = "unicode-xid" -version = "0.2.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c" - [[package]] name = "untrusted" version = "0.9.0" diff --git a/td-shim/Cargo.toml b/td-shim/Cargo.toml index 4da7c175..f876b241 100644 --- a/td-shim/Cargo.toml +++ b/td-shim/Cargo.toml @@ -39,7 +39,7 @@ x86 = { version ="0.47.0", optional = true } x86_64 = { version = "0.14.9", default-features = false, features = ["instructions"], optional = true } # secure boot -der = {version = "0.4.5", features = ["derive", "alloc"], optional = true} +der = {version = "0.7.9", features = ["derive", "alloc"], optional = true} # TDX tdx-tdcall = { path = "../tdx-tdcall", optional = true } diff --git a/td-shim/src/secure_boot.rs b/td-shim/src/secure_boot.rs index 32520d4d..9dbdb324 100644 --- a/td-shim/src/secure_boot.rs +++ b/td-shim/src/secure_boot.rs @@ -11,7 +11,7 @@ use core::mem::size_of; use core::ptr::slice_from_raw_parts; -use der::{asn1::UIntBytes, Encodable, Message}; +use der::{asn1::UintRef, Encode, Sequence}; use r_efi::efi::Guid; use ring::{ digest, @@ -120,10 +120,10 @@ pub enum VerifyErr { // modulus INTEGER, -- n // publicExponent INTEGER } -- e // -#[derive(Copy, Clone, Debug, Eq, PartialEq, Message)] +#[derive(Copy, Clone, Debug, Eq, PartialEq, Sequence)] struct RsaPublicKeyDer<'a> { - pub modulus: UIntBytes<'a>, - pub exponents: UIntBytes<'a>, + pub modulus: UintRef<'a>, + pub exponents: UintRef<'a>, } pub struct PayloadVerifier<'a> { @@ -200,8 +200,8 @@ impl<'a> PayloadVerifier<'a> { signature = &signed_payload[offset..offset + 384]; let der = RsaPublicKeyDer { - modulus: UIntBytes::new(modulus).map_err(|_e| VerifyErr::InvalidContent)?, - exponents: UIntBytes::new(exp).map_err(|_e| VerifyErr::InvalidContent)?, + modulus: UintRef::new(modulus).map_err(|_e| VerifyErr::InvalidContent)?, + exponents: UintRef::new(exp).map_err(|_e| VerifyErr::InvalidContent)?, }; let encoded = der .encode_to_slice(&mut formated_public_key)