From 5651d3e42b56fb39c708cc9943bb302647e6b288 Mon Sep 17 00:00:00 2001
From: Qi Feng Huo <huoqif@cn.ibm.com>
Date: Wed, 5 Jun 2024 10:48:06 +0800
Subject: [PATCH] Verifier: Add IBM Secure Execution verifier driver framework
 fix comments

Signed-off-by: Qi Feng Huo <huoqif@cn.ibm.com>
---
 Cargo.toml                                   |  2 +-
 attestation-service/README.md                |  2 +-
 attestation-service/verifier/src/se/ibmse.rs | 13 +++++++------
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index 9d3fef791a..c50b07651c 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -38,7 +38,7 @@ regorus = { version = "0.1.5", default-features = false, features = ["regex", "b
 rstest = "0.18.1"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0.89"
-serde_with = { version = "1.11.0", features = ["base64"] }
+serde_with = { version = "1.11.0", features = ["base64", "hex"] }
 serial_test = "0.9.0"
 sha2 = "0.10"
 shadow-rs = "0.19.0"
diff --git a/attestation-service/README.md b/attestation-service/README.md
index 7ebe09b1bc..a39294320d 100644
--- a/attestation-service/README.md
+++ b/attestation-service/README.md
@@ -81,7 +81,7 @@ Please refer to the individual verifiers for the specific format of the evidence
 - Azure TDX vTPM: [Evidence](./verifier/src/az_tdx_vtpm/mod.rs)
 - Arm CCA: [CcaEvidence](./verifier/src/cca/mod.rs)
 - Hygon CSV: [CsvEvidence](./verifier/src/csv/mod.rs)
-- IBM Secure Execution (SE) [(SeEvidence)](./verifier/src/se/mod.rs)
+- IBM Secure Execution (SE): [SeEvidence](./verifier/src/se/mod.rs)
 
 ## Output
 
diff --git a/attestation-service/verifier/src/se/ibmse.rs b/attestation-service/verifier/src/se/ibmse.rs
index 2328de346a..8a70b792c5 100644
--- a/attestation-service/verifier/src/se/ibmse.rs
+++ b/attestation-service/verifier/src/se/ibmse.rs
@@ -6,6 +6,7 @@
 use crate::TeeEvidenceParsedClaim;
 use anyhow::{anyhow, bail, Context, Result};
 use core::result::Result::Ok;
+use hex::{FromHex, ToHex};
 use log::{debug, info, warn};
 use openssl::encrypt::{Decrypter, Encrypter};
 use openssl::pkey::{PKey, Private, Public};
@@ -18,7 +19,7 @@ use pv::misc::{open_file, read_certs};
 use pv::request::{BootHdrTags, CertVerifier, HkdVerifier, ReqEncrCtx, Request, SymKeyType};
 use pv::uv::ConfigUid;
 use serde::{Deserialize, Serialize};
-use serde_with::{base64::Base64, serde_as};
+use serde_with::{base64::Base64, hex::Hex, serde_as};
 use std::{env, fs};
 
 const DEFAULT_SE_HOST_KEY_DOCUMENTS_ROOT: &str = "/run/confidential-containers/ibmse/hkds";
@@ -87,16 +88,16 @@ pub struct SeAttestationResponse {
 #[serde_as]
 #[derive(Debug, Serialize, Deserialize)]
 pub struct SeAttestationClaims {
-    #[serde_as(as = "Base64")]
+    #[serde_as(as = "Hex")]
     cuid: ConfigUid,
-    #[serde_as(as = "Base64")]
+    #[serde_as(as = "Hex")]
     user_data: Vec<u8>,
     version: u32,
-    #[serde_as(as = "Base64")]
+    #[serde_as(as = "Hex")]
     image_phkh: Vec<u8>,
-    #[serde_as(as = "Base64")]
+    #[serde_as(as = "Hex")]
     attestation_phkh: Vec<u8>,
-    #[serde_as(as = "Base64")]
+    #[serde_as(as = "Hex")]
     tag: [u8; 16],
 }