Verifier: Add IBM Secure Execution verifier driver framework fix comm…

…ents Signed-off-by: Qi Feng Huo <[email protected]>
confidential-containers · Jun 5, 2024 · af3d0b5 · af3d0b5
1 parent b1e14d1
commit af3d0b5
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 8 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -38,7 +38,7 @@ regorus = { version = "0.1.5", default-features = false, features = ["regex", "b
 rstest = "0.18.1"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0.89"
-serde_with = { version = "1.11.0", features = ["base64"] }
+serde_with = { version = "1.11.0", features = ["base64", "hex"] }
 serial_test = "0.9.0"
 sha2 = "0.10"
 shadow-rs = "0.19.0"

diff --git a/attestation-service/README.md b/attestation-service/README.md
@@ -81,7 +81,7 @@ Please refer to the individual verifiers for the specific format of the evidence
 - Azure TDX vTPM: [Evidence](./verifier/src/az_tdx_vtpm/mod.rs)
 - Arm CCA: [CcaEvidence](./verifier/src/cca/mod.rs)
 - Hygon CSV: [CsvEvidence](./verifier/src/csv/mod.rs)
-- IBM Secure Execution (SE) [(SeEvidence)](./verifier/src/se/mod.rs)
+- IBM Secure Execution (SE): [SeEvidence](./verifier/src/se/mod.rs)
 
 ## Output
 

diff --git a/attestation-service/verifier/src/se/ibmse.rs b/attestation-service/verifier/src/se/ibmse.rs
@@ -6,6 +6,7 @@
 use crate::TeeEvidenceParsedClaim;
 use anyhow::{anyhow, bail, Context, Result};
 use core::result::Result::Ok;
+use hex::{FromHex, ToHex};
 use log::{debug, info, warn};
 use openssl::encrypt::{Decrypter, Encrypter};
 use openssl::pkey::{PKey, Private, Public};
@@ -18,7 +19,7 @@ use pv::misc::{open_file, read_certs};
 use pv::request::{BootHdrTags, CertVerifier, HkdVerifier, ReqEncrCtx, Request, SymKeyType};
 use pv::uv::ConfigUid;
 use serde::{Deserialize, Serialize};
-use serde_with::{base64::Base64, serde_as};
+use serde_with::{base64::Base64, hex::Hex, serde_as};
 use std::{env, fs};
 
 const DEFAULT_SE_HOST_KEY_DOCUMENTS_ROOT: &str = "/run/confidential-containers/ibmse/hkds";
@@ -87,16 +88,16 @@ pub struct SeAttestationResponse {
 #[serde_as]
 #[derive(Debug, Serialize, Deserialize)]
 pub struct SeAttestationClaims {
-    #[serde_as(as = "Base64")]
+    #[serde_as(as = "Hex")]
     cuid: ConfigUid,
-    #[serde_as(as = "Base64")]
+    #[serde_as(as = "Hex")]
     user_data: Vec<u8>,
     version: u32,
-    #[serde_as(as = "Base64")]
+    #[serde_as(as = "Hex")]
     image_phkh: Vec<u8>,
-    #[serde_as(as = "Base64")]
+    #[serde_as(as = "Hex")]
     attestation_phkh: Vec<u8>,
-    #[serde_as(as = "Base64")]
+    #[serde_as(as = "Hex")]
     tag: [u8; 16],
 }