From a3655d9c1b063d5d20afa21cbf20cc4ead05cc6b Mon Sep 17 00:00:00 2001 From: Jiaqi Gao Date: Fri, 27 Sep 2024 04:10:21 -0400 Subject: [PATCH] remove unused functions in `attestation` and `crypto` Signed-off-by: Jiaqi Gao --- Cargo.lock | 18 ---------- src/attestation/src/attest.rs | 65 +---------------------------------- src/crypto/Cargo.toml | 1 - src/crypto/src/lib.rs | 13 ------- src/migtd/Cargo.toml | 1 - 5 files changed, 1 insertion(+), 97 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0813bde..340f19c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -113,12 +113,6 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" -[[package]] -name = "base64" -version = "0.21.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35636a1494ede3b646cc98f74f8e62c773a38a659ebc777a2cf26b9b74171df9" - [[package]] name = "bit_field" version = "0.10.2" @@ -281,7 +275,6 @@ dependencies = [ "ring", "rust_std_stub", "rustls", - "rustls-pemfile", "rustls-pki-types", "sys_time", "zeroize", @@ -573,7 +566,6 @@ version = "0.4.6" dependencies = [ "anyhow", "attestation", - "base64", "bitfield", "cc-measurement", "crypto", @@ -826,16 +818,6 @@ dependencies = [ "zeroize", ] -[[package]] -name = "rustls-pemfile" -version = "2.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35e4980fa29e4c4b212ffb3db068a564cbf560e51d3944b7c88bd8bf5bec64f4" -dependencies = [ - "base64", - "rustls-pki-types", -] - [[package]] name = "rustls-pki-types" version = "1.8.0" diff --git a/src/attestation/src/attest.rs b/src/attestation/src/attest.rs index 184635f..633df88 100644 --- a/src/attestation/src/attest.rs +++ b/src/attestation/src/attest.rs @@ -6,20 +6,14 @@ use crate::{ binding::get_quote as get_quote_inner, binding::init_heap, binding::verify_quote_integrity, binding::AttestLibError, root_ca::ROOT_CA, Error, }; -use alloc::{string::String, vec, vec::Vec}; +use alloc::{vec, vec::Vec}; use core::{alloc::Layout, ffi::c_void, ops::Range}; -use crypto::{ - x509, - x509::{Decode, ObjectIdentifier, OctetStringRef, Reader}, -}; use tdx_tdcall::tdreport::*; const TD_QUOTE_SIZE: usize = 0x2000; const TD_REPORT_VERIFY_SIZE: usize = 1024; const ATTEST_HEAP_SIZE: usize = 0x80000; const TD_VERIFIED_REPORT_SIZE: usize = 734; -const PEM_CERT_BEGIN: &str = "-----BEGIN CERTIFICATE-----\n"; -const PEM_CERT_END: &str = "-----END CERTIFICATE-----\n"; pub fn attest_init_heap() -> Option { unsafe { @@ -87,63 +81,6 @@ pub fn verify_quote(quote: &[u8]) -> Result, Error> { Ok(td_report_verify[..report_verify_size as usize].to_vec()) } -pub fn get_fmspc_from_quote(quote: &[u8]) -> Result<[u8; 6], Error> { - let mid = String::from_utf8_lossy(quote); - let start_index = mid.find(PEM_CERT_BEGIN).ok_or(Error::InvalidQuote)?; - let end_index = mid.find(PEM_CERT_END).ok_or(Error::InvalidQuote)? + PEM_CERT_END.len(); - - let pck_cert = mid[start_index..end_index].as_bytes(); - let pck_der = crypto::pem_cert_to_der(pck_cert) - .map_err(|_| Error::InvalidQuote)? - .to_vec(); - - parse_fmspc_from_pck_cert(&pck_der) -} - -#[derive(Clone, Copy, Debug, Eq, PartialEq)] -pub struct InnerValue<'a> { - pub id: ObjectIdentifier, - pub value: Option>, -} - -impl<'a> Decode<'a> for InnerValue<'a> { - fn decode>(decoder: &mut R) -> der::Result { - decoder.sequence(|decoder| { - let id = decoder.decode()?; - let value = decoder.decode()?; - - Ok(Self { id, value }) - }) - } -} - -fn parse_fmspc_from_pck_cert(pck_der: &[u8]) -> Result<[u8; 6], Error> { - const PCK_FMSPC_EXTENSION_OID: ObjectIdentifier = - ObjectIdentifier::new_unwrap("1.2.840.113741.1.13.1"); - const PCK_FMSPC_OID: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113741.1.13.1.4"); - - let x509 = x509::Certificate::from_der(pck_der).map_err(|_| Error::InvalidQuote)?; - let extensions = x509.tbs_certificate.extensions.ok_or(Error::InvalidQuote)?; - for ext in extensions.get() { - if ext.extn_id == PCK_FMSPC_EXTENSION_OID { - let vals = - Vec::::from_der(ext.extn_value.ok_or(Error::InvalidQuote)?.as_bytes()) - .map_err(|_| Error::InvalidQuote)?; - for val in vals { - if val.id == PCK_FMSPC_OID { - return val - .value - .ok_or(Error::InvalidQuote)? - .as_bytes() - .try_into() - .map_err(|_| Error::InvalidQuote); - } - } - } - } - Err(Error::InvalidQuote) -} - fn mask_verified_report_values(report: &mut [u8]) { const R_MISC_SELECT: Range = 626..630; const R_MISC_SELECT_MASK: Range = 630..634; diff --git a/src/crypto/Cargo.toml b/src/crypto/Cargo.toml index 14f2c21..16afc03 100644 --- a/src/crypto/Cargo.toml +++ b/src/crypto/Cargo.toml @@ -10,7 +10,6 @@ der = {version = "0.7.9", features = ["oid", "alloc", "derive"]} pki-types = { package = "rustls-pki-types", version = "1" } rust_std_stub = { path = "../std-support/rust-std-stub" } rustls = { version = "=0.23.12", default-features = false, features = ["ring" ], optional = true } -rustls-pemfile = { version = "2.0.0", default-features = false } ring = { path = "../../deps/td-shim/library/ring", default-features = false, features = ["alloc", "less-safe-getrandom-custom-or-rdrand"], optional = true } sys_time = { path = "../std-support/sys_time" } zeroize = "1.5.7" diff --git a/src/crypto/src/lib.rs b/src/crypto/src/lib.rs index e9d89b5..383c849 100644 --- a/src/crypto/src/lib.rs +++ b/src/crypto/src/lib.rs @@ -8,8 +8,6 @@ extern crate alloc; use alloc::string::String; -use pki_types::CertificateDer; -use rustls_pemfile::Item; cfg_if::cfg_if! { if #[cfg(feature = "rustls")] { @@ -79,14 +77,3 @@ impl From for Error { Error::GenerateCertificate(e) } } - -pub fn pem_cert_to_der(cert: &[u8]) -> Result> { - let item = rustls_pemfile::read_one_from_slice(cert) - .map_err(|_| Error::DecodePemCert)? - .map(|(item, _)| item) - .ok_or(Error::DecodePemCert)?; - match item { - Item::X509Certificate(cert) => Ok(cert), - _ => Err(Error::DecodePemCert), - } -} diff --git a/src/migtd/Cargo.toml b/src/migtd/Cargo.toml index 421cd83..898c7f2 100644 --- a/src/migtd/Cargo.toml +++ b/src/migtd/Cargo.toml @@ -35,7 +35,6 @@ virtio_serial = { path="../devices/virtio_serial", optional = true } x86 = "0.47.0" x86_64 = "0.14.9" zerocopy = { version = "0.7", features = ["derive"] } -base64 = { version = "0.21.5", default-features = false, features = ["alloc"] } minicov = { version = "0.2", default-features = false, optional = true } td-benchmark = { path = "../../deps/td-shim/devtools/td-benchmark", default-features = false, optional = true }