Skip to content

Commit

Permalink
remove unused functions in attestation and crypto
Browse files Browse the repository at this point in the history
Signed-off-by: Jiaqi Gao <[email protected]>
  • Loading branch information
gaojiaqi7 committed Oct 16, 2024
1 parent 49f8137 commit ed50c33
Show file tree
Hide file tree
Showing 5 changed files with 1 addition and 97 deletions.
18 changes: 0 additions & 18 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

65 changes: 1 addition & 64 deletions src/attestation/src/attest.rs
Original file line number Diff line number Diff line change
Expand Up @@ -6,20 +6,14 @@ use crate::{
binding::get_quote as get_quote_inner, binding::init_heap, binding::verify_quote_integrity,
binding::AttestLibError, root_ca::ROOT_CA, Error,
};
use alloc::{string::String, vec, vec::Vec};
use alloc::{vec, vec::Vec};
use core::{alloc::Layout, ffi::c_void, ops::Range};
use crypto::{
x509,
x509::{Decode, ObjectIdentifier, OctetStringRef, Reader},
};
use tdx_tdcall::tdreport::*;

const TD_QUOTE_SIZE: usize = 0x2000;
const TD_REPORT_VERIFY_SIZE: usize = 1024;
const ATTEST_HEAP_SIZE: usize = 0x80000;
const TD_VERIFIED_REPORT_SIZE: usize = 734;
const PEM_CERT_BEGIN: &str = "-----BEGIN CERTIFICATE-----\n";
const PEM_CERT_END: &str = "-----END CERTIFICATE-----\n";

pub fn attest_init_heap() -> Option<usize> {
unsafe {
Expand Down Expand Up @@ -87,63 +81,6 @@ pub fn verify_quote(quote: &[u8]) -> Result<Vec<u8>, Error> {
Ok(td_report_verify[..report_verify_size as usize].to_vec())
}

pub fn get_fmspc_from_quote(quote: &[u8]) -> Result<[u8; 6], Error> {
let mid = String::from_utf8_lossy(quote);
let start_index = mid.find(PEM_CERT_BEGIN).ok_or(Error::InvalidQuote)?;
let end_index = mid.find(PEM_CERT_END).ok_or(Error::InvalidQuote)? + PEM_CERT_END.len();

let pck_cert = mid[start_index..end_index].as_bytes();
let pck_der = crypto::pem_cert_to_der(pck_cert)
.map_err(|_| Error::InvalidQuote)?
.to_vec();

parse_fmspc_from_pck_cert(&pck_der)
}

#[derive(Clone, Copy, Debug, Eq, PartialEq)]
pub struct InnerValue<'a> {
pub id: ObjectIdentifier,
pub value: Option<OctetStringRef<'a>>,
}

impl<'a> Decode<'a> for InnerValue<'a> {
fn decode<R: der::Reader<'a>>(decoder: &mut R) -> der::Result<Self> {
decoder.sequence(|decoder| {
let id = decoder.decode()?;
let value = decoder.decode()?;

Ok(Self { id, value })
})
}
}

fn parse_fmspc_from_pck_cert(pck_der: &[u8]) -> Result<[u8; 6], Error> {
const PCK_FMSPC_EXTENSION_OID: ObjectIdentifier =
ObjectIdentifier::new_unwrap("1.2.840.113741.1.13.1");
const PCK_FMSPC_OID: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113741.1.13.1.4");

let x509 = x509::Certificate::from_der(pck_der).map_err(|_| Error::InvalidQuote)?;
let extensions = x509.tbs_certificate.extensions.ok_or(Error::InvalidQuote)?;
for ext in extensions.get() {
if ext.extn_id == PCK_FMSPC_EXTENSION_OID {
let vals =
Vec::<InnerValue>::from_der(ext.extn_value.ok_or(Error::InvalidQuote)?.as_bytes())
.map_err(|_| Error::InvalidQuote)?;
for val in vals {
if val.id == PCK_FMSPC_OID {
return val
.value
.ok_or(Error::InvalidQuote)?
.as_bytes()
.try_into()
.map_err(|_| Error::InvalidQuote);
}
}
}
}
Err(Error::InvalidQuote)
}

fn mask_verified_report_values(report: &mut [u8]) {
const R_MISC_SELECT: Range<usize> = 626..630;
const R_MISC_SELECT_MASK: Range<usize> = 630..634;
Expand Down
1 change: 0 additions & 1 deletion src/crypto/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ der = {version = "0.7.9", features = ["oid", "alloc", "derive"]}
pki-types = { package = "rustls-pki-types", version = "1" }
rust_std_stub = { path = "../std-support/rust-std-stub" }
rustls = { version = "=0.23.12", default-features = false, features = ["ring" ], optional = true }
rustls-pemfile = { version = "2.0.0", default-features = false }
ring = { path = "../../deps/td-shim/library/ring", default-features = false, features = ["alloc", "less-safe-getrandom-custom-or-rdrand"], optional = true }
sys_time = { path = "../std-support/sys_time" }
zeroize = "1.5.7"
Expand Down
13 changes: 0 additions & 13 deletions src/crypto/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,6 @@
extern crate alloc;

use alloc::string::String;
use pki_types::CertificateDer;
use rustls_pemfile::Item;

cfg_if::cfg_if! {
if #[cfg(feature = "rustls")] {
Expand Down Expand Up @@ -79,14 +77,3 @@ impl From<x509::DerError> for Error {
Error::GenerateCertificate(e)
}
}

pub fn pem_cert_to_der(cert: &[u8]) -> Result<CertificateDer<'static>> {
let item = rustls_pemfile::read_one_from_slice(cert)
.map_err(|_| Error::DecodePemCert)?
.map(|(item, _)| item)
.ok_or(Error::DecodePemCert)?;
match item {
Item::X509Certificate(cert) => Ok(cert),
_ => Err(Error::DecodePemCert),
}
}
1 change: 0 additions & 1 deletion src/migtd/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,6 @@ virtio_serial = { path="../devices/virtio_serial", optional = true }
x86 = "0.47.0"
x86_64 = "0.14.9"
zerocopy = { version = "0.7", features = ["derive"] }
base64 = { version = "0.21.5", default-features = false, features = ["alloc"] }

minicov = { version = "0.2", default-features = false, optional = true }
td-benchmark = { path = "../../deps/td-shim/devtools/td-benchmark", default-features = false, optional = true }
Expand Down

0 comments on commit ed50c33

Please sign in to comment.