Make Restricter Kernel Signer return a vector instead of a proto

Change-Id: Iedb940c9c063e46b6d93e810a10114e1fbca3699
project-oak · Oct 9, 2024 · b2ca348 · b2ca348
1 parent b0a5ca8
commit b2ca348
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 21 deletions.
diff --git a/oak_restricted_kernel_sdk/src/crypto.rs b/oak_restricted_kernel_sdk/src/crypto.rs
@@ -17,11 +17,13 @@
 //! Structs for signing and encryption using keys attested in the instance's
 //! attestation evidence.
 
+use alloc::vec::Vec;
+
 use oak_crypto::{
     encryption_key::{EncryptionKey, EncryptionKeyHandle},
     hpke::RecipientContext,
+    signer::Signer,
 };
-use oak_proto_rust::oak::crypto::v1::Signature;
 use p256::ecdsa::SigningKey;
 
 /// [`EncryptionKeyHandle`] implementation that using the instance's evidence
@@ -49,15 +51,6 @@ impl EncryptionKeyHandle for InstanceEncryptionKeyHandle {
     }
 }
 
-/// Exposes the ability to sign bytestrings using a private key that has been
-/// endorsed in the Attestation Evidence.
-pub trait Signer {
-    /// Attempt to sign the provided message bytestring using a signing private
-    /// key, a corresponding public key of which is contained in the
-    /// Attestation Evidence.
-    fn sign(&self, message: &[u8]) -> anyhow::Result<Signature>;
-}
-
 /// [`Signer`] implementation that using the instance's evidence and
 /// corresponding private keys.
 #[derive(Clone)]
@@ -75,9 +68,7 @@ impl InstanceSigner {
 }
 
 impl Signer for InstanceSigner {
-    fn sign(&self, message: &[u8]) -> anyhow::Result<Signature> {
-        Ok(Signature {
-            signature: <SigningKey as oak_crypto::signer::Signer>::sign(self.key, message),
-        })
+    fn sign(&self, message: &[u8]) -> Vec<u8> {
+        <SigningKey as oak_crypto::signer::Signer>::sign(self.key, message)
     }
 }
diff --git a/oak_restricted_kernel_sdk/src/lib.rs b/oak_restricted_kernel_sdk/src/lib.rs
@@ -29,7 +29,7 @@ pub mod handler;
 #[doc(cfg(feature = "testing"))]
 pub mod testing;
 pub mod utils;
-pub use oak_crypto::encryption_key::EncryptionKeyHandle;
+pub use oak_crypto::{encryption_key::EncryptionKeyHandle, signer::Signer};
 /// Marks a function as the entrypoint to an enclave app and sets up an
 /// conviences such an allocator, logger, panic handler.
 ///

diff --git a/oak_restricted_kernel_sdk/src/testing.rs b/oak_restricted_kernel_sdk/src/testing.rs
@@ -22,11 +22,11 @@ use alloc::vec::Vec;
 use oak_crypto::{
     encryption_key::{EncryptionKey, EncryptionKeyHandle},
     hpke::RecipientContext,
+    signer::Signer,
 };
 use oak_dice::evidence::{Evidence, RestrictedKernelDiceData, Stage0DiceData, TeePlatform};
 use oak_proto_rust::oak::{
     attestation::v1::{ApplicationLayerData, EventLog},
-    crypto::v1::Signature,
     RawDigest,
 };
 use p256::ecdsa::SigningKey;
@@ -35,7 +35,6 @@ use prost::Message;
 use crate::{
     alloc::string::ToString,
     attestation::{DiceWrapper, EvidenceProvider},
-    crypto::Signer,
 };
 
 lazy_static::lazy_static! {
@@ -112,10 +111,8 @@ impl MockSigner {
 }
 
 impl Signer for MockSigner {
-    fn sign(&self, message: &[u8]) -> anyhow::Result<Signature> {
-        Ok(Signature {
-            signature: <SigningKey as oak_crypto::signer::Signer>::sign(self.key, message),
-        })
+    fn sign(&self, message: &[u8]) -> Vec<u8> {
+        <SigningKey as oak_crypto::signer::Signer>::sign(self.key, message)
     }
 }