diff --git a/az-cvm-vtpm/Cargo.toml b/az-cvm-vtpm/Cargo.toml index 3c63359..5dd4578 100644 --- a/az-cvm-vtpm/Cargo.toml +++ b/az-cvm-vtpm/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "az-cvm-vtpm" -version = "0.5.1" +version = "0.5.2" edition = "2021" repository = "https://github.com/kinvolk/azure-cvm-tooling/" license = "MIT" diff --git a/az-cvm-vtpm/az-snp-vtpm/Cargo.toml b/az-cvm-vtpm/az-snp-vtpm/Cargo.toml index b9fcade..90d0051 100644 --- a/az-cvm-vtpm/az-snp-vtpm/Cargo.toml +++ b/az-cvm-vtpm/az-snp-vtpm/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "az-snp-vtpm" -version = "0.5.1" +version = "0.5.2" edition = "2021" repository = "https://github.com/kinvolk/azure-cvm-tooling/" license = "MIT" @@ -17,7 +17,7 @@ path = "src/main.rs" required-features = ["attester", "verifier"] [dependencies] -az-cvm-vtpm = { path = "..", version = "0.5.1" } +az-cvm-vtpm = { path = "..", version = "0.5.2" } bincode.workspace = true clap.workspace = true openssl = { workspace = true, optional = true } diff --git a/az-cvm-vtpm/az-tdx-vtpm/Cargo.toml b/az-cvm-vtpm/az-tdx-vtpm/Cargo.toml index f0c6e0e..34208a1 100644 --- a/az-cvm-vtpm/az-tdx-vtpm/Cargo.toml +++ b/az-cvm-vtpm/az-tdx-vtpm/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "az-tdx-vtpm" -version = "0.5.1" +version = "0.5.2" edition = "2021" repository = "https://github.com/kinvolk/azure-cvm-tooling/" license = "MIT" @@ -16,7 +16,7 @@ name = "tdx-vtpm" path = "src/main.rs" [dependencies] -az-cvm-vtpm = { path = "..", version = "0.5.1" } +az-cvm-vtpm = { path = "..", version = "0.5.2" } base64-url = "2.0.0" bincode.workspace = true serde.workspace = true diff --git a/az-cvm-vtpm/src/vtpm/mod.rs b/az-cvm-vtpm/src/vtpm/mod.rs index 0a50e31..0c90dc1 100644 --- a/az-cvm-vtpm/src/vtpm/mod.rs +++ b/az-cvm-vtpm/src/vtpm/mod.rs @@ -126,10 +126,15 @@ pub enum QuoteError { pub struct Quote { signature: Vec, message: Vec, - pcrs: Vec>, + pcrs: Vec<[u8; 32]>, } impl Quote { + /// Retrieve sha256 PCR values from a Quote + pub fn pcrs_sha256(&self) -> impl Iterator { + self.pcrs.iter() + } + /// Extract nonce from a Quote pub fn nonce(&self) -> Result, QuoteError> { let attest = Attest::unmarshall(&self.message)?; @@ -191,10 +196,11 @@ pub fn get_quote(data: &[u8]) -> Result { .pcr_bank(hash_algo) .ok_or(QuoteError::PcrBankNotFound)?; - let pcrs = pcr_bank + let pcrs: Result, _> = pcr_bank .into_iter() - .map(|(_, x)| x.value().to_vec()) + .map(|(_, digest)| digest.clone().try_into().map_err(|_| QuoteError::PcrRead)) .collect(); + let pcrs = pcrs?; Ok(Quote { signature, diff --git a/az-cvm-vtpm/test/akpub.pem b/az-cvm-vtpm/test/akpub.pem index 7cab27d..9263f13 100644 --- a/az-cvm-vtpm/test/akpub.pem +++ b/az-cvm-vtpm/test/akpub.pem @@ -1,9 +1,9 @@ -----BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJlHggAAGWfX9uqSq3js -wJ9PGrEGyurECyTMfptLwI5Ca1JEwocKXHsTfdAEUVIi9GVWcNuBGpr5Dbd8reoE -l6/p5IoxQsXyPSC6LZ7HdisORYOo8tQU/fqcuRky1InLJnsKG0o91XEP1MBo5/J7 -MxUAkkWPOiA6wPo+k7Wo3X3TB1NxxqohqAN+sRQ3Useqlzg7sViw+us0nrPb5gbz -1M8PMlLj4UW6j2j+XNQMsPtZEJ5qAwOmtqstFqT16qBkqFd/ey+NQBNINQAYlaHT -Vh2cwzq17i2Cru0KSHGQVa2YcUPZhDu4eAQdy+fdVE/uTjxf7Sac5WXefK2YXxyw -VQIDAQAB +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/zPnAAAQVXPyGWeKFj0 +UmbmtufZK7yeoeLZn0GbA0VVyjh+BPybG/ZrsgXFF7aQsOyaW2OLaKeeFzXqy6v3 +kCZRONtxLOXWlTSK2ytRrXvzJnjF86gqD4z9VkJ5GyWhPNI4P67+eJKu8iaHmSrP +WKAVJbJ9+YaZwP48E3Q0wQ1rZjRT8VVJNrjCAT0gRivoEqN5GZMrwIeCjddvs13/ +A4pBc6+Na7ojQ8ljmF6I/dV9dvJWi/GsQXNgjjSjw2SgYdyuZts7syyuKx42idCJ +qxJb6Zmmjb6VWfoOo/cr5ZvjSeQFaBEVuAgP47fYLlhVjIQddKM/IDxW6fovr8OO +YwIDAQAB -----END PUBLIC KEY----- diff --git a/az-cvm-vtpm/test/quote.bin b/az-cvm-vtpm/test/quote.bin index 41c8937..a23518d 100644 Binary files a/az-cvm-vtpm/test/quote.bin and b/az-cvm-vtpm/test/quote.bin differ