Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

attest: Add attest_len & attest ops. #1591

Merged
merged 2 commits into from
Jan 23, 2024
Merged

attest: Add attest_len & attest ops. #1591

merged 2 commits into from
Jan 23, 2024

Conversation

flihp
Copy link
Contributor

@flihp flihp commented Jan 17, 2024

Calling the attest op will cause the Attest task to produce the signature: sign(alias_priv, sha3_256(hubpack(log) | nonce)). The caller can then use other ops from the Attest task to verify the signature.

@flihp flihp marked this pull request as draft January 17, 2024 18:37
@flihp
Copy link
Contributor Author

flihp commented Jan 17, 2024

converted to DRAFT till I test on a gimlet

labbott
labbott reviewed Jan 18, 2024
View reviewed changes
task/attest/src/main.rs Outdated Show resolved Hide resolved
app/oxide-rot-1/app.toml Show resolved Hide resolved
@flihp flihp force-pushed the attest branch 3 times, most recently from 5010307 to 1bca9d5 Compare January 23, 2024 18:16
@flihp flihp marked this pull request as ready for review January 23, 2024 18:48
@flihp
Copy link
Contributor Author

flihp commented Jan 23, 2024
edited

this has been tested with dev & mfg builds with platform identity cert signed by staging root https://github.com/oxidecomputer/evidence-room/blob/main/staging/2023-05-12_provisioning/output/platform-identity-root-a.cert.pem on a PSC rev-b & Gimlet rev-c including sprot. My test is the current verification process from the verifier-cli in https://github.com/oxidecomputer/dice-util/tree/main/verifier-cli. I intend to test on a sidecar once one is available but 2 out of 3 ...

labbott
labbott approved these changes Jan 23, 2024
View reviewed changes
Copy link
Collaborator

@labbott labbott left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

flihp and others added 2 commits January 23, 2024 11:58
@flihp
attest: Add attest_len & attest ops.
7c87b0f 
Calling the `attest` op will cause the `Attest` task to produce the
signature: `sign(alias_priv, sha3_256(hubpack(log) | nonce))`. The
caller can then use other ops from the `Attest` task to verify the
signature.
@flihp
sprot: plumbing for attest & attest_len
02d9901 
This is the first op supported by sprot that takes both a read and a
write lease. Following the existing structure of `handle_request` we add
a new `Attest` variant to the TrailingData enum where we store the
appropriately sized slice that holds the read lease. As a result we must
be more explicit about the lifetimes in the `handle_request` method
because it's return value no longer has the same lifetime as the `self`
param (3rd lifetime elision rule).

The rest is pretty straight forward with the call to `Attest::attest`
happending in the match arm for this new `TrailingData` variant.
@flihp flihp merged commit a89e0a9 into oxidecomputer:master Jan 23, 2024
77 checks passed
@cbiffle cbiffle mentioned this pull request Mar 25, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@labbott labbott labbott approved these changes

@cbiffle cbiffle Awaiting requested review from cbiffle cbiffle is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@flihp @labbott