Skip to content

Commit

Permalink
kbs: ita: Set hash algorithm based on TEE type
Browse files Browse the repository at this point in the history 
If the TEE specifies the hash algorithms it can use [1], add the appropriate
hash algorithm to the returned `Challenge` [2].

For backwards compatibility, do not return the selected hash algorithm
if the TEE does not provide the list of hash algorithms it can use.

Partially-fixes: confidential-containers#242.

[1] - In the optional `extra-params.supported-hash-algorithms` list.
[2] - In `extra-params.selected-hash-algorithm`.

Signed-off-by: James O. D. Hunt <[email protected]>
  • Loading branch information
@jodh-intel @fidencio
jodh-intel authored and fidencio committed Sep 10, 2024
1 parent 51317c3 commit f14b15b
Show file tree
Hide file tree
Showing 4 changed files with 340 additions and 24 deletions.
26 changes: 13 additions & 13 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions attestation-service/src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,15 +22,15 @@ use serde_json::{json, Value};
use serde_variant::to_variant_name;
use sha2::{Digest, Sha256, Sha384, Sha512};
use std::{collections::HashMap, str::FromStr};
use strum::{AsRefStr, EnumString};
use strum::{AsRefStr, Display, EnumString};
use thiserror::Error;
use tokio::fs;
use verifier::{InitDataHash, ReportData};

use crate::utils::flatten_claims;

/// Hash algorithms used to calculate runtime/init data binding
#[derive(EnumString, AsRefStr)]
#[derive(Display, EnumString, AsRefStr)]
pub enum HashAlgorithm {
#[strum(ascii_case_insensitive)]
Sha256,
Expand Down
Loading

0 comments on commit f14b15b

Please sign in to comment.