vtpm: add method to get sha256 PCRs from Quote

The internal representation of the PCRs has been changed to fixed-size array. Signed-off-by: Magnus Kulke <[email protected]>
mkulke · Feb 22, 2024 · d652595 · d652595
1 parent de7ee48
commit d652595
Show file tree

Hide file tree

Showing 6 changed files with 21 additions and 15 deletions.
diff --git a/az-cvm-vtpm/Cargo.toml b/az-cvm-vtpm/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "az-cvm-vtpm"
-version = "0.5.1"
+version = "0.5.2"
 edition = "2021"
 repository = "https://github.com/kinvolk/azure-cvm-tooling/"
 license = "MIT"

diff --git a/az-cvm-vtpm/az-snp-vtpm/Cargo.toml b/az-cvm-vtpm/az-snp-vtpm/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "az-snp-vtpm"
-version = "0.5.1"
+version = "0.5.2"
 edition = "2021"
 repository = "https://github.com/kinvolk/azure-cvm-tooling/"
 license = "MIT"
@@ -17,7 +17,7 @@ path = "src/main.rs"
 required-features = ["attester", "verifier"]
 
 [dependencies]
-az-cvm-vtpm = { path = "..", version = "0.5.1" }
+az-cvm-vtpm = { path = "..", version = "0.5.2" }
 bincode.workspace = true
 clap.workspace = true
 openssl = { workspace = true, optional = true }

diff --git a/az-cvm-vtpm/az-tdx-vtpm/Cargo.toml b/az-cvm-vtpm/az-tdx-vtpm/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "az-tdx-vtpm"
-version = "0.5.1"
+version = "0.5.2"
 edition = "2021"
 repository = "https://github.com/kinvolk/azure-cvm-tooling/"
 license = "MIT"
@@ -16,7 +16,7 @@ name = "tdx-vtpm"
 path = "src/main.rs"
 
 [dependencies]
-az-cvm-vtpm = { path = "..", version = "0.5.1" }
+az-cvm-vtpm = { path = "..", version = "0.5.2" }
 base64-url = "2.0.0"
 bincode.workspace = true
 serde.workspace = true

diff --git a/az-cvm-vtpm/src/vtpm/mod.rs b/az-cvm-vtpm/src/vtpm/mod.rs
@@ -126,10 +126,15 @@ pub enum QuoteError {
 pub struct Quote {
     signature: Vec<u8>,
     message: Vec<u8>,
-    pcrs: Vec<Vec<u8>>,
+    pcrs: Vec<[u8; 32]>,
 }
 
 impl Quote {
+    /// Retrieve sha256 PCR values from a Quote
+    pub fn pcrs_sha256(&self) -> impl Iterator<Item = &[u8; 32]> {
+        self.pcrs.iter()
+    }
+
     /// Extract nonce from a Quote
     pub fn nonce(&self) -> Result<Vec<u8>, QuoteError> {
         let attest = Attest::unmarshall(&self.message)?;
@@ -191,10 +196,11 @@ pub fn get_quote(data: &[u8]) -> Result<Quote, QuoteError> {
         .pcr_bank(hash_algo)
         .ok_or(QuoteError::PcrBankNotFound)?;
 
-    let pcrs = pcr_bank
+    let pcrs: Result<Vec<[u8; 32]>, _> = pcr_bank
         .into_iter()
-        .map(|(_, x)| x.value().to_vec())
+        .map(|(_, digest)| digest.clone().try_into().map_err(|_| QuoteError::PcrRead))
         .collect();
+    let pcrs = pcrs?;
 
     Ok(Quote {
         signature,

diff --git a/az-cvm-vtpm/test/akpub.pem b/az-cvm-vtpm/test/akpub.pem
@@ -1,9 +1,9 @@
 -----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJlHggAAGWfX9uqSq3js
-wJ9PGrEGyurECyTMfptLwI5Ca1JEwocKXHsTfdAEUVIi9GVWcNuBGpr5Dbd8reoE
-l6/p5IoxQsXyPSC6LZ7HdisORYOo8tQU/fqcuRky1InLJnsKG0o91XEP1MBo5/J7
-MxUAkkWPOiA6wPo+k7Wo3X3TB1NxxqohqAN+sRQ3Useqlzg7sViw+us0nrPb5gbz
-1M8PMlLj4UW6j2j+XNQMsPtZEJ5qAwOmtqstFqT16qBkqFd/ey+NQBNINQAYlaHT
-Vh2cwzq17i2Cru0KSHGQVa2YcUPZhDu4eAQdy+fdVE/uTjxf7Sac5WXefK2YXxyw
-VQIDAQAB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/zPnAAAQVXPyGWeKFj0
+UmbmtufZK7yeoeLZn0GbA0VVyjh+BPybG/ZrsgXFF7aQsOyaW2OLaKeeFzXqy6v3
+kCZRONtxLOXWlTSK2ytRrXvzJnjF86gqD4z9VkJ5GyWhPNI4P67+eJKu8iaHmSrP
+WKAVJbJ9+YaZwP48E3Q0wQ1rZjRT8VVJNrjCAT0gRivoEqN5GZMrwIeCjddvs13/
+A4pBc6+Na7ojQ8ljmF6I/dV9dvJWi/GsQXNgjjSjw2SgYdyuZts7syyuKx42idCJ
+qxJb6Zmmjb6VWfoOo/cr5ZvjSeQFaBEVuAgP47fYLlhVjIQddKM/IDxW6fovr8OO
+YwIDAQAB
 -----END PUBLIC KEY-----
diff --git a/az-cvm-vtpm/test/quote.bin b/az-cvm-vtpm/test/quote.bin