Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: Improve error handling and move to library #736

Merged
merged 8 commits into from
Feb 22, 2024
Merged

crypto: Improve error handling and move to library #736

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
9f1ddd9
algorithms: Make errors more specific
ansasaki Jan 29, 2024
e8d3ee4
list_parser: Add source for error for backtrace
ansasaki Feb 2, 2024
dc8464f
tpm: Rename origin of error as source in structures
ansasaki Feb 6, 2024
da73919
crypto: Add specific type for every possible error
ansasaki Feb 6, 2024
1562b4c
crypto: Move to keylime library
ansasaki Feb 7, 2024
b259659
payloads: Remove explicit drop of channel transmitter
ansasaki Feb 14, 2024
50a3f7f
tests/run.sh: Run tarpaulin with a single thread
ansasaki Feb 14, 2024
a895c85
crypto: Make error types less specific
ansasaki Feb 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 0 additions & 2 deletions keylime-agent/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,6 @@ keylime.workspace = true
libc.workspace = true
log.workspace = true
openssl.workspace = true
picky-asn1-der.workspace = true
picky-asn1-x509.workspace = true
pretty_env_logger.workspace = true
reqwest.workspace = true
serde.workspace = true
Expand Down
31 changes: 12 additions & 19 deletions keylime-agent/src/common.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,19 +1,20 @@
// SPDX-License-Identifier: Apache-2.0
// Copyright 2021 Keylime Authors

use crate::error::{Error, Result};
use crate::permissions;
use crate::{
error::{Error, Result},
permissions,
};

use keylime::algorithms::{
EncryptionAlgorithm, HashAlgorithm, SignAlgorithm,
};
use keylime::tpm;
use log::*;
use openssl::{
hash::{hash, MessageDigest},
pkey::PKey,
x509::X509,
use keylime::{
crypto::{hash, tss_pubkey_to_pem, AES_128_KEY_LEN, AES_256_KEY_LEN},
tpm,
};
use picky_asn1_x509::SubjectPublicKeyInfo;
use log::*;
use openssl::hash::MessageDigest;
use serde::{Deserialize, Serialize};
use serde_json::{json, Value};
use std::{
Expand Down Expand Up @@ -42,9 +43,6 @@ pub static RSA_PUBLICKEY_EXPORTABLE: &str = "rsa placeholder";
pub static KEY: &str = "secret";
pub const AGENT_UUID_LEN: usize = 36;
pub const AUTH_TAG_LEN: usize = 48;
pub const AES_128_KEY_LEN: usize = 16;
pub const AES_256_KEY_LEN: usize = 32;
pub const AES_BLOCK_SIZE: usize = 16;

#[derive(Serialize, Deserialize, Debug)]
pub(crate) struct APIVersion {
Expand Down Expand Up @@ -253,14 +251,9 @@ impl AgentData {
///
/// This is used as the agent UUID when the configuration option 'uuid' is set as 'hash_ek'
pub(crate) fn hash_ek_pubkey(ek_pub: Public) -> Result<String> {
// Converting Public TPM key to PEM
let key = SubjectPublicKeyInfo::try_from(ek_pub)?;
let key_der = picky_asn1_der::to_vec(&key)?;
let openssl_key = PKey::public_key_from_der(&key_der)?;
let pem = openssl_key.public_key_to_pem()?;

// Calculate the SHA-256 hash of the public key in PEM format
let mut hash = hash(MessageDigest::sha256(), &pem)?;
let pem = tss_pubkey_to_pem(ek_pub)?;
let hash = hash(&pem, MessageDigest::sha256())?;
Ok(hex::encode(hash))
}

Expand Down
Loading
Loading