From a96996e38159d951a6269e6461092c93ed8887e1 Mon Sep 17 00:00:00 2001 From: Zhanjh Date: Fri, 2 Aug 2024 17:13:44 +0800 Subject: [PATCH] Support for PCR0 signing Signed-off-by: Zhanjh --- .rustfmt.toml | 1 + Cargo.lock | 560 +++++++++++++++++++--------------- Cargo.toml | 2 +- eif_loader/Cargo.toml | 2 +- enclave_build/Cargo.toml | 2 +- enclave_build/src/lib.rs | 33 +- enclave_build/src/main.rs | 10 +- src/common/commands_parser.rs | 103 ++++++- src/common/mod.rs | 2 + src/lib.rs | 271 +++++++++++++++- src/main.rs | 39 ++- tests/tests.rs | 33 ++ 12 files changed, 783 insertions(+), 275 deletions(-) create mode 100644 .rustfmt.toml diff --git a/.rustfmt.toml b/.rustfmt.toml new file mode 100644 index 00000000..b6f799d6 --- /dev/null +++ b/.rustfmt.toml @@ -0,0 +1 @@ +tab_spaces = 4 diff --git a/Cargo.lock b/Cargo.lock index 542ae83b..4a0e1015 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4,9 +4,9 @@ version = 3 [[package]] name = "addr2line" -version = "0.21.0" +version = "0.22.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a30b2e23b9e17a9f90641c7ab1549cd9b44f296d3ccbf309d2863cfe398a0cb" +checksum = "6e4503c46a5c0c7844e948c9a4d6acd9f50cccb4de1c48eb9e291ea17470c678" dependencies = [ "gimli", ] @@ -43,13 +43,13 @@ dependencies = [ [[package]] name = "async-trait" -version = "0.1.79" +version = "0.1.81" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a507401cad91ec6a857ed5513a2073c82a9b9048762b885bb98655b306964681" +checksum = "6e0c28dcc82d7c8ead5cb13beb15405b57b8546e93215673ff8ca0349a028107" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn", ] [[package]] @@ -65,29 +65,28 @@ dependencies = [ [[package]] name = "autocfg" -version = "1.2.0" +version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1fdabc7756949593fe60f30ec81974b613357de856987752631dea1e3394c80" +checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" [[package]] name = "aws-nitro-enclaves-cose" -version = "0.5.1" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ce1d9954a5cb2841ad8ab206a050cd07ed34200ea6aafb7fa73a33771aaf48c" +checksum = "b8a94047bd9c3717c6ca3a145504c0e26b64a5e2d9eb9559b187748433fbc382" dependencies = [ "openssl", "serde", "serde_bytes", "serde_cbor", "serde_repr", - "serde_with 1.14.0", + "serde_with", ] [[package]] name = "aws-nitro-enclaves-image-format" version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c24e2101441ce8f8dd0799ce7e36c68571ecf5e3731190b277c63765aaed8c1c" +source = "git+https://github.com/tecposter/aws-nitro-enclaves-image-format.git?branch=pcr-signer#7b2b12712ba92d6420f392ebe958f713a65cb6cb" dependencies = [ "aws-nitro-enclaves-cose", "byteorder", @@ -95,7 +94,7 @@ dependencies = [ "clap", "crc", "hex", - "num-derive 0.3.3", + "num-derive", "num-traits", "openssl", "serde", @@ -106,9 +105,9 @@ dependencies = [ [[package]] name = "backtrace" -version = "0.3.71" +version = "0.3.73" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26b05800d2e817c8b3b4b54abd461726265fa9789ae34330622f2db9ee696f9d" +checksum = "5cc23269a4f8976d0a4d2e7109211a419fe30e8d88d677cd60b6bc79c5732e0a" dependencies = [ "addr2line", "cc", @@ -121,15 +120,9 @@ dependencies = [ [[package]] name = "base64" -version = "0.21.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" - -[[package]] -name = "base64" -version = "0.22.0" +version = "0.22.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9475866fec1451be56a3c2400fd081ff546538961565ccb5b7142cbd22bc7a51" +checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" [[package]] name = "bindgen" @@ -137,7 +130,7 @@ version = "0.69.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a00dc851838a2120612785d195287475a3ac45514741da670b735818822129a0" dependencies = [ - "bitflags 2.5.0", + "bitflags 2.6.0", "cexpr", "clang-sys", "itertools", @@ -150,7 +143,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.58", + "syn", "which", ] @@ -162,9 +155,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "bitflags" -version = "2.5.0" +version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1" +checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de" [[package]] name = "block-buffer" @@ -181,7 +174,7 @@ version = "0.16.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0aed08d3adb6ebe0eff737115056652670ae290f177759aac19c30456135f94c" dependencies = [ - "base64 0.22.0", + "base64", "bollard-stubs", "bytes", "futures-core", @@ -216,15 +209,9 @@ checksum = "709d9aa1c37abb89d40f19f5d0ad6f0d88cb1581264e571c9350fc5bb89cf1c5" dependencies = [ "serde", "serde_repr", - "serde_with 3.7.0", + "serde_with", ] -[[package]] -name = "build_const" -version = "0.2.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4ae4235e6dac0694637c763029ecea1a2ec9e4e06ec2729bd21ba4d9c863eb7" - [[package]] name = "bumpalo" version = "3.16.0" @@ -239,15 +226,15 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "bytes" -version = "1.6.0" +version = "1.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "514de17de45fdb8dc022b1a7975556c53c86f9f0aa5f534b98977b171857c2c9" +checksum = "8318a53db07bb3f8dca91a600466bdb3f2eaadeedfdbcf02e1accbad9271ba50" [[package]] name = "cc" -version = "1.0.92" +version = "1.1.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2678b2e3449475e95b0aa6f9b506a28e61b3dc8996592b983695e8ebb58a8b41" +checksum = "26a5c3fd7bfa1ce3897a3a3501d362b2d87b7f2583ebcb4a949ec25911025cbc" [[package]] name = "cexpr" @@ -266,9 +253,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "chrono" -version = "0.4.37" +version = "0.4.38" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a0d04d43504c61aa6c7531f1871dd0d418d91130162063b789da00fd7057a5e" +checksum = "a21f936df1771bf62b77f047b726c4625ff2e8aa607c01ec06e5a05bd8463401" dependencies = [ "android-tzdata", "iana-time-zone", @@ -276,14 +263,14 @@ dependencies = [ "num-traits", "serde", "wasm-bindgen", - "windows-targets 0.52.4", + "windows-targets 0.52.6", ] [[package]] name = "clang-sys" -version = "1.7.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "67523a3b4be3ce1989d607a828d036249522dd9c1c8de7f4dd2dae43a37369d1" +checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" dependencies = [ "glob", "libc", @@ -300,7 +287,7 @@ dependencies = [ "bitflags 1.3.2", "clap_lex", "indexmap 1.9.3", - "strsim", + "strsim 0.10.0", "termcolor", "textwrap", ] @@ -323,7 +310,7 @@ dependencies = [ "log", "nix 0.26.4", "num", - "num-derive 0.4.2", + "num-derive", "num-traits", "serde", "serde_json", @@ -346,37 +333,78 @@ dependencies = [ [[package]] name = "crc" -version = "1.8.1" +version = "3.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d663548de7f5cca343f1e0a48d14dcfb0e9eb4e079ec58883b7251539fa10aeb" +checksum = "69e6e4d7b33a94f0991c26729976b10ebde1d34c3ee82408fb536164fa10d636" dependencies = [ - "build_const", + "crc-catalog", ] +[[package]] +name = "crc-catalog" +version = "2.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "19d374276b40fb8bbdee95aef7c7fa6b5316ec764510eb64b8dd0e2ed0d7e7f5" + [[package]] name = "crc32fast" -version = "1.4.0" +version = "1.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b3855a8a784b474f333699ef2bbca9db2c4a1f6d9088a90a2d25b1eb53111eaa" +checksum = "a97769d94ddab943e4510d138150169a2758b5ef3eb191a9ee688de3e23ef7b3" dependencies = [ "cfg-if", ] [[package]] name = "ctor" -version = "0.2.7" +version = "0.2.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "edb49164822f3ee45b17acd4a208cfc1251410cf0cad9a833234c9890774dd9f" +dependencies = [ + "quote", + "syn", +] + +[[package]] +name = "darling" +version = "0.20.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6f63b86c8a8826a49b8c21f08a2d07338eec8d900540f8630dc76284be802989" +dependencies = [ + "darling_core", + "darling_macro", +] + +[[package]] +name = "darling_core" +version = "0.20.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "95133861a8032aaea082871032f5815eb9e98cef03fa916ab4500513994df9e5" +dependencies = [ + "fnv", + "ident_case", + "proc-macro2", + "quote", + "strsim 0.11.1", + "syn", +] + +[[package]] +name = "darling_macro" +version = "0.20.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ad291aa74992b9b7a7e88c38acbbf6ad7e107f1d90ee8775b7bc1fc3394f485c" +checksum = "d336a2a514f6ccccaa3e09b02d41d35330c07ddf03a62165fcec10bb561c7806" dependencies = [ + "darling_core", "quote", - "syn 2.0.58", + "syn", ] [[package]] name = "data-encoding" -version = "2.5.0" +version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7e962a19be5cfc3f3bf6dd8f61eb50107f356ad6270fbb3ed41476571db78be5" +checksum = "e8566979429cf69b49a5c740c60791108e86440e8be149bbea4fe54d2c32d6e2" [[package]] name = "deranged" @@ -415,16 +443,16 @@ dependencies = [ [[package]] name = "either" -version = "1.10.0" +version = "1.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "11157ac094ffbdde99aa67b23417ebdd801842852b500e395a45a9c0aac03e4a" +checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0" [[package]] name = "enclave_build" version = "0.1.0" dependencies = [ "aws-nitro-enclaves-image-format", - "base64 0.22.0", + "base64", "bollard", "clap", "flate2", @@ -449,7 +477,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.58", + "syn", ] [[package]] @@ -473,9 +501,9 @@ checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" [[package]] name = "errno" -version = "0.3.8" +version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245" +checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba" dependencies = [ "libc", "windows-sys 0.52.0", @@ -483,9 +511,9 @@ dependencies = [ [[package]] name = "fastrand" -version = "2.0.2" +version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "658bd65b1cf4c852a3cc96f18a8ce7b5640f6b703f905c7d74532294c2a63984" +checksum = "9fc0510504f03c51ada170672ac806f1f105a88aa97a5281117e1ddc3368e51a" [[package]] name = "filetime" @@ -495,15 +523,15 @@ checksum = "1ee447700ac8aa0b2f2bd7bc4462ad686ba06baa6727ac149a2d6277f0d240fd" dependencies = [ "cfg-if", "libc", - "redox_syscall", + "redox_syscall 0.4.1", "windows-sys 0.52.0", ] [[package]] name = "flate2" -version = "1.0.28" +version = "1.0.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "46303f565772937ffe1d394a4fac6f411c6013172fadde9dcdb1e147a086940e" +checksum = "5f54427cfd1c7829e2a139fcefea601bf088ebca651d2bf53ebc600eac295dae" dependencies = [ "crc32fast", "miniz_oxide", @@ -611,7 +639,7 @@ checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn", ] [[package]] @@ -656,9 +684,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.14" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94b22e06ecb0110981051723910cbf0b5f5e09a2062dd7663334ee79a9d1286c" +checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" dependencies = [ "cfg-if", "libc", @@ -667,9 +695,9 @@ dependencies = [ [[package]] name = "gimli" -version = "0.28.1" +version = "0.29.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4271d37baee1b8c7e4b708028c57d816cf9d2434acb33a549475f78c181f6253" +checksum = "40ecd4077b5ae9fd2e9e169b102c6c330d0605168eb0e8bf79952b256dbefffd" [[package]] name = "glob" @@ -691,9 +719,9 @@ checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" [[package]] name = "hashbrown" -version = "0.14.3" +version = "0.14.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604" +checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1" [[package]] name = "heck" @@ -724,9 +752,9 @@ checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" [[package]] name = "hickory-proto" -version = "0.24.0" +version = "0.24.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "091a6fbccf4860009355e3efc52ff4acf37a63489aad7435372d44ceeb6fbbcf" +checksum = "07698b8420e2f0d6447a436ba999ec85d8fbf2a398bbd737b82cac4a2e96e512" dependencies = [ "async-trait", "cfg-if", @@ -748,9 +776,9 @@ dependencies = [ [[package]] name = "hickory-resolver" -version = "0.24.0" +version = "0.24.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35b8f021164e6a984c9030023544c57789c51760065cd510572fedcfb04164e8" +checksum = "28757f23aa75c98f254cf0405e6d8c25b831b32921b050a66692427679b1f243" dependencies = [ "cfg-if", "futures-util", @@ -800,9 +828,9 @@ dependencies = [ [[package]] name = "http-body" -version = "1.0.0" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1cac85db508abc24a2e48553ba12a996e87244a0395ce011e62b37158745d643" +checksum = "1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184" dependencies = [ "bytes", "http", @@ -810,12 +838,12 @@ dependencies = [ [[package]] name = "http-body-util" -version = "0.1.1" +version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0475f8b2ac86659c21b64320d5d653f9efe42acd2a4e560073ec61a155a34f1d" +checksum = "793429d76616a256bcb62c2a2ec2bed781c8307e797e2598c50010f2bee2544f" dependencies = [ "bytes", - "futures-core", + "futures-util", "http", "http-body", "pin-project-lite", @@ -823,9 +851,9 @@ dependencies = [ [[package]] name = "httparse" -version = "1.8.0" +version = "1.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d897f394bad6a705d5f4104762e116a75639e470d80901eed05a860a95cb1904" +checksum = "0fcc0b4a115bf80b728eb8ea024ad5bd707b615bfed49e0665b6e0f86fd082d9" [[package]] name = "humantime" @@ -835,9 +863,9 @@ checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" [[package]] name = "hyper" -version = "1.2.0" +version = "1.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "186548d73ac615b32a73aafe38fb4f56c0d340e110e5a200bcadbaf2e199263a" +checksum = "50dfd22e0e76d0f662d429a5f80fcaf3855009297eab6a0a9f8543834744ba05" dependencies = [ "bytes", "futures-channel", @@ -869,9 +897,9 @@ dependencies = [ [[package]] name = "hyper-util" -version = "0.1.3" +version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca38ef113da30126bbff9cd1705f9273e15d45498615d138b0c20279ac7a76aa" +checksum = "3ab92f4f49ee4fb4f997c784b7a2e0fa70050211e0b6a287f898c3c9785ca956" dependencies = [ "bytes", "futures-channel", @@ -925,6 +953,12 @@ dependencies = [ "cc", ] +[[package]] +name = "ident_case" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39" + [[package]] name = "idna" version = "0.3.0" @@ -968,12 +1002,12 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.2.6" +version = "2.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "168fb715dda47215e360912c096649d23d58bf392ac62f73919e831745e40f26" +checksum = "de3fc2e30ba82dd1b3911c8de1ffc143c74a914a14e99514d7637e3099df5ea0" dependencies = [ "equivalent", - "hashbrown 0.14.3", + "hashbrown 0.14.5", "serde", ] @@ -1054,9 +1088,9 @@ dependencies = [ [[package]] name = "lazy_static" -version = "1.4.0" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" [[package]] name = "lazycell" @@ -1066,18 +1100,18 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" [[package]] name = "libc" -version = "0.2.153" +version = "0.2.155" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd" +checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" [[package]] name = "libloading" -version = "0.8.3" +version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c2a198fb6b0eada2a8df47933734e6d35d350665a33a3593d7164fa52c75c19" +checksum = "4979f22fdb869068da03c9f7528f8297c6fd2606bc3a4affe42e6a823fdb8da4" dependencies = [ "cfg-if", - "windows-targets 0.52.4", + "windows-targets 0.52.6", ] [[package]] @@ -1088,15 +1122,15 @@ checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f" [[package]] name = "linux-raw-sys" -version = "0.4.13" +version = "0.4.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "01cda141df6706de531b6c46c3a33ecca755538219bd484262fa09410c13539c" +checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89" [[package]] name = "lock_api" -version = "0.4.11" +version = "0.4.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c168f8615b12bc01f9c17e2eb0cc07dcae1940121185446edc3744920e8ef45" +checksum = "07af8b9cdd281b7915f413fa73f29ebd5d55d0d3f0155584dade1ff18cea1b17" dependencies = [ "autocfg", "scopeguard", @@ -1104,9 +1138,9 @@ dependencies = [ [[package]] name = "log" -version = "0.4.21" +version = "0.4.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90ed8c1e510134f979dbc4f070f87d4313098b704861a105fe34231c70a3901c" +checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24" [[package]] name = "lru-cache" @@ -1125,9 +1159,9 @@ checksum = "ffbee8634e0d45d258acb448e7eaab3fce7a0a467395d4d9f228e3c1f01fb2e4" [[package]] name = "memchr" -version = "2.7.2" +version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c8640c5d730cb13ebd907d8d04b52f55ac9a2eec55b440c8892f40d56c76c1d" +checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" [[package]] name = "memoffset" @@ -1155,22 +1189,23 @@ checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" [[package]] name = "miniz_oxide" -version = "0.7.2" +version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d811f3e15f28568be3407c8e7fdb6514c1cda3cb30683f15b6a1a1dc4ea14a7" +checksum = "b8a240ddb74feaf34a79a7add65a741f3167852fba007066dcac1ca548d89c08" dependencies = [ "adler", ] [[package]] name = "mio" -version = "0.8.11" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4a650543ca06a924e8b371db273b2756685faae30f8487da1b56505a8f78b0c" +checksum = "4569e456d394deccd22ce1c1913e6ea0e54519f577285001215d33557431afe4" dependencies = [ + "hermit-abi 0.3.9", "libc", "wasi", - "windows-sys 0.48.0", + "windows-sys 0.52.0", ] [[package]] @@ -1191,7 +1226,7 @@ dependencies = [ "libc", "log", "nix 0.26.4", - "num-derive 0.4.2", + "num-derive", "num-traits", "openssl", "page_size", @@ -1290,17 +1325,6 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9" -[[package]] -name = "num-derive" -version = "0.3.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "876a53fff98e03a936a674b29568b0e605f06b29372c2489ff4de23f1949743d" -dependencies = [ - "proc-macro2", - "quote", - "syn 1.0.109", -] - [[package]] name = "num-derive" version = "0.4.2" @@ -1309,7 +1333,7 @@ checksum = "ed3955f1a9c7c0c15e092f9c887db08b1fc683305fdf6eb6684f22555355e202" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn", ] [[package]] @@ -1323,9 +1347,9 @@ dependencies = [ [[package]] name = "num-iter" -version = "0.1.44" +version = "0.1.45" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d869c01cc0c455284163fd0092f1f93835385ccab5a98a0dcc497b2f8bf055a9" +checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf" dependencies = [ "autocfg", "num-integer", @@ -1346,9 +1370,9 @@ dependencies = [ [[package]] name = "num-traits" -version = "0.2.18" +version = "0.2.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da0df0e5185db44f69b44f26786fe401b6c293d1907744beaa7fa62b2e5a517a" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" dependencies = [ "autocfg", ] @@ -1365,9 +1389,9 @@ dependencies = [ [[package]] name = "object" -version = "0.32.2" +version = "0.36.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a6a622008b6e321afc04970976f62ee297fdbaa6f95318ca343e3eebb9648441" +checksum = "3f203fa8daa7bb185f760ae12bd8e097f63d17041dcdcaf675ac54cdf863170e" dependencies = [ "memchr", ] @@ -1390,7 +1414,7 @@ version = "0.10.66" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9529f4786b70a3e8c61e11179af17ab6188ad8d0ded78c5529441ed39d4bd9c1" dependencies = [ - "bitflags 2.5.0", + "bitflags 2.6.0", "cfg-if", "foreign-types", "libc", @@ -1407,7 +1431,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn", ] [[package]] @@ -1440,9 +1464,9 @@ dependencies = [ [[package]] name = "parking_lot" -version = "0.12.1" +version = "0.12.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f" +checksum = "f1bf18183cf54e8d6059647fc3063646a1801cf30896933ec2311622cc4b9a27" dependencies = [ "lock_api", "parking_lot_core", @@ -1450,15 +1474,15 @@ dependencies = [ [[package]] name = "parking_lot_core" -version = "0.9.9" +version = "0.9.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c42a9226546d68acdd9c0a280d17ce19bfe27a46bf68784e4066115788d008e" +checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8" dependencies = [ "cfg-if", "libc", - "redox_syscall", + "redox_syscall 0.5.3", "smallvec", - "windows-targets 0.48.5", + "windows-targets 0.52.6", ] [[package]] @@ -1484,7 +1508,7 @@ checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn", ] [[package]] @@ -1513,25 +1537,28 @@ checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391" [[package]] name = "ppv-lite86" -version = "0.2.17" +version = "0.2.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" +checksum = "dee4364d9f3b902ef14fab8a1ddffb783a1cb6b4bba3bfc1fa3922732c7de97f" +dependencies = [ + "zerocopy", +] [[package]] name = "prettyplease" -version = "0.2.17" +version = "0.2.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8d3928fb5db768cb86f891ff014f0144589297e3c6a1aba6ed7cecfdace270c7" +checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e" dependencies = [ "proc-macro2", - "syn 2.0.58", + "syn", ] [[package]] name = "proc-macro2" -version = "1.0.79" +version = "1.0.86" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e835ff2298f5721608eb1a980ecaee1aef2c132bf95ecc026a11b7bf3c01c02e" +checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77" dependencies = [ "unicode-ident", ] @@ -1590,11 +1617,20 @@ dependencies = [ "bitflags 1.3.2", ] +[[package]] +name = "redox_syscall" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2a908a6e00f1fdd0dfd9c0eb08ce85126f6d8bbda50017e74bc4a4b7d4a926a4" +dependencies = [ + "bitflags 2.6.0", +] + [[package]] name = "regex" -version = "1.10.4" +version = "1.10.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c117dbdfde9c8308975b6a18d71f3f385c89461f7b3fb054288ecf2a2058ba4c" +checksum = "b91213439dad192326a0d7c6ee3955910425f441d7038e0d6933b0aec5c4517f" dependencies = [ "aho-corasick", "memchr", @@ -1604,9 +1640,9 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.4.6" +version = "0.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "86b83b8b9847f9bf95ef68afb0b8e6cdb80f498442f5179a29fad448fcc1eaea" +checksum = "38caf58cc5ef2fed281f89292ef23f6365465ed9a41b7a7754eb4e26496c92df" dependencies = [ "aho-corasick", "memchr", @@ -1615,9 +1651,9 @@ dependencies = [ [[package]] name = "regex-syntax" -version = "0.8.3" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "adad44e29e4c806119491a7f06f03de4d1af22c3a680dd47f1e6e179439d1f56" +checksum = "7a66a03ae7c801facd77a29370b4faec201768915ac14a721ba36f20bc9c209b" [[package]] name = "resolv-conf" @@ -1631,9 +1667,9 @@ dependencies = [ [[package]] name = "rustc-demangle" -version = "0.1.23" +version = "0.1.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" +checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f" [[package]] name = "rustc-hash" @@ -1643,11 +1679,11 @@ checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" [[package]] name = "rustix" -version = "0.38.32" +version = "0.38.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "65e04861e65f21776e67888bfbea442b3642beaa0138fdb1dd7a84a52dffdb89" +checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f" dependencies = [ - "bitflags 2.5.0", + "bitflags 2.6.0", "errno", "libc", "linux-raw-sys", @@ -1656,9 +1692,9 @@ dependencies = [ [[package]] name = "ryu" -version = "1.0.17" +version = "1.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e86697c916019a8588c99b5fac3cead74ec0b4b819707a682fd4d23fa0ce1ba1" +checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" [[package]] name = "scopeguard" @@ -1668,18 +1704,18 @@ checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" [[package]] name = "serde" -version = "1.0.197" +version = "1.0.204" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3fb1c873e1b9b056a4dc4c0c198b24c3ffa059243875552b2bd0933b1aee4ce2" +checksum = "bc76f558e0cbb2a839d37354c575f1dc3fdc6546b5be373ba43d95f231bf7c12" dependencies = [ "serde_derive", ] [[package]] name = "serde_bytes" -version = "0.11.14" +version = "0.11.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b8497c313fd43ab992087548117643f6fcd935cbf36f176ffda0aacf9591734" +checksum = "387cc504cb06bb40a96c8e04e951fe01854cf6bc921053c954e4a606d9675c6a" dependencies = [ "serde", ] @@ -1696,22 +1732,23 @@ dependencies = [ [[package]] name = "serde_derive" -version = "1.0.197" +version = "1.0.204" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7eb0b34b42edc17f6b7cac84a52a1c5f0e1bb2227e997ca9011ea3dd34e8610b" +checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn", ] [[package]] name = "serde_json" -version = "1.0.115" +version = "1.0.122" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "12dc5c46daa8e9fdf4f5e71b6cf9a53f2487da0e86e55808e2d35539666497dd" +checksum = "784b6203951c57ff748476b126ccb5e8e2959a5c19e5c617ab1956be3dbc68da" dependencies = [ "itoa", + "memchr", "ryu", "serde", ] @@ -1724,7 +1761,7 @@ checksum = "6c64451ba24fc7a6a2d60fc75dd9c83c90903b19028d4eff35e88fc1e86564e9" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn", ] [[package]] @@ -1741,30 +1778,34 @@ dependencies = [ [[package]] name = "serde_with" -version = "1.14.0" +version = "3.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "678b5a069e50bf00ecd22d0cd8ddf7c236f68581b03db652061ed5eb13a312ff" +checksum = "69cecfa94848272156ea67b2b1a53f20fc7bc638c4a46d2f8abde08f05f4b857" dependencies = [ - "serde", -] - -[[package]] -name = "serde_with" -version = "3.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ee80b0e361bbf88fd2f6e242ccd19cfda072cb0faa6ae694ecee08199938569a" -dependencies = [ - "base64 0.21.7", + "base64", "chrono", "hex", "indexmap 1.9.3", - "indexmap 2.2.6", + "indexmap 2.3.0", "serde", "serde_derive", "serde_json", + "serde_with_macros", "time", ] +[[package]] +name = "serde_with_macros" +version = "3.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a8fee4991ef4f274617a51ad4af30519438dacb2f56ac773b08a1922ff743350" +dependencies = [ + "darling", + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "serde_yaml" version = "0.8.26" @@ -1808,9 +1849,9 @@ dependencies = [ [[package]] name = "signal-hook-registry" -version = "1.4.1" +version = "1.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d8229b473baa5980ac72ef434c4415e70c4b5e71b423043adb4ba059f89c99a1" +checksum = "a9e9e0b4211b72e7b8b6e85c807d36c212bdb33ea8587f7569562a84df5465b1" dependencies = [ "libc", ] @@ -1832,9 +1873,9 @@ checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" [[package]] name = "socket2" -version = "0.5.6" +version = "0.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05ffd9c0a93b7543e062e759284fcf5f5e3b098501104bfbdde4d404db792871" +checksum = "ce305eb0b4296696835b71df73eb912e0f1ffd2556a501fcede6e0c50349191c" dependencies = [ "libc", "windows-sys 0.52.0", @@ -1847,21 +1888,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" [[package]] -name = "syn" -version = "1.0.109" +name = "strsim" +version = "0.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" -dependencies = [ - "proc-macro2", - "quote", - "unicode-ident", -] +checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" [[package]] name = "syn" -version = "2.0.58" +version = "2.0.72" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "44cfb93f38070beee36b3fef7d4f5a16f27751d94b187b666a5cc5e9b0d30687" +checksum = "dc4b9b9bf2add8093d3f2c0204471e951b2285580335de42f9d2534f3ae7a8af" dependencies = [ "proc-macro2", "quote", @@ -1870,9 +1906,9 @@ dependencies = [ [[package]] name = "tar" -version = "0.4.40" +version = "0.4.41" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b16afcea1f22891c49a00c751c7b63b2233284064f11a200fc624137c51e2ddb" +checksum = "cb797dad5fb5b76fcf519e702f4a589483b5ef06567f160c392832c1f5e44909" dependencies = [ "filetime", "libc", @@ -1908,22 +1944,22 @@ checksum = "23d434d3f8967a09480fb04132ebe0a3e088c173e6d0ee7897abbdf4eab0f8b9" [[package]] name = "thiserror" -version = "1.0.58" +version = "1.0.63" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "03468839009160513471e86a034bb2c5c0e4baae3b43f79ffc55c4a5427b3297" +checksum = "c0342370b38b6a11b6cc11d6a805569958d54cfa061a29969c3b5ce2ea405724" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.58" +version = "1.0.63" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c61f3ba182994efc43764a46c018c347bc492c79f024e705f46567b418f6d4f7" +checksum = "a4558b58466b9ad7ca0f102865eccc95938dca1a74a856f2b57b6629050da261" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn", ] [[package]] @@ -1968,9 +2004,9 @@ dependencies = [ [[package]] name = "tinyvec" -version = "1.6.0" +version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87cc5ceb3875bb20c2890005a4e226a4651264a5c75edb2421b52861a0a0cb50" +checksum = "445e881f4f6d382d5f27c034e25eb92edd7c784ceab92a0937db7f2e9471b938" dependencies = [ "tinyvec_macros", ] @@ -1983,32 +2019,30 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.37.0" +version = "1.39.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1adbebffeca75fcfd058afa480fb6c0b81e165a0323f9c9d39c9697e37c46787" +checksum = "daa4fb1bc778bd6f04cbfc4bb2d06a7396a8f299dc33ea1900cedaa316f467b1" dependencies = [ "backtrace", "bytes", "libc", "mio", - "num_cpus", "pin-project-lite", "socket2", - "windows-sys 0.48.0", + "windows-sys 0.52.0", ] [[package]] name = "tokio-util" -version = "0.7.10" +version = "0.7.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5419f34732d9eb6ee4c3578b7989078579b7f039cbbb9ca2c4da015749371e15" +checksum = "9cf6b47b3771c49ac75ad09a6162f53ad4b8088b76ac60e8ec1455b31a189fe1" dependencies = [ "bytes", "futures-core", "futures-sink", "pin-project-lite", "tokio", - "tracing", ] [[package]] @@ -2024,7 +2058,6 @@ dependencies = [ "tokio", "tower-layer", "tower-service", - "tracing", ] [[package]] @@ -2045,7 +2078,6 @@ version = "0.1.40" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef" dependencies = [ - "log", "pin-project-lite", "tracing-attributes", "tracing-core", @@ -2059,7 +2091,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn", ] [[package]] @@ -2106,9 +2138,9 @@ dependencies = [ [[package]] name = "url" -version = "2.5.0" +version = "2.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "31e6302e3bb753d46e83516cae55ae196fc0c309407cf11ab35cc51a4c2a4633" +checksum = "22784dbdf76fdde8af1aeda5622b546b422b6fc585325248a2bf9f5e41e94d6c" dependencies = [ "form_urlencoded", "idna 0.5.0", @@ -2123,9 +2155,9 @@ checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" [[package]] name = "version_check" -version = "0.9.4" +version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" +checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" [[package]] name = "vmm-sys-util" @@ -2202,7 +2234,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.58", + "syn", "wasm-bindgen-shared", ] @@ -2224,7 +2256,7 @@ checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.58", + "syn", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -2271,11 +2303,11 @@ checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" [[package]] name = "winapi-util" -version = "0.1.6" +version = "0.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596" +checksum = "4d4cc384e1e73b93bafa6fb4f1df8c41695c8a91cf9c4c64358067d15a7b6c6b" dependencies = [ - "winapi", + "windows-sys 0.52.0", ] [[package]] @@ -2290,7 +2322,7 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9" dependencies = [ - "windows-targets 0.52.4", + "windows-targets 0.52.6", ] [[package]] @@ -2308,7 +2340,7 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" dependencies = [ - "windows-targets 0.52.4", + "windows-targets 0.52.6", ] [[package]] @@ -2328,17 +2360,18 @@ dependencies = [ [[package]] name = "windows-targets" -version = "0.52.4" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7dd37b7e5ab9018759f893a1952c9420d060016fc19a472b4bb20d1bdd694d1b" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" dependencies = [ - "windows_aarch64_gnullvm 0.52.4", - "windows_aarch64_msvc 0.52.4", - "windows_i686_gnu 0.52.4", - "windows_i686_msvc 0.52.4", - "windows_x86_64_gnu 0.52.4", - "windows_x86_64_gnullvm 0.52.4", - "windows_x86_64_msvc 0.52.4", + "windows_aarch64_gnullvm 0.52.6", + "windows_aarch64_msvc 0.52.6", + "windows_i686_gnu 0.52.6", + "windows_i686_gnullvm", + "windows_i686_msvc 0.52.6", + "windows_x86_64_gnu 0.52.6", + "windows_x86_64_gnullvm 0.52.6", + "windows_x86_64_msvc 0.52.6", ] [[package]] @@ -2349,9 +2382,9 @@ checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" [[package]] name = "windows_aarch64_gnullvm" -version = "0.52.4" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bcf46cf4c365c6f2d1cc93ce535f2c8b244591df96ceee75d8e83deb70a9cac9" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" [[package]] name = "windows_aarch64_msvc" @@ -2361,9 +2394,9 @@ checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" [[package]] name = "windows_aarch64_msvc" -version = "0.52.4" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da9f259dd3bcf6990b55bffd094c4f7235817ba4ceebde8e6d11cd0c5633b675" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" [[package]] name = "windows_i686_gnu" @@ -2373,9 +2406,15 @@ checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" [[package]] name = "windows_i686_gnu" -version = "0.52.4" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b474d8268f99e0995f25b9f095bc7434632601028cf86590aea5c8a5cb7801d3" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" [[package]] name = "windows_i686_msvc" @@ -2385,9 +2424,9 @@ checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" [[package]] name = "windows_i686_msvc" -version = "0.52.4" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1515e9a29e5bed743cb4415a9ecf5dfca648ce85ee42e15873c3cd8610ff8e02" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" [[package]] name = "windows_x86_64_gnu" @@ -2397,9 +2436,9 @@ checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" [[package]] name = "windows_x86_64_gnu" -version = "0.52.4" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5eee091590e89cc02ad514ffe3ead9eb6b660aedca2183455434b93546371a03" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" [[package]] name = "windows_x86_64_gnullvm" @@ -2409,9 +2448,9 @@ checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" [[package]] name = "windows_x86_64_gnullvm" -version = "0.52.4" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77ca79f2451b49fa9e2af39f0747fe999fcda4f5e241b2898624dca97a1f2177" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" [[package]] name = "windows_x86_64_msvc" @@ -2421,9 +2460,9 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" [[package]] name = "windows_x86_64_msvc" -version = "0.52.4" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "32b752e52a2da0ddfbdbcc6fceadfeede4c939ed16d13e648833a61dfb611ed8" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" [[package]] name = "winreg" @@ -2454,3 +2493,24 @@ checksum = "56c1936c4cc7a1c9ab21a1ebb602eb942ba868cbd44a99cb7cdc5892335e1c85" dependencies = [ "linked-hash-map", ] + +[[package]] +name = "zerocopy" +version = "0.6.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "854e949ac82d619ee9a14c66a1b674ac730422372ccb759ce0c39cabcf2bf8e6" +dependencies = [ + "byteorder", + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.6.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "125139de3f6b9d625c39e2efdd73d41bdac468ccd556556440e322be0e1bbd91" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] diff --git a/Cargo.toml b/Cargo.toml index 02d50d7b..ea23316a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,7 +20,7 @@ page_size = "0.6" signal-hook = "0.3" serde_cbor = "0.11" driver-bindings = { path = "./driver-bindings" } -aws-nitro-enclaves-image-format = "0.2" +aws-nitro-enclaves-image-format = { git = "https://github.com/tecposter/aws-nitro-enclaves-image-format.git", branch = "pcr-signer"} eif_loader = { path = "./eif_loader" } enclave_build = { path = "./enclave_build" } openssl = "0.10.66" diff --git a/eif_loader/Cargo.toml b/eif_loader/Cargo.toml index d4cde96d..4ccec533 100644 --- a/eif_loader/Cargo.toml +++ b/eif_loader/Cargo.toml @@ -8,7 +8,7 @@ rust-version = "1.68" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] -aws-nitro-enclaves-image-format = "0.2" +aws-nitro-enclaves-image-format = { git = "https://github.com/tecposter/aws-nitro-enclaves-image-format.git", branch = "pcr-signer"} nix = "0.26" libc = "0.2" vsock = "0.3" diff --git a/enclave_build/Cargo.toml b/enclave_build/Cargo.toml index e8383a6d..60a6a237 100644 --- a/enclave_build/Cargo.toml +++ b/enclave_build/Cargo.toml @@ -21,6 +21,6 @@ url = "2.4" sha2 = "0.9.5" futures = "0.3.28" -aws-nitro-enclaves-image-format = "0.2" +aws-nitro-enclaves-image-format = { git = "https://github.com/tecposter/aws-nitro-enclaves-image-format.git", branch = "pcr-signer"} tar = "0.4.40" flate2 = "1.0.28" diff --git a/enclave_build/src/lib.rs b/enclave_build/src/lib.rs index f61b3e6b..c24cf54f 100644 --- a/enclave_build/src/lib.rs +++ b/enclave_build/src/lib.rs @@ -5,6 +5,7 @@ use std::fs::File; use std::path::Path; use std::process::Command; +use std::str; mod docker; mod utils; @@ -12,7 +13,9 @@ mod yaml_generator; use aws_nitro_enclaves_image_format::defs::{EifBuildInfo, EifIdentityInfo, EIF_HDR_ARCH_ARM64}; use aws_nitro_enclaves_image_format::utils::identity::parse_custom_metadata; -use aws_nitro_enclaves_image_format::utils::{EifBuilder, SignEnclaveInfo}; +use aws_nitro_enclaves_image_format::utils::{ + EifBuilder, PcrSigner, PrivateKeyPcrSigner, SignaturePcrSigner, +}; use docker::DockerUtil; use serde_json::json; use sha2::Digest; @@ -30,8 +33,8 @@ pub struct Docker2Eif<'a> { cmdline: String, linuxkit_path: String, artifacts_prefix: String, - output: &'a mut File, - sign_info: Option, + output: Option<&'a mut File>, + sign_info: Option>, img_name: Option, img_version: Option, metadata_path: Option, @@ -66,10 +69,11 @@ impl<'a> Docker2Eif<'a> { kernel_img_path: String, cmdline: String, linuxkit_path: String, - output: &'a mut File, + output: Option<&'a mut File>, artifacts_prefix: String, certificate_path: &Option, key_path: &Option, + sig_path: &Option, img_name: Option, img_version: Option, metadata_path: Option, @@ -98,12 +102,16 @@ impl<'a> Docker2Eif<'a> { } } - let sign_info = match (certificate_path, key_path) { - (None, None) => None, - (Some(cert_path), Some(key_path)) => Some( - SignEnclaveInfo::new(cert_path, key_path) + let sign_info: Option> = match (certificate_path, key_path, sig_path) { + (None, None, None) => None, + (Some(cert_path), Some(key_path), None) => Some(Box::new( + PrivateKeyPcrSigner::new(cert_path, key_path) .map_err(|err| Docker2EifError::SignImageError(format!("{err:?}")))?, - ), + )), + (Some(cert_path), None, Some(sig_path)) => Some(Box::new( + SignaturePcrSigner::new(cert_path, sig_path) + .map_err(|err| Docker2EifError::SignImageError(format!("{err:?}")))?, + )), _ => return Err(Docker2EifError::SignArgsError), }; @@ -278,7 +286,7 @@ impl<'a> Docker2Eif<'a> { let mut build = EifBuilder::new( Path::new(&self.kernel_img_path), self.cmdline.clone(), - self.sign_info.clone(), + self.sign_info.take(), sha2::Sha384::new(), flags, self.generate_identity_info()?, @@ -291,6 +299,9 @@ impl<'a> Docker2Eif<'a> { build.add_ramdisk(Path::new(&bootstrap_ramfs)); build.add_ramdisk(Path::new(&customer_ramfs)); - Ok(build.write_to(self.output)) + match self.output.as_mut() { + Some(output_file) => Ok(build.write_to(output_file)), + None => Ok(build.get_measurements()), + } } } diff --git a/enclave_build/src/main.rs b/enclave_build/src/main.rs index 0a5ac5da..4f1dbd51 100644 --- a/enclave_build/src/main.rs +++ b/enclave_build/src/main.rs @@ -86,6 +86,12 @@ fn main() { .help("Specify the path to the private-key") .takes_value(true), ) + .arg( + Arg::with_name("signature") + .long("signature") + .help("Specify signature in hex format") + .takes_value(true), + ) .arg( Arg::with_name("build") .short('b') @@ -136,6 +142,7 @@ fn main() { let private_key = matches .value_of("private_certificate") .map(|val| val.to_string()); + let signature = matches.value_of("signature").map(|val| val.to_string()); let img_name = matches.value_of("image_name").map(|val| val.to_string()); let img_version = matches.value_of("image_version").map(|val| val.to_string()); let metadata = matches.value_of("metadata").map(|val| val.to_string()); @@ -155,10 +162,11 @@ fn main() { kernel_img_path.to_string(), cmdline.to_string(), linuxkit_path.to_string(), - &mut output, + Some(&mut output), ".".to_string(), &signing_certificate, &private_key, + &signature, img_name, img_version, metadata, diff --git a/src/common/commands_parser.rs b/src/common/commands_parser.rs index 78009196..879603d9 100644 --- a/src/common/commands_parser.rs +++ b/src/common/commands_parser.rs @@ -108,6 +108,8 @@ pub struct BuildEnclavesArgs { pub signing_certificate: Option, /// The path to the private key for signed enclaves. pub private_key: Option, + /// The path to the signature for signed enclaves. + pub signature: Option, /// The name of the enclave image. pub img_name: Option, /// The version of the enclave image. @@ -121,16 +123,24 @@ impl BuildEnclavesArgs { pub fn new_with(args: &ArgMatches) -> NitroCliResult { let signing_certificate = parse_signing_certificate(args); let private_key = parse_private_key(args); + let signature = parse_signature(args); - match (&signing_certificate, &private_key) { - (Some(_), None) => { + match (&signing_certificate, &private_key, &signature) { + (Some(_), None, None) => { return Err(new_nitro_cli_failure!( - "`private-key` argument not found", + "`private-key` or `signature` argument not found", NitroCliErrorEnum::MissingArgument ) - .add_info(vec!["private-key"])) + .add_info(vec!["private-key", "signature"])) } - (None, Some(_)) => { + (None, Some(_), _) => { + return Err(new_nitro_cli_failure!( + "`signing-certificate` argument not found", + NitroCliErrorEnum::MissingArgument + ) + .add_info(vec!["signing-certificate"])) + } + (None, _, Some(_)) => { return Err(new_nitro_cli_failure!( "`signing-certificate` argument not found", NitroCliErrorEnum::MissingArgument @@ -158,6 +168,7 @@ impl BuildEnclavesArgs { })?, signing_certificate, private_key, + signature, img_name: parse_image_name(args), img_version: parse_image_version(args), metadata: parse_metadata(args), @@ -165,6 +176,80 @@ impl BuildEnclavesArgs { } } +/// The arguments used by the `measure-enclave` command. +#[derive(Debug, Clone)] +pub struct MeasureEnclavesArgs { + /// The URI to the Docker image. + pub docker_uri: String, + /// The directory containing the Docker image. + pub docker_dir: Option, + /// The name of the enclave image. + pub img_name: Option, + /// The version of the enclave image. + pub img_version: Option, + /// The path to custom metadata JSON file + pub metadata: Option, +} + +impl MeasureEnclavesArgs { + /// Construct a new `MeasureEnclavesArgs` instance from the given command-line arguments. + pub fn new_with(args: &ArgMatches) -> NitroCliResult { + Ok(MeasureEnclavesArgs { + docker_uri: parse_docker_tag(args).ok_or_else(|| { + new_nitro_cli_failure!( + "`docker-uri` argument not found", + NitroCliErrorEnum::MissingArgument + ) + .add_info(vec!["docker-uri"]) + })?, + docker_dir: parse_docker_dir(args), + img_name: parse_image_name(args), + img_version: parse_image_version(args), + metadata: parse_metadata(args), + }) + } +} + +/// The arguments used by the `sign-pcr` command. +#[derive(Debug, Clone)] +pub struct SignPcrsArgs { + /// PCR0 in hex format + pub pcr0: String, + /// The path to the private key for signed enclaves. + pub private_key: String, + /// The path where the signature file will be written to. + pub output: String, +} + +impl SignPcrsArgs { + /// Construct a new `BuildEnclavesArgs` instance from the given command-line arguments. + pub fn new_with(args: &ArgMatches) -> NitroCliResult { + Ok(SignPcrsArgs { + pcr0: parse_pcr0(args).ok_or_else(|| { + new_nitro_cli_failure!( + "`pcr0` argument not found", + NitroCliErrorEnum::MissingArgument + ) + .add_info(vec!["pcr0"]) + })?, + private_key: parse_private_key(args).ok_or_else(|| { + new_nitro_cli_failure!( + "`private-key` argument not found", + NitroCliErrorEnum::MissingArgument + ) + .add_info(vec!["private-key"]) + })?, + output: parse_output(args).ok_or_else(|| { + new_nitro_cli_failure!( + "`output` argument not found", + NitroCliErrorEnum::MissingArgument + ) + .add_info(vec!["output"]) + })?, + }) + } +} + /// The arguments used by the `terminate-enclave` command. #[derive(Debug, Clone, Serialize, Deserialize)] pub struct TerminateEnclavesArgs { @@ -550,6 +635,14 @@ fn parse_private_key(args: &ArgMatches) -> Option { args.value_of("private-key").map(|val| val.to_string()) } +fn parse_signature(args: &ArgMatches) -> Option { + args.value_of("signature").map(|val| val.to_string()) +} + +fn parse_pcr0(args: &ArgMatches) -> Option { + args.value_of("pcr0").map(|val| val.to_string()) +} + fn parse_image_name(args: &ArgMatches) -> Option { args.value_of("image_name").map(|val| val.to_string()) } diff --git a/src/common/mod.rs b/src/common/mod.rs index 48ac0983..b7a5b410 100644 --- a/src/common/mod.rs +++ b/src/common/mod.rs @@ -179,6 +179,8 @@ pub enum NitroCliErrorEnum { EnclaveNamingError, /// Signature checker error EIFSignatureCheckerError, + /// Error when writing signature output to stream. + SignatureWriteOutputError, } impl Eq for NitroCliErrorEnum {} diff --git a/src/lib.rs b/src/lib.rs index 818c722f..30cafeb8 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -16,7 +16,9 @@ pub mod enclave_proc_comm; pub mod utils; use aws_nitro_enclaves_image_format::defs::eif_hasher::EifHasher; +use aws_nitro_enclaves_image_format::defs::PcrInfo; use aws_nitro_enclaves_image_format::utils::eif_reader::EifReader; +use aws_nitro_enclaves_image_format::utils::PcrCoseSign1; use aws_nitro_enclaves_image_format::{generate_build_info, utils::get_pcrs}; use log::{debug, info}; use sha2::{Digest, Sha384}; @@ -27,7 +29,9 @@ use std::io::{self, Read, Write}; use std::os::unix::net::UnixStream; use std::path::PathBuf; -use common::commands_parser::{BuildEnclavesArgs, EmptyArgs, RunEnclavesArgs}; +use common::commands_parser::{ + BuildEnclavesArgs, EmptyArgs, MeasureEnclavesArgs, RunEnclavesArgs, SignPcrsArgs, +}; use common::json_output::{ EifDescribeInfo, EnclaveBuildInfo, EnclaveTerminateInfo, MetadataDescribeInfo, }; @@ -58,6 +62,22 @@ pub fn build_enclaves(args: BuildEnclavesArgs) -> NitroCliResult<()> { &args.output, &args.signing_certificate, &args.private_key, + &args.signature, + &args.img_name, + &args.img_version, + &args.metadata, + ) + .map_err(|e| e.add_subaction("Failed to build EIF from docker".to_string()))?; + Ok(()) +} + +/// Generate enclave measurements with the provided arguments. +pub fn measure_enclaves(args: MeasureEnclavesArgs) -> NitroCliResult<()> { + debug!("measure_enclaves"); + eprintln!("Start generating the Enclave Measurements..."); + measure_from_docker( + &args.docker_uri, + &args.docker_dir, &args.img_name, &args.img_version, &args.metadata, @@ -66,6 +86,15 @@ pub fn build_enclaves(args: BuildEnclavesArgs) -> NitroCliResult<()> { Ok(()) } +/// Generate signature with the provided arguments. +pub fn sign_pcrs(args: SignPcrsArgs) -> NitroCliResult<()> { + debug!("sign_pcrs"); + eprintln!("Start generating the signature from PCR0 ..."); + sign_from_pcr0(&args.pcr0, &args.private_key, &args.output) + .map_err(|e| e.add_subaction("Failed to generate signature from PCR0".to_string()))?; + Ok(()) +} + /// Build an enclave image file from a Docker image. pub fn build_from_docker( docker_uri: &str, @@ -73,6 +102,7 @@ pub fn build_from_docker( output_path: &str, signing_certificate: &Option, private_key: &Option, + signature: &Option, img_name: &Option, img_version: &Option, metadata_path: &Option, @@ -132,10 +162,11 @@ pub fn build_from_docker( kernel_path, cmdline.trim().to_string(), format!("{}/linuxkit", blobs_path), - &mut file_output, + Some(&mut file_output), artifacts_path()?, signing_certificate, private_key, + signature, img_name.clone(), img_version.clone(), metadata_path.clone(), @@ -185,6 +216,152 @@ pub fn build_from_docker( Ok((file_output, measurements)) } +/// Generate enclave measurements from a Docker image. +pub fn measure_from_docker( + docker_uri: &str, + docker_dir: &Option, + img_name: &Option, + img_version: &Option, + metadata_path: &Option, +) -> NitroCliResult> { + let blobs_path = + blobs_path().map_err(|e| e.add_subaction("Failed to retrieve blobs path".to_string()))?; + let cmdline_file_path = format!("{}/cmdline", blobs_path); + let mut cmdline_file = File::open(cmdline_file_path.clone()).map_err(|e| { + new_nitro_cli_failure!( + &format!("Could not open kernel command line file: {:?}", e), + NitroCliErrorEnum::FileOperationFailure + ) + .add_info(vec![&cmdline_file_path, "Open"]) + })?; + + let mut cmdline = String::new(); + cmdline_file.read_to_string(&mut cmdline).map_err(|e| { + new_nitro_cli_failure!( + &format!("Failed to read kernel command line: {:?}", e), + NitroCliErrorEnum::FileOperationFailure + ) + .add_info(vec![&cmdline_file_path, "Read"]) + })?; + + let kernel_image_name = match std::env::consts::ARCH { + "aarch64" => "Image", + "x86_64" => "bzImage", + _ => "undefined", + }; + + let kernel_path = format!("{}/{}", blobs_path, kernel_image_name); + let build_info = generate_build_info!(&format!("{}.config", kernel_path)).map_err(|e| { + new_nitro_cli_failure!( + &format!("Could not generate build info: {:?}", e), + NitroCliErrorEnum::EifBuildingError + ) + })?; + + let mut docker2eif = enclave_build::Docker2Eif::new( + docker_uri.to_string(), + format!("{}/init", blobs_path), + format!("{}/nsm.ko", blobs_path), + kernel_path, + cmdline.trim().to_string(), + format!("{}/linuxkit", blobs_path), + None, + artifacts_path()?, + &None, + &None, + &None, + img_name.clone(), + img_version.clone(), + metadata_path.clone(), + build_info, + ) + .map_err(|err| { + new_nitro_cli_failure!( + &format!("Failed to create EIF image: {:?}", err), + NitroCliErrorEnum::EifBuildingError + ) + })?; + + if let Some(docker_dir) = docker_dir { + docker2eif + .build_docker_image(docker_dir.clone()) + .map_err(|err| { + new_nitro_cli_failure!( + &format!("Failed to build docker image: {:?}", err), + NitroCliErrorEnum::DockerImageBuildError + ) + })?; + } else { + docker2eif.pull_docker_image().map_err(|err| { + new_nitro_cli_failure!( + &format!("Failed to pull docker image: {:?}", err), + NitroCliErrorEnum::DockerImagePullError + ) + })?; + } + let measurements = docker2eif.create().map_err(|err| { + new_nitro_cli_failure!( + &format!("Failed to create EIF image: {:?}", err), + NitroCliErrorEnum::EifBuildingError + ) + })?; + eprintln!("Enclave Measurements successfully created."); + + let info = EnclaveBuildInfo::new(measurements.clone()); + println!( + "{}", + serde_json::to_string_pretty(&info).map_err(|err| new_nitro_cli_failure!( + &format!("Failed to display EnclaveBuild data: {:?}", err), + NitroCliErrorEnum::SerdeError + ))? + ); + + Ok(measurements) +} + +/// Generate signature from PCR0. +pub fn sign_from_pcr0(pcr0: &str, key_path: &str, output_path: &str) -> NitroCliResult<()> { + let pcr_info = PcrInfo::new( + 0, + hex::decode(pcr0).map_err(|err| { + new_nitro_cli_failure!( + &format!("Failed to decode PCR0: {:?}", err), + NitroCliErrorEnum::InvalidArgument + ) + })?, + ); + let pcr_cose_sign1 = PcrCoseSign1::new(key_path).map_err(|err| { + new_nitro_cli_failure!( + &format!("Failed to read private key: {:?}", err), + NitroCliErrorEnum::InvalidArgument + ) + })?; + let mut file_output = OpenOptions::new() + .read(true) + .create(true) + .write(true) + .truncate(true) + .open(output_path) + .map_err(|e| { + new_nitro_cli_failure!( + &format!("Could not create output file: {:?}", e), + NitroCliErrorEnum::FileOperationFailure + ) + .add_info(vec![output_path, "Open"]) + })?; + + pcr_cose_sign1 + .write_signature(&pcr_info, &mut file_output) + .map_err(|err| { + new_nitro_cli_failure!( + &format!("Failed to write signature to file: {:?}", err), + NitroCliErrorEnum::SignatureWriteOutputError + ) + })?; + eprintln!("PCR0 signature successfully generated."); + Ok(()) +} + /// Creates new enclave name /// /// Requests the names of all running instances and checks the @@ -742,6 +919,69 @@ macro_rules! create_app { .help("Local path to developer's Eliptic Curve private key.") .takes_value(true), ) + .arg( + Arg::with_name("signature") + .long("signature") + .help("Local path to COSE_Sign1 signature.") + .takes_value(true), + ) + .arg( + Arg::with_name("image_name") + .long("name") + .help("Name for enclave image") + .takes_value(true), + ) + .arg( + Arg::with_name("image_version") + .long("version") + .help("Version of the enclave image") + .takes_value(true), + ) + .arg( + Arg::with_name("metadata") + .long("metadata") + .help("Path to JSON containing the custom metadata provided by the user.") + .takes_value(true), + ), + ) + .subcommand( + SubCommand::with_name("measure-enclave") + .about("Measures an enclave image") + .arg( + Arg::with_name("docker-uri") + .long("docker-uri") + .help( + "Uri pointing to an existing docker container or to be created \ + locally when docker-dir is present", + ) + .required(true) + .takes_value(true), + ) + .arg( + Arg::with_name("docker-dir") + .long("docker-dir") + .help("Local path to a directory containing a Dockerfile") + .takes_value(true), + ) + .arg( + Arg::with_name("output-file") + .long("output-file") + .help("Location where the Enclave Image should be saved") + .group("action") + .takes_value(true), + ) + .arg( + Arg::with_name("signing-certificate") + .long("signing-certificate") + .help("Local path to developer's X509 signing certificate.") + .takes_value(true), + ) + .arg( + Arg::with_name("private-key") + .long("private-key") + .help("Local path to developer's Eliptic Curve private key.") + .takes_value(true), + ) .arg( Arg::with_name("image_name") .long("name") @@ -761,6 +1001,33 @@ macro_rules! create_app { .takes_value(true), ), ) + .subcommand( + SubCommand::with_name("sign-pcr0") + .about("Signs PCR0") + .arg( + Arg::with_name("pcr0") + .long("pcr0") + .help( + "PCR0 in hex format", + ) + .required(true) + .takes_value(true), + ) + .arg( + Arg::with_name("private-key") + .long("private-key") + .help("Local path to developer's Eliptic Curve private key.") + .required(true) + .takes_value(true), + ) + .arg( + Arg::with_name("output-file") + .long("output-file") + .help("Location where the signature should be saved") + .required(true) + .takes_value(true), + ) + ) .subcommand( SubCommand::with_name("describe-eif") .about("Returns information about the EIF found at a given path.") diff --git a/src/main.rs b/src/main.rs index 3c46d6b4..cee834f2 100644 --- a/src/main.rs +++ b/src/main.rs @@ -13,8 +13,8 @@ use log::info; use std::os::unix::net::UnixStream; use nitro_cli::common::commands_parser::{ - BuildEnclavesArgs, ConsoleArgs, DescribeEnclavesArgs, EmptyArgs, ExplainArgs, PcrArgs, - RunEnclavesArgs, TerminateEnclavesArgs, + BuildEnclavesArgs, ConsoleArgs, DescribeEnclavesArgs, EmptyArgs, ExplainArgs, + MeasureEnclavesArgs, PcrArgs, RunEnclavesArgs, SignPcrsArgs, TerminateEnclavesArgs, }; use nitro_cli::common::document_errors::explain_error; use nitro_cli::common::json_output::{EnclaveDescribeInfo, EnclaveRunInfo, EnclaveTerminateInfo}; @@ -29,7 +29,8 @@ use nitro_cli::enclave_proc_comm::{ }; use nitro_cli::{ build_enclaves, console_enclaves, create_app, describe_eif, get_all_enclave_names, - get_file_pcr, new_enclave_name, new_nitro_cli_failure, terminate_all_enclaves, + get_file_pcr, measure_enclaves, new_enclave_name, new_nitro_cli_failure, sign_pcrs, + terminate_all_enclaves, }; const RUN_ENCLAVE_STR: &str = "Run Enclave"; @@ -38,6 +39,8 @@ const DESCRIBE_EIF_STR: &str = "Describe EIF"; const TERMINATE_ENCLAVE_STR: &str = "Terminate Enclave"; const TERMINATE_ALL_ENCLAVES_STR: &str = "Terminate All Enclaves"; const BUILD_ENCLAVE_STR: &str = "Build Enclave"; +const MEASURE_ENCLAVE_STR: &str = "Measure Enclave"; +const SIGN_PCR_STR: &str = "Sign PCR"; const ENCLAVE_CONSOLE_STR: &str = "Enclave Console"; const EXPLAIN_ERR_STR: &str = "Explain Error"; const NEW_NAME_STR: &str = "New Enclave Name"; @@ -227,6 +230,36 @@ fn main() { }) .ok_or_exit_with_errno(None); } + Some(("measure-enclave", args)) => { + let measure_args = MeasureEnclavesArgs::new_with(args) + .map_err(|e| { + e.add_subaction("Failed to construct MeasureEnclave arguments".to_string()) + .set_action(MEASURE_ENCLAVE_STR.to_string()) + }) + .ok_or_exit_with_errno(None); + + measure_enclaves(measure_args) + .map_err(|e| { + e.add_subaction("Failed to measure enclave".to_string()) + .set_action(MEASURE_ENCLAVE_STR.to_string()) + }) + .ok_or_exit_with_errno(None); + } + Some(("sign-pcr0", args)) => { + let sign_args = SignPcrsArgs::new_with(args) + .map_err(|e| { + e.add_subaction("Failed to construct SignPcr0 arguments".to_string()) + .set_action(SIGN_PCR_STR.to_string()) + }) + .ok_or_exit_with_errno(None); + + sign_pcrs(sign_args) + .map_err(|e| { + e.add_subaction("Failed to sign PCR".to_string()) + .set_action(SIGN_PCR_STR.to_string()) + }) + .ok_or_exit_with_errno(None); + } Some(("describe-eif", args)) => { let eif_path = args .value_of("eif-path") diff --git a/tests/tests.rs b/tests/tests.rs index 380ea20d..ebb1de8d 100644 --- a/tests/tests.rs +++ b/tests/tests.rs @@ -81,6 +81,7 @@ mod tests { output: eif_path.to_str().unwrap().to_string(), signing_certificate: None, private_key: None, + signature: None, img_name: None, img_version: None, metadata: None, @@ -100,6 +101,7 @@ mod tests { output: eif_path.to_str().unwrap().to_string(), signing_certificate: None, private_key: None, + signature: None, img_name: None, img_version: None, metadata: None, @@ -111,6 +113,7 @@ mod tests { &args.output, &args.signing_certificate, &args.private_key, + &args.signature, &args.img_name, &args.img_version, &args.metadata, @@ -142,6 +145,7 @@ mod tests { output: eif_path.to_str().unwrap().to_string(), signing_certificate: None, private_key: None, + signature: None, img_name: None, img_version: None, metadata: None, @@ -153,6 +157,7 @@ mod tests { &args.output, &args.signing_certificate, &args.private_key, + &args.signature, &args.img_name, &args.img_version, &args.metadata, @@ -171,6 +176,7 @@ mod tests { output: eif_path.to_str().unwrap().to_string(), signing_certificate: None, private_key: None, + signature: None, img_name: None, img_version: None, metadata: None, @@ -182,6 +188,7 @@ mod tests { &args.output, &args.signing_certificate, &args.private_key, + &args.signature, &args.img_name, &args.img_version, &args.metadata, @@ -246,6 +253,7 @@ mod tests { output: eif_path, signing_certificate: Some(cert_path), private_key: Some(key_path), + signature: None, img_name: None, img_version: None, metadata: None, @@ -257,6 +265,7 @@ mod tests { &args.output, &args.signing_certificate, &args.private_key, + &args.signature, &args.img_name, &args.img_version, &args.metadata, @@ -289,6 +298,7 @@ mod tests { output: eif_path.to_str().unwrap().to_string(), signing_certificate: None, private_key: None, + signature: None, img_name: None, img_version: None, metadata: None, @@ -300,6 +310,7 @@ mod tests { &build_args.output, &build_args.signing_certificate, &build_args.private_key, + &build_args.signature, &build_args.img_name, &build_args.img_version, &build_args.metadata, @@ -335,6 +346,7 @@ mod tests { output: eif_path, signing_certificate: Some(cert_path), private_key: Some(key_path), + signature: None, img_name: None, img_version: None, metadata: None, @@ -346,6 +358,7 @@ mod tests { &build_args.output, &build_args.signing_certificate, &build_args.private_key, + &build_args.signature, &build_args.img_name, &build_args.img_version, &build_args.metadata, @@ -376,6 +389,7 @@ mod tests { output: eif_path.to_str().unwrap().to_string(), signing_certificate: None, private_key: None, + signature: None, img_name: None, img_version: None, metadata: None, @@ -387,6 +401,7 @@ mod tests { &build_args.output, &build_args.signing_certificate, &build_args.private_key, + &build_args.signature, &build_args.img_name, &build_args.img_version, &build_args.metadata, @@ -483,6 +498,7 @@ mod tests { output: eif_path.to_str().unwrap().to_string(), signing_certificate: None, private_key: None, + signature: None, img_name: None, img_version: None, metadata: None, @@ -494,6 +510,7 @@ mod tests { &build_args.output, &build_args.signing_certificate, &build_args.private_key, + &build_args.signature, &build_args.img_name, &build_args.img_version, &build_args.metadata, @@ -525,6 +542,7 @@ mod tests { output: eif_path.to_str().unwrap().to_string(), signing_certificate: None, private_key: None, + signature: None, img_name: None, img_version: None, metadata: None, @@ -536,6 +554,7 @@ mod tests { &build_args.output, &build_args.signing_certificate, &build_args.private_key, + &build_args.signature, &build_args.img_name, &build_args.img_version, &build_args.metadata, @@ -587,6 +606,7 @@ mod tests { output: eif_path.to_str().unwrap().to_string(), signing_certificate: None, private_key: None, + signature: None, img_name: None, img_version: None, metadata: None, @@ -598,6 +618,7 @@ mod tests { &build_args.output, &build_args.signing_certificate, &build_args.private_key, + &build_args.signature, &build_args.img_name, &build_args.img_version, &build_args.metadata, @@ -677,6 +698,7 @@ mod tests { output: eif_path.to_str().unwrap().to_string(), signing_certificate: None, private_key: None, + signature: None, img_name: None, img_version: None, metadata: None, @@ -688,6 +710,7 @@ mod tests { &args.output, &args.signing_certificate, &args.private_key, + &args.signature, &args.img_name, &args.img_version, &args.metadata, @@ -768,6 +791,7 @@ mod tests { output: eif_path.to_str().unwrap().to_string(), signing_certificate: None, private_key: None, + signature: None, img_name: Some("TestName".to_string()), img_version: Some("1.0".to_string()), metadata: Some(meta_path.to_str().unwrap().to_string()), @@ -779,6 +803,7 @@ mod tests { &args.output, &args.signing_certificate, &args.private_key, + &args.signature, &args.img_name, &args.img_version, &args.metadata, @@ -862,6 +887,7 @@ mod tests { output: eif_path.to_str().unwrap().to_string(), signing_certificate: None, private_key: None, + signature: None, img_name: None, img_version: None, metadata: None, @@ -873,6 +899,7 @@ mod tests { &args.output, &args.signing_certificate, &args.private_key, + &args.signature, &args.img_name, &args.img_version, &args.metadata, @@ -961,6 +988,7 @@ mod tests { output: eif_path.to_str().unwrap().to_string(), signing_certificate: None, private_key: None, + signature: None, img_name: None, img_version: None, metadata: None, @@ -972,6 +1000,7 @@ mod tests { &args.output, &args.signing_certificate, &args.private_key, + &args.signature, &args.img_name, &args.img_version, &args.metadata, @@ -1003,6 +1032,7 @@ mod tests { output: eif_path, signing_certificate: Some(cert_path), private_key: Some(key_path), + signature: None, img_name: None, img_version: None, metadata: None, @@ -1014,6 +1044,7 @@ mod tests { &args.output, &args.signing_certificate, &args.private_key, + &args.signature, &args.img_name, &args.img_version, &args.metadata, @@ -1045,6 +1076,7 @@ mod tests { output: eif_path, signing_certificate: Some(cert_path.clone()), private_key: Some(key_path), + signature: None, img_name: None, img_version: None, metadata: None, @@ -1056,6 +1088,7 @@ mod tests { &args.output, &args.signing_certificate, &args.private_key, + &args.signature, &args.img_name, &args.img_version, &args.metadata,