diff --git a/Cargo.lock b/Cargo.lock index 689d0fadb..62f472dad 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -278,6 +278,7 @@ dependencies = [ "hyper-tls", "kbs-types", "log", + "nix 0.26.4", "occlum_dcap", "serde", "serde_json", @@ -384,12 +385,6 @@ dependencies = [ "rustc-demangle", ] -[[package]] -name = "base16ct" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "349a06037c7bf932dd7e7d1f653678b2038b9ad46a74102f1fc7bd7872678cce" - [[package]] name = "base16ct" version = "0.2.0" @@ -879,11 +874,13 @@ dependencies = [ "async-trait", "base64 0.21.4", "clap 4.2.7", + "image", "kms", "lazy_static", "log", "protobuf 3.2.0", "secret", + "serde", "serde_json", "sev 0.1.0", "thiserror", @@ -892,12 +889,6 @@ dependencies = [ "ttrpc-codegen", ] -[[package]] -name = "const-oid" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e4c78c047431fee22c1a7bb92e00ad095a02a983affe4d8a72e2a2c62c1b94f3" - [[package]] name = "const-oid" version = "0.9.5" @@ -1091,28 +1082,6 @@ dependencies = [ "zeroize", ] -[[package]] -name = "crypto-bigint" -version = "0.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "03c6a1d5fa1de37e071642dfa44ec552ca5b299adb128fab16138e24b548fd21" -dependencies = [ - "generic-array", - "subtle", -] - -[[package]] -name = "crypto-bigint" -version = "0.4.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ef2b4b23cddf68b89b8f8069890e8c270d54e2d5fe1b143820234805e4cb17ef" -dependencies = [ - "generic-array", - "rand_core 0.6.4", - "subtle", - "zeroize", -] - [[package]] name = "crypto-bigint" version = "0.5.3" @@ -1136,6 +1105,21 @@ dependencies = [ "typenum", ] +[[package]] +name = "crypto_secretbox" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9d6cf87adf719ddf43a805e92c6870a531aedda35ff640442cbaf8674e141e1" +dependencies = [ + "aead", + "cipher", + "generic-array", + "poly1305", + "salsa20", + "subtle", + "zeroize", +] + [[package]] name = "csv-rs" version = "0.1.0" @@ -1185,19 +1169,32 @@ dependencies = [ [[package]] name = "curve25519-dalek" -version = "4.0.0-rc.1" +version = "4.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8d4ba9852b42210c7538b75484f9daa0655e9a3ac04f693747bb0f02cf3cfe16" +checksum = "622178105f911d937a42cdb140730ba4a3ed2becd8ae6ce39c7d28b5d75d4588" dependencies = [ "cfg-if", + "cpufeatures", + "curve25519-dalek-derive", "digest 0.10.7", "fiat-crypto", - "packed_simd_2", "platforms", + "rustc_version 0.4.0", "subtle", "zeroize", ] +[[package]] +name = "curve25519-dalek-derive" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "83fdaf97f4804dcebfa5862639bc9ce4121e82140bec2a987ac5140294865b5b" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.32", +] + [[package]] name = "curve25519-dalek-ng" version = "4.1.1" @@ -1303,26 +1300,13 @@ dependencies = [ "generic-array", ] -[[package]] -name = "der" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6919815d73839e7ad218de758883aae3a257ba6759ce7a9992501efbb53d705c" -dependencies = [ - "const-oid 0.7.1", - "crypto-bigint 0.3.2", - "pem-rfc7468 0.3.1", -] - [[package]] name = "der" version = "0.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f1a467a65c5e759bce6e65eaf91cc29f466cdc57cb65777bd646872a8a1fd4de" dependencies = [ - "const-oid 0.9.5", - "der_derive", - "flagset", + "const-oid", "pem-rfc7468 0.6.0", "zeroize", ] @@ -1333,21 +1317,22 @@ version = "0.7.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fffa369a668c8af7dbf8b5e56c9f744fbd399949ed171606040001947de40b1c" dependencies = [ - "const-oid 0.9.5", + "const-oid", + "der_derive", + "flagset", "pem-rfc7468 0.7.0", "zeroize", ] [[package]] name = "der_derive" -version = "0.6.1" +version = "0.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ef71ddb5b3a1f53dee24817c8f70dfa1cb29e804c18d88c228d4bc9c86ee3b9" +checksum = "5fe87ce4529967e0ba1dcf8450bab64d97dfd5010a6256187ffe2e43e6f0e049" dependencies = [ - "proc-macro-error", "proc-macro2", "quote", - "syn 1.0.109", + "syn 2.0.32", ] [[package]] @@ -1460,7 +1445,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" dependencies = [ "block-buffer 0.10.4", - "const-oid 0.9.5", + "const-oid", "crypto-common", "subtle", ] @@ -1546,18 +1531,6 @@ dependencies = [ "cipher", ] -[[package]] -name = "ecdsa" -version = "0.15.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "12844141594ad74185a926d030f3b605f6a903b4e3fec351f3ea338ac5b7637e" -dependencies = [ - "der 0.6.1", - "elliptic-curve 0.12.3", - "rfc6979 0.3.1", - "signature 2.0.0", -] - [[package]] name = "ecdsa" version = "0.16.8" @@ -1566,8 +1539,8 @@ checksum = "a4b1e0c257a9e9f25f90ff76d7a68360ed497ee519c8e428d1825ef0000799d4" dependencies = [ "der 0.7.8", "digest 0.10.7", - "elliptic-curve 0.13.5", - "rfc6979 0.4.0", + "elliptic-curve", + "rfc6979", "signature 2.0.0", "spki 0.7.2", ] @@ -1583,11 +1556,11 @@ dependencies = [ [[package]] name = "ed25519" -version = "2.1.0" +version = "2.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3cf420a7ec85d98495b0c34aa4a58ca117f982ffbece111aeb545160148d7010" +checksum = "60f6d271ca33075c88028be6f04d502853d63a5ece419d269c15315d4fc1cf1d" dependencies = [ - "pkcs8 0.9.0", + "pkcs8 0.10.2", "signature 2.0.0", ] @@ -1616,12 +1589,12 @@ dependencies = [ [[package]] name = "ed25519-dalek" -version = "2.0.0-pre.0" +version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7bd577ba9d4bcab443cac60003d8fd32c638e7024a3ec92c200d7af5d2c397ed" +checksum = "7277392b266383ef8396db7fdeb1e77b6c52fed775f5df15bb24f35b72156980" dependencies = [ - "curve25519-dalek 4.0.0-rc.1", - "ed25519 2.1.0", + "curve25519-dalek 4.1.0", + "ed25519 2.2.2", "rand_core 0.6.4", "serde", "sha2 0.10.7", @@ -1634,45 +1607,23 @@ version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07" -[[package]] -name = "elliptic-curve" -version = "0.12.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7bb888ab5300a19b8e5bceef25ac745ad065f3c9f7efc6de1b91958110891d3" -dependencies = [ - "base16ct 0.1.1", - "crypto-bigint 0.4.9", - "der 0.6.1", - "digest 0.10.7", - "ff 0.12.1", - "generic-array", - "group 0.12.1", - "hkdf", - "pem-rfc7468 0.6.0", - "pkcs8 0.9.0", - "rand_core 0.6.4", - "sec1 0.3.0", - "subtle", - "zeroize", -] - [[package]] name = "elliptic-curve" version = "0.13.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "968405c8fdc9b3bf4df0a6638858cc0b52462836ab6b1c87377785dd09cf1c0b" dependencies = [ - "base16ct 0.2.0", - "crypto-bigint 0.5.3", + "base16ct", + "crypto-bigint", "digest 0.10.7", - "ff 0.13.0", + "ff", "generic-array", - "group 0.13.0", + "group", "hkdf", "pem-rfc7468 0.7.0", "pkcs8 0.10.2", "rand_core 0.6.4", - "sec1 0.7.3", + "sec1", "subtle", "zeroize", ] @@ -1785,16 +1736,6 @@ version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6999dc1837253364c2ebb0704ba97994bd874e8f195d665c50b7548f6ea92764" -[[package]] -name = "ff" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d013fc25338cc558c5c2cfbad646908fb23591e2404481826742b651c9af7160" -dependencies = [ - "rand_core 0.6.4", - "subtle", -] - [[package]] name = "ff" version = "0.13.0" @@ -1807,9 +1748,9 @@ dependencies = [ [[package]] name = "fiat-crypto" -version = "0.1.20" +version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e825f6987101665dea6ec934c09ec6d721de7bc1bf92248e1d5810c8cd636b77" +checksum = "d0870c84016d4b481be5c9f323c24f65e31e901ae618f0e80f4308fb00de1d2d" [[package]] name = "filetime" @@ -2113,24 +2054,13 @@ version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" -[[package]] -name = "group" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5dfbfb3a6cfbd390d5c9564ab283a0349b9b9fcd46a706c1eb10e0db70bfbac7" -dependencies = [ - "ff 0.12.1", - "rand_core 0.6.4", - "subtle", -] - [[package]] name = "group" version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" dependencies = [ - "ff 0.13.0", + "ff", "rand_core 0.6.4", "subtle", ] @@ -2440,6 +2370,21 @@ dependencies = [ "unicode-normalization", ] +[[package]] +name = "image" +version = "0.1.0" +dependencies = [ + "assert-json-diff", + "base64 0.21.4", + "crypto", + "kms", + "resource_uri", + "rstest", + "serde", + "serde_json", + "thiserror", +] + [[package]] name = "image-rs" version = "0.1.0" @@ -2694,8 +2639,8 @@ dependencies = [ "hmac-sha256", "hmac-sha512", "k256", - "p256 0.13.2", - "p384 0.13.0", + "p256", + "p384", "rand 0.8.5", "rsa 0.7.2", "serde", @@ -2712,8 +2657,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cadb76004ed8e97623117f3df85b17aaa6626ab0b0831e6573f104df16cd1bcc" dependencies = [ "cfg-if", - "ecdsa 0.16.8", - "elliptic-curve 0.13.5", + "ecdsa", + "elliptic-curve", "once_cell", "sha2 0.10.7", "signature 2.0.0", @@ -2918,12 +2863,6 @@ dependencies = [ "winapi", ] -[[package]] -name = "libm" -version = "0.1.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7fc7aa29613bd6a620df431842069224d8bc9011086b1db4c0e0cd47fa03ec9a" - [[package]] name = "libm" version = "0.2.7" @@ -3207,7 +3146,7 @@ checksum = "dc84195820f291c7697304f3cbdadd1cb7199c0efc917ff5eafd71225c136151" dependencies = [ "byteorder", "lazy_static", - "libm 0.2.7", + "libm", "num-integer", "num-iter", "num-traits", @@ -3256,7 +3195,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f30b0abd723be7e2ffca1272140fac1a2f084c77ec3e123c192b66af1ee9e6c2" dependencies = [ "autocfg", - "libm 0.2.7", + "libm", ] [[package]] @@ -3578,39 +3517,15 @@ version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "04744f49eae99ab78e0d5c0b603ab218f515ea8cfe5a456d7629ad883a3b6e7d" -[[package]] -name = "p256" -version = "0.12.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49c124b3cbce43bcbac68c58ec181d98ed6cc7e6d0aa7c3ba97b2563410b0e55" -dependencies = [ - "ecdsa 0.15.1", - "elliptic-curve 0.12.3", - "primeorder 0.12.1", - "sha2 0.10.7", -] - [[package]] name = "p256" version = "0.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b" dependencies = [ - "ecdsa 0.16.8", - "elliptic-curve 0.13.5", - "primeorder 0.13.2", - "sha2 0.10.7", -] - -[[package]] -name = "p384" -version = "0.12.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "630a4a9b2618348ececfae61a4905f564b817063bf2d66cdfc2ced523fe1d2d4" -dependencies = [ - "ecdsa 0.15.1", - "elliptic-curve 0.12.3", - "primeorder 0.12.1", + "ecdsa", + "elliptic-curve", + "primeorder", "sha2 0.10.7", ] @@ -3620,22 +3535,12 @@ version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "70786f51bcc69f6a4c0360e063a4cac5419ef7c5cd5b3c99ad70f3be5ba79209" dependencies = [ - "ecdsa 0.16.8", - "elliptic-curve 0.13.5", - "primeorder 0.13.2", + "ecdsa", + "elliptic-curve", + "primeorder", "sha2 0.10.7", ] -[[package]] -name = "packed_simd_2" -version = "0.3.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1914cd452d8fccd6f9db48147b29fd4ae05bea9dc5d9ad578509f72415de282" -dependencies = [ - "cfg-if", - "libm 0.1.4", -] - [[package]] name = "parking_lot" version = "0.12.1" @@ -3661,9 +3566,9 @@ dependencies = [ [[package]] name = "password-hash" -version = "0.4.2" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7676374caaee8a325c9e7a2ae557f216c5563a171d6997b0ef8a65af35147700" +checksum = "346f04948ba92c43e8469c1ee6736c7563d71012b17d40745260fe106aac2166" dependencies = [ "base64ct", "rand_core 0.6.4", @@ -3679,6 +3584,16 @@ dependencies = [ "digest 0.10.7", ] +[[package]] +name = "pbkdf2" +version = "0.12.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2" +dependencies = [ + "digest 0.10.7", + "hmac", +] + [[package]] name = "peeking_take_while" version = "0.1.2" @@ -3687,20 +3602,12 @@ checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099" [[package]] name = "pem" -version = "1.1.1" +version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a8835c273a76a90455d7344889b0964598e3316e2a79ede8e36f16bdcf2228b8" +checksum = "6b13fe415cdf3c8e44518e18a7c95a13431d9bdf6d15367d82b23c377fdd441a" dependencies = [ - "base64 0.13.1", -] - -[[package]] -name = "pem-rfc7468" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "01de5d978f34aa4b2296576379fcc416034702fd94117c56ffd8a1a767cefb30" -dependencies = [ - "base64ct", + "base64 0.21.4", + "serde", ] [[package]] @@ -3769,27 +3676,30 @@ dependencies = [ [[package]] name = "picky" -version = "7.0.0-rc.5" +version = "7.0.0-rc.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72ac7d98dfb5e53cdea76b70df8d5e8dd7717a2d685a12f54c547e03b5afd76a" +checksum = "52cccdaffd2f361b4b4eb70b4249bd71d89bb66cb84b7f76483ecd1640c543ce" dependencies = [ - "base64 0.13.1", + "base64 0.21.4", "digest 0.10.7", + "ed25519-dalek 2.0.0", "md-5", "num-bigint-dig", - "oid", - "p256 0.12.0", - "p384 0.12.0", - "picky-asn1 0.7.2", + "p256", + "p384", + "picky-asn1 0.8.0", "picky-asn1-der 0.4.1", - "picky-asn1-x509 0.9.0", + "picky-asn1-x509 0.12.0", "rand 0.8.5", - "rsa 0.6.1", + "rand_core 0.6.4", + "rsa 0.9.2", "serde", - "sha-1", + "sha1", "sha2 0.10.7", "sha3", "thiserror", + "x25519-dalek", + "zeroize", ] [[package]] @@ -3803,18 +3713,6 @@ dependencies = [ "serde_bytes", ] -[[package]] -name = "picky-asn1" -version = "0.7.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f338f1fd4f3e13e75e986ca29f2a3c62528d88d3cbadf4afdcefb6b087f2d32" -dependencies = [ - "oid", - "serde", - "serde_bytes", - "zeroize", -] - [[package]] name = "picky-asn1" version = "0.8.0" @@ -3824,6 +3722,7 @@ dependencies = [ "oid", "serde", "serde_bytes", + "zeroize", ] [[package]] @@ -3863,14 +3762,14 @@ dependencies = [ [[package]] name = "picky-asn1-x509" -version = "0.9.0" +version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fdb51541f90aa99f2fa7191c8daebc224d500cd5963c6ca3e6cede9645a1b2e1" +checksum = "2c5f20f71a68499ff32310f418a6fad8816eac1a2859ed3f0c5c741389dd6208" dependencies = [ - "base64 0.13.1", + "base64 0.21.4", "num-bigint-dig", "oid", - "picky-asn1 0.7.2", + "picky-asn1 0.8.0", "picky-asn1-der 0.4.1", "serde", "zeroize", @@ -3908,17 +3807,6 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" -[[package]] -name = "pkcs1" -version = "0.3.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a78f66c04ccc83dd4486fd46c33896f4e17b24a7a3a6400dedc48ed0ddd72320" -dependencies = [ - "der 0.5.1", - "pkcs8 0.8.0", - "zeroize", -] - [[package]] name = "pkcs1" version = "0.4.1" @@ -3952,21 +3840,25 @@ dependencies = [ "cbc", "der 0.6.1", "hmac", - "pbkdf2", - "scrypt", + "pbkdf2 0.11.0", + "scrypt 0.10.0", "sha2 0.10.7", "spki 0.6.0", ] [[package]] -name = "pkcs8" -version = "0.8.0" +name = "pkcs5" +version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7cabda3fb821068a9a4fab19a683eac3af12edf0f34b94a8be53c4972b8149d0" +checksum = "e847e2c91a18bfa887dd028ec33f2fe6f25db77db3619024764914affe8b69a6" dependencies = [ - "der 0.5.1", - "spki 0.5.4", - "zeroize", + "aes", + "cbc", + "der 0.7.8", + "pbkdf2 0.12.2", + "scrypt 0.11.0", + "sha2 0.10.7", + "spki 0.7.2", ] [[package]] @@ -3976,7 +3868,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9eca2c590a5f85da82668fa685c09ce2888b9430e83299debf1f34b65fd4a4ba" dependencies = [ "der 0.6.1", - "pkcs5", + "pkcs5 0.5.0", "rand_core 0.6.4", "spki 0.6.0", ] @@ -3988,6 +3880,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" dependencies = [ "der 0.7.8", + "pkcs5 0.7.1", + "rand_core 0.6.4", "spki 0.7.2", ] @@ -4048,22 +3942,13 @@ dependencies = [ "syn 1.0.109", ] -[[package]] -name = "primeorder" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b54f7131b3dba65a2f414cf5bd25b66d4682e4608610668eae785750ba4c5b2" -dependencies = [ - "elliptic-curve 0.12.3", -] - [[package]] name = "primeorder" version = "0.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3c2fcef82c0ec6eefcc179b978446c399b3cdf73c392c35604e399eee6df1ee3" dependencies = [ - "elliptic-curve 0.13.5", + "elliptic-curve", ] [[package]] @@ -4523,17 +4408,6 @@ dependencies = [ "rand 0.8.5", ] -[[package]] -name = "rfc6979" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7743f17af12fa0b03b803ba12cd6a8d9483a587e89c69445e3909655c0b9fabb" -dependencies = [ - "crypto-bigint 0.4.9", - "hmac", - "zeroize", -] - [[package]] name = "rfc6979" version = "0.4.0" @@ -4568,26 +4442,6 @@ dependencies = [ "digest 0.10.7", ] -[[package]] -name = "rsa" -version = "0.6.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4cf22754c49613d2b3b119f0e5d46e34a2c628a937e3024b8762de4e7d8c710b" -dependencies = [ - "byteorder", - "digest 0.10.7", - "num-bigint-dig", - "num-integer", - "num-iter", - "num-traits", - "pkcs1 0.3.3", - "pkcs8 0.8.0", - "rand_core 0.6.4", - "smallvec", - "subtle", - "zeroize", -] - [[package]] name = "rsa" version = "0.7.2" @@ -4637,7 +4491,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6ab43bb47d23c1a631b4b680199a45255dce26fa9ab2fa902581f624ff13e6a8" dependencies = [ "byteorder", - "const-oid 0.9.5", + "const-oid", "digest 0.10.7", "num-bigint-dig", "num-integer", @@ -4829,8 +4683,19 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9f9e24d2b632954ded8ab2ef9fea0a0c769ea56ea98bddbafbad22caeeadf45d" dependencies = [ "hmac", + "pbkdf2 0.11.0", + "salsa20", + "sha2 0.10.7", +] + +[[package]] +name = "scrypt" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0516a385866c09368f0b5bcd1caff3366aace790fcd46e2bb032697bb172fd1f" +dependencies = [ "password-hash", - "pbkdf2", + "pbkdf2 0.12.2", "salsa20", "sha2 0.10.7", ] @@ -4845,27 +4710,13 @@ dependencies = [ "untrusted", ] -[[package]] -name = "sec1" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3be24c1842290c45df0a7bf069e0c268a747ad05a192f2fd7dcfdbc1cba40928" -dependencies = [ - "base16ct 0.1.1", - "der 0.6.1", - "generic-array", - "pkcs8 0.9.0", - "subtle", - "zeroize", -] - [[package]] name = "sec1" version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc" dependencies = [ - "base16ct 0.2.0", + "base16ct", "der 0.7.8", "generic-array", "pkcs8 0.10.2", @@ -4962,7 +4813,7 @@ dependencies = [ "dyn-clone", "eax", "ecb", - "ecdsa 0.16.8", + "ecdsa", "ed25519 1.5.3", "ed25519-dalek 1.0.1", "flate2", @@ -4978,7 +4829,7 @@ dependencies = [ "memsec", "num-bigint-dig", "once_cell", - "p256 0.13.2", + "p256", "rand 0.7.3", "rand 0.8.5", "rand_core 0.6.4", @@ -5187,6 +5038,17 @@ dependencies = [ "digest 0.10.7", ] +[[package]] +name = "sha1" +version = "0.10.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f04293dc80c3993519f2d7f6f511707ee7094fe0c6d3406feb330cdb3540eba3" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest 0.10.7", +] + [[package]] name = "sha1collisiondetection" version = "0.2.7" @@ -5281,33 +5143,34 @@ dependencies = [ [[package]] name = "sigstore" -version = "0.6.0" -source = "git+https://github.com/sigstore/sigstore-rs.git?rev=69e8f33#69e8f3310e5ecff7dbe15ae6b45e2edf091aa4db" +version = "0.7.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a306742205ee5e287f0c0cbb8f8361f6eda60a67232860c9e285778f001680fa" dependencies = [ "async-trait", "base64 0.21.4", "cfg-if", "chrono", - "const-oid 0.9.5", - "der 0.6.1", + "const-oid", + "crypto_secretbox", "digest 0.10.7", - "ecdsa 0.15.1", - "ed25519 2.1.0", - "ed25519-dalek 2.0.0-pre.0", - "elliptic-curve 0.12.3", + "ecdsa", + "ed25519 2.2.2", + "ed25519-dalek 2.0.0", + "elliptic-curve", "getrandom 0.2.10", "lazy_static", "oci-distribution", "olpc-cjson", - "p256 0.12.0", - "p384 0.12.0", + "p256", + "p384", "pem", "picky", - "pkcs1 0.4.1", - "pkcs8 0.9.0", + "pkcs1 0.7.5", + "pkcs8 0.10.2", "rand 0.8.5", - "rsa 0.8.2", - "scrypt", + "rsa 0.9.2", + "scrypt 0.11.0", "serde", "serde_json", "sha2 0.10.7", @@ -5318,7 +5181,6 @@ dependencies = [ "url", "webbrowser", "x509-cert", - "xsalsa20poly1305", "zeroize", ] @@ -5369,16 +5231,6 @@ version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" -[[package]] -name = "spki" -version = "0.5.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "44d01ac02a6ccf3e07db148d2be087da624fea0221a16152ed01f0496a6b0a27" -dependencies = [ - "base64ct", - "der 0.5.1", -] - [[package]] name = "spki" version = "0.6.0" @@ -6552,6 +6404,18 @@ dependencies = [ "windows-sys 0.48.0", ] +[[package]] +name = "x25519-dalek" +version = "2.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fb66477291e7e8d2b0ff1bcb900bf29489a9692816d79874bea351e7a8b6de96" +dependencies = [ + "curve25519-dalek 4.1.0", + "rand_core 0.6.4", + "serde", + "zeroize", +] + [[package]] name = "x25519-dalek-ng" version = "1.1.1" @@ -6566,14 +6430,13 @@ dependencies = [ [[package]] name = "x509-cert" -version = "0.1.1" +version = "0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "99d224a125dec5adda27d0346b9cae9794830279c4f9c27e4ab0b6c408d54012" +checksum = "25eefca1d99701da3a57feb07e5079fc62abba059fc139e98c13bbb250f3ef29" dependencies = [ - "const-oid 0.9.5", - "der 0.6.1", - "flagset", - "spki 0.6.0", + "const-oid", + "der 0.7.8", + "spki 0.7.2", ] [[package]] @@ -6585,19 +6448,6 @@ dependencies = [ "libc", ] -[[package]] -name = "xsalsa20poly1305" -version = "0.9.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "02a6dad357567f81cd78ee75f7c61f1b30bb2fe4390be8fb7c69e2ac8dffb6c7" -dependencies = [ - "aead", - "poly1305", - "salsa20", - "subtle", - "zeroize", -] - [[package]] name = "xxhash-rust" version = "0.8.7" diff --git a/image-rs/Cargo.toml b/image-rs/Cargo.toml index 66b78249a..70fba9bd6 100644 --- a/image-rs/Cargo.toml +++ b/image-rs/Cargo.toml @@ -37,7 +37,7 @@ serde = { workspace = true, features = ["serde_derive", "rc"] } serde_json.workspace = true serde_yaml = { version = "0.9", optional = true } sha2.workspace = true -sigstore = { git = "https://github.com/sigstore/sigstore-rs.git", rev = "69e8f33", default-features = false, optional = true} +sigstore = { version = "0.7.2", default-features = false, optional = true} strum.workspace = true strum_macros = "0.25" tar = "0.4.37" diff --git a/image-rs/src/signature/mechanism/cosign/mod.rs b/image-rs/src/signature/mechanism/cosign/mod.rs index cbfd4ee56..eb0b13ff5 100644 --- a/image-rs/src/signature/mechanism/cosign/mod.rs +++ b/image-rs/src/signature/mechanism/cosign/mod.rs @@ -18,7 +18,7 @@ use sigstore::{ }, crypto::SigningScheme, errors::SigstoreVerifyConstraintsError, - registry::Auth, + registry::{Auth, OciReference}, }; use super::SignScheme; @@ -134,39 +134,18 @@ impl CosignParameters { (Some(_), Some(_)) => bail!("Both keyPath and keyData are specified."), }; - let image_ref = image.reference.whole(); + let image_ref = ::from_str(&image.reference.whole())?; - let auth = auth.clone(); - // Get the signature layers in cosign signature "image"'s manifest - let signature_layers = tokio::task::spawn_blocking(move || -> Result<_> { - let auth = Auth::from(&auth); + let auth = Auth::from(auth); - let mut client = ClientBuilder::default().build()?; + let mut client = ClientBuilder::default().build()?; + let (cosign_image, source_image_digest) = client.triangulate(&image_ref, &auth).await?; + let signature_layers = client + .trusted_signature_layers(&auth, &source_image_digest, &cosign_image) + .await + .context("cosign verification: get signature layers failed")?; - // Get the cosign signature "image"'s uri and the signed image's digest - // - // We need a runtime here because now `triangulate` is a future - // that cannot be `Send` between threads. Thus we need to create a - // runtime and disable context switch here. - let rt = tokio::runtime::Runtime::new()?; - let (cosign_image, source_image_digest) = - rt.block_on(client.triangulate(&image_ref, &auth))?; - - let layers = rt.block_on(client.trusted_signature_layers( - &auth, - &source_image_digest, - &cosign_image, - ))?; - - Ok(layers) - }) - .await - .context("tokio spawn")? - .context("get signature layers")?; - - // By default, the hashing algorithm is SHA256 - let pub_key_verifier = - PublicKeyVerifier::new(&key, &SigningScheme::ECDSA_P256_SHA256_ASN1)?; + let pub_key_verifier = PublicKeyVerifier::try_from(&key)?; let verification_constraints: VerificationConstraintVec = vec![Box::new(pub_key_verifier)]; @@ -315,7 +294,7 @@ mod tests { "registry.cn-hangzhou.aliyuncs.com/xynnn/cosign:latest", false, // If verified failed, the pubkey given to verify will be printed. - "[PublicKeyVerifier { key: ECDSA_P256_SHA256_ASN1(VerifyingKey { inner: PublicKey { point: AffinePoint { x: FieldElement(UInt { limbs: [Limb(540873142526201775), Limb(9033147506996235883), Limb(13963524140470157687), Limb(5553333931660335980)] }), y: FieldElement(UInt { limbs: [Limb(310064843663294190), Limb(16768641685016372219), Limb(6660968332548595134), Limb(15802642679658786528)] }), infinity: 0 } } }) }]" + "[PublicKeyVerifier { key: ECDSA_P256_SHA256_ASN1(VerifyingKey { inner: PublicKey { point: AffinePoint { x: FieldElement(0x4D1167C9BBBCDB6CC1C867394D50C1777D5C2FCC46374E6B07819141E8D2CFAF), y: FieldElement(0xDB4E43CA897D2EE05C70836839AF5DBEE8B62EC4B93563FB044D92551FE33EEE), infinity: 0 } } }) }]" )] #[case( &format!("\ @@ -345,7 +324,7 @@ mod tests { "quay.io/kata-containers/confidential-containers:cosign-signed", false, // If verified failed, the pubkey given to verify will be printed. - "[PublicKeyVerifier { key: ECDSA_P256_SHA256_ASN1(VerifyingKey { inner: PublicKey { point: AffinePoint { x: FieldElement(UInt { limbs: [Limb(540873142526201775), Limb(9033147506996235883), Limb(13963524140470157687), Limb(5553333931660335980)] }), y: FieldElement(UInt { limbs: [Limb(310064843663294190), Limb(16768641685016372219), Limb(6660968332548595134), Limb(15802642679658786528)] }), infinity: 0 } } }) }]", + "[PublicKeyVerifier { key: ECDSA_P256_SHA256_ASN1(VerifyingKey { inner: PublicKey { point: AffinePoint { x: FieldElement(0x4D1167C9BBBCDB6CC1C867394D50C1777D5C2FCC46374E6B07819141E8D2CFAF), y: FieldElement(0xDB4E43CA897D2EE05C70836839AF5DBEE8B62EC4B93563FB044D92551FE33EEE), infinity: 0 } } }) }]", )] #[case( &format!("\