fix(tee-key-preexec): don't hash public key

No need to hash the public key for the attestation report data. Signed-off-by: Harald Hoyer <[email protected]>
matter-labs · Feb 15, 2024 · f5b6c4e · f5b6c4e
1 parent 761d546
commit f5b6c4e
Show file tree

Hide file tree

Showing 3 changed files with 1 addition and 6 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/bin/tee-key-preexec/Cargo.toml b/bin/tee-key-preexec/Cargo.toml
@@ -13,7 +13,6 @@ anyhow.workspace = true
 hex.workspace = true
 k256.workspace = true
 rand.workspace = true
-sha2.workspace = true
 teepot.workspace = true
 tracing-log.workspace = true
 tracing-subscriber.workspace = true

diff --git a/bin/tee-key-preexec/src/main.rs b/bin/tee-key-preexec/src/main.rs
@@ -9,8 +9,6 @@
 use anyhow::{Context, Result};
 use hex::ToHex;
 use k256::ecdsa::SigningKey;
-use sha2::Digest;
-use sha2::Sha256;
 use std::env;
 use std::os::unix::process::CommandExt;
 use std::process::Command;
@@ -41,9 +39,8 @@ fn main_with_error() -> Result<()> {
     let mut rng = rand::thread_rng();
     let signing_key = SigningKey::random(&mut rng);
     let verifying_key_bytes = signing_key.verifying_key().to_sec1_bytes();
-    let hash_verifying_key = Sha256::digest(verifying_key_bytes);
     let signing_key_string = signing_key.to_bytes().encode_hex::<String>();
-    let tee_type = match get_quote(&hash_verifying_key) {
+    let tee_type = match get_quote(verifying_key_bytes.as_ref()) {
         Ok(quote) => {
             // save quote to file
             std::fs::write(TEE_QUOTE_FILE, quote)?;