From f5b6c4efff2c57016e5a964be7ac0d26947ff65c Mon Sep 17 00:00:00 2001 From: Harald Hoyer Date: Thu, 15 Feb 2024 10:28:52 +0100 Subject: [PATCH] fix(tee-key-preexec): don't hash public key No need to hash the public key for the attestation report data. Signed-off-by: Harald Hoyer --- Cargo.lock | 1 - bin/tee-key-preexec/Cargo.toml | 1 - bin/tee-key-preexec/src/main.rs | 5 +---- 3 files changed, 1 insertion(+), 6 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 4c121d70..3d8bc4e6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2401,7 +2401,6 @@ dependencies = [ "hex", "k256", "rand", - "sha2", "teepot", "tracing", "tracing-log", diff --git a/bin/tee-key-preexec/Cargo.toml b/bin/tee-key-preexec/Cargo.toml index fb518e3c..0b86ef03 100644 --- a/bin/tee-key-preexec/Cargo.toml +++ b/bin/tee-key-preexec/Cargo.toml @@ -13,7 +13,6 @@ anyhow.workspace = true hex.workspace = true k256.workspace = true rand.workspace = true -sha2.workspace = true teepot.workspace = true tracing-log.workspace = true tracing-subscriber.workspace = true diff --git a/bin/tee-key-preexec/src/main.rs b/bin/tee-key-preexec/src/main.rs index d85a2f1b..e6738735 100644 --- a/bin/tee-key-preexec/src/main.rs +++ b/bin/tee-key-preexec/src/main.rs @@ -9,8 +9,6 @@ use anyhow::{Context, Result}; use hex::ToHex; use k256::ecdsa::SigningKey; -use sha2::Digest; -use sha2::Sha256; use std::env; use std::os::unix::process::CommandExt; use std::process::Command; @@ -41,9 +39,8 @@ fn main_with_error() -> Result<()> { let mut rng = rand::thread_rng(); let signing_key = SigningKey::random(&mut rng); let verifying_key_bytes = signing_key.verifying_key().to_sec1_bytes(); - let hash_verifying_key = Sha256::digest(verifying_key_bytes); let signing_key_string = signing_key.to_bytes().encode_hex::(); - let tee_type = match get_quote(&hash_verifying_key) { + let tee_type = match get_quote(verifying_key_bytes.as_ref()) { Ok(quote) => { // save quote to file std::fs::write(TEE_QUOTE_FILE, quote)?;