Skip to content

Commit

Permalink
Use the vendored version of ring
Browse files Browse the repository at this point in the history 
Requires updating our code to accomodate API changes since the vendored version is newer
  • Loading branch information
@jul-sh
jul-sh committed Apr 6, 2022
1 parent 9ff78a6 commit f021426
Show file tree
Hide file tree
Showing 3 changed files with 41 additions and 15 deletions.
38 changes: 28 additions & 10 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion remote_attestation/rust/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ anyhow = { version = "*", default-features = false }
bytes = { version = "*", default-features = false }
log = "*"
prost = { version = "*", default-features = false, features = ["prost-derive"] }
ring = "*"
ring = { path = "../../third_party/ring" }

[build-dependencies]
prost-build = "*"
Expand Down
16 changes: 12 additions & 4 deletions remote_attestation/rust/src/crypto.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -237,8 +237,13 @@ impl KeyNegotiator {
let (encryption_key, decryption_key) = agreement::agree_ephemeral(
self.private_key,
&agreement::UnparsedPublicKey::new(KEY_AGREEMENT_ALGORITHM, peer_public_key),
anyhow!("Couldn't derive session keys"),
|key_material| {
|key_material| -> Result<
(
Result<[u8; KEY_AGREEMENT_ALGORITHM_KEY_LENGTH], anyhow::Error>,
Result<[u8; KEY_AGREEMENT_ALGORITHM_KEY_LENGTH], anyhow::Error>,
),
anyhow::Error,
> {
let key_material = key_material
.try_into()
.map_err(anyhow::Error::msg)
Expand Down Expand Up @@ -284,6 +289,8 @@ impl KeyNegotiator {
}
},
)
.map_err(anyhow::Error::msg)
.context("Couldn't derive session keys")?
.context("Couldn't agree on session keys")?;
Ok((
EncryptionKey(encryption_key.context("Couldn't derive encryption key")?),
Expand Down Expand Up @@ -351,8 +358,9 @@ impl Signer {
let rng = ring::rand::SystemRandom::new();
let key_pair_pkcs8 = EcdsaKeyPair::generate_pkcs8(SIGNING_ALGORITHM, &rng)
.map_err(|error| anyhow!("Couldn't generate PKCS#8 key pair: {:?}", error))?;
let key_pair = EcdsaKeyPair::from_pkcs8(SIGNING_ALGORITHM, key_pair_pkcs8.as_ref())
.map_err(|error| anyhow!("Couldn't parse generated key pair: {:?}", error))?;
let key_pair =
EcdsaKeyPair::from_pkcs8(SIGNING_ALGORITHM, key_pair_pkcs8.as_ref(), &rng)
.map_err(|error| anyhow!("Couldn't parse generated key pair: {:?}", error))?;

Ok(Self { key_pair })
}
Expand Down

0 comments on commit f021426

Please sign in to comment.