use avf_attestation::{
AttestationOps, ClientVmDiceChain, InMemoryKeyDerivationOps, KeyDerivationOps,
RequestProcessingError,
}; use ciborium::Value; use coset::{CborSerializable, CoseSign1}; use hwbcc::{get_bcc, sign_data, HwBccMode, SigningAlgorithm, HWBCC_MAX_RESP_PAYLOAD_LENGTH}; use hwkey::{Hwkey, KdfVersion, OsRollbackVersion, RollbackVersionSource}; use keymint_legacy_client::KeyMintSecureLegacyClient; use log::error; use rkp_ta::main_event_loop; use tipc::TipcError; use trusty_sys::Error; use zeroize::Zeroizing;
fn sign_with_cdi_leaf(&self, payload: &[u8]) -> avf_attestation::Result<CoseSign1> { letmut cose_sign1_buf = [0u8; HWBCC_MAX_RESP_PAYLOAD_LENGTH]; // Note: Test mode is ignored as this currently supports only IRPC V3. let cose_sign1_bytes = sign_data(
HwBccMode::Release,
SigningAlgorithm::ED25519,
payload,
&[],
&mut cose_sign1_buf,
)
.map_err(|e| {
error!("failed to get signed data: {:?}", e);
RequestProcessingError::InternalError
})?; let value = CoseSign1::from_slice(cose_sign1_bytes).map_err(|e| {
error!("failed to deserialize signed data: {:?}", e);
RequestProcessingError::InternalError
})?;
Ok(value)
}
/// Helper function to serialize a `cbor::value::Value` into bytes. fn serialize_cbor(cbor_value: &Value) -> avf_attestation::Result<Vec<u8>> { letmut buf = Vec::new();
ciborium::into_writer(cbor_value, &mut buf)
.map_err(|_| RequestProcessingError::InternalError)?;
Ok(buf)
}
// Function to get UDS certificates from KeyMint and encode them in a CBOR map. fn get_uds_certificates() -> avf_attestation::Result<Vec<u8>> { letmut km = match KeyMintSecureLegacyClient::new() {
Ok(km_client) => km_client,
Err(e) => {
error!("failed to create KeyMint legacy client: {:?}", e); return serialize_cbor(&Value::Map(Vec::new()));
}
};
match km.get_uds_certs() {
Ok(certs_vec) => { if certs_vec.is_empty() {
error!("no UDS certificates found");
Err(RequestProcessingError::InvalidUdsCerts)
} else { let encoded_certs = certs_vec.into_iter().map(Value::Bytes).collect::<Vec<_>>(); let uds_certs_cbor = Value::Map(vec![(
Value::Text(desktop_keymint::uds_signer_name().to_string()),
Value::Array(encoded_certs),
)]);
serialize_cbor(&uds_certs_cbor)
}
}
Err(e) => {
error!("failed to get UDS certs: {:?}", e);
Err(RequestProcessingError::InvalidUdsCerts)
}
}
}
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.