From 60f1c8c2e296b1dd9c8c981a9af8e6e78350a6c7 Mon Sep 17 00:00:00 2001 From: ghe0 Date: Thu, 23 Jan 2025 04:35:46 +0200 Subject: [PATCH] changed admin encoding type to bs58 --- dtrfs_api/Cargo.lock | 27 ++++++++++++++++++++++++++- dtrfs_api/Cargo.toml | 5 +++-- dtrfs_api/src/main.rs | 22 ++++++++++++---------- 3 files changed, 41 insertions(+), 13 deletions(-) diff --git a/dtrfs_api/Cargo.lock b/dtrfs_api/Cargo.lock index f72473f..77c70ff 100644 --- a/dtrfs_api/Cargo.lock +++ b/dtrfs_api/Cargo.lock @@ -1,6 +1,6 @@ # This file is automatically @generated by Cargo. # It is not intended for manual editing. -version = 3 +version = 4 [[package]] name = "actix-codec" @@ -409,6 +409,15 @@ dependencies = [ "alloc-stdlib", ] +[[package]] +name = "bs58" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bf88ba1141d185c399bee5288d850d63b8369520c1eafc32a0430b5b6c287bf4" +dependencies = [ + "tinyvec", +] + [[package]] name = "byteorder" version = "1.5.0" @@ -670,6 +679,7 @@ dependencies = [ "anyhow", "base64", "bincode", + "bs58", "ed25519-dalek", "lazy_static", "regex", @@ -2081,6 +2091,21 @@ dependencies = [ "zerovec", ] +[[package]] +name = "tinyvec" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "022db8904dfa342efe721985167e9fcd16c29b226db4397ed752a761cfce81e8" +dependencies = [ + "tinyvec_macros", +] + +[[package]] +name = "tinyvec_macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" + [[package]] name = "tls_codec" version = "0.4.1" diff --git a/dtrfs_api/Cargo.toml b/dtrfs_api/Cargo.toml index f01b59f..493439b 100644 --- a/dtrfs_api/Cargo.toml +++ b/dtrfs_api/Cargo.toml @@ -4,15 +4,16 @@ version = "0.1.0" edition = "2021" [dependencies] +bs58 = "0.5.1" anyhow = "1.0.93" -base64 = "0.22.1" bincode = "1.3.3" regex = "1.11.1" sev = { version = "4.0", default-features = false, features = ['crypto_nossl','snp'] } -ed25519-dalek = { version = "2.1.1", features = ["pem", "pkcs8"] } +ed25519-dalek = { version = "2.1.1" } lazy_static = "1.5.0" actix-web = { version = "4.9.0", features = ["rustls-0_23"] } sha3 = "0.10.8" rustls = "0.23.18" rustls-pemfile = "2.2.0" serde = { version = "1.0.215", features = ["derive"] } +base64 = "0.22.1" diff --git a/dtrfs_api/src/main.rs b/dtrfs_api/src/main.rs index d031580..42260f3 100644 --- a/dtrfs_api/src/main.rs +++ b/dtrfs_api/src/main.rs @@ -2,8 +2,7 @@ mod os; mod snp; use actix_web::{get, post, web, App, HttpRequest, HttpResponse, HttpServer}; -use base64::prelude::{Engine, BASE64_URL_SAFE}; -use ed25519_dalek::{pkcs8::DecodePublicKey, Signature, Verifier, VerifyingKey}; +use ed25519_dalek::{Signature, Verifier, VerifyingKey}; use lazy_static::lazy_static; use regex::Regex; use rustls::{pki_types::PrivateKeyDer, ServerConfig}; @@ -45,13 +44,16 @@ fn get_cert_hash() -> [u8; 64] { } fn verifying_key() -> Result> { - let re = Regex::new(r"detee_admin=([A-Za-z0-9+/=]+)").unwrap(); + let re = Regex::new(r"detee_admin=([A-Za-z0-9]+)").unwrap(); let key_str = re.find(&CMDLINE).map(|m| m.as_str()).unwrap_or(""); - let key_pem = format!( - "-----BEGIN PUBLIC KEY-----\n{}\n-----END PUBLIC KEY-----\n", - key_str.strip_prefix("detee_admin=").ok_or("Could not get admin key from cmdline")? - ); - Ok(VerifyingKey::from_public_key_pem(&key_pem)?) + let key_str = + key_str.strip_prefix("detee_admin=").ok_or("Could not get admin key from cmdline")?; + Ok(VerifyingKey::from_bytes( + &bs58::decode(key_str) + .into_vec()? + .try_into() + .map_err(|_| bs58::decode::Error::BufferTooSmall)?, + )?) } fn verify(req: &HttpRequest) -> Result<(), Box> { @@ -60,8 +62,8 @@ fn verify(req: &HttpRequest) -> Result<(), Box> { .get("ed25519-signature") .ok_or_else(|| "Did not find ed25519-signature header")?; - let signature: &[u8] = &BASE64_URL_SAFE.decode(signature)?; - let signature = Signature::from_bytes(signature.try_into()?); + let signature = bs58::decode(signature).into_vec()?; + let signature = Signature::from_bytes(signature.as_slice().try_into()?); let verifying_key = verifying_key()?; Ok(verifying_key.verify(CRT_CONTENTS.as_bytes(), &signature)?) } -- 2.43.0