2025-01-24 23:22:40 +00:00
3 changed files with 41 additions and 13 deletions
--- a/dtrfs_api/Cargo.lock
+++ b/dtrfs_api/Cargo.lock
@ -1,6 +1,6 @@
 # This file is automatically @generated by Cargo.
 # It is not intended for manual editing.
-version = 3
+version = 4

 [[package]]
 name = "actix-codec"
@ -409,6 +409,15 @@ dependencies = [
 "alloc-stdlib",
 ]

+[[package]]
+name = "bs58"
+version = "0.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bf88ba1141d185c399bee5288d850d63b8369520c1eafc32a0430b5b6c287bf4"
+dependencies = [
+ "tinyvec",
+]
+
 [[package]]
 name = "byteorder"
 version = "1.5.0"
@ -670,6 +679,7 @@ dependencies = [
 "anyhow",
 "base64",
 "bincode",
+ "bs58",
 "ed25519-dalek",
 "lazy_static",
 "regex",
@ -2081,6 +2091,21 @@ dependencies = [
 "zerovec",
 ]

+[[package]]
+name = "tinyvec"
+version = "1.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "022db8904dfa342efe721985167e9fcd16c29b226db4397ed752a761cfce81e8"
+dependencies = [
+ "tinyvec_macros",
+]
+
+[[package]]
+name = "tinyvec_macros"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
+
 [[package]]
 name = "tls_codec"
 version = "0.4.1"
--- a/dtrfs_api/Cargo.toml
+++ b/dtrfs_api/Cargo.toml
@ -4,15 +4,16 @@ version = "0.1.0"
 edition = "2021"

 [dependencies]
+bs58 = "0.5.1"
 anyhow = "1.0.93"
-base64 = "0.22.1"
 bincode = "1.3.3"
 regex = "1.11.1"
 sev = { version = "4.0", default-features = false, features = ['crypto_nossl','snp'] }
-ed25519-dalek = { version = "2.1.1", features = ["pem", "pkcs8"] }
+ed25519-dalek = { version = "2.1.1" }
 lazy_static = "1.5.0"
 actix-web = { version = "4.9.0", features = ["rustls-0_23"] }
 sha3 = "0.10.8"
 rustls = "0.23.18"
 rustls-pemfile = "2.2.0"
 serde = { version = "1.0.215", features = ["derive"] }
+base64 = "0.22.1"
--- a/dtrfs_api/src/main.rs
+++ b/dtrfs_api/src/main.rs
@ -2,8 +2,7 @@ mod os;
 mod snp;

 use actix_web::{get, post, web, App, HttpRequest, HttpResponse, HttpServer};
-use base64::prelude::{Engine, BASE64_URL_SAFE};
-use ed25519_dalek::{pkcs8::DecodePublicKey, Signature, Verifier, VerifyingKey};
+use ed25519_dalek::{Signature, Verifier, VerifyingKey};
 use lazy_static::lazy_static;
 use regex::Regex;
 use rustls::{pki_types::PrivateKeyDer, ServerConfig};
@ -45,13 +44,16 @@ fn get_cert_hash() -> [u8; 64] {
 }

 fn verifying_key() -> Result<VerifyingKey, Box<dyn std::error::Error>> {
-    let re = Regex::new(r"detee_admin=([A-Za-z0-9+/=]+)").unwrap();
+    let re = Regex::new(r"detee_admin=([A-Za-z0-9]+)").unwrap();
    let key_str = re.find(&CMDLINE).map(|m| m.as_str()).unwrap_or("");
-    let key_pem = format!(
-        "-----BEGIN PUBLIC KEY-----\n{}\n-----END PUBLIC KEY-----\n",
-        key_str.strip_prefix("detee_admin=").ok_or("Could not get admin key from cmdline")?
-    );
-    Ok(VerifyingKey::from_public_key_pem(&key_pem)?)
+    let key_str =
+        key_str.strip_prefix("detee_admin=").ok_or("Could not get admin key from cmdline")?;
+    Ok(VerifyingKey::from_bytes(
+        &bs58::decode(key_str)
+            .into_vec()?
+            .try_into()
+            .map_err(|_| bs58::decode::Error::BufferTooSmall)?,
+    )?)
 }

 fn verify(req: &HttpRequest) -> Result<(), Box<dyn std::error::Error>> {
@ -60,8 +62,8 @@ fn verify(req: &HttpRequest) -> Result<(), Box<dyn std::error::Error>> {
        .get("ed25519-signature")
        .ok_or_else(|| "Did not find ed25519-signature header")?;

-    let signature: &[u8] = &BASE64_URL_SAFE.decode(signature)?;
-    let signature = Signature::from_bytes(signature.try_into()?);
+    let signature = bs58::decode(signature).into_vec()?;
+    let signature = Signature::from_bytes(signature.as_slice().try_into()?);
    let verifying_key = verifying_key()?;
    Ok(verifying_key.verify(CRT_CONTENTS.as_bytes(), &signature)?)
 }