From b8ccbc79b70733ce83dd7ef3dee36de7be2d22f4 Mon Sep 17 00:00:00 2001 From: Ivan Petrov Date: Fri, 10 Jan 2025 17:05:59 +0000 Subject: [PATCH] Convert string UUIDs to bytes Fixes: 389059665 Change-Id: Icc0e70469f19b08aed72e47b95e512388eb937db --- .../src/policy/application.rs | 2 +- .../src/policy/container.rs | 2 +- .../src/policy/firmware.rs | 2 +- .../src/policy/kernel.rs | 2 +- .../src/policy/platform.rs | 2 +- .../src/policy/system.rs | 2 +- oak_attestation_verification_types/src/lib.rs | 22 ++++++++++--------- 7 files changed, 18 insertions(+), 16 deletions(-) diff --git a/oak_attestation_verification/src/policy/application.rs b/oak_attestation_verification/src/policy/application.rs index 90546df6e9..2ee796c1e8 100644 --- a/oak_attestation_verification/src/policy/application.rs +++ b/oak_attestation_verification/src/policy/application.rs @@ -56,7 +56,7 @@ impl Policy<[u8], Variant> for ApplicationPolicy { )?; // TODO: b/375137648 - Decode into new endorsement protos. let event_endorsement = decode_endorsement_proto::( - APPLICATION_ENDORSEMENT_ID, + &APPLICATION_ENDORSEMENT_ID, encoded_event_endorsement, )?; diff --git a/oak_attestation_verification/src/policy/container.rs b/oak_attestation_verification/src/policy/container.rs index a7841116a3..43508890a1 100644 --- a/oak_attestation_verification/src/policy/container.rs +++ b/oak_attestation_verification/src/policy/container.rs @@ -56,7 +56,7 @@ impl Policy<[u8], Variant> for ContainerPolicy { )?; // TODO: b/375137648 - Decode into new endorsement protos. let event_endorsement = decode_endorsement_proto::( - CONTAINER_ENDORSEMENT_ID, + &CONTAINER_ENDORSEMENT_ID, encoded_event_endorsement, )?; diff --git a/oak_attestation_verification/src/policy/firmware.rs b/oak_attestation_verification/src/policy/firmware.rs index 0a13b06555..2554703b32 100644 --- a/oak_attestation_verification/src/policy/firmware.rs +++ b/oak_attestation_verification/src/policy/firmware.rs @@ -45,7 +45,7 @@ impl Policy<[u8], Variant> for FirmwarePolicy { ) -> anyhow::Result { let initial_measurement = convert_amd_sev_snp_initial_measurement(firmware_measurement); let _firmware_endorsement = decode_endorsement_proto::( - FIRMWARE_ENDORSEMENT_ID, + &FIRMWARE_ENDORSEMENT_ID, encoded_firmware_endorsement, )?; diff --git a/oak_attestation_verification/src/policy/kernel.rs b/oak_attestation_verification/src/policy/kernel.rs index 47912b0120..2ecec53d46 100644 --- a/oak_attestation_verification/src/policy/kernel.rs +++ b/oak_attestation_verification/src/policy/kernel.rs @@ -55,7 +55,7 @@ impl Policy<[u8], Variant> for KernelPolicy { )?); // TODO: b/375137648 - Decode into new endorsement protos. let event_endorsements = decode_endorsement_proto::( - KERNEL_ENDORSEMENT_ID, + &KERNEL_ENDORSEMENT_ID, encoded_event_endorsement, )?; diff --git a/oak_attestation_verification/src/policy/platform.rs b/oak_attestation_verification/src/policy/platform.rs index 831537436c..90784bd2ae 100644 --- a/oak_attestation_verification/src/policy/platform.rs +++ b/oak_attestation_verification/src/policy/platform.rs @@ -49,7 +49,7 @@ impl Policy for AmdSevSnpPolicy { milliseconds_since_epoch: i64, ) -> anyhow::Result { let platform_endorsement = decode_endorsement_proto::( - AMD_SEV_SNP_PLATFORM_ENDORSEMENT_ID, + &AMD_SEV_SNP_PLATFORM_ENDORSEMENT_ID, encoded_platform_endorsement, )?; diff --git a/oak_attestation_verification/src/policy/system.rs b/oak_attestation_verification/src/policy/system.rs index f6eb1f1d4b..6f6ab2b082 100644 --- a/oak_attestation_verification/src/policy/system.rs +++ b/oak_attestation_verification/src/policy/system.rs @@ -53,7 +53,7 @@ impl Policy<[u8], Variant> for SystemPolicy { )?; // TODO: b/375137648 - Decode into new endorsement protos. let event_endorsements = decode_endorsement_proto::( - SYSTEM_ENDORSEMENT_ID, + &SYSTEM_ENDORSEMENT_ID, encoded_event_endorsement, )?; diff --git a/oak_attestation_verification_types/src/lib.rs b/oak_attestation_verification_types/src/lib.rs index 42de9475e1..d507387e3a 100644 --- a/oak_attestation_verification_types/src/lib.rs +++ b/oak_attestation_verification_types/src/lib.rs @@ -23,13 +23,15 @@ pub mod policy; pub mod util; pub mod verifier; -// IDs are generated as UUID v4 which is represented as a random string, except -// for the four bits that are used to indicate version 4 and two to three bits -// are used to indicate the variant. -// -pub static AMD_SEV_SNP_PLATFORM_ENDORSEMENT_ID: &[u8] = b"5a12d00f-48a0-4224-bff4-975c7657438f"; -pub static FIRMWARE_ENDORSEMENT_ID: &[u8] = b"de4a0d55-60ea-4dc6-abd1-09ed744f80ea"; -pub static KERNEL_ENDORSEMENT_ID: &[u8] = b"89511d65-5d35-4601-900b-1e6dbaf842b6"; -pub static SYSTEM_ENDORSEMENT_ID: &[u8] = b"4722655d-963d-4fc9-8443-f14571dd32a2"; -pub static APPLICATION_ENDORSEMENT_ID: &[u8] = b"e84ed714-669d-430a-a60f-8a651e5a5503"; -pub static CONTAINER_ENDORSEMENT_ID: &[u8] = b"7297a51f-a05d-49a1-afdb-64cdee07862d"; +pub static AMD_SEV_SNP_PLATFORM_ENDORSEMENT_ID: [u8; 16] = + [90, 18, 208, 15, 72, 160, 66, 36, 191, 244, 151, 92, 118, 87, 67, 143]; +pub static FIRMWARE_ENDORSEMENT_ID: [u8; 16] = + [222, 74, 13, 85, 96, 234, 77, 198, 171, 209, 9, 237, 116, 79, 128, 234]; +pub static KERNEL_ENDORSEMENT_ID: [u8; 16] = + [137, 81, 29, 101, 93, 53, 70, 1, 144, 11, 30, 109, 186, 248, 66, 182]; +pub static SYSTEM_ENDORSEMENT_ID: [u8; 16] = + [71, 34, 101, 93, 150, 61, 79, 201, 132, 67, 241, 69, 113, 221, 50, 162]; +pub static APPLICATION_ENDORSEMENT_ID: [u8; 16] = + [232, 78, 215, 20, 102, 157, 67, 10, 166, 15, 138, 101, 30, 90, 85, 3]; +pub static CONTAINER_ENDORSEMENT_ID: [u8; 16] = + [114, 151, 165, 31, 160, 93, 73, 161, 175, 219, 100, 205, 238, 7, 134, 45];