diff --git a/Cargo.lock b/Cargo.lock index 77cf193a0ad..a6b06cdc120 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2287,7 +2287,6 @@ dependencies = [ "anyhow", "ciborium", "coset", - "log", "micro_rpc_build", "oak_crypto", "oak_dice", @@ -2536,7 +2535,6 @@ dependencies = [ "anyhow", "async-stream", "async-trait", - "oak_attestation", "oak_crypto", "oak_grpc_utils", "oak_proto_rust", diff --git a/oak_attestation/BUILD b/oak_attestation/BUILD index f30f923f9fa..06a790c7071 100644 --- a/oak_attestation/BUILD +++ b/oak_attestation/BUILD @@ -13,8 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # -load("@rules_rust//cargo:defs.bzl", "cargo_build_script") load("@rules_rust//rust:defs.bzl", "rust_library") +load("//bazel:defs.bzl", "either_platform") package( default_visibility = ["//visibility:public"], @@ -24,41 +24,35 @@ package( rust_library( name = "oak_attestation", srcs = glob(["src/**"]), + target_compatible_with = either_platform([ + "//:x86_64-linux-setting", + "//:x86_64-none-setting", + ]), deps = [ - ":build", "//micro_rpc", "//oak_crypto", "//oak_dice", "//oak_proto_rust", - "@oak_crates_index//:anyhow", - "@oak_crates_index//:ciborium", - "@oak_crates_index//:coset", - "@oak_crates_index//:log", - "@oak_crates_index//:p256", - "@oak_crates_index//:prost", - "@oak_crates_index//:rand_core", - "@oak_crates_index//:sha2", - "@oak_crates_index//:zeroize", - ], -) - -cargo_build_script( - name = "build", - srcs = [ - "build.rs", - ], - build_script_env = { - "PROTOC": "$(execpath @com_google_protobuf//:protoc)", - }, - data = [ - "//proto/attestation:dice_proto", - "//proto/attestation:endorsement_proto", - "//proto/attestation:evidence_proto", - "//proto/session:messages_proto", - "@com_google_protobuf//:protoc", - ], - deps = [ - "//micro_rpc_build", - "@oak_crates_index//:prost-build", - ], + ] + select({ + "@platforms//os:none": [ + "@oak_no_std_crates_index//:anyhow", + "@oak_no_std_crates_index//:ciborium", + "@oak_no_std_crates_index//:coset", + "@oak_no_std_crates_index//:p256", + "@oak_no_std_crates_index//:prost", + "@oak_no_std_crates_index//:rand_core", + "@oak_no_std_crates_index//:sha2", + "@oak_no_std_crates_index//:zeroize", + ], + "//conditions:default": [ + "@oak_crates_index//:anyhow", + "@oak_crates_index//:ciborium", + "@oak_crates_index//:coset", + "@oak_crates_index//:p256", + "@oak_crates_index//:prost", + "@oak_crates_index//:rand_core", + "@oak_crates_index//:sha2", + "@oak_crates_index//:zeroize", + ], + }), ) diff --git a/oak_attestation/Cargo.toml b/oak_attestation/Cargo.toml index 1ae2cd75dea..0bcab11bdc3 100644 --- a/oak_attestation/Cargo.toml +++ b/oak_attestation/Cargo.toml @@ -8,7 +8,6 @@ license = "Apache-2.0" anyhow = { version = "*", default-features = false } ciborium = { version = "*", default-features = false } coset = { version = "*", default-features = false } -log = { version = "*", default-features = false } oak_crypto = { workspace = true } oak_dice = { workspace = true } oak_proto_rust = { workspace = true } diff --git a/oak_attestation/build.rs b/oak_attestation/build.rs deleted file mode 100644 index 9a9e829181e..00000000000 --- a/oak_attestation/build.rs +++ /dev/null @@ -1,30 +0,0 @@ -// -// Copyright 2022 The Project Oak Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// - -fn main() -> Result<(), Box> { - micro_rpc_build::compile( - &[ - "../proto/attestation/dice.proto", - "../proto/attestation/evidence.proto", - "../proto/attestation/endorsement.proto", - "../proto/session/messages.proto", - ], - &[".."], - Default::default(), - ); - - Ok(()) -} diff --git a/oak_attestation/src/dice.rs b/oak_attestation/src/dice.rs index 4b6bdbe6751..4164be20821 100644 --- a/oak_attestation/src/dice.rs +++ b/oak_attestation/src/dice.rs @@ -25,13 +25,12 @@ use oak_dice::{ }, evidence::Stage0DiceData, }; -use p256::ecdsa::{SigningKey, VerifyingKey}; -use zeroize::Zeroize; - -use crate::proto::oak::attestation::v1::{ +use oak_proto_rust::oak::attestation::v1::{ ApplicationKeys, CertificateAuthority, DiceData, Evidence, LayerEvidence, RootLayerEvidence, TeePlatform, }; +use p256::ecdsa::{SigningKey, VerifyingKey}; +use zeroize::Zeroize; /// Builds the DICE evidence and certificate authority for the next DICE layer. pub struct DiceBuilder { diff --git a/oak_attestation/src/lib.rs b/oak_attestation/src/lib.rs index b91bc39d33a..d5dd654a2e8 100644 --- a/oak_attestation/src/lib.rs +++ b/oak_attestation/src/lib.rs @@ -18,17 +18,5 @@ extern crate alloc; -pub mod proto { - pub mod oak { - pub mod session { - pub mod v1 { - #![allow(dead_code)] - include!(concat!(env!("OUT_DIR"), "/oak.session.v1.rs")); - } - } - pub use oak_proto_rust::oak::{attestation, crypto}; - } -} - pub mod dice; pub mod handler; diff --git a/oak_containers_orchestrator/src/dice.rs b/oak_containers_orchestrator/src/dice.rs index d9019c19f5d..f17ed1ddf2a 100644 --- a/oak_containers_orchestrator/src/dice.rs +++ b/oak_containers_orchestrator/src/dice.rs @@ -21,11 +21,12 @@ use std::{ use anyhow::Context; use ciborium::Value; use coset::cwt::ClaimName; -use oak_attestation::{dice::DiceBuilder, proto::oak::attestation::v1::DiceData}; +use oak_attestation::dice::DiceBuilder; use oak_dice::cert::{ CONTAINER_IMAGE_LAYER_ID, FINAL_LAYER_CONFIG_MEASUREMENT_ID, LAYER_3_CODE_MEASUREMENT_ID, SHA2_256_ID, }; +use oak_proto_rust::oak::attestation::v1::DiceData; use prost::Message; use sha2::{Digest, Sha256}; use zeroize::Zeroize; diff --git a/oak_containers_orchestrator/src/lib.rs b/oak_containers_orchestrator/src/lib.rs index ed511465925..922ef6ba797 100644 --- a/oak_containers_orchestrator/src/lib.rs +++ b/oak_containers_orchestrator/src/lib.rs @@ -23,7 +23,6 @@ pub mod proto { tonic::include_proto!("oak.containers.v1"); } } - pub use oak_attestation::proto::oak::session; pub use oak_proto_rust::oak::{attestation, crypto}; pub mod key_provisioning { pub mod v1 { diff --git a/oak_containers_sdk/BUILD b/oak_containers_sdk/BUILD index 0fd5332ce1d..986f2c0d93c 100644 --- a/oak_containers_sdk/BUILD +++ b/oak_containers_sdk/BUILD @@ -34,7 +34,6 @@ rust_library( ], deps = [ ":build", - "//oak_attestation", "//oak_crypto", "//oak_proto_rust", "@oak_crates_index//:anyhow", diff --git a/oak_containers_sdk/Cargo.toml b/oak_containers_sdk/Cargo.toml index 0cb1492ce17..4f776627e2b 100644 --- a/oak_containers_sdk/Cargo.toml +++ b/oak_containers_sdk/Cargo.toml @@ -11,7 +11,6 @@ oak_grpc_utils = { workspace = true } [dependencies] anyhow = "*" async-trait = { version = "*", default-features = false } -oak_attestation = { workspace = true } oak_proto_rust = { workspace = true } oak_crypto = { workspace = true } prost = "*" diff --git a/oak_containers_sdk/src/lib.rs b/oak_containers_sdk/src/lib.rs index 8b7deab8f72..02b8646c7b9 100644 --- a/oak_containers_sdk/src/lib.rs +++ b/oak_containers_sdk/src/lib.rs @@ -22,8 +22,7 @@ mod proto { tonic::include_proto!("oak.containers.v1"); } } - pub use oak_attestation::proto::oak::attestation; - pub use oak_proto_rust::oak::crypto; + pub use oak_proto_rust::oak::{attestation, crypto}; } } diff --git a/oak_containers_stage1/src/client.rs b/oak_containers_stage1/src/client.rs index 9c5f8f99ebb..14eb0cd898c 100644 --- a/oak_containers_stage1/src/client.rs +++ b/oak_containers_stage1/src/client.rs @@ -19,7 +19,7 @@ mod proto { pub mod containers { tonic::include_proto!("oak.containers"); } - pub use oak_attestation::proto::oak::attestation; + pub use oak_proto_rust::oak::attestation; } } diff --git a/oak_containers_stage1/src/dice.rs b/oak_containers_stage1/src/dice.rs index 9888a289808..cae9e6e6598 100644 --- a/oak_containers_stage1/src/dice.rs +++ b/oak_containers_stage1/src/dice.rs @@ -21,14 +21,12 @@ use anyhow::Context; use ciborium::Value; use coset::cwt::ClaimName; use nix::sys::mman::{mmap, munmap, MapFlags, ProtFlags}; -use oak_attestation::{ - dice::{stage0_dice_data_to_proto, DiceBuilder}, - proto::oak::attestation::v1::DiceData, -}; +use oak_attestation::dice::{stage0_dice_data_to_proto, DiceBuilder}; use oak_dice::{ cert::{LAYER_2_CODE_MEASUREMENT_ID, SHA2_256_ID, SYSTEM_IMAGE_LAYER_ID}, evidence::{Stage0DiceData, STAGE0_MAGIC}, }; +use oak_proto_rust::oak::attestation::v1::DiceData; use sha2::{Digest, Sha256}; use x86_64::PhysAddr; use zerocopy::FromBytes; diff --git a/oak_functions_containers_app/src/lib.rs b/oak_functions_containers_app/src/lib.rs index 952513f109a..12b18232e04 100644 --- a/oak_functions_containers_app/src/lib.rs +++ b/oak_functions_containers_app/src/lib.rs @@ -55,8 +55,7 @@ pub mod proto { #![allow(clippy::return_self_not_must_use)] tonic::include_proto!("oak.functions"); } - pub use oak_attestation::proto::oak::{attestation, session}; - pub use oak_proto_rust::oak::crypto; + pub use oak_proto_rust::oak::{attestation, crypto, session}; } }