TQ opertaions

Cargo.toml

@@ -37,6 +37,7 @@ serde_with = { version = "3.6", default-features = false }
 serialport = { git = "https://github.com/jgallagher/serialport-rs", branch = "illumos-support" }
 sha2 = "0.10"
 sha3 = { version = "0.10", default-features = false }
+static_assertions = { version = "1", default-features = false }
 string-error = "0.1"
 tempfile = { version = "3", default-features = false }
 thiserror = "1.0.57"

attest-data/Cargo.toml

@@ -11,6 +11,7 @@ salty.workspace = true
 serde = { workspace = true, features = ["derive"] }
 serde_with = { workspace = true, features = ["macros"] }
 sha3.workspace = true
+static_assertions.workspace = true
 
 [features]
 std = ["getrandom", "thiserror"]

attest-data/src/messages.rs

@@ -2,18 +2,24 @@
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at https://mozilla.org/MPL/2.0/.
 
-use crate::NONCE_SIZE;
+use crate::{SHA3_256_DIGEST_SIZE, NONCE_SIZE};
 use hubpack::SerializedSize;
 use serde::{de::DeserializeOwned, Deserialize, Serialize};
-
+use crate::Ed25519Signature;
 use hubpack::error::Error as HubpackError;
 
 /// Magic value for [`Header::magic`]
 pub const ATTEST_MAGIC: u32 = 0xA77E5700;
 
-/// Right now `Attest` is the only command that takes data (nonce)
+/// Right now `Attest` and `TqSign` are the only commands that take data
+/// argumenets. They happen to be the same length but to be extra cautious
+/// add a static assertion.
 pub const MAX_DATA_LEN: usize = NONCE_SIZE;
 
+static_assertions::const_assert!(
+    SHA3_256_DIGEST_SIZE == NONCE_SIZE
+);
+
 pub const MAX_REQUEST_SIZE: usize =
     HostRotHeader::MAX_SIZE + HostToRotCommand::MAX_SIZE + MAX_DATA_LEN;
 
@@ -49,13 +55,17 @@ impl HostRotHeader {
 )]
 #[repr(u32)]
 pub enum HostToRotCommand {
-    /// Returns the certificate chain associated with the RoT
+    /// Returns the certificate chain associated with the RoT-M
     GetCertificates,
     /// Returns the measurement log
     GetMeasurementLog,
     /// Calculates sign(sha3_256(hubpack(measurement_log) | nonce))
     /// and returns the result.
     Attest,
+    /// Returns the certificate chain associated with TQ
+    GetTqCertificates,
+    /// Signs a sha3_256 message with the TQ key
+    TqSign,
 }
 
 #[derive(Debug, Clone, Copy, PartialEq, Eq, Deserialize, Serialize)]
@@ -149,6 +159,8 @@ pub enum RotToHost {
     RotCertificates,
     RotMeasurementLog,
     RotAttestation,
+    RotTqCertificates,
+    RotTqSign,
 }
 
 impl From<SprotError> for RotToHost {
@@ -183,7 +195,8 @@ pub fn parse_message(
     match command {
         // These commands don't take data
         HostToRotCommand::GetCertificates
-        | HostToRotCommand::GetMeasurementLog => {
+        | HostToRotCommand::GetMeasurementLog
+        | HostToRotCommand::GetTqCertificates => {
             if !leftover.is_empty() {
                 return Err(HostToRotError::IncorrectDataLen);
             }
@@ -193,6 +206,11 @@ pub fn parse_message(
                 return Err(HostToRotError::IncorrectDataLen);
             }
         }
+        HostToRotCommand::TqSign => {
+            if leftover.len() != Ed25519Signature::LENGTH {
+                return Err(HostToRotError::IncorrectDataLen);
+            }
+        }
     }
 
     Ok((command, leftover))
@@ -283,6 +301,8 @@ where
     raw_serialize(out, &header, command, |buf| Ok(fill_data(buf)))
 }
 
+
+
 #[cfg(test)]
 mod tests {
     use super::*;