Skip to content

Commit

Permalink
making the measurement module available when crypto_nossl is enabled
Browse files Browse the repository at this point in the history
Signed-off-by: Jakub Doka <[email protected]>
  • Loading branch information
jakubDoka committed Nov 19, 2024
1 parent f892722 commit 5152a83
Show file tree
Hide file tree
Showing 7 changed files with 34 additions and 7 deletions.
2 changes: 1 addition & 1 deletion src/certs/snp/builtin/mod.rs
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: Apache-2.0

/// Interfaces for retrieving builtin ARKs and ASKs for their respective generations.
//! Interfaces for retrieving builtin ARKs and ASKs for their respective generations.
/// Genoa generation.
pub mod genoa;
Expand Down
4 changes: 2 additions & 2 deletions src/certs/snp/ca/mod.rs
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
// SPDX-License-Identifier: Apache-2.0

//! Operations for a Certificate Authority (CA) chain.
#[cfg(feature = "openssl")]
use openssl::x509::X509;

use super::*;

/// Operations for a Certificate Authority (CA) chain.
/// A Certificate Authority (CA) chain.
#[derive(Clone, Debug)]
pub struct Chain {
Expand Down
1 change: 1 addition & 0 deletions src/error.rs
Original file line number Diff line number Diff line change
Expand Up @@ -438,6 +438,7 @@ impl From<SevError> for c_int {

impl std::error::Error for SevError {}

#[allow(clippy::too_long_first_doc_paragraph)]
/// There are a number of error conditions that can occur between this
/// layer all the way down to the SEV platform. Most of these cases have
/// been enumerated; however, there is a possibility that some error
Expand Down
2 changes: 1 addition & 1 deletion src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ pub mod firmware;
pub mod launch;
#[cfg(all(
any(feature = "sev", feature = "snp"),
feature = "openssl",
any(feature = "openssl", feature = "crypto_nossl"),
target_os = "linux"
))]
pub mod measurement;
Expand Down
9 changes: 9 additions & 0 deletions src/measurement/gctx.rs
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
//! Operations to handle and create a Guest Context
use std::convert::TryInto;

#[cfg(feature = "openssl")]
use openssl::sha::sha384;

use crate::error::*;
Expand All @@ -12,6 +13,14 @@ use crate::{
measurement::snp::{SnpLaunchDigest, LD_BYTES},
};

#[cfg(not(feature = "openssl"))]
fn sha384(data: &[u8]) -> [u8; 48] {
use sha2::Digest;
let mut sha = sha2::Sha384::default();
sha.update(data);
sha.finalize().into()
}

// VMSA page is recorded in the RMP table with GPA (u64)(-1).
// However, the address is page-aligned, and also all the bits above
// 51 are cleared.
Expand Down
13 changes: 10 additions & 3 deletions src/measurement/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,11 @@
//! Everything one needs to calculate a launch measurement for a SEV encrypted confidential guest.
//! This includes, GCTX, SEV-HASHES, VMSA and OVMF pages.
#[cfg(all(target_os = "linux", feature = "snp", feature = "openssl"))]
#[cfg(all(
target_os = "linux",
feature = "snp",
any(feature = "openssl", feature = "crypto_nossl")
))]
pub mod gctx;

#[cfg(any(feature = "sev", feature = "snp"))]
Expand All @@ -12,13 +16,16 @@ pub mod ovmf;
#[cfg(any(feature = "sev", feature = "snp"))]
pub mod vmsa;

#[cfg(all(any(feature = "sev", feature = "snp"), feature = "openssl"))]
#[cfg(all(
any(feature = "sev", feature = "snp"),
any(feature = "openssl", feature = "crypto_nossl")
))]
pub mod sev_hashes;

#[cfg(any(feature = "sev", feature = "snp"))]
pub mod vcpu_types;

#[cfg(all(feature = "snp", feature = "openssl"))]
#[cfg(all(feature = "snp", any(feature = "openssl", feature = "crypto_nossl")))]
pub mod snp;

#[cfg(all(feature = "sev", feature = "openssl"))]
Expand Down
10 changes: 10 additions & 0 deletions src/measurement/sev_hashes.rs
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
// SPDX-License-Identifier: Apache-2.0

//! Operations to handle OVMF SEV-HASHES
#[cfg(feature = "openssl")]
use openssl::sha::sha256;

use serde::Serialize;
use std::fs::File;
use std::{
Expand All @@ -18,6 +20,14 @@ use crate::error::*;

type Sha256Hash = [u8; 32];

#[cfg(not(feature = "openssl"))]
fn sha256(data: &[u8]) -> Sha256Hash {
use sha2::Digest as _;
let mut sha = sha2::Sha256::default();
sha.update(data);
sha.finalize().into()
}

/// GUID stored as little endian
#[derive(Debug, Clone, Copy, Serialize, Default)]
struct GuidLe {
Expand Down

0 comments on commit 5152a83

Please sign in to comment.