Update to the new EndorsementReferenceValue fields.

The new fields allow claim verification and support key rotation -- and the old fields are in the process of being removed. A test ensures that the updated reference values continue to accept the current ledger endorsements. Also update to the latest Oak version (and TCP version for compatibility) to guarantee that the attestation verification library fully supports the new reference value fields. Bug: 379268663 Change-Id: Id9feb6cf95fb6d9e9548b74cf0b6b357966609b3
google-parfait · Nov 22, 2024 · 07c6121 · 07c6121
1 parent faeb5a1
commit 07c6121
Show file tree

Hide file tree

Showing 7 changed files with 591 additions and 84 deletions.
diff --git a/Cargo.bazel.lock b/Cargo.bazel.lock
@@ -90,6 +90,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e89da841a80418a9b391ebaea17f5c112ffaaa96f621d2c285b5174da76b9011"
 dependencies = [
  "cfg-if",
+ "getrandom",
  "once_cell",
  "version_check",
  "zerocopy",
@@ -475,6 +476,12 @@ version = "3.16.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c"
 
+[[package]]
+name = "bytemuck"
+version = "1.20.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8b37c88a63ffd85d15b406896cc343916d7cf57838a847b3a6f2ca5d39a5695a"
+
 [[package]]
 name = "byteorder"
 version = "1.5.0"
@@ -2138,6 +2145,24 @@ version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8e04e2fd2b8188ea827b32ef11de88377086d690286ab35747ef7f9bf3ccb590"
 
+[[package]]
+name = "inferno"
+version = "0.11.21"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "232929e1d75fe899576a3d5c7416ad0d88dbfbb3c3d6aa00873a7408a50ddb88"
+dependencies = [
+ "ahash",
+ "indexmap 2.2.6",
+ "is-terminal",
+ "itoa",
+ "log",
+ "num-format",
+ "once_cell",
+ "quick-xml",
+ "rgb",
+ "str_stack",
+]
+
 [[package]]
 name = "inout"
 version = "0.1.3"
@@ -2594,6 +2619,16 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"
 
+[[package]]
+name = "num-format"
+version = "0.4.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a652d9771a63711fd3c3deb670acfbe5c30a4072e664d7a3bf5a9e1056ac72c3"
+dependencies = [
+ "arrayvec",
+ "itoa",
+]
+
 [[package]]
 name = "num-integer"
 version = "0.1.46"
@@ -3039,7 +3074,9 @@ checksum = "ef5c97c51bd34c7e742402e216abdeb44d415fbe6ae41d56b114723e953711cb"
 dependencies = [
  "backtrace",
  "cfg-if",
+ "criterion",
  "findshlibs",
+ "inferno",
  "libc",
  "log",
  "nix 0.26.4",
@@ -3265,6 +3302,15 @@ dependencies = [
  "cc",
 ]
 
+[[package]]
+name = "quick-xml"
+version = "0.26.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7f50b1c63b38611e7d4d7f68b82d3ad0cc71a2ad2e7f61fc10f1328d917c93cd"
+dependencies = [
+ "memchr",
+]
+
 [[package]]
 name = "quote"
 version = "1.0.36"
@@ -3432,6 +3478,15 @@ dependencies = [
  "subtle",
 ]
 
+[[package]]
+name = "rgb"
+version = "0.8.50"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "57397d16646700483b67d2dd6511d79318f9d057fdbd21a4066aeac8b41d310a"
+dependencies = [
+ "bytemuck",
+]
+
 [[package]]
 name = "rle-decode-fast"
 version = "1.0.3"
@@ -3848,6 +3903,12 @@ dependencies = [
  "thread_local",
 ]
 
+[[package]]
+name = "str_stack"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9091b6114800a5f2141aee1d1b9d6ca3592ac062dc5decb3764ec5895a47b4eb"
+
 [[package]]
 name = "strsim"
 version = "0.11.1"

diff --git a/WORKSPACE b/WORKSPACE
@@ -199,9 +199,9 @@ http_archive(
 
 http_archive(
     name = "trusted_computations_platform",
-    sha256 = "f2e8a746330a0c121946665e97332650e8d26cbbfa030dc1153d7ed8dc755bf1",
-    strip_prefix = "trusted-computations-platform-2f372942c00db9ee31071edd6dff5dd4b3d4e6a6",
-    url = "https://github.com/google-parfait/trusted-computations-platform/archive/2f372942c00db9ee31071edd6dff5dd4b3d4e6a6.tar.gz",
+    sha256 = "7f422a8757689a27eb501ac1175aa19a7afb96c457624b26f9a1db4e6a77184d",
+    strip_prefix = "trusted-computations-platform-ace482e306fddfd0b14ea583b1bd3a90ad523744",
+    url = "https://github.com/google-parfait/trusted-computations-platform/archive/ace482e306fddfd0b14ea583b1bd3a90ad523744.tar.gz",
 )
 
 http_archive(
@@ -221,9 +221,9 @@ git_repository(
 
 http_archive(
     name = "oak",
-    sha256 = "4e2a153133fa137dcd15eb83b12519e67c5f7ee525498c7b59bbbc44132e1de6",
-    strip_prefix = "oak-9ca339c91f6ea8ad5d01cbf738620537dab643d5",
-    url = "https://github.com/project-oak/oak/archive/9ca339c91f6ea8ad5d01cbf738620537dab643d5.tar.gz",
+    sha256 = "d62f13a3ea3cb1e3eca2586d88545432b2d1131855704faa204d1e8f1827005f",
+    strip_prefix = "oak-14292b1ad1e22cfcbefcd68a7ac4dcc4711fe242",
+    url = "https://github.com/project-oak/oak/archive/14292b1ad1e22cfcbefcd68a7ac4dcc4711fe242.tar.gz",
 )
 
 load("@oak//bazel:repositories.bzl", "oak_toolchain_repositories")