chore: update dependencies

ldclabs · Dec 30, 2024 · a9f2b21 · a9f2b21
1 parent 86f4344
commit a9f2b21
Show file tree

Hide file tree

Showing 9 changed files with 315 additions and 278 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -18,7 +18,7 @@ strip = true
 opt-level = 's'
 
 [workspace.package]
-version = "0.1.3"
+version = "0.2.0"
 edition = "2021"
 repository = "https://github.com/ldclabs/ic-tee"
 keywords = ["tee", "canister", "icp", "nitro"]
@@ -53,9 +53,9 @@ sha3 = "0.10"
 ic-cdk = "0.17"
 ic-stable-structures = "0.6"
 ic-canister-sig-creation = "1.1"
-ic-certification = "2.6"
+ic-certification = "3.0"
 ic-agent = "0.39"
-ic_cose_types = "0.4"
+ic_cose_types = "0.5"
 getrandom = { version = "0.2", features = ["custom"] }
 coset = "0.3"
 x509-parser = { version = "0.16" }
@@ -64,7 +64,7 @@ x25519-dalek = { version = "2", features = ["static_secrets"] }
 rand = "0.8"
 tokio = { version = "1", features = ["full"] }
 tokio-util = "0.7"
-tokio-vsock = "0.6"
+tokio-vsock = "0.7"
 aws-nitro-enclaves-nsm-api = "0.4"
 log = "0.4"
 structured-logger = "1"

diff --git a/src/ic_tee_agent/Cargo.toml b/src/ic_tee_agent/Cargo.toml
@@ -10,7 +10,7 @@ categories.workspace = true
 license.workspace = true
 
 [dependencies]
-ic_tee_cdk = { path = "../ic_tee_cdk", version = "0.1" }
+ic_tee_cdk = { path = "../ic_tee_cdk", version = "0.2" }
 base64 = { workspace = true }
 candid = { workspace = true }
 ed25519-consensus = { workspace = true }

diff --git a/src/ic_tee_cdk/Cargo.toml b/src/ic_tee_cdk/Cargo.toml
@@ -18,3 +18,4 @@ sha3 = { workspace = true }
 ic-canister-sig-creation = { workspace = true }
 
 [dev-dependencies]
+const-hex = { workspace = true }
diff --git a/src/ic_tee_cdk/src/identity.rs b/src/ic_tee_cdk/src/identity.rs
@@ -4,6 +4,8 @@ use serde::{Deserialize, Serialize};
 use serde_bytes::ByteBuf;
 use sha3::{Digest, Sha3_256};
 
+use crate::to_cbor_bytes;
+
 #[derive(CandidType, Clone, Debug, Deserialize, Serialize, Eq, PartialEq)]
 pub struct Delegation {
     pub pubkey: ByteBuf,
@@ -35,24 +37,16 @@ pub struct SignInResponse {
 
 pub fn canister_user_key(
     canister: Principal,
-    kind: &str, // should be "Nitro"
+    kind: &str, // should be "NITRO"
     seed: &[u8],
     sub_seed: Option<&[u8]>,
 ) -> CanisterSigPublicKey {
-    let len = 1 + kind.len() + 32;
-    let mut data = Vec::with_capacity(len);
-    data.push(kind.len() as u8);
-    data.extend_from_slice(kind.to_uppercase().as_bytes());
-    data.resize(len, 0u8);
-
-    let mut hasher = Sha3_256::new();
-    hasher.update(seed);
-    if let Some(seed) = sub_seed {
-        hasher.update(seed);
-    }
-    let (_, buf) = data.split_last_chunk_mut::<32>().unwrap();
-    hasher.finalize_into(buf.into());
-    CanisterSigPublicKey::new(canister, data)
+    let seed = if let Some(sub_seed) = sub_seed {
+        to_cbor_bytes(&(kind, seed, sub_seed))
+    } else {
+        to_cbor_bytes(&(kind, seed))
+    };
+    CanisterSigPublicKey::new(canister, seed)
 }
 
 #[cfg(test)]
@@ -66,19 +60,18 @@ mod tests {
     #[test]
     fn test_canister_user_key() {
         let canister = Principal::from_text("e7tgb-6aaaa-aaaap-akqfa-cai").unwrap();
-        let kind = "Nitro";
-        let seed = [8u8; 48];
+        let kind = "NITRO";
+        let seed = [8u8; 32];
         let user_key = canister_user_key(canister, kind, &seed, None).to_der();
+        println!("{:?}", const_hex::encode(user_key.as_slice()));
         assert!(is_sub(&user_key, canister.as_slice()));
-        assert!(is_sub(&user_key, kind.to_uppercase().as_bytes()));
-        assert!(!is_sub(&user_key, seed.as_slice()));
+        assert!(is_sub(&user_key, kind.as_bytes()));
+        assert!(is_sub(&user_key, seed.as_slice()));
 
-        let user_key2 =
-            canister_user_key(canister, kind, &seed, Some(&[1u8, 2u8, 3u8, 4u8])).to_der();
+        let sub_seed = [1u8, 2u8, 3u8, 4u8];
+        let user_key2 = canister_user_key(canister, kind, &seed, Some(&sub_seed)).to_der();
         assert_ne!(user_key, user_key2);
-
-        let user_key3 =
-            canister_user_key(canister, kind, &seed, Some(&[1u8, 2u8, 3u8, 5u8])).to_der();
-        assert_ne!(user_key2, user_key3);
+        assert!(is_sub(&user_key2, seed.as_slice()));
+        assert!(is_sub(&user_key2, sub_seed.as_slice()));
     }
 }
diff --git a/src/ic_tee_cli/Cargo.toml b/src/ic_tee_cli/Cargo.toml
@@ -23,6 +23,6 @@ anyhow = { workspace = true }
 clap = { version = "=4.5", features = ["derive"] }
 pkcs8 = { version = "0.10", features = ["pem"] }
 ed25519 = { version = "2.2", features = ["pem", "pkcs8"] }
-ic_tee_cdk = { path = "../ic_tee_cdk", version = "0.1" }
-ic_tee_agent = { path = "../ic_tee_agent", version = "0.1" }
-ic_tee_nitro_attestation = { path = "../ic_tee_nitro_attestation", version = "0.1" }
+ic_tee_cdk = { path = "../ic_tee_cdk", version = "0.2" }
+ic_tee_agent = { path = "../ic_tee_agent", version = "0.2" }
+ic_tee_nitro_attestation = { path = "../ic_tee_nitro_attestation", version = "0.2" }
diff --git a/src/ic_tee_identity/Cargo.toml b/src/ic_tee_identity/Cargo.toml
@@ -25,5 +25,5 @@ ic-canister-sig-creation = { workspace = true }
 ic-certification = { workspace = true }
 ic-crypto-standalone-sig-verifier = { workspace = true }
 getrandom = { version = "0.2", features = ["custom"] }
-ic_tee_cdk = { path = "../ic_tee_cdk", version = "0.1" }
-ic_tee_nitro_attestation = { path = "../ic_tee_nitro_attestation", version = "0.1" }
+ic_tee_cdk = { path = "../ic_tee_cdk", version = "0.2" }
+ic_tee_nitro_attestation = { path = "../ic_tee_nitro_attestation", version = "0.2" }
diff --git a/src/ic_tee_nitro_gateway/Cargo.toml b/src/ic_tee_nitro_gateway/Cargo.toml
@@ -26,6 +26,6 @@ structured-logger = { workspace = true }
 hyper-util = { workspace = true }
 ic_cose_types = { workspace = true }
 rustls = { workspace = true, features = ["ring"] }
-ic_tee_cdk = { path = "../ic_tee_cdk", version = "0.1" }
-ic_tee_agent = { path = "../ic_tee_agent", version = "0.1" }
-ic_tee_nitro_attestation = { path = "../ic_tee_nitro_attestation", version = "0.1" }
+ic_tee_cdk = { path = "../ic_tee_cdk", version = "0.2" }
+ic_tee_agent = { path = "../ic_tee_agent", version = "0.2" }
+ic_tee_nitro_attestation = { path = "../ic_tee_nitro_attestation", version = "0.2" }
diff --git a/src/ic_tee_nitro_gateway/src/main.rs b/src/ic_tee_nitro_gateway/src/main.rs
@@ -29,7 +29,7 @@ const APP_NAME: &str = env!("CARGO_PKG_NAME");
 const APP_VERSION: &str = env!("CARGO_PKG_VERSION");
 
 static IC_HOST: &str = "https://icp-api.io";
-static TEE_KIND: &str = "Nitro"; // AWS Nitro Enclaves
+static TEE_KIND: &str = "NITRO"; // AWS Nitro Enclaves
 static SETTING_KEY_ID: &str = "id_ed25519";
 static SETTING_KEY_TLS: &str = "tls";
 static COSE_SECRET_PERMANENT_KEY: &str = "v1";
Original file line number	Diff line number	Diff line change
Expand Up		@@ -18,3 +18,4 @@ sha3 = { workspace = true }
		ic-canister-sig-creation = { workspace = true }

		[dev-dependencies]
		const-hex = { workspace = true }