diff --git a/Cargo.lock b/Cargo.lock index 189cb27ba..c4a8cf10a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -107,9 +107,9 @@ dependencies = [ [[package]] name = "anstyle" -version = "1.0.7" +version = "1.0.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "038dfcf04a5feb68e9c60b21c9625a54c2c0616e79b72b0fd87075a056ae1d1b" +checksum = "5192cca8006f1fd4f7237516f40fa183bb07f8fbdfedaa0036de5ea9b0b45e78" [[package]] name = "anstyle-parse" @@ -256,6 +256,25 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "attest-data" +version = "0.5.0" +source = "git+https://github.com/oxidecomputer/dice-util#ff9f27aa0d6ef6fb64c349890b6e3c242ea3d8fc" +dependencies = [ + "const-oid", + "der", + "getrandom 0.3.4", + "hex", + "hubpack", + "rats-corim", + "salty", + "serde", + "serde_with", + "sha3", + "static_assertions", + "thiserror 2.0.18", +] + [[package]] name = "atty" version = "0.2.14" @@ -326,6 +345,12 @@ dependencies = [ "rustc-demangle", ] +[[package]] +name = "base16ct" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" + [[package]] name = "base64" version = "0.21.7" @@ -532,6 +557,15 @@ dependencies = [ "generic-array", ] +[[package]] +name = "block2" +version = "0.6.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cdeb9d870516001442e364c5220d3574d2da8dc765554b4a617230d33fa58ef5" +dependencies = [ + "objc2", +] + [[package]] name = "bstr" version = "1.9.1" @@ -672,15 +706,9 @@ dependencies = [ [[package]] name = "cfg-if" -version = "1.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" - -[[package]] -name = "cfg_aliases" -version = "0.1.1" +version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fd16c4719339c4530435d38e511904438d07cce7950afa3718a84ac36c10e89e" +checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801" [[package]] name = "cfg_aliases" @@ -713,6 +741,33 @@ dependencies = [ "serde", ] +[[package]] +name = "ciborium" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42e69ffd6f0917f5c029256a24d0161db17cea3997d185db0d35926308770f0e" +dependencies = [ + "ciborium-io", + "ciborium-ll", + "serde", +] + +[[package]] +name = "ciborium-io" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "05afea1e0a06c9be33d539b876f1ce3692f4afea2cb41f740e7743225ed1c757" + +[[package]] +name = "ciborium-ll" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57663b653d948a338bfb3eeba9bb2fd5fcfaecb9e199e87e1eda4d9e8b240fd9" +dependencies = [ + "ciborium-io", + "half", +] + [[package]] name = "cipher" version = "0.4.4" @@ -736,32 +791,43 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.4" +version = "4.5.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90bc066a67923782aa8515dbaea16946c5bcc5addbd668bb80af688e53e548a0" +checksum = "2797f34da339ce31042b27d23607e051786132987f595b02ba4f6a6dffb7030a" dependencies = [ "clap_builder", "clap_derive", ] +[[package]] +name = "clap-verbosity" +version = "2.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d7bf75a8e0407a558bd7e8e7919baa352e21fb0c1c7702a63c853f2277c4c63" +dependencies = [ + "clap", + "log", + "serde", +] + [[package]] name = "clap_builder" -version = "4.5.2" +version = "4.5.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae129e2e766ae0ec03484e609954119f123cc1fe650337e155d03b022f24f7b4" +checksum = "24a241312cea5059b13574bb9b3861cabf758b879c15190b37b6d6fd63ab6876" dependencies = [ "anstream", "anstyle", "clap_lex", "strsim 0.11.1", - "terminal_size 0.3.0", + "terminal_size", ] [[package]] name = "clap_derive" -version = "4.5.4" +version = "4.5.55" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "528131438037fd55894f62d6e9f068b8f45ac57ffa77517819645d10aed04f64" +checksum = "a92793da1a46a5f2a02a6f4c46c6496b28c43638adea8306fcb0caa1634f24e5" dependencies = [ "heck 0.5.0", "proc-macro2", @@ -771,9 +837,9 @@ dependencies = [ [[package]] name = "clap_lex" -version = "0.7.0" +version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "98cc8fbded0c607b7ba9dd60cd98df59af97e84d24e49c8557331cfc26d301ce" +checksum = "3a822ea5bc7590f9d40f1ba12c0dc3c2760f3482c6984db1573ad11031420831" [[package]] name = "clickhouse-admin-types" @@ -791,7 +857,7 @@ dependencies = [ "itertools 0.14.0", "omicron-common", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -806,7 +872,7 @@ dependencies = [ "camino", "clap", "derive_more", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "thiserror 1.0.64", @@ -837,7 +903,7 @@ dependencies = [ "csv", "omicron-common", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "thiserror 2.0.18", ] @@ -880,6 +946,12 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "const-oid" +version = "0.9.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" + [[package]] name = "const_format" version = "0.2.35" @@ -1064,7 +1136,7 @@ dependencies = [ "rayon", "reqwest 0.12.23", "ringbuffer", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_json", @@ -1090,7 +1162,7 @@ source = "git+https://github.com/oxidecomputer/crucible?rev=7103cd3a3d7b0112d294 dependencies = [ "base64 0.22.1", "crucible-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "uuid", @@ -1107,7 +1179,7 @@ dependencies = [ "dropshot", "nix 0.29.0", "rustls-pemfile 1.0.4", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -1137,7 +1209,7 @@ dependencies = [ "crucible-common", "crucible-workspace-hack", "num_enum 0.7.4", - "schemars", + "schemars 0.8.22", "serde", "strum 0.27.2", "strum_macros 0.27.2", @@ -1164,6 +1236,24 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fbd293370c6cb9c334123675263de33fc9e53bbdfc8bdd5e329237cf0205fdc7" +[[package]] +name = "crunchy" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "460fbee9c2c2f33933d720630a6a0bac33ba7053db5344fac858d4b8952d77d5" + +[[package]] +name = "crypto-bigint" +version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76" +dependencies = [ + "generic-array", + "rand_core 0.6.4", + "subtle", + "zeroize", +] + [[package]] name = "crypto-common" version = "0.1.6" @@ -1227,12 +1317,40 @@ dependencies = [ [[package]] name = "ctrlc" -version = "3.4.4" +version = "3.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "672465ae37dc1bc6380a6547a8883d5dd397b0f1faaad4f265726cc7042a5345" +checksum = "e0b1fab2ae45819af2d0731d60f2afe17227ebb1a1538a236da84c93e9a60162" dependencies = [ - "nix 0.28.0", - "windows-sys 0.52.0", + "dispatch2", + "nix 0.31.1", + "windows-sys 0.61.2", +] + +[[package]] +name = "curve25519-dalek" +version = "4.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be" +dependencies = [ + "cfg-if", + "cpufeatures", + "curve25519-dalek-derive", + "digest 0.10.7", + "fiat-crypto", + "rustc_version 0.4.1", + "subtle", + "zeroize", +] + +[[package]] +name = "curve25519-dalek-derive" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", ] [[package]] @@ -1379,6 +1497,30 @@ version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5729f5117e208430e437df2f4843f5e5952997175992d1414f94c57d61e270b4" +[[package]] +name = "der" +version = "0.7.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb" +dependencies = [ + "const-oid", + "der_derive", + "flagset", + "pem-rfc7468", + "zeroize", +] + +[[package]] +name = "der_derive" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8034092389675178f570469e6c3b0465d3d30b4505c294a6550db47f3c17ad18" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + [[package]] name = "deranged" version = "0.5.3" @@ -1386,6 +1528,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d630bccd429a5bb5a64b5e94f693bfc48c9f8566418fda4c494cc94f911f87cc" dependencies = [ "powerfmt", + "serde", ] [[package]] @@ -1455,6 +1598,28 @@ dependencies = [ "syn 2.0.117", ] +[[package]] +name = "dice-verifier" +version = "0.3.0-pre0" +source = "git+https://github.com/oxidecomputer/dice-util#ff9f27aa0d6ef6fb64c349890b6e3c242ea3d8fc" +dependencies = [ + "attest-data", + "const-oid", + "ed25519-dalek", + "env_logger", + "hex", + "hubpack", + "libipcc", + "log", + "p384", + "rats-corim", + "sha3", + "slog", + "tempfile", + "thiserror 2.0.18", + "x509-cert", +] + [[package]] name = "digest" version = "0.9.0" @@ -1471,6 +1636,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" dependencies = [ "block-buffer 0.10.4", + "const-oid", "crypto-common", "subtle", ] @@ -1495,6 +1661,18 @@ dependencies = [ "winapi", ] +[[package]] +name = "dispatch2" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e0e367e4e7da84520dedcac1901e4da967309406d1e51017ae1abfb97adbd38" +dependencies = [ + "bitflags 2.9.4", + "block2", + "libc", + "objc2", +] + [[package]] name = "displaydoc" version = "0.2.5" @@ -1580,7 +1758,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a9ba64b39d5fd68e09169e63c8e82b7a50c9b6082f2c44f52db2a11e3b9d7dd4" dependencies = [ "anyhow", - "indexmap", + "indexmap 2.13.0", "openapiv3", "regex", "serde", @@ -1608,14 +1786,14 @@ dependencies = [ "http-body-util", "hyper", "hyper-util", - "indexmap", + "indexmap 2.13.0", "multer", "openapiv3", "paste", "percent-encoding", "rustls 0.22.4", "rustls-pemfile 2.2.0", - "schemars", + "schemars 0.8.22", "scopeguard", "semver 1.0.27", "serde", @@ -1733,12 +1911,71 @@ version = "1.0.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0d6ef0072f8a535281e4876be788938b528e9a1d43900b82c2569af7da799125" +[[package]] +name = "ecdsa" +version = "0.16.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" +dependencies = [ + "der", + "digest 0.10.7", + "elliptic-curve", + "rfc6979", + "signature", + "spki", +] + +[[package]] +name = "ed25519" +version = "2.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "115531babc129696a58c64a4fef0a8bf9e9698629fb97e9e40767d235cfbcd53" +dependencies = [ + "pkcs8", + "signature", +] + +[[package]] +name = "ed25519-dalek" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "70e796c081cee67dc755e1a36a0a172b897fab85fc3f6bc48307991f64e4eca9" +dependencies = [ + "curve25519-dalek", + "ed25519", + "serde", + "sha2 0.10.9", + "subtle", + "zeroize", +] + [[package]] name = "either" version = "1.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" +[[package]] +name = "elliptic-curve" +version = "0.13.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" +dependencies = [ + "base16ct", + "crypto-bigint", + "digest 0.10.7", + "ff", + "generic-array", + "group", + "hkdf", + "pem-rfc7468", + "pkcs8", + "rand_core 0.6.4", + "sec1", + "subtle", + "zeroize", +] + [[package]] name = "embedded-io" version = "0.4.0" @@ -1778,6 +2015,29 @@ dependencies = [ "syn 2.0.117", ] +[[package]] +name = "env_filter" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a1c3cc8e57274ec99de65301228b537f1e4eedc1b8e0f9411c6caac8ae7308f" +dependencies = [ + "log", + "regex", +] + +[[package]] +name = "env_logger" +version = "0.11.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2daee4ea451f429a58296525ddf28b45a3b64f1acf6587e2067437bb11e218d" +dependencies = [ + "anstream", + "anstyle", + "env_filter", + "jiff", + "log", +] + [[package]] name = "equivalent" version = "1.0.2" @@ -1811,7 +2071,7 @@ dependencies = [ "dropshot", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "thiserror 2.0.18", @@ -1911,6 +2171,22 @@ dependencies = [ "simd-adler32", ] +[[package]] +name = "ff" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c0b50bfb653653f9ca9095b427bed08ab8d75a137839d9ad64eb11810d5b6393" +dependencies = [ + "rand_core 0.6.4", + "subtle", +] + +[[package]] +name = "fiat-crypto" +version = "0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" + [[package]] name = "filedescriptor" version = "0.8.2" @@ -1952,6 +2228,12 @@ version = "0.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1d674e81391d1e1ab681a28d99df07927c6d4aa5b027d7da16ba32d1d21ecd99" +[[package]] +name = "flagset" +version = "0.4.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7ac824320a75a52197e8f2d787f6a38b6718bb6897a35142d749af3c0e8f4fe" + [[package]] name = "flate2" version = "1.0.30" @@ -2169,7 +2451,7 @@ dependencies = [ "progenitor 0.10.0", "rand 0.9.2", "reqwest 0.12.23", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -2207,7 +2489,7 @@ dependencies = [ "omicron-common", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "thiserror 2.0.18", "tufaceous-artifact", @@ -2236,6 +2518,7 @@ checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" dependencies = [ "typenum", "version_check", + "zeroize", ] [[package]] @@ -2267,21 +2550,21 @@ dependencies = [ "cfg-if", "js-sys", "libc", - "wasi 0.11.0+wasi-snapshot-preview1", + "wasi", "wasm-bindgen", ] [[package]] name = "getrandom" -version = "0.3.2" +version = "0.3.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "73fea8450eea4bac3940448fb7ae50d91f034f941199fcd9d909a5a07aa455f0" +checksum = "899def5c37c4fd7b2664648c28120ecec138e4d395b459e5ca34f9cce2dd77fd" dependencies = [ "cfg-if", "js-sys", "libc", "r-efi", - "wasi 0.14.2+wasi-0.2.4", + "wasip2", "wasm-bindgen", ] @@ -2369,6 +2652,17 @@ dependencies = [ "scroll 0.13.0", ] +[[package]] +name = "group" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" +dependencies = [ + "ff", + "rand_core 0.6.4", + "subtle", +] + [[package]] name = "h2" version = "0.4.6" @@ -2381,13 +2675,24 @@ dependencies = [ "futures-core", "futures-sink", "http", - "indexmap", + "indexmap 2.13.0", "slab", "tokio", "tokio-util", "tracing", ] +[[package]] +name = "half" +version = "2.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ea2d84b969582b4b1864a92dc5d27cd2b77b622a8d79306834f1be5ba20d84b" +dependencies = [ + "cfg-if", + "crunchy", + "zerocopy 0.8.27", +] + [[package]] name = "hash32" version = "0.3.1" @@ -2397,6 +2702,12 @@ dependencies = [ "byteorder", ] +[[package]] +name = "hashbrown" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" + [[package]] name = "hashbrown" version = "0.15.2" @@ -2560,6 +2871,24 @@ version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9040319a6910b901d5d49cbada4a99db52836a1b63228a05f7e2b7f8feef89b1" +[[package]] +name = "hkdf" +version = "0.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7" +dependencies = [ + "hmac", +] + +[[package]] +name = "hmac" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +dependencies = [ + "digest 0.10.7", +] + [[package]] name = "home" version = "0.5.11" @@ -2897,7 +3226,7 @@ dependencies = [ "daft", "derive-where", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", ] @@ -2914,7 +3243,7 @@ dependencies = [ "hashbrown 0.16.1", "ref-cast", "rustc-hash 2.1.1", - "schemars", + "schemars 0.8.22", "serde_core", "serde_json", ] @@ -2982,7 +3311,7 @@ dependencies = [ "oxide-vpc", "oxlog", "oxnet", - "schemars", + "schemars 0.8.22", "serde", "slog", "slog-error-chain", @@ -3012,6 +3341,17 @@ version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0cfe9645a18782869361d9c8732246be7b410ad4e919d3609ebabdac00ba12c3" +[[package]] +name = "indexmap" +version = "1.9.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99" +dependencies = [ + "autocfg", + "hashbrown 0.12.3", + "serde", +] + [[package]] name = "indexmap" version = "2.13.0" @@ -3109,7 +3449,7 @@ dependencies = [ "omicron-common", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", ] @@ -3137,7 +3477,7 @@ version = "0.21.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cf370abdafd54d13e54a620e8c3e1145f28e46cc9d704bc6d94414559df41763" dependencies = [ - "schemars", + "schemars 0.8.22", "serde", ] @@ -3297,6 +3637,15 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "keccak" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb26cec98cce3a3d96cbb7bced3c4b16e3d13f27ec56dbd62cbc8f39cfb9d653" +dependencies = [ + "cpufeatures", +] + [[package]] name = "kstat-macro" version = "0.1.0" @@ -3362,6 +3711,16 @@ dependencies = [ "pkg-config", ] +[[package]] +name = "libipcc" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/ipcc-rs?rev=7cdf2ab9c8d9e9267a8b366aa780c6c26f9a5ecf#7cdf2ab9c8d9e9267a8b366aa780c6c26f9a5ecf" +dependencies = [ + "cfg-if", + "libc", + "thiserror 1.0.64", +] + [[package]] name = "libloading" version = "0.7.4" @@ -3625,7 +3984,7 @@ dependencies = [ "percent-encoding", "progenitor 0.11.1", "reqwest 0.12.23", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -3661,7 +4020,7 @@ checksum = "80e04d1dcff3aae0704555fe5fee3bcfaf3d1fdf8a7e521d5b9d2b42acb52cec" dependencies = [ "hermit-abi 0.3.9", "libc", - "wasi 0.11.0+wasi-snapshot-preview1", + "wasi", "windows-sys 0.52.0", ] @@ -3761,7 +4120,7 @@ version = "1.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "74d1216f62e63be5fb25a9ecd1e2b37b1556a9b8c02f4831770f5d01df85c226" dependencies = [ - "schemars", + "schemars 0.8.22", "serde", "serde_json", "uuid", @@ -3808,7 +4167,7 @@ dependencies = [ "progenitor 0.10.0", "regress", "reqwest 0.12.23", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -3831,7 +4190,7 @@ dependencies = [ "omicron-passwords", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "sled-hardware-types", @@ -3884,7 +4243,7 @@ dependencies = [ "oxql-types", "parse-display", "regex", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_json", @@ -3919,18 +4278,6 @@ dependencies = [ "memoffset", ] -[[package]] -name = "nix" -version = "0.28.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ab2156c4fce2f8df6c499cc1c763e4394b7482525bf2a9701c9d79d215f519e4" -dependencies = [ - "bitflags 2.9.4", - "cfg-if", - "cfg_aliases 0.1.1", - "libc", -] - [[package]] name = "nix" version = "0.29.0" @@ -3939,7 +4286,7 @@ checksum = "71e2746dc3a24dd78b3cfcb7be93368c6de9963d30f43a6a73998a9cf4b17b46" dependencies = [ "bitflags 2.9.4", "cfg-if", - "cfg_aliases 0.2.1", + "cfg_aliases", "libc", ] @@ -3951,7 +4298,7 @@ checksum = "225e7cfe711e0ba79a68baeddb2982723e4235247aefce1482f2f16c27865b66" dependencies = [ "bitflags 2.9.4", "cfg-if", - "cfg_aliases 0.2.1", + "cfg_aliases", "libc", ] @@ -4172,6 +4519,21 @@ dependencies = [ "libc", ] +[[package]] +name = "objc2" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3a12a8ed07aefc768292f076dc3ac8c48f3781c8f2d5851dd3d98950e8c5a89f" +dependencies = [ + "objc2-encode", +] + +[[package]] +name = "objc2-encode" +version = "4.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ef25abbcd74fb2609453eb695bd2f860d389e457f67dc17cafc8b8cbc89d0c33" + [[package]] name = "object" version = "0.32.2" @@ -4222,7 +4584,7 @@ dependencies = [ "rand 0.9.2", "regress", "reqwest 0.12.23", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_human_bytes", @@ -4245,7 +4607,7 @@ dependencies = [ "argon2", "omicron-workspace-hack", "rand 0.9.2", - "schemars", + "schemars 0.8.22", "secrecy", "serde", "serde_with", @@ -4261,7 +4623,7 @@ dependencies = [ "newtype-uuid", "newtype-uuid-macros", "paste", - "schemars", + "schemars 0.8.22", ] [[package]] @@ -4324,7 +4686,7 @@ version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5c8d427828b22ae1fff2833a03d8486c2c881367f1c336349f307f321e7f4d05" dependencies = [ - "indexmap", + "indexmap 2.13.0", "serde", "serde_json", ] @@ -4525,7 +4887,7 @@ dependencies = [ "gethostname 0.5.0", "highway", "iana-time-zone", - "indexmap", + "indexmap 2.13.0", "libc", "nom 7.1.3", "num", @@ -4539,7 +4901,7 @@ dependencies = [ "quote", "regex", "reqwest 0.12.23", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -4598,7 +4960,7 @@ dependencies = [ "omicron-common", "omicron-workspace-hack", "oximeter", - "schemars", + "schemars 0.8.22", "serde", "slog", "slog-dtrace", @@ -4621,7 +4983,7 @@ dependencies = [ "prettyplease", "proc-macro2", "quote", - "schemars", + "schemars 0.8.22", "serde", "slog-error-chain", "syn 2.0.117", @@ -4654,7 +5016,7 @@ dependencies = [ "omicron-workspace-hack", "parse-display", "regex", - "schemars", + "schemars 0.8.22", "serde", "strum 0.27.2", "thiserror 2.0.18", @@ -4685,7 +5047,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8200429754152e6379fbb1dd06eea90156c3b67591f6e31d08e787d010ef0168" dependencies = [ "ipnetwork", - "schemars", + "schemars 0.8.22", "serde", "serde_json", ] @@ -4701,12 +5063,24 @@ dependencies = [ "num", "omicron-workspace-hack", "oximeter-types", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "uuid", ] +[[package]] +name = "p384" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fe42f1670a52a47d448f14b6a5c61dd78fce51856e68edaa38f7ae3a46b8d6b6" +dependencies = [ + "ecdsa", + "elliptic-curve", + "primeorder", + "sha2 0.10.9", +] + [[package]] name = "p4rs" version = "0.1.0" @@ -4829,6 +5203,15 @@ dependencies = [ "serde", ] +[[package]] +name = "pem-rfc7468" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412" +dependencies = [ + "base64ct", +] + [[package]] name = "percent-encoding" version = "2.3.2" @@ -4885,7 +5268,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b4c5cc86750666a3ed20bdaf5ca2a0344f9c67674cae0515bec2da16fbaa47db" dependencies = [ "fixedbitset 0.4.2", - "indexmap", + "indexmap 2.13.0", "serde", "serde_derive", ] @@ -4898,7 +5281,7 @@ checksum = "8701b58ea97060d5e5b155d383a69952a60943f0e6dfe30b04c287beb0b27455" dependencies = [ "fixedbitset 0.5.7", "hashbrown 0.15.2", - "indexmap", + "indexmap 2.13.0", "serde", ] @@ -5135,6 +5518,16 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" +[[package]] +name = "pkcs8" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" +dependencies = [ + "der", + "spki", +] + [[package]] name = "pkg-config" version = "0.3.30" @@ -5259,6 +5652,15 @@ dependencies = [ "syn 2.0.117", ] +[[package]] +name = "primeorder" +version = "0.13.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "353e1ca18966c16d9deb1c69278edbc5f194139612772bd9537af60ac231e1e6" +dependencies = [ + "elliptic-curve", +] + [[package]] name = "proc-macro-crate" version = "1.3.1" @@ -5388,12 +5790,12 @@ checksum = "b17e5363daa50bf1cccfade6b0fb970d2278758fd5cfa9ab69f25028e4b1afa3" dependencies = [ "heck 0.5.0", "http", - "indexmap", + "indexmap 2.13.0", "openapiv3", "proc-macro2", "quote", "regex", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "syn 2.0.117", @@ -5410,12 +5812,12 @@ checksum = "8276d558f1dfd4cc7fc4cceee0a51dab482b5a4be2e69e7eab8c57fbfb1472f4" dependencies = [ "heck 0.5.0", "http", - "indexmap", + "indexmap 2.13.0", "openapiv3", "proc-macro2", "quote", "regex", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "syn 2.0.117", @@ -5432,12 +5834,12 @@ checksum = "de362a0477182f45accdbad4d43cd89a95a1db0a518a7c1ddf3e525e6896f0f0" dependencies = [ "heck 0.5.0", "http", - "indexmap", + "indexmap 2.13.0", "openapiv3", "proc-macro2", "quote", "regex", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "syn 2.0.117", @@ -5456,7 +5858,7 @@ dependencies = [ "proc-macro2", "progenitor-impl 0.10.0", "quote", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "serde_tokenstream", @@ -5474,7 +5876,7 @@ dependencies = [ "proc-macro2", "progenitor-impl 0.11.1", "quote", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "serde_tokenstream", @@ -5492,7 +5894,7 @@ dependencies = [ "proc-macro2", "progenitor-impl 0.13.0", "quote", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "serde_tokenstream", @@ -5558,7 +5960,7 @@ version = "0.0.0" dependencies = [ "crucible-client-types", "propolis_types", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "thiserror 1.0.64", @@ -5602,7 +6004,7 @@ dependencies = [ "propolis-api-types-versions", "rand 0.9.2", "reqwest 0.13.2", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -5655,7 +6057,7 @@ dependencies = [ "propolis_types", "rand 0.9.2", "reqwest 0.13.2", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_json", @@ -5728,7 +6130,7 @@ dependencies = [ "rgb_frame", "ring", "ron", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_derive", @@ -5770,6 +6172,7 @@ dependencies = [ "cpuid_utils", "crucible-client-types", "ctrlc", + "dice-verifier", "erased-serde 0.4.5", "fatfs", "futures", @@ -5790,6 +6193,7 @@ dependencies = [ "tokio", "toml 0.7.8", "uuid", + "vm-attest-trait", ] [[package]] @@ -5819,7 +6223,7 @@ dependencies = [ name = "propolis_types" version = "0.0.0" dependencies = [ - "schemars", + "schemars 0.8.22", "serde", "serde_json", "serde_test", @@ -5851,7 +6255,7 @@ version = "0.1.0" source = "git+https://github.com/oxidecomputer/lldp#b12d9c04ecafbb30b2c3c2d3fc03d32a14a9f6be" dependencies = [ "anyhow", - "schemars", + "schemars 0.8.22", "serde", "thiserror 1.0.64", ] @@ -5890,7 +6294,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b9e20a958963c291dc322d98411f541009df2ced7b5a4f2bd52337638cfccf20" dependencies = [ "bytes", - "cfg_aliases 0.2.1", + "cfg_aliases", "pin-project-lite", "quinn-proto", "quinn-udp", @@ -5911,7 +6315,7 @@ checksum = "f1906b49b0c3bc04b5fe5d86a77925ae6524a19b816ae38ce1e426255f1d8a31" dependencies = [ "aws-lc-rs", "bytes", - "getrandom 0.3.2", + "getrandom 0.3.4", "lru-slab", "rand 0.9.2", "ring", @@ -6015,7 +6419,7 @@ version = "0.9.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "99d9a13982dcf210057a8a78572b2217b667c3beacbf3a0d8b454f6f82837d38" dependencies = [ - "getrandom 0.3.2", + "getrandom 0.3.4", ] [[package]] @@ -6027,6 +6431,21 @@ dependencies = [ "rand_core 0.6.4", ] +[[package]] +name = "rats-corim" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/rats-corim#f0d5d5168d3d31487a56df32c676b0c6240bcc6b" +dependencies = [ + "ciborium", + "ciborium-io", + "clap", + "hex", + "serde", + "serde_with", + "strum 0.26.3", + "thiserror 2.0.18", +] + [[package]] name = "rayon" version = "1.10.0" @@ -6273,6 +6692,16 @@ dependencies = [ "zerocopy 0.8.27", ] +[[package]] +name = "rfc6979" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" +dependencies = [ + "hmac", + "subtle", +] + [[package]] name = "rgb_frame" version = "0.0.0" @@ -6558,6 +6987,16 @@ version = "1.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" +[[package]] +name = "salty" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b947325a585e90733e0e9ec097228f40b637cc346f9bd68f84d5c6297d0fcfef" +dependencies = [ + "subtle", + "zeroize", +] + [[package]] name = "same-file" version = "1.0.6" @@ -6593,6 +7032,30 @@ dependencies = [ "uuid", ] +[[package]] +name = "schemars" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4cd191f9397d57d581cddd31014772520aa448f65ef991055d7f61582c65165f" +dependencies = [ + "dyn-clone", + "ref-cast", + "serde", + "serde_json", +] + +[[package]] +name = "schemars" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a2b42f36aa1cd011945615b92222f6bf73c599a102a300334cd7f8dbeec726cc" +dependencies = [ + "dyn-clone", + "ref-cast", + "serde", + "serde_json", +] + [[package]] name = "schemars_derive" version = "0.8.22" @@ -6667,6 +7130,20 @@ dependencies = [ "untrusted 0.9.0", ] +[[package]] +name = "sec1" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc" +dependencies = [ + "base16ct", + "der", + "generic-array", + "pkcs8", + "subtle", + "zeroize", +] + [[package]] name = "secrecy" version = "0.10.3" @@ -6911,13 +7388,17 @@ dependencies = [ [[package]] name = "serde_with" -version = "3.15.0" +version = "3.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6093cd8c01b25262b84927e0f7151692158fab02d961e04c979d3903eba7ecc5" +checksum = "381b283ce7bc6b476d903296fb59d0d36633652b633b27f64db4fb46dcbfc3b9" dependencies = [ "base64 0.22.1", "chrono", "hex", + "indexmap 1.9.3", + "indexmap 2.13.0", + "schemars 0.9.0", + "schemars 1.2.1", "serde_core", "serde_json", "serde_with_macros", @@ -6926,9 +7407,9 @@ dependencies = [ [[package]] name = "serde_with_macros" -version = "3.15.0" +version = "3.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a7e6c180db0816026a61afa1cff5344fb7ebded7e4d3062772179f2501481c27" +checksum = "a6d4e30573c8cb306ed6ab1dca8423eec9a463ea0e155f45399455e0368b27e0" dependencies = [ "darling 0.21.3", "proc-macro2", @@ -6942,7 +7423,7 @@ version = "0.9.34+deprecated" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6a8b1a1a2ebf674015cc02edccce75287f1a0130d394307b36743c2f5d504b47" dependencies = [ - "indexmap", + "indexmap 2.13.0", "itoa", "ryu", "serde", @@ -6984,6 +7465,16 @@ dependencies = [ "digest 0.10.7", ] +[[package]] +name = "sha3" +version = "0.10.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "75872d278a8f37ef87fa0ddbda7802605cb18344497949862c0d4dcb291eba60" +dependencies = [ + "digest 0.10.7", + "keccak", +] + [[package]] name = "sharded-slab" version = "0.1.7" @@ -7018,6 +7509,16 @@ dependencies = [ "libc", ] +[[package]] +name = "signature" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" +dependencies = [ + "digest 0.10.7", + "rand_core 0.6.4", +] + [[package]] name = "sigpipe" version = "0.1.3" @@ -7071,7 +7572,7 @@ dependencies = [ "illumos-utils", "omicron-common", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", ] @@ -7302,6 +7803,16 @@ version = "0.9.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" +[[package]] +name = "spki" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" +dependencies = [ + "base64ct", + "der", +] + [[package]] name = "stable_deref_trait" version = "1.2.0" @@ -7327,7 +7838,7 @@ dependencies = [ "lazy_static", "newtype_derive", "petgraph 0.6.5", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -7577,7 +8088,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2d31c77bdf42a745371d260a26ca7163f1e0924b64afa0b688e61b5a9fa02f16" dependencies = [ "fastrand", - "getrandom 0.3.2", + "getrandom 0.3.4", "once_cell", "rustix 1.1.2", "windows-sys 0.61.2", @@ -7592,16 +8103,6 @@ dependencies = [ "windows-sys 0.61.2", ] -[[package]] -name = "terminal_size" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "21bebf2b7c9e0a515f6e0f8c51dc0f8e4696391e6f1ff30379559f8365fb0df7" -dependencies = [ - "rustix 0.38.34", - "windows-sys 0.48.0", -] - [[package]] name = "terminal_size" version = "0.4.3" @@ -7707,7 +8208,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c13547615a44dc9c452a8a534638acdf07120d4b6847c8178705da06306a3057" dependencies = [ "smawk", - "terminal_size 0.4.3", + "terminal_size", "unicode-linebreak", "unicode-width 0.2.1", ] @@ -7840,6 +8341,27 @@ version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" +[[package]] +name = "tls_codec" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0de2e01245e2bb89d6f05801c564fa27624dbd7b1846859876c7dad82e90bf6b" +dependencies = [ + "tls_codec_derive", + "zeroize", +] + +[[package]] +name = "tls_codec_derive" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2d2e76690929402faae40aebdda620a2c0e25dd6d3b9afe48867dfd95991f4bd" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + [[package]] name = "tokio" version = "1.49.0" @@ -7989,7 +8511,7 @@ version = "0.9.12+spec-1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cf92845e79fc2e2def6a5d828f0801e29a2f8acc037becc5ab08595c7d5e9863" dependencies = [ - "indexmap", + "indexmap 2.13.0", "serde_core", "serde_spanned 1.0.4", "toml_datetime 0.7.5+spec-1.1.0", @@ -8022,7 +8544,7 @@ version = "0.19.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1b5bb770da30e5cbfde35a2d7b9b8a2c4b8ef89548a7a6aeab5c9a576e3e7421" dependencies = [ - "indexmap", + "indexmap 2.13.0", "serde", "serde_spanned 0.6.9", "toml_datetime 0.6.11", @@ -8035,7 +8557,7 @@ version = "0.22.27" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "41fe8c660ae4257887cf66394862d21dbca4a6ddd26f04a3560410406a2f819a" dependencies = [ - "indexmap", + "indexmap 2.13.0", "serde", "serde_spanned 0.6.9", "toml_datetime 0.6.11", @@ -8267,7 +8789,7 @@ dependencies = [ "daft", "hex", "proptest", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_human_bytes", @@ -8353,7 +8875,7 @@ dependencies = [ "proc-macro2", "quote", "regress", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_json", @@ -8373,7 +8895,7 @@ dependencies = [ "proc-macro2", "quote", "regress", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_json", @@ -8390,7 +8912,7 @@ checksum = "9708a3ceb6660ba3f8d2b8f0567e7d4b8b198e2b94d093b8a6077a751425de9e" dependencies = [ "proc-macro2", "quote", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_json", @@ -8407,7 +8929,7 @@ checksum = "fd04bb1207cd4e250941cc1641f4c4815f7eaa2145f45c09dd49cb0a3691710a" dependencies = [ "proc-macro2", "quote", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_json", @@ -8514,13 +9036,13 @@ dependencies = [ "either", "futures", "indent_write", - "indexmap", + "indexmap 2.13.0", "libsw", "linear-map", "omicron-workspace-hack", "owo-colors", "petgraph 0.8.3", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "serde_with", @@ -8699,7 +9221,7 @@ version = "1.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e2e054861b4bd027cd373e18e8d8d8e6548085000e41290d95ce0c373a654b4a" dependencies = [ - "getrandom 0.3.2", + "getrandom 0.3.4", "js-sys", "serde_core", "wasm-bindgen", @@ -8772,6 +9294,35 @@ dependencies = [ "nvpair 0.0.0", ] +[[package]] +name = "vm-attest-trait" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/vm-attest-proto#e298740462de6a7daa2a2b6fac0315c509600b5e" +dependencies = [ + "anyhow", + "attest-data", + "cfg-if", + "clap", + "clap-verbosity", + "const-oid", + "ctrlc", + "dice-verifier", + "ed25519-dalek", + "env_logger", + "getrandom 0.3.4", + "hubpack", + "libc", + "log", + "rats-corim", + "serde", + "serde_json", + "serde_with", + "sha2 0.10.9", + "thiserror 2.0.18", + "uuid", + "x509-cert", +] + [[package]] name = "vtparse" version = "0.6.2" @@ -8825,12 +9376,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] -name = "wasi" -version = "0.14.2+wasi-0.2.4" +name = "wasip2" +version = "1.0.2+wasi-0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9683f9a5a998d873c0d21fcbe3c083009670149a8fab228644b8bd36b2c48cb3" +checksum = "9517f9239f02c069db75e65f174b3da828fe5f5b945c4dd26bd25d89c03ebcf5" dependencies = [ - "wit-bindgen-rt", + "wit-bindgen", ] [[package]] @@ -9574,13 +10125,10 @@ dependencies = [ ] [[package]] -name = "wit-bindgen-rt" -version = "0.39.0" +name = "wit-bindgen" +version = "0.51.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f42320e61fe2cfd34354ecb597f86f413484a798ba44a8ca1165c58d42da6c1" -dependencies = [ - "bitflags 2.9.4", -] +checksum = "d7249219f66ced02969388cf2bb044a09756a083d0fab1e566056b04d9fbcaa5" [[package]] name = "write16" @@ -9603,6 +10151,18 @@ dependencies = [ "tap", ] +[[package]] +name = "x509-cert" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1301e935010a701ae5f8655edc0ad17c44bad3ac5ce8c39185f75453b720ae94" +dependencies = [ + "const-oid", + "der", + "spki", + "tls_codec", +] + [[package]] name = "xattr" version = "1.3.1" @@ -9719,9 +10279,23 @@ dependencies = [ [[package]] name = "zeroize" -version = "1.7.0" +version = "1.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" +checksum = "b97154e67e32c85465826e8bcc1c59429aaaf107c1e4a9e53c8d8ccd5eff88d0" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85a5b4158499876c763cb03bc4e49185d3cccbabb15b33c627f7884f43db852e" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] [[package]] name = "zerovec" diff --git a/Cargo.toml b/Cargo.toml index 210a368ca..59e708447 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -111,7 +111,7 @@ bytes = "1.7.1" camino = "1.1.6" cargo_metadata = "0.18.1" cc = "1.0.73" -cfg-if = "1.0.0" +cfg-if = "1.0.4" chrono = "0.4.19" clap = "4.2" const_format = "0.2" @@ -184,6 +184,7 @@ tracing-bunyan-formatter = "0.3.3" tracing-subscriber = "0.3.14" usdt = { version = "0.6", default-features = false } uuid = "1.3.2" +vm-attest-proto = { git = "https://github.com/oxidecomputer/vm-attest-proto", package = "vm-attest-trait", default-features = false } zerocopy = "0.8.25" diff --git a/bin/propolis-standalone/Cargo.toml b/bin/propolis-standalone/Cargo.toml index 137affeb2..f55cd3727 100644 --- a/bin/propolis-standalone/Cargo.toml +++ b/bin/propolis-standalone/Cargo.toml @@ -18,6 +18,7 @@ bhyve_api.workspace = true clap = { workspace = true, features = ["derive", "env"] } cpuid_utils.workspace = true ctrlc.workspace = true +dice-verifier = { git = "https://github.com/oxidecomputer/dice-util", features = [ "ipcc", "mock" ] } fatfs.workspace = true futures.workspace = true libc.workspace = true @@ -39,6 +40,7 @@ slog-term.workspace = true strum = { workspace = true, features = ["derive"] } tar.workspace = true uuid.workspace = true +vm-attest-proto.workspace = true pbind.workspace = true [features] diff --git a/bin/propolis-standalone/build.rs b/bin/propolis-standalone/build.rs new file mode 100644 index 000000000..d47dae6a3 --- /dev/null +++ b/bin/propolis-standalone/build.rs @@ -0,0 +1,9 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +fn main() { + let OXIDE_PLATFORM: &str = "/usr/platform/oxide/lib/amd64/"; + println!("cargo:rustc-link-arg=-Wl,-R{}", OXIDE_PLATFORM); + println!("cargo:rustc-link-search={}", OXIDE_PLATFORM); +} diff --git a/bin/propolis-standalone/src/attestation.rs b/bin/propolis-standalone/src/attestation.rs new file mode 100644 index 000000000..750c46b0a --- /dev/null +++ b/bin/propolis-standalone/src/attestation.rs @@ -0,0 +1,144 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +use anyhow::{Context, Result}; +use std::io::{BufRead, BufReader, Read, Write}; +use std::net::TcpListener; + +use dice_verifier::{Attest, AttestMock}; +use dice_verifier::ipcc::AttestIpcc; +use vm_attest_proto::mock::VmInstanceRotMock; +use vm_attest_proto::{Measurement, VmInstanceConf}; +use vm_attest_proto::{ + QualifyingData, VmInstanceAttestResponse, VmInstanceRot, +}; + +use crate::config::{AttestationBackend, AttestationConfig}; + +const MAX_LINE_LENGTH: usize = 1024; + +pub fn parse_cfg(cfg: AttestationConfig) -> Result<(VmInstanceRotMock)> { + let uuid = + uuid::Uuid::parse_str(&cfg.instance_uuid).expect("Invalid UUID"); + let measurement: Measurement = serde_json::from_value( + serde_json::json!({"sha-256": cfg.boot_digest}), + ) + .context("boot_digest must be a valid hex SHA-256 digest")?; + let vm_conf = VmInstanceConf { + uuid, + image_digest: Some(measurement), + }; + + let ox_attest: Box = match cfg.backend { + AttestationBackend::Mock => { + let pki_path = cfg + .pki_path + .as_ref() + .expect("pki_path required for mock backend"); + let log_path = cfg + .log_path + .as_ref() + .expect("log_path required for mock backend"); + let alias_key_path = cfg + .alias_key_path + .as_ref() + .expect("alias_key_path required for mock backend"); + Box::new( + AttestMock::load( + pki_path, + log_path, + alias_key_path, + ) + .expect("Failed to load AttestMock"), + ) + }, + AttestationBackend::Ipcc => Box::new( + AttestIpcc::new().expect("Failed to create AttestIpcc"), + ), + }; + + Ok(VmInstanceRotMock::new(ox_attest, vm_conf)) +} + +pub fn run_server( + log: &slog::Logger, + rot: VmInstanceRotMock, + listener: TcpListener, +) -> Result<()> { + let mut msg = String::new(); + for client in listener.incoming() { + slog::info!(log, "new client connected"); + + // create `BufReader` w/ capacity & `take` reader w/ same limit + let reader = BufReader::with_capacity(MAX_LINE_LENGTH, client?); + let mut limited_reader = reader.take(MAX_LINE_LENGTH as u64); + + slog::info!(log, "LISTENING"); + + loop { + let bytes_read = limited_reader.read_line(&mut msg)?; + + if bytes_read == 0 { + break; + } + + // Check if the limit was hit and a newline wasn't found + if bytes_read == MAX_LINE_LENGTH && !msg.ends_with('\n') { + slog::warn!( + log, + "Error: Line length exceeded the limit of {} bytes.", + MAX_LINE_LENGTH + ); + let response = VmInstanceAttestResponse::Error( + "Request too long".to_string(), + ); + let mut response = serde_json::to_string(&response)?; + response.push('\n'); + slog::info!(log, "sending error response: {response}"); + limited_reader + .get_mut() + .get_mut() + .write_all(response.as_bytes())?; + break; + } + + slog::debug!(log, "JSON received: {msg}"); + + let result: Result = + serde_json::from_str(&msg); + let qualifying_data = match result { + Ok(q) => q, + Err(e) => { + let response = + VmInstanceAttestResponse::Error(e.to_string()); + let mut response = serde_json::to_string(&response)?; + response.push('\n'); + slog::info!(log, "sending error response: {response}"); + limited_reader + .get_mut() + .get_mut() + .write_all(response.as_bytes())?; + break; + } + }; + slog::debug!(log, "qualifying data received: {qualifying_data:?}"); + + let response = match rot.attest(&qualifying_data) { + Ok(a) => VmInstanceAttestResponse::Attestation(a), + Err(e) => VmInstanceAttestResponse::Error(e.to_string()), + }; + let mut response = serde_json::to_string(&response)?; + response.push('\n'); + + slog::debug!(log, "sending response: {response}"); + limited_reader + .get_mut() + .get_mut() + .write_all(response.as_bytes())?; + msg.clear(); + } + } + + Ok(()) +} diff --git a/bin/propolis-standalone/src/config.rs b/bin/propolis-standalone/src/config.rs index 3aac56a73..069e9b146 100644 --- a/bin/propolis-standalone/src/config.rs +++ b/bin/propolis-standalone/src/config.rs @@ -36,6 +36,7 @@ pub struct Config { pub cpuid_profiles: BTreeMap, pub cloudinit: Option, + pub attestation: Option, } impl Config { pub fn cpuid_profile(&self) -> Option<&CpuidProfile> { @@ -132,6 +133,29 @@ pub struct CloudInit { pub network_config_path: Option, } +#[derive(Clone, Debug, Default, Deserialize, Serialize)] +#[serde(rename_all = "lowercase")] +pub enum AttestationBackend { + #[default] + Mock, + Ipcc, +} + +#[derive(Clone, Debug, Deserialize, Serialize)] +pub struct AttestationConfig { + pub backend: AttestationBackend, + pub port: u16, + + // qualifying data: minimal for now + pub instance_uuid: String, + pub boot_digest: String, + + // mock-only fields + pub pki_path: Option, + pub log_path: Option, + pub alias_key_path: Option, +} + #[derive(Deserialize)] struct FileConfig { path: String, diff --git a/bin/propolis-standalone/src/main.rs b/bin/propolis-standalone/src/main.rs index 90135d80e..e264b746b 100644 --- a/bin/propolis-standalone/src/main.rs +++ b/bin/propolis-standalone/src/main.rs @@ -6,6 +6,7 @@ use std::collections::{BTreeMap, VecDeque}; use std::fmt; use std::fs::File; use std::io::{Error, ErrorKind, Result}; +use std::net::TcpListener; use std::path::Path; use std::process::ExitCode; use std::sync::atomic::{AtomicUsize, Ordering}; @@ -35,6 +36,7 @@ use propolis::vcpu::Vcpu; use propolis::vmm::{Builder, Machine}; use propolis::*; +mod attestation; mod cidata; mod config; mod snapshot; @@ -1540,6 +1542,26 @@ fn main() -> anyhow::Result { }; let _rt_guard = rt.enter(); + // If configured, setup an attestation server + if config.attestation.is_some() { + let attest_log = log.clone(); + let attest_cfg = config.attestation.clone().unwrap(); + std::thread::spawn(move || { + //let port = config.attestation.port; + // TODO: move validation out of the thread? + let rot_backend = + attestation::parse_cfg(attest_cfg).expect("invalid attestation server config"); + + // TODO: get from port mappings + let listener = + TcpListener::bind("127.0.0.1:3000").expect("could not bind to attesation port"); + + slog::info!(attest_log, "starting attestation server, listening on port 3000"); + + let _ = attestation::run_server(&attest_log, rot_backend, listener); + }); + } + // Create the VM afresh or restore it from a snapshot let (inst, com1_sock) = if restore { snapshot::restore(&target, config, &log)