dcap-qvl 0.4.0

This crate implements the quote verification logic for DCAP (Data Center Attestation Primitives) in pure Rust.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

//! Audited [`EcdsaSigEncoder`] implementation backed by `der`.
//!
//! Selected by [`crate::configs::RingConfig`] / [`crate::configs::RustCryptoConfig`]
//! / [`crate::configs::DefaultConfig`].

use alloc::vec::Vec;
use anyhow::{Context, Result};

use crate::config::EcdsaSigEncoder;

/// Audited default [`EcdsaSigEncoder`] implementation, built on `der`.
///
/// Stateless zero-sized marker type.
pub struct DerSigEncoder;

impl EcdsaSigEncoder for DerSigEncoder {
    fn encode_ecdsa_sig(r: &[u8], s: &[u8]) -> Result<Vec<u8>> {
        let mut sequence = der::asn1::SequenceOf::<der::asn1::UintRef, 2>::new();
        let r_int = der::asn1::UintRef::new(r).context("Failed to create r INTEGER")?;
        sequence.add(r_int).context("Failed to add r INTEGER")?;
        let s_int = der::asn1::UintRef::new(s).context("Failed to create s INTEGER")?;
        sequence.add(s_int).context("Failed to add s INTEGER")?;
        // Capacity: SEQUENCE header (≤4) + 2 × (INTEGER header (≤4) + payload + 1 sign byte)
        let cap = 8usize
            .checked_add(r.len())
            .and_then(|n| n.checked_add(s.len()))
            .and_then(|n| n.checked_add(2))
            .context("encode_ecdsa_sig capacity overflow")?;
        let mut buf = alloc::vec![0u8; cap];
        let mut writer = der::SliceWriter::new(&mut buf);
        writer
            .encode(&sequence)
            .context("Failed to encode ECDSA signature sequence")?;
        Ok(writer
            .finish()
            .context("Failed to finalize ECDSA signature sequence")?
            .to_vec())
    }
}