openhcl_attestation_protocol/igvm_attest/
akv.rs

1// Copyright (c) Microsoft Corporation.
2// Licensed under the MIT License.
3
4//! This module includes the data types defined by Azure Key Vault (AKV) that
5//! is used for parsing the response of the `KEY_RELEASE_REQUEST`.
6
7use base64_serde::base64_serde_type;
8use serde::Deserialize;
9use serde::Serialize;
10
11base64_serde_type!(Base64Url, base64::engine::general_purpose::URL_SAFE_NO_PAD);
12
13/// The subset of standard JWT header.
14#[derive(Debug, Deserialize, Serialize)]
15pub struct AkvKeyReleaseJwtHeader {
16    /// Indicate the signing algorithm, "none" indicates the JWT is unsigned (unsecured).
17    pub alg: String,
18    /// The certificate chain used to validate the signature if the JWT is signed (signed).
19    #[serde(default)]
20    pub x5c: Vec<String>,
21}
22
23/// The subset of the JWT payload format (in JSON) defined by Azure Key Vault (AKV) API version > 7.2
24/// that includes the base64-url-encoded wrapped key JSON object.
25/// The JWT payload JSON blob looks like
26/// ```ignore
27/// {
28///    ..
29///    "response": {
30///        "key": {
31///           ..
32///           "key": {
33///             ..
34///             "key_hsm": <base64-url encoded wrapped key JSON object>
35///           }
36///       }
37///    }
38/// }
39/// ```
40#[derive(Debug, Deserialize, Serialize)]
41pub struct AkvKeyReleaseJwtBody {
42    /// JSON data
43    pub response: AkvKeyReleaseResponse,
44}
45
46/// The subset of the `AkvKeyReleaseResponse` that includes the base64-url-encoded wrapped key JSON object.
47#[derive(Debug, Deserialize, Serialize)]
48pub struct AkvKeyReleaseResponse {
49    /// JSON data
50    pub key: AkvKeyReleaseKeyObject,
51}
52
53/// The subset of the `AkvKeyReleaseKeyObject` that includes the base64-url-encoded wrapped key JSON object.
54#[derive(Debug, Deserialize, Serialize)]
55pub struct AkvKeyReleaseKeyObject {
56    /// JSON data
57    pub key: AkvJwk,
58}
59
60/// The subset of the `AkvJwk` that holds the base64-url-encoded wrapped key JSON object in the `key_hsm`
61/// field.
62#[derive(Debug, Deserialize, Serialize)]
63pub struct AkvJwk {
64    /// JSON data with base64-url encoded value
65    #[serde(with = "Base64Url")]
66    pub key_hsm: Vec<u8>,
67}
68
69/// The subset of a JSON object (AKV API version 7.2) or decoded wrapped key JSON object (AKV API version > 7.2)
70/// that holds the base64-url-encoded raw wrapped key blob in the `ciphertext` field.
71/// The JSON object looks like
72/// {
73///    ..
74///    "ciphertext": \<base64-url encoded raw wrapped key blob\>
75/// }
76#[derive(Deserialize, Serialize)]
77pub struct AkvKeyReleaseKeyBlob {
78    /// JSON data with base64-url encoded value
79    #[serde(with = "Base64Url")]
80    pub ciphertext: Vec<u8>,
81}