openhcl_attestation_protocol/igvm_attest/cps.rs
1// Copyright (c) Microsoft Corporation.
2// Licensed under the MIT License.
3
4//! This module includes the definition of the VM Metadata blob (VMMD)
5//! issued by CVM Provisioning Service (CPS) that is used for parsing
6//! the response of the `WRAPPED_KEY_REQUEST`.
7
8use base64_serde::base64_serde_type;
9use serde::Deserialize;
10use serde::Serialize;
11
12base64_serde_type!(Base64, base64::engine::general_purpose::STANDARD);
13
14/// The `VMMD` blob format (JSON object) defined by CPS.
15/// Only include the fields that include the base64-encoded
16/// wrapped DiskEncryptionSettings key and the key reference (in JSON).
17/// The JSON object looks like
18/// ```ignore
19/// {
20/// "DiskEncryptionSettings" {
21/// "encryption_info": {
22/// "ase_info": {
23/// "ciphertext": <base64-encoded wrapped DiskEncryptionSettings key>
24/// ..
25/// }
26/// "key_reference": <JSON object>
27/// ..
28/// }
29/// ..
30/// }
31/// }
32/// ```
33#[derive(Deserialize, Serialize)]
34pub struct VmmdBlob {
35 /// JSON data
36 #[serde(rename = "DiskEncryptionSettings")]
37 pub disk_encryption_settings: DiskEncryptionSettings,
38}
39
40/// Only include the relevant fields that include base64-encoded wrapped
41/// DiskEncryptionSettings key and the key reference JSON object.
42#[derive(Deserialize, Serialize)]
43pub struct DiskEncryptionSettings {
44 /// Encryption info
45 pub encryption_info: EncryptionInfo,
46}
47
48/// Only include the relevant fields that include base64-encoded wrapped DiskEncryptionSettings
49/// key and the key reference JSON object (held in the `key_reference` field).
50#[derive(Deserialize, Serialize)]
51pub struct EncryptionInfo {
52 /// AES information that includes the wrapped key.
53 pub aes_info: AesInfo,
54 /// JSON object used by the agent in the SKR process
55 pub key_reference: serde_json::Value,
56}
57
58/// Only include the relevant field the includes the base64-encoded wrapped DiskEncryptionSettings
59/// key (held in the `ciphertext` filed).
60#[derive(Deserialize, Serialize)]
61pub struct AesInfo {
62 /// Base64-encoded symmetric key wrapped in RSA-OAEP.
63 #[serde(with = "Base64")]
64 pub ciphertext: Vec<u8>,
65}