Skip to content

Commit

Permalink
Replace serde_jcs dependency with serde_canonical_json (project-oak#4647
Browse files Browse the repository at this point in the history 
)
  • Loading branch information
@ernoc
ernoc authored Jan 15, 2024
1 parent 42748c0 commit 7beb64f
Show file tree
Hide file tree
Showing 4 changed files with 43 additions and 42 deletions.
35 changes: 15 additions & 20 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion oak_attestation_verification/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ oak_sev_guest = { workspace = true }
prost = { workspace = true }
p256 = { version = "*", features = ["ecdsa-core", "ecdsa", "pem"] }
serde = { version = "*", features = ["derive"] }
serde_jcs = "*"
serde_canonical_json = "*"
serde_json = "*"
sha2 = { version = "*", default-features = false }
time = { version = "0.3.28", features = ["serde", "parsing", "formatting"] }
Expand Down
11 changes: 8 additions & 3 deletions oak_attestation_verification/src/rekor.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ use alloc::{collections::BTreeMap, string::String, vec::Vec};
use anyhow::Context;
use base64::{prelude::BASE64_STANDARD, Engine as _};
use serde::{Deserialize, Serialize};
use serde_canonical_json::CanonicalFormatter;
use serde_json::Serializer;

use crate::util::{convert_pem_to_raw, hash_sha2_256, verify_signature_raw};

Expand Down Expand Up @@ -145,8 +147,11 @@ impl TryFrom<&LogEntry> for RekorSignatureBundle {

// Canonicalized JSON document that is signed. Canonicalization should follow the RFC 8785
// rules.
let canonicalized = serde_jcs::to_vec(&entry_subset)
.context("couldn't create canonicalized json string")?;
let mut serializer = Serializer::with_formatter(Vec::new(), CanonicalFormatter::new());
entry_subset
.serialize(&mut serializer)
.context("Failed to serialize Rekor signed payload to JSON")?;
let signed_json_bytes: Vec<u8> = serializer.into_inner();

// Extract the signature from the LogEntry.
let sig_base64 = log_entry
Expand All @@ -160,7 +165,7 @@ impl TryFrom<&LogEntry> for RekorSignatureBundle {
.context("couldn't decode Base64 signature")?;

Ok(Self {
canonicalized,
canonicalized: signed_json_bytes,
signature,
})
}
Expand Down
37 changes: 19 additions & 18 deletions oak_ml_transparency/runner/Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 7beb64f

Please sign in to comment.