harald/teepot
1
0
Fork 0
mirror of https://github.com/matter-labs/teepot.git synced 2025-07-23 16:04:46 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

fix(teepot-vault): use ring as CryptoProvider for rustls

Browse source 
New `rustls` needs global install of default `CryptoProvider`.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
This commit is contained in:
Harald Hoyer 2025-02-28 14:14:57 +01:00
parent 0a73ed5012
commit d6061c35a8
Signed by: harald
GPG key ID: F519A1143B3FBE32
6 changed files with 70 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

29
bin/tee-vault-admin/src/main.rs
View file

@ -1,5 +1,5 @@
// SPDX-License-Identifier: Apache-2.0
// Copyright (c) 2023-2024 Matter Labs
// Copyright (c) 2023-2025 Matter Labs
//! Server to handle requests to the Vault TEE
@ -9,26 +9,27 @@ mod command;
mod digest;
mod sign;
use actix_web::web::Data;
use actix_web::{web, App, HttpServer};
use actix_web::{web, web::Data, App, HttpServer};
use anyhow::{Context, Result};
use clap::Parser;
use command::post_command;
use digest::get_digest;
use rustls::ServerConfig;
use sign::post_sign;
use std::net::Ipv6Addr;
use std::sync::Arc;
use teepot::json::http::{SignRequest, VaultCommandRequest, DIGEST_URL};
use teepot::server::attestation::{get_quote_and_collateral, VaultAttestationArgs};
use teepot::server::new_json_cfg;
use teepot::server::pki::make_self_signed_cert;
use teepot::sgx::{parse_tcb_levels, EnumSet, TcbLevel};
use std::{net::Ipv6Addr, sync::Arc};
use teepot::{
json::http::{SignRequest, VaultCommandRequest, DIGEST_URL},
server::{
attestation::{get_quote_and_collateral, VaultAttestationArgs},
new_json_cfg,
pki::make_self_signed_cert,
},
sgx::{parse_tcb_levels, EnumSet, TcbLevel},
};
use tracing::{error, info};
use tracing_actix_web::TracingLogger;
use tracing_log::LogTracer;
use tracing_subscriber::Registry;
use tracing_subscriber::{fmt, prelude::*, EnvFilter};
use tracing_subscriber::{fmt, prelude::*, EnvFilter, Registry};
/// Server state
pub struct ServerState {
@ -70,6 +71,8 @@ async fn main() -> Result<()> {
// don't return for now, we can still serve requests but we won't be able to attest
}
let _ = rustls::crypto::ring::default_provider().install_default();
// init server config builder with safe defaults
let config = ServerConfig::builder()
.with_no_client_auth()
@ -78,8 +81,6 @@ async fn main() -> Result<()> {
info!("Starting HTTPS server at port {}", args.port);
info!("Quote verified! Connection secure!");
let server_state = Arc::new(ServerState {
report_data,
vault_attestation: args.attestation,