From c352f46357d96ff7aec229bb7616806ec3eff196 Mon Sep 17 00:00:00 2001 From: Laura Abbott Date: Tue, 16 Jul 2024 13:14:51 -0400 Subject: [PATCH] Remove sprockets (#6087) The approach in the existing sprockets code was never fully implemented. We're going to replace it with something else. Just remove the old code. --- Cargo.lock | 104 ++++-------------------------------------- Cargo.toml | 5 -- sp-sim/Cargo.toml | 1 - sp-sim/src/gimlet.rs | 24 ---------- sp-sim/src/lib.rs | 14 ------ sp-sim/src/rot.rs | 46 ------------------- sp-sim/src/sidecar.rs | 24 ---------- 7 files changed, 8 insertions(+), 210 deletions(-) delete mode 100644 sp-sim/src/rot.rs diff --git a/Cargo.lock b/Cargo.lock index 22e647c69c..95420642e4 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1220,12 +1220,6 @@ version = "0.8.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "06ea2b9bc92be3c2baa9334a323ebca2d6f074ff852cd1d7b11064035cd3868f" -[[package]] -name = "corncobs" -version = "0.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f9236877021b66ad90f833d8a73a7acb702b985b64c5986682d9f1f1a184f0fb" - [[package]] name = "cpufeatures" version = "0.2.12" @@ -2123,19 +2117,10 @@ dependencies = [ "digest", "elliptic-curve", "rfc6979", - "signature 2.2.0", + "signature", "spki", ] -[[package]] -name = "ed25519" -version = "1.5.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "91cff35c70bba8a626e3185d8cd48cc11b5437e1a5bcd15b9b5fa3c64b6dfee7" -dependencies = [ - "signature 1.6.4", -] - [[package]] name = "ed25519" version = "2.2.3" @@ -2143,7 +2128,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "115531babc129696a58c64a4fef0a8bf9e9698629fb97e9e40767d235cfbcd53" dependencies = [ "pkcs8", - "signature 2.2.0", + "signature", ] [[package]] @@ -2153,7 +2138,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4a3daa8e81a3963a60642bcc1f90a670680bd4a77535faa384e9d1c79d620871" dependencies = [ "curve25519-dalek", - "ed25519 2.2.3", + "ed25519", "rand_core 0.6.4", "serde", "sha2", @@ -2715,7 +2700,7 @@ version = "0.1.0" source = "git+https://github.com/oxidecomputer/management-gateway-service?rev=c85a4ca043aaa389df12aac5348d8a3feda28762#c85a4ca043aaa389df12aac5348d8a3feda28762" dependencies = [ "bitflags 2.5.0", - "hubpack 0.1.2", + "hubpack", "serde", "serde_repr", "smoltcp 0.9.1", @@ -2736,14 +2721,14 @@ dependencies = [ "fxhash", "gateway-messages", "hex", - "hubpack 0.1.2", + "hubpack", "hubtools", "lru-cache", "nix 0.27.1", "once_cell", "paste", "serde", - "serde-big-array 0.5.1", + "serde-big-array", "slog", "slog-error-chain", "socket2 0.5.7", @@ -3225,35 +3210,16 @@ dependencies = [ "tokio", ] -[[package]] -name = "hubpack" -version = "0.1.0" -source = "git+https://github.com/cbiffle/hubpack.git?rev=df08cc3a6e1f97381cd0472ae348e310f0119e25#df08cc3a6e1f97381cd0472ae348e310f0119e25" -dependencies = [ - "hubpack_derive 0.1.0", - "serde", -] - [[package]] name = "hubpack" version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "61a0b84aeae519f65e0ba3aa998327080993426024edbd5cc38dbaf5ec524303" dependencies = [ - "hubpack_derive 0.1.1", + "hubpack_derive", "serde", ] -[[package]] -name = "hubpack_derive" -version = "0.1.0" -source = "git+https://github.com/cbiffle/hubpack.git?rev=df08cc3a6e1f97381cd0472ae348e310f0119e25#df08cc3a6e1f97381cd0472ae348e310f0119e25" -dependencies = [ - "proc-macro2", - "quote", - "syn 1.0.109", -] - [[package]] name = "hubpack_derive" version = "0.1.1" @@ -8035,7 +8001,7 @@ dependencies = [ "rand_core 0.6.4", "serde", "sha2", - "signature 2.2.0", + "signature", "spki", "subtle", "zeroize", @@ -8380,17 +8346,6 @@ version = "1.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" -[[package]] -name = "salty" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77cdd38ed8bfe51e53ee991aae0791b94349d0a05cfdecd283835a8a965d4c37" -dependencies = [ - "ed25519 1.5.3", - "subtle", - "zeroize", -] - [[package]] name = "samael" version = "0.0.15" @@ -8578,15 +8533,6 @@ dependencies = [ "serde_derive", ] -[[package]] -name = "serde-big-array" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3323f09a748af288c3dc2474ea6803ee81f118321775bffa3ac8f7e65c5e90e7" -dependencies = [ - "serde", -] - [[package]] name = "serde-big-array" version = "0.5.1" @@ -8850,12 +8796,6 @@ dependencies = [ "tokio", ] -[[package]] -name = "signature" -version = "1.6.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c" - [[package]] name = "signature" version = "2.2.0" @@ -9263,7 +9203,6 @@ dependencies = [ "serde", "slog", "slog-dtrace", - "sprockets-rot", "thiserror", "tokio", "toml 0.8.14", @@ -9294,33 +9233,6 @@ dependencies = [ "der", ] -[[package]] -name = "sprockets-common" -version = "0.1.0" -source = "git+https://github.com/oxidecomputer/sprockets?rev=77df31efa5619d0767ffc837ef7468101608aee9#77df31efa5619d0767ffc837ef7468101608aee9" -dependencies = [ - "derive_more", - "hubpack 0.1.0", - "salty", - "serde", - "serde-big-array 0.4.1", -] - -[[package]] -name = "sprockets-rot" -version = "0.1.0" -source = "git+https://github.com/oxidecomputer/sprockets?rev=77df31efa5619d0767ffc837ef7468101608aee9#77df31efa5619d0767ffc837ef7468101608aee9" -dependencies = [ - "corncobs", - "derive_more", - "hubpack 0.1.0", - "rand 0.8.5", - "salty", - "serde", - "sprockets-common", - "tinyvec", -] - [[package]] name = "sqlformat" version = "0.2.4" diff --git a/Cargo.toml b/Cargo.toml index 96f962708a..6c67dbd6c4 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -483,9 +483,6 @@ slog-term = "2.9.1" smf = "0.2" socket2 = { version = "0.5", features = ["all"] } sp-sim = { path = "sp-sim" } -sprockets-common = { git = "https://github.com/oxidecomputer/sprockets", rev = "77df31efa5619d0767ffc837ef7468101608aee9" } -sprockets-host = { git = "https://github.com/oxidecomputer/sprockets", rev = "77df31efa5619d0767ffc837ef7468101608aee9" } -sprockets-rot = { git = "https://github.com/oxidecomputer/sprockets", rev = "77df31efa5619d0767ffc837ef7468101608aee9" } sqlformat = "0.2.4" sqlparser = { version = "0.45.0", features = [ "visitor" ] } static_assertions = "1.1.0" @@ -683,8 +680,6 @@ opt-level = 3 opt-level = 3 [profile.dev.package.rsa] opt-level = 3 -[profile.dev.package.salty] -opt-level = 3 [profile.dev.package.signature] opt-level = 3 [profile.dev.package.subtle] diff --git a/sp-sim/Cargo.toml b/sp-sim/Cargo.toml index 35cb791f4c..7270db1a67 100644 --- a/sp-sim/Cargo.toml +++ b/sp-sim/Cargo.toml @@ -20,7 +20,6 @@ omicron-common.workspace = true serde.workspace = true slog.workspace = true slog-dtrace.workspace = true -sprockets-rot.workspace = true thiserror.workspace = true tokio = { workspace = true, features = [ "full" ] } toml.workspace = true diff --git a/sp-sim/src/gimlet.rs b/sp-sim/src/gimlet.rs index 4e0b264e64..ac465cb217 100644 --- a/sp-sim/src/gimlet.rs +++ b/sp-sim/src/gimlet.rs @@ -6,7 +6,6 @@ use crate::config::GimletConfig; use crate::config::SpComponentConfig; use crate::helpers::rot_slot_id_from_u16; use crate::helpers::rot_slot_id_to_u16; -use crate::rot::RotSprocketExt; use crate::serial_number_padded; use crate::server; use crate::server::SimSpHandler; @@ -38,9 +37,6 @@ use gateway_messages::{version, MessageKind}; use gateway_messages::{ComponentDetails, Message, MgsError, StartupOptions}; use gateway_messages::{DiscoverResponse, IgnitionState, PowerState}; use slog::{debug, error, info, warn, Logger}; -use sprockets_rot::common::msgs::{RotRequestV1, RotResponseV1}; -use sprockets_rot::common::Ed25519PublicKey; -use sprockets_rot::{RotSprocket, RotSprocketError}; use std::cell::Cell; use std::collections::HashMap; use std::iter; @@ -88,8 +84,6 @@ pub enum SimSpHandledRequest { } pub struct Gimlet { - rot: Mutex, - manufacturing_public_key: Ed25519PublicKey, local_addrs: Option<[SocketAddrV6; 2]>, handler: Option>>, serial_console_addrs: HashMap, @@ -116,10 +110,6 @@ impl SimulatedSp for Gimlet { ) } - fn manufacturing_public_key(&self) -> Ed25519PublicKey { - self.manufacturing_public_key - } - fn local_addr(&self, port: SpPort) -> Option { let i = match port { SpPort::One => 0, @@ -135,13 +125,6 @@ impl SimulatedSp for Gimlet { } } - fn rot_request( - &self, - request: RotRequestV1, - ) -> Result { - self.rot.lock().unwrap().handle_deserialized(request) - } - async fn last_sp_update_data(&self) -> Option> { let handler = self.handler.as_ref()?; let handler = handler.lock().await; @@ -201,16 +184,11 @@ impl Gimlet { let (commands, commands_rx) = mpsc::unbounded_channel(); let last_request_handled = Arc::default(); - let (manufacturing_public_key, rot) = - RotSprocket::bootstrap_from_config(&gimlet.common); - // Weird case - if we don't have any bind addresses, we're only being // created to simulate an RoT, so go ahead and return without actually // starting a simulated SP. let Some(bind_addrs) = gimlet.common.bind_addrs else { return Ok(Self { - rot: Mutex::new(rot), - manufacturing_public_key, local_addrs: None, handler: None, serial_console_addrs, @@ -299,8 +277,6 @@ impl Gimlet { .push(task::spawn(async move { inner.run().await.unwrap() })); Ok(Self { - rot: Mutex::new(rot), - manufacturing_public_key, local_addrs: Some(local_addrs), handler: Some(handler), serial_console_addrs, diff --git a/sp-sim/src/lib.rs b/sp-sim/src/lib.rs index ca9231bec0..868d7ded2c 100644 --- a/sp-sim/src/lib.rs +++ b/sp-sim/src/lib.rs @@ -5,7 +5,6 @@ pub mod config; mod gimlet; mod helpers; -mod rot; mod server; mod sidecar; mod update; @@ -21,10 +20,6 @@ pub use server::logger; pub use sidecar::Sidecar; pub use sidecar::SIM_SIDECAR_BOARD; pub use slog::Logger; -pub use sprockets_rot::common::msgs::RotRequestV1; -pub use sprockets_rot::common::msgs::RotResponseV1; -use sprockets_rot::common::Ed25519PublicKey; -pub use sprockets_rot::RotSprocketError; use std::net::SocketAddrV6; use tokio::sync::mpsc; use tokio::sync::watch; @@ -43,9 +38,6 @@ pub trait SimulatedSp { /// Serial number. async fn state(&self) -> omicron_gateway::http_entrypoints::SpState; - /// Public key for the manufacturing cert used to sign this SP's RoT certs. - fn manufacturing_public_key(&self) -> Ed25519PublicKey; - /// Listening UDP address of the given port of this simulated SP, if it was /// configured to listen. fn local_addr(&self, port: SpPort) -> Option; @@ -54,12 +46,6 @@ pub trait SimulatedSp { /// messages. async fn set_responsiveness(&self, r: Responsiveness); - /// Send a request to the (simulated) RoT. - fn rot_request( - &self, - request: RotRequestV1, - ) -> Result; - /// Get the last completed update delivered to this simulated SP. /// /// Only returns data after a simulated reset of the SP. diff --git a/sp-sim/src/rot.rs b/sp-sim/src/rot.rs deleted file mode 100644 index 9f0bf61cc0..0000000000 --- a/sp-sim/src/rot.rs +++ /dev/null @@ -1,46 +0,0 @@ -// This Source Code Form is subject to the terms of the Mozilla Public -// License, v. 2.0. If a copy of the MPL was not distributed with this -// file, You can obtain one at https://mozilla.org/MPL/2.0/. - -//! Simualting a Root of Trust - -use crate::config::SpCommonConfig; -use sprockets_rot::common::certificates::SerialNumber; -use sprockets_rot::common::Ed25519PublicKey; -use sprockets_rot::salty; -use sprockets_rot::RotConfig; -use sprockets_rot::RotSprocket; - -pub(crate) trait RotSprocketExt { - // Returns the (derived-from-config) manufacturing public key and the - // `RotSprocket`. - fn bootstrap_from_config( - config: &SpCommonConfig, - ) -> (Ed25519PublicKey, Self); -} - -impl RotSprocketExt for RotSprocket { - fn bootstrap_from_config( - config: &SpCommonConfig, - ) -> (Ed25519PublicKey, Self) { - let mut serial_number = [0; 16]; - serial_number - .get_mut(0..config.serial_number.len()) - .expect("simulated serial number too long") - .copy_from_slice(config.serial_number.as_bytes()); - - let manufacturing_keypair = - salty::Keypair::from(&config.manufacturing_root_cert_seed); - let device_id_keypair = - salty::Keypair::from(&config.device_id_cert_seed); - let serial_number = SerialNumber(serial_number); - let config = RotConfig::bootstrap_for_testing( - &manufacturing_keypair, - device_id_keypair, - serial_number, - ); - let manufacturing_public_key = - Ed25519PublicKey(manufacturing_keypair.public.to_bytes()); - (manufacturing_public_key, Self::new(config)) - } -} diff --git a/sp-sim/src/sidecar.rs b/sp-sim/src/sidecar.rs index 696989f791..a6bc49e609 100644 --- a/sp-sim/src/sidecar.rs +++ b/sp-sim/src/sidecar.rs @@ -8,7 +8,6 @@ use crate::config::SimulatedSpsConfig; use crate::config::SpComponentConfig; use crate::helpers::rot_slot_id_from_u16; use crate::helpers::rot_slot_id_to_u16; -use crate::rot::RotSprocketExt; use crate::serial_number_padded; use crate::server; use crate::server::SimSpHandler; @@ -49,16 +48,10 @@ use slog::debug; use slog::info; use slog::warn; use slog::Logger; -use sprockets_rot::common::msgs::RotRequestV1; -use sprockets_rot::common::msgs::RotResponseV1; -use sprockets_rot::common::Ed25519PublicKey; -use sprockets_rot::RotSprocket; -use sprockets_rot::RotSprocketError; use std::iter; use std::net::SocketAddrV6; use std::pin::Pin; use std::sync::Arc; -use std::sync::Mutex; use tokio::select; use tokio::sync::mpsc; use tokio::sync::oneshot; @@ -70,8 +63,6 @@ use tokio::task::JoinHandle; pub const SIM_SIDECAR_BOARD: &str = "SimSidecarSp"; pub struct Sidecar { - rot: Mutex, - manufacturing_public_key: Ed25519PublicKey, local_addrs: Option<[SocketAddrV6; 2]>, handler: Option>>, commands: mpsc::UnboundedSender, @@ -96,10 +87,6 @@ impl SimulatedSp for Sidecar { ) } - fn manufacturing_public_key(&self) -> Ed25519PublicKey { - self.manufacturing_public_key - } - fn local_addr(&self, port: SpPort) -> Option { let i = match port { SpPort::One => 0, @@ -117,13 +104,6 @@ impl SimulatedSp for Sidecar { rx.await.unwrap(); } - fn rot_request( - &self, - request: RotRequestV1, - ) -> Result { - self.rot.lock().unwrap().handle_deserialized(request) - } - async fn last_sp_update_data(&self) -> Option> { let handler = self.handler.as_ref()?; let handler = handler.lock().await; @@ -224,11 +204,7 @@ impl Sidecar { (None, None, None, None) }; - let (manufacturing_public_key, rot) = - RotSprocket::bootstrap_from_config(&sidecar.common); Ok(Self { - rot: Mutex::new(rot), - manufacturing_public_key, local_addrs, handler, commands,