MCPcopy Create free account
hub / github.com/Dstack-TEE/dstack / make_app_keys

Function make_app_keys

dstack-util/src/main.rs:405–437  ·  view source on GitHub ↗
(
    app_key: &KeyPair,
    disk_key: &KeyPair,
    k256_key: &SigningKey,
    ca_level: u8,
    key_provider: KeyProvider,
)

Source from the content-addressed store, hash-verified

403}
404
405fn make_app_keys(
406 app_key: &KeyPair,
407 disk_key: &KeyPair,
408 k256_key: &SigningKey,
409 ca_level: u8,
410 key_provider: KeyProvider,
411) -> Result<AppKeys> {
412 use ra_tls::cert::CertRequest;
413 let pubkey = app_key.public_key_der();
414 let report_data = QuoteContentType::RaTlsCert.to_report_data(&pubkey);
415 let attestation = Attestation::quote(&report_data)
416 .context("Failed to get attestation")?
417 .into_versioned();
418 let req = CertRequest::builder()
419 .subject("App Root Cert")
420 .attestation(&attestation)
421 .key(app_key)
422 .ca_level(ca_level)
423 .build();
424 let cert = req
425 .self_signed()
426 .context("Failed to self-sign certificate")?;
427
428 Ok(AppKeys {
429 disk_crypt_key: sha256(&disk_key.serialize_der()).to_vec(),
430 env_crypt_key: vec![],
431 k256_key: k256_key.to_bytes().to_vec(),
432 k256_signature: vec![],
433 gateway_app_id: "".to_string(),
434 ca_cert: cert.pem(),
435 key_provider,
436 })
437}
438
439async fn cmd_notify_host(args: HostNotifyArgs) -> Result<()> {
440 let client = HostApi::load_or_default(args.url)?;

Callers 2

cmd_gen_app_keysFunction · 0.85
gen_app_keys_from_seedFunction · 0.85

Calls 7

to_report_dataMethod · 0.80
into_versionedMethod · 0.80
self_signedMethod · 0.80
to_vecMethod · 0.80
to_bytesMethod · 0.80
sha256Function · 0.70
buildMethod · 0.45

Tested by

no test coverage detected