crypto: Port over test_igvm_agent#3497
Closed
smalis-msft wants to merge 6 commits into
Closed
Conversation
|
This PR modifies files containing For more on why we check whole files, instead of just diffs, check out the Rustonomicon |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR ports the test-only test_igvm_agent cryptography helpers to the shared support/crypto crate (using the Rust backend per the PR description) and refactors the AES key wrap implementation/module naming.
Changes:
- Removed the bespoke test-only crypto implementations from
test_igvm_agent_liband switched it tosupport/cryptoRSA + AES key wrap usage. - Added
RsaPublicKey::from_components(n, e)across crypto backends and updated consumers to use it. - Renamed/cleaned up AES key wrap module usage (
aes_key_wrap→aes_kwp) and adjusted OpenSSL wrap/unwrap implementation.
Reviewed changes
Copilot reviewed 13 out of 14 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| vm/devices/get/test_igvm_agent_lib/src/test_crypto.rs | Deletes the local test-only SHA1/AES/AES-KWP/RNG implementations. |
| vm/devices/get/test_igvm_agent_lib/src/lib.rs | Switches key generation/encryption/wrapping to crypto crate APIs and getrandom. |
| vm/devices/get/test_igvm_agent_lib/Cargo.toml | Replaces rsa/sha2 deps with crypto (rust backend) + getrandom. |
| support/crypto/src/x509/symcrypt_rust.rs | Refactors RSA public key construction to use RsaPublicKey::from_components. |
| support/crypto/src/rsa/symcrypt.rs | Adds RsaPublicKeyInner::from_components for SymCrypt backend. |
| support/crypto/src/rsa/rust.rs | Adds RsaPublicKeyInner::from_components for RustCrypto backend. |
| support/crypto/src/rsa/ossl.rs | Adds RsaPublicKeyInner::from_components for OpenSSL backend. |
| support/crypto/src/rsa/mod.rs | Exposes RsaPublicKey::from_components in the public API. |
| support/crypto/src/lib.rs | Renames AES key wrap module export to aes_kwp. |
| support/crypto/src/aes_kwp/ossl.rs | Changes OpenSSL KWP wrap/unwrap to use cipher_update_vec + cipher_final_vec. |
| support/crypto/src/aes_kwp/mod.rs | Minor attribute/comment cleanup in AES-KWP error type. |
| openhcl/underhill_attestation/src/secure_key_release.rs | Updates AES-KWP module path to crypto::aes_kwp. |
| openhcl/underhill_attestation/src/key_protector.rs | Updates AES-KWP module path to crypto::aes_kwp. |
| Cargo.lock | Updates dependencies for test_igvm_agent_lib (adds crypto and getrandom, removes rsa/sha2). |
Comments suppressed due to low confidence (1)
support/crypto/src/x509/symcrypt_rust.rs:63
key.try_into().unwrap()can panic on malformed/invalid RSA public key components even if the PKCS#1 DER parse succeeded. Since X.509 certificates can be attacker-controlled, this should return a structured error instead of panicking (e.g. map the conversion error intoX509Errorviader_err/rsa_der_err).
#[cfg(rust)]
let key = key.try_into().unwrap();
Ok(crate::rsa::RsaPublicKey(
crate::rsa::sys::RsaPublicKeyInner(key),
| .map_err(|e| err(e, "constructing RSA public key"))?; | ||
| .map_err(|e| X509Error(e.0)); | ||
| #[cfg(rust)] | ||
| let key = key.try_into().unwrap(); |
mingweishih
approved these changes
May 15, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 17 out of 18 changed files in this pull request and generated 2 comments.
Comments suppressed due to low confidence (1)
vm/devices/get/test_igvm_agent_rpc_server/Cargo.toml:40
- This crate adds a direct
cryptodependency purely to force-enable therustbackend feature and then suppresses it viapackage.metadata.xtask.unused-deps. Iftest_igvm_agent_libselects the Windows-only backend feature itself (so all consumers build correctly), this extra dependency + unused-deps override can be removed to reduce duplication.
[target.'cfg(windows)'.dependencies]
crypto = { workspace = true, features = ["rust"] }
guid.workspace = true
parking_lot.workspace = true
test_igvm_agent_lib.workspace = true
tracing.workspace = true
tracing-subscriber = { workspace = true, features = ["env-filter"] }
windows-sys = { workspace = true, features = [
"Win32_Foundation",
"Win32_System_Memory",
"Win32_System_Rpc",
"Win32_System_Console",
"Win32_System_Com",
] }
[build-dependencies]
cc.workspace = true
serde_json = { workspace = true, features = ["std"] }
[lints]
workspace = true
[package.metadata.xtask.unused-deps]
# keep the crypto dep so we can specify the backend feature
ignored = ["crypto"]
Comment on lines
+25
to
+27
| 16 => Self::Aes128(KwpAes128::new_from_slice(key).unwrap()), | ||
| 24 => Self::Aes192(KwpAes192::new_from_slice(key).unwrap()), | ||
| 32 => Self::Aes256(KwpAes256::new_from_slice(key).unwrap()), |
smalis-msft
commented
May 18, 2026
| /// A backend cryptographic error occurred. | ||
| #[cfg(rust)] | ||
| #[error("AES key wrap error during {1}: {0}")] | ||
| Backend(String, &'static str), |
Contributor
Author
There was a problem hiding this comment.
note to self: hide variants
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Port the
test_igvm_agentto the crypto crate, using the Rust backend as it's test only. Along the way, cleanup the AES key wrap module and add a RustCrypto backend.Currently blocked on some other work.