fixes

frankdavid · frankdavid · commit 06967a8a1818 · 2026-01-05T14:31:44.000+01:00
diff --git a/rs/ic_os/guest_upgrade/server/src/service.rs b/rs/ic_os/guest_upgrade/server/src/service.rs
@@ -1,7 +1,6 @@
 use crate::SevFirmwareFactory;
 use crate::server::ConnInfo;
 use attestation::attestation_package::generate_attestation_package;
-use attestation::custom_data::DerEncodedCustomData;
 use attestation::verification::{SevRootCertificateVerification, verify_attestation_package};
 use config_types::TrustedExecutionEnvironmentConfig;
 use der::asn1::OctetStringRef;
@@ -111,12 +110,12 @@ impl DiskEncryptionKeyExchangeServiceImpl {
 
         let client_public_key = Self::client_public_key_from_request(&request)?;
 
-        let custom_data = DerEncodedCustomData(GetDiskEncryptionKeyTokenCustomData {
+        let custom_data = GetDiskEncryptionKeyTokenCustomData {
             client_tls_public_key: OctetStringRef::new(&client_public_key)
                 .expect("Could not encode client public key"),
             server_tls_public_key: OctetStringRef::new(&self.my_public_key)
                 .expect("Could not encode server public key"),
-        });
+        };
 
         let my_attestation_package = generate_attestation_package(
             sev_firmware.as_mut(),
diff --git a/rs/ic_os/guest_upgrade/shared/src/attestation.rs b/rs/ic_os/guest_upgrade/shared/src/attestation.rs
@@ -34,8 +34,10 @@ mod tests {
             server_tls_public_key,
         };
 
+        #[allow(deprecated)]
+        let result = custom_data.encode_for_sev_legacy().unwrap();
         assert_eq!(
-            &custom_data.encode_for_sev_legacy().unwrap().as_slice(),
+            &result,
             // The numbers below don't have any special meaning, but they should stay stable.
             // If the encoding below has to be changed, the attestation report verification will
             // probably fail because the old GuestOS version will still derive the previous
diff --git a/rs/ic_os/remote_attestation/server/BUILD.bazel b/rs/ic_os/remote_attestation/server/BUILD.bazel
@@ -22,4 +22,4 @@ rust_binary(
 rust_test(
     name = "server_test",
     crate = ":server",
-)
+)
diff --git a/rs/ic_os/remote_attestation/server/src/main.rs b/rs/ic_os/remote_attestation/server/src/main.rs
@@ -36,6 +36,7 @@ impl RemoteAttestationServiceImpl {
         }
     }
 
+    #[allow(clippy::result_large_err)]
     fn sev_custom_data_from_request(&self, req: &AttestRequest) -> Result<SevCustomData, Status> {
         let custom_data: [u8; 64] = match &req.custom_data {
             Some(bytes) => bytes
diff --git a/rs/ic_os/sev/src/guest/custom_data.rs b/rs/ic_os/sev/src/guest/custom_data.rs
@@ -49,12 +49,12 @@ impl SevCustomData {
         namespace: SevCustomDataNamespace,
         data: [u8; 64],
     ) -> Result<Self, InvalidNamespace> {
-        if data[0..4] != namespace.as_bytes() {
-            return Err(InvalidNamespace);
-        }
+        let data = data
+            .strip_prefix(&namespace.as_bytes())
+            .ok_or(InvalidNamespace)?;
         Ok(Self {
             namespace,
-            data: data[4..].try_into().unwrap(),
+            data: data.try_into().unwrap(),
         })
     }
 

Original file line number	Diff line number	Diff line change
`@@ -36,6 +36,7 @@ impl RemoteAttestationServiceImpl {`
`36`	`36`	`}`
`37`	`37`	`}`
`38`	`38`
	`39`	`+ #[allow(clippy::result_large_err)]`
`39`	`40`	`fn sev_custom_data_from_request(&self, req: &AttestRequest) -> Result<SevCustomData, Status> {`
`40`	`41`	`let custom_data: [u8; 64] = match &req.custom_data {`
`41`	`42`	`Some(bytes) => bytes`