fix compilation warnings

Author: csegarragonz

attestation-service/src/main.rs

@@ -355,8 +355,16 @@ async fn verify_sgx_report(
 
     // WARNING: the SGX-SDK only implements AES 128, so we must use it here
     // instead of AES 256
-    let aes_key = aes_gcm::Key::<Aes128Gcm>::from_slice(&shared_secret[..16]);
-    let cipher = Aes128Gcm::new(aes_key);
+    let cipher = match Aes128Gcm::new_from_slice(&shared_secret[..16]) {
+        Ok(cipher) => cipher,
+        Err(e) => {
+            eprintln!("error initializing AES 128 GCM cipher: {:?}", e);
+            return (
+                StatusCode::INTERNAL_SERVER_ERROR,
+                Json(json!({ "error": "JWT encoding failed" })),
+            );
+        }
+    };
 
     let claims = JwtClaims {
         sub: "attested-client".to_string(),
@@ -385,9 +393,9 @@ async fn verify_sgx_report(
     // Encrypt the JWT
     let mut nonce_bytes = [0u8; 12];
     OsRng.fill_bytes(&mut nonce_bytes);
-    let nonce = Nonce::from_slice(&nonce_bytes);
+    let nonce = Nonce::from(nonce_bytes);
 
-    let ciphertext = match cipher.encrypt(nonce, jwt.as_bytes()) {
+    let ciphertext = match cipher.encrypt(&nonce, jwt.as_bytes()) {
         Ok(ct) => ct,
         Err(_) => {
             return (

invrs/Cargo.lock

@@ -4,15 +4,15 @@ version = "0.1.0"
 edition = "2021"
 
 [dependencies]
-aes-gcm = "0.10"
-aes-gcm-siv = { version = "0.10", optional = true }
+aes-gcm = "0.10.3"
+aes-gcm-siv = { version = "0.11.1", optional = true }
 anyhow = "^1.0.0"
 base64 = "^0.22"
 bytes = "1.4"
 chrono = "^0.4.38"
 clap = { version = "4.0", features = ["derive"] }
 csv = "^1.1"
-env_logger = "^0.10"
+env_logger = "0.11.8"
 futures = "^0.3"
 futures-util = "0.3"
 hex = "0.4.3"
@@ -21,13 +21,14 @@ log = "^0.4"
 minio = { git = "https://github.com/minio/minio-rs.git", rev = "b254b2f7aeaf18a1588a8800ff9b877b7885236e" }
 plotters = "^0.3.7"
 rabe = { git = "https://github.com/faasm/rabe.git", rev = "0dc7696a95eef44dd051e1d9c2e5c2c8c35211bf" }
-rand = "0.8.5"
+rand = "0.9.2"
 reqwest = "0.12.15"
 serde = { version = "^1.0", features = ["derive"] }
 serde_json = "^1.0"
 serde_yaml = "0.9"
 shellexpand = "^3.1"
 sha2 = "0.10"
 shell-words = "^1.1.0"
+subtle = "2.6.1"
 tokio = { version = "1", features = ["full"] }
 walkdir = "2"

invrs/Cargo.toml

@@ -1,7 +1,7 @@
 use crate::attestation_service;
 use crate::tasks::s3::S3;
 use aes_gcm::aead::{Aead, AeadCore, KeyInit, OsRng};
-use aes_gcm::{Aes256Gcm, Key};
+use aes_gcm::Aes256Gcm;
 use rabe;
 use serde::{Deserialize, Serialize};
 use serde_yaml;
@@ -103,7 +103,7 @@ impl Dag {
 
         // Encrypt it with the shared symmetric key, so that any TEE can use
         // the CP-ABE encryption/decryption context
-        let cipher = Aes256Gcm::new(Key::<Aes256Gcm>::from_slice(&tee_sym_key));
+        let cipher = Aes256Gcm::new_from_slice(&tee_sym_key)?;
         let ctx_nonce = Aes256Gcm::generate_nonce(&mut OsRng);
         let ctx_ct = cipher.encrypt(&ctx_nonce, serial_ctx).unwrap();
         let mut encrypted_ctx = ctx_nonce.to_vec();

invrs/src/tasks/dag.rs

@@ -77,7 +77,7 @@ impl Docker {
             .arg(format!("TLESS_VERSION={}", Env::get_version().unwrap()))
             // TODO: delete this build arg
             .arg("--build-arg")
-            .arg(format!("TMP_VER={}", rand::thread_rng().gen_range(0..1000)))
+            .arg(format!("TMP_VER={}", rand::rng().random_range(0..1000)))
             .arg(".");
 
         if nocache {