Skip to content

Commit cc2a0b6

Browse files
MaxFangXMaxFangX
committed
rename: SealedSeed's seed field -> ciphertext 
1 parent 63fc537 commit cc2a0b6

File tree

1 file changed

+9
-11
lines changed

1 file changed

+9
-11
lines changed

common/src/api/provision.rs

Lines changed: 9 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -65,10 +65,8 @@ pub struct SealedSeedId {
6565
pub struct SealedSeed {
6666
#[serde(flatten)]
6767
pub id: SealedSeedId,
68-
/// The fully serialized + sealed root seed.
69-
// NOTE: This should probably be renamed to `raw` or `ciphertext` or smth
70-
// but that requires a DB migration
71-
pub seed: Vec<u8>,
68+
/// The root seed, fully sealed + serialized.
69+
pub ciphertext: Vec<u8>,
7270
}
7371

7472
impl SealedSeed {
@@ -79,7 +77,7 @@ impl SealedSeed {
7977
measurement: Measurement,
8078
machine_id: MachineId,
8179
min_cpusvn: MinCpusvn,
82-
seed: Vec<u8>,
80+
ciphertext: Vec<u8>,
8381
) -> Self {
8482
Self {
8583
id: SealedSeedId {
@@ -88,7 +86,7 @@ impl SealedSeed {
8886
machine_id,
8987
min_cpusvn,
9088
},
91-
seed,
89+
ciphertext,
9290
}
9391
}
9492

@@ -100,7 +98,7 @@ impl SealedSeed {
10098
let root_seed_ref = root_seed.expose_secret().as_slice();
10199
let sealed = enclave::seal(rng, Self::LABEL, root_seed_ref.into())
102100
.context("Failed to seal root seed")?;
103-
let sealed_bytes = sealed.serialize();
101+
let ciphertext = sealed.serialize();
104102

105103
// Derive / compute the other fields
106104
let node_pk = root_seed.derive_node_pk(rng);
@@ -113,7 +111,7 @@ impl SealedSeed {
113111
measurement,
114112
machine_id,
115113
min_cpusvn,
116-
sealed_bytes,
114+
ciphertext,
117115
))
118116
}
119117

@@ -141,13 +139,13 @@ impl SealedSeed {
141139
);
142140

143141
// Unseal
144-
let sealed = Sealed::deserialize(&self.seed)
142+
let sealed = Sealed::deserialize(&self.ciphertext)
145143
.context("Failed to deserialize sealed seed")?;
146-
let unsealed_bytes = enclave::unseal(Self::LABEL, sealed)
144+
let unsealed_seed = enclave::unseal(Self::LABEL, sealed)
147145
.context("Failed to unseal provisioned secrets")?;
148146

149147
// Reconstruct root seed
150-
let root_seed = RootSeed::try_from(unsealed_bytes.as_slice())
148+
let root_seed = RootSeed::try_from(unsealed_seed.as_slice())
151149
.context("Failed to deserialize root seed")?;
152150

153151
// Validate node_pk

0 commit comments

Comments
 (0)