chore: replace final Ring code with RustCrypto

Signed-off-by: Richard Zak <[email protected]>
enarx · Sep 29, 2022 · b775ff9 · b775ff9
1 parent ccfea94
commit b775ff9
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 121 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -15,7 +15,6 @@ spki = { version = "0.6" }
 x509 = { version = "0.1", features = ["std"], package = "x509-cert" }
 rustls-pemfile = "0.3.0"
 sha2 = "^0.10.2"
-ring = { version = "0.16.20", features = ["std"] }
 zeroize = { version = "^1.5.2", features = ["alloc"] }
 flagset = "0.4.3"
 sgx = { version = "0.5.0" }

diff --git a/deny.toml b/deny.toml
@@ -10,18 +10,9 @@ unlicensed = "deny"
 copyleft = "deny"
 default = "deny"
 allow = [
-    "ISC",
     "MIT",
-    "OpenSSL",
     "AGPL-3.0",
     "Apache-2.0",
     "BSD-3-Clause",
     "Unicode-DFS-2016",
 ]
-
-[[licenses.clarify]]
-name = "ring"
-expression = "MIT AND ISC AND OpenSSL"
-license-files = [
-    { path = "LICENSE", hash = 0xbd0eed23 }
-]
diff --git a/src/ext/sgx/quote/mod.rs b/src/ext/sgx/quote/mod.rs
@@ -20,7 +20,7 @@ use body::Body;
 use traits::{FromBytes, ParseBytes, Steal};
 
 use der::Encode;
-use ring::signature::UnparsedPublicKey;
+use p256::ecdsa::signature::Verifier;
 use sgx::ReportBody;
 use sha2::{digest::DynDigest, Sha256};
 use x509::TbsCertificate;
@@ -80,9 +80,9 @@ impl<'a> Quote<'a> {
         }
 
         // Verify the signature on the enclave report.
-        let alg = &ring::signature::ECDSA_P256_SHA256_ASN1;
-        let upk = UnparsedPublicKey::new(alg, self.sign.key.sec1());
-        upk.verify(self.body.as_ref(), &self.sign.sig.to_vec()?)?;
+        let vkey = p256::ecdsa::VerifyingKey::from_sec1_bytes(self.sign.key.sec1())?;
+        let sig = p256::ecdsa::Signature::from_der(&self.sign.sig.to_vec()?)?;
+        vkey.verify(self.body.as_ref(), &sig)?;
 
         // Verify the PCE security version.
         if self.body.pce_svn() < Body::PCE_SVN {