attest-data: Make Nonce type a bit more amenable to different lengths.

[luqmana]

For the eventual reality of supporting smaller/bigger/variable-sized nonces.

[flihp]

Thanks for pushing this forward & reminding me of how this type works / is used. The RoT interface (Attest::Attest) should be taking a serialized / hubpacked representation of this type. Unfortunately it does not:

https://github.com/oxidecomputer/hubris/blob/master/idl/attest.idol#L82
https://github.com/oxidecomputer/hubris/blob/master/task/attest/src/main.rs#L404

Because this interface only passes the bytes (not the serialized type) this shouldn't break anything as I had feared. But it definitely makes it clear that I need to pay down some debt in the RoT which will require coordination with upstream consumers. I've made an issue to track that work oxidecomputer/hubris#2375 though it doesn't block integrating this change.

[luqmana]

Thanks for pushing this forward & reminding me of how this type works / is used. The RoT interface (Attest::Attest) should be taking a serialized / hubpacked representation of this type. Unfortunately it does not:

https://github.com/oxidecomputer/hubris/blob/master/idl/attest.idol#L82 https://github.com/oxidecomputer/hubris/blob/master/task/attest/src/main.rs#L404

Because this interface only passes the bytes (not the serialized type) this shouldn't break anything as I had feared. But it definitely makes it clear that I need to pay down some debt in the RoT which will require coordination with upstream consumers. I've made an issue to track that work oxidecomputer/hubris#2375 though it doesn't block integrating this change.

Thanks for providing some more context there and opening the issue.

I did another pass and found one spot we were sending a mismatched nonce type. The hiffy Rot/Sprot interface would add an extra tag byte for the new Nonce enum yielding 33 bytes vs the expected 32 [1]:

$ HUMILITY_TARGET=cosmo-hubris-rot HUMILITY_ARCHIVE=/gimlet/hubris/hubris/build-cosmo-rot-image-a-lab-bart-v1.0.34.zip pfexec /staff/luqman/bin/verifier-cli --interface rot attest nonce.bin | tee attestation.sig
{"Ed25519":[37,32,8,136,21,199,214,111,157,92,174,198,85,179,147,4,163,197,148,92,182,50,130,192,211,123,254,84,29,113,55,160,93,107,154,145,241,237,142,199,224,146,209,49,148,192,83,20,48,82,170,168,38,190,10,184,4,85,237,229,225,241,45,5]}

$ /staff/luqman/bin/verifier-cli verify-attestation --alias-cert alias-cert.pem --log log.json --nonce nonce.bin attestation.sig && echo attestation verified
Error: Verify attestation

Caused by:
    Failed to verify Attestation with alias public key: signature error: Verification equation was not satisfied

aa6a760 fixes that to make sure we send the fixed-array 32 bytes as currently expected. Also commented out the serialize impls to make tripping over this harder. With that, things work as expected again:

$ HUMILITY_TARGET=cosmo-hubris-rot HUMILITY_ARCHIVE=/gimlet/hubris/hubris/build-cosmo-rot-image-a-lab-bart-v1.0.34.zip pfexec /staff/luqman/bin/verifier-cli --interface rot attest nonce.bin | tee attestation.sig
{"Ed25519":[88,32,196,27,125,202,219,129,3,97,66,135,18,133,43,188,127,73,248,74,254,164,79,150,12,78,189,1,119,117,177,225,202,135,157,252,224,174,225,0,21,192,219,240,128,229,163,133,68,115,14,90,102,37,27,155,94,65,103,145,66,81,108,15]}

$ /staff/luqman/bin/verifier-cli verify-attestation --alias-cert alias-cert.pem --log log.json --nonce nonce.bin attestation.sig && echo attestation verified
attestation verified

[1] turns out the Attest::attest RoT API accepts up to 128 bytes.

[luqmana]

(I tacked on 7e03d35 here because it's quite small and is a small qol change to match existing reexports.)