kata-agent: Allow unrecognized fields in InitData

To make it flexibility and extensibility This change modifies the Kata
Agent's handling of `InitData` to allow for unrecognized key-value pairs.

The `InitData` field now directly utilizes `HashMap<String, String>`,
enabling it to carry arbitrary metadata and information that may be
consumed by other components

Signed-off-by: alex.lyn <alex.lyn@antgroup.com>

src/agent/Cargo.lock

@@ -1,6 +1,6 @@
 # This file is automatically @generated by Cargo.
 # It is not intended for manual editing.
-version = 3
+version = 4
 
 [[package]]
 name = "addr2line"
@@ -1199,6 +1199,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7ced92e76e966ca2fd84c8f7aa01a4aea65b0eb6648d72f7c8f3e2764a67fece"
 dependencies = [
  "crc32fast",
+ "libz-sys",
  "miniz_oxide",
 ]
 
@@ -2074,7 +2075,9 @@ dependencies = [
  "base64 0.13.1",
  "bitmask-enum",
  "byte-unit",
+ "flate2",
  "glob",
+ "hex",
  "lazy_static",
  "num_cpus",
  "oci-spec",
@@ -2083,6 +2086,7 @@ dependencies = [
  "serde",
  "serde-enum-str",
  "serde_json",
+ "sha2",
  "slog",
  "slog-scope",
  "sysinfo",
@@ -2160,6 +2164,17 @@ version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9a7cbbd4ad467251987c6e5b47d53b11a5a05add08f2447a9e2d70aef1e0d138"
 
+[[package]]
+name = "libz-sys"
+version = "1.1.22"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8b70e7a7df205e92a1a4cd9aaae7898dac0aa555503cc0a649494d0d60e7651d"
+dependencies = [
+ "cc",
+ "pkg-config",
+ "vcpkg",
+]
+
 [[package]]
 name = "linux-raw-sys"
 version = "0.3.8"
@@ -4666,6 +4681,12 @@ version = "1.11.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "943ce29a8a743eb10d6082545d861b24f9d1b160b7d741e0f2cdf726bec909c5"
 
+[[package]]
+name = "vcpkg"
+version = "0.2.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
+
 [[package]]
 name = "version_check"
 version = "0.9.5"

src/agent/src/initdata.rs

@@ -15,7 +15,7 @@ use anyhow::{bail, Context, Result};
 use async_compression::tokio::bufread::GzipDecoder;
 use base64::{engine::general_purpose::STANDARD, Engine};
 use const_format::concatcp;
-use serde::Deserialize;
+use kata_types::initdata::InitData;
 use sha2::{Digest, Sha256, Sha384, Sha512};
 use slog::Logger;
 use tokio::io::{AsyncReadExt, AsyncSeekExt};
@@ -23,6 +23,10 @@ use tokio::io::{AsyncReadExt, AsyncSeekExt};
 /// This is the target directory to store the extracted initdata.
 pub const INITDATA_PATH: &str = "/run/confidential-containers/initdata";
 
+const AA_CONFIG_KEY: &str = "aa.toml";
+const CDH_CONFIG_KEY: &str = "cdh.toml";
+const POLICY_KEY: &str = "policy.rego";
+
 /// The path of AA's config file
 pub const AA_CONFIG_PATH: &str = concatcp!(INITDATA_PATH, "/aa.toml");
 
@@ -32,30 +36,6 @@ pub const CDH_CONFIG_PATH: &str = concatcp!(INITDATA_PATH, "/cdh.toml");
 /// Magic number of initdata device
 pub const INITDATA_MAGIC_NUMBER: &[u8] = b"initdata";
 
-/// Now only initdata `0.1.0` is defined.
-const INITDATA_VERSION: &str = "0.1.0";
-
-/// Initdata defined in
-/// <https://github.com/confidential-containers/trustee/blob/47d7a2338e0be76308ac19be5c0c172c592780aa/kbs/docs/initdata.md>
-#[derive(Deserialize)]
-pub struct Initdata {
-    version: String,
-    algorithm: String,
-    data: DefinedFields,
-}
-
-/// Well-defined keys for initdata of kata/CoCo
-#[derive(Deserialize, Default)]
-#[serde(deny_unknown_fields)]
-pub struct DefinedFields {
-    #[serde(rename = "aa.toml")]
-    aa_config: Option<String>,
-    #[serde(rename = "cdh.toml")]
-    cdh_config: Option<String>,
-    #[serde(rename = "policy.rego")]
-    policy: Option<String>,
-}
-
 async fn detect_initdata_device(logger: &Logger) -> Result<Option<String>> {
     let dev_dir = Path::new("/dev");
     let mut read_dir = tokio::fs::read_dir(dev_dir).await?;
@@ -137,29 +117,26 @@ pub async fn initialize_initdata(logger: &Logger) -> Result<Option<InitdataRetur
         .await
         .inspect_err(|e| error!(logger, "Failed to read initdata: {e:?}"))?;
 
-    let initdata: Initdata =
+    let initdata: InitData =
         toml::from_slice(&initdata_content).context("parse initdata failed")?;
-    info!(logger, "Initdata version: {}", initdata.version);
+    info!(logger, "Initdata version: {}", initdata.version());
+    initdata.validate()?;
 
-    if initdata.version != INITDATA_VERSION {
+    let digest = match initdata.algorithm() {
-        bail!("Unsupported initdata version");
-    }
-
-    let digest = match &initdata.algorithm[..] {
         "sha256" => Sha256::digest(&initdata_content).to_vec(),
         "sha384" => Sha384::digest(&initdata_content).to_vec(),
         "sha512" => Sha512::digest(&initdata_content).to_vec(),
         others => bail!("Unsupported hash algorithm {others}"),
     };
 
-    if let Some(config) = initdata.data.aa_config {
+    if let Some(config) = initdata.get_coco_data(AA_CONFIG_KEY) {
         tokio::fs::write(AA_CONFIG_PATH, config)
             .await
             .context("write aa config failed")?;
         info!(logger, "write AA config from initdata");
     }
 
-    if let Some(config) = initdata.data.cdh_config {
+    if let Some(config) = initdata.get_coco_data(CDH_CONFIG_KEY) {
         tokio::fs::write(CDH_CONFIG_PATH, config)
             .await
             .context("write cdh config failed")?;
@@ -170,7 +147,7 @@ pub async fn initialize_initdata(logger: &Logger) -> Result<Option<InitdataRetur
 
     let res = InitdataReturnValue {
         digest,
-        _policy: initdata.data.policy,
+        _policy: initdata.get_coco_data(POLICY_KEY).cloned(),
     };
 
     Ok(Some(res))

src/libs/kata-types/src/initdata.rs

@@ -63,6 +63,11 @@ impl InitData {
         }
     }
 
+    /// get coco data
+    pub fn get_coco_data(&self, key: &str) -> Option<&String> {
+        self.data.get(key)
+    }
+
     /// insert data items
     pub fn insert_data(&mut self, key: impl Into<String>, value: impl Into<String>) {
         self.data.insert(key.into(), value.into());