Simulate tech port unlock

Depends on management-gateway-service commit
c80fb4f23108691dea43239b55a14f5e47f161b7.

Author: plotnick

Cargo.lock

@@ -435,6 +435,7 @@ dns-service-client = { path = "clients/dns-service-client" }
 dpd-client = { git = "https://github.com/oxidecomputer/dendrite", rev = "8314881e372d7bbb4a4ee2da051ecdc34f66c534" }
 dropshot = { version = "0.16.3", features = [ "usdt-probes" ] }
 dyn-clone = "1.0.20"
+ecdsa = { version = "0.16.9", features = ["pem", "signing", "std", "verifying"] }
 either = "1.15.0"
 ereport-types = { path = "ereport/types" }
 expectorate = "1.2.0"
@@ -457,9 +458,9 @@ gateway-client = { path = "clients/gateway-client" }
 # compatibility, but will mean that faux-mgs might be missing new
 # functionality.)
 #
-gateway-ereport-messages = { git = "https://github.com/oxidecomputer/management-gateway-service", rev = "77e316c812aa057b9714d0d99c4a7bdd36d45be2", default-features = false, features = ["debug-impls"] }
-gateway-messages = { git = "https://github.com/oxidecomputer/management-gateway-service", rev = "77e316c812aa057b9714d0d99c4a7bdd36d45be2", default-features = false, features = ["std"] }
-gateway-sp-comms = { git = "https://github.com/oxidecomputer/management-gateway-service", rev = "77e316c812aa057b9714d0d99c4a7bdd36d45be2" }
+gateway-ereport-messages = { git = "https://github.com/oxidecomputer/management-gateway-service", rev = "c80fb4f23108691dea43239b55a14f5e47f161b7", default-features = false, features = ["debug-impls"] }
+gateway-messages = { git = "https://github.com/oxidecomputer/management-gateway-service", rev = "c80fb4f23108691dea43239b55a14f5e47f161b7", default-features = false, features = ["std"] }
+gateway-sp-comms = { git = "https://github.com/oxidecomputer/management-gateway-service", rev = "c80fb4f23108691dea43239b55a14f5e47f161b7" }
 gateway-test-utils = { path = "gateway-test-utils" }
 gateway-types = { path = "gateway-types" }
 gethostname = "0.5.0"
@@ -678,7 +679,7 @@ semver = { version = "1.0.26", features = ["std", "serde"] }
 serde = { version = "1.0", default-features = false, features = [ "derive", "rc" ] }
 serde_cbor = "0.11.2"
 serde_human_bytes = { git = "https://github.com/oxidecomputer/serde_human_bytes", branch = "main" }
-serde_json = "1.0.142"
+serde_json = "1.0.143"
 serde_tokenstream = "0.2"
 serde_urlencoded = "0.7.1"
 serde_with = { version = "3.14.0", default-features = false, features = ["alloc", "macros"] }
@@ -719,6 +720,7 @@ sp-sim = { path = "sp-sim" }
 sprockets-tls = { git = "https://github.com/oxidecomputer/sprockets.git", rev = "6d31fa63217c6a51061dc4afa1ebe175a0021981" }
 sqlformat = "0.3.5"
 sqlparser = { version = "0.45.0", features = [ "visitor" ] }
+ssh-key = "0.6.7"
 static_assertions = "1.1.0"
 # Please do not change the Steno version to a Git dependency.  It makes it
 # harder than expected to make breaking changes (even if you specify a specific

Cargo.toml

@@ -12,6 +12,7 @@ anyhow.workspace = true
 async-trait.workspace = true
 clap.workspace = true
 dropshot.workspace = true
+ecdsa.workspace = true
 futures.workspace = true
 gateway-ereport-messages.workspace = true
 gateway-messages.workspace = true
@@ -21,6 +22,9 @@ hubtools.workspace = true
 nexus-types.workspace = true
 omicron-common.workspace = true
 oxide-tokio-rt.workspace = true
+p256.workspace = true
+rand.workspace = true
+ssh-key.workspace = true
 serde.workspace = true
 serde_cbor.workspace = true
 sha2.workspace = true

sp-sim/Cargo.toml

@@ -6,6 +6,7 @@
 serial_number = "SimSidecar0"
 manufacturing_root_cert_seed = "01de01de01de01de01de01de01de01de01de01de01de01de01de01de01de01de"
 device_id_cert_seed = "01de000000000000000000000000000000000000000000000000000000000000"
+authorized_keys = "../smf/switch_zone_setup/support_authorized_keys"
 
 [[simulated_sps.sidecar.network_config]]
 [simulated_sps.sidecar.network_config.simulated]

sp-sim/examples/config.toml

@@ -143,6 +143,7 @@ pub struct SpComponentConfig {
 pub struct SidecarConfig {
     #[serde(flatten)]
     pub common: SpCommonConfig,
+    pub authorized_keys: Option<PathBuf>,
 }
 
 /// Configuration of a simulated gimlet SP

sp-sim/src/config.rs

@@ -31,6 +31,7 @@ use gateway_messages::DumpTask;
 use gateway_messages::Header;
 use gateway_messages::MgsRequest;
 use gateway_messages::MgsResponse;
+use gateway_messages::MonorailError;
 use gateway_messages::PowerStateTransition;
 use gateway_messages::RotBootInfo;
 use gateway_messages::RotRequest;
@@ -40,6 +41,8 @@ use gateway_messages::SpError;
 use gateway_messages::SpPort;
 use gateway_messages::SpRequest;
 use gateway_messages::SpStateV2;
+use gateway_messages::UnlockChallenge;
+use gateway_messages::UnlockResponse;
 use gateway_messages::ignition::{self, LinkEvents};
 use gateway_messages::sp_impl::Sender;
 use gateway_messages::sp_impl::SpHandler;
@@ -1722,6 +1725,16 @@ impl SpHandler for Handler {
     fn get_host_flash_hash(&mut self, slot: u16) -> Result<[u8; 32], SpError> {
         self.update_state.get_host_flash_hash(slot)
     }
+
+    fn unlock(
+        &mut self,
+        _vid: Self::VLanId,
+        _challenge: UnlockChallenge,
+        _response: UnlockResponse,
+        _time_sec: u32,
+    ) -> Result<(), MonorailError> {
+        Err(MonorailError::UnlockFailed)
+    }
 }
 
 impl SimSpHandler for Handler {