Fixes to SERVTD_EXT w.r.t padding and zeroing

src/migtd/src/migration/rebinding.rs

@@ -675,9 +675,11 @@ async fn rebinding_new_prepare(
     let rebind_token = tls_receive_rebind_token(&mut ratls_server).await?;
 
     // The TLS session is established; we can now extract servtd_ext from the peer certificates.
-    let servtd_ext = get_servtd_ext_from_cert(&ratls_server.peer_certs())?;
+    let mut servtd_ext = get_servtd_ext_from_cert(&ratls_server.peer_certs())?;
     write_rebinding_session_token(&rebind_token.token)?;
     write_servtd_rebind_attr(&servtd_ext.cur_servtd_attr)?;
+    servtd_ext.cur_servtd_info_hash.fill(0);
+    servtd_ext.cur_servtd_attr.fill(0);
     write_approved_servtd_ext_hash(&servtd_ext.calculate_approved_servtd_ext_hash()?)?;
 
     shutdown_transport(ratls_server.transport_mut(), info.mig_request_id).await?;

src/migtd/src/migration/servtd_ext.rs

@@ -33,6 +33,7 @@
     pub init_cpusvn: [u8; 16],
     pub init_tee_tcb_svn: [u8; 16],
     pub init_tee_model: [u8; 12],
+    reserved1: [u8; 4],
     pub cur_servtd_info_hash: [u8; 48],
     pub cur_servtd_attr: [u8; 8],
     reserved2: [u8; 104],
@@ -117,6 +118,7 @@
         init_cpusvn,
         init_tee_tcb_svn,
         init_tee_model,
+        reserved1: [0u8; 4],
         cur_servtd_info_hash,
         cur_servtd_attr,
         reserved: [0u8; 8],
@@ -142,10 +144,10 @@
 }
 
 mod test {
     use super::ServtdExt;
 
     #[test]
     fn test_structure_sizes() {
-        assert_eq!(size_of::<ServtdExt>(), 268)
+        assert_eq!(size_of::<ServtdExt>(), 272)
     }
 }