npm - @super-protocol/addons-tee - Versions diffs - 0.8.16 → 0.8.17-beta.1 - Mend

@super-protocol/addons-tee 0.8.16 → 0.8.17-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

package/README.md +1 -1
package/bindings/amd-sev-snp-napi-rs/amd-sev-snp-napi-rs.linux-x64-gnu.node +0 -0
package/bindings/amd-sev-snp-napi-rs/index.d.ts +24 -0
package/bindings/amd-sev-snp-napi-rs/index.js +328 -0
package/bindings/amd-sev-snp-napi-rs/package-lock.json +40 -0
package/bindings/amd-sev-snp-napi-rs/package.json +31 -0
package/bindings/sgx-native/build/Release/sgx_native.node +0 -0
package/bindings/utils/virtee/LICENSE +201 -0
package/bindings/utils/virtee/libsev.so +0 -0
package/bindings/utils/virtee/snpguest +0 -0
package/dist/sgx-native-module/consts.d.ts +1 -1
package/dist/sgx-native-module/consts.js +4 -4
package/dist/sgx-native-module/dcap-quote-verify.service.js +1 -1
package/dist/sgx-native-module/enclave.service.d.ts +5 -4
package/dist/sgx-native-module/enclave.service.js +1 -1
package/dist/sgx-native-module/errors.js +1 -1
package/dist/sgx-native-module/index.d.ts +2 -0
package/dist/sgx-native-module/index.js +3 -1
package/dist/sgx-native-module/pki.service.d.ts +2 -2
package/dist/sgx-native-module/pki.service.js +4 -4
package/dist/sgx-native-module/sev-snp-mrenclave.d.ts +63 -0
package/dist/sgx-native-module/sev-snp-mrenclave.js +290 -0
package/dist/sgx-native-module/sev-snp.d.ts +133 -0
package/dist/sgx-native-module/sev-snp.js +533 -0
package/package.json +21 -14
package/dist/sgx-native-module/sgx-tests.d.ts +0 -1
package/dist/sgx-native-module/sgx-tests.js +0 -114
package/dist/sgx-native-module/tdx-tests.d.ts +0 -1
package/dist/sgx-native-module/tdx-tests.js +0 -64

package/dist/sgx-native-module/sev-snp.d.ts ADDED Viewed

@@ -0,0 +1,133 @@
+/// <reference types="node" />
+import { CpuInfo } from "../../bindings/amd-sev-snp-napi-rs/";
+import { CertificateFormat } from "./pki.service";
+export declare enum SupportedAmdSevSnpGenerations {
+    Milan = "Milan",
+    Genoa = "Genoa"
+}
+export declare enum SevSNPCertType {
+    ARK = "ARK",
+    ASK = "ASK",
+    VCEK = "VCEK"
+}
+export interface SnpCert {
+    type: SevSNPCertType;
+    cert: Buffer | string;
+    format: CertificateFormat;
+}
+export interface SNPReport {
+    report: Buffer;
+    cpuSig: number;
+    cores: number;
+    cmdLineHash: Buffer;
+    build: string;
+}
+export interface SNPReportWithChain extends SNPReport {
+    certs: SnpCert[];
+}
+export interface CalcSnpMrEnclaveParams {
+    ovmfPath: string;
+    kernelHash: Buffer;
+    initrdHash?: Buffer;
+    cmdLineHash: Buffer;
+    vcpuSig: number;
+    vcpuCount: number;
+    vmpl?: number;
+    policy?: bigint;
+}
+export declare const AMD_EPYC_MILAN_CPUINFO: CpuInfo;
+export declare const EMPTY_INITRD_SHA256_HASH: Buffer;
+export type ArkHashes = {
+    [key: string]: Buffer;
+};
+export declare const ARK_MILAN = "-----BEGIN CERTIFICATE-----\nMIIGYzCCBBKgAwIBAgIDAQAAMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC\nBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS\nBgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg\nQ2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp\nY2VzMRIwEAYDVQQDDAlBUkstTWlsYW4wHhcNMjAxMDIyMTcyMzA1WhcNNDUxMDIy\nMTcyMzA1WjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS\nBgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j\nZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJQVJLLU1pbGFuMIICIjANBgkqhkiG\n9w0BAQEFAAOCAg8AMIICCgKCAgEA0Ld52RJOdeiJlqK2JdsVmD7FktuotWwX1fNg\nW41XY9Xz1HEhSUmhLz9Cu9DHRlvgJSNxbeYYsnJfvyjx1MfU0V5tkKiU1EesNFta\n1kTA0szNisdYc9isqk7mXT5+KfGRbfc4V/9zRIcE8jlHN61S1ju8X93+6dxDUrG2\nSzxqJ4BhqyYmUDruPXJSX4vUc01P7j98MpqOS95rORdGHeI52Naz5m2B+O+vjsC0\n60d37jY9LFeuOP4Meri8qgfi2S5kKqg/aF6aPtuAZQVR7u3KFYXP59XmJgtcog05\ngmI0T/OitLhuzVvpZcLph0odh/1IPXqx3+MnjD97A7fXpqGd/y8KxX7jksTEzAOg\nbKAeam3lm+3yKIcTYMlsRMXPcjNbIvmsBykD//xSniusuHBkgnlENEWx1UcbQQrs\n+gVDkuVPhsnzIRNgYvM48Y+7LGiJYnrmE8xcrexekBxrva2V9TJQqnN3Q53kt5vi\nQi3+gCfmkwC0F0tirIZbLkXPrPwzZ0M9eNxhIySb2npJfgnqz55I0u33wh4r0ZNQ\neTGfw03MBUtyuzGesGkcw+loqMaq1qR4tjGbPYxCvpCq7+OgpCCoMNit2uLo9M18\nfHz10lOMT8nWAUvRZFzteXCm+7PHdYPlmQwUw3LvenJ/ILXoQPHfbkH0CyPfhl1j\nWhJFZasCAwEAAaN+MHwwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSFrBrRQ/fI\nrFXUxR1BSKvVeErUUzAPBgNVHRMBAf8EBTADAQH/MDoGA1UdHwQzMDEwL6AtoCuG\nKWh0dHBzOi8va2RzaW50Zi5hbWQuY29tL3ZjZWsvdjEvTWlsYW4vY3JsMEYGCSqG\nSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZI\nAWUDBAICBQCiAwIBMKMDAgEBA4ICAQC6m0kDp6zv4Ojfgy+zleehsx6ol0ocgVel\nETobpx+EuCsqVFRPK1jZ1sp/lyd9+0fQ0r66n7kagRk4Ca39g66WGTJMeJdqYriw\nSTjjDCKVPSesWXYPVAyDhmP5n2v+BYipZWhpvqpaiO+EGK5IBP+578QeW/sSokrK\ndHaLAxG2LhZxj9aF73fqC7OAJZ5aPonw4RE299FVarh1Tx2eT3wSgkDgutCTB1Yq\nzT5DuwvAe+co2CIVIzMDamYuSFjPN0BCgojl7V+bTou7dMsqIu/TW/rPCX9/EUcp\nKGKqPQ3P+N9r1hjEFY1plBg93t53OOo49GNI+V1zvXPLI6xIFVsh+mto2RtgEX/e\npmMKTNN6psW88qg7c1hTWtN6MbRuQ0vm+O+/2tKBF2h8THb94OvvHHoFDpbCELlq\nHnIYhxy0YKXGyaW1NjfULxrrmxVW4wcn5E8GddmvNa6yYm8scJagEi13mhGu4Jqh\n3QU3sf8iUSUr09xQDwHtOQUVIqx4maBZPBtSMf+qUDtjXSSq8lfWcd8bLr9mdsUn\nJZJ0+tuPMKmBnSH860llKk+VpVQsgqbzDIvOLvD6W1Umq25boxCYJ+TuBoa4s+HH\nCViAvgT9kf/rBq1d+ivj6skkHxuzcxbk1xv6ZGxrteJxVH7KlX7YRdZ6eARKwLe4\nAFZEAwoKCQ==\n-----END CERTIFICATE-----";
+export declare const ARK_GENOA = "-----BEGIN CERTIFICATE-----\nMIIGYzCCBBKgAwIBAgIDAgAAMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC\nBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS\nBgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg\nQ2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp\nY2VzMRIwEAYDVQQDDAlBUkstR2Vub2EwHhcNMjIwMTI2MTUzNDM3WhcNNDcwMTI2\nMTUzNDM3WjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS\nBgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j\nZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJQVJLLUdlbm9hMIICIjANBgkqhkiG\n9w0BAQEFAAOCAg8AMIICCgKCAgEA3Cd95S/uFOuRIskW9vz9VDBF69NDQF79oRhL\n/L2PVQGhK3YdfEBgpF/JiwWFBsT/fXDhzA01p3LkcT/7LdjcRfKXjHl+0Qq/M4dZ\nkh6QDoUeKzNBLDcBKDDGWo3v35NyrxbA1DnkYwUKU5AAk4P94tKXLp80oxt84ahy\nHoLmc/LqsGsp+oq1Bz4PPsYLwTG4iMKVaaT90/oZ4I8oibSru92vJhlqWO27d/Rx\nc3iUMyhNeGToOvgx/iUo4gGpG61NDpkEUvIzuKcaMx8IdTpWg2DF6SwF0IgVMffn\nvtJmA68BwJNWo1E4PLJdaPfBifcJpuBFwNVQIPQEVX3aP89HJSp8YbY9lySS6PlV\nEqTBBtaQmi4ATGmMR+n2K/e+JAhU2Gj7jIpJhOkdH9firQDnmlA2SFfJ/Cc0mGNz\nW9RmIhyOUnNFoclmkRhl3/AQU5Ys9Qsan1jT/EiyT+pCpmnA+y9edvhDCbOG8F2o\nxHGRdTBkylungrkXJGYiwGrR8kaiqv7NN8QhOBMqYjcbrkEr0f8QMKklIS5ruOfq\nlLMCBw8JLB3LkjpWgtD7OpxkzSsohN47Uom86RY6lp72g8eXHP1qYrnvhzaG1S70\nvw6OkbaaC9EjiH/uHgAJQGxon7u0Q7xgoREWA/e7JcBQwLg80Hq/sbRuqesxz7wB\nWSY254cCAwEAAaN+MHwwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSfXfn+Ddjz\nWtAzGiXvgSlPvjGoWzAPBgNVHRMBAf8EBTADAQH/MDoGA1UdHwQzMDEwL6AtoCuG\nKWh0dHBzOi8va2RzaW50Zi5hbWQuY29tL3ZjZWsvdjEvR2Vub2EvY3JsMEYGCSqG\nSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZI\nAWUDBAICBQCiAwIBMKMDAgEBA4ICAQAdIlPBC7DQmvH7kjlOznFx3i21SzOPDs5L\n7SgFjMC9rR07292GQCA7Z7Ulq97JQaWeD2ofGGse5swj4OQfKfVv/zaJUFjvosZO\nnfZ63epu8MjWgBSXJg5QE/Al0zRsZsp53DBTdA+Uv/s33fexdenT1mpKYzhIg/cK\ntz4oMxq8JKWJ8Po1CXLzKcfrTphjlbkh8AVKMXeBd2SpM33B1YP4g1BOdk013kqb\n7bRHZ1iB2JHG5cMKKbwRCSAAGHLTzASgDcXr9Fp7Z3liDhGu/ci1opGmkp12QNiJ\nuBbkTU+xDZHm5X8Jm99BX7NEpzlOwIVR8ClgBDyuBkBC2ljtr3ZSaUIYj2xuyWN9\n5KFY49nWxcz90CFa3Hzmy4zMQmBe9dVyls5eL5p9bkXcgRMDTbgmVZiAf4afe8DL\ndmQcYcMFQbHhgVzMiyZHGJgcCrQmA7MkTwEIds1wx/HzMcwU4qqNBAoZV7oeIIPx\ndqFXfPqHqiRlEbRDfX1TG5NFVaeByX0GyH6jzYVuezETzruaky6fp2bl2bczxPE8\nHdS38ijiJmm9vl50RGUeOAXjSuInGR4bsRufeGPB9peTa9BcBOeTWzstqTUB/F/q\naZCIZKr4X6TyfUuSDz/1JDAGl+lxdM0P9+lLaP9NahQjHCVf0zf1c1salVuGFk2w\n/wMz1R1BHg==\n-----END CERTIFICATE-----";
+export declare function getDefaultArkHashes(): ArkHashes;
+export declare class SevSNP {
+    static serializeSNPReport(report: SNPReportWithChain): Buffer;
+    static deserializeSNPReport(serialized: Buffer): SNPReportWithChain;
+    protected static convertCertToPem(cert: Buffer): string;
+    protected static convertPemToDer(cert: string): Buffer;
+    protected static splitCerts(certsPem: string): string[];
+    protected static readCmdLine(): Promise<string>;
+    /**
+     * Method for generation AMD SEV-SNP Report
+     * @param userData - The data that will be included in the report and will be signed
+     */
+    static generateSNPReport(userData: Buffer): Promise<SNPReport>;
+    /**
+     * Method for fetch certificates from AMD KDS
+     * @param report - report generated by the `generateSNPReport` method
+     * @param options - options for working with HTTP, allows you to configure repetitions and the interval between them,
+     *                  as well as the format of the returned certificates
+     */
+    static getReportChain(report: SNPReport, options?: {
+        retryMax?: number;
+        retryInterval?: number;
+        certFormat?: CertificateFormat;
+    }): Promise<SnpCert[]>;
+    /**
+     * Method for generation AMD SEV-SNP Report and fetching certificates
+     * @param userData - @see generateSNPReport
+     * @param options - @see getReportChain
+     */
+    static generateSNPReportWithChain(userData: Buffer, options?: {
+        retryMax?: number;
+        retryInterval?: number;
+        certFormat?: CertificateFormat;
+    }): Promise<SNPReportWithChain>;
+    protected static runSubProcess(binaryPath: string, args?: string[], options?: {
+        cwd?: string;
+        timeoutMs?: number;
+    }): Promise<{
+        exitCode: number;
+        stdout: string;
+        stderr: string;
+    }>;
+    static getCertHash(cert: SnpCert): Buffer;
+    protected static isValidArk(ARK: SnpCert, trustedHashes: ArkHashes): boolean;
+    /**
+     * AMD SEV-SNP verification method
+     * @param report - report with full certificate chain
+     * @param options - trustedHashes - map of trusted AMD ARK Certificates (CommonName as Key, Sha256 Hash of Der Certificate as Value) - optional
+     *                  timeoutMs - timeout of the utility snpnost in ms
+     *                  snpGuestBinaryPath - path for snpguest util
+     */
+    static verifyReport(report: SNPReportWithChain, options?: {
+        trustedHashes?: ArkHashes;
+        timeoutMs?: number;
+        snpGuestBinaryPath?: string;
+    }): Promise<void>;
+    protected static calcMrEnclave(measure: Buffer, vmpl: number, policy: bigint): Buffer;
+    /**
+     * Method for obtaining mrEnclave from report. MrEnclave includes report measure, report vmpl and report policy
+     * @param report - report without certificates
+     */
+    static getMrEnclave(report: Buffer): Buffer;
+    /**
+     * Method for obtaining reportData. This data was passed when generating the report
+     * @param report - report without certificates
+     */
+    static getReportData(report: Buffer): Promise<Buffer>;
+    /**
+     * Method for obtaining measure. Please do not confuse with mrenclave. Report measure is part of mrEnclave.
+     * @param report - report without certificates
+     */
+    static getReportMeasure(report: Buffer): Promise<Buffer>;
+    protected static calculateFileSha256(filePath: string): Promise<Buffer>;
+    protected static calculateCmdlineHash(cmdLine: string): Buffer;
+    /**
+     * The method allows to get the expected mrEnclave without generating a report
+     * @param params - @see CalcSnpMrEnclaveParams
+     */
+    static calcSnpMrEnclave(params: CalcSnpMrEnclaveParams): Promise<Buffer>;
+    protected static extractBuildFromCmdline(cmdLine: string, paramName?: string): string;
+    /**
+     * Compute the 32-bit CPUID signature from family, model, and stepping.
+     * This computation is described in AMD's CPUID Specification, publication #25481
+     * https://www.amd.com/system/files/TechDocs/25481.pdf
+     * See section: CPUID Fn0000_0001_EAX Family, Model, Stepping Identifiers
+     * @param cpuInfo - Structure containing family, model and stepping @see CpuInfo
+     */
+    static getCpuSig(cpuInfo: CpuInfo): number;
+}