@super-protocol/addons-tee 0.8.16 → 0.8.17-beta.2

package/README.md

@@ -4,5 +4,5 @@ Addons for Trusted Execution Environment
 Use it for low-level actions with SGX things.
 
 To build npm package:
-1. Compile "native" part with run bindings/build-sgx-native.sh
+1. Compile "native" part with run bindings/build_in_docker.sh
 2. npm install && npm run build

package/bindings/amd-sev-snp-napi-rs/index.d.ts

@@ -0,0 +1,24 @@
+/* tslint:disable */
+/* eslint-disable */
+
+/* auto-generated by NAPI-RS */
+
+export const SNP_REPORT_DATA_SIZE: number
+export const KDS_CERT_SITE: string
+export const KDS_VCEK: string
+export const SHA256_BUFFER_SIZE: number
+export interface CpuInfo {
+  family: number
+  model: number
+  stepping: number
+}
+export declare function getSnpReport(data: Buffer, vmpl: number): Buffer
+export declare function getVcekKdsUrl(report: Buffer, generation: string): string
+export declare function getReportData(report: Buffer): Buffer
+export declare function getReportMeasure(report: Buffer): Buffer
+export declare function getReportVmpl(report: Buffer): number
+export declare function getReportPolicy(report: Buffer): bigint
+export declare function getCpuInfo(): CpuInfo
+export declare function getCpuSig(cpuInfo: CpuInfo): number
+export declare function getLogicalCoresCount(): number
+export declare function calcSnpMeasure(ovmfPath: string, kernelSha256: Buffer, initrdSha256: Buffer, cmdlineSha256: Buffer, vcpuSig: number, vcpuCount: number): Buffer

package/bindings/amd-sev-snp-napi-rs/index.js

@@ -0,0 +1,328 @@
+/* tslint:disable */
+/* eslint-disable */
+/* prettier-ignore */
+
+/* auto-generated by NAPI-RS */
+
+const { existsSync, readFileSync } = require('fs')
+const { join } = require('path')
+
+const { platform, arch } = process
+
+let nativeBinding = null
+let localFileExisted = false
+let loadError = null
+
+function isMusl() {
+  // For Node 10
+  if (!process.report || typeof process.report.getReport !== 'function') {
+    try {
+      const lddPath = require('child_process').execSync('which ldd').toString().trim()
+      return readFileSync(lddPath, 'utf8').includes('musl')
+    } catch (e) {
+      return true
+    }
+  } else {
+    const { glibcVersionRuntime } = process.report.getReport().header
+    return !glibcVersionRuntime
+  }
+}
+
+switch (platform) {
+  case 'android':
+    switch (arch) {
+      case 'arm64':
+        localFileExisted = existsSync(join(__dirname, 'amd-sev-snp-napi-rs.android-arm64.node'))
+        try {
+          if (localFileExisted) {
+            nativeBinding = require('./amd-sev-snp-napi-rs.android-arm64.node')
+          } else {
+            nativeBinding = require('amd-sev-snp-napi-rs-android-arm64')
+          }
+        } catch (e) {
+          loadError = e
+        }
+        break
+      case 'arm':
+        localFileExisted = existsSync(join(__dirname, 'amd-sev-snp-napi-rs.android-arm-eabi.node'))
+        try {
+          if (localFileExisted) {
+            nativeBinding = require('./amd-sev-snp-napi-rs.android-arm-eabi.node')
+          } else {
+            nativeBinding = require('amd-sev-snp-napi-rs-android-arm-eabi')
+          }
+        } catch (e) {
+          loadError = e
+        }
+        break
+      default:
+        throw new Error(`Unsupported architecture on Android ${arch}`)
+    }
+    break
+  case 'win32':
+    switch (arch) {
+      case 'x64':
+        localFileExisted = existsSync(
+          join(__dirname, 'amd-sev-snp-napi-rs.win32-x64-msvc.node')
+        )
+        try {
+          if (localFileExisted) {
+            nativeBinding = require('./amd-sev-snp-napi-rs.win32-x64-msvc.node')
+          } else {
+            nativeBinding = require('amd-sev-snp-napi-rs-win32-x64-msvc')
+          }
+        } catch (e) {
+          loadError = e
+        }
+        break
+      case 'ia32':
+        localFileExisted = existsSync(
+          join(__dirname, 'amd-sev-snp-napi-rs.win32-ia32-msvc.node')
+        )
+        try {
+          if (localFileExisted) {
+            nativeBinding = require('./amd-sev-snp-napi-rs.win32-ia32-msvc.node')
+          } else {
+            nativeBinding = require('amd-sev-snp-napi-rs-win32-ia32-msvc')
+          }
+        } catch (e) {
+          loadError = e
+        }
+        break
+      case 'arm64':
+        localFileExisted = existsSync(
+          join(__dirname, 'amd-sev-snp-napi-rs.win32-arm64-msvc.node')
+        )
+        try {
+          if (localFileExisted) {
+            nativeBinding = require('./amd-sev-snp-napi-rs.win32-arm64-msvc.node')
+          } else {
+            nativeBinding = require('amd-sev-snp-napi-rs-win32-arm64-msvc')
+          }
+        } catch (e) {
+          loadError = e
+        }
+        break
+      default:
+        throw new Error(`Unsupported architecture on Windows: ${arch}`)
+    }
+    break
+  case 'darwin':
+    localFileExisted = existsSync(join(__dirname, 'amd-sev-snp-napi-rs.darwin-universal.node'))
+    try {
+      if (localFileExisted) {
+        nativeBinding = require('./amd-sev-snp-napi-rs.darwin-universal.node')
+      } else {
+        nativeBinding = require('amd-sev-snp-napi-rs-darwin-universal')
+      }
+      break
+    } catch {}
+    switch (arch) {
+      case 'x64':
+        localFileExisted = existsSync(join(__dirname, 'amd-sev-snp-napi-rs.darwin-x64.node'))
+        try {
+          if (localFileExisted) {
+            nativeBinding = require('./amd-sev-snp-napi-rs.darwin-x64.node')
+          } else {
+            nativeBinding = require('amd-sev-snp-napi-rs-darwin-x64')
+          }
+        } catch (e) {
+          loadError = e
+        }
+        break
+      case 'arm64':
+        localFileExisted = existsSync(
+          join(__dirname, 'amd-sev-snp-napi-rs.darwin-arm64.node')
+        )
+        try {
+          if (localFileExisted) {
+            nativeBinding = require('./amd-sev-snp-napi-rs.darwin-arm64.node')
+          } else {
+            nativeBinding = require('amd-sev-snp-napi-rs-darwin-arm64')
+          }
+        } catch (e) {
+          loadError = e
+        }
+        break
+      default:
+        throw new Error(`Unsupported architecture on macOS: ${arch}`)
+    }
+    break
+  case 'freebsd':
+    if (arch !== 'x64') {
+      throw new Error(`Unsupported architecture on FreeBSD: ${arch}`)
+    }
+    localFileExisted = existsSync(join(__dirname, 'amd-sev-snp-napi-rs.freebsd-x64.node'))
+    try {
+      if (localFileExisted) {
+        nativeBinding = require('./amd-sev-snp-napi-rs.freebsd-x64.node')
+      } else {
+        nativeBinding = require('amd-sev-snp-napi-rs-freebsd-x64')
+      }
+    } catch (e) {
+      loadError = e
+    }
+    break
+  case 'linux':
+    switch (arch) {
+      case 'x64':
+        if (isMusl()) {
+          localFileExisted = existsSync(
+            join(__dirname, 'amd-sev-snp-napi-rs.linux-x64-musl.node')
+          )
+          try {
+            if (localFileExisted) {
+              nativeBinding = require('./amd-sev-snp-napi-rs.linux-x64-musl.node')
+            } else {
+              nativeBinding = require('amd-sev-snp-napi-rs-linux-x64-musl')
+            }
+          } catch (e) {
+            loadError = e
+          }
+        } else {
+          localFileExisted = existsSync(
+            join(__dirname, 'amd-sev-snp-napi-rs.linux-x64-gnu.node')
+          )
+          try {
+            if (localFileExisted) {
+              nativeBinding = require('./amd-sev-snp-napi-rs.linux-x64-gnu.node')
+            } else {
+              nativeBinding = require('amd-sev-snp-napi-rs-linux-x64-gnu')
+            }
+          } catch (e) {
+            loadError = e
+          }
+        }
+        break
+      case 'arm64':
+        if (isMusl()) {
+          localFileExisted = existsSync(
+            join(__dirname, 'amd-sev-snp-napi-rs.linux-arm64-musl.node')
+          )
+          try {
+            if (localFileExisted) {
+              nativeBinding = require('./amd-sev-snp-napi-rs.linux-arm64-musl.node')
+            } else {
+              nativeBinding = require('amd-sev-snp-napi-rs-linux-arm64-musl')
+            }
+          } catch (e) {
+            loadError = e
+          }
+        } else {
+          localFileExisted = existsSync(
+            join(__dirname, 'amd-sev-snp-napi-rs.linux-arm64-gnu.node')
+          )
+          try {
+            if (localFileExisted) {
+              nativeBinding = require('./amd-sev-snp-napi-rs.linux-arm64-gnu.node')
+            } else {
+              nativeBinding = require('amd-sev-snp-napi-rs-linux-arm64-gnu')
+            }
+          } catch (e) {
+            loadError = e
+          }
+        }
+        break
+      case 'arm':
+        if (isMusl()) {
+          localFileExisted = existsSync(
+            join(__dirname, 'amd-sev-snp-napi-rs.linux-arm-musleabihf.node')
+          )
+          try {
+            if (localFileExisted) {
+              nativeBinding = require('./amd-sev-snp-napi-rs.linux-arm-musleabihf.node')
+            } else {
+              nativeBinding = require('amd-sev-snp-napi-rs-linux-arm-musleabihf')
+            }
+          } catch (e) {
+            loadError = e
+          }
+        } else {
+          localFileExisted = existsSync(
+            join(__dirname, 'amd-sev-snp-napi-rs.linux-arm-gnueabihf.node')
+          )
+          try {
+            if (localFileExisted) {
+              nativeBinding = require('./amd-sev-snp-napi-rs.linux-arm-gnueabihf.node')
+            } else {
+              nativeBinding = require('amd-sev-snp-napi-rs-linux-arm-gnueabihf')
+            }
+          } catch (e) {
+            loadError = e
+          }
+        }
+        break
+      case 'riscv64':
+        if (isMusl()) {
+          localFileExisted = existsSync(
+            join(__dirname, 'amd-sev-snp-napi-rs.linux-riscv64-musl.node')
+          )
+          try {
+            if (localFileExisted) {
+              nativeBinding = require('./amd-sev-snp-napi-rs.linux-riscv64-musl.node')
+            } else {
+              nativeBinding = require('amd-sev-snp-napi-rs-linux-riscv64-musl')
+            }
+          } catch (e) {
+            loadError = e
+          }
+        } else {
+          localFileExisted = existsSync(
+            join(__dirname, 'amd-sev-snp-napi-rs.linux-riscv64-gnu.node')
+          )
+          try {
+            if (localFileExisted) {
+              nativeBinding = require('./amd-sev-snp-napi-rs.linux-riscv64-gnu.node')
+            } else {
+              nativeBinding = require('amd-sev-snp-napi-rs-linux-riscv64-gnu')
+            }
+          } catch (e) {
+            loadError = e
+          }
+        }
+        break
+      case 's390x':
+        localFileExisted = existsSync(
+          join(__dirname, 'amd-sev-snp-napi-rs.linux-s390x-gnu.node')
+        )
+        try {
+          if (localFileExisted) {
+            nativeBinding = require('./amd-sev-snp-napi-rs.linux-s390x-gnu.node')
+          } else {
+            nativeBinding = require('amd-sev-snp-napi-rs-linux-s390x-gnu')
+          }
+        } catch (e) {
+          loadError = e
+        }
+        break
+      default:
+        throw new Error(`Unsupported architecture on Linux: ${arch}`)
+    }
+    break
+  default:
+    throw new Error(`Unsupported OS: ${platform}, architecture: ${arch}`)
+}
+
+if (!nativeBinding) {
+  if (loadError) {
+    throw loadError
+  }
+  throw new Error(`Failed to load native binding`)
+}
+
+const { SNP_REPORT_DATA_SIZE, KDS_CERT_SITE, KDS_VCEK, SHA256_BUFFER_SIZE, getSnpReport, getVcekKdsUrl, getReportData, getReportMeasure, getReportVmpl, getReportPolicy, getCpuInfo, getCpuSig, getLogicalCoresCount, calcSnpMeasure } = nativeBinding
+
+module.exports.SNP_REPORT_DATA_SIZE = SNP_REPORT_DATA_SIZE
+module.exports.KDS_CERT_SITE = KDS_CERT_SITE
+module.exports.KDS_VCEK = KDS_VCEK
+module.exports.SHA256_BUFFER_SIZE = SHA256_BUFFER_SIZE
+module.exports.getSnpReport = getSnpReport
+module.exports.getVcekKdsUrl = getVcekKdsUrl
+module.exports.getReportData = getReportData
+module.exports.getReportMeasure = getReportMeasure
+module.exports.getReportVmpl = getReportVmpl
+module.exports.getReportPolicy = getReportPolicy
+module.exports.getCpuInfo = getCpuInfo
+module.exports.getCpuSig = getCpuSig
+module.exports.getLogicalCoresCount = getLogicalCoresCount
+module.exports.calcSnpMeasure = calcSnpMeasure

package/bindings/amd-sev-snp-napi-rs/package-lock.json

@@ -0,0 +1,40 @@
+{
+  "name": "amd-sev-snp-napi-rs",
+  "version": "1.0.0",
+  "lockfileVersion": 2,
+  "requires": true,
+  "packages": {
+    "": {
+      "name": "amd-sev-snp-napi-rs",
+      "version": "1.0.0",
+      "license": "MIT",
+      "devDependencies": {
+        "@napi-rs/cli": "^2.18.4"
+      },
+      "engines": {
+        "node": ">= 16"
+      }
+    },
+    "node_modules/@napi-rs/cli": {
+      "version": "2.18.4",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "napi": "scripts/index.js"
+      },
+      "engines": {
+        "node": ">= 10"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/Brooooooklyn"
+      }
+    }
+  },
+  "dependencies": {
+    "@napi-rs/cli": {
+      "version": "2.18.4",
+      "dev": true
+    }
+  }
+}

package/bindings/amd-sev-snp-napi-rs/package.json

@@ -0,0 +1,31 @@
+{
+  "name": "amd-sev-snp-napi-rs",
+  "version": "1.0.0",
+  "main": "index.js",
+  "types": "index.d.ts",
+  "napi": {
+    "name": "amd-sev-snp-napi-rs",
+    "triples": {
+      "defaults": false,
+      "additional": [
+        "x86_64-unknown-linux-gnu"
+      ]
+    }
+  },
+  "license": "MIT",
+  "devDependencies": {
+    "@napi-rs/cli": "^2.18.4"
+  },
+  "engines": {
+    "node": ">= 16"
+  },
+  "scripts": {
+    "artifacts": "napi artifacts",
+    "build": "napi build --platform --release",
+    "build:debug": "napi build --platform",
+    "prepublishOnly": "napi prepublish -t npm",
+    "test": "ava",
+    "universal": "napi universal",
+    "version": "napi version"
+  }
+}

package/bindings/sp-sev/.github/auto_assign-issues.yml

@@ -0,0 +1,5 @@
+addAssignees: true
+
+assignees:
+  - tylerfanelli
+  - larrydewey

package/bindings/sp-sev/.github/auto_assign.yml

@@ -0,0 +1,21 @@
+# Set to true to add reviewers to pull requests
+addReviewers: true
+
+# Set to true to add assignees to pull requests
+addAssignees: true
+
+# A list of reviewers to be added to pull requests (GitHub user name)
+reviewers: 
+  - DGonzalezVillal
+  - tylerfanelli
+  - larrydewey
+  - ryansavino
+
+# A list of keywords to be skipped the process that add reviewers if pull requests include it 
+skipKeywords:
+  - wip
+  - WIP
+
+# A number of reviewers added to the pull request
+# Set 0 to add all the reviewers (default: 0)
+numberOfReviewers: 2

package/bindings/sp-sev/.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+- package-ecosystem: "cargo"
+  directory: "/"
+  schedule:
+    interval: "weekly"

package/bindings/sp-sev/.github/workflows/dco.yml

@@ -0,0 +1,10 @@
+name: Sign-off Check
+
+on:
+  pull_request:
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: KineticCafe/actions-dco@v1

package/bindings/sp-sev/.github/workflows/lint.yml

@@ -0,0 +1,56 @@
+on: [push, pull_request]
+name: lint
+jobs:
+  fmt:
+    name: cargo fmt
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          components: rustfmt
+          toolchain: 1.80.0
+      - run: cargo fmt --all -- --check
+
+  clippy-openssl:
+    name: cargo clippy openssl
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          components: clippy
+          toolchain: 1.80.0
+      - run: cargo clippy --features=openssl,hw_tests,dangerous_hw_tests --all-targets -- -D clippy::all -D unused_imports -D warnings -D clippy::style
+
+  clippy-crypto_nossl:
+    name: cargo clippy crypto_nossl
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          components: clippy
+          toolchain: 1.80.0
+      - run: cargo clippy --features=crypto_nossl,hw_tests,dangerous_hw_tests --all-targets -- -D clippy::all -D unused_imports -D warnings -D clippy::style
+
+  readme:
+    name: cargo rdme
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          toolchain: nightly
+      - run: |
+          cargo install cargo-rdme
+          cargo rdme --check
+
+  check-spdx-headers:
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@v4
+      - uses: enarx/spdx@master
+        with:
+          licenses: Apache-2.0

package/bindings/sp-sev/.github/workflows/test.yml

@@ -0,0 +1,54 @@
+on: [push, pull_request]
+name: test
+jobs:
+  sw-openssl:
+    name: sw openssl ${{ matrix.runner }} ${{ matrix.toolchain }} ${{ matrix.profile.name }} ${{ matrix.features }}
+    runs-on: ${{ matrix.runner }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          toolchain: ${{ matrix.toolchain }}
+      - run: cargo test ${{ matrix.profile.flag }} --features=${{ matrix.features }}
+
+    strategy:
+      fail-fast: false
+      matrix:
+        runner:
+          - ubuntu-latest
+          - macos-13
+        toolchain:
+          - 1.80.0
+          - stable
+        profile:
+          - name: debug
+          - name: release
+            flag: --release
+        features:
+          - openssl
+
+  sw-crypto_nossl:
+    name: sw crypto_nossl ${{ matrix.runner }} ${{ matrix.toolchain }} ${{ matrix.profile.name }} ${{ matrix.features }}
+    runs-on: ${{ matrix.runner }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          toolchain: ${{ matrix.toolchain }}
+      - run: cargo test ${{ matrix.profile.flag }} --features=${{ matrix.features }}
+    strategy:
+      fail-fast: false
+      matrix:
+        runner:
+          - ubuntu-latest
+          - macos-13
+          - windows-latest
+        toolchain:
+          - 1.80.0
+          - stable
+        profile:
+          - name: debug
+          - name: release
+            flag: --release
+        features:
+          - crypto_nossl

package/bindings/sp-sev/.rustfmt.toml

@@ -0,0 +1,2 @@
+edition = "2021"
+newline_style = "Unix"

package/bindings/sp-sev/CODEOWNERS

@@ -0,0 +1 @@
+* @tylerfanelli @larrydewey @DGonzalezVillal