@super-protocol/addons-tee 0.8.6 → 0.8.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -1
- package/bindings/sgx-native/README.md +1 -1
- package/bindings/sgx-native/build/Release/libmbedcrypto_gramine.so.13 +0 -0
- package/bindings/sgx-native/build/Release/libmbedx509_gramine.so.4 +0 -0
- package/bindings/sgx-native/build/Release/sgx_native.node +0 -0
- package/dist/quote-validator/index.d.ts +1 -1
- package/dist/quote-validator/index.js +2 -2
- package/dist/quote-validator/{sgx-untrasted-validator.js → sgx-untrusted-validator.js} +1 -1
- package/dist/sgx-native-module/consts.d.ts +9 -0
- package/dist/sgx-native-module/consts.js +8 -2
- package/dist/sgx-native-module/dcap-quote-verify.service.d.ts +1 -1
- package/dist/sgx-native-module/dcap-quote-verify.service.js +8 -4
- package/dist/sgx-native-module/enclave.service.d.ts +16 -6
- package/dist/sgx-native-module/enclave.service.js +19 -5
- package/dist/sgx-native-module/errors.d.ts +5 -0
- package/dist/sgx-native-module/errors.js +18 -5
- package/dist/sgx-native-module/pki.service.d.ts +41 -0
- package/dist/sgx-native-module/pki.service.js +60 -2
- package/dist/sgx-native-module/sgx-tests.js +82 -0
- package/package.json +7 -6
- package/test_sgx_env/Dockerfile +16 -0
- package/test_sgx_env/build-and-run-tests.sh +29 -0
- package/test_sgx_env/gsc-config.yaml +14 -0
- package/test_sgx_env/node16-base.manifest +13 -0
- package/test_sgx_env/sgx_default_qcnl.conf +20 -0
- package/bindings/build-sgx-native.sh +0 -9
- package/bindings/sgx-native/build/Release/libmbedcrypto_gramine.so.12 +0 -0
- package/bindings/sgx-native/build/Release/libsgx_util.so +0 -0
- package/bindings/sgx-native/docker_build.sh +0 -78
- package/bindings/sgx-native/node.manifest.template +0 -59
- package/bindings/sgx-native/run_tests.sh +0 -10
- package/bindings/sgx-native/test_certs/attestation/cert.der +0 -0
- package/bindings/sgx-native/test_certs/attestation/cert.pem +0 -124
- package/bindings/sgx-native/test_certs/attestation/cert_maliciously.der +0 -0
- package/bindings/sgx-native/test_certs/attestation/cert_maliciously.pem +0 -124
- package/bindings/sgx-native/test_certs/attestation/cert_without_quote.der +0 -0
- package/bindings/sgx-native/test_certs/attestation/cert_without_quote.pem +0 -20
- package/bindings/sgx-native/test_certs/attestation/cert_wrong_hash.der +0 -0
- package/bindings/sgx-native/test_certs/attestation/cert_wrong_hash.pem +0 -124
- package/bindings/sgx-native/test_certs/ssl/expired.pem +0 -68
- package/bindings/sgx-native/test_certs/ssl/hostnameTest.pem +0 -22
- package/bindings/sgx-native/test_certs/ssl/multipleHost.pem +0 -62
- package/bindings/sgx-native/test_certs/ssl/noHost.pem +0 -61
- package/bindings/sgx-native/test_certs/ssl/noIntermidiate.pem +0 -62
- package/bindings/sgx-native/test_certs/ssl/revoked.pem +0 -68
- package/bindings/sgx-native/test_certs/ssl/untrusted.pem +0 -65
- package/bindings/sgx-native/test_certs/ssl/valid.pem +0 -94
- package/dist/sgx-native-module/dcap-quote-verify.service.spec.d.ts +0 -1
- /package/dist/quote-validator/{sgx-untrasted-validator.d.ts → sgx-untrusted-validator.d.ts} +0 -0
- /package/dist/{quote-validator/sgx-untrasted-validator.spec.d.ts → sgx-native-module/sgx-tests.d.ts} +0 -0
package/README.md
CHANGED
|
@@ -1,4 +1,8 @@
|
|
|
1
|
-
Addons for
|
|
1
|
+
Addons for Trusted Execution Environment
|
|
2
2
|
========================================
|
|
3
3
|
|
|
4
4
|
Use it for low-level actions with SGX things.
|
|
5
|
+
|
|
6
|
+
To build npm package:
|
|
7
|
+
1. Compile "native" part with run bindings/build-sgx-native.sh
|
|
8
|
+
2. npm install && npm run build
|
|
@@ -1 +1 @@
|
|
|
1
|
-
To compile
|
|
1
|
+
To compile just run build-sgx-native.sh from directory above
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
@@ -1 +1 @@
|
|
|
1
|
-
export { default as SGXUntrustedValidator } from "./sgx-
|
|
1
|
+
export { default as SGXUntrustedValidator } from "./sgx-untrusted-validator";
|
|
@@ -4,6 +4,6 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
exports.SGXUntrustedValidator = void 0;
|
|
7
|
-
var
|
|
8
|
-
Object.defineProperty(exports, "SGXUntrustedValidator", { enumerable: true, get: function () { return __importDefault(
|
|
7
|
+
var sgx_untrusted_validator_1 = require("./sgx-untrusted-validator");
|
|
8
|
+
Object.defineProperty(exports, "SGXUntrustedValidator", { enumerable: true, get: function () { return __importDefault(sgx_untrusted_validator_1).default; } });
|
|
9
9
|
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvcXVvdGUtdmFsaWRhdG9yL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7OztBQUFBLHFFQUE2RTtBQUFwRSxpSkFBQSxPQUFPLE9BQXlCIn0=
|
|
@@ -147,4 +147,4 @@ class SGXUntrustedValidator {
|
|
|
147
147
|
}
|
|
148
148
|
}
|
|
149
149
|
exports.default = SGXUntrustedValidator;
|
|
150
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
150
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2d4LXVudHJ1c3RlZC12YWxpZGF0b3IuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvcXVvdGUtdmFsaWRhdG9yL3NneC11bnRydXN0ZWQtdmFsaWRhdG9yLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQUEsa0RBQTBCO0FBQzFCLDREQUE4RDtBQUM5RCwyQ0FBbUY7QUFFbkYsNERBQTREO0FBQzVELHFDQUF5QztBQUN6QyxtQ0FBbUM7QUFDbkMsMERBQWlDO0FBRWpDLE1BQU0scUJBQXFCO0lBR3ZCO1FBQ0ksSUFBSSxDQUFDLElBQUksR0FBRyxJQUFJLDBDQUFzQixFQUFFLENBQUM7SUFDN0MsQ0FBQztJQUVNLEtBQUssQ0FBQyxRQUFRLENBQUMsS0FBYTtRQUMvQiwyQkFBMkI7UUFDM0IsTUFBTSxVQUFVLEdBQUcsTUFBTSxJQUFJLENBQUMsSUFBSSxDQUFDLHNCQUFzQixDQUFDLEVBQUUsS0FBSyxFQUFFLENBQUMsQ0FBQztRQUNyRSxNQUFNLENBQUMsT0FBTyxFQUFFLGdCQUFnQixFQUFFLFFBQVEsQ0FBQyxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsVUFBVSxDQUFDLFlBQWEsQ0FBQyxDQUFDO1FBRXhGLGdDQUFnQztRQUNoQyxNQUFNLENBQUMsT0FBTyxFQUFFLEVBQUUsZUFBZSxFQUFFLFlBQVksRUFBRSxDQUFDLEdBQUcsTUFBTSxPQUFPLENBQUMsR0FBRyxDQUFDO1lBQ25FLElBQUksQ0FBQyxZQUFZLENBQUMsUUFBUSxDQUFDO1lBQzNCLElBQUksQ0FBQyxvQkFBb0IsRUFBRTtTQUM5QixDQUFDLENBQUM7UUFFSCx5REFBeUQ7UUFDekQsSUFBSSxRQUFRLEtBQUssWUFBWTtZQUFFLE1BQU0sSUFBSSxLQUFLLENBQUMsMEJBQTBCLENBQUMsQ0FBQztRQUUzRSxvQkFBb0I7UUFDcEIsTUFBTSxjQUFjLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsR0FBRyxFQUFFLEdBQUcsSUFBSSxDQUFDLENBQUM7UUFDckQsTUFBTSxJQUFJLENBQUMsSUFBSSxDQUFDLHNCQUFzQixDQUFDO1lBQ25DLFlBQVksRUFBRSxPQUFPLEdBQUcsZ0JBQWdCLEdBQUcsUUFBUTtZQUNuRCxvQkFBb0IsRUFBRSxlQUFlO1lBQ3JDLFlBQVksRUFBRSxPQUFPO1lBQ3JCLG9CQUFvQixFQUFFLFFBQVE7WUFDOUIsbUJBQW1CLEVBQUUsY0FBYztTQUN0QyxDQUFDLENBQUM7UUFFSCxtREFBbUQ7UUFDbkQsTUFBTSxDQUFDLE9BQU8sRUFBRSxVQUFVLENBQUMsR0FBRyxNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQUM7WUFDNUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxPQUFPLEVBQUUsUUFBUSxFQUFFLE9BQU8sQ0FBQztZQUM3QyxJQUFJLENBQUMsZUFBZSxDQUFDLFFBQVEsRUFBRSxPQUFPLENBQUM7U0FDMUMsQ0FBQyxDQUFDO1FBRUgsaUJBQWlCO1FBQ2pCLE1BQU0sSUFBSSxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUM7WUFDMUIsS0FBSztZQUNMLGlCQUFpQixFQUFFLE9BQU87WUFDMUIsa0JBQWtCLEVBQUUsZUFBZTtZQUNuQyxXQUFXLEVBQUUsT0FBTztZQUNwQixjQUFjLEVBQUUsVUFBVTtTQUM3QixDQUFDLENBQUM7SUFDUCxDQUFDO0lBRU8sS0FBSyxDQUFDLFlBQVksQ0FBQyxRQUFnQjtRQUN2QyxzQ0FBc0M7UUFDdEMsTUFBTSxjQUFjLEdBQUcsa0JBQVcsQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDO1FBQ2xFLE1BQU0saUJBQWlCLEdBQUcsY0FBYyxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxJQUFTLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxHQUFHLEtBQUssaUNBQXFCLENBQUMsQ0FBQztRQUM1RyxJQUFJLENBQUMsaUJBQWlCO1lBQUUsTUFBTSxJQUFJLEtBQUssQ0FBQyx1Q0FBdUMsQ0FBQyxDQUFDO1FBQ2pGLElBQUksVUFBVSxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsaUJBQWtCLENBQUMsS0FBSyxDQUFDLENBQUMsUUFBUSxFQUFFLENBQUM7UUFDbEUsVUFBVSxHQUFHLFVBQVUsQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsRUFBRSxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFakYsaUJBQWlCO1FBQ2pCLE1BQU0sYUFBYSxHQUFHLE1BQU0sZUFBSyxDQUFDLEdBQUcsQ0FBQyxVQUFVLEVBQUUsRUFBRSxZQUFZLEVBQUUsYUFBYSxFQUFFLENBQUMsQ0FBQztRQUNuRixJQUFJLE9BQU8sR0FBRyxhQUFhLENBQUMsSUFBSSxDQUFDO1FBRWpDLDBCQUEwQjtRQUMxQixPQUFPLEdBQUcsNkJBQTZCLE9BQU87YUFDekMsUUFBUSxDQUFDLFFBQVEsQ0FBQzthQUNsQixLQUFLLENBQUMsVUFBVSxDQUFFO2FBQ2xCLElBQUksQ0FBQyxJQUFJLENBQUMsd0JBQXdCLENBQUM7UUFFeEMsT0FBTyxPQUFPLENBQUM7SUFDbkIsQ0FBQztJQUVPLEtBQUssQ0FBQyxvQkFBb0I7UUFDOUIsTUFBTSxxQkFBcUIsR0FBRyxNQUFNLGVBQUssQ0FBQyxHQUFHLENBQUMsR0FBRyxvQkFBUSxrQ0FBa0MsQ0FBQyxDQUFDO1FBRTdGLG9DQUFvQztRQUNwQyxNQUFNLFNBQVMsR0FBRyxrQkFBa0IsQ0FBQyxxQkFBcUIsQ0FBQyxPQUFPLENBQUMsMEJBQTBCLENBQUMsQ0FBQyxDQUFDO1FBQ2hHLE1BQU0sQ0FBQyxFQUFFLFlBQVksQ0FBQyxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsU0FBUyxDQUFDLENBQUM7UUFFcEQsT0FBTztZQUNILGVBQWUsRUFBRSxxQkFBcUIsQ0FBQyxJQUFJO1lBQzNDLFlBQVk7U0FDZixDQUFDO0lBQ04sQ0FBQztJQUVPLEtBQUssQ0FBQyxZQUFZLENBQUMsT0FBZSxFQUFFLFFBQWdCLEVBQUUsT0FBZTtRQUN6RSw4QkFBOEI7UUFDOUIsTUFBTSxhQUFhLEdBQUcsa0JBQVcsQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDO1FBQ2hFLE1BQU0sZUFBZSxHQUFHLGFBQWEsQ0FBQyxVQUFVO2FBQzNDLEdBQUcsQ0FBQyxDQUFDLElBQVMsRUFBRSxFQUFFO1lBQ2YsMkJBQTJCO1lBQzNCLElBQUksK0JBQW1CLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDO2dCQUFFLE9BQU8sSUFBSSxDQUFDO1lBRTdELG9CQUFvQjtZQUNwQixNQUFNLFlBQVksR0FBRywrQkFBbUIsQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsK0JBQW1CLENBQUMsTUFBTSxDQUFDO2lCQUMxRixLQUFLLENBQUMsR0FBRyxDQUFDO2lCQUNWLE1BQU0sQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLENBQUM7WUFFNUIsK0NBQStDO1lBQy9DLElBQUksQ0FBQyxZQUFZLENBQUMsTUFBTTtnQkFBRSxPQUFPLElBQUksQ0FBQyxLQUFLLENBQUM7WUFFNUMsNkJBQTZCO1lBQzdCLElBQUksYUFBYSxHQUFHLG1CQUFRLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQztZQUNoRCxJQUFJO2dCQUNBLHFDQUFxQztnQkFDckMsWUFBWSxDQUFDLE9BQU8sQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsQ0FBQyxhQUFhLEdBQUcsYUFBYSxDQUFDLFFBQVEsQ0FBQyxDQUFDLEdBQUcsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7Z0JBQ2xGLGtFQUFrRTtnQkFDbEUsT0FBTyxhQUFhLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQzthQUMxQztZQUFDLE9BQU8sQ0FBQyxFQUFFO2dCQUNSLE9BQU8sSUFBSSxDQUFDO2FBQ2Y7UUFDTCxDQUFDLENBQUM7YUFDRCxNQUFNLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQzVCLElBQUksQ0FBQyxlQUFlLENBQUMsTUFBTTtZQUFFLE1BQU0sSUFBSSxLQUFLLENBQUMsb0NBQW9DLENBQUMsQ0FBQztRQUNuRixNQUFNLEtBQUssR0FBRyxNQUFNLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUU5RCxrQ0FBa0M7UUFDbEMsTUFBTSxhQUFhLEdBQUcsTUFBTSxlQUFLLENBQUMsR0FBRyxDQUFDLEdBQUcsb0JBQVEsY0FBYyxLQUFLLEVBQUUsQ0FBQyxDQUFDO1FBQ3hFLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUMsYUFBYSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ25ELE1BQU0sWUFBWSxHQUFHLGtCQUFrQixDQUFDLGFBQWEsQ0FBQyxPQUFPLENBQUMsMkJBQTJCLENBQUMsQ0FBQyxDQUFDO1FBRTVGLG9CQUFvQjtRQUNwQixNQUFNLGNBQWMsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsQ0FBQztRQUNyRCxNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUFDO1lBQzVCLFdBQVcsRUFBRSxPQUFPO1lBQ3BCLFlBQVksRUFBRSxZQUFZO1lBQzFCLFlBQVksRUFBRSxPQUFPO1lBQ3JCLG9CQUFvQixFQUFFLFFBQVE7WUFDOUIsbUJBQW1CLEVBQUUsY0FBYztTQUN0QyxDQUFDLENBQUM7UUFFSCxPQUFPLE9BQU8sQ0FBQztJQUNuQixDQUFDO0lBRU8sS0FBSyxDQUFDLGVBQWUsQ0FBQyxRQUFnQixFQUFFLE9BQWU7UUFDM0QsMENBQTBDO1FBQzFDLE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxlQUFLLENBQUMsR0FBRyxDQUFDLEdBQUcsb0JBQVEsY0FBYyxDQUFDLENBQUM7UUFDcEUsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUN6RCxNQUFNLGVBQWUsR0FBRyxrQkFBa0IsQ0FBQyxnQkFBZ0IsQ0FBQyxPQUFPLENBQUMsbUNBQW1DLENBQUMsQ0FBQyxDQUFDO1FBRTFHLDRCQUE0QjtRQUM1QixNQUFNLGNBQWMsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsQ0FBQztRQUNyRCxNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsdUJBQXVCLENBQUM7WUFDcEMsbUJBQW1CLEVBQUUsVUFBVTtZQUMvQixZQUFZLEVBQUUsZUFBZTtZQUM3QixZQUFZLEVBQUUsT0FBTztZQUNyQixvQkFBb0IsRUFBRSxRQUFRO1lBQzlCLG1CQUFtQixFQUFFLGNBQWM7U0FDdEMsQ0FBQyxDQUFDO1FBRUgsT0FBTyxVQUFVLENBQUM7SUFDdEIsQ0FBQztJQUVPLFVBQVUsQ0FBQyxLQUFhO1FBQzVCLE9BQU8sS0FBSzthQUNQLEtBQUssQ0FBQyw2QkFBNkIsQ0FBQzthQUNwQyxNQUFNLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQzthQUN0QixHQUFHLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLDZCQUE2QixHQUFHLElBQUksQ0FBQyxDQUFDO0lBQzdELENBQUM7Q0FDSjtBQUVELGtCQUFlLHFCQUFxQixDQUFDIn0=
|
|
@@ -103,3 +103,12 @@ export declare enum DcapQuoteVerificationStatus {
|
|
|
103
103
|
export declare const DcapQuoteVerificationStatusMap: {
|
|
104
104
|
[key: string]: string;
|
|
105
105
|
};
|
|
106
|
+
export declare enum PckFlag {
|
|
107
|
+
PCK_FLAG_FALSE = 0,
|
|
108
|
+
PCK_FLAG_TRUE = 1,
|
|
109
|
+
PCK_FLAG_UNDEFINED = 2
|
|
110
|
+
}
|
|
111
|
+
export declare type QuoteVerificationResultType = {
|
|
112
|
+
verificationResult: number;
|
|
113
|
+
smtEnabled: PckFlag;
|
|
114
|
+
};
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.DcapQuoteVerificationStatusMap = exports.DcapQuoteVerificationStatus = exports.KeyPolicy = exports.KeyType = void 0;
|
|
3
|
+
exports.PckFlag = exports.DcapQuoteVerificationStatusMap = exports.DcapQuoteVerificationStatus = exports.KeyPolicy = exports.KeyType = void 0;
|
|
4
4
|
var KeyType;
|
|
5
5
|
(function (KeyType) {
|
|
6
6
|
// Launch key
|
|
@@ -121,4 +121,10 @@ exports.DcapQuoteVerificationStatusMap = Object.entries(DcapQuoteVerificationSta
|
|
|
121
121
|
obj[key] = value;
|
|
122
122
|
return obj;
|
|
123
123
|
}, {});
|
|
124
|
-
|
|
124
|
+
var PckFlag;
|
|
125
|
+
(function (PckFlag) {
|
|
126
|
+
PckFlag[PckFlag["PCK_FLAG_FALSE"] = 0] = "PCK_FLAG_FALSE";
|
|
127
|
+
PckFlag[PckFlag["PCK_FLAG_TRUE"] = 1] = "PCK_FLAG_TRUE";
|
|
128
|
+
PckFlag[PckFlag["PCK_FLAG_UNDEFINED"] = 2] = "PCK_FLAG_UNDEFINED";
|
|
129
|
+
})(PckFlag = exports.PckFlag || (exports.PckFlag = {}));
|
|
130
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29uc3RzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3NneC1uYXRpdmUtbW9kdWxlL2NvbnN0cy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxJQUFZLE9BZVg7QUFmRCxXQUFZLE9BQU87SUFDZixhQUFhO0lBQ2IsNkVBQWlDLENBQUE7SUFFakMsbUJBQW1CO0lBQ25CLDJFQUFnQyxDQUFBO0lBRWhDLHdCQUF3QjtJQUN4QixxRkFBcUMsQ0FBQTtJQUVyQyxhQUFhO0lBQ2IscUVBQTZCLENBQUE7SUFFN0IsV0FBVztJQUNYLGlFQUEyQixDQUFBO0FBQy9CLENBQUMsRUFmVyxPQUFPLEdBQVAsZUFBTyxLQUFQLGVBQU8sUUFlbEI7QUFFRCxJQUFZLFNBa0JYO0FBbEJELFdBQVksU0FBUztJQUNqQiw4REFBOEQ7SUFDOUQsK0VBQWdDLENBQUE7SUFFaEMsNkRBQTZEO0lBQzdELDZFQUErQixDQUFBO0lBRS9CLDZDQUE2QztJQUM3QyxtRkFBa0MsQ0FBQTtJQUVsQyx5Q0FBeUM7SUFDekMsNkVBQStCLENBQUE7SUFFL0IsNENBQTRDO0lBQzVDLG9GQUFrQyxDQUFBO0lBRWxDLDZDQUE2QztJQUM3QyxzRkFBbUMsQ0FBQTtBQUN2QyxDQUFDLEVBbEJXLFNBQVMsR0FBVCxpQkFBUyxLQUFULGlCQUFTLFFBa0JwQjtBQUVELElBQVksMkJBb0dYO0FBcEdELFdBQVksMkJBQTJCO0lBQ25DLHlFQUFNLENBQUE7SUFFTixtSEFBdUIsQ0FBQTtJQUV2QiwyR0FBbUIsQ0FBQTtJQUNuQiwyR0FBbUIsQ0FBQTtJQUNuQixpSUFBOEIsQ0FBQTtJQUM5Qix5SEFBMEIsQ0FBQTtJQUMxQiwrR0FBcUIsQ0FBQTtJQUVyQiwySEFBMkIsQ0FBQTtJQUMzQiwySEFBMkIsQ0FBQTtJQUMzQixpSkFBc0MsQ0FBQTtJQUN0QywwSUFBa0MsQ0FBQTtJQUNsQyw0SEFBMkIsQ0FBQTtJQUUzQixvR0FBZSxDQUFBO0lBQ2Ysb0dBQWUsQ0FBQTtJQUNmLDBIQUEwQixDQUFBO0lBQzFCLGtIQUFzQixDQUFBO0lBQ3RCLG9HQUFlLENBQUE7SUFFZixvSEFBdUIsQ0FBQTtJQUN2Qiw4SEFBNEIsQ0FBQTtJQUU1QixvSUFBK0IsQ0FBQTtJQUMvQiw4R0FBb0IsQ0FBQTtJQUNwQiwwSEFBMEIsQ0FBQTtJQUUxQiw4SEFBNEIsQ0FBQTtJQUM1Qiw4SEFBNEIsQ0FBQTtJQUM1QixvSkFBdUMsQ0FBQTtJQUN2Qyw0SUFBbUMsQ0FBQTtJQUNuQyw4SUFBb0MsQ0FBQTtJQUNwQyw4SEFBNEIsQ0FBQTtJQUU1QiwwSEFBMEIsQ0FBQTtJQUMxQixrSEFBc0IsQ0FBQTtJQUN0QixvR0FBZSxDQUFBO0lBQ2YsMEhBQTBCLENBQUE7SUFDMUIsd0hBQXlCLENBQUE7SUFFekIsa0lBQThCLENBQUE7SUFDOUIsNEdBQW1CLENBQUE7SUFDbkIsMElBQWtDLENBQUE7SUFFbEMsMEdBQWtCLENBQUE7SUFFbEIsc0hBQXdCLENBQUE7SUFDeEIsNEhBQTJCLENBQUE7SUFDM0Isc0dBQWdCLENBQUE7SUFDaEIsd0hBQXlCLENBQUE7SUFDekIsb0dBQWUsQ0FBQTtJQUNmLDRIQUEyQixDQUFBO0lBQzNCLDRGQUFXLENBQUE7SUFDWCx3R0FBaUIsQ0FBQTtJQUNqQixvR0FBZSxDQUFBO0lBQ2YsNEZBQVcsQ0FBQTtJQUNYLHNIQUF3QixDQUFBO0lBQ3hCLDhJQUFvQyxDQUFBO0lBQ3BDLHdHQUFpQixDQUFBO0lBQ2pCLG9IQUF1QixDQUFBO0lBQ3ZCLDhIQUE0QixDQUFBO0lBQzVCLDBJQUFrQyxDQUFBO0lBQ2xDLGtKQUFzQyxDQUFBO0lBQ3RDLHdHQUFpQixDQUFBO0lBQ2pCLDRIQUEyQixDQUFBO0lBQzNCLGtIQUFzQixDQUFBO0lBQ3RCLG9IQUF1QixDQUFBO0lBRXZCLDBJQUFrQyxDQUFBO0lBQ2xDLG9IQUF1QixDQUFBO0lBQ3ZCLHdJQUFpQyxDQUFBO0lBRWpDLGdKQUFxQyxDQUFBO0lBQ3JDLG9KQUF1QyxDQUFBO0lBQ3ZDLDhIQUE0QixDQUFBO0lBQzVCLHNKQUF3QyxDQUFBO0lBQ3hDLHNJQUFnQyxDQUFBO0lBQ2hDLGtKQUFzQyxDQUFBO0lBQ3RDLGtKQUFzQyxDQUFBO0lBQ3RDLGdKQUFxQyxDQUFBO0lBQ3JDLDhJQUFvQyxDQUFBO0lBQ3BDLGdKQUFxQyxDQUFBO0lBQ3JDLGdKQUFxQyxDQUFBO0lBRXJDLGtJQUE4QixDQUFBO0lBQzlCLG9IQUF1QixDQUFBO0lBQ3ZCLDhHQUFvQixDQUFBO0lBQ3BCLDhHQUFvQixDQUFBO0lBQ3BCLGtKQUFzQyxDQUFBO0lBQ3RDLHdHQUFpQixDQUFBO0lBQ2pCLDBIQUEwQixDQUFBO0lBQzFCLG9HQUFlLENBQUE7SUFDZixrSUFBOEIsQ0FBQTtJQUM5Qiw4SEFBNEIsQ0FBQTtJQUM1QixvSEFBdUIsQ0FBQTtJQUN2Qix3SkFBeUMsQ0FBQTtJQUN6Qyx3SUFBaUMsQ0FBQTtBQUNyQyxDQUFDLEVBcEdXLDJCQUEyQixHQUEzQixtQ0FBMkIsS0FBM0IsbUNBQTJCLFFBb0d0QztBQUVZLFFBQUEsOEJBQThCLEdBQUcsTUFBTSxDQUFDLE9BQU8sQ0FBQywyQkFBMkIsQ0FBQyxDQUFDLE1BQU0sQ0FDNUYsQ0FBQyxHQUE4QixFQUFFLENBQUMsS0FBSyxFQUFFLEdBQUcsQ0FBQyxFQUFFLEVBQUU7SUFDN0MsR0FBRyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEtBQUssQ0FBQztJQUVqQixPQUFPLEdBQUcsQ0FBQztBQUNmLENBQUMsRUFDRCxFQUFFLENBQ0wsQ0FBQztBQUVGLElBQVksT0FJWDtBQUpELFdBQVksT0FBTztJQUNmLHlEQUFrQixDQUFBO0lBQ2xCLHVEQUFhLENBQUE7SUFDYixpRUFBa0IsQ0FBQTtBQUN0QixDQUFDLEVBSlcsT0FBTyxHQUFQLGVBQU8sS0FBUCxlQUFPLFFBSWxCIn0=
|
|
@@ -5,7 +5,7 @@ export declare class DcapQuoteVerifyService {
|
|
|
5
5
|
constructor();
|
|
6
6
|
static checkErrorOrThrow(result: DcapQuoteVerificationStatus): void;
|
|
7
7
|
extractQuoteFromCert(pemOrDerCert: Buffer): Promise<Buffer>;
|
|
8
|
-
validateQuoteVerifierEnclave(quote: Buffer): Promise<void>;
|
|
8
|
+
validateQuoteVerifierEnclave(quote: Buffer, checkSecurity?: boolean): Promise<void>;
|
|
9
9
|
validateQuote({ quote, pemPckCertificate, pemIntermediateCrl, tcbInfoJson, qeIdentityJson, }: {
|
|
10
10
|
quote: Buffer;
|
|
11
11
|
pemPckCertificate: string;
|
|
@@ -19,13 +19,17 @@ class DcapQuoteVerifyService {
|
|
|
19
19
|
}
|
|
20
20
|
return this.quoteVerifier.extractQuoteFromCert(pemOrDerCert);
|
|
21
21
|
}
|
|
22
|
-
async validateQuoteVerifierEnclave(quote) {
|
|
22
|
+
async validateQuoteVerifierEnclave(quote, checkSecurity) {
|
|
23
|
+
checkSecurity = checkSecurity ?? false;
|
|
23
24
|
if (!quote?.length) {
|
|
24
25
|
throw new errors_1.AttestationDcapQuoteVerifyEnclaveError("empty quote");
|
|
25
26
|
}
|
|
26
27
|
const verifyResult = this.quoteVerifier.verifyQuoteDcap(quote);
|
|
27
|
-
if (verifyResult
|
|
28
|
-
throw new errors_1.
|
|
28
|
+
if (checkSecurity && verifyResult.smtEnabled === consts_1.PckFlag.PCK_FLAG_TRUE) {
|
|
29
|
+
throw new errors_1.QuoteSecurityValidationError(verifyResult);
|
|
30
|
+
}
|
|
31
|
+
if (verifyResult.verificationResult !== 0) {
|
|
32
|
+
throw new errors_1.QuoteValidationError(verifyResult.verificationResult);
|
|
29
33
|
}
|
|
30
34
|
}
|
|
31
35
|
async validateQuote({ quote, pemPckCertificate, pemIntermediateCrl, tcbInfoJson, qeIdentityJson, }) {
|
|
@@ -62,4 +66,4 @@ class DcapQuoteVerifyService {
|
|
|
62
66
|
}
|
|
63
67
|
}
|
|
64
68
|
exports.DcapQuoteVerifyService = DcapQuoteVerifyService;
|
|
65
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
69
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZGNhcC1xdW90ZS12ZXJpZnkuc2VydmljZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9zZ3gtbmF0aXZlLW1vZHVsZS9kY2FwLXF1b3RlLXZlcmlmeS5zZXJ2aWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLE1BQU0sRUFBRSxzQkFBc0IsRUFBRSxHQUFHLE9BQU8sQ0FBQyx5REFBeUQsQ0FBQyxDQUFDO0FBQ3RHLHFDQUtrQjtBQUNsQixxQ0FLa0I7QUFxRGxCLE1BQWEsc0JBQXNCO0lBRy9CO1FBQ0ksSUFBSSxDQUFDLGFBQWEsR0FBRyxJQUFJLHNCQUFzQixFQUFFLENBQUM7SUFDdEQsQ0FBQztJQUVELE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxNQUFtQztRQUN4RCxJQUFJLE1BQU0sS0FBSyxvQ0FBMkIsQ0FBQyxFQUFFLEVBQUU7WUFDM0MsTUFBTSxJQUFJLCtDQUFzQyxDQUFDLHVDQUE4QixDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUM7U0FDNUY7SUFDTCxDQUFDO0lBRUQsS0FBSyxDQUFDLG9CQUFvQixDQUFDLFlBQW9CO1FBQzNDLElBQUksQ0FBQyxZQUFZLEVBQUUsTUFBTSxFQUFFO1lBQ3ZCLE1BQU0sSUFBSSwrQ0FBc0MsQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO1NBQ3pFO1FBRUQsT0FBTyxJQUFJLENBQUMsYUFBYSxDQUFDLG9CQUFvQixDQUFDLFlBQVksQ0FBQyxDQUFDO0lBQ2pFLENBQUM7SUFFRCxLQUFLLENBQUMsNEJBQTRCLENBQUMsS0FBYSxFQUFFLGFBQXVCO1FBQ3JFLGFBQWEsR0FBRyxhQUFhLElBQUksS0FBSyxDQUFDO1FBRXZDLElBQUksQ0FBQyxLQUFLLEVBQUUsTUFBTSxFQUFFO1lBQ2hCLE1BQU0sSUFBSSwrQ0FBc0MsQ0FBQyxhQUFhLENBQUMsQ0FBQztTQUNuRTtRQUVELE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxhQUFhLENBQUMsZUFBZSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQy9ELElBQUksYUFBYSxJQUFJLFlBQVksQ0FBQyxVQUFVLEtBQUssZ0JBQU8sQ0FBQyxhQUFhLEVBQUU7WUFDcEUsTUFBTSxJQUFJLHFDQUE0QixDQUFDLFlBQVksQ0FBQyxDQUFDO1NBQ3hEO1FBQ0QsSUFBSSxZQUFZLENBQUMsa0JBQWtCLEtBQUssQ0FBQyxFQUFFO1lBQ3ZDLE1BQU0sSUFBSSw2QkFBb0IsQ0FBQyxZQUFZLENBQUMsa0JBQWtCLENBQUMsQ0FBQztTQUNuRTtJQUNMLENBQUM7SUFFRCxLQUFLLENBQUMsYUFBYSxDQUFDLEVBQ2hCLEtBQUssRUFDTCxpQkFBaUIsRUFDakIsa0JBQWtCLEVBQ2xCLFdBQVcsRUFDWCxjQUFjLEdBT2pCO1FBQ0csc0JBQXNCLENBQUMsaUJBQWlCLENBQ3BDLElBQUksQ0FBQyxhQUFhLENBQUMsV0FBVyxDQUFDLEtBQUssRUFBRSxpQkFBaUIsRUFBRSxrQkFBa0IsRUFBRSxXQUFXLEVBQUUsY0FBYyxDQUFDLENBQzVHLENBQUM7SUFDTixDQUFDO0lBRUQsS0FBSyxDQUFDLHFCQUFxQixDQUFDLEVBQ3hCLGFBQWEsRUFDYixlQUFlLEdBSWxCO1FBQ0csc0JBQXNCLENBQUMsaUJBQWlCLENBQ3BDLElBQUksQ0FBQyxhQUFhLENBQUMsbUJBQW1CLENBQUMsYUFBYSxFQUFFLGVBQWUsQ0FBQyxDQUN6RSxDQUFDO0lBQ04sQ0FBQztJQUVELHdCQUF3QjtRQUNwQixPQUFPLElBQUksQ0FBQyxhQUFhLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztJQUNsRCxDQUFDO0lBRUQsY0FBYztRQUNWLE9BQU8sSUFBSSxDQUFDLGFBQWEsQ0FBQyxVQUFVLEVBQUUsQ0FBQztJQUMzQyxDQUFDO0lBRUQsS0FBSyxDQUFDLHNCQUFzQixDQUFDLEVBQUUsS0FBSyxFQUFxQjtRQUlyRCxNQUFNLENBQUMsTUFBTSxFQUFFLFlBQVksRUFBRSxVQUFVLENBQUMsR0FBRyxJQUFJLENBQUMsYUFBYSxDQUFDLHNCQUFzQixDQUFDLEtBQUssQ0FBQyxDQUFDO1FBRTVGLHNCQUFzQixDQUFDLGlCQUFpQixDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBRWpELE9BQU87WUFDSCxZQUFZO1lBQ1osVUFBVTtTQUNiLENBQUM7SUFDTixDQUFDO0lBRUQsS0FBSyxDQUFDLHNCQUFzQixDQUFDLEVBQ3pCLFlBQVksRUFDWixZQUFZLEVBQ1osb0JBQW9CLEVBQ3BCLG9CQUFvQixFQUNwQixtQkFBbUIsR0FPdEI7UUFDRyxzQkFBc0IsQ0FBQyxpQkFBaUIsQ0FDcEMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxvQkFBb0IsQ0FDbkMsWUFBWSxFQUNaLENBQUMsWUFBWSxFQUFFLG9CQUFvQixDQUFDLEVBQ3BDLG9CQUFvQixFQUNwQixtQkFBbUIsQ0FDdEIsQ0FDSixDQUFDO0lBQ04sQ0FBQztJQUVELEtBQUssQ0FBQyxlQUFlLENBQUMsRUFDbEIsV0FBVyxFQUNYLFlBQVksRUFDWixZQUFZLEVBQ1osb0JBQW9CLEVBQ3BCLG1CQUFtQixHQU90QjtRQUNHLHNCQUFzQixDQUFDLGlCQUFpQixDQUNwQyxJQUFJLENBQUMsYUFBYSxDQUFDLGFBQWEsQ0FDNUIsV0FBVyxFQUNYLFlBQVksRUFDWixZQUFZLEVBQ1osb0JBQW9CLEVBQ3BCLG1CQUFtQixDQUN0QixDQUNKLENBQUM7SUFDTixDQUFDO0lBRUQsS0FBSyxDQUFDLHVCQUF1QixDQUFDLEVBQzFCLG1CQUFtQixFQUNuQixZQUFZLEVBQ1osWUFBWSxFQUNaLG9CQUFvQixFQUNwQixtQkFBbUIsR0FPdEI7UUFDRyxzQkFBc0IsQ0FBQyxpQkFBaUIsQ0FDcEMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxxQkFBcUIsQ0FDcEMsbUJBQW1CLEVBQ25CLFlBQVksRUFDWixZQUFZLEVBQ1osb0JBQW9CLEVBQ3BCLG1CQUFtQixDQUN0QixDQUNKLENBQUM7SUFDTixDQUFDO0lBRUQsS0FBSyxDQUFDLHlCQUF5QixDQUFDLEVBQzVCLE1BQU0sRUFDTixjQUFjLEVBQ2Qsb0JBQW9CLEdBS3ZCO1FBQ0csc0JBQXNCLENBQUMsaUJBQWlCLENBQ3BDLElBQUksQ0FBQyxhQUFhLENBQUMsdUJBQXVCLENBQUMsTUFBTSxFQUFFLGNBQWMsRUFBRSxvQkFBb0IsQ0FBQyxDQUMzRixDQUFDO0lBQ04sQ0FBQztDQUNKO0FBN0tELHdEQTZLQyJ9
|
|
@@ -25,19 +25,29 @@ export declare type TeeRunMemoryBenchmarkType = {
|
|
|
25
25
|
memBandwidth: number;
|
|
26
26
|
memСonfirmedSize: number;
|
|
27
27
|
};
|
|
28
|
+
export declare type TeeGetKeyResult = {
|
|
29
|
+
key: Buffer;
|
|
30
|
+
request: Buffer;
|
|
31
|
+
};
|
|
28
32
|
export declare class EnclaveService {
|
|
29
33
|
private readonly tmpFolder;
|
|
30
34
|
private readonly sgx;
|
|
31
35
|
constructor(tmpFolder?: string);
|
|
32
36
|
/**
|
|
33
37
|
* Requests secret keys from cpu.
|
|
34
|
-
* @param
|
|
35
|
-
* @
|
|
38
|
+
* @param type Value from enum @type KeyType
|
|
39
|
+
* @param policy Value from enum @type KeyPolicy
|
|
40
|
+
* @param previousRequest Request, for example received in a previous call to this method,
|
|
41
|
+
* can be undefined - this way a new request will be generated
|
|
42
|
+
* @returns Key and request, generated by method.
|
|
43
|
+
*/
|
|
44
|
+
getSecretKey(type: KeyType, policy: KeyPolicy, previousRequest?: Buffer): Promise<TeeGetKeyResult>;
|
|
45
|
+
/**
|
|
46
|
+
* Determines whether the request to obtain the key is outdated, for example, cpu_svn or isv_svn were updated
|
|
47
|
+
* @param previousRequest - Key Request
|
|
48
|
+
* @returns True if the request is outdated, false - the request is up to date
|
|
36
49
|
*/
|
|
37
|
-
|
|
38
|
-
type: KeyType;
|
|
39
|
-
policy: KeyPolicy;
|
|
40
|
-
}): Promise<Buffer>;
|
|
50
|
+
isOutdatedRequest(previousRequest: Buffer): Promise<boolean>;
|
|
41
51
|
/**
|
|
42
52
|
* Returns TEE device information.
|
|
43
53
|
* @returns
|
|
@@ -42,11 +42,25 @@ class EnclaveService {
|
|
|
42
42
|
}
|
|
43
43
|
/**
|
|
44
44
|
* Requests secret keys from cpu.
|
|
45
|
-
* @param
|
|
46
|
-
* @
|
|
45
|
+
* @param type Value from enum @type KeyType
|
|
46
|
+
* @param policy Value from enum @type KeyPolicy
|
|
47
|
+
* @param previousRequest Request, for example received in a previous call to this method,
|
|
48
|
+
* can be undefined - this way a new request will be generated
|
|
49
|
+
* @returns Key and request, generated by method.
|
|
50
|
+
*/
|
|
51
|
+
async getSecretKey(type, policy, previousRequest) {
|
|
52
|
+
if (!previousRequest) {
|
|
53
|
+
previousRequest = Buffer.alloc(0);
|
|
54
|
+
}
|
|
55
|
+
return this.sgx.getKey(type, policy, previousRequest);
|
|
56
|
+
}
|
|
57
|
+
/**
|
|
58
|
+
* Determines whether the request to obtain the key is outdated, for example, cpu_svn or isv_svn were updated
|
|
59
|
+
* @param previousRequest - Key Request
|
|
60
|
+
* @returns True if the request is outdated, false - the request is up to date
|
|
47
61
|
*/
|
|
48
|
-
async
|
|
49
|
-
return this.sgx.
|
|
62
|
+
async isOutdatedRequest(previousRequest) {
|
|
63
|
+
return this.sgx.isOutdatedRequest(previousRequest);
|
|
50
64
|
}
|
|
51
65
|
/**
|
|
52
66
|
* Returns TEE device information.
|
|
@@ -194,4 +208,4 @@ class EnclaveService {
|
|
|
194
208
|
}
|
|
195
209
|
}
|
|
196
210
|
exports.EnclaveService = EnclaveService;
|
|
197
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
211
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZW5jbGF2ZS5zZXJ2aWNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3NneC1uYXRpdmUtbW9kdWxlL2VuY2xhdmUuc2VydmljZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxNQUFNLEVBQUUsV0FBVyxFQUFFLGtCQUFrQixFQUFFLEdBQUcsT0FBTyxDQUFDLHlEQUF5RCxDQUFDLENBQUM7QUFDL0csbUNBQWlEO0FBQ2pELDJCQUF1RTtBQUN2RSwyQkFBNEI7QUFDNUIsK0JBQTRCO0FBQzVCLG1DQUF1RDtBQUd2RCxvQ0FBb0M7QUFDcEMsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDO0FBbURyQixNQUFNLGtCQUFrQixHQUFHLENBQUMsU0FBUyxHQUFHLE9BQU8sRUFBYSxFQUFFO0lBQzFELE1BQU0sYUFBYSxHQUFHO1FBQ2xCLEdBQUcsRUFBRSxNQUFNLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQztRQUM1QixPQUFPLEVBQUUsQ0FBQztLQUNiLENBQUM7SUFFRixPQUFPLElBQUksa0JBQVMsQ0FBQztRQUNqQixVQUFVLEVBQUUsS0FBSztRQUVqQixLQUFLLEVBQUUsQ0FBQyxRQUFRLEVBQUUsRUFBRTtZQUNoQixRQUFRLENBQUMsSUFBSSxFQUFFLGFBQWEsQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFDLENBQUMsRUFBRSxhQUFhLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQztZQUNyRSxhQUFhLENBQUMsR0FBRyxHQUFHLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDcEMsYUFBYSxDQUFDLE9BQU8sR0FBRyxDQUFDLENBQUM7UUFDOUIsQ0FBQztRQUNELFNBQVMsRUFBRSxVQUFVLEtBQUssRUFBRSxRQUFRLEVBQUUsUUFBUTtZQUMxQyxJQUFJLEtBQUssQ0FBQyxNQUFNLEdBQUcsYUFBYSxDQUFDLE9BQU8sR0FBRyxTQUFTLEVBQUU7Z0JBQ2xELE1BQU0sTUFBTSxHQUFHLEtBQUssQ0FBQyxJQUFJLENBQUMsYUFBYSxDQUFDLEdBQUcsRUFBRSxhQUFhLENBQUMsT0FBTyxDQUFDLENBQUM7Z0JBQ3BFLGFBQWEsQ0FBQyxPQUFPLElBQUksTUFBTSxDQUFDO2FBQ25DO2lCQUFNO2dCQUNILE1BQU0sU0FBUyxHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUFDLFFBQVEsQ0FBQyxDQUFDLEVBQUUsYUFBYSxDQUFDLE9BQU8sQ0FBQyxFQUFFLEtBQUssQ0FBQyxDQUFDLENBQUM7Z0JBQy9GLGFBQWEsQ0FBQyxPQUFPLEdBQUcsQ0FBQyxDQUFDO2dCQUMxQixJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDO2FBQ3hCO1lBQ0QsUUFBUSxDQUFDLElBQUksRUFBRSxJQUFJLENBQUMsQ0FBQztRQUN6QixDQUFDO0tBQ0osQ0FBQyxDQUFDO0FBQ1AsQ0FBQyxDQUFDO0FBRUYsTUFBYSxjQUFjO0lBR3ZCLFlBQTZCLFlBQVksSUFBQSxXQUFNLEdBQUU7UUFBcEIsY0FBUyxHQUFULFNBQVMsQ0FBVztRQUM3QyxJQUFJLENBQUMsR0FBRyxHQUFHLElBQUksV0FBVyxFQUFFLENBQUM7SUFDakMsQ0FBQztJQUVEOzs7Ozs7O09BT0c7SUFDSCxLQUFLLENBQUMsWUFBWSxDQUFDLElBQWEsRUFBRSxNQUFpQixFQUFFLGVBQXdCO1FBQ3pFLElBQUksQ0FBQyxlQUFlLEVBQUU7WUFDbEIsZUFBZSxHQUFHLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUM7U0FDckM7UUFFRCxPQUFPLElBQUksQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLElBQUksRUFBRSxNQUFNLEVBQVUsZUFBZSxDQUFDLENBQUM7SUFDbEUsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxLQUFLLENBQUMsaUJBQWlCLENBQUMsZUFBdUI7UUFDM0MsT0FBTyxJQUFJLENBQUMsR0FBRyxDQUFDLGlCQUFpQixDQUFDLGVBQWUsQ0FBQyxDQUFDO0lBQ3ZELENBQUM7SUFFRDs7O09BR0c7SUFDSCxLQUFLLENBQUMsZ0JBQWdCO1FBQ2xCLE9BQU8sSUFBSSxDQUFDLEdBQUcsQ0FBQyxhQUFhLEVBQUUsQ0FBQztJQUNwQyxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILEtBQUssQ0FBQyx3QkFBd0IsQ0FBQyxpQkFBeUI7UUFDcEQsT0FBTyxJQUFJLENBQUMsR0FBRyxDQUFDLGVBQWUsQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO0lBQ3ZELENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsS0FBSyxDQUFDLDJCQUEyQixDQUFDLDRCQUFvQztRQUNsRSxPQUFPLElBQUksQ0FBQyxHQUFHLENBQUMsa0JBQWtCLENBQUMsNEJBQTRCLENBQUMsQ0FBQztJQUNyRSxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0gsS0FBSyxDQUFDLHlCQUF5QixDQUMzQixRQUFnQixFQUNoQixXQUFxQixFQUNyQixTQUFpQjtRQUVqQixNQUFNLFdBQVcsR0FBRyxJQUFBLFdBQUksRUFBQyxJQUFJLENBQUMsU0FBUyxFQUFFLFNBQVMsR0FBRyxJQUFBLG9CQUFXLEVBQUMsRUFBRSxDQUFDLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxHQUFHLE1BQU0sQ0FBQyxDQUFDO1FBRS9GLE1BQU0sY0FBYyxHQUNoQixTQUFTLENBQUMsTUFBTSxLQUFLLEVBQUU7WUFDbkIsQ0FBQyxDQUFDLElBQUEsbUJBQVUsRUFBQyxRQUFRLEVBQUUsU0FBUyxDQUFDLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxDQUFDLE1BQU0sRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDO1lBQ3pFLENBQUMsQ0FBQyxTQUFTLENBQUM7UUFFcEIsSUFBSSxNQUFNLEdBQStCLElBQUksQ0FBQztRQUU5QyxJQUFJO1lBQ0EsTUFBTSxHQUF3QixJQUFJLGtCQUFrQixDQUFDLFdBQVcsRUFBRSxRQUFRLEVBQUUsY0FBYyxFQUFFLElBQUksQ0FBQyxDQUFDO1lBQ2xHLElBQUksU0FBUyxHQUFHLENBQUMsQ0FBQztZQUNsQixJQUFJLFdBQVcsR0FBRyxPQUFPLENBQUM7WUFDMUIsSUFBSSxPQUFPLENBQUMsR0FBRyxDQUFDLDJDQUEyQyxDQUFDLEVBQUU7Z0JBQzFELFdBQVcsR0FBRyxRQUFRLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQywyQ0FBMkMsQ0FBQyxDQUFDLENBQUM7YUFDcEY7WUFDRCxJQUFJLGVBQWUsR0FBRyxDQUFDLENBQUM7WUFDeEIsTUFBTSxhQUFhLEdBQUcsRUFBRSxDQUFDO1lBRXpCLElBQUksS0FBSyxFQUFFLE1BQU0sS0FBSyxJQUFJLFdBQVcsQ0FBQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsV0FBVyxDQUFDLENBQUMsRUFBRTtnQkFDekUsSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLEVBQUU7b0JBQ2Ysc0NBQXNDO29CQUN0QyxTQUFTO2lCQUNaO2dCQUVELE1BQU0sV0FBVyxHQUFHLE1BQU0sTUFBTSxDQUFDLEtBQUssQ0FBQyxTQUFTLEVBQUUsS0FBSyxDQUFDLENBQUM7Z0JBRXpELElBQUksV0FBVyxLQUFLLEtBQUssQ0FBQyxNQUFNLEVBQUU7b0JBQzlCLE1BQU0sSUFBSSxLQUFLLENBQ1gsaUJBQWlCLEtBQUssQ0FBQyxNQUFNLHNCQUFzQixRQUFRLElBQUksV0FBVyxrQkFBa0IsV0FBVyxRQUFRLENBQ2xILENBQUM7aUJBQ0w7Z0JBRUQsU0FBUyxJQUFJLFdBQVcsQ0FBQztnQkFFekIsSUFBSSxlQUFlLElBQUksZUFBZSxFQUFFLEdBQUcsYUFBYSxFQUFFO29CQUN0RCxNQUFNLE1BQU0sQ0FBQyxLQUFLLEVBQUUsQ0FBQztpQkFDeEI7YUFDSjtZQUVELE1BQU0sTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDO1lBRXJCLE9BQU87Z0JBQ0gsUUFBUSxFQUFFLFdBQVc7Z0JBQ3JCLFFBQVEsRUFBRSxDQUFDLE1BQU0sYUFBVSxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQyxDQUFDLElBQUk7Z0JBQ25ELFdBQVcsRUFBRSxTQUFTO2FBQ3pCLENBQUM7U0FDTDtRQUFDLE9BQU8sS0FBSyxFQUFFO1lBQ1osSUFBSSxNQUFNLEVBQUU7Z0JBQ1IsTUFBTSxNQUFNLENBQUMsS0FBSyxFQUFFLENBQUM7Z0JBRXJCLE1BQU0sYUFBVSxDQUFDLEVBQUUsQ0FBQyxXQUFXLEVBQUU7b0JBQzdCLFNBQVMsRUFBRSxJQUFJO29CQUNmLEtBQUssRUFBRSxJQUFJO2lCQUNkLENBQUMsQ0FBQzthQUNOO1lBRUQsTUFBTSxLQUFLLENBQUM7U0FDZjtJQUNMLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSCxLQUFLLENBQUMsd0JBQXdCLENBQzFCLFFBQWdCLEVBQ2hCLFdBQXFCLEVBQ3JCLFNBQWlCO1FBRWpCLE1BQU0sV0FBVyxHQUFHLElBQUEsV0FBSSxFQUFDLElBQUksQ0FBQyxTQUFTLEVBQUUsU0FBUyxHQUFHLElBQUEsb0JBQVcsRUFBQyxFQUFFLENBQUMsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLEdBQUcsTUFBTSxDQUFDLENBQUM7UUFFL0YsTUFBTSxjQUFjLEdBQ2hCLFNBQVMsQ0FBQyxNQUFNLEtBQUssRUFBRTtZQUNuQixDQUFDLENBQUMsSUFBQSxtQkFBVSxFQUFDLFFBQVEsRUFBRSxTQUFTLENBQUMsQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLENBQUMsTUFBTSxFQUFFLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUM7WUFDekUsQ0FBQyxDQUFDLFNBQVMsQ0FBQztRQUVwQixJQUFJLEtBQUssR0FBK0IsSUFBSSxDQUFDO1FBRTdDLElBQUk7WUFDQSxNQUFNLGFBQWEsR0FBRyxJQUFBLHNCQUFpQixFQUFDLFdBQVcsQ0FBQyxDQUFDO1lBRXJELE1BQU0saUJBQVEsQ0FBQyxRQUFRLENBQUMsV0FBVyxFQUFFLGFBQWEsQ0FBQyxDQUFDO1lBRXBELEtBQUssR0FBd0IsSUFBSSxrQkFBa0IsQ0FBQyxXQUFXLEVBQUUsUUFBUSxFQUFFLGNBQWMsRUFBRSxLQUFLLENBQUMsQ0FBQztZQUNsRyxNQUFNLGdCQUFnQixHQUFHLEtBQUssQ0FBQyxJQUFJLEVBQUUsQ0FBQztZQUN0QyxNQUFNLGFBQWEsR0FBRyxPQUFPLEdBQUcsQ0FBQyxDQUFDO1lBQ2xDLElBQUksU0FBUyxHQUFHLEtBQUssQ0FBQztZQUN0QixJQUFJLE1BQU0sR0FBRyxDQUFDLENBQUM7WUFDZixJQUFJLGNBQWMsR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBRXJDLE1BQU0sZUFBZSxHQUFHLElBQUksaUJBQVEsQ0FBQztnQkFDakMsSUFBSSxFQUFFLEtBQUssV0FBVyxXQUFtQjtvQkFDckMsSUFBSSxTQUFTLElBQUksQ0FBQyxjQUFjLENBQUMsTUFBTSxFQUFFO3dCQUNyQyxJQUFJLEtBQUssRUFBRTs0QkFDUCxNQUFNLEtBQUssQ0FBQyxLQUFLLEVBQUUsQ0FBQzt5QkFDdkI7d0JBRUQsT0FBTyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDO3FCQUMxQjtvQkFFRCxJQUFJLFVBQVUsR0FBRyxjQUFjLENBQUM7b0JBQ2hDLElBQUksZ0JBQWdCLEdBQUcsV0FBVyxHQUFHLFVBQVUsQ0FBQyxNQUFNLENBQUM7b0JBRXZELE9BQU8sQ0FBQyxTQUFTLElBQUksZ0JBQWdCLEdBQUcsQ0FBQyxFQUFFO3dCQUN2QyxNQUFNLEtBQUssR0FBRyxNQUFNLEtBQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLGFBQWEsQ0FBQyxDQUFDO3dCQUV2RCxJQUFJLENBQUMsS0FBSyxFQUFFLE1BQU0sRUFBRTs0QkFDaEIsU0FBUyxHQUFHLElBQUksQ0FBQzs0QkFDakIsTUFBTTt5QkFDVDt3QkFFRCxVQUFVLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDLFVBQVUsRUFBRSxLQUFLLENBQUMsQ0FBQyxDQUFDO3dCQUNoRCxNQUFNLElBQUksS0FBSyxDQUFDLE1BQU0sQ0FBQzt3QkFDdkIsZ0JBQWdCLElBQUksS0FBSyxDQUFDLE1BQU0sQ0FBQzt3QkFFakMsSUFBSSxLQUFLLENBQUMsTUFBTSxHQUFHLGFBQWEsRUFBRTs0QkFDOUIsU0FBUyxHQUFHLElBQUksQ0FBQzs0QkFDakIsTUFBTTt5QkFDVDtxQkFDSjtvQkFFRCxjQUFjLEdBQUcsVUFBVSxDQUFDLEtBQUssQ0FBQyxXQUFXLENBQUMsQ0FBQztvQkFFL0MsSUFBSSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxXQUFXLENBQUMsQ0FBQyxDQUFDO2dCQUNoRCxDQUFDO2FBQ0osQ0FBQyxDQUFDO1lBRUgsT0FBTztnQkFDSCxRQUFRLEVBQUUsV0FBVztnQkFDckIsVUFBVSxFQUFFLGVBQWU7Z0JBQzNCLFFBQVEsRUFBRSxnQkFBZ0I7YUFDN0IsQ0FBQztTQUNMO1FBQUMsT0FBTyxLQUFLLEVBQUU7WUFDWixNQUFNLGFBQVUsQ0FBQyxFQUFFLENBQUMsV0FBVyxFQUFFO2dCQUM3QixTQUFTLEVBQUUsSUFBSTtnQkFDZixLQUFLLEVBQUUsSUFBSTthQUNkLENBQUMsQ0FBQztZQUVILElBQUksS0FBSyxFQUFFO2dCQUNQLE1BQU0sS0FBSyxDQUFDLEtBQUssRUFBRSxDQUFDO2FBQ3ZCO1lBRUQsTUFBTSxLQUFLLENBQUM7U0FDZjtJQUNMLENBQUM7Q0FDSjtBQTNORCx3Q0EyTkMifQ==
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { QuoteVerificationResultType } from "./consts";
|
|
1
2
|
export declare class AttestationDcapQuoteVerifyServiceError extends Error {
|
|
2
3
|
constructor(msg?: string);
|
|
3
4
|
}
|
|
@@ -9,6 +10,10 @@ export declare class QuoteValidationError extends AttestationDcapQuoteVerifyEncl
|
|
|
9
10
|
criticalError: boolean;
|
|
10
11
|
constructor(verifyResult: number);
|
|
11
12
|
}
|
|
13
|
+
export declare class QuoteSecurityValidationError extends AttestationDcapQuoteVerifyEnclaveError {
|
|
14
|
+
readonly verifyResult: QuoteVerificationResultType;
|
|
15
|
+
constructor(verifyResult: QuoteVerificationResultType);
|
|
16
|
+
}
|
|
12
17
|
export declare class PkiServiceError extends Error {
|
|
13
18
|
constructor(msg?: string);
|
|
14
19
|
}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.PkiServiceError = exports.QuoteValidationError = exports.AttestationDcapQuoteVerifyEnclaveError = exports.AttestationDcapQuoteVerifyServiceError = void 0;
|
|
3
|
+
exports.PkiServiceError = exports.QuoteSecurityValidationError = exports.QuoteValidationError = exports.AttestationDcapQuoteVerifyEnclaveError = exports.AttestationDcapQuoteVerifyServiceError = void 0;
|
|
4
|
+
const consts_1 = require("./consts");
|
|
4
5
|
class AttestationDcapQuoteVerifyServiceError extends Error {
|
|
5
6
|
constructor(msg) {
|
|
6
7
|
super(msg);
|
|
@@ -24,18 +25,18 @@ class QuoteValidationError extends AttestationDcapQuoteVerifyEnclaveError {
|
|
|
24
25
|
this.criticalError = false;
|
|
25
26
|
switch (verifyResult) {
|
|
26
27
|
case 0xa001:
|
|
27
|
-
this.message = `The SGX platform firmware and SW are at the latest security patching level but there are
|
|
28
|
+
this.message = `The SGX platform firmware and SW are at the latest security patching level but there are
|
|
28
29
|
platform hardware configurations may expose the enclave to vulnerabilities.`;
|
|
29
30
|
break;
|
|
30
31
|
case 0xa002:
|
|
31
32
|
case 0xa003:
|
|
32
33
|
case 0xa004:
|
|
33
|
-
this.message = `The SGX platform firmware and SW are not at the latest security patching level. The
|
|
34
|
+
this.message = `The SGX platform firmware and SW are not at the latest security patching level. The
|
|
34
35
|
platform needs to be patched with firmware and/or software patches.`;
|
|
35
36
|
break;
|
|
36
37
|
case 0xa007:
|
|
37
38
|
case 0xa008:
|
|
38
|
-
this.message = `The SGX platform firmware and SW are at the latest security patching level but there
|
|
39
|
+
this.message = `The SGX platform firmware and SW are at the latest security patching level but there
|
|
39
40
|
are certain vulnerabilities that can only be mitigated with software mitigations implemented by the enclave.`;
|
|
40
41
|
break;
|
|
41
42
|
default:
|
|
@@ -46,6 +47,18 @@ class QuoteValidationError extends AttestationDcapQuoteVerifyEnclaveError {
|
|
|
46
47
|
}
|
|
47
48
|
}
|
|
48
49
|
exports.QuoteValidationError = QuoteValidationError;
|
|
50
|
+
class QuoteSecurityValidationError extends AttestationDcapQuoteVerifyEnclaveError {
|
|
51
|
+
constructor(verifyResult) {
|
|
52
|
+
super();
|
|
53
|
+
this.verifyResult = verifyResult;
|
|
54
|
+
this.verifyResult = verifyResult;
|
|
55
|
+
this.message = "Invalid CPU settings are being used.";
|
|
56
|
+
if (verifyResult.smtEnabled === consts_1.PckFlag.PCK_FLAG_TRUE) {
|
|
57
|
+
this.message = " HyperThreading (SMT) is enabled. Please disable it in BIOS.";
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
exports.QuoteSecurityValidationError = QuoteSecurityValidationError;
|
|
49
62
|
class PkiServiceError extends Error {
|
|
50
63
|
constructor(msg) {
|
|
51
64
|
super(msg);
|
|
@@ -53,4 +66,4 @@ class PkiServiceError extends Error {
|
|
|
53
66
|
}
|
|
54
67
|
}
|
|
55
68
|
exports.PkiServiceError = PkiServiceError;
|
|
56
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
69
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXJyb3JzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3NneC1uYXRpdmUtbW9kdWxlL2Vycm9ycy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxxQ0FBZ0U7QUFFaEUsTUFBYSxzQ0FBdUMsU0FBUSxLQUFLO0lBQzdELFlBQVksR0FBWTtRQUNwQixLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDWCxJQUFJLENBQUMsSUFBSSxHQUFHLHNDQUFzQyxDQUFDLElBQUksQ0FBQztJQUM1RCxDQUFDO0NBQ0o7QUFMRCx3RkFLQztBQUVELE1BQWEsc0NBQXVDLFNBQVEsS0FBSztJQUM3RCxZQUFZLEdBQVk7UUFDcEIsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ1gsSUFBSSxDQUFDLElBQUksR0FBRyxzQ0FBc0MsQ0FBQyxJQUFJLENBQUM7SUFDNUQsQ0FBQztDQUNKO0FBTEQsd0ZBS0M7QUFFRCxNQUFhLG9CQUFxQixTQUFRLHNDQUFzQztJQUU1RSxZQUE0QixZQUFvQjtRQUM1QyxLQUFLLEVBQUUsQ0FBQztRQURnQixpQkFBWSxHQUFaLFlBQVksQ0FBUTtRQUR6QyxrQkFBYSxHQUFHLEtBQUssQ0FBQztRQUd6QixJQUFJLENBQUMsWUFBWSxHQUFHLFlBQVksQ0FBQztRQUNqQyxJQUFJLENBQUMsYUFBYSxHQUFHLEtBQUssQ0FBQztRQUUzQixRQUFRLFlBQVksRUFBRTtZQUNsQixLQUFLLE1BQU07Z0JBQ1AsSUFBSSxDQUFDLE9BQU8sR0FBRzs0RkFDNkQsQ0FBQztnQkFDN0UsTUFBTTtZQUNWLEtBQUssTUFBTSxDQUFDO1lBQ1osS0FBSyxNQUFNLENBQUM7WUFDWixLQUFLLE1BQU07Z0JBQ1AsSUFBSSxDQUFDLE9BQU8sR0FBRztvRkFDcUQsQ0FBQztnQkFDckUsTUFBTTtZQUNWLEtBQUssTUFBTSxDQUFDO1lBQ1osS0FBSyxNQUFNO2dCQUNQLElBQUksQ0FBQyxPQUFPLEdBQUc7NkhBQzhGLENBQUM7Z0JBQzlHLE1BQU07WUFDVjtnQkFDSSxJQUFJLENBQUMsYUFBYSxHQUFHLElBQUksQ0FBQztnQkFDMUIsSUFBSSxDQUFDLE9BQU8sR0FBRyxxREFBcUQsTUFBTSxDQUFDLFlBQVksQ0FBQyxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDO2dCQUN4RyxNQUFNO1NBQ2I7SUFDTCxDQUFDO0NBQ0o7QUE3QkQsb0RBNkJDO0FBRUQsTUFBYSw0QkFBNkIsU0FBUSxzQ0FBc0M7SUFDcEYsWUFBNEIsWUFBeUM7UUFDakUsS0FBSyxFQUFFLENBQUM7UUFEZ0IsaUJBQVksR0FBWixZQUFZLENBQTZCO1FBRWpFLElBQUksQ0FBQyxZQUFZLEdBQUcsWUFBWSxDQUFDO1FBQ2pDLElBQUksQ0FBQyxPQUFPLEdBQUcsc0NBQXNDLENBQUM7UUFDdEQsSUFBSSxZQUFZLENBQUMsVUFBVSxLQUFLLGdCQUFPLENBQUMsYUFBYSxFQUFFO1lBQ25ELElBQUksQ0FBQyxPQUFPLEdBQUcsOERBQThELENBQUM7U0FDakY7SUFDTCxDQUFDO0NBQ0o7QUFURCxvRUFTQztBQUVELE1BQWEsZUFBZ0IsU0FBUSxLQUFLO0lBQ3RDLFlBQVksR0FBWTtRQUNwQixLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDWCxJQUFJLENBQUMsSUFBSSxHQUFHLGVBQWUsQ0FBQyxJQUFJLENBQUM7SUFDckMsQ0FBQztDQUNKO0FBTEQsMENBS0MifQ==
|
|
@@ -1,11 +1,52 @@
|
|
|
1
1
|
/// <reference types="node" />
|
|
2
|
+
export declare type TlsCertResult = {
|
|
3
|
+
key: Buffer;
|
|
4
|
+
cert: Buffer;
|
|
5
|
+
};
|
|
6
|
+
export declare enum CertificateKeyType {
|
|
7
|
+
RSA = "RSA",
|
|
8
|
+
ECP = "ECP"
|
|
9
|
+
}
|
|
2
10
|
export declare enum CertificateFormat {
|
|
3
11
|
PEM = "PEM",
|
|
4
12
|
DER = "DER"
|
|
5
13
|
}
|
|
14
|
+
export declare enum ECPCurve {
|
|
15
|
+
SECP192R1 = "SECP192R1" /*!< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1. */,
|
|
16
|
+
SECP224R1 = "SECP224R1" /*!< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1. */,
|
|
17
|
+
SECP256R1 = "SECP256R1" /*!< Domain parameters for the 256-bit curve defined by FIPS 186-4 and SEC1. */,
|
|
18
|
+
SECP384R1 = "SECP384R1" /*!< Domain parameters for the 384-bit curve defined by FIPS 186-4 and SEC1. */,
|
|
19
|
+
SECP521R1 = "SECP521R1" /*!< Domain parameters for the 521-bit curve defined by FIPS 186-4 and SEC1. */,
|
|
20
|
+
BP256R1 = "BP256R1" /*!< Domain parameters for 256-bit Brainpool curve. */,
|
|
21
|
+
BP384R1 = "BP384R1" /*!< Domain parameters for 384-bit Brainpool curve. */,
|
|
22
|
+
BP512R1 = "BP512R1" /*!< Domain parameters for 512-bit Brainpool curve. */,
|
|
23
|
+
SECP192K1 = "SECP192K1" /*!< Domain parameters for 192-bit "Koblitz" curve. */,
|
|
24
|
+
SECP224K1 = "SECP224K1" /*!< Domain parameters for 224-bit "Koblitz" curve. */,
|
|
25
|
+
SECP256K1 = "SECP256K1" /*!< Domain parameters for 256-bit "Koblitz" curve. */
|
|
26
|
+
}
|
|
27
|
+
export declare type TLSCertParams = {
|
|
28
|
+
format?: CertificateFormat;
|
|
29
|
+
subject?: {
|
|
30
|
+
commonName?: string;
|
|
31
|
+
countryName?: string;
|
|
32
|
+
state?: string;
|
|
33
|
+
localityName?: string;
|
|
34
|
+
organizationName?: string;
|
|
35
|
+
organizationUnit?: string;
|
|
36
|
+
};
|
|
37
|
+
keyType?: CertificateKeyType;
|
|
38
|
+
withQuote?: boolean;
|
|
39
|
+
rsaKeyBits?: number;
|
|
40
|
+
ecpCurve?: ECPCurve;
|
|
41
|
+
serialNumber?: string;
|
|
42
|
+
days?: number;
|
|
43
|
+
dnsNames?: string[];
|
|
44
|
+
ips?: string[];
|
|
45
|
+
};
|
|
6
46
|
export declare class PkiService {
|
|
7
47
|
private readonly cryptoPrimitives;
|
|
8
48
|
constructor();
|
|
9
49
|
validateChain(certs: Buffer, format?: CertificateFormat): Promise<boolean>;
|
|
10
50
|
validateHostname(certs: Buffer, hostnameOrIp: string, format?: CertificateFormat): Promise<boolean>;
|
|
51
|
+
generateTlsCertificate(params?: TLSCertParams): Promise<TlsCertResult>;
|
|
11
52
|
}
|
|
@@ -1,12 +1,33 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.PkiService = exports.CertificateFormat = void 0;
|
|
3
|
+
exports.PkiService = exports.ECPCurve = exports.CertificateFormat = exports.CertificateKeyType = void 0;
|
|
4
4
|
const { CryptoPrimitives } = require("../../bindings/sgx-native/build/Release/sgx_native.node");
|
|
5
|
+
var CertificateKeyType;
|
|
6
|
+
(function (CertificateKeyType) {
|
|
7
|
+
CertificateKeyType["RSA"] = "RSA";
|
|
8
|
+
CertificateKeyType["ECP"] = "ECP";
|
|
9
|
+
})(CertificateKeyType = exports.CertificateKeyType || (exports.CertificateKeyType = {}));
|
|
5
10
|
var CertificateFormat;
|
|
6
11
|
(function (CertificateFormat) {
|
|
7
12
|
CertificateFormat["PEM"] = "PEM";
|
|
8
13
|
CertificateFormat["DER"] = "DER";
|
|
9
14
|
})(CertificateFormat = exports.CertificateFormat || (exports.CertificateFormat = {}));
|
|
15
|
+
var ECPCurve;
|
|
16
|
+
(function (ECPCurve) {
|
|
17
|
+
ECPCurve["SECP192R1"] = "SECP192R1"; /*!< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1. */
|
|
18
|
+
ECPCurve["SECP224R1"] = "SECP224R1"; /*!< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1. */
|
|
19
|
+
ECPCurve["SECP256R1"] = "SECP256R1"; /*!< Domain parameters for the 256-bit curve defined by FIPS 186-4 and SEC1. */
|
|
20
|
+
ECPCurve["SECP384R1"] = "SECP384R1"; /*!< Domain parameters for the 384-bit curve defined by FIPS 186-4 and SEC1. */
|
|
21
|
+
ECPCurve["SECP521R1"] = "SECP521R1"; /*!< Domain parameters for the 521-bit curve defined by FIPS 186-4 and SEC1. */
|
|
22
|
+
ECPCurve["BP256R1"] = "BP256R1"; /*!< Domain parameters for 256-bit Brainpool curve. */
|
|
23
|
+
ECPCurve["BP384R1"] = "BP384R1"; /*!< Domain parameters for 384-bit Brainpool curve. */
|
|
24
|
+
ECPCurve["BP512R1"] = "BP512R1"; /*!< Domain parameters for 512-bit Brainpool curve. */
|
|
25
|
+
// @TODO: MBEDTLS NOT SUPPORT EXRPORT CURVE25519 = "CURVE25519", /*!< Domain parameters for Curve25519. */
|
|
26
|
+
ECPCurve["SECP192K1"] = "SECP192K1"; /*!< Domain parameters for 192-bit "Koblitz" curve. */
|
|
27
|
+
ECPCurve["SECP224K1"] = "SECP224K1"; /*!< Domain parameters for 224-bit "Koblitz" curve. */
|
|
28
|
+
ECPCurve["SECP256K1"] = "SECP256K1"; /*!< Domain parameters for 256-bit "Koblitz" curve. */
|
|
29
|
+
// @TODO: MBEDTLS NOT SUPPORT EXRPORT CURVE448 = "CURVE448", /*!< Domain parameters for Curve448. */
|
|
30
|
+
})(ECPCurve = exports.ECPCurve || (exports.ECPCurve = {}));
|
|
10
31
|
class PkiService {
|
|
11
32
|
constructor() {
|
|
12
33
|
this.cryptoPrimitives = new CryptoPrimitives();
|
|
@@ -26,6 +47,43 @@ class PkiService {
|
|
|
26
47
|
}
|
|
27
48
|
return this.cryptoPrimitives.CheckHostnameOrIP(hostnameOrIp, certs, format.toString());
|
|
28
49
|
}
|
|
50
|
+
async generateTlsCertificate(params = {}) {
|
|
51
|
+
const subject = {
|
|
52
|
+
commonName: params.subject?.commonName ?? "localhost",
|
|
53
|
+
countryName: params.subject?.countryName ?? "US",
|
|
54
|
+
state: params.subject?.state ?? "New York",
|
|
55
|
+
localityName: params.subject?.localityName ?? "New York",
|
|
56
|
+
organizationName: params.subject?.organizationName ?? "SuperProtocol",
|
|
57
|
+
organizationUnit: params.subject?.organizationUnit ?? "TEE",
|
|
58
|
+
};
|
|
59
|
+
const format = params.format ?? CertificateFormat.PEM;
|
|
60
|
+
const keyType = params.keyType ?? CertificateKeyType.RSA;
|
|
61
|
+
let rsaKeyBits;
|
|
62
|
+
let ecpCurve;
|
|
63
|
+
if (keyType === CertificateKeyType.RSA) {
|
|
64
|
+
rsaKeyBits = params.rsaKeyBits ?? 3072;
|
|
65
|
+
}
|
|
66
|
+
else if (keyType === CertificateKeyType.ECP) {
|
|
67
|
+
ecpCurve = params.ecpCurve ?? ECPCurve.SECP384R1;
|
|
68
|
+
}
|
|
69
|
+
const withQuote = params.withQuote ?? false;
|
|
70
|
+
const serialNumber = params.serialNumber ?? "01";
|
|
71
|
+
const days = params.days ?? 365;
|
|
72
|
+
const dnsNames = params.dnsNames ?? [];
|
|
73
|
+
const ips = params.ips ?? [];
|
|
74
|
+
return this.cryptoPrimitives.GenerateTlsCertificate({
|
|
75
|
+
format,
|
|
76
|
+
subject,
|
|
77
|
+
keyType,
|
|
78
|
+
withQuote,
|
|
79
|
+
rsaKeyBits,
|
|
80
|
+
ecpCurve,
|
|
81
|
+
serialNumber,
|
|
82
|
+
days,
|
|
83
|
+
dnsNames,
|
|
84
|
+
ips,
|
|
85
|
+
});
|
|
86
|
+
}
|
|
29
87
|
}
|
|
30
88
|
exports.PkiService = PkiService;
|
|
31
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
89
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGtpLnNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2d4LW5hdGl2ZS1tb2R1bGUvcGtpLnNlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsTUFBTSxFQUFFLGdCQUFnQixFQUFFLEdBQUcsT0FBTyxDQUFDLHlEQUF5RCxDQUFDLENBQUM7QUFPaEcsSUFBWSxrQkFHWDtBQUhELFdBQVksa0JBQWtCO0lBQzFCLGlDQUFXLENBQUE7SUFDWCxpQ0FBVyxDQUFBO0FBQ2YsQ0FBQyxFQUhXLGtCQUFrQixHQUFsQiwwQkFBa0IsS0FBbEIsMEJBQWtCLFFBRzdCO0FBRUQsSUFBWSxpQkFHWDtBQUhELFdBQVksaUJBQWlCO0lBQ3pCLGdDQUFXLENBQUE7SUFDWCxnQ0FBVyxDQUFBO0FBQ2YsQ0FBQyxFQUhXLGlCQUFpQixHQUFqQix5QkFBaUIsS0FBakIseUJBQWlCLFFBRzVCO0FBRUQsSUFBWSxRQWNYO0FBZEQsV0FBWSxRQUFRO0lBQ2hCLG1DQUF1QixDQUFBLENBQUMsK0VBQStFO0lBQ3ZHLG1DQUF1QixDQUFBLENBQUMsK0VBQStFO0lBQ3ZHLG1DQUF1QixDQUFBLENBQUMsK0VBQStFO0lBQ3ZHLG1DQUF1QixDQUFBLENBQUMsK0VBQStFO0lBQ3ZHLG1DQUF1QixDQUFBLENBQUMsK0VBQStFO0lBQ3ZHLCtCQUFtQixDQUFBLENBQUMsc0RBQXNEO0lBQzFFLCtCQUFtQixDQUFBLENBQUMsc0RBQXNEO0lBQzFFLCtCQUFtQixDQUFBLENBQUMsc0RBQXNEO0lBQzFFLDBHQUEwRztJQUMxRyxtQ0FBdUIsQ0FBQSxDQUFDLHNEQUFzRDtJQUM5RSxtQ0FBdUIsQ0FBQSxDQUFDLHNEQUFzRDtJQUM5RSxtQ0FBdUIsQ0FBQSxDQUFDLHNEQUFzRDtJQUM5RSwyR0FBMkc7QUFDL0csQ0FBQyxFQWRXLFFBQVEsR0FBUixnQkFBUSxLQUFSLGdCQUFRLFFBY25CO0FBNEJELE1BQWEsVUFBVTtJQUduQjtRQUNJLElBQUksQ0FBQyxnQkFBZ0IsR0FBRyxJQUFJLGdCQUFnQixFQUFFLENBQUM7SUFDbkQsQ0FBQztJQUVELEtBQUssQ0FBQyxhQUFhLENBQUMsS0FBYSxFQUFFLE1BQU0sR0FBRyxpQkFBaUIsQ0FBQyxHQUFHO1FBQzdELElBQUksTUFBTSxLQUFLLGlCQUFpQixDQUFDLEdBQUcsRUFBRTtZQUNsQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsc0JBQXNCLENBQUMsS0FBSyxDQUFDLENBQUM7U0FDdkQ7YUFBTTtZQUNILElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxzQkFBc0IsQ0FBQyxLQUFLLEVBQUUsTUFBTSxDQUFDLFFBQVEsRUFBRSxDQUFDLENBQUM7U0FDMUU7UUFFRCxPQUFPLElBQUksQ0FBQztJQUNoQixDQUFDO0lBRUQsS0FBSyxDQUFDLGdCQUFnQixDQUFDLEtBQWEsRUFBRSxZQUFvQixFQUFFLE1BQU0sR0FBRyxpQkFBaUIsQ0FBQyxHQUFHO1FBQ3RGLElBQUksTUFBTSxLQUFLLGlCQUFpQixDQUFDLEdBQUcsRUFBRTtZQUNsQyxPQUFPLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxpQkFBaUIsQ0FBQyxZQUFZLEVBQUUsS0FBSyxDQUFDLENBQUM7U0FDdkU7UUFFRCxPQUFPLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxpQkFBaUIsQ0FBQyxZQUFZLEVBQUUsS0FBSyxFQUFFLE1BQU0sQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDO0lBQzNGLENBQUM7SUFFRCxLQUFLLENBQUMsc0JBQXNCLENBQUMsU0FBd0IsRUFBRTtRQUNuRCxNQUFNLE9BQU8sR0FBRztZQUNaLFVBQVUsRUFBRSxNQUFNLENBQUMsT0FBTyxFQUFFLFVBQVUsSUFBSSxXQUFXO1lBQ3JELFdBQVcsRUFBRSxNQUFNLENBQUMsT0FBTyxFQUFFLFdBQVcsSUFBSSxJQUFJO1lBQ2hELEtBQUssRUFBRSxNQUFNLENBQUMsT0FBTyxFQUFFLEtBQUssSUFBSSxVQUFVO1lBQzFDLFlBQVksRUFBRSxNQUFNLENBQUMsT0FBTyxFQUFFLFlBQVksSUFBSSxVQUFVO1lBQ3hELGdCQUFnQixFQUFFLE1BQU0sQ0FBQyxPQUFPLEVBQUUsZ0JBQWdCLElBQUksZUFBZTtZQUNyRSxnQkFBZ0IsRUFBRSxNQUFNLENBQUMsT0FBTyxFQUFFLGdCQUFnQixJQUFJLEtBQUs7U0FDOUQsQ0FBQztRQUVGLE1BQU0sTUFBTSxHQUFHLE1BQU0sQ0FBQyxNQUFNLElBQUksaUJBQWlCLENBQUMsR0FBRyxDQUFDO1FBQ3RELE1BQU0sT0FBTyxHQUFHLE1BQU0sQ0FBQyxPQUFPLElBQUksa0JBQWtCLENBQUMsR0FBRyxDQUFDO1FBRXpELElBQUksVUFBOEIsQ0FBQztRQUNuQyxJQUFJLFFBQThCLENBQUM7UUFFbkMsSUFBSSxPQUFPLEtBQUssa0JBQWtCLENBQUMsR0FBRyxFQUFFO1lBQ3BDLFVBQVUsR0FBRyxNQUFNLENBQUMsVUFBVSxJQUFJLElBQUksQ0FBQztTQUMxQzthQUFNLElBQUksT0FBTyxLQUFLLGtCQUFrQixDQUFDLEdBQUcsRUFBRTtZQUMzQyxRQUFRLEdBQUcsTUFBTSxDQUFDLFFBQVEsSUFBSSxRQUFRLENBQUMsU0FBUyxDQUFDO1NBQ3BEO1FBRUQsTUFBTSxTQUFTLEdBQUcsTUFBTSxDQUFDLFNBQVMsSUFBSSxLQUFLLENBQUM7UUFDNUMsTUFBTSxZQUFZLEdBQUcsTUFBTSxDQUFDLFlBQVksSUFBSSxJQUFJLENBQUM7UUFDakQsTUFBTSxJQUFJLEdBQUcsTUFBTSxDQUFDLElBQUksSUFBSSxHQUFHLENBQUM7UUFDaEMsTUFBTSxRQUFRLEdBQUcsTUFBTSxDQUFDLFFBQVEsSUFBSSxFQUFFLENBQUM7UUFDdkMsTUFBTSxHQUFHLEdBQUcsTUFBTSxDQUFDLEdBQUcsSUFBSSxFQUFFLENBQUM7UUFFN0IsT0FBTyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsc0JBQXNCLENBQUM7WUFDaEQsTUFBTTtZQUNOLE9BQU87WUFDUCxPQUFPO1lBQ1AsU0FBUztZQUNULFVBQVU7WUFDVixRQUFRO1lBQ1IsWUFBWTtZQUNaLElBQUk7WUFDSixRQUFRO1lBQ1IsR0FBRztTQUNOLENBQUMsQ0FBQztJQUNQLENBQUM7Q0FDSjtBQWxFRCxnQ0FrRUMifQ==
|
|
@@ -0,0 +1,82 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || function (mod) {
|
|
19
|
+
if (mod && mod.__esModule) return mod;
|
|
20
|
+
var result = {};
|
|
21
|
+
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
22
|
+
__setModuleDefault(result, mod);
|
|
23
|
+
return result;
|
|
24
|
+
};
|
|
25
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
26
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
27
|
+
};
|
|
28
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
29
|
+
const SgxNative = __importStar(require("../sgx-native-module"));
|
|
30
|
+
const assert_1 = __importDefault(require("assert"));
|
|
31
|
+
const dcapVerifyService = new SgxNative.DcapQuoteVerifyService();
|
|
32
|
+
const pkiService = new SgxNative.PkiService();
|
|
33
|
+
const enclaveService = new SgxNative.EnclaveService();
|
|
34
|
+
async function GenCertWithQouteTest() {
|
|
35
|
+
const res = await pkiService.generateTlsCertificate({
|
|
36
|
+
days: 14,
|
|
37
|
+
dnsNames: ["superprotocol.com", "sp.com"],
|
|
38
|
+
ips: ["1.2.3.4", "2001:0db8:85a3:0000:0000:8a2e:0370:7334"],
|
|
39
|
+
format: SgxNative.CertificateFormat.DER,
|
|
40
|
+
keyType: SgxNative.CertificateKeyType.ECP,
|
|
41
|
+
ecpCurve: SgxNative.ECPCurve.SECP384R1,
|
|
42
|
+
subject: {
|
|
43
|
+
commonName: "localhost",
|
|
44
|
+
},
|
|
45
|
+
serialNumber: "12345",
|
|
46
|
+
withQuote: true,
|
|
47
|
+
});
|
|
48
|
+
try {
|
|
49
|
+
const quote = await dcapVerifyService.extractQuoteFromCert(res.cert);
|
|
50
|
+
await dcapVerifyService.validateQuoteVerifierEnclave(quote);
|
|
51
|
+
}
|
|
52
|
+
catch (error) {
|
|
53
|
+
if (error instanceof SgxNative.QuoteValidationError) {
|
|
54
|
+
assert_1.default.equal(error.criticalError, false);
|
|
55
|
+
}
|
|
56
|
+
else {
|
|
57
|
+
(0, assert_1.default)(false);
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
console.log("GenCertWithQouteTest: Success");
|
|
61
|
+
}
|
|
62
|
+
async function GetKeyTest() {
|
|
63
|
+
const key = await enclaveService.getSecretKey(SgxNative.KeyType.SGX_KEYSELECT_SEAL, SgxNative.KeyPolicy.SGX_KEYPOLICY_MRSIGNER);
|
|
64
|
+
const key2 = await enclaveService.getSecretKey(SgxNative.KeyType.SGX_KEYSELECT_SEAL, SgxNative.KeyPolicy.SGX_KEYPOLICY_MRSIGNER, key.request);
|
|
65
|
+
const key3 = await enclaveService.getSecretKey(SgxNative.KeyType.SGX_KEYSELECT_SEAL, SgxNative.KeyPolicy.SGX_KEYPOLICY_MRSIGNER);
|
|
66
|
+
(0, assert_1.default)(Buffer.compare(key.key, key2.key) === 0);
|
|
67
|
+
(0, assert_1.default)(Buffer.compare(key.key, key3.key) !== 0);
|
|
68
|
+
await assert_1.default.rejects(async () => {
|
|
69
|
+
await enclaveService.getSecretKey(SgxNative.KeyType.SGX_KEYSELECT_SEAL, SgxNative.KeyPolicy.SGX_KEYPOLICY_MRENCLAVE, key.request);
|
|
70
|
+
}, {
|
|
71
|
+
name: "TypeError",
|
|
72
|
+
message: "The previous request parameters do not match the request name or policy",
|
|
73
|
+
});
|
|
74
|
+
const outDated = await enclaveService.isOutdatedRequest(key.request);
|
|
75
|
+
(0, assert_1.default)(outDated === false);
|
|
76
|
+
console.log("GetKeyTest: Success");
|
|
77
|
+
}
|
|
78
|
+
(async () => {
|
|
79
|
+
await GenCertWithQouteTest();
|
|
80
|
+
await GetKeyTest();
|
|
81
|
+
})();
|
|
82
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2d4LXRlc3RzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3NneC1uYXRpdmUtbW9kdWxlL3NneC10ZXN0cy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsZ0VBQWtEO0FBQ2xELG9EQUE0QjtBQUU1QixNQUFNLGlCQUFpQixHQUFHLElBQUksU0FBUyxDQUFDLHNCQUFzQixFQUFFLENBQUM7QUFDakUsTUFBTSxVQUFVLEdBQUcsSUFBSSxTQUFTLENBQUMsVUFBVSxFQUFFLENBQUM7QUFDOUMsTUFBTSxjQUFjLEdBQUcsSUFBSSxTQUFTLENBQUMsY0FBYyxFQUFFLENBQUM7QUFFdEQsS0FBSyxVQUFVLG9CQUFvQjtJQUMvQixNQUFNLEdBQUcsR0FBRyxNQUFNLFVBQVUsQ0FBQyxzQkFBc0IsQ0FBQztRQUNoRCxJQUFJLEVBQUUsRUFBRTtRQUNSLFFBQVEsRUFBRSxDQUFDLG1CQUFtQixFQUFFLFFBQVEsQ0FBQztRQUN6QyxHQUFHLEVBQUUsQ0FBQyxTQUFTLEVBQUUseUNBQXlDLENBQUM7UUFDM0QsTUFBTSxFQUFFLFNBQVMsQ0FBQyxpQkFBaUIsQ0FBQyxHQUFHO1FBQ3ZDLE9BQU8sRUFBRSxTQUFTLENBQUMsa0JBQWtCLENBQUMsR0FBRztRQUN6QyxRQUFRLEVBQUUsU0FBUyxDQUFDLFFBQVEsQ0FBQyxTQUFTO1FBQ3RDLE9BQU8sRUFBRTtZQUNMLFVBQVUsRUFBRSxXQUFXO1NBQzFCO1FBQ0QsWUFBWSxFQUFFLE9BQU87UUFDckIsU0FBUyxFQUFFLElBQUk7S0FDbEIsQ0FBQyxDQUFDO0lBQ0gsSUFBSTtRQUNBLE1BQU0sS0FBSyxHQUFHLE1BQU0saUJBQWlCLENBQUMsb0JBQW9CLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ3JFLE1BQU0saUJBQWlCLENBQUMsNEJBQTRCLENBQUMsS0FBSyxDQUFDLENBQUM7S0FDL0Q7SUFBQyxPQUFPLEtBQUssRUFBRTtRQUNaLElBQUksS0FBSyxZQUFZLFNBQVMsQ0FBQyxvQkFBb0IsRUFBRTtZQUNqRCxnQkFBTSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsYUFBYSxFQUFFLEtBQUssQ0FBQyxDQUFDO1NBQzVDO2FBQU07WUFDSCxJQUFBLGdCQUFNLEVBQUMsS0FBSyxDQUFDLENBQUM7U0FDakI7S0FDSjtJQUNELE9BQU8sQ0FBQyxHQUFHLENBQUMsK0JBQStCLENBQUMsQ0FBQztBQUNqRCxDQUFDO0FBRUQsS0FBSyxVQUFVLFVBQVU7SUFDckIsTUFBTSxHQUFHLEdBQUcsTUFBTSxjQUFjLENBQUMsWUFBWSxDQUN6QyxTQUFTLENBQUMsT0FBTyxDQUFDLGtCQUFrQixFQUNwQyxTQUFTLENBQUMsU0FBUyxDQUFDLHNCQUFzQixDQUM3QyxDQUFDO0lBRUYsTUFBTSxJQUFJLEdBQUcsTUFBTSxjQUFjLENBQUMsWUFBWSxDQUMxQyxTQUFTLENBQUMsT0FBTyxDQUFDLGtCQUFrQixFQUNwQyxTQUFTLENBQUMsU0FBUyxDQUFDLHNCQUFzQixFQUMxQyxHQUFHLENBQUMsT0FBTyxDQUNkLENBQUM7SUFFRixNQUFNLElBQUksR0FBRyxNQUFNLGNBQWMsQ0FBQyxZQUFZLENBQzFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsa0JBQWtCLEVBQ3BDLFNBQVMsQ0FBQyxTQUFTLENBQUMsc0JBQXNCLENBQzdDLENBQUM7SUFFRixJQUFBLGdCQUFNLEVBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFLElBQUksQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztJQUNoRCxJQUFBLGdCQUFNLEVBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFLElBQUksQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztJQUVoRCxNQUFNLGdCQUFNLENBQUMsT0FBTyxDQUNoQixLQUFLLElBQUksRUFBRTtRQUNQLE1BQU0sY0FBYyxDQUFDLFlBQVksQ0FDN0IsU0FBUyxDQUFDLE9BQU8sQ0FBQyxrQkFBa0IsRUFDcEMsU0FBUyxDQUFDLFNBQVMsQ0FBQyx1QkFBdUIsRUFDM0MsR0FBRyxDQUFDLE9BQU8sQ0FDZCxDQUFDO0lBQ04sQ0FBQyxFQUNEO1FBQ0ksSUFBSSxFQUFFLFdBQVc7UUFDakIsT0FBTyxFQUFFLHlFQUF5RTtLQUNyRixDQUNKLENBQUM7SUFFRixNQUFNLFFBQVEsR0FBRyxNQUFNLGNBQWMsQ0FBQyxpQkFBaUIsQ0FBQyxHQUFHLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDckUsSUFBQSxnQkFBTSxFQUFDLFFBQVEsS0FBSyxLQUFLLENBQUMsQ0FBQztJQUUzQixPQUFPLENBQUMsR0FBRyxDQUFDLHFCQUFxQixDQUFDLENBQUM7QUFDdkMsQ0FBQztBQUVELENBQUMsS0FBSyxJQUFJLEVBQUU7SUFDUixNQUFNLG9CQUFvQixFQUFFLENBQUM7SUFDN0IsTUFBTSxVQUFVLEVBQUUsQ0FBQztBQUN2QixDQUFDLENBQUMsRUFBRSxDQUFDIn0=
|