@super-protocol/addons-tee 0.9.2 → 0.9.4

package/bindings/sp-sev/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "sev"
-version = "5.0.0"
+version = "6.2.1"
 authors = [
     "Nathaniel McCallum <npmccallum@redhat.com>",
     "The VirTEE Project Developers",
@@ -20,7 +20,7 @@ categories = [
     "hardware-support",
 ]
 exclude = [".gitignore", ".github/*"]
-rust-version = "1.80.0"
+rust-version = "1.85.0"
 
 [badges]
 # See https://doc.rust-lang.org/cargo/reference/manifest.html#the-badges-section
@@ -45,20 +45,20 @@ snp = []
 crypto_nossl = ["dep:p384", "dep:rsa", "dep:sha2", "dep:x509-cert"]
 
 [target.'cfg(target_os = "linux")'.dependencies]
-iocuddle = "0.1"
+iocuddle = "^0.1"
 
 [dependencies]
-openssl = { version = "0.10", optional = true }
+openssl = { version = "0.10", optional = true, features = ["vendored"] }
 serde = { version = "1.0", features = ["derive"] }
 serde_bytes = "0.11"
-bitflags = "1.2"
+bitflags = "2.9.0"
 codicon = "3.0"
-dirs = "5.0"
+dirs = "^6.0"
 serde-big-array = "0.5.1"
 static_assertions = "^1.1.0"
-bitfield = "^0.15"
+bitfield = "^0.19"
 uuid = { version = "^1.11", features = ["serde"] }
-bincode = "^1.3"
+bincode = { version = "^2.0", features = ["serde"] }
 hex = "0.4.3"
 libc = "0.2.161"
 lazy_static = "1.4.0"
@@ -69,12 +69,12 @@ x509-cert = { version = "0.2.5", optional = true }
 byteorder = "1.4.3"
 base64 = "0.22.1"
 rdrand = { version = "^0.8", optional = true }
-reqwest = { version="0.11.10", features = ["blocking"], optional = true }
-tokio = {version = "1.29.1", features =["rt-multi-thread"], optional = true }
+reqwest = { version = "^0.12", features = ["blocking"], optional = true }
+tokio = { version = "1.29.1", features = ["rt-multi-thread"], optional = true }
 
 [target.'cfg(target_os = "linux")'.dev-dependencies]
 kvm-ioctls = ">=0.16"
+kvm-bindings = "^0.11"
 
 [dev-dependencies]
-kvm-bindings = ">=0.9.1"
 serial_test = "3.0"

package/bindings/sp-sev/tests/api.rs

@@ -1,13 +1,15 @@
 // SPDX-License-Identifier: Apache-2.0
 
 #[cfg(all(feature = "sev", target_os = "linux"))]
-
 mod sev {
     #[cfg(feature = "dangerous_hw_tests")]
     use serial_test::serial;
     #[cfg(feature = "dangerous_hw_tests")]
     use sev::cached_chain;
-    use sev::{certs::sev::sev::Usage, firmware::host::Firmware, Build, Version};
+    use sev::{
+        certs::sev::sev::Usage,
+        firmware::host::{Build, Firmware, Version},
+    };
 
     #[cfg(feature = "dangerous_hw_tests")]
     #[cfg_attr(not(host), ignore)]
@@ -147,8 +149,8 @@ mod snp {
               reported tcb tee version: {}
               reported tcb bootloader version: {}
               state: {}",
-            status.version.major,
-            status.version.minor,
+            status.version.0,
+            status.version.1,
             status.build_id,
             status.guest_count,
             status.platform_tcb_version.microcode,
@@ -174,8 +176,9 @@ mod snp {
     #[cfg_attr(not(all(host, feature = "dangerous_hw_tests")), ignore)]
     #[test]
     #[serial]
-    fn set_config() {
+    fn set_config_generation() {
         let mut fw: Firmware = Firmware::open().unwrap();
+
         fw.snp_set_config(Config::default()).unwrap();
     }
 
@@ -184,7 +187,7 @@ mod snp {
     #[serial]
     fn test_host_fw_error() {
         let mut fw: Firmware = Firmware::open().unwrap();
-        let invalid_config = Config::new(TcbVersion::new(100, 100, 100, 100), MaskId(31));
+        let invalid_config = Config::new(TcbVersion::new(None, 100, 100, 100, 100), MaskId(31));
         let fw_error = fw.snp_set_config(invalid_config).unwrap_err().to_string();
         assert_eq!(fw_error, "Firmware Error Encountered: Known SEV FW Error: Status Code: 0x16: Given parameter is invalid.")
     }

package/bindings/sp-sev/tests/certs.rs

@@ -24,6 +24,7 @@ mod sev {
 
 #[cfg(all(feature = "snp", any(feature = "openssl", feature = "crypto_nossl")))]
 mod snp {
+
     use sev::certs::snp::{builtin::milan, ca, Certificate, Chain, Verifiable};
 
     const TEST_MILAN_VCEK_DER: &[u8] = include_bytes!("certs_data/vcek_milan.der");
@@ -85,8 +86,7 @@ mod snp {
         let chain = Chain { ca, vek: vcek };
 
         let report_bytes = hex::decode(TEST_MILAN_ATTESTATION_REPORT).unwrap();
-        let report: AttestationReport =
-            unsafe { std::ptr::read(report_bytes.as_ptr() as *const _) };
+        let report: AttestationReport = AttestationReport::from_bytes(&report_bytes).unwrap();
 
         assert_eq!((&chain, &report).verify().ok(), Some(()));
     }
@@ -104,9 +104,8 @@ mod snp {
         let chain = Chain { ca, vek: vcek };
 
         let mut report_bytes = hex::decode(TEST_MILAN_ATTESTATION_REPORT).unwrap();
-        report_bytes[0] ^= 0x80;
-        let report: AttestationReport =
-            unsafe { std::ptr::read(report_bytes.as_ptr() as *const _) };
+        report_bytes[21] ^= 0x80;
+        let report = AttestationReport::from_bytes(&report_bytes).unwrap();
 
         assert_eq!((&chain, &report).verify().ok(), None);
     }

package/bindings/sp-sev/tests/guest.rs

@@ -27,7 +27,7 @@ fn get_ext_report() {
 #[cfg_attr(not(guest), ignore)]
 #[test]
 fn get_derived_key() {
-    let derived_key = DerivedKey::new(false, GuestFieldSelect(1), 0, 0, 0);
+    let derived_key = DerivedKey::new(false, GuestFieldSelect(1), 0, 0, 0, None);
 
     let mut fw = Firmware::open().unwrap();
 
@@ -43,6 +43,7 @@ fn guest_fw_error() {
         0xFFFFFFFF,
         0xFFFFFFFF,
         0xFFFFFFFFFFFFFFFF,
+        Some(0xFFFFFFFFFFFFFFFF),
     );
 
     let mut fw = Firmware::open().unwrap();

package/bindings/sp-sev/tests/id-block.rs

@@ -18,6 +18,8 @@ use sev::measurement::{
     snp::SnpLaunchDigest,
 };
 
+use sev::BINCODE_CFG;
+
 // Testing that the appropriate id-block and key digests are being generated.
 #[test]
 fn test_id_block_and_key_digests() {
@@ -45,8 +47,8 @@ fn test_id_block_and_key_digests() {
     .unwrap();
 
     // Converting ID-block and key digests into BASE64
-    let id_block_string =
-        general_purpose::STANDARD.encode(bincode::serialize(&block_calculations.id_block).unwrap());
+    let id_block_string = general_purpose::STANDARD
+        .encode(bincode::encode_to_vec(block_calculations.id_block, BINCODE_CFG).unwrap());
     let id_key_digest_string = general_purpose::STANDARD
         .encode::<Vec<u8>>(block_calculations.id_key_digest.try_into().unwrap());
     let auth_key_digest_string = general_purpose::STANDARD
@@ -136,7 +138,8 @@ fn test_auth_block_generation() {
     let mut id_sig_file = fs::File::open("./tests/measurement/test_id_sig.bin").unwrap();
     let mut id_block_bytes = Vec::new();
     id_sig_file.read_to_end(&mut id_block_bytes).unwrap();
-    let id_block_sig: SevEcdsaSig = bincode::deserialize(&id_block_bytes).unwrap();
+    let (id_block_sig, _): (SevEcdsaSig, usize) =
+        bincode::decode_from_slice(&id_block_bytes, BINCODE_CFG).unwrap();
 
     // Get author private test key from pem
     let author_ec_priv_key = load_priv_key(auth_path).unwrap();
@@ -148,7 +151,8 @@ fn test_auth_block_generation() {
     let mut auth_sig_file = fs::File::open("./tests/measurement/test_auth_sig.bin").unwrap();
     let mut auth_block_bytes = Vec::new();
     auth_sig_file.read_to_end(&mut auth_block_bytes).unwrap();
-    let auth_block_sig: SevEcdsaSig = bincode::deserialize(&auth_block_bytes).unwrap();
+    let (auth_block_sig, _): (SevEcdsaSig, usize) =
+        bincode::decode_from_slice(&auth_block_bytes, BINCODE_CFG).unwrap();
 
     let auth_block = IdAuth::new(
         None,
@@ -160,7 +164,7 @@ fn test_auth_block_generation() {
     );
 
     // Generate Generate auth_block string
-    let id_auth_bytes = bincode::serialize(&auth_block).unwrap();
+    let id_auth_bytes = bincode::encode_to_vec(auth_block, BINCODE_CFG).unwrap();
     let id_auth_str = general_purpose::STANDARD.encode(id_auth_bytes);
 
     // Comparing auth_blocks

package/bindings/sp-sev/tests/snp_launch.rs

@@ -71,7 +71,7 @@ fn snp_launch_test() {
     let launcher = Launcher::new(vm_fd, sev).unwrap();
 
     let mut policy = GuestPolicy(0);
-    policy.set_smt_allowed(1);
+    policy.set_smt_allowed(true);
     let start = Start::new(policy, [0; 16]);
 
     let mut launcher = launcher.start(start).unwrap();

package/dist/proto/AmdSevSnp.d.ts

@@ -0,0 +1,194 @@
+import _m0 from "protobufjs/minimal.js";
+export declare const protobufPackage = "";
+export declare enum SevSNPCertType {
+    ARK = 0,
+    ASK = 1,
+    VCEK = 2
+}
+export declare function sevSNPCertTypeFromJSON(object: any): SevSNPCertType;
+export declare function sevSNPCertTypeToJSON(object: SevSNPCertType): string;
+export declare enum SevSnpCertificateFormat {
+    PEM = 0,
+    DER = 1
+}
+export declare function sevSnpCertificateFormatFromJSON(object: any): SevSnpCertificateFormat;
+export declare function sevSnpCertificateFormatToJSON(object: SevSnpCertificateFormat): string;
+export interface SnpCert {
+    type: SevSNPCertType;
+    cert: Uint8Array;
+    format: SevSnpCertificateFormat;
+}
+export interface SNPReport {
+    rawReport: Uint8Array;
+    cpuSig: number;
+    cores: number;
+    cmdLineHash: Uint8Array;
+    build: string;
+}
+export interface SNPReportWithChain {
+    snpReport: SNPReport | undefined;
+    certs: SnpCert[];
+}
+export declare const SnpCert: {
+    encode(message: SnpCert, writer?: _m0.Writer): _m0.Writer;
+    decode(input: _m0.Reader | Uint8Array, length?: number): SnpCert;
+    fromJSON(object: any): SnpCert;
+    toJSON(message: SnpCert): unknown;
+    create<I extends {
+        type?: SevSNPCertType | undefined;
+        cert?: Uint8Array | undefined;
+        format?: SevSnpCertificateFormat | undefined;
+    } & {
+        type?: SevSNPCertType | undefined;
+        cert?: Uint8Array | undefined;
+        format?: SevSnpCertificateFormat | undefined;
+    } & { [K in Exclude<keyof I, keyof SnpCert>]: never; }>(base?: I | undefined): SnpCert;
+    fromPartial<I_1 extends {
+        type?: SevSNPCertType | undefined;
+        cert?: Uint8Array | undefined;
+        format?: SevSnpCertificateFormat | undefined;
+    } & {
+        type?: SevSNPCertType | undefined;
+        cert?: Uint8Array | undefined;
+        format?: SevSnpCertificateFormat | undefined;
+    } & { [K_1 in Exclude<keyof I_1, keyof SnpCert>]: never; }>(object: I_1): SnpCert;
+};
+export declare const SNPReport: {
+    encode(message: SNPReport, writer?: _m0.Writer): _m0.Writer;
+    decode(input: _m0.Reader | Uint8Array, length?: number): SNPReport;
+    fromJSON(object: any): SNPReport;
+    toJSON(message: SNPReport): unknown;
+    create<I extends {
+        rawReport?: Uint8Array | undefined;
+        cpuSig?: number | undefined;
+        cores?: number | undefined;
+        cmdLineHash?: Uint8Array | undefined;
+        build?: string | undefined;
+    } & {
+        rawReport?: Uint8Array | undefined;
+        cpuSig?: number | undefined;
+        cores?: number | undefined;
+        cmdLineHash?: Uint8Array | undefined;
+        build?: string | undefined;
+    } & { [K in Exclude<keyof I, keyof SNPReport>]: never; }>(base?: I | undefined): SNPReport;
+    fromPartial<I_1 extends {
+        rawReport?: Uint8Array | undefined;
+        cpuSig?: number | undefined;
+        cores?: number | undefined;
+        cmdLineHash?: Uint8Array | undefined;
+        build?: string | undefined;
+    } & {
+        rawReport?: Uint8Array | undefined;
+        cpuSig?: number | undefined;
+        cores?: number | undefined;
+        cmdLineHash?: Uint8Array | undefined;
+        build?: string | undefined;
+    } & { [K_1 in Exclude<keyof I_1, keyof SNPReport>]: never; }>(object: I_1): SNPReport;
+};
+export declare const SNPReportWithChain: {
+    encode(message: SNPReportWithChain, writer?: _m0.Writer): _m0.Writer;
+    decode(input: _m0.Reader | Uint8Array, length?: number): SNPReportWithChain;
+    fromJSON(object: any): SNPReportWithChain;
+    toJSON(message: SNPReportWithChain): unknown;
+    create<I extends {
+        snpReport?: {
+            rawReport?: Uint8Array | undefined;
+            cpuSig?: number | undefined;
+            cores?: number | undefined;
+            cmdLineHash?: Uint8Array | undefined;
+            build?: string | undefined;
+        } | undefined;
+        certs?: {
+            type?: SevSNPCertType | undefined;
+            cert?: Uint8Array | undefined;
+            format?: SevSnpCertificateFormat | undefined;
+        }[] | undefined;
+    } & {
+        snpReport?: ({
+            rawReport?: Uint8Array | undefined;
+            cpuSig?: number | undefined;
+            cores?: number | undefined;
+            cmdLineHash?: Uint8Array | undefined;
+            build?: string | undefined;
+        } & {
+            rawReport?: Uint8Array | undefined;
+            cpuSig?: number | undefined;
+            cores?: number | undefined;
+            cmdLineHash?: Uint8Array | undefined;
+            build?: string | undefined;
+        } & { [K in Exclude<keyof I["snpReport"], keyof SNPReport>]: never; }) | undefined;
+        certs?: ({
+            type?: SevSNPCertType | undefined;
+            cert?: Uint8Array | undefined;
+            format?: SevSnpCertificateFormat | undefined;
+        }[] & ({
+            type?: SevSNPCertType | undefined;
+            cert?: Uint8Array | undefined;
+            format?: SevSnpCertificateFormat | undefined;
+        } & {
+            type?: SevSNPCertType | undefined;
+            cert?: Uint8Array | undefined;
+            format?: SevSnpCertificateFormat | undefined;
+        } & { [K_1 in Exclude<keyof I["certs"][number], keyof SnpCert>]: never; })[] & { [K_2 in Exclude<keyof I["certs"], keyof {
+            type?: SevSNPCertType | undefined;
+            cert?: Uint8Array | undefined;
+            format?: SevSnpCertificateFormat | undefined;
+        }[]>]: never; }) | undefined;
+    } & { [K_3 in Exclude<keyof I, keyof SNPReportWithChain>]: never; }>(base?: I | undefined): SNPReportWithChain;
+    fromPartial<I_1 extends {
+        snpReport?: {
+            rawReport?: Uint8Array | undefined;
+            cpuSig?: number | undefined;
+            cores?: number | undefined;
+            cmdLineHash?: Uint8Array | undefined;
+            build?: string | undefined;
+        } | undefined;
+        certs?: {
+            type?: SevSNPCertType | undefined;
+            cert?: Uint8Array | undefined;
+            format?: SevSnpCertificateFormat | undefined;
+        }[] | undefined;
+    } & {
+        snpReport?: ({
+            rawReport?: Uint8Array | undefined;
+            cpuSig?: number | undefined;
+            cores?: number | undefined;
+            cmdLineHash?: Uint8Array | undefined;
+            build?: string | undefined;
+        } & {
+            rawReport?: Uint8Array | undefined;
+            cpuSig?: number | undefined;
+            cores?: number | undefined;
+            cmdLineHash?: Uint8Array | undefined;
+            build?: string | undefined;
+        } & { [K_4 in Exclude<keyof I_1["snpReport"], keyof SNPReport>]: never; }) | undefined;
+        certs?: ({
+            type?: SevSNPCertType | undefined;
+            cert?: Uint8Array | undefined;
+            format?: SevSnpCertificateFormat | undefined;
+        }[] & ({
+            type?: SevSNPCertType | undefined;
+            cert?: Uint8Array | undefined;
+            format?: SevSnpCertificateFormat | undefined;
+        } & {
+            type?: SevSNPCertType | undefined;
+            cert?: Uint8Array | undefined;
+            format?: SevSnpCertificateFormat | undefined;
+        } & { [K_5 in Exclude<keyof I_1["certs"][number], keyof SnpCert>]: never; })[] & { [K_6 in Exclude<keyof I_1["certs"], keyof {
+            type?: SevSNPCertType | undefined;
+            cert?: Uint8Array | undefined;
+            format?: SevSnpCertificateFormat | undefined;
+        }[]>]: never; }) | undefined;
+    } & { [K_7 in Exclude<keyof I_1, keyof SNPReportWithChain>]: never; }>(object: I_1): SNPReportWithChain;
+};
+type Builtin = Date | Function | Uint8Array | string | number | boolean | undefined;
+export type DeepPartial<T> = T extends Builtin ? T : T extends globalThis.Array<infer U> ? globalThis.Array<DeepPartial<U>> : T extends ReadonlyArray<infer U> ? ReadonlyArray<DeepPartial<U>> : T extends {} ? {
+    [K in keyof T]?: DeepPartial<T[K]>;
+} : Partial<T>;
+type KeysOfUnion<T> = T extends T ? keyof T : never;
+export type Exact<P, I extends P> = P extends Builtin ? P : P & {
+    [K in keyof P]: Exact<P[K], I[K]>;
+} & {
+    [K in Exclude<keyof I, KeysOfUnion<P>>]: never;
+};
+export {};