@super-protocol/addons-tee 0.9.3 → 0.9.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (22) hide show
  1. package/bindings/amd-sev-snp-napi-rs/amd-sev-snp-napi-rs.linux-x64-gnu.node +0 -0
  2. package/bindings/amd-sev-snp-napi-rs/index.d.ts +27 -0
  3. package/bindings/amd-sev-snp-napi-rs/index.js +12 -1
  4. package/bindings/sp-sev/.github/workflows/lint.yml +3 -3
  5. package/bindings/sp-sev/.github/workflows/test.yml +163 -2
  6. package/bindings/sp-sev/Cargo.lock +521 -281
  7. package/bindings/sp-sev/Cargo.toml +11 -11
  8. package/bindings/sp-sev/tests/api.rs +9 -6
  9. package/bindings/sp-sev/tests/certs.rs +4 -5
  10. package/bindings/sp-sev/tests/guest.rs +2 -1
  11. package/bindings/sp-sev/tests/id-block.rs +9 -5
  12. package/bindings/sp-sev/tests/snp_launch.rs +1 -1
  13. package/bindings/utils/virtee/libsev.so +0 -0
  14. package/bindings/utils/virtee/snpguest +0 -0
  15. package/dist/sgx-native-module/dcap-quote-verify.service.js +22 -3
  16. package/dist/sgx-native-module/sev-snp-mrenclave.d.ts +1 -1
  17. package/dist/sgx-native-module/sev-snp-mrenclave.js +41 -6
  18. package/dist/sgx-native-module/sev-snp-schema.d.ts +22 -0
  19. package/dist/sgx-native-module/sev-snp-schema.js +24 -0
  20. package/dist/sgx-native-module/sev-snp.d.ts +17 -9
  21. package/dist/sgx-native-module/sev-snp.js +95 -89
  22. package/package.json +3 -2
package/bindings/sp-sev/Cargo.toml CHANGED
@@ -1,6 +1,6 @@
1
1
  [package]
2
2
  name = "sev"
3
- version = "5.0.0"
3
+ version = "6.2.1"
4
4
  authors = [
5
5
  "Nathaniel McCallum <npmccallum@redhat.com>",
6
6
  "The VirTEE Project Developers",
@@ -20,7 +20,7 @@ categories = [
20
20
  "hardware-support",
21
21
  ]
22
22
  exclude = [".gitignore", ".github/*"]
23
- rust-version = "1.80.0"
23
+ rust-version = "1.85.0"
24
24
 
25
25
  [badges]
26
26
  # See https://doc.rust-lang.org/cargo/reference/manifest.html#the-badges-section
@@ -45,20 +45,20 @@ snp = []
45
45
  crypto_nossl = ["dep:p384", "dep:rsa", "dep:sha2", "dep:x509-cert"]
46
46
 
47
47
  [target.'cfg(target_os = "linux")'.dependencies]
48
- iocuddle = "0.1"
48
+ iocuddle = "^0.1"
49
49
 
50
50
  [dependencies]
51
- openssl = { version = "0.10", optional = true }
51
+ openssl = { version = "0.10", optional = true, features = ["vendored"] }
52
52
  serde = { version = "1.0", features = ["derive"] }
53
53
  serde_bytes = "0.11"
54
- bitflags = "1.2"
54
+ bitflags = "2.9.0"
55
55
  codicon = "3.0"
56
- dirs = "5.0"
56
+ dirs = "^6.0"
57
57
  serde-big-array = "0.5.1"
58
58
  static_assertions = "^1.1.0"
59
- bitfield = "^0.15"
59
+ bitfield = "^0.19"
60
60
  uuid = { version = "^1.11", features = ["serde"] }
61
- bincode = "^1.3"
61
+ bincode = { version = "^2.0", features = ["serde"] }
62
62
  hex = "0.4.3"
63
63
  libc = "0.2.161"
64
64
  lazy_static = "1.4.0"
@@ -69,12 +69,12 @@ x509-cert = { version = "0.2.5", optional = true }
69
69
  byteorder = "1.4.3"
70
70
  base64 = "0.22.1"
71
71
  rdrand = { version = "^0.8", optional = true }
72
- reqwest = { version="0.11.10", features = ["blocking"], optional = true }
73
- tokio = {version = "1.29.1", features =["rt-multi-thread"], optional = true }
72
+ reqwest = { version = "^0.12", features = ["blocking"], optional = true }
73
+ tokio = { version = "1.29.1", features = ["rt-multi-thread"], optional = true }
74
74
 
75
75
  [target.'cfg(target_os = "linux")'.dev-dependencies]
76
76
  kvm-ioctls = ">=0.16"
77
+ kvm-bindings = "^0.11"
77
78
 
78
79
  [dev-dependencies]
79
- kvm-bindings = ">=0.9.1"
80
80
  serial_test = "3.0"
package/bindings/sp-sev/tests/api.rs CHANGED
@@ -1,13 +1,15 @@
1
1
  // SPDX-License-Identifier: Apache-2.0
2
2
 
3
3
  #[cfg(all(feature = "sev", target_os = "linux"))]
4
-
5
4
  mod sev {
6
5
  #[cfg(feature = "dangerous_hw_tests")]
7
6
  use serial_test::serial;
8
7
  #[cfg(feature = "dangerous_hw_tests")]
9
8
  use sev::cached_chain;
10
- use sev::{certs::sev::sev::Usage, firmware::host::Firmware, Build, Version};
9
+ use sev::{
10
+ certs::sev::sev::Usage,
11
+ firmware::host::{Build, Firmware, Version},
12
+ };
11
13
 
12
14
  #[cfg(feature = "dangerous_hw_tests")]
13
15
  #[cfg_attr(not(host), ignore)]
@@ -147,8 +149,8 @@ mod snp {
147
149
  reported tcb tee version: {}
148
150
  reported tcb bootloader version: {}
149
151
  state: {}",
150
- status.version.major,
151
- status.version.minor,
152
+ status.version.0,
153
+ status.version.1,
152
154
  status.build_id,
153
155
  status.guest_count,
154
156
  status.platform_tcb_version.microcode,
@@ -174,8 +176,9 @@ mod snp {
174
176
  #[cfg_attr(not(all(host, feature = "dangerous_hw_tests")), ignore)]
175
177
  #[test]
176
178
  #[serial]
177
- fn set_config() {
179
+ fn set_config_generation() {
178
180
  let mut fw: Firmware = Firmware::open().unwrap();
181
+
179
182
  fw.snp_set_config(Config::default()).unwrap();
180
183
  }
181
184
 
@@ -184,7 +187,7 @@ mod snp {
184
187
  #[serial]
185
188
  fn test_host_fw_error() {
186
189
  let mut fw: Firmware = Firmware::open().unwrap();
187
- let invalid_config = Config::new(TcbVersion::new(100, 100, 100, 100), MaskId(31));
190
+ let invalid_config = Config::new(TcbVersion::new(None, 100, 100, 100, 100), MaskId(31));
188
191
  let fw_error = fw.snp_set_config(invalid_config).unwrap_err().to_string();
189
192
  assert_eq!(fw_error, "Firmware Error Encountered: Known SEV FW Error: Status Code: 0x16: Given parameter is invalid.")
190
193
  }
package/bindings/sp-sev/tests/certs.rs CHANGED
@@ -24,6 +24,7 @@ mod sev {
24
24
 
25
25
  #[cfg(all(feature = "snp", any(feature = "openssl", feature = "crypto_nossl")))]
26
26
  mod snp {
27
+
27
28
  use sev::certs::snp::{builtin::milan, ca, Certificate, Chain, Verifiable};
28
29
 
29
30
  const TEST_MILAN_VCEK_DER: &[u8] = include_bytes!("certs_data/vcek_milan.der");
@@ -85,8 +86,7 @@ mod snp {
85
86
  let chain = Chain { ca, vek: vcek };
86
87
 
87
88
  let report_bytes = hex::decode(TEST_MILAN_ATTESTATION_REPORT).unwrap();
88
- let report: AttestationReport =
89
- unsafe { std::ptr::read(report_bytes.as_ptr() as *const _) };
89
+ let report: AttestationReport = AttestationReport::from_bytes(&report_bytes).unwrap();
90
90
 
91
91
  assert_eq!((&chain, &report).verify().ok(), Some(()));
92
92
  }
@@ -104,9 +104,8 @@ mod snp {
104
104
  let chain = Chain { ca, vek: vcek };
105
105
 
106
106
  let mut report_bytes = hex::decode(TEST_MILAN_ATTESTATION_REPORT).unwrap();
107
- report_bytes[0] ^= 0x80;
108
- let report: AttestationReport =
109
- unsafe { std::ptr::read(report_bytes.as_ptr() as *const _) };
107
+ report_bytes[21] ^= 0x80;
108
+ let report = AttestationReport::from_bytes(&report_bytes).unwrap();
110
109
 
111
110
  assert_eq!((&chain, &report).verify().ok(), None);
112
111
  }
package/bindings/sp-sev/tests/guest.rs CHANGED
@@ -27,7 +27,7 @@ fn get_ext_report() {
27
27
  #[cfg_attr(not(guest), ignore)]
28
28
  #[test]
29
29
  fn get_derived_key() {
30
- let derived_key = DerivedKey::new(false, GuestFieldSelect(1), 0, 0, 0);
30
+ let derived_key = DerivedKey::new(false, GuestFieldSelect(1), 0, 0, 0, None);
31
31
 
32
32
  let mut fw = Firmware::open().unwrap();
33
33
 
@@ -43,6 +43,7 @@ fn guest_fw_error() {
43
43
  0xFFFFFFFF,
44
44
  0xFFFFFFFF,
45
45
  0xFFFFFFFFFFFFFFFF,
46
+ Some(0xFFFFFFFFFFFFFFFF),
46
47
  );
47
48
 
48
49
  let mut fw = Firmware::open().unwrap();
package/bindings/sp-sev/tests/id-block.rs CHANGED
@@ -18,6 +18,8 @@ use sev::measurement::{
18
18
  snp::SnpLaunchDigest,
19
19
  };
20
20
 
21
+ use sev::BINCODE_CFG;
22
+
21
23
  // Testing that the appropriate id-block and key digests are being generated.
22
24
  #[test]
23
25
  fn test_id_block_and_key_digests() {
@@ -45,8 +47,8 @@ fn test_id_block_and_key_digests() {
45
47
  .unwrap();
46
48
 
47
49
  // Converting ID-block and key digests into BASE64
48
- let id_block_string =
49
- general_purpose::STANDARD.encode(bincode::serialize(&block_calculations.id_block).unwrap());
50
+ let id_block_string = general_purpose::STANDARD
51
+ .encode(bincode::encode_to_vec(block_calculations.id_block, BINCODE_CFG).unwrap());
50
52
  let id_key_digest_string = general_purpose::STANDARD
51
53
  .encode::<Vec<u8>>(block_calculations.id_key_digest.try_into().unwrap());
52
54
  let auth_key_digest_string = general_purpose::STANDARD
@@ -136,7 +138,8 @@ fn test_auth_block_generation() {
136
138
  let mut id_sig_file = fs::File::open("./tests/measurement/test_id_sig.bin").unwrap();
137
139
  let mut id_block_bytes = Vec::new();
138
140
  id_sig_file.read_to_end(&mut id_block_bytes).unwrap();
139
- let id_block_sig: SevEcdsaSig = bincode::deserialize(&id_block_bytes).unwrap();
141
+ let (id_block_sig, _): (SevEcdsaSig, usize) =
142
+ bincode::decode_from_slice(&id_block_bytes, BINCODE_CFG).unwrap();
140
143
 
141
144
  // Get author private test key from pem
142
145
  let author_ec_priv_key = load_priv_key(auth_path).unwrap();
@@ -148,7 +151,8 @@ fn test_auth_block_generation() {
148
151
  let mut auth_sig_file = fs::File::open("./tests/measurement/test_auth_sig.bin").unwrap();
149
152
  let mut auth_block_bytes = Vec::new();
150
153
  auth_sig_file.read_to_end(&mut auth_block_bytes).unwrap();
151
- let auth_block_sig: SevEcdsaSig = bincode::deserialize(&auth_block_bytes).unwrap();
154
+ let (auth_block_sig, _): (SevEcdsaSig, usize) =
155
+ bincode::decode_from_slice(&auth_block_bytes, BINCODE_CFG).unwrap();
152
156
 
153
157
  let auth_block = IdAuth::new(
154
158
  None,
@@ -160,7 +164,7 @@ fn test_auth_block_generation() {
160
164
  );
161
165
 
162
166
  // Generate Generate auth_block string
163
- let id_auth_bytes = bincode::serialize(&auth_block).unwrap();
167
+ let id_auth_bytes = bincode::encode_to_vec(auth_block, BINCODE_CFG).unwrap();
164
168
  let id_auth_str = general_purpose::STANDARD.encode(id_auth_bytes);
165
169
 
166
170
  // Comparing auth_blocks
package/bindings/sp-sev/tests/snp_launch.rs CHANGED
@@ -71,7 +71,7 @@ fn snp_launch_test() {
71
71
  let launcher = Launcher::new(vm_fd, sev).unwrap();
72
72
 
73
73
  let mut policy = GuestPolicy(0);
74
- policy.set_smt_allowed(1);
74
+ policy.set_smt_allowed(true);
75
75
  let start = Start::new(policy, [0; 16]);
76
76
 
77
77
  let mut launcher = launcher.start(start).unwrap();
package/bindings/utils/virtee/libsev.so CHANGED
Binary file
package/bindings/utils/virtee/snpguest CHANGED
Binary file
package/dist/sgx-native-module/dcap-quote-verify.service.js CHANGED
@@ -50,11 +50,30 @@ class DcapQuoteVerifyService {
50
50
  }
51
51
  }
52
52
  async generateSGXQuote(userData) {
53
+ if (!Buffer.isBuffer(userData)) {
54
+ throw new Error("userData must be a Buffer");
55
+ }
56
+ if (userData.length === 0) {
57
+ throw new Error("userData cannot be empty");
58
+ }
53
59
  await this.validateMode();
54
60
  let result = Buffer.alloc(0);
55
61
  await DcapQuoteVerifyService.executeLikeWithMutex.add(async () => {
56
- await fs_1.promises.writeFile("/dev/attestation/user_report_data", Buffer.concat([userData, Buffer.alloc(64)]).slice(0, 64));
57
- result = await fs_1.promises.readFile("/dev/attestation/quote");
62
+ try {
63
+ await fs_1.promises.writeFile("/dev/attestation/user_report_data", Buffer.concat([userData, Buffer.alloc(64)]).slice(0, 64));
64
+ result = await fs_1.promises.readFile("/dev/attestation/quote");
65
+ if (result.length === 0) {
66
+ throw new errors_1.QuoteGenerationError("Generated quote is empty");
67
+ }
68
+ }
69
+ catch (error) {
70
+ if (error instanceof Error) {
71
+ throw new errors_1.QuoteGenerationError(`Failed to generate quote: ${error.message}`);
72
+ }
73
+ else {
74
+ throw new errors_1.QuoteGenerationError("Failed to generate quote: unknown error");
75
+ }
76
+ }
58
77
  });
59
78
  return result;
60
79
  }
@@ -62,4 +81,4 @@ class DcapQuoteVerifyService {
62
81
  exports.DcapQuoteVerifyService = DcapQuoteVerifyService;
63
82
  DcapQuoteVerifyService.isInGramineMode = false;
64
83
  DcapQuoteVerifyService.executeLikeWithMutex = new p_queue_1.default({ concurrency: 1 });
65
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZGNhcC1xdW90ZS12ZXJpZnkuc2VydmljZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9zZ3gtbmF0aXZlLW1vZHVsZS9kY2FwLXF1b3RlLXZlcmlmeS5zZXJ2aWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7OztBQUFBLE1BQU0sRUFBRSxzQkFBc0IsRUFBRSxHQUFHLE9BQU8sQ0FBQyx5REFBeUQsQ0FBQyxDQUFDO0FBQ3RHLHFDQUFnRTtBQUNoRSxxQ0FLa0I7QUFDbEIsc0RBQTRCO0FBQzVCLDJCQUE4QjtBQVE5QixNQUFhLHNCQUFzQjtJQUsvQjtRQUNJLElBQUksQ0FBQyxhQUFhLEdBQUcsSUFBSSxzQkFBc0IsRUFBRSxDQUFDO0lBQ3RELENBQUM7SUFFRCxLQUFLLENBQUMsb0JBQW9CLENBQUMsWUFBb0I7UUFDM0MsSUFBSSxDQUFDLFlBQVksRUFBRSxNQUFNLEVBQUUsQ0FBQztZQUN4QixNQUFNLElBQUksK0NBQXNDLENBQUMsbUJBQW1CLENBQUMsQ0FBQztRQUMxRSxDQUFDO1FBRUQsT0FBTyxJQUFJLENBQUMsYUFBYSxDQUFDLG9CQUFvQixDQUFDLFlBQVksQ0FBQyxDQUFDO0lBQ2pFLENBQUM7SUFFRCxLQUFLLENBQUMsNEJBQTRCLENBQUMsS0FBYSxFQUFFLGFBQXVCO1FBQ3JFLGFBQWEsR0FBRyxhQUFhLElBQUksS0FBSyxDQUFDO1FBRXZDLElBQUksQ0FBQyxLQUFLLEVBQUUsTUFBTSxFQUFFLENBQUM7WUFDakIsTUFBTSxJQUFJLCtDQUFzQyxDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQ3BFLENBQUM7UUFFRCxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsYUFBYSxDQUFDLGVBQWUsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUMvRCxJQUFJLGFBQWEsSUFBSSxZQUFZLENBQUMsVUFBVSxLQUFLLGdCQUFPLENBQUMsYUFBYSxFQUFFLENBQUM7WUFDckUsTUFBTSxJQUFJLHFDQUE0QixDQUFDLFlBQVksQ0FBQyxDQUFDO1FBQ3pELENBQUM7UUFDRCxJQUFJLFlBQVksQ0FBQyxrQkFBa0IsS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUN4QyxNQUFNLElBQUksNkJBQW9CLENBQUMsWUFBWSxDQUFDLGtCQUFrQixDQUFDLENBQUM7UUFDcEUsQ0FBQztJQUNMLENBQUM7SUFFRCxLQUFLLENBQUMsZ0JBQWdCLENBQUMsUUFBZ0I7UUFDbkMsT0FBTyxJQUFJLENBQUMsYUFBYSxDQUFDLGdCQUFnQixDQUFDLFFBQVEsQ0FBQyxDQUFDO0lBQ3pELENBQUM7SUFFTyxLQUFLLENBQUMsWUFBWTtRQUN0QixJQUFJLHNCQUFzQixDQUFDLGVBQWUsRUFBRSxDQUFDO1lBQ3pDLE9BQU87UUFDWCxDQUFDO1FBRUQsSUFBSSxDQUFDO1lBQ0QsTUFBTSxzQkFBc0IsQ0FBQyxvQkFBb0IsQ0FBQyxHQUFHLENBQUMsS0FBSyxJQUFJLEVBQUU7Z0JBQzdELE1BQU0sYUFBUSxDQUFDLE1BQU0sQ0FBQyx3QkFBd0IsQ0FBQyxDQUFDO2dCQUNoRCxzQkFBc0IsQ0FBQyxlQUFlLEdBQUcsSUFBSSxDQUFDO1lBQ2xELENBQUMsQ0FBQyxDQUFDO1FBQ1AsQ0FBQztRQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7WUFDYixNQUFNLElBQUksNkJBQW9CLENBQUMsMkRBQTJELEtBQUssRUFBRSxDQUFDLENBQUM7UUFDdkcsQ0FBQztJQUNMLENBQUM7SUFFRCxLQUFLLENBQUMsZ0JBQWdCLENBQUMsUUFBZ0I7UUFDbkMsTUFBTSxJQUFJLENBQUMsWUFBWSxFQUFFLENBQUM7UUFFMUIsSUFBSSxNQUFNLEdBQUcsTUFBTSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUU3QixNQUFNLHNCQUFzQixDQUFDLG9CQUFvQixDQUFDLEdBQUcsQ0FBQyxLQUFLLElBQUksRUFBRTtZQUM3RCxNQUFNLGFBQVEsQ0FBQyxTQUFTLENBQ3BCLG1DQUFtQyxFQUNuQyxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUMsUUFBUSxFQUFFLE1BQU0sQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQzNELENBQUM7WUFDRixNQUFNLEdBQUcsTUFBTSxhQUFRLENBQUMsUUFBUSxDQUFDLHdCQUF3QixDQUFDLENBQUM7UUFDL0QsQ0FBQyxDQUFDLENBQUM7UUFFSCxPQUFPLE1BQU0sQ0FBQztJQUNsQixDQUFDOztBQWxFTCx3REFtRUM7QUFqRWtCLHNDQUFlLEdBQUcsS0FBSyxDQUFDO0FBQ3hCLDJDQUFvQixHQUFHLElBQUksaUJBQUssQ0FBQyxFQUFFLFdBQVcsRUFBRSxDQUFDLEVBQUUsQ0FBQyxDQUFDIn0=
84
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZGNhcC1xdW90ZS12ZXJpZnkuc2VydmljZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9zZ3gtbmF0aXZlLW1vZHVsZS9kY2FwLXF1b3RlLXZlcmlmeS5zZXJ2aWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7OztBQUFBLE1BQU0sRUFBRSxzQkFBc0IsRUFBRSxHQUFHLE9BQU8sQ0FBQyx5REFBeUQsQ0FBQyxDQUFDO0FBQ3RHLHFDQUFnRTtBQUNoRSxxQ0FLa0I7QUFDbEIsc0RBQTRCO0FBQzVCLDJCQUE4QjtBQVE5QixNQUFhLHNCQUFzQjtJQUsvQjtRQUNJLElBQUksQ0FBQyxhQUFhLEdBQUcsSUFBSSxzQkFBc0IsRUFBRSxDQUFDO0lBQ3RELENBQUM7SUFFRCxLQUFLLENBQUMsb0JBQW9CLENBQUMsWUFBb0I7UUFDM0MsSUFBSSxDQUFDLFlBQVksRUFBRSxNQUFNLEVBQUUsQ0FBQztZQUN4QixNQUFNLElBQUksK0NBQXNDLENBQUMsbUJBQW1CLENBQUMsQ0FBQztRQUMxRSxDQUFDO1FBRUQsT0FBTyxJQUFJLENBQUMsYUFBYSxDQUFDLG9CQUFvQixDQUFDLFlBQVksQ0FBQyxDQUFDO0lBQ2pFLENBQUM7SUFFRCxLQUFLLENBQUMsNEJBQTRCLENBQUMsS0FBYSxFQUFFLGFBQXVCO1FBQ3JFLGFBQWEsR0FBRyxhQUFhLElBQUksS0FBSyxDQUFDO1FBRXZDLElBQUksQ0FBQyxLQUFLLEVBQUUsTUFBTSxFQUFFLENBQUM7WUFDakIsTUFBTSxJQUFJLCtDQUFzQyxDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQ3BFLENBQUM7UUFFRCxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsYUFBYSxDQUFDLGVBQWUsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUMvRCxJQUFJLGFBQWEsSUFBSSxZQUFZLENBQUMsVUFBVSxLQUFLLGdCQUFPLENBQUMsYUFBYSxFQUFFLENBQUM7WUFDckUsTUFBTSxJQUFJLHFDQUE0QixDQUFDLFlBQVksQ0FBQyxDQUFDO1FBQ3pELENBQUM7UUFDRCxJQUFJLFlBQVksQ0FBQyxrQkFBa0IsS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUN4QyxNQUFNLElBQUksNkJBQW9CLENBQUMsWUFBWSxDQUFDLGtCQUFrQixDQUFDLENBQUM7UUFDcEUsQ0FBQztJQUNMLENBQUM7SUFFRCxLQUFLLENBQUMsZ0JBQWdCLENBQUMsUUFBZ0I7UUFDbkMsT0FBTyxJQUFJLENBQUMsYUFBYSxDQUFDLGdCQUFnQixDQUFDLFFBQVEsQ0FBQyxDQUFDO0lBQ3pELENBQUM7SUFFTyxLQUFLLENBQUMsWUFBWTtRQUN0QixJQUFJLHNCQUFzQixDQUFDLGVBQWUsRUFBRSxDQUFDO1lBQ3pDLE9BQU87UUFDWCxDQUFDO1FBRUQsSUFBSSxDQUFDO1lBQ0QsTUFBTSxzQkFBc0IsQ0FBQyxvQkFBb0IsQ0FBQyxHQUFHLENBQUMsS0FBSyxJQUFJLEVBQUU7Z0JBQzdELE1BQU0sYUFBUSxDQUFDLE1BQU0sQ0FBQyx3QkFBd0IsQ0FBQyxDQUFDO2dCQUNoRCxzQkFBc0IsQ0FBQyxlQUFlLEdBQUcsSUFBSSxDQUFDO1lBQ2xELENBQUMsQ0FBQyxDQUFDO1FBQ1AsQ0FBQztRQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7WUFDYixNQUFNLElBQUksNkJBQW9CLENBQUMsMkRBQTJELEtBQUssRUFBRSxDQUFDLENBQUM7UUFDdkcsQ0FBQztJQUNMLENBQUM7SUFFRCxLQUFLLENBQUMsZ0JBQWdCLENBQUMsUUFBZ0I7UUFDbkMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQztZQUM3QixNQUFNLElBQUksS0FBSyxDQUFDLDJCQUEyQixDQUFDLENBQUM7UUFDakQsQ0FBQztRQUNELElBQUksUUFBUSxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUN4QixNQUFNLElBQUksS0FBSyxDQUFDLDBCQUEwQixDQUFDLENBQUM7UUFDaEQsQ0FBQztRQUVELE1BQU0sSUFBSSxDQUFDLFlBQVksRUFBRSxDQUFDO1FBRTFCLElBQUksTUFBTSxHQUFHLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFFN0IsTUFBTSxzQkFBc0IsQ0FBQyxvQkFBb0IsQ0FBQyxHQUFHLENBQUMsS0FBSyxJQUFJLEVBQUU7WUFDN0QsSUFBSSxDQUFDO2dCQUNELE1BQU0sYUFBUSxDQUFDLFNBQVMsQ0FDcEIsbUNBQW1DLEVBQ25DLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQyxRQUFRLEVBQUUsTUFBTSxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FDM0QsQ0FBQztnQkFDRixNQUFNLEdBQUcsTUFBTSxhQUFRLENBQUMsUUFBUSxDQUFDLHdCQUF3QixDQUFDLENBQUM7Z0JBQzNELElBQUksTUFBTSxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztvQkFDdEIsTUFBTSxJQUFJLDZCQUFvQixDQUFDLDBCQUEwQixDQUFDLENBQUM7Z0JBQy9ELENBQUM7WUFDTCxDQUFDO1lBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztnQkFDYixJQUFJLEtBQUssWUFBWSxLQUFLLEVBQUUsQ0FBQztvQkFDekIsTUFBTSxJQUFJLDZCQUFvQixDQUFDLDZCQUE2QixLQUFLLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztnQkFDakYsQ0FBQztxQkFBTSxDQUFDO29CQUNKLE1BQU0sSUFBSSw2QkFBb0IsQ0FBQyx5Q0FBeUMsQ0FBQyxDQUFDO2dCQUM5RSxDQUFDO1lBQ0wsQ0FBQztRQUNMLENBQUMsQ0FBQyxDQUFDO1FBRUgsT0FBTyxNQUFNLENBQUM7SUFDbEIsQ0FBQzs7QUFwRkwsd0RBcUZDO0FBbkZrQixzQ0FBZSxHQUFHLEtBQUssQ0FBQztBQUN4QiwyQ0FBb0IsR0FBRyxJQUFJLGlCQUFLLENBQUMsRUFBRSxXQUFXLEVBQUUsQ0FBQyxFQUFFLENBQUMsQ0FBQyJ9
package/dist/sgx-native-module/sev-snp-mrenclave.d.ts CHANGED
@@ -6,9 +6,9 @@ import { SNPReport } from "../proto/AmdSevSnp";
6
6
  interface VMCommon {
7
7
  kernelHash: Buffer;
8
8
  initrdHash: Buffer | undefined;
9
+ ovmfHash: Buffer;
9
10
  }
10
11
  interface VMConfig extends VMCommon {
11
- ovmfHash: Buffer;
12
12
  ovmfBucket: string;
13
13
  ovmfPrefix: string;
14
14
  ovmfFilename: string;
package/dist/sgx-native-module/sev-snp-mrenclave.js CHANGED
@@ -27,6 +27,8 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
27
27
  };
28
28
  Object.defineProperty(exports, "__esModule", { value: true });
29
29
  exports.SNPMrEnclaveCalculator = void 0;
30
+ const typebox_1 = require("@sinclair/typebox");
31
+ const value_1 = require("@sinclair/typebox/value");
30
32
  const fs = __importStar(require("fs"));
31
33
  const fsAsync = __importStar(require("fs/promises"));
32
34
  const path = __importStar(require("path"));
@@ -38,6 +40,23 @@ const dto_js_1 = require("@super-protocol/dto-js");
38
40
  const crypto_1 = require("crypto");
39
41
  const stream_1 = require("stream");
40
42
  const helpers_1 = require("./helpers");
43
+ const amd_sev_snp_napi_rs_1 = require("../../bindings/amd-sev-snp-napi-rs/");
44
+ const VMJsonSchema = typebox_1.Type.Object({
45
+ kernel: typebox_1.Type.Object({ sha256: typebox_1.Type.String() }),
46
+ initrd: typebox_1.Type.Optional(typebox_1.Type.Object({ sha256: typebox_1.Type.String() })),
47
+ bios_amd: typebox_1.Type.Optional(typebox_1.Type.Object({
48
+ sha256: typebox_1.Type.String(),
49
+ bucket: typebox_1.Type.String(),
50
+ prefix: typebox_1.Type.String(),
51
+ filename: typebox_1.Type.String(),
52
+ })),
53
+ bios: typebox_1.Type.Optional(typebox_1.Type.Object({
54
+ sha256: typebox_1.Type.String(),
55
+ bucket: typebox_1.Type.String(),
56
+ prefix: typebox_1.Type.String(),
57
+ filename: typebox_1.Type.String(),
58
+ })),
59
+ });
41
60
  class VMConfigCache {
42
61
  constructor(ttl = 5 * 60 * 1000) {
43
62
  this.cache = {};
@@ -113,9 +132,15 @@ class SNPMrEnclaveCalculator {
113
132
  cmdLineHash: Buffer.from(report.cmdLineHash),
114
133
  vcpuSig: report.cpuSig,
115
134
  vcpuCount: report.cores,
135
+ vmpl: await (0, amd_sev_snp_napi_rs_1.getReportVmpl)(Buffer.from(report.rawReport)),
136
+ policy: await (0, amd_sev_snp_napi_rs_1.getReportPolicy)(Buffer.from(report.rawReport)),
116
137
  });
117
138
  if (!mrEnclave.equals(expectedMrEnclave))
118
- throw new Error("Expected mrEnclave does not match the calculated one");
139
+ throw new Error(`Expected mrEnclave does not match the calculated one.\n` +
140
+ `mrEnclave: ${mrEnclave.toString("hex")}\n` +
141
+ `expectedMrEnclave: ${expectedMrEnclave.toString("hex")}\n` +
142
+ `report.build: ${report.build}\n` +
143
+ `vmMeasure: ${JSON.stringify(vmMeasure)}`);
119
144
  const singleCoreMrEnclave = await sev_snp_1.SevSNP.calcSnpMrEnclave({
120
145
  ovmfPath: vmMeasure.ovmfFilePath,
121
146
  kernelHash: vmMeasure.kernelHash,
@@ -150,11 +175,17 @@ class SNPMrEnclaveCalculator {
150
175
  return response.data;
151
176
  }
152
177
  extractVMData(data) {
153
- const vm = JSON.parse(data.toString("utf-8"));
154
- const kernelHash = vm.kernel?.sha256;
155
- if (!kernelHash) {
156
- throw new Error("kernel hash is missing");
178
+ const vmRaw = data.toString("utf-8");
179
+ const parsed = JSON.parse(vmRaw);
180
+ const { isValid } = (0, sdk_js_1.validateBySchema)(parsed, VMJsonSchema);
181
+ if (!isValid) {
182
+ const validationErrors = Array.from(value_1.Value.Errors(VMJsonSchema, parsed));
183
+ if (validationErrors.length > 0) {
184
+ throw new Error(`Failed to validate VM JSON: ${validationErrors.map((e) => e.message).join(", ")}`);
185
+ }
157
186
  }
187
+ const vm = parsed;
188
+ const kernelHash = vm.kernel.sha256;
158
189
  const initrdHash = vm.initrd?.sha256;
159
190
  const OVMF = vm.bios_amd || vm.bios;
160
191
  if (!OVMF) {
@@ -215,6 +246,9 @@ class SNPMrEnclaveCalculator {
215
246
  });
216
247
  const { data } = response;
217
248
  const asset = data.assets.find((asset) => asset.name === this.releaseAsset);
249
+ if (!asset) {
250
+ throw new Error(`Failed to find asset named ${this.releaseAsset} for build ${build}.`);
251
+ }
218
252
  return asset.browser_download_url;
219
253
  }
220
254
  async downloadVM(build) {
@@ -264,6 +298,7 @@ class SNPMrEnclaveCalculator {
264
298
  initrdHash: vmFiles.initrdHash,
265
299
  kernelHash: vmFiles.kernelHash,
266
300
  ovmfFilePath: ovmfPath,
301
+ ovmfHash: vmFiles.ovmfHash,
267
302
  };
268
303
  }
269
304
  async downloadOvmf(vmFiles, ovmfPath) {
@@ -285,4 +320,4 @@ class SNPMrEnclaveCalculator {
285
320
  }
286
321
  }
287
322
  exports.SNPMrEnclaveCalculator = SNPMrEnclaveCalculator;
288
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2V2LXNucC1tcmVuY2xhdmUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2d4LW5hdGl2ZS1tb2R1bGUvc2V2LXNucC1tcmVuY2xhdmUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFBQSx1Q0FBeUI7QUFDekIscURBQXVDO0FBQ3ZDLDJDQUE2QjtBQUM3Qix1Q0FBeUI7QUFDekIsdUNBQTJEO0FBQzNELGtEQUE2QztBQUM3QyxtREFBMEc7QUFDMUcsbURBQThFO0FBQzlFLG1DQUFvQztBQUNwQyxtQ0FBNkM7QUFDN0MsdUNBQW1EO0FBbUNuRCxNQUFNLGFBQWE7SUFJZixZQUFZLE1BQWMsQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJO1FBSC9CLFVBQUssR0FBOEQsRUFBRSxDQUFDO1FBSTFFLElBQUksQ0FBQyxHQUFHLEdBQUcsR0FBRyxDQUFDO0lBQ25CLENBQUM7SUFFRCxHQUFHLENBQUMsR0FBVyxFQUFFLEtBQWU7UUFDNUIsTUFBTSxTQUFTLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1FBQzdCLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLEdBQUc7WUFDZCxLQUFLO1lBQ0wsU0FBUztTQUNaLENBQUM7SUFDTixDQUFDO0lBRUQsR0FBRyxDQUFDLEdBQVcsRUFBRSxRQUFpQixLQUFLO1FBQ25DLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFFL0IsSUFBSSxNQUFNLEVBQUUsQ0FBQztZQUNULElBQUksS0FBSyxLQUFLLEtBQUssRUFBRSxDQUFDO2dCQUNsQixNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7Z0JBQ3ZCLElBQUksR0FBRyxHQUFHLE1BQU0sQ0FBQyxTQUFTLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO29CQUNwQyxPQUFPLElBQUksQ0FBQztnQkFDaEIsQ0FBQztZQUNMLENBQUM7WUFFRCxPQUFPLE1BQU0sQ0FBQyxLQUFLLENBQUM7UUFDeEIsQ0FBQztRQUVELE9BQU8sSUFBSSxDQUFDO0lBQ2hCLENBQUM7SUFFRCxLQUFLO1FBQ0QsSUFBSSxDQUFDLEtBQUssR0FBRyxFQUFFLENBQUM7SUFDcEIsQ0FBQztDQUNKO0FBY0QsTUFBYSxzQkFBc0I7SUFzQi9CLFlBQVksTUFBa0M7UUFqQjdCLGtCQUFhLEdBQUcsZUFBSyxDQUFDLE1BQU0sRUFBRSxDQUFDO1FBSy9CLHVCQUFrQixHQUFrQjtZQUNqRCxXQUFXLEVBQUUsb0JBQVcsQ0FBQyxFQUFFO1lBQzNCLFdBQVcsRUFBRTtnQkFDVCxRQUFRLEVBQUUsK0JBQStCO2dCQUN6QyxXQUFXLEVBQUUsOEJBQThCO2dCQUMzQyxTQUFTLEVBQUUsdURBQXVEO2dCQUNsRSwyREFBMkQ7Z0JBQzNELE1BQU0sRUFBRSxFQUFFO2dCQUNWLE1BQU0sRUFBRSxFQUFFO2FBQ2I7U0FDSixDQUFDO1FBR0UsSUFBSSxDQUFDLFdBQVcsR0FBRyxNQUFNLENBQUMsV0FBVyxJQUFJLEVBQUUsQ0FBQyxXQUFXLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsTUFBTSxFQUFFLEVBQUUsc0JBQXNCLENBQUMsQ0FBQyxDQUFDO1FBQ3hHLE1BQU0sV0FBVyxHQUFHLE1BQU0sQ0FBQyxXQUFXLElBQUksS0FBSyxDQUFDO1FBQ2hELElBQUksQ0FBQyxXQUFXLEdBQUcsTUFBTSxDQUFDLFdBQVcsSUFBSSxnQkFBZ0IsQ0FBQztRQUMxRCxJQUFJLENBQUMsTUFBTSxHQUFHLE1BQU0sQ0FBQyxNQUFNLElBQUksT0FBTyxDQUFDO1FBQ3ZDLElBQUksQ0FBQyxZQUFZLEdBQUcsTUFBTSxDQUFDLFlBQVksSUFBSSxTQUFTLENBQUM7UUFDckQsSUFBSSxDQUFDLGFBQWEsR0FBRyxNQUFNLENBQUMsMEJBQTBCLElBQUksSUFBSSxDQUFDO1FBQy9ELElBQUksQ0FBQyxRQUFRLEdBQUcsTUFBTSxDQUFDLHFCQUFxQixJQUFJLENBQUMsQ0FBQztRQUVsRCxJQUFJLENBQUMsYUFBYSxHQUFHLE1BQU0sQ0FBQyxhQUFhLElBQUksSUFBSSxDQUFDLGtCQUFrQixDQUFDO1FBRXJFLE1BQU0sZUFBZSxHQUFHLE1BQU0sQ0FBQyxlQUFlLElBQUksQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUM7UUFFaEUsSUFBSSxXQUFXLEVBQUUsQ0FBQztZQUNkLElBQUEsZ0NBQXNCLEVBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBQzdDLENBQUM7UUFFRCxJQUFJLENBQUMsRUFBRSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLEVBQUUsQ0FBQztZQUNuQyxFQUFFLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQztRQUN4RCxDQUFDO1FBRUQsSUFBSSxDQUFDLFdBQVcsR0FBRyxJQUFJLGFBQWEsQ0FBQyxlQUFlLENBQUMsQ0FBQztJQUMxRCxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNJLEtBQUssQ0FBQyxzQkFBc0IsQ0FBQyxNQUFpQjtRQUNqRCxNQUFNLFNBQVMsR0FBRyxNQUFNLGdCQUFNLENBQUMsWUFBWSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUM7UUFDM0UsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUN0RCxNQUFNLGlCQUFpQixHQUFHLE1BQU0sZ0JBQU0sQ0FBQyxnQkFBZ0IsQ0FBQztZQUNwRCxRQUFRLEVBQUUsU0FBUyxDQUFDLFlBQVk7WUFDaEMsVUFBVSxFQUFFLFNBQVMsQ0FBQyxVQUFVO1lBQ2hDLFVBQVUsRUFBRSxTQUFTLENBQUMsVUFBVTtZQUNoQyxXQUFXLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDO1lBQzVDLE9BQU8sRUFBRSxNQUFNLENBQUMsTUFBTTtZQUN0QixTQUFTLEVBQUUsTUFBTSxDQUFDLEtBQUs7U0FDMUIsQ0FBQyxDQUFDO1FBRUgsSUFBSSxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUMsaUJBQWlCLENBQUM7WUFDcEMsTUFBTSxJQUFJLEtBQUssQ0FBQyxzREFBc0QsQ0FBQyxDQUFDO1FBRTVFLE1BQU0sbUJBQW1CLEdBQUcsTUFBTSxnQkFBTSxDQUFDLGdCQUFnQixDQUFDO1lBQ3RELFFBQVEsRUFBRSxTQUFTLENBQUMsWUFBWTtZQUNoQyxVQUFVLEVBQUUsU0FBUyxDQUFDLFVBQVU7WUFDaEMsVUFBVSxFQUFFLFNBQVMsQ0FBQyxVQUFVO1lBQ2hDLFdBQVcsRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQUM7WUFDNUMsT0FBTyxFQUFFLGdCQUFNLENBQUMsU0FBUyxDQUFDLGdDQUFzQixDQUFDO1lBQ2pELFNBQVMsRUFBRSxDQUFDO1NBQ2YsQ0FBQyxDQUFDO1FBRUgsT0FBTyxtQkFBbUIsQ0FBQztJQUMvQixDQUFDO0lBRVMsS0FBSyxDQUFDLGFBQWEsQ0FBQyxRQUFnQjtRQUMxQyxNQUFNLEVBQUUsYUFBYSxFQUFFLFFBQVEsRUFBRSxHQUFHLElBQUksQ0FBQztRQUN6QyxNQUFNLFFBQVEsR0FBRyxNQUFNLGdCQUFVLENBQUMsZUFBZSxDQUFnQjtZQUM3RCxXQUFXLENBQUMsUUFBUTtnQkFDaEIsT0FBTyxFQUFFLFVBQVUsRUFBRSxRQUFRLENBQUMsTUFBTSxLQUFLLEdBQUcsRUFBRSxDQUFDO1lBQ25ELENBQUM7WUFDRCxPQUFPLEVBQUUsS0FBSyxJQUFJLEVBQUU7Z0JBQ2hCLE9BQU8sSUFBSSxDQUFDLGFBQWEsQ0FBQyxHQUFHLENBQUMsUUFBUSxFQUFFO29CQUNwQyxZQUFZLEVBQUUsYUFBYTtpQkFDOUIsQ0FBQyxDQUFDO1lBQ1AsQ0FBQztZQUNELFVBQVUsQ0FBQyxHQUFHO2dCQUNWLElBQUksZUFBSyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsSUFBSSxHQUFHLENBQUMsUUFBUSxFQUFFLENBQUM7b0JBQzFDLE1BQU0sTUFBTSxHQUFHLEdBQUcsQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDO29CQUVuQyxPQUFPLEVBQUUsU0FBUyxFQUFFLE1BQU0sR0FBRyxHQUFHLElBQUksTUFBTSxJQUFJLEdBQUcsSUFBSSxNQUFNLEtBQUssR0FBRyxFQUFFLENBQUM7Z0JBQzFFLENBQUM7Z0JBRUQsT0FBTyxFQUFFLFNBQVMsRUFBRSxlQUFLLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDbEQsQ0FBQztZQUNELGFBQWE7WUFDYixRQUFRO1NBQ1gsQ0FBQyxDQUFDO1FBRUgsT0FBTyxRQUFRLENBQUMsSUFBSSxDQUFDO0lBQ3pCLENBQUM7SUFFUyxhQUFhLENBQUMsSUFBWTtRQUNoQyxNQUFNLEVBQUUsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLENBQVcsQ0FBQztRQUN4RCxNQUFNLFVBQVUsR0FBRyxFQUFFLENBQUMsTUFBTSxFQUFFLE1BQU0sQ0FBQztRQUNyQyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDZCxNQUFNLElBQUksS0FBSyxDQUFDLHdCQUF3QixDQUFDLENBQUM7UUFDOUMsQ0FBQztRQUVELE1BQU0sVUFBVSxHQUFHLEVBQUUsQ0FBQyxNQUFNLEVBQUUsTUFBTSxDQUFDO1FBRXJDLE1BQU0sSUFBSSxHQUFHLEVBQUUsQ0FBQyxRQUFRLElBQUksRUFBRSxDQUFDLElBQUksQ0FBQztRQUNwQyxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDUixNQUFNLElBQUksS0FBSyxDQUFDLHdDQUF3QyxDQUFDLENBQUM7UUFDOUQsQ0FBQztRQUVELE1BQU0sRUFBRSxNQUFNLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxRQUFRLEVBQUUsR0FBRyxJQUFJLENBQUM7UUFFbEQsSUFBSSxDQUFDLE1BQU0sSUFBSSxDQUFDLE1BQU0sSUFBSSxDQUFDLE1BQU0sSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQzdDLE1BQU0sSUFBSSxLQUFLLENBQUMsNkNBQTZDLENBQUMsQ0FBQztRQUNuRSxDQUFDO1FBRUQsT0FBTztZQUNILFVBQVUsRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxLQUFLLENBQUM7WUFDMUMsVUFBVSxFQUFFLFVBQVUsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxVQUFVLEVBQUUsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLFNBQVM7WUFDbkUsUUFBUSxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLEtBQUssQ0FBQztZQUNwQyxVQUFVLEVBQUUsTUFBTTtZQUNsQixVQUFVLEVBQUUsTUFBTTtZQUNsQixZQUFZLEVBQUUsUUFBUTtTQUN6QixDQUFDO0lBQ04sQ0FBQztJQUVTLE1BQU0sQ0FBQyxjQUFjLENBQUMsR0FBRyxHQUFHLFFBQVE7UUFDMUMsTUFBTSxJQUFJLEdBQUcsSUFBQSxtQkFBVSxFQUFDLEdBQUcsQ0FBQyxDQUFDO1FBRTdCLE9BQU87WUFDSCxPQUFPLEVBQUUsSUFBSSxrQkFBUyxDQUFDO2dCQUNuQixTQUFTLEVBQUUsQ0FBQyxJQUFJLEVBQUUsUUFBUSxFQUFFLElBQUksRUFBUSxFQUFFO29CQUN0QyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDO29CQUNsQixJQUFJLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFDO2dCQUNyQixDQUFDO2FBQ0osQ0FBQztZQUNGLEdBQUcsRUFBRSxHQUFHLEVBQUUsQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFO1NBQzNCLENBQUM7SUFDTixDQUFDO0lBRVMsTUFBTSxDQUFDLEtBQUssQ0FBQyxTQUFTLENBQUMsUUFBZ0I7UUFDN0MsSUFBSSxDQUFDO1lBQ0QsTUFBTSxPQUFPLENBQUMsTUFBTSxDQUFDLFFBQVEsRUFBRSxFQUFFLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxDQUFDO1lBRWxELE9BQU8sSUFBSSxDQUFDO1FBQ2hCLENBQUM7UUFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO1lBQ1gsT0FBTyxLQUFLLENBQUM7UUFDakIsQ0FBQztJQUNMLENBQUM7SUFFUyxLQUFLLENBQUMsV0FBVyxDQUFDLEtBQWE7UUFDckMsTUFBTSxFQUFFLGFBQWEsRUFBRSxRQUFRLEVBQUUsR0FBRyxJQUFJLENBQUM7UUFDekMsTUFBTSxRQUFRLEdBQUcsTUFBTSxnQkFBVSxDQUFDLGVBQWUsQ0FBZ0I7WUFDN0QsV0FBVyxDQUFDLFFBQVE7Z0JBQ2hCLE9BQU8sRUFBRSxVQUFVLEVBQUUsUUFBUSxDQUFDLE1BQU0sS0FBSyxHQUFHLEVBQUUsQ0FBQztZQUNuRCxDQUFDO1lBQ0QsT0FBTyxFQUFFLEtBQUssSUFBSSxFQUFFO2dCQUNoQixPQUFPLElBQUksQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUN6QixnQ0FBZ0MsSUFBSSxDQUFDLFdBQVcsSUFBSSxJQUFJLENBQUMsTUFBTSxrQkFBa0IsS0FBSyxFQUFFLENBQzNGLENBQUM7WUFDTixDQUFDO1lBQ0QsVUFBVSxDQUFDLEdBQUc7Z0JBQ1YsSUFBSSxlQUFLLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxJQUFJLEdBQUcsQ0FBQyxRQUFRLEVBQUUsQ0FBQztvQkFDMUMsTUFBTSxNQUFNLEdBQUcsR0FBRyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUM7b0JBRW5DLE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSxHQUFHLEdBQUcsSUFBSSxNQUFNLElBQUksR0FBRyxJQUFJLE1BQU0sS0FBSyxHQUFHLEVBQUUsQ0FBQztnQkFDMUUsQ0FBQztnQkFFRCxPQUFPLEVBQUUsU0FBUyxFQUFFLGVBQUssQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUNsRCxDQUFDO1lBQ0QsYUFBYTtZQUNiLFFBQVE7U0FDWCxDQUFDLENBQUM7UUFDSCxNQUFNLEVBQUUsSUFBSSxFQUFFLEdBQUcsUUFBUSxDQUFDO1FBQzFCLE1BQU0sS0FBSyxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsS0FBdUIsRUFBRSxFQUFFLENBQUMsS0FBSyxDQUFDLElBQUksS0FBSyxJQUFJLENBQUMsWUFBWSxDQUFDLENBQUM7UUFFOUYsT0FBTyxLQUFLLENBQUMsb0JBQW9CLENBQUM7SUFDdEMsQ0FBQztJQUVTLEtBQUssQ0FBQyxVQUFVLENBQUMsS0FBYTtRQUNwQyxJQUFJLFNBQVMsR0FBRyxLQUFLLENBQUM7UUFDdEIsSUFBSSxPQUFpQixDQUFDO1FBRXRCLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQzNDLElBQUksTUFBTSxFQUFFLENBQUM7WUFDVCxTQUFTLEdBQUcsSUFBSSxDQUFDO1lBQ2pCLE9BQU8sR0FBRyxNQUFNLENBQUM7UUFDckIsQ0FBQzthQUFNLENBQUM7WUFDSixJQUFJLENBQUM7Z0JBQ0QsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLEtBQUssQ0FBQyxDQUFDO2dCQUMvQyxNQUFNLEVBQUUsR0FBRyxNQUFNLElBQUksQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLENBQUM7Z0JBQzlDLE9BQU8sR0FBRyxJQUFJLENBQUMsYUFBYSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1lBQ3JDLENBQUM7WUFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO2dCQUNiLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLEtBQUssRUFBRSxJQUFJLENBQUMsQ0FBQztnQkFDakQsSUFBSSxNQUFNLEVBQUUsQ0FBQztvQkFDVCxTQUFTLEdBQUcsSUFBSSxDQUFDO29CQUNqQixPQUFPLEdBQUcsTUFBTSxDQUFDO2dCQUNyQixDQUFDO3FCQUFNLENBQUM7b0JBQ0osTUFBTSxLQUFLLENBQUM7Z0JBQ2hCLENBQUM7WUFDTCxDQUFDO1FBQ0wsQ0FBQztRQUVELE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRSxHQUFHLE9BQU8sQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQUMsQ0FBQztRQUU1RixJQUFJLG1CQUFtQixHQUFHLEtBQUssQ0FBQztRQUNoQyxJQUFJLE1BQU0sc0JBQXNCLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUM7WUFDbkQsTUFBTSxVQUFVLEdBQUcsRUFBRSxDQUFDLGdCQUFnQixDQUFDLFFBQVEsQ0FBQyxDQUFDO1lBQ2pELE1BQU0sSUFBSSxHQUFHLE1BQU0sZUFBTSxDQUFDLFVBQVUsQ0FBQyxVQUFVLEVBQUU7Z0JBQzdDLElBQUksRUFBRSxzQkFBYSxDQUFDLE1BQU07Z0JBQzFCLFFBQVEsRUFBRSxpQkFBUSxDQUFDLEdBQUc7YUFDekIsQ0FBQyxDQUFDO1lBRUgsSUFBSSxPQUFPLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsS0FBSyxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUM7Z0JBQ2pELG1CQUFtQixHQUFHLElBQUksQ0FBQztZQUMvQixDQUFDO1FBQ0wsQ0FBQztRQUVELElBQUksbUJBQW1CLEtBQUssSUFBSSxFQUFFLENBQUM7WUFDL0IsTUFBTSxJQUFJLENBQUMsWUFBWSxDQUFDLE9BQU8sRUFBRSxRQUFRLENBQUMsQ0FBQztRQUMvQyxDQUFDO1FBRUQsSUFBSSxTQUFTLEtBQUssSUFBSSxFQUFFLENBQUM7WUFDckIsSUFBSSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsS0FBSyxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBQ3pDLENBQUM7UUFFRCxPQUFPO1lBQ0gsVUFBVSxFQUFFLE9BQU8sQ0FBQyxVQUFVO1lBQzlCLFVBQVUsRUFBRSxPQUFPLENBQUMsVUFBVTtZQUM5QixZQUFZLEVBQUUsUUFBUTtTQUN6QixDQUFDO0lBQ04sQ0FBQztJQUVTLEtBQUssQ0FBQyxZQUFZLENBQUMsT0FBaUIsRUFBRSxRQUFnQjtRQUM1RCxNQUFNLE1BQU0sR0FBa0I7WUFDMUIsR0FBRyxJQUFJLENBQUMsYUFBYTtZQUNyQixXQUFXLEVBQUU7Z0JBQ1QsR0FBRyxJQUFJLENBQUMsYUFBYSxDQUFDLFdBQVc7Z0JBQ2pDLE1BQU0sRUFBRSxPQUFPLENBQUMsVUFBVTtnQkFDMUIsTUFBTSxFQUFFLE9BQU8sQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDLENBQUMsQ0FBQyxHQUFHLE9BQU8sQ0FBQyxVQUFVLEdBQUc7YUFDM0Y7U0FDSixDQUFDO1FBRUYsTUFBTSxlQUFlLEdBQUcsSUFBQSwyQkFBa0IsRUFBQyxNQUFNLENBQUMsQ0FBQztRQUNuRCxNQUFNLGdCQUFnQixHQUFHLE1BQU0sZUFBZSxDQUFDLFlBQVksQ0FBQyxPQUFPLENBQUMsWUFBWSxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQ3RGLE1BQU0sRUFBRSxPQUFPLEVBQUUsVUFBVSxFQUFFLEdBQUcsRUFBRSxhQUFhLEVBQUUsR0FBRyxzQkFBc0IsQ0FBQyxjQUFjLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDcEcsTUFBTSxpQkFBUSxDQUFDLFFBQVEsQ0FBQyxnQkFBZ0IsRUFBRSxVQUFVLEVBQUUsRUFBRSxDQUFDLGlCQUFpQixDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUM7UUFFdEYsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLGFBQWEsRUFBRSxDQUFDLEVBQUUsQ0FBQztZQUM1QyxNQUFNLElBQUksS0FBSyxDQUFDLCtEQUErRCxDQUFDLENBQUM7UUFDckYsQ0FBQztJQUNMLENBQUM7Q0FDSjtBQXJRRCx3REFxUUMifQ==
323
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2V2LXNucC1tcmVuY2xhdmUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2d4LW5hdGl2ZS1tb2R1bGUvc2V2LXNucC1tcmVuY2xhdmUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFBQSwrQ0FBaUQ7QUFDakQsbURBQWdEO0FBQ2hELHVDQUF5QjtBQUN6QixxREFBdUM7QUFDdkMsMkNBQTZCO0FBQzdCLHVDQUF5QjtBQUN6Qix1Q0FBMkQ7QUFDM0Qsa0RBQTZDO0FBQzdDLG1EQU1nQztBQUNoQyxtREFBOEU7QUFDOUUsbUNBQW9DO0FBQ3BDLG1DQUE2QztBQUM3Qyx1Q0FBbUQ7QUFFbkQsNkVBQXFGO0FBa0JyRixNQUFNLFlBQVksR0FBRyxjQUFJLENBQUMsTUFBTSxDQUFDO0lBQzdCLE1BQU0sRUFBRSxjQUFJLENBQUMsTUFBTSxDQUFDLEVBQUUsTUFBTSxFQUFFLGNBQUksQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDO0lBQzlDLE1BQU0sRUFBRSxjQUFJLENBQUMsUUFBUSxDQUFDLGNBQUksQ0FBQyxNQUFNLENBQUMsRUFBRSxNQUFNLEVBQUUsY0FBSSxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsQ0FBQztJQUM3RCxRQUFRLEVBQUUsY0FBSSxDQUFDLFFBQVEsQ0FDbkIsY0FBSSxDQUFDLE1BQU0sQ0FBQztRQUNSLE1BQU0sRUFBRSxjQUFJLENBQUMsTUFBTSxFQUFFO1FBQ3JCLE1BQU0sRUFBRSxjQUFJLENBQUMsTUFBTSxFQUFFO1FBQ3JCLE1BQU0sRUFBRSxjQUFJLENBQUMsTUFBTSxFQUFFO1FBQ3JCLFFBQVEsRUFBRSxjQUFJLENBQUMsTUFBTSxFQUFFO0tBQzFCLENBQUMsQ0FDTDtJQUNELElBQUksRUFBRSxjQUFJLENBQUMsUUFBUSxDQUNmLGNBQUksQ0FBQyxNQUFNLENBQUM7UUFDUixNQUFNLEVBQUUsY0FBSSxDQUFDLE1BQU0sRUFBRTtRQUNyQixNQUFNLEVBQUUsY0FBSSxDQUFDLE1BQU0sRUFBRTtRQUNyQixNQUFNLEVBQUUsY0FBSSxDQUFDLE1BQU0sRUFBRTtRQUNyQixRQUFRLEVBQUUsY0FBSSxDQUFDLE1BQU0sRUFBRTtLQUMxQixDQUFDLENBQ0w7Q0FDSixDQUFDLENBQUM7QUFHSCxNQUFNLGFBQWE7SUFJZixZQUFZLE1BQWMsQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJO1FBSC9CLFVBQUssR0FBOEQsRUFBRSxDQUFDO1FBSTFFLElBQUksQ0FBQyxHQUFHLEdBQUcsR0FBRyxDQUFDO0lBQ25CLENBQUM7SUFFRCxHQUFHLENBQUMsR0FBVyxFQUFFLEtBQWU7UUFDNUIsTUFBTSxTQUFTLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1FBQzdCLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLEdBQUc7WUFDZCxLQUFLO1lBQ0wsU0FBUztTQUNaLENBQUM7SUFDTixDQUFDO0lBRUQsR0FBRyxDQUFDLEdBQVcsRUFBRSxRQUFpQixLQUFLO1FBQ25DLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFFL0IsSUFBSSxNQUFNLEVBQUUsQ0FBQztZQUNULElBQUksS0FBSyxLQUFLLEtBQUssRUFBRSxDQUFDO2dCQUNsQixNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7Z0JBQ3ZCLElBQUksR0FBRyxHQUFHLE1BQU0sQ0FBQyxTQUFTLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO29CQUNwQyxPQUFPLElBQUksQ0FBQztnQkFDaEIsQ0FBQztZQUNMLENBQUM7WUFFRCxPQUFPLE1BQU0sQ0FBQyxLQUFLLENBQUM7UUFDeEIsQ0FBQztRQUVELE9BQU8sSUFBSSxDQUFDO0lBQ2hCLENBQUM7SUFFRCxLQUFLO1FBQ0QsSUFBSSxDQUFDLEtBQUssR0FBRyxFQUFFLENBQUM7SUFDcEIsQ0FBQztDQUNKO0FBY0QsTUFBYSxzQkFBc0I7SUFzQi9CLFlBQVksTUFBa0M7UUFqQjdCLGtCQUFhLEdBQUcsZUFBSyxDQUFDLE1BQU0sRUFBRSxDQUFDO1FBSy9CLHVCQUFrQixHQUFrQjtZQUNqRCxXQUFXLEVBQUUsb0JBQVcsQ0FBQyxFQUFFO1lBQzNCLFdBQVcsRUFBRTtnQkFDVCxRQUFRLEVBQUUsK0JBQStCO2dCQUN6QyxXQUFXLEVBQUUsOEJBQThCO2dCQUMzQyxTQUFTLEVBQUUsdURBQXVEO2dCQUNsRSwyREFBMkQ7Z0JBQzNELE1BQU0sRUFBRSxFQUFFO2dCQUNWLE1BQU0sRUFBRSxFQUFFO2FBQ2I7U0FDSixDQUFDO1FBR0UsSUFBSSxDQUFDLFdBQVcsR0FBRyxNQUFNLENBQUMsV0FBVyxJQUFJLEVBQUUsQ0FBQyxXQUFXLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsTUFBTSxFQUFFLEVBQUUsc0JBQXNCLENBQUMsQ0FBQyxDQUFDO1FBQ3hHLE1BQU0sV0FBVyxHQUFHLE1BQU0sQ0FBQyxXQUFXLElBQUksS0FBSyxDQUFDO1FBQ2hELElBQUksQ0FBQyxXQUFXLEdBQUcsTUFBTSxDQUFDLFdBQVcsSUFBSSxnQkFBZ0IsQ0FBQztRQUMxRCxJQUFJLENBQUMsTUFBTSxHQUFHLE1BQU0sQ0FBQyxNQUFNLElBQUksT0FBTyxDQUFDO1FBQ3ZDLElBQUksQ0FBQyxZQUFZLEdBQUcsTUFBTSxDQUFDLFlBQVksSUFBSSxTQUFTLENBQUM7UUFDckQsSUFBSSxDQUFDLGFBQWEsR0FBRyxNQUFNLENBQUMsMEJBQTBCLElBQUksSUFBSSxDQUFDO1FBQy9ELElBQUksQ0FBQyxRQUFRLEdBQUcsTUFBTSxDQUFDLHFCQUFxQixJQUFJLENBQUMsQ0FBQztRQUVsRCxJQUFJLENBQUMsYUFBYSxHQUFHLE1BQU0sQ0FBQyxhQUFhLElBQUksSUFBSSxDQUFDLGtCQUFrQixDQUFDO1FBRXJFLE1BQU0sZUFBZSxHQUFHLE1BQU0sQ0FBQyxlQUFlLElBQUksQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUM7UUFFaEUsSUFBSSxXQUFXLEVBQUUsQ0FBQztZQUNkLElBQUEsZ0NBQXNCLEVBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBQzdDLENBQUM7UUFFRCxJQUFJLENBQUMsRUFBRSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLEVBQUUsQ0FBQztZQUNuQyxFQUFFLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQztRQUN4RCxDQUFDO1FBRUQsSUFBSSxDQUFDLFdBQVcsR0FBRyxJQUFJLGFBQWEsQ0FBQyxlQUFlLENBQUMsQ0FBQztJQUMxRCxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNJLEtBQUssQ0FBQyxzQkFBc0IsQ0FBQyxNQUFpQjtRQUNqRCxNQUFNLFNBQVMsR0FBRyxNQUFNLGdCQUFNLENBQUMsWUFBWSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUM7UUFDM0UsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUN0RCxNQUFNLGlCQUFpQixHQUFHLE1BQU0sZ0JBQU0sQ0FBQyxnQkFBZ0IsQ0FBQztZQUNwRCxRQUFRLEVBQUUsU0FBUyxDQUFDLFlBQVk7WUFDaEMsVUFBVSxFQUFFLFNBQVMsQ0FBQyxVQUFVO1lBQ2hDLFVBQVUsRUFBRSxTQUFTLENBQUMsVUFBVTtZQUNoQyxXQUFXLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDO1lBQzVDLE9BQU8sRUFBRSxNQUFNLENBQUMsTUFBTTtZQUN0QixTQUFTLEVBQUUsTUFBTSxDQUFDLEtBQUs7WUFDdkIsSUFBSSxFQUFFLE1BQU0sSUFBQSxtQ0FBYSxFQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBQ3hELE1BQU0sRUFBRSxNQUFNLElBQUEscUNBQWUsRUFBQyxNQUFNLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsQ0FBQztTQUMvRCxDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQztZQUNwQyxNQUFNLElBQUksS0FBSyxDQUNYLHlEQUF5RDtnQkFDckQsY0FBYyxTQUFTLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxJQUFJO2dCQUMzQyxzQkFBc0IsaUJBQWlCLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxJQUFJO2dCQUMzRCxpQkFBaUIsTUFBTSxDQUFDLEtBQUssSUFBSTtnQkFDakMsY0FBYyxJQUFJLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQ2hELENBQUM7UUFFTixNQUFNLG1CQUFtQixHQUFHLE1BQU0sZ0JBQU0sQ0FBQyxnQkFBZ0IsQ0FBQztZQUN0RCxRQUFRLEVBQUUsU0FBUyxDQUFDLFlBQVk7WUFDaEMsVUFBVSxFQUFFLFNBQVMsQ0FBQyxVQUFVO1lBQ2hDLFVBQVUsRUFBRSxTQUFTLENBQUMsVUFBVTtZQUNoQyxXQUFXLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDO1lBQzVDLE9BQU8sRUFBRSxnQkFBTSxDQUFDLFNBQVMsQ0FBQyxnQ0FBc0IsQ0FBQztZQUNqRCxTQUFTLEVBQUUsQ0FBQztTQUNmLENBQUMsQ0FBQztRQUVILE9BQU8sbUJBQW1CLENBQUM7SUFDL0IsQ0FBQztJQUVTLEtBQUssQ0FBQyxhQUFhLENBQUMsUUFBZ0I7UUFDMUMsTUFBTSxFQUFFLGFBQWEsRUFBRSxRQUFRLEVBQUUsR0FBRyxJQUFJLENBQUM7UUFDekMsTUFBTSxRQUFRLEdBQUcsTUFBTSxnQkFBVSxDQUFDLGVBQWUsQ0FBZ0I7WUFDN0QsV0FBVyxDQUFDLFFBQVE7Z0JBQ2hCLE9BQU8sRUFBRSxVQUFVLEVBQUUsUUFBUSxDQUFDLE1BQU0sS0FBSyxHQUFHLEVBQUUsQ0FBQztZQUNuRCxDQUFDO1lBQ0QsT0FBTyxFQUFFLEtBQUssSUFBSSxFQUFFO2dCQUNoQixPQUFPLElBQUksQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUFDLFFBQVEsRUFBRTtvQkFDcEMsWUFBWSxFQUFFLGFBQWE7aUJBQzlCLENBQUMsQ0FBQztZQUNQLENBQUM7WUFDRCxVQUFVLENBQUMsR0FBRztnQkFDVixJQUFJLGVBQUssQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLElBQUksR0FBRyxDQUFDLFFBQVEsRUFBRSxDQUFDO29CQUMxQyxNQUFNLE1BQU0sR0FBRyxHQUFHLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQztvQkFFbkMsT0FBTyxFQUFFLFNBQVMsRUFBRSxNQUFNLEdBQUcsR0FBRyxJQUFJLE1BQU0sSUFBSSxHQUFHLElBQUksTUFBTSxLQUFLLEdBQUcsRUFBRSxDQUFDO2dCQUMxRSxDQUFDO2dCQUVELE9BQU8sRUFBRSxTQUFTLEVBQUUsZUFBSyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ2xELENBQUM7WUFDRCxhQUFhO1lBQ2IsUUFBUTtTQUNYLENBQUMsQ0FBQztRQUVILE9BQU8sUUFBUSxDQUFDLElBQUksQ0FBQztJQUN6QixDQUFDO0lBRVMsYUFBYSxDQUFDLElBQVk7UUFDaEMsTUFBTSxLQUFLLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUVyQyxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQ2pDLE1BQU0sRUFBRSxPQUFPLEVBQUUsR0FBRyxJQUFBLHlCQUFnQixFQUFDLE1BQU0sRUFBRSxZQUFZLENBQUMsQ0FBQztRQUMzRCxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDWCxNQUFNLGdCQUFnQixHQUFHLEtBQUssQ0FBQyxJQUFJLENBQUMsYUFBSyxDQUFDLE1BQU0sQ0FBQyxZQUFZLEVBQUUsTUFBTSxDQUFDLENBQUMsQ0FBQztZQUN4RSxJQUFJLGdCQUFnQixDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztnQkFDOUIsTUFBTSxJQUFJLEtBQUssQ0FBQywrQkFBK0IsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUN4RyxDQUFDO1FBQ0wsQ0FBQztRQUVELE1BQU0sRUFBRSxHQUFHLE1BQWdCLENBQUM7UUFFNUIsTUFBTSxVQUFVLEdBQUcsRUFBRSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUM7UUFDcEMsTUFBTSxVQUFVLEdBQUcsRUFBRSxDQUFDLE1BQU0sRUFBRSxNQUFNLENBQUM7UUFFckMsTUFBTSxJQUFJLEdBQUcsRUFBRSxDQUFDLFFBQVEsSUFBSSxFQUFFLENBQUMsSUFBSSxDQUFDO1FBQ3BDLElBQUksQ0FBQyxJQUFJLEVBQUUsQ0FBQztZQUNSLE1BQU0sSUFBSSxLQUFLLENBQUMsd0NBQXdDLENBQUMsQ0FBQztRQUM5RCxDQUFDO1FBRUQsTUFBTSxFQUFFLE1BQU0sRUFBRSxNQUFNLEVBQUUsTUFBTSxFQUFFLFFBQVEsRUFBRSxHQUFHLElBQUksQ0FBQztRQUVsRCxJQUFJLENBQUMsTUFBTSxJQUFJLENBQUMsTUFBTSxJQUFJLENBQUMsTUFBTSxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDN0MsTUFBTSxJQUFJLEtBQUssQ0FBQyw2Q0FBNkMsQ0FBQyxDQUFDO1FBQ25FLENBQUM7UUFFRCxPQUFPO1lBQ0gsVUFBVSxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLEtBQUssQ0FBQztZQUMxQyxVQUFVLEVBQUUsVUFBVSxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsU0FBUztZQUNuRSxRQUFRLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsS0FBSyxDQUFDO1lBQ3BDLFVBQVUsRUFBRSxNQUFNO1lBQ2xCLFVBQVUsRUFBRSxNQUFNO1lBQ2xCLFlBQVksRUFBRSxRQUFRO1NBQ3pCLENBQUM7SUFDTixDQUFDO0lBRVMsTUFBTSxDQUFDLGNBQWMsQ0FBQyxHQUFHLEdBQUcsUUFBUTtRQUMxQyxNQUFNLElBQUksR0FBRyxJQUFBLG1CQUFVLEVBQUMsR0FBRyxDQUFDLENBQUM7UUFFN0IsT0FBTztZQUNILE9BQU8sRUFBRSxJQUFJLGtCQUFTLENBQUM7Z0JBQ25CLFNBQVMsRUFBRSxDQUFDLElBQUksRUFBRSxRQUFRLEVBQUUsSUFBSSxFQUFRLEVBQUU7b0JBQ3RDLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUM7b0JBQ2xCLElBQUksQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLENBQUM7Z0JBQ3JCLENBQUM7YUFDSixDQUFDO1lBQ0YsR0FBRyxFQUFFLEdBQUcsRUFBRSxDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUU7U0FDM0IsQ0FBQztJQUNOLENBQUM7SUFFUyxNQUFNLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxRQUFnQjtRQUM3QyxJQUFJLENBQUM7WUFDRCxNQUFNLE9BQU8sQ0FBQyxNQUFNLENBQUMsUUFBUSxFQUFFLEVBQUUsQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLENBQUM7WUFFbEQsT0FBTyxJQUFJLENBQUM7UUFDaEIsQ0FBQztRQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7WUFDWCxPQUFPLEtBQUssQ0FBQztRQUNqQixDQUFDO0lBQ0wsQ0FBQztJQUVTLEtBQUssQ0FBQyxXQUFXLENBQUMsS0FBYTtRQUNyQyxNQUFNLEVBQUUsYUFBYSxFQUFFLFFBQVEsRUFBRSxHQUFHLElBQUksQ0FBQztRQUN6QyxNQUFNLFFBQVEsR0FBRyxNQUFNLGdCQUFVLENBQUMsZUFBZSxDQUFnQjtZQUM3RCxXQUFXLENBQUMsUUFBUTtnQkFDaEIsT0FBTyxFQUFFLFVBQVUsRUFBRSxRQUFRLENBQUMsTUFBTSxLQUFLLEdBQUcsRUFBRSxDQUFDO1lBQ25ELENBQUM7WUFDRCxPQUFPLEVBQUUsS0FBSyxJQUFJLEVBQUU7Z0JBQ2hCLE9BQU8sSUFBSSxDQUFDLGFBQWEsQ0FBQyxHQUFHLENBQ3pCLGdDQUFnQyxJQUFJLENBQUMsV0FBVyxJQUFJLElBQUksQ0FBQyxNQUFNLGtCQUFrQixLQUFLLEVBQUUsQ0FDM0YsQ0FBQztZQUNOLENBQUM7WUFDRCxVQUFVLENBQUMsR0FBRztnQkFDVixJQUFJLGVBQUssQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLElBQUksR0FBRyxDQUFDLFFBQVEsRUFBRSxDQUFDO29CQUMxQyxNQUFNLE1BQU0sR0FBRyxHQUFHLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQztvQkFFbkMsT0FBTyxFQUFFLFNBQVMsRUFBRSxNQUFNLEdBQUcsR0FBRyxJQUFJLE1BQU0sSUFBSSxHQUFHLElBQUksTUFBTSxLQUFLLEdBQUcsRUFBRSxDQUFDO2dCQUMxRSxDQUFDO2dCQUVELE9BQU8sRUFBRSxTQUFTLEVBQUUsZUFBSyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ2xELENBQUM7WUFDRCxhQUFhO1lBQ2IsUUFBUTtTQUNYLENBQUMsQ0FBQztRQUNILE1BQU0sRUFBRSxJQUFJLEVBQUUsR0FBRyxRQUFRLENBQUM7UUFDMUIsTUFBTSxLQUFLLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQyxLQUF1QixFQUFFLEVBQUUsQ0FBQyxLQUFLLENBQUMsSUFBSSxLQUFLLElBQUksQ0FBQyxZQUFZLENBQUMsQ0FBQztRQUU5RixJQUFJLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDVCxNQUFNLElBQUksS0FBSyxDQUFDLDhCQUE4QixJQUFJLENBQUMsWUFBWSxjQUFjLEtBQUssR0FBRyxDQUFDLENBQUM7UUFDM0YsQ0FBQztRQUVELE9BQU8sS0FBSyxDQUFDLG9CQUFvQixDQUFDO0lBQ3RDLENBQUM7SUFFUyxLQUFLLENBQUMsVUFBVSxDQUFDLEtBQWE7UUFDcEMsSUFBSSxTQUFTLEdBQUcsS0FBSyxDQUFDO1FBQ3RCLElBQUksT0FBaUIsQ0FBQztRQUV0QixNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUMzQyxJQUFJLE1BQU0sRUFBRSxDQUFDO1lBQ1QsU0FBUyxHQUFHLElBQUksQ0FBQztZQUNqQixPQUFPLEdBQUcsTUFBTSxDQUFDO1FBQ3JCLENBQUM7YUFBTSxDQUFDO1lBQ0osSUFBSSxDQUFDO2dCQUNELE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxLQUFLLENBQUMsQ0FBQztnQkFDL0MsTUFBTSxFQUFFLEdBQUcsTUFBTSxJQUFJLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxDQUFDO2dCQUM5QyxPQUFPLEdBQUcsSUFBSSxDQUFDLGFBQWEsQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUNyQyxDQUFDO1lBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztnQkFDYixNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxLQUFLLEVBQUUsSUFBSSxDQUFDLENBQUM7Z0JBQ2pELElBQUksTUFBTSxFQUFFLENBQUM7b0JBQ1QsU0FBUyxHQUFHLElBQUksQ0FBQztvQkFDakIsT0FBTyxHQUFHLE1BQU0sQ0FBQztnQkFDckIsQ0FBQztxQkFBTSxDQUFDO29CQUNKLE1BQU0sS0FBSyxDQUFDO2dCQUNoQixDQUFDO1lBQ0wsQ0FBQztRQUNMLENBQUM7UUFFRCxNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsR0FBRyxPQUFPLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLENBQUM7UUFFNUYsSUFBSSxtQkFBbUIsR0FBRyxLQUFLLENBQUM7UUFDaEMsSUFBSSxNQUFNLHNCQUFzQixDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO1lBQ25ELE1BQU0sVUFBVSxHQUFHLEVBQUUsQ0FBQyxnQkFBZ0IsQ0FBQyxRQUFRLENBQUMsQ0FBQztZQUNqRCxNQUFNLElBQUksR0FBRyxNQUFNLGVBQU0sQ0FBQyxVQUFVLENBQUMsVUFBVSxFQUFFO2dCQUM3QyxJQUFJLEVBQUUsc0JBQWEsQ0FBQyxNQUFNO2dCQUMxQixRQUFRLEVBQUUsaUJBQVEsQ0FBQyxHQUFHO2FBQ3pCLENBQUMsQ0FBQztZQUVILElBQUksT0FBTyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLEtBQUssSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDO2dCQUNqRCxtQkFBbUIsR0FBRyxJQUFJLENBQUM7WUFDL0IsQ0FBQztRQUNMLENBQUM7UUFFRCxJQUFJLG1CQUFtQixLQUFLLElBQUksRUFBRSxDQUFDO1lBQy9CLE1BQU0sSUFBSSxDQUFDLFlBQVksQ0FBQyxPQUFPLEVBQUUsUUFBUSxDQUFDLENBQUM7UUFDL0MsQ0FBQztRQUVELElBQUksU0FBUyxLQUFLLElBQUksRUFBRSxDQUFDO1lBQ3JCLElBQUksQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLEtBQUssRUFBRSxPQUFPLENBQUMsQ0FBQztRQUN6QyxDQUFDO1FBRUQsT0FBTztZQUNILFVBQVUsRUFBRSxPQUFPLENBQUMsVUFBVTtZQUM5QixVQUFVLEVBQUUsT0FBTyxDQUFDLFVBQVU7WUFDOUIsWUFBWSxFQUFFLFFBQVE7WUFDdEIsUUFBUSxFQUFFLE9BQU8sQ0FBQyxRQUFRO1NBQzdCLENBQUM7SUFDTixDQUFDO0lBRVMsS0FBSyxDQUFDLFlBQVksQ0FBQyxPQUFpQixFQUFFLFFBQWdCO1FBQzVELE1BQU0sTUFBTSxHQUFrQjtZQUMxQixHQUFHLElBQUksQ0FBQyxhQUFhO1lBQ3JCLFdBQVcsRUFBRTtnQkFDVCxHQUFHLElBQUksQ0FBQyxhQUFhLENBQUMsV0FBVztnQkFDakMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxVQUFVO2dCQUMxQixNQUFNLEVBQUUsT0FBTyxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLEdBQUcsT0FBTyxDQUFDLFVBQVUsR0FBRzthQUMzRjtTQUNKLENBQUM7UUFFRixNQUFNLGVBQWUsR0FBRyxJQUFBLDJCQUFrQixFQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ25ELE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxlQUFlLENBQUMsWUFBWSxDQUFDLE9BQU8sQ0FBQyxZQUFZLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDdEYsTUFBTSxFQUFFLE9BQU8sRUFBRSxVQUFVLEVBQUUsR0FBRyxFQUFFLGFBQWEsRUFBRSxHQUFHLHNCQUFzQixDQUFDLGNBQWMsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUNwRyxNQUFNLGlCQUFRLENBQUMsUUFBUSxDQUFDLGdCQUFnQixFQUFFLFVBQVUsRUFBRSxFQUFFLENBQUMsaUJBQWlCLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQztRQUV0RixJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsYUFBYSxFQUFFLENBQUMsRUFBRSxDQUFDO1lBQzVDLE1BQU0sSUFBSSxLQUFLLENBQUMsK0RBQStELENBQUMsQ0FBQztRQUNyRixDQUFDO0lBQ0wsQ0FBQztDQUNKO0FBMVJELHdEQTBSQyJ9
package/dist/sgx-native-module/sev-snp-schema.d.ts ADDED
@@ -0,0 +1,22 @@
1
+ import { Static, TLiteral } from "@sinclair/typebox";
2
+ import { ImportantSecurityFields } from "../../bindings/amd-sev-snp-napi-rs";
3
+ export declare const CommonPolicyKeyName = "Common";
4
+ export declare const importantFieldNames: (keyof ImportantSecurityFields)[];
5
+ export declare enum RuleOperator {
6
+ Le = "le",
7
+ Eq = "eq",
8
+ Ge = "ge"
9
+ }
10
+ declare const PolicyRuleSchema: import("@sinclair/typebox").TObject<{
11
+ name: import("@sinclair/typebox").TUnion<[TLiteral<string>, ...TLiteral<string>[]]>;
12
+ operator: import("@sinclair/typebox").TUnion<TLiteral<RuleOperator>[]>;
13
+ value: import("@sinclair/typebox").TUnion<[import("@sinclair/typebox").TNumber, import("@sinclair/typebox").TBoolean]>;
14
+ }>;
15
+ export declare const PolicySetSchema: import("@sinclair/typebox").TObject<{
16
+ [x: string]: any;
17
+ }>;
18
+ export type PolicySet = Static<typeof PolicySetSchema>;
19
+ export type PolicyRule = Static<typeof PolicyRuleSchema> & {
20
+ name: keyof ImportantSecurityFields;
21
+ };
22
+ export {};
package/dist/sgx-native-module/sev-snp-schema.js ADDED
@@ -0,0 +1,24 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.PolicySetSchema = exports.RuleOperator = exports.importantFieldNames = exports.CommonPolicyKeyName = void 0;
4
+ const typebox_1 = require("@sinclair/typebox");
5
+ const amd_sev_snp_napi_rs_1 = require("../../bindings/amd-sev-snp-napi-rs");
6
+ exports.CommonPolicyKeyName = "Common";
7
+ exports.importantFieldNames = Object.keys(amd_sev_snp_napi_rs_1.IMPORTANT_SECURITY_FIELDS_DUMMY);
8
+ const importantFieldLiterals = exports.importantFieldNames.map((k) => typebox_1.Type.Literal(k));
9
+ var RuleOperator;
10
+ (function (RuleOperator) {
11
+ RuleOperator["Le"] = "le";
12
+ RuleOperator["Eq"] = "eq";
13
+ RuleOperator["Ge"] = "ge";
14
+ })(RuleOperator || (exports.RuleOperator = RuleOperator = {}));
15
+ const PolicyRuleSchema = typebox_1.Type.Object({
16
+ name: typebox_1.Type.Union(importantFieldLiterals),
17
+ operator: typebox_1.Type.Union(Object.values(RuleOperator).map((op) => typebox_1.Type.Literal(op))),
18
+ value: typebox_1.Type.Union([typebox_1.Type.Number(), typebox_1.Type.Boolean()]),
19
+ });
20
+ exports.PolicySetSchema = typebox_1.Type.Partial(typebox_1.Type.Object(Object.fromEntries([
21
+ ...Object.values(amd_sev_snp_napi_rs_1.WellKnownSnpCodeNames).map((key) => [key, typebox_1.Type.Array(PolicyRuleSchema)]),
22
+ [exports.CommonPolicyKeyName, typebox_1.Type.Array(PolicyRuleSchema)],
23
+ ])), { additionalProperties: false });
24
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2V2LXNucC1zY2hlbWEuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2d4LW5hdGl2ZS1tb2R1bGUvc2V2LXNucC1zY2hlbWEudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsK0NBQTJEO0FBQzNELDRFQUk0QztBQUUvQixRQUFBLG1CQUFtQixHQUFHLFFBQVEsQ0FBQztBQUUvQixRQUFBLG1CQUFtQixHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMscURBQStCLENBQXNDLENBQUM7QUFFckgsTUFBTSxzQkFBc0IsR0FBRywyQkFBbUIsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLGNBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBRzVFLENBQUM7QUFFRixJQUFZLFlBSVg7QUFKRCxXQUFZLFlBQVk7SUFDcEIseUJBQVMsQ0FBQTtJQUNULHlCQUFTLENBQUE7SUFDVCx5QkFBUyxDQUFBO0FBQ2IsQ0FBQyxFQUpXLFlBQVksNEJBQVosWUFBWSxRQUl2QjtBQUVELE1BQU0sZ0JBQWdCLEdBQUcsY0FBSSxDQUFDLE1BQU0sQ0FBQztJQUNqQyxJQUFJLEVBQUUsY0FBSSxDQUFDLEtBQUssQ0FBQyxzQkFBc0IsQ0FBQztJQUN4QyxRQUFRLEVBQUUsY0FBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLFlBQVksQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsRUFBRSxFQUFFLENBQUMsY0FBSSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBQy9FLEtBQUssRUFBRSxjQUFJLENBQUMsS0FBSyxDQUFDLENBQUMsY0FBSSxDQUFDLE1BQU0sRUFBRSxFQUFFLGNBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO0NBQ3JELENBQUMsQ0FBQztBQUVVLFFBQUEsZUFBZSxHQUFHLGNBQUksQ0FBQyxPQUFPLENBQ3ZDLGNBQUksQ0FBQyxNQUFNLENBQ1AsTUFBTSxDQUFDLFdBQVcsQ0FBQztJQUNmLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQywyQ0FBcUIsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsQ0FBQyxHQUFHLEVBQUUsY0FBSSxDQUFDLEtBQUssQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDLENBQUM7SUFDekYsQ0FBQywyQkFBbUIsRUFBRSxjQUFJLENBQUMsS0FBSyxDQUFDLGdCQUFnQixDQUFDLENBQUM7Q0FDdEQsQ0FBQyxDQUNMLEVBQ0QsRUFBRSxvQkFBb0IsRUFBRSxLQUFLLEVBQUUsQ0FDbEMsQ0FBQyJ9
package/dist/sgx-native-module/sev-snp.d.ts CHANGED
@@ -1,10 +1,7 @@
1
1
  /// <reference types="node" />
2
- import { CpuInfo } from "../../bindings/amd-sev-snp-napi-rs/";
2
+ import { CpuInfo, ImportantSecurityFields, WellKnownSnpCodeNames } from "../../bindings/amd-sev-snp-napi-rs/";
3
3
  import { SnpCert, SevSnpCertificateFormat, SNPReport, SNPReportWithChain } from "../proto/AmdSevSnp";
4
- export declare enum SupportedAmdSevSnpGenerations {
5
- Milan = "Milan",
6
- Genoa = "Genoa"
7
- }
4
+ import { PolicySet } from "./sev-snp-schema";
8
5
  export interface CalcSnpMrEnclaveParams {
9
6
  ovmfPath: string;
10
7
  kernelHash: Buffer;
@@ -20,8 +17,6 @@ export declare const EMPTY_INITRD_SHA256_HASH: Buffer;
20
17
  export type ArkHashes = {
21
18
  [key: string]: Buffer;
22
19
  };
23
- export declare const ARK_MILAN = "-----BEGIN CERTIFICATE-----\nMIIGYzCCBBKgAwIBAgIDAQAAMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC\nBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS\nBgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg\nQ2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp\nY2VzMRIwEAYDVQQDDAlBUkstTWlsYW4wHhcNMjAxMDIyMTcyMzA1WhcNNDUxMDIy\nMTcyMzA1WjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS\nBgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j\nZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJQVJLLU1pbGFuMIICIjANBgkqhkiG\n9w0BAQEFAAOCAg8AMIICCgKCAgEA0Ld52RJOdeiJlqK2JdsVmD7FktuotWwX1fNg\nW41XY9Xz1HEhSUmhLz9Cu9DHRlvgJSNxbeYYsnJfvyjx1MfU0V5tkKiU1EesNFta\n1kTA0szNisdYc9isqk7mXT5+KfGRbfc4V/9zRIcE8jlHN61S1ju8X93+6dxDUrG2\nSzxqJ4BhqyYmUDruPXJSX4vUc01P7j98MpqOS95rORdGHeI52Naz5m2B+O+vjsC0\n60d37jY9LFeuOP4Meri8qgfi2S5kKqg/aF6aPtuAZQVR7u3KFYXP59XmJgtcog05\ngmI0T/OitLhuzVvpZcLph0odh/1IPXqx3+MnjD97A7fXpqGd/y8KxX7jksTEzAOg\nbKAeam3lm+3yKIcTYMlsRMXPcjNbIvmsBykD//xSniusuHBkgnlENEWx1UcbQQrs\n+gVDkuVPhsnzIRNgYvM48Y+7LGiJYnrmE8xcrexekBxrva2V9TJQqnN3Q53kt5vi\nQi3+gCfmkwC0F0tirIZbLkXPrPwzZ0M9eNxhIySb2npJfgnqz55I0u33wh4r0ZNQ\neTGfw03MBUtyuzGesGkcw+loqMaq1qR4tjGbPYxCvpCq7+OgpCCoMNit2uLo9M18\nfHz10lOMT8nWAUvRZFzteXCm+7PHdYPlmQwUw3LvenJ/ILXoQPHfbkH0CyPfhl1j\nWhJFZasCAwEAAaN+MHwwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSFrBrRQ/fI\nrFXUxR1BSKvVeErUUzAPBgNVHRMBAf8EBTADAQH/MDoGA1UdHwQzMDEwL6AtoCuG\nKWh0dHBzOi8va2RzaW50Zi5hbWQuY29tL3ZjZWsvdjEvTWlsYW4vY3JsMEYGCSqG\nSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZI\nAWUDBAICBQCiAwIBMKMDAgEBA4ICAQC6m0kDp6zv4Ojfgy+zleehsx6ol0ocgVel\nETobpx+EuCsqVFRPK1jZ1sp/lyd9+0fQ0r66n7kagRk4Ca39g66WGTJMeJdqYriw\nSTjjDCKVPSesWXYPVAyDhmP5n2v+BYipZWhpvqpaiO+EGK5IBP+578QeW/sSokrK\ndHaLAxG2LhZxj9aF73fqC7OAJZ5aPonw4RE299FVarh1Tx2eT3wSgkDgutCTB1Yq\nzT5DuwvAe+co2CIVIzMDamYuSFjPN0BCgojl7V+bTou7dMsqIu/TW/rPCX9/EUcp\nKGKqPQ3P+N9r1hjEFY1plBg93t53OOo49GNI+V1zvXPLI6xIFVsh+mto2RtgEX/e\npmMKTNN6psW88qg7c1hTWtN6MbRuQ0vm+O+/2tKBF2h8THb94OvvHHoFDpbCELlq\nHnIYhxy0YKXGyaW1NjfULxrrmxVW4wcn5E8GddmvNa6yYm8scJagEi13mhGu4Jqh\n3QU3sf8iUSUr09xQDwHtOQUVIqx4maBZPBtSMf+qUDtjXSSq8lfWcd8bLr9mdsUn\nJZJ0+tuPMKmBnSH860llKk+VpVQsgqbzDIvOLvD6W1Umq25boxCYJ+TuBoa4s+HH\nCViAvgT9kf/rBq1d+ivj6skkHxuzcxbk1xv6ZGxrteJxVH7KlX7YRdZ6eARKwLe4\nAFZEAwoKCQ==\n-----END CERTIFICATE-----";
24
- export declare const ARK_GENOA = "-----BEGIN CERTIFICATE-----\nMIIGYzCCBBKgAwIBAgIDAgAAMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC\nBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS\nBgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg\nQ2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp\nY2VzMRIwEAYDVQQDDAlBUkstR2Vub2EwHhcNMjIwMTI2MTUzNDM3WhcNNDcwMTI2\nMTUzNDM3WjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS\nBgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j\nZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJQVJLLUdlbm9hMIICIjANBgkqhkiG\n9w0BAQEFAAOCAg8AMIICCgKCAgEA3Cd95S/uFOuRIskW9vz9VDBF69NDQF79oRhL\n/L2PVQGhK3YdfEBgpF/JiwWFBsT/fXDhzA01p3LkcT/7LdjcRfKXjHl+0Qq/M4dZ\nkh6QDoUeKzNBLDcBKDDGWo3v35NyrxbA1DnkYwUKU5AAk4P94tKXLp80oxt84ahy\nHoLmc/LqsGsp+oq1Bz4PPsYLwTG4iMKVaaT90/oZ4I8oibSru92vJhlqWO27d/Rx\nc3iUMyhNeGToOvgx/iUo4gGpG61NDpkEUvIzuKcaMx8IdTpWg2DF6SwF0IgVMffn\nvtJmA68BwJNWo1E4PLJdaPfBifcJpuBFwNVQIPQEVX3aP89HJSp8YbY9lySS6PlV\nEqTBBtaQmi4ATGmMR+n2K/e+JAhU2Gj7jIpJhOkdH9firQDnmlA2SFfJ/Cc0mGNz\nW9RmIhyOUnNFoclmkRhl3/AQU5Ys9Qsan1jT/EiyT+pCpmnA+y9edvhDCbOG8F2o\nxHGRdTBkylungrkXJGYiwGrR8kaiqv7NN8QhOBMqYjcbrkEr0f8QMKklIS5ruOfq\nlLMCBw8JLB3LkjpWgtD7OpxkzSsohN47Uom86RY6lp72g8eXHP1qYrnvhzaG1S70\nvw6OkbaaC9EjiH/uHgAJQGxon7u0Q7xgoREWA/e7JcBQwLg80Hq/sbRuqesxz7wB\nWSY254cCAwEAAaN+MHwwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSfXfn+Ddjz\nWtAzGiXvgSlPvjGoWzAPBgNVHRMBAf8EBTADAQH/MDoGA1UdHwQzMDEwL6AtoCuG\nKWh0dHBzOi8va2RzaW50Zi5hbWQuY29tL3ZjZWsvdjEvR2Vub2EvY3JsMEYGCSqG\nSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZI\nAWUDBAICBQCiAwIBMKMDAgEBA4ICAQAdIlPBC7DQmvH7kjlOznFx3i21SzOPDs5L\n7SgFjMC9rR07292GQCA7Z7Ulq97JQaWeD2ofGGse5swj4OQfKfVv/zaJUFjvosZO\nnfZ63epu8MjWgBSXJg5QE/Al0zRsZsp53DBTdA+Uv/s33fexdenT1mpKYzhIg/cK\ntz4oMxq8JKWJ8Po1CXLzKcfrTphjlbkh8AVKMXeBd2SpM33B1YP4g1BOdk013kqb\n7bRHZ1iB2JHG5cMKKbwRCSAAGHLTzASgDcXr9Fp7Z3liDhGu/ci1opGmkp12QNiJ\nuBbkTU+xDZHm5X8Jm99BX7NEpzlOwIVR8ClgBDyuBkBC2ljtr3ZSaUIYj2xuyWN9\n5KFY49nWxcz90CFa3Hzmy4zMQmBe9dVyls5eL5p9bkXcgRMDTbgmVZiAf4afe8DL\ndmQcYcMFQbHhgVzMiyZHGJgcCrQmA7MkTwEIds1wx/HzMcwU4qqNBAoZV7oeIIPx\ndqFXfPqHqiRlEbRDfX1TG5NFVaeByX0GyH6jzYVuezETzruaky6fp2bl2bczxPE8\nHdS38ijiJmm9vl50RGUeOAXjSuInGR4bsRufeGPB9peTa9BcBOeTWzstqTUB/F/q\naZCIZKr4X6TyfUuSDz/1JDAGl+lxdM0P9+lLaP9NahQjHCVf0zf1c1salVuGFk2w\n/wMz1R1BHg==\n-----END CERTIFICATE-----";
25
20
  export declare function getDefaultArkHashes(): ArkHashes;
26
21
  export declare class SevSNP {
27
22
  static serializeSNPReport(report: SNPReportWithChain): Buffer;
@@ -33,8 +28,9 @@ export declare class SevSNP {
33
28
  /**
34
29
  * Method for generation AMD SEV-SNP Report
35
30
  * @param userData - The data that will be included in the report and will be signed
31
+ * @param vmpl - Optional VMPL value to pass to the firmware when requesting a report (default: 0)
36
32
  */
37
- static generateSNPReport(userData: Buffer): Promise<SNPReport>;
33
+ static generateSNPReport(userData: Buffer, vmpl?: number): Promise<SNPReport>;
38
34
  /**
39
35
  * Method for fetch certificates from AMD KDS
40
36
  * @param report - report generated by the `generateSNPReport` method
@@ -64,7 +60,7 @@ export declare class SevSNP {
64
60
  stdout: string;
65
61
  stderr: string;
66
62
  }>;
67
- static getCertHash(cert: SnpCert): Buffer;
63
+ static getCertHash(cert: Omit<SnpCert, "type">): Buffer;
68
64
  protected static isValidArk(ARK: SnpCert, trustedHashes: ArkHashes): boolean;
69
65
  /**
70
66
  * AMD SEV-SNP verification method
@@ -111,4 +107,16 @@ export declare class SevSNP {
111
107
  * @param cpuInfo - Structure containing family, model and stepping @see CpuInfo
112
108
  */
113
109
  static getCpuSig(cpuInfo: CpuInfo): number;
110
+ static getReportImportantSecurityFields(report: Buffer): Promise<ImportantSecurityFields>;
111
+ static getReportCpuInfo(report: Buffer): Promise<CpuInfo>;
112
+ static getCpuGeneration(cpuInfo: CpuInfo): Promise<WellKnownSnpCodeNames>;
113
+ static parsePolicySet(jsonText: string): PolicySet;
114
+ private static checkRule;
115
+ /**
116
+ * Verify SNP report against a PolicySet.
117
+ * Throws an error if any rule fails.
118
+ * @param report - SNPReport
119
+ * @param policySet - PolicySet containing rules
120
+ */
121
+ static verifyPolicy(report: Buffer, policySet?: PolicySet): Promise<void>;
114
122
  }