@super-protocol/addons-tee 0.9.9 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bindings/amd-sev-snp-napi-rs/amd-sev-snp-napi-rs.linux-x64-gnu.node +0 -0
- package/bindings/amd-sev-snp-napi-rs/index.d.ts +27 -0
- package/bindings/amd-sev-snp-napi-rs/index.js +12 -1
- package/bindings/sgx-native/build/Release/sgx_native.node +0 -0
- package/bindings/sp-sev/.github/workflows/lint.yml +3 -3
- package/bindings/sp-sev/.github/workflows/test.yml +163 -2
- package/bindings/sp-sev/Cargo.lock +521 -281
- package/bindings/sp-sev/Cargo.toml +11 -11
- package/bindings/sp-sev/tests/api.rs +9 -6
- package/bindings/sp-sev/tests/certs.rs +4 -5
- package/bindings/sp-sev/tests/guest.rs +2 -1
- package/bindings/sp-sev/tests/id-block.rs +9 -5
- package/bindings/sp-sev/tests/snp_launch.rs +1 -1
- package/bindings/utils/virtee/libsev.so +0 -0
- package/bindings/utils/virtee/snpguest +0 -0
- package/dist/sgx-native-module/index.d.ts +1 -0
- package/dist/sgx-native-module/index.js +2 -1
- package/dist/sgx-native-module/pki.service.d.ts +0 -2
- package/dist/sgx-native-module/pki.service.js +1 -16
- package/dist/sgx-native-module/sev-snp-mrenclave.d.ts +1 -1
- package/dist/sgx-native-module/sev-snp-mrenclave.js +37 -6
- package/dist/sgx-native-module/sev-snp-schema.d.ts +22 -0
- package/dist/sgx-native-module/sev-snp-schema.js +24 -0
- package/dist/sgx-native-module/sev-snp.d.ts +21 -8
- package/dist/sgx-native-module/sev-snp.js +128 -90
- package/package.json +3 -2
|
Binary file
|
|
@@ -7,17 +7,44 @@ export const SNP_REPORT_DATA_SIZE: number
|
|
|
7
7
|
export const KDS_CERT_SITE: string
|
|
8
8
|
export const KDS_VCEK: string
|
|
9
9
|
export const SHA256_BUFFER_SIZE: number
|
|
10
|
+
export const ARK_MILAN_PEM: Uint8Array
|
|
11
|
+
export const ARK_GENOA_PEM: Uint8Array
|
|
12
|
+
export const ARK_TURIN_PEM: Uint8Array
|
|
13
|
+
export const ASK_MILAN_PEM: Uint8Array
|
|
14
|
+
export const ASK_GENOA_PEM: Uint8Array
|
|
15
|
+
export const ASK_TURIN_PEM: Uint8Array
|
|
16
|
+
/** Well-known AMD SEV-SNP code names as JS string enum. */
|
|
17
|
+
export enum WellKnownSnpCodeNames {
|
|
18
|
+
Milan = 'Milan',
|
|
19
|
+
Genoa = 'Genoa',
|
|
20
|
+
Turin = 'Turin'
|
|
21
|
+
}
|
|
10
22
|
export interface CpuInfo {
|
|
11
23
|
family: number
|
|
12
24
|
model: number
|
|
13
25
|
stepping: number
|
|
14
26
|
}
|
|
27
|
+
export interface ImportantSecurityFields {
|
|
28
|
+
vmpl: number
|
|
29
|
+
debugAllowed: boolean
|
|
30
|
+
ciphertextHiding: boolean
|
|
31
|
+
pageSwapDisabled: boolean
|
|
32
|
+
snp: number
|
|
33
|
+
}
|
|
34
|
+
export const IMPORTANT_SECURITY_FIELDS_DUMMY: ImportantSecurityFields
|
|
15
35
|
export declare function getSnpReport(data: Buffer, vmpl: number): Buffer
|
|
16
36
|
export declare function getVcekKdsUrl(report: Buffer, generation: string): string
|
|
17
37
|
export declare function getReportData(report: Buffer): Buffer
|
|
18
38
|
export declare function getReportMeasure(report: Buffer): Buffer
|
|
19
39
|
export declare function getReportVmpl(report: Buffer): number
|
|
20
40
|
export declare function getReportPolicy(report: Buffer): bigint
|
|
41
|
+
export declare function getReportImportantSecurityFields(report: Buffer): ImportantSecurityFields
|
|
42
|
+
export declare function getReportCpuInfo(report: Buffer): CpuInfo
|
|
43
|
+
/**
|
|
44
|
+
* Identify EPYC generation from provided CpuInfo (family/model).
|
|
45
|
+
* Returns a `WellKnownSnpCodeNames` enum for known SNP generations.
|
|
46
|
+
*/
|
|
47
|
+
export declare function getCpuGeneration(cpuInfo: CpuInfo): WellKnownSnpCodeNames
|
|
21
48
|
export declare function getCpuInfo(): CpuInfo
|
|
22
49
|
export declare function getCpuSig(cpuInfo: CpuInfo): number
|
|
23
50
|
export declare function getLogicalCoresCount(): number
|
|
@@ -310,18 +310,29 @@ if (!nativeBinding) {
|
|
|
310
310
|
throw new Error(`Failed to load native binding`)
|
|
311
311
|
}
|
|
312
312
|
|
|
313
|
-
const { SNP_REPORT_DATA_SIZE, KDS_CERT_SITE, KDS_VCEK, SHA256_BUFFER_SIZE, getSnpReport, getVcekKdsUrl, getReportData, getReportMeasure, getReportVmpl, getReportPolicy, getCpuInfo, getCpuSig, getLogicalCoresCount, calcSnpMeasure } = nativeBinding
|
|
313
|
+
const { SNP_REPORT_DATA_SIZE, KDS_CERT_SITE, KDS_VCEK, SHA256_BUFFER_SIZE, ARK_MILAN_PEM, ARK_GENOA_PEM, ARK_TURIN_PEM, ASK_MILAN_PEM, ASK_GENOA_PEM, ASK_TURIN_PEM, WellKnownSnpCodeNames, IMPORTANT_SECURITY_FIELDS_DUMMY, getSnpReport, getVcekKdsUrl, getReportData, getReportMeasure, getReportVmpl, getReportPolicy, getReportImportantSecurityFields, getReportCpuInfo, getCpuGeneration, getCpuInfo, getCpuSig, getLogicalCoresCount, calcSnpMeasure } = nativeBinding
|
|
314
314
|
|
|
315
315
|
module.exports.SNP_REPORT_DATA_SIZE = SNP_REPORT_DATA_SIZE
|
|
316
316
|
module.exports.KDS_CERT_SITE = KDS_CERT_SITE
|
|
317
317
|
module.exports.KDS_VCEK = KDS_VCEK
|
|
318
318
|
module.exports.SHA256_BUFFER_SIZE = SHA256_BUFFER_SIZE
|
|
319
|
+
module.exports.ARK_MILAN_PEM = ARK_MILAN_PEM
|
|
320
|
+
module.exports.ARK_GENOA_PEM = ARK_GENOA_PEM
|
|
321
|
+
module.exports.ARK_TURIN_PEM = ARK_TURIN_PEM
|
|
322
|
+
module.exports.ASK_MILAN_PEM = ASK_MILAN_PEM
|
|
323
|
+
module.exports.ASK_GENOA_PEM = ASK_GENOA_PEM
|
|
324
|
+
module.exports.ASK_TURIN_PEM = ASK_TURIN_PEM
|
|
325
|
+
module.exports.WellKnownSnpCodeNames = WellKnownSnpCodeNames
|
|
326
|
+
module.exports.IMPORTANT_SECURITY_FIELDS_DUMMY = IMPORTANT_SECURITY_FIELDS_DUMMY
|
|
319
327
|
module.exports.getSnpReport = getSnpReport
|
|
320
328
|
module.exports.getVcekKdsUrl = getVcekKdsUrl
|
|
321
329
|
module.exports.getReportData = getReportData
|
|
322
330
|
module.exports.getReportMeasure = getReportMeasure
|
|
323
331
|
module.exports.getReportVmpl = getReportVmpl
|
|
324
332
|
module.exports.getReportPolicy = getReportPolicy
|
|
333
|
+
module.exports.getReportImportantSecurityFields = getReportImportantSecurityFields
|
|
334
|
+
module.exports.getReportCpuInfo = getReportCpuInfo
|
|
335
|
+
module.exports.getCpuGeneration = getCpuGeneration
|
|
325
336
|
module.exports.getCpuInfo = getCpuInfo
|
|
326
337
|
module.exports.getCpuSig = getCpuSig
|
|
327
338
|
module.exports.getLogicalCoresCount = getLogicalCoresCount
|
|
Binary file
|
|
@@ -9,7 +9,7 @@ jobs:
|
|
|
9
9
|
- uses: dtolnay/rust-toolchain@stable
|
|
10
10
|
with:
|
|
11
11
|
components: rustfmt
|
|
12
|
-
toolchain: 1.
|
|
12
|
+
toolchain: 1.85.0
|
|
13
13
|
- run: cargo fmt --all -- --check
|
|
14
14
|
|
|
15
15
|
clippy-openssl:
|
|
@@ -20,7 +20,7 @@ jobs:
|
|
|
20
20
|
- uses: dtolnay/rust-toolchain@stable
|
|
21
21
|
with:
|
|
22
22
|
components: clippy
|
|
23
|
-
toolchain: 1.
|
|
23
|
+
toolchain: 1.85.0
|
|
24
24
|
- run: cargo clippy --features=openssl,hw_tests,dangerous_hw_tests --all-targets -- -D clippy::all -D unused_imports -D warnings -D clippy::style
|
|
25
25
|
|
|
26
26
|
clippy-crypto_nossl:
|
|
@@ -31,7 +31,7 @@ jobs:
|
|
|
31
31
|
- uses: dtolnay/rust-toolchain@stable
|
|
32
32
|
with:
|
|
33
33
|
components: clippy
|
|
34
|
-
toolchain: 1.
|
|
34
|
+
toolchain: 1.85.0
|
|
35
35
|
- run: cargo clippy --features=crypto_nossl,hw_tests,dangerous_hw_tests --all-targets -- -D clippy::all -D unused_imports -D warnings -D clippy::style
|
|
36
36
|
|
|
37
37
|
readme:
|
|
@@ -1,6 +1,167 @@
|
|
|
1
1
|
on: [push, pull_request]
|
|
2
2
|
name: test
|
|
3
3
|
jobs:
|
|
4
|
+
|
|
5
|
+
sw-sev-only:
|
|
6
|
+
name: sw sev only ${{ matrix.runner }} ${{ matrix.toolchain }} ${{ matrix.profile.name }} ${{ matrix.features }}
|
|
7
|
+
runs-on: ${{ matrix.runner }}
|
|
8
|
+
steps:
|
|
9
|
+
- uses: actions/checkout@v4
|
|
10
|
+
- uses: dtolnay/rust-toolchain@stable
|
|
11
|
+
with:
|
|
12
|
+
toolchain: ${{ matrix.toolchain }}
|
|
13
|
+
- run: cargo test ${{ matrix.profile.flag }} --no-default-features --features=${{ matrix.features }}
|
|
14
|
+
|
|
15
|
+
strategy:
|
|
16
|
+
fail-fast: false
|
|
17
|
+
matrix:
|
|
18
|
+
runner:
|
|
19
|
+
- ubuntu-latest
|
|
20
|
+
- macos-13
|
|
21
|
+
toolchain:
|
|
22
|
+
- 1.85.0
|
|
23
|
+
- stable
|
|
24
|
+
profile:
|
|
25
|
+
- name: debug
|
|
26
|
+
- name: release
|
|
27
|
+
flag: --release
|
|
28
|
+
features:
|
|
29
|
+
- sev
|
|
30
|
+
|
|
31
|
+
sw-sev-openssl-only:
|
|
32
|
+
name: sw sev openssl only ${{ matrix.runner }} ${{ matrix.toolchain }} ${{ matrix.profile.name }} ${{ matrix.features }}
|
|
33
|
+
runs-on: ${{ matrix.runner }}
|
|
34
|
+
steps:
|
|
35
|
+
- uses: actions/checkout@v4
|
|
36
|
+
- uses: dtolnay/rust-toolchain@stable
|
|
37
|
+
with:
|
|
38
|
+
toolchain: ${{ matrix.toolchain }}
|
|
39
|
+
- run: cargo test ${{ matrix.profile.flag }} --no-default-features --features=${{ matrix.features }}
|
|
40
|
+
|
|
41
|
+
strategy:
|
|
42
|
+
fail-fast: false
|
|
43
|
+
matrix:
|
|
44
|
+
runner:
|
|
45
|
+
- ubuntu-latest
|
|
46
|
+
- macos-13
|
|
47
|
+
toolchain:
|
|
48
|
+
- 1.85.0
|
|
49
|
+
- stable
|
|
50
|
+
profile:
|
|
51
|
+
- name: debug
|
|
52
|
+
- name: release
|
|
53
|
+
flag: --release
|
|
54
|
+
features:
|
|
55
|
+
- sev
|
|
56
|
+
- openssl
|
|
57
|
+
|
|
58
|
+
sw-sev-crypto_nossl-only:
|
|
59
|
+
name: sw sev crypto_nossl only ${{ matrix.runner }} ${{ matrix.toolchain }} ${{ matrix.profile.name }} ${{ matrix.features }}
|
|
60
|
+
runs-on: ${{ matrix.runner }}
|
|
61
|
+
steps:
|
|
62
|
+
- uses: actions/checkout@v4
|
|
63
|
+
- uses: dtolnay/rust-toolchain@stable
|
|
64
|
+
with:
|
|
65
|
+
toolchain: ${{ matrix.toolchain }}
|
|
66
|
+
- run: cargo test ${{ matrix.profile.flag }} --no-default-features --features=${{ matrix.features }}
|
|
67
|
+
strategy:
|
|
68
|
+
fail-fast: false
|
|
69
|
+
matrix:
|
|
70
|
+
runner:
|
|
71
|
+
- ubuntu-latest
|
|
72
|
+
- macos-13
|
|
73
|
+
- windows-latest
|
|
74
|
+
toolchain:
|
|
75
|
+
- 1.85.0
|
|
76
|
+
- stable
|
|
77
|
+
profile:
|
|
78
|
+
- name: debug
|
|
79
|
+
- name: release
|
|
80
|
+
flag: --release
|
|
81
|
+
features:
|
|
82
|
+
- sev
|
|
83
|
+
- crypto_nossl
|
|
84
|
+
|
|
85
|
+
sw-snp-only:
|
|
86
|
+
name: sw snp-only ${{ matrix.runner }} ${{ matrix.toolchain }} ${{ matrix.profile.name }} ${{ matrix.features }}
|
|
87
|
+
runs-on: ${{ matrix.runner }}
|
|
88
|
+
steps:
|
|
89
|
+
- uses: actions/checkout@v4
|
|
90
|
+
- uses: dtolnay/rust-toolchain@stable
|
|
91
|
+
with:
|
|
92
|
+
toolchain: ${{ matrix.toolchain }}
|
|
93
|
+
- run: cargo test ${{ matrix.profile.flag }} --no-default-features --features=${{ matrix.features }}
|
|
94
|
+
|
|
95
|
+
strategy:
|
|
96
|
+
fail-fast: false
|
|
97
|
+
matrix:
|
|
98
|
+
runner:
|
|
99
|
+
- ubuntu-latest
|
|
100
|
+
- macos-13
|
|
101
|
+
toolchain:
|
|
102
|
+
- 1.85.0
|
|
103
|
+
- stable
|
|
104
|
+
profile:
|
|
105
|
+
- name: debug
|
|
106
|
+
- name: release
|
|
107
|
+
flag: --release
|
|
108
|
+
features:
|
|
109
|
+
- snp
|
|
110
|
+
|
|
111
|
+
sw-snp-openssl-only:
|
|
112
|
+
name: sw snp openssl only ${{ matrix.runner }} ${{ matrix.toolchain }} ${{ matrix.profile.name }} ${{ matrix.features }}
|
|
113
|
+
runs-on: ${{ matrix.runner }}
|
|
114
|
+
steps:
|
|
115
|
+
- uses: actions/checkout@v4
|
|
116
|
+
- uses: dtolnay/rust-toolchain@stable
|
|
117
|
+
with:
|
|
118
|
+
toolchain: ${{ matrix.toolchain }}
|
|
119
|
+
- run: cargo test ${{ matrix.profile.flag }} --no-default-features --features=${{ matrix.features }}
|
|
120
|
+
|
|
121
|
+
strategy:
|
|
122
|
+
fail-fast: false
|
|
123
|
+
matrix:
|
|
124
|
+
runner:
|
|
125
|
+
- ubuntu-latest
|
|
126
|
+
- macos-13
|
|
127
|
+
toolchain:
|
|
128
|
+
- 1.85.0
|
|
129
|
+
- stable
|
|
130
|
+
profile:
|
|
131
|
+
- name: debug
|
|
132
|
+
- name: release
|
|
133
|
+
flag: --release
|
|
134
|
+
features:
|
|
135
|
+
- snp
|
|
136
|
+
- openssl
|
|
137
|
+
|
|
138
|
+
sw-snp-crypto_nossl-only:
|
|
139
|
+
name: sw snp crypto_nossl only ${{ matrix.runner }} ${{ matrix.toolchain }} ${{ matrix.profile.name }} ${{ matrix.features }}
|
|
140
|
+
runs-on: ${{ matrix.runner }}
|
|
141
|
+
steps:
|
|
142
|
+
- uses: actions/checkout@v4
|
|
143
|
+
- uses: dtolnay/rust-toolchain@stable
|
|
144
|
+
with:
|
|
145
|
+
toolchain: ${{ matrix.toolchain }}
|
|
146
|
+
- run: cargo test ${{ matrix.profile.flag }} --no-default-features --features=${{ matrix.features }}
|
|
147
|
+
strategy:
|
|
148
|
+
fail-fast: false
|
|
149
|
+
matrix:
|
|
150
|
+
runner:
|
|
151
|
+
- ubuntu-latest
|
|
152
|
+
- macos-13
|
|
153
|
+
- windows-latest
|
|
154
|
+
toolchain:
|
|
155
|
+
- 1.85.0
|
|
156
|
+
- stable
|
|
157
|
+
profile:
|
|
158
|
+
- name: debug
|
|
159
|
+
- name: release
|
|
160
|
+
flag: --release
|
|
161
|
+
features:
|
|
162
|
+
- snp
|
|
163
|
+
- crypto_nossl
|
|
164
|
+
|
|
4
165
|
sw-openssl:
|
|
5
166
|
name: sw openssl ${{ matrix.runner }} ${{ matrix.toolchain }} ${{ matrix.profile.name }} ${{ matrix.features }}
|
|
6
167
|
runs-on: ${{ matrix.runner }}
|
|
@@ -18,7 +179,7 @@ jobs:
|
|
|
18
179
|
- ubuntu-latest
|
|
19
180
|
- macos-13
|
|
20
181
|
toolchain:
|
|
21
|
-
- 1.
|
|
182
|
+
- 1.85.0
|
|
22
183
|
- stable
|
|
23
184
|
profile:
|
|
24
185
|
- name: debug
|
|
@@ -44,7 +205,7 @@ jobs:
|
|
|
44
205
|
- macos-13
|
|
45
206
|
- windows-latest
|
|
46
207
|
toolchain:
|
|
47
|
-
- 1.
|
|
208
|
+
- 1.85.0
|
|
48
209
|
- stable
|
|
49
210
|
profile:
|
|
50
211
|
- name: debug
|