@super-protocol/addons-tee 1.1.2 → 1.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bindings/go-tdx-attest-wrapper/go-tdx-attest-wrapper +0 -0
- package/bindings/utils/virtee/libsev.so +0 -0
- package/bindings/utils/virtee/snpguest +0 -0
- package/package.json +1 -1
- package/bindings/go-tdx-attest-wrapper/.gitignore +0 -8
- package/bindings/go-tdx-attest-wrapper/go.mod +0 -18
- package/bindings/go-tdx-attest-wrapper/go.sum +0 -29
- package/bindings/go-tdx-attest-wrapper/main.go +0 -246
|
Binary file
|
|
Binary file
|
|
Binary file
|
package/package.json
CHANGED
|
@@ -1,18 +0,0 @@
|
|
|
1
|
-
module github.com/super-protocol/sp-nodejs-addons/tee-addon/bindings/go-tdx-attest-wrapper
|
|
2
|
-
|
|
3
|
-
go 1.22
|
|
4
|
-
|
|
5
|
-
require (
|
|
6
|
-
github.com/google/go-eventlog v0.0.2
|
|
7
|
-
github.com/google/go-tdx-guest v0.3.1
|
|
8
|
-
)
|
|
9
|
-
|
|
10
|
-
require (
|
|
11
|
-
github.com/google/go-configfs-tsm v0.2.2 // indirect
|
|
12
|
-
github.com/google/go-tpm v0.9.0 // indirect
|
|
13
|
-
github.com/google/logger v1.1.1 // indirect
|
|
14
|
-
go.uber.org/multierr v1.11.0 // indirect
|
|
15
|
-
golang.org/x/crypto v0.17.0 // indirect
|
|
16
|
-
golang.org/x/sys v0.19.0 // indirect
|
|
17
|
-
google.golang.org/protobuf v1.34.2 // indirect
|
|
18
|
-
)
|
|
@@ -1,29 +0,0 @@
|
|
|
1
|
-
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
|
2
|
-
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
|
3
|
-
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
|
|
4
|
-
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
|
5
|
-
github.com/google/go-configfs-tsm v0.2.2 h1:YnJ9rXIOj5BYD7/0DNnzs8AOp7UcvjfTvt215EWcs98=
|
|
6
|
-
github.com/google/go-configfs-tsm v0.2.2/go.mod h1:EL1GTDFMb5PZQWDviGfZV9n87WeGTR/JUg13RfwkgRo=
|
|
7
|
-
github.com/google/go-eventlog v0.0.2 h1:Q3XESKw1xuO7+U37PmFGmteQqprL8U5/linAiuy3oIY=
|
|
8
|
-
github.com/google/go-eventlog v0.0.2/go.mod h1:7huE5P8w2NTObSwSJjboHmB7ioBNblkijdzoVa2skfQ=
|
|
9
|
-
github.com/google/go-tdx-guest v0.3.1 h1:gl0KvjdsD4RrJzyLefDOvFOUH3NAJri/3qvaL5m83Iw=
|
|
10
|
-
github.com/google/go-tdx-guest v0.3.1/go.mod h1:/rc3d7rnPykOPuY8U9saMyEps0PZDThLk/RygXm04nE=
|
|
11
|
-
github.com/google/go-tpm v0.9.0 h1:sQF6YqWMi+SCXpsmS3fd21oPy/vSddwZry4JnmltHVk=
|
|
12
|
-
github.com/google/go-tpm v0.9.0/go.mod h1:FkNVkc6C+IsvDI9Jw1OveJmxGZUUaKxtrpOS47QWKfU=
|
|
13
|
-
github.com/google/logger v1.1.1 h1:+6Z2geNxc9G+4D4oDO9njjjn2d0wN5d7uOo0vOIW1NQ=
|
|
14
|
-
github.com/google/logger v1.1.1/go.mod h1:BkeJZ+1FhQ+/d087r4dzojEg1u2ZX+ZqG1jTUrLM+zQ=
|
|
15
|
-
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
|
16
|
-
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
|
17
|
-
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
|
|
18
|
-
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
|
19
|
-
go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
|
|
20
|
-
go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
|
|
21
|
-
golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
|
|
22
|
-
golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
|
|
23
|
-
golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
|
24
|
-
golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
|
|
25
|
-
golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
|
26
|
-
google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
|
|
27
|
-
google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
|
|
28
|
-
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
|
|
29
|
-
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
|
@@ -1,246 +0,0 @@
|
|
|
1
|
-
package main
|
|
2
|
-
|
|
3
|
-
import (
|
|
4
|
-
"encoding/base64"
|
|
5
|
-
"encoding/hex"
|
|
6
|
-
"encoding/json"
|
|
7
|
-
"errors"
|
|
8
|
-
"flag"
|
|
9
|
-
"fmt"
|
|
10
|
-
"io"
|
|
11
|
-
"os"
|
|
12
|
-
"strings"
|
|
13
|
-
|
|
14
|
-
"github.com/google/go-tdx-guest/abi"
|
|
15
|
-
"github.com/google/go-eventlog/register"
|
|
16
|
-
"github.com/google/go-eventlog/tcg"
|
|
17
|
-
"github.com/google/go-tdx-guest/client"
|
|
18
|
-
pb "github.com/google/go-tdx-guest/proto/tdx"
|
|
19
|
-
)
|
|
20
|
-
|
|
21
|
-
const (
|
|
22
|
-
defaultCCELEventLogPath = "/sys/firmware/acpi/tables/data/CCEL"
|
|
23
|
-
rtmr0MRIndex = 1
|
|
24
|
-
)
|
|
25
|
-
|
|
26
|
-
type eventRecord struct {
|
|
27
|
-
Type string `json:"type"`
|
|
28
|
-
Digest string `json:"digest"`
|
|
29
|
-
}
|
|
30
|
-
|
|
31
|
-
type outputPayload struct {
|
|
32
|
-
Quote string `json:"quote"`
|
|
33
|
-
EventLog []eventRecord `json:"eventLog"`
|
|
34
|
-
}
|
|
35
|
-
|
|
36
|
-
type parsedQuotePayload struct {
|
|
37
|
-
ReportData string `json:"reportData"`
|
|
38
|
-
TDAttributes string `json:"tdattributes"`
|
|
39
|
-
MRTD string `json:"mrtd"`
|
|
40
|
-
RTMR0 string `json:"rtmr0"`
|
|
41
|
-
RTMR1 string `json:"rtmr1"`
|
|
42
|
-
RTMR2 string `json:"rtmr2"`
|
|
43
|
-
RTMR3 string `json:"rtmr3"`
|
|
44
|
-
}
|
|
45
|
-
|
|
46
|
-
func main() {
|
|
47
|
-
if err := run(); err != nil {
|
|
48
|
-
fmt.Fprintf(os.Stderr, "error: %v\n", err)
|
|
49
|
-
os.Exit(1)
|
|
50
|
-
}
|
|
51
|
-
}
|
|
52
|
-
|
|
53
|
-
func run() error {
|
|
54
|
-
if len(os.Args) < 2 {
|
|
55
|
-
return usageError("missing subcommand: expected 'attest' or 'parse-quote'")
|
|
56
|
-
}
|
|
57
|
-
|
|
58
|
-
switch os.Args[1] {
|
|
59
|
-
case "attest":
|
|
60
|
-
return runAttest(os.Args[2:])
|
|
61
|
-
case "parse-quote":
|
|
62
|
-
return runParseQuote(os.Args[2:])
|
|
63
|
-
default:
|
|
64
|
-
return usageError(fmt.Sprintf("unknown subcommand %q: expected 'attest' or 'parse-quote'", os.Args[1]))
|
|
65
|
-
}
|
|
66
|
-
}
|
|
67
|
-
|
|
68
|
-
func runAttest(args []string) error {
|
|
69
|
-
fs := newFlagSet("attest")
|
|
70
|
-
reportDataHex := fs.String("report-data", "", "hex-encoded report data, up to 64 bytes")
|
|
71
|
-
outputPath := fs.String("output", "", "write JSON output to file")
|
|
72
|
-
ccelEventLogPath := fs.String("ccel-event-log", defaultCCELEventLogPath, "path to CCEL event log data")
|
|
73
|
-
if err := fs.Parse(args); err != nil {
|
|
74
|
-
return err
|
|
75
|
-
}
|
|
76
|
-
|
|
77
|
-
if *reportDataHex == "" {
|
|
78
|
-
return errors.New("missing required flag --report-data")
|
|
79
|
-
}
|
|
80
|
-
if *outputPath == "" {
|
|
81
|
-
return errors.New("missing required flag --output")
|
|
82
|
-
}
|
|
83
|
-
|
|
84
|
-
reportData, err := decodeReportData(*reportDataHex)
|
|
85
|
-
if err != nil {
|
|
86
|
-
return fmt.Errorf("decode report data: %w", err)
|
|
87
|
-
}
|
|
88
|
-
|
|
89
|
-
quoteProvider, err := client.GetQuoteProvider()
|
|
90
|
-
if err != nil {
|
|
91
|
-
return fmt.Errorf("get quote provider: %w", err)
|
|
92
|
-
}
|
|
93
|
-
|
|
94
|
-
rawQuote, err := client.GetRawQuote(quoteProvider, reportData)
|
|
95
|
-
if err != nil {
|
|
96
|
-
return fmt.Errorf("get TDX quote: %w", err)
|
|
97
|
-
}
|
|
98
|
-
|
|
99
|
-
events, err := readRTMR0Events(*ccelEventLogPath)
|
|
100
|
-
if err != nil {
|
|
101
|
-
return err
|
|
102
|
-
}
|
|
103
|
-
|
|
104
|
-
payload := outputPayload{
|
|
105
|
-
Quote: base64.StdEncoding.EncodeToString(rawQuote),
|
|
106
|
-
EventLog: events,
|
|
107
|
-
}
|
|
108
|
-
|
|
109
|
-
return writeJSON(*outputPath, payload)
|
|
110
|
-
}
|
|
111
|
-
|
|
112
|
-
func runParseQuote(args []string) error {
|
|
113
|
-
fs := newFlagSet("parse-quote")
|
|
114
|
-
quotePath := fs.String("quote-file", "", "path to a raw TDX quote file")
|
|
115
|
-
outputPath := fs.String("output", "", "write JSON output to file")
|
|
116
|
-
if err := fs.Parse(args); err != nil {
|
|
117
|
-
return err
|
|
118
|
-
}
|
|
119
|
-
|
|
120
|
-
if *quotePath == "" {
|
|
121
|
-
return errors.New("missing required flag --quote-file")
|
|
122
|
-
}
|
|
123
|
-
if *outputPath == "" {
|
|
124
|
-
return errors.New("missing required flag --output")
|
|
125
|
-
}
|
|
126
|
-
|
|
127
|
-
rawQuote, err := os.ReadFile(*quotePath)
|
|
128
|
-
if err != nil {
|
|
129
|
-
return fmt.Errorf("read quote file %q: %w", *quotePath, err)
|
|
130
|
-
}
|
|
131
|
-
|
|
132
|
-
payload, err := parseQuote(rawQuote)
|
|
133
|
-
if err != nil {
|
|
134
|
-
return err
|
|
135
|
-
}
|
|
136
|
-
|
|
137
|
-
return writeJSON(*outputPath, payload)
|
|
138
|
-
}
|
|
139
|
-
|
|
140
|
-
func newFlagSet(name string) *flag.FlagSet {
|
|
141
|
-
fs := flag.NewFlagSet(name, flag.ContinueOnError)
|
|
142
|
-
fs.SetOutput(io.Discard)
|
|
143
|
-
return fs
|
|
144
|
-
}
|
|
145
|
-
|
|
146
|
-
func writeJSON(outputPath string, payload any) error {
|
|
147
|
-
jsonData, err := json.MarshalIndent(payload, "", " ")
|
|
148
|
-
if err != nil {
|
|
149
|
-
return fmt.Errorf("marshal JSON: %w", err)
|
|
150
|
-
}
|
|
151
|
-
|
|
152
|
-
if err := os.WriteFile(outputPath, append(jsonData, '\n'), 0o644); err != nil {
|
|
153
|
-
return fmt.Errorf("write output file %q: %w", outputPath, err)
|
|
154
|
-
}
|
|
155
|
-
|
|
156
|
-
return nil
|
|
157
|
-
}
|
|
158
|
-
|
|
159
|
-
func parseQuote(rawQuote []byte) (parsedQuotePayload, error) {
|
|
160
|
-
anyQuote, err := abi.QuoteToProto(rawQuote)
|
|
161
|
-
if err != nil {
|
|
162
|
-
return parsedQuotePayload{}, fmt.Errorf("parse quote: %w", err)
|
|
163
|
-
}
|
|
164
|
-
|
|
165
|
-
switch quote := anyQuote.(type) {
|
|
166
|
-
case *pb.QuoteV4:
|
|
167
|
-
tdQuoteBody := quote.GetTdQuoteBody()
|
|
168
|
-
if tdQuoteBody == nil {
|
|
169
|
-
return parsedQuotePayload{}, errors.New("parse quote: missing TD quote body")
|
|
170
|
-
}
|
|
171
|
-
|
|
172
|
-
rtmrs := tdQuoteBody.GetRtmrs()
|
|
173
|
-
if len(rtmrs) != 4 {
|
|
174
|
-
return parsedQuotePayload{}, fmt.Errorf("parse quote: expected exactly 4 RTMRs, got %d", len(rtmrs))
|
|
175
|
-
}
|
|
176
|
-
|
|
177
|
-
return parsedQuotePayload{
|
|
178
|
-
ReportData: hex.EncodeToString(tdQuoteBody.GetReportData()),
|
|
179
|
-
TDAttributes: hex.EncodeToString(tdQuoteBody.GetTdAttributes()),
|
|
180
|
-
MRTD: hex.EncodeToString(tdQuoteBody.GetMrTd()),
|
|
181
|
-
RTMR0: hex.EncodeToString(rtmrs[0]),
|
|
182
|
-
RTMR1: hex.EncodeToString(rtmrs[1]),
|
|
183
|
-
RTMR2: hex.EncodeToString(rtmrs[2]),
|
|
184
|
-
RTMR3: hex.EncodeToString(rtmrs[3]),
|
|
185
|
-
}, nil
|
|
186
|
-
default:
|
|
187
|
-
return parsedQuotePayload{}, fmt.Errorf("parse quote: unsupported quote type %T", anyQuote)
|
|
188
|
-
}
|
|
189
|
-
}
|
|
190
|
-
|
|
191
|
-
func usageError(message string) error {
|
|
192
|
-
return fmt.Errorf("%s\nusage:\n %s attest --report-data <hex> --output <file> [--ccel-event-log <path>]\n %s parse-quote --quote-file <path> --output <file>", message, os.Args[0], os.Args[0])
|
|
193
|
-
}
|
|
194
|
-
|
|
195
|
-
func decodeReportData(raw string) ([64]byte, error) {
|
|
196
|
-
var reportData [64]byte
|
|
197
|
-
|
|
198
|
-
normalized := strings.TrimSpace(raw)
|
|
199
|
-
normalized = strings.TrimPrefix(normalized, "0x")
|
|
200
|
-
normalized = strings.TrimPrefix(normalized, "0X")
|
|
201
|
-
|
|
202
|
-
decoded, err := hex.DecodeString(normalized)
|
|
203
|
-
if err != nil {
|
|
204
|
-
return reportData, err
|
|
205
|
-
}
|
|
206
|
-
if len(decoded) > len(reportData) {
|
|
207
|
-
return reportData, fmt.Errorf("report data is %d bytes, exceeds 64 bytes", len(decoded))
|
|
208
|
-
}
|
|
209
|
-
|
|
210
|
-
copy(reportData[:], decoded)
|
|
211
|
-
return reportData, nil
|
|
212
|
-
}
|
|
213
|
-
|
|
214
|
-
func readRTMR0Events(eventLogPath string) ([]eventRecord, error) {
|
|
215
|
-
eventLogData, err := os.ReadFile(eventLogPath)
|
|
216
|
-
if err != nil {
|
|
217
|
-
return nil, fmt.Errorf("read CCEL event log %q: %w", eventLogPath, err)
|
|
218
|
-
}
|
|
219
|
-
|
|
220
|
-
eventLog, err := tcg.ParseEventLog(eventLogData, tcg.ParseOpts{AllowPadding: true})
|
|
221
|
-
if err != nil {
|
|
222
|
-
return nil, fmt.Errorf("parse CCEL event log %q: %w", eventLogPath, err)
|
|
223
|
-
}
|
|
224
|
-
|
|
225
|
-
records := make([]eventRecord, 0)
|
|
226
|
-
for _, event := range eventLog.Events(register.HashSHA384) {
|
|
227
|
-
if event.MRIndex() != rtmr0MRIndex {
|
|
228
|
-
continue
|
|
229
|
-
}
|
|
230
|
-
|
|
231
|
-
records = append(records, eventRecord{
|
|
232
|
-
Type: eventTypeTCGString(event.UntrustedType()),
|
|
233
|
-
Digest: hex.EncodeToString(event.ReplayedDigest()),
|
|
234
|
-
})
|
|
235
|
-
}
|
|
236
|
-
|
|
237
|
-
return records, nil
|
|
238
|
-
}
|
|
239
|
-
|
|
240
|
-
func eventTypeTCGString(eventType any) string {
|
|
241
|
-
if typed, ok := eventType.(interface{ TCGString() string }); ok {
|
|
242
|
-
return typed.TCGString()
|
|
243
|
-
}
|
|
244
|
-
|
|
245
|
-
return fmt.Sprintf("%v", eventType)
|
|
246
|
-
}
|