@super-protocol/addons-tee 2.0.0 → 2.0.1

package/dist/sgx-native-module/dcap-quote-verify.service.js

@@ -0,0 +1,84 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DcapQuoteVerifyService = void 0;
+const { SgxAttestationVerifier } = require("../../bindings/sgx-native/build/Release/sgx_native.node");
+const consts_1 = require("./consts");
+const errors_1 = require("./errors");
+const p_queue_1 = __importDefault(require("p-queue"));
+const fs_1 = require("fs");
+class DcapQuoteVerifyService {
+    constructor() {
+        this.quoteVerifier = new SgxAttestationVerifier();
+    }
+    async extractQuoteFromCert(pemOrDerCert) {
+        if (!pemOrDerCert?.length) {
+            throw new errors_1.AttestationDcapQuoteVerifyEnclaveError("empty certificate");
+        }
+        return this.quoteVerifier.extractQuoteFromCert(pemOrDerCert);
+    }
+    async validateQuoteVerifierEnclave(quote, checkSecurity) {
+        checkSecurity = checkSecurity ?? false;
+        if (!quote?.length) {
+            throw new errors_1.AttestationDcapQuoteVerifyEnclaveError("empty quote");
+        }
+        const verifyResult = this.quoteVerifier.verifyQuoteDcap(quote);
+        if (checkSecurity && verifyResult.smtEnabled === consts_1.PckFlag.PCK_FLAG_TRUE) {
+            throw new errors_1.QuoteSecurityValidationError(verifyResult);
+        }
+        if (verifyResult.verificationResult !== 0) {
+            throw new errors_1.QuoteValidationError(verifyResult.verificationResult);
+        }
+    }
+    async generateTDXQuote(userData) {
+        return this.quoteVerifier.generateTDXQuote(userData);
+    }
+    async validateMode() {
+        if (DcapQuoteVerifyService.isInGramineMode) {
+            return;
+        }
+        try {
+            await DcapQuoteVerifyService.executeLikeWithMutex.add(async () => {
+                await fs_1.promises.access("/dev/attestation/quote");
+                DcapQuoteVerifyService.isInGramineMode = true;
+            });
+        }
+        catch (error) {
+            throw new errors_1.QuoteGenerationError(`invalid running mode, is it run in gramine / gramine? - ${error}`);
+        }
+    }
+    async generateSGXQuote(userData) {
+        if (!Buffer.isBuffer(userData)) {
+            throw new Error("userData must be a Buffer");
+        }
+        if (userData.length === 0) {
+            throw new Error("userData cannot be empty");
+        }
+        await this.validateMode();
+        let result = Buffer.alloc(0);
+        await DcapQuoteVerifyService.executeLikeWithMutex.add(async () => {
+            try {
+                await fs_1.promises.writeFile("/dev/attestation/user_report_data", Buffer.concat([userData, Buffer.alloc(64)]).slice(0, 64));
+                result = await fs_1.promises.readFile("/dev/attestation/quote");
+                if (result.length === 0) {
+                    throw new errors_1.QuoteGenerationError("Generated quote is empty");
+                }
+            }
+            catch (error) {
+                if (error instanceof Error) {
+                    throw new errors_1.QuoteGenerationError(`Failed to generate quote: ${error.message}`);
+                }
+                else {
+                    throw new errors_1.QuoteGenerationError("Failed to generate quote: unknown error");
+                }
+            }
+        });
+        return result;
+    }
+}
+exports.DcapQuoteVerifyService = DcapQuoteVerifyService;
+DcapQuoteVerifyService.isInGramineMode = false;
+DcapQuoteVerifyService.executeLikeWithMutex = new p_queue_1.default({ concurrency: 1 });
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZGNhcC1xdW90ZS12ZXJpZnkuc2VydmljZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9zZ3gtbmF0aXZlLW1vZHVsZS9kY2FwLXF1b3RlLXZlcmlmeS5zZXJ2aWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7OztBQUFBLE1BQU0sRUFBRSxzQkFBc0IsRUFBRSxHQUFHLE9BQU8sQ0FBQyx5REFBeUQsQ0FBQyxDQUFDO0FBQ3RHLHFDQUFnRTtBQUNoRSxxQ0FLa0I7QUFDbEIsc0RBQTRCO0FBQzVCLDJCQUE4QjtBQVE5QixNQUFhLHNCQUFzQjtJQUsvQjtRQUNJLElBQUksQ0FBQyxhQUFhLEdBQUcsSUFBSSxzQkFBc0IsRUFBRSxDQUFDO0lBQ3RELENBQUM7SUFFRCxLQUFLLENBQUMsb0JBQW9CLENBQUMsWUFBb0I7UUFDM0MsSUFBSSxDQUFDLFlBQVksRUFBRSxNQUFNLEVBQUUsQ0FBQztZQUN4QixNQUFNLElBQUksK0NBQXNDLENBQUMsbUJBQW1CLENBQUMsQ0FBQztRQUMxRSxDQUFDO1FBRUQsT0FBTyxJQUFJLENBQUMsYUFBYSxDQUFDLG9CQUFvQixDQUFDLFlBQVksQ0FBQyxDQUFDO0lBQ2pFLENBQUM7SUFFRCxLQUFLLENBQUMsNEJBQTRCLENBQUMsS0FBYSxFQUFFLGFBQXVCO1FBQ3JFLGFBQWEsR0FBRyxhQUFhLElBQUksS0FBSyxDQUFDO1FBRXZDLElBQUksQ0FBQyxLQUFLLEVBQUUsTUFBTSxFQUFFLENBQUM7WUFDakIsTUFBTSxJQUFJLCtDQUFzQyxDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQ3BFLENBQUM7UUFFRCxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsYUFBYSxDQUFDLGVBQWUsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUMvRCxJQUFJLGFBQWEsSUFBSSxZQUFZLENBQUMsVUFBVSxLQUFLLGdCQUFPLENBQUMsYUFBYSxFQUFFLENBQUM7WUFDckUsTUFBTSxJQUFJLHFDQUE0QixDQUFDLFlBQVksQ0FBQyxDQUFDO1FBQ3pELENBQUM7UUFDRCxJQUFJLFlBQVksQ0FBQyxrQkFBa0IsS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUN4QyxNQUFNLElBQUksNkJBQW9CLENBQUMsWUFBWSxDQUFDLGtCQUFrQixDQUFDLENBQUM7UUFDcEUsQ0FBQztJQUNMLENBQUM7SUFFRCxLQUFLLENBQUMsZ0JBQWdCLENBQUMsUUFBZ0I7UUFDbkMsT0FBTyxJQUFJLENBQUMsYUFBYSxDQUFDLGdCQUFnQixDQUFDLFFBQVEsQ0FBQyxDQUFDO0lBQ3pELENBQUM7SUFFTyxLQUFLLENBQUMsWUFBWTtRQUN0QixJQUFJLHNCQUFzQixDQUFDLGVBQWUsRUFBRSxDQUFDO1lBQ3pDLE9BQU87UUFDWCxDQUFDO1FBRUQsSUFBSSxDQUFDO1lBQ0QsTUFBTSxzQkFBc0IsQ0FBQyxvQkFBb0IsQ0FBQyxHQUFHLENBQUMsS0FBSyxJQUFJLEVBQUU7Z0JBQzdELE1BQU0sYUFBUSxDQUFDLE1BQU0sQ0FBQyx3QkFBd0IsQ0FBQyxDQUFDO2dCQUNoRCxzQkFBc0IsQ0FBQyxlQUFlLEdBQUcsSUFBSSxDQUFDO1lBQ2xELENBQUMsQ0FBQyxDQUFDO1FBQ1AsQ0FBQztRQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7WUFDYixNQUFNLElBQUksNkJBQW9CLENBQUMsMkRBQTJELEtBQUssRUFBRSxDQUFDLENBQUM7UUFDdkcsQ0FBQztJQUNMLENBQUM7SUFFRCxLQUFLLENBQUMsZ0JBQWdCLENBQUMsUUFBZ0I7UUFDbkMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQztZQUM3QixNQUFNLElBQUksS0FBSyxDQUFDLDJCQUEyQixDQUFDLENBQUM7UUFDakQsQ0FBQztRQUNELElBQUksUUFBUSxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUN4QixNQUFNLElBQUksS0FBSyxDQUFDLDBCQUEwQixDQUFDLENBQUM7UUFDaEQsQ0FBQztRQUVELE1BQU0sSUFBSSxDQUFDLFlBQVksRUFBRSxDQUFDO1FBRTFCLElBQUksTUFBTSxHQUFHLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFFN0IsTUFBTSxzQkFBc0IsQ0FBQyxvQkFBb0IsQ0FBQyxHQUFHLENBQUMsS0FBSyxJQUFJLEVBQUU7WUFDN0QsSUFBSSxDQUFDO2dCQUNELE1BQU0sYUFBUSxDQUFDLFNBQVMsQ0FDcEIsbUNBQW1DLEVBQ25DLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQyxRQUFRLEVBQUUsTUFBTSxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FDM0QsQ0FBQztnQkFDRixNQUFNLEdBQUcsTUFBTSxhQUFRLENBQUMsUUFBUSxDQUFDLHdCQUF3QixDQUFDLENBQUM7Z0JBQzNELElBQUksTUFBTSxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztvQkFDdEIsTUFBTSxJQUFJLDZCQUFvQixDQUFDLDBCQUEwQixDQUFDLENBQUM7Z0JBQy9ELENBQUM7WUFDTCxDQUFDO1lBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztnQkFDYixJQUFJLEtBQUssWUFBWSxLQUFLLEVBQUUsQ0FBQztvQkFDekIsTUFBTSxJQUFJLDZCQUFvQixDQUFDLDZCQUE2QixLQUFLLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztnQkFDakYsQ0FBQztxQkFBTSxDQUFDO29CQUNKLE1BQU0sSUFBSSw2QkFBb0IsQ0FBQyx5Q0FBeUMsQ0FBQyxDQUFDO2dCQUM5RSxDQUFDO1lBQ0wsQ0FBQztRQUNMLENBQUMsQ0FBQyxDQUFDO1FBRUgsT0FBTyxNQUFNLENBQUM7SUFDbEIsQ0FBQzs7QUFwRkwsd0RBcUZDO0FBbkZrQixzQ0FBZSxHQUFHLEtBQUssQ0FBQztBQUN4QiwyQ0FBb0IsR0FBRyxJQUFJLGlCQUFLLENBQUMsRUFBRSxXQUFXLEVBQUUsQ0FBQyxFQUFFLENBQUMsQ0FBQyJ9

package/dist/sgx-native-module/enclave.service.d.ts

@@ -0,0 +1,93 @@
+/// <reference types="node" />
+/// <reference types="node" />
+import { Readable } from "stream";
+import { KeyType, KeyPolicy } from "./consts";
+export type TeeDeviceInfoType = {
+    cpus: Array<{
+        vendorId: string;
+        cpuFamily: number;
+        model: number;
+        modelName: string;
+        physicalCores: number;
+        logicalCores: number;
+        baseFreq: number;
+        maxFreq: number;
+    }>;
+    memSize: number;
+    totalPhysicalCores: number;
+    totalLogicalCores: number;
+};
+export type TeeRunCpuBenchmarkType = {
+    cpuScore: number;
+    cpuBenchmark: string;
+    cpuCoresCount: number;
+};
+export type TeeRunMemoryBenchmarkType = {
+    memBandwidth: number;
+    memСonfirmedSize: number;
+};
+export type TeeGetKeyResult = {
+    key: Buffer;
+    request: Buffer;
+};
+export declare class EnclaveService {
+    private readonly tmpFolder;
+    private readonly sgx;
+    constructor(tmpFolder?: string);
+    /**
+     * Requests secret keys from cpu.
+     * @param type Value from enum @type KeyType
+     * @param policy Value from enum @type KeyPolicy
+     * @param previousRequest Request, for example received in a previous call to this method,
+     *                        can be undefined - this way a new request will be generated
+     * @returns Key and request, generated by method.
+     */
+    getSecretKey(type: KeyType, policy: KeyPolicy, previousRequest?: Buffer): Promise<TeeGetKeyResult>;
+    /**
+     * Determines whether the request to obtain the key is outdated, for example, cpu_svn or isv_svn were updated
+     * @param previousRequest - Key Request
+     * @returns True if the request is outdated, false - the request is up to date
+     */
+    isOutdatedRequest(previousRequest: Buffer): Promise<boolean>;
+    /**
+     * Returns TEE device information.
+     * @returns
+     */
+    getTeeDeviceInfo(): Promise<TeeDeviceInfoType>;
+    /**
+     * Returns TEE cpu benchmark.
+     * @param deviceInfoMemSize
+     * @returns
+     */
+    getTeeDeviceCpuBenchmark(deviceInfoMemSize: number): Promise<TeeRunCpuBenchmarkType>;
+    /**
+     * Returns TEE memory benchmark.
+     * @param deviceInfoTotalPhysicalCores
+     * @returns
+     */
+    getTeeDeviceMemoryBenchmark(deviceInfoTotalPhysicalCores: number): Promise<TeeRunMemoryBenchmarkType>;
+    /**
+     * Writes input stream to the protected file.
+     * @param inputStream
+     * @param outputStream
+     * @param filepath
+     * @param secretKey
+     */
+    writeGramineProtectedFile(filepath: string, inputStream: Readable, secretKey: Buffer): Promise<{
+        writtenSize: number;
+        filesize: number;
+        filepath: string;
+    }>;
+    /**
+     * Reads protected file and write to output stream.
+     * @param filepath
+     * @param inputStream
+     * @param outputStream
+     * @param secretKey
+     */
+    readGramineProtectedFile(filepath: string, inputStream: Readable, secretKey: Buffer): Promise<{
+        fileStream: Readable;
+        filesize: number;
+        filepath: string;
+    }>;
+}

package/dist/sgx-native-module/enclave.service.js

@@ -0,0 +1,211 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EnclaveService = void 0;
+const { SgxLowLevel, GramineProtectedFS } = require("../../bindings/sgx-native/build/Release/sgx_native.node");
+const crypto_1 = require("crypto");
+const fs_1 = require("fs");
+const os_1 = require("os");
+const path_1 = require("path");
+const stream_1 = require("stream");
+// @TODO: Read it from nodejs module
+const PF_SIZE = 4096;
+const chunkedTransformer = (chunkSize = PF_SIZE) => {
+    const accumulateBuf = {
+        buf: Buffer.alloc(chunkSize),
+        bufSize: 0,
+    };
+    return new stream_1.Transform({
+        objectMode: false,
+        flush: (callback) => {
+            callback(null, accumulateBuf.buf.subarray(0, accumulateBuf.bufSize));
+            accumulateBuf.buf = Buffer.alloc(0);
+            accumulateBuf.bufSize = 0;
+        },
+        transform: function (chunk, encoding, callback) {
+            if (chunk.length + accumulateBuf.bufSize < chunkSize) {
+                const copied = chunk.copy(accumulateBuf.buf, accumulateBuf.bufSize);
+                accumulateBuf.bufSize += copied;
+            }
+            else {
+                const mergedBuf = Buffer.concat([accumulateBuf.buf.subarray(0, accumulateBuf.bufSize), chunk]);
+                accumulateBuf.bufSize = 0;
+                this.push(mergedBuf);
+            }
+            callback(null, null);
+        },
+    });
+};
+class EnclaveService {
+    constructor(tmpFolder = (0, os_1.tmpdir)()) {
+        this.tmpFolder = tmpFolder;
+        this.sgx = new SgxLowLevel();
+    }
+    /**
+     * Requests secret keys from cpu.
+     * @param type Value from enum @type KeyType
+     * @param policy Value from enum @type KeyPolicy
+     * @param previousRequest Request, for example received in a previous call to this method,
+     *                        can be undefined - this way a new request will be generated
+     * @returns Key and request, generated by method.
+     */
+    async getSecretKey(type, policy, previousRequest) {
+        if (!previousRequest) {
+            previousRequest = Buffer.alloc(0);
+        }
+        return this.sgx.getKey(type, policy, previousRequest);
+    }
+    /**
+     * Determines whether the request to obtain the key is outdated, for example, cpu_svn or isv_svn were updated
+     * @param previousRequest - Key Request
+     * @returns True if the request is outdated, false - the request is up to date
+     */
+    async isOutdatedRequest(previousRequest) {
+        return this.sgx.isOutdatedRequest(previousRequest);
+    }
+    /**
+     * Returns TEE device information.
+     * @returns
+     */
+    async getTeeDeviceInfo() {
+        return this.sgx.getDeviceInfo();
+    }
+    /**
+     * Returns TEE cpu benchmark.
+     * @param deviceInfoMemSize
+     * @returns
+     */
+    async getTeeDeviceCpuBenchmark(deviceInfoMemSize) {
+        return this.sgx.runCpuBenchmark(deviceInfoMemSize);
+    }
+    /**
+     * Returns TEE memory benchmark.
+     * @param deviceInfoTotalPhysicalCores
+     * @returns
+     */
+    async getTeeDeviceMemoryBenchmark(deviceInfoTotalPhysicalCores) {
+        return this.sgx.runMemoryBenchmark(deviceInfoTotalPhysicalCores);
+    }
+    /**
+     * Writes input stream to the protected file.
+     * @param inputStream
+     * @param outputStream
+     * @param filepath
+     * @param secretKey
+     */
+    async writeGramineProtectedFile(filepath, inputStream, secretKey) {
+        const tmpFileName = (0, path_1.join)(this.tmpFolder, "tee-pf-" + (0, crypto_1.randomBytes)(16).toString("hex") + ".tmp");
+        const protectedFsKey = secretKey.length !== 16
+            ? (0, crypto_1.createHash)("sha256", secretKey).update(secretKey).digest().slice(0, 16)
+            : secretKey;
+        let output = null;
+        try {
+            output = new GramineProtectedFS(tmpFileName, filepath, protectedFsKey, true);
+            let totalSize = 0;
+            let pfChunkSize = PF_SIZE;
+            if (process.env["GRAMINE_PROTECTED_FILES_STREAM_CACHE_SIZE"]) {
+                pfChunkSize = parseInt(process.env["GRAMINE_PROTECTED_FILES_STREAM_CACHE_SIZE"]);
+            }
+            let batchChunkIndex = 0;
+            const everyTenFlush = 10;
+            for await (const chunk of inputStream.pipe(chunkedTransformer(pfChunkSize))) {
+                if (!chunk.length) {
+                    // @TODO: It's may be normal, research
+                    continue;
+                }
+                const writtenSize = await output.write(totalSize, chunk);
+                if (writtenSize !== chunk.length) {
+                    throw new Error(`Fail to write ${chunk.length} to protected file ${filepath}:${tmpFileName}, written only ${writtenSize} bytes`);
+                }
+                totalSize += writtenSize;
+                if (batchChunkIndex && batchChunkIndex++ % everyTenFlush) {
+                    await output.flush();
+                }
+            }
+            await output.close();
+            return {
+                filepath: tmpFileName,
+                filesize: (await fs_1.promises.stat(tmpFileName)).size,
+                writtenSize: totalSize,
+            };
+        }
+        catch (error) {
+            if (output) {
+                await output.close();
+                await fs_1.promises.rm(tmpFileName, {
+                    recursive: true,
+                    force: true,
+                });
+            }
+            throw error;
+        }
+    }
+    /**
+     * Reads protected file and write to output stream.
+     * @param filepath
+     * @param inputStream
+     * @param outputStream
+     * @param secretKey
+     */
+    async readGramineProtectedFile(filepath, inputStream, secretKey) {
+        const tmpFileName = (0, path_1.join)(this.tmpFolder, "tee-pf-" + (0, crypto_1.randomBytes)(16).toString("hex") + ".tmp");
+        const protectedFsKey = secretKey.length !== 16
+            ? (0, crypto_1.createHash)("sha256", secretKey).update(secretKey).digest().slice(0, 16)
+            : secretKey;
+        let input = null;
+        try {
+            const tmpFileStream = (0, fs_1.createWriteStream)(tmpFileName);
+            await stream_1.promises.pipeline(inputStream, tmpFileStream);
+            input = new GramineProtectedFS(tmpFileName, filepath, protectedFsKey, false);
+            const originalFileSize = input.size();
+            const readChunkSize = PF_SIZE * 8;
+            let isFileEnd = false;
+            let cursor = 0;
+            let remainedBuffer = Buffer.alloc(0);
+            const decryptedStream = new stream_1.Readable({
+                read: async function (requestSize) {
+                    if (isFileEnd && !remainedBuffer.length) {
+                        if (input) {
+                            await input.close();
+                        }
+                        return this.push(null);
+                    }
+                    let readBuffer = remainedBuffer;
+                    let remainedReadSize = requestSize - readBuffer.length;
+                    while (!isFileEnd && remainedReadSize > 0) {
+                        const chunk = await input.read(cursor, readChunkSize);
+                        if (!chunk?.length) {
+                            isFileEnd = true;
+                            break;
+                        }
+                        readBuffer = Buffer.concat([readBuffer, chunk]);
+                        cursor += chunk.length;
+                        remainedReadSize -= chunk.length;
+                        if (chunk.length < readChunkSize) {
+                            isFileEnd = true;
+                            break;
+                        }
+                    }
+                    remainedBuffer = readBuffer.slice(requestSize);
+                    this.push(readBuffer.slice(0, requestSize));
+                },
+            });
+            return {
+                filepath: tmpFileName,
+                fileStream: decryptedStream,
+                filesize: originalFileSize,
+            };
+        }
+        catch (error) {
+            await fs_1.promises.rm(tmpFileName, {
+                recursive: true,
+                force: true,
+            });
+            if (input) {
+                await input.close();
+            }
+            throw error;
+        }
+    }
+}
+exports.EnclaveService = EnclaveService;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZW5jbGF2ZS5zZXJ2aWNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3NneC1uYXRpdmUtbW9kdWxlL2VuY2xhdmUuc2VydmljZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxNQUFNLEVBQUUsV0FBVyxFQUFFLGtCQUFrQixFQUFFLEdBQUcsT0FBTyxDQUFDLHlEQUF5RCxDQUFDLENBQUM7QUFDL0csbUNBQWlEO0FBQ2pELDJCQUF1RTtBQUN2RSwyQkFBNEI7QUFDNUIsK0JBQTRCO0FBQzVCLG1DQUF1RDtBQUd2RCxvQ0FBb0M7QUFDcEMsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDO0FBbURyQixNQUFNLGtCQUFrQixHQUFHLENBQUMsU0FBUyxHQUFHLE9BQU8sRUFBYSxFQUFFO0lBQzFELE1BQU0sYUFBYSxHQUFHO1FBQ2xCLEdBQUcsRUFBRSxNQUFNLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQztRQUM1QixPQUFPLEVBQUUsQ0FBQztLQUNiLENBQUM7SUFFRixPQUFPLElBQUksa0JBQVMsQ0FBQztRQUNqQixVQUFVLEVBQUUsS0FBSztRQUVqQixLQUFLLEVBQUUsQ0FBQyxRQUFRLEVBQUUsRUFBRTtZQUNoQixRQUFRLENBQUMsSUFBSSxFQUFFLGFBQWEsQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFDLENBQUMsRUFBRSxhQUFhLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQztZQUNyRSxhQUFhLENBQUMsR0FBRyxHQUFHLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDcEMsYUFBYSxDQUFDLE9BQU8sR0FBRyxDQUFDLENBQUM7UUFDOUIsQ0FBQztRQUNELFNBQVMsRUFBRSxVQUFVLEtBQUssRUFBRSxRQUFRLEVBQUUsUUFBUTtZQUMxQyxJQUFJLEtBQUssQ0FBQyxNQUFNLEdBQUcsYUFBYSxDQUFDLE9BQU8sR0FBRyxTQUFTLEVBQUUsQ0FBQztnQkFDbkQsTUFBTSxNQUFNLEdBQUcsS0FBSyxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsR0FBRyxFQUFFLGFBQWEsQ0FBQyxPQUFPLENBQUMsQ0FBQztnQkFDcEUsYUFBYSxDQUFDLE9BQU8sSUFBSSxNQUFNLENBQUM7WUFDcEMsQ0FBQztpQkFBTSxDQUFDO2dCQUNKLE1BQU0sU0FBUyxHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUFDLFFBQVEsQ0FBQyxDQUFDLEVBQUUsYUFBYSxDQUFDLE9BQU8sQ0FBQyxFQUFFLEtBQUssQ0FBQyxDQUFDLENBQUM7Z0JBQy9GLGFBQWEsQ0FBQyxPQUFPLEdBQUcsQ0FBQyxDQUFDO2dCQUMxQixJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBQ3pCLENBQUM7WUFDRCxRQUFRLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFDO1FBQ3pCLENBQUM7S0FDSixDQUFDLENBQUM7QUFDUCxDQUFDLENBQUM7QUFFRixNQUFhLGNBQWM7SUFHdkIsWUFBNkIsWUFBWSxJQUFBLFdBQU0sR0FBRTtRQUFwQixjQUFTLEdBQVQsU0FBUyxDQUFXO1FBQzdDLElBQUksQ0FBQyxHQUFHLEdBQUcsSUFBSSxXQUFXLEVBQUUsQ0FBQztJQUNqQyxDQUFDO0lBRUQ7Ozs7Ozs7T0FPRztJQUNILEtBQUssQ0FBQyxZQUFZLENBQUMsSUFBYSxFQUFFLE1BQWlCLEVBQUUsZUFBd0I7UUFDekUsSUFBSSxDQUFDLGVBQWUsRUFBRSxDQUFDO1lBQ25CLGVBQWUsR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ3RDLENBQUM7UUFFRCxPQUFPLElBQUksQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLElBQUksRUFBRSxNQUFNLEVBQVUsZUFBZSxDQUFDLENBQUM7SUFDbEUsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxLQUFLLENBQUMsaUJBQWlCLENBQUMsZUFBdUI7UUFDM0MsT0FBTyxJQUFJLENBQUMsR0FBRyxDQUFDLGlCQUFpQixDQUFDLGVBQWUsQ0FBQyxDQUFDO0lBQ3ZELENBQUM7SUFFRDs7O09BR0c7SUFDSCxLQUFLLENBQUMsZ0JBQWdCO1FBQ2xCLE9BQU8sSUFBSSxDQUFDLEdBQUcsQ0FBQyxhQUFhLEVBQUUsQ0FBQztJQUNwQyxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILEtBQUssQ0FBQyx3QkFBd0IsQ0FBQyxpQkFBeUI7UUFDcEQsT0FBTyxJQUFJLENBQUMsR0FBRyxDQUFDLGVBQWUsQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO0lBQ3ZELENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsS0FBSyxDQUFDLDJCQUEyQixDQUFDLDRCQUFvQztRQUNsRSxPQUFPLElBQUksQ0FBQyxHQUFHLENBQUMsa0JBQWtCLENBQUMsNEJBQTRCLENBQUMsQ0FBQztJQUNyRSxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0gsS0FBSyxDQUFDLHlCQUF5QixDQUMzQixRQUFnQixFQUNoQixXQUFxQixFQUNyQixTQUFpQjtRQUVqQixNQUFNLFdBQVcsR0FBRyxJQUFBLFdBQUksRUFBQyxJQUFJLENBQUMsU0FBUyxFQUFFLFNBQVMsR0FBRyxJQUFBLG9CQUFXLEVBQUMsRUFBRSxDQUFDLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxHQUFHLE1BQU0sQ0FBQyxDQUFDO1FBRS9GLE1BQU0sY0FBYyxHQUNoQixTQUFTLENBQUMsTUFBTSxLQUFLLEVBQUU7WUFDbkIsQ0FBQyxDQUFDLElBQUEsbUJBQVUsRUFBQyxRQUFRLEVBQUUsU0FBUyxDQUFDLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxDQUFDLE1BQU0sRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDO1lBQ3pFLENBQUMsQ0FBQyxTQUFTLENBQUM7UUFFcEIsSUFBSSxNQUFNLEdBQStCLElBQUksQ0FBQztRQUU5QyxJQUFJLENBQUM7WUFDRCxNQUFNLEdBQXdCLElBQUksa0JBQWtCLENBQUMsV0FBVyxFQUFFLFFBQVEsRUFBRSxjQUFjLEVBQUUsSUFBSSxDQUFDLENBQUM7WUFDbEcsSUFBSSxTQUFTLEdBQUcsQ0FBQyxDQUFDO1lBQ2xCLElBQUksV0FBVyxHQUFHLE9BQU8sQ0FBQztZQUMxQixJQUFJLE9BQU8sQ0FBQyxHQUFHLENBQUMsMkNBQTJDLENBQUMsRUFBRSxDQUFDO2dCQUMzRCxXQUFXLEdBQUcsUUFBUSxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsMkNBQTJDLENBQUMsQ0FBQyxDQUFDO1lBQ3JGLENBQUM7WUFDRCxJQUFJLGVBQWUsR0FBRyxDQUFDLENBQUM7WUFDeEIsTUFBTSxhQUFhLEdBQUcsRUFBRSxDQUFDO1lBRXpCLElBQUksS0FBSyxFQUFFLE1BQU0sS0FBSyxJQUFJLFdBQVcsQ0FBQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsV0FBVyxDQUFDLENBQUMsRUFBRSxDQUFDO2dCQUMxRSxJQUFJLENBQUMsS0FBSyxDQUFDLE1BQU0sRUFBRSxDQUFDO29CQUNoQixzQ0FBc0M7b0JBQ3RDLFNBQVM7Z0JBQ2IsQ0FBQztnQkFFRCxNQUFNLFdBQVcsR0FBRyxNQUFNLE1BQU0sQ0FBQyxLQUFLLENBQUMsU0FBUyxFQUFFLEtBQUssQ0FBQyxDQUFDO2dCQUV6RCxJQUFJLFdBQVcsS0FBSyxLQUFLLENBQUMsTUFBTSxFQUFFLENBQUM7b0JBQy9CLE1BQU0sSUFBSSxLQUFLLENBQ1gsaUJBQWlCLEtBQUssQ0FBQyxNQUFNLHNCQUFzQixRQUFRLElBQUksV0FBVyxrQkFBa0IsV0FBVyxRQUFRLENBQ2xILENBQUM7Z0JBQ04sQ0FBQztnQkFFRCxTQUFTLElBQUksV0FBVyxDQUFDO2dCQUV6QixJQUFJLGVBQWUsSUFBSSxlQUFlLEVBQUUsR0FBRyxhQUFhLEVBQUUsQ0FBQztvQkFDdkQsTUFBTSxNQUFNLENBQUMsS0FBSyxFQUFFLENBQUM7Z0JBQ3pCLENBQUM7WUFDTCxDQUFDO1lBRUQsTUFBTSxNQUFNLENBQUMsS0FBSyxFQUFFLENBQUM7WUFFckIsT0FBTztnQkFDSCxRQUFRLEVBQUUsV0FBVztnQkFDckIsUUFBUSxFQUFFLENBQUMsTUFBTSxhQUFVLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDLENBQUMsSUFBSTtnQkFDbkQsV0FBVyxFQUFFLFNBQVM7YUFDekIsQ0FBQztRQUNOLENBQUM7UUFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO1lBQ2IsSUFBSSxNQUFNLEVBQUUsQ0FBQztnQkFDVCxNQUFNLE1BQU0sQ0FBQyxLQUFLLEVBQUUsQ0FBQztnQkFFckIsTUFBTSxhQUFVLENBQUMsRUFBRSxDQUFDLFdBQVcsRUFBRTtvQkFDN0IsU0FBUyxFQUFFLElBQUk7b0JBQ2YsS0FBSyxFQUFFLElBQUk7aUJBQ2QsQ0FBQyxDQUFDO1lBQ1AsQ0FBQztZQUVELE1BQU0sS0FBSyxDQUFDO1FBQ2hCLENBQUM7SUFDTCxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0gsS0FBSyxDQUFDLHdCQUF3QixDQUMxQixRQUFnQixFQUNoQixXQUFxQixFQUNyQixTQUFpQjtRQUVqQixNQUFNLFdBQVcsR0FBRyxJQUFBLFdBQUksRUFBQyxJQUFJLENBQUMsU0FBUyxFQUFFLFNBQVMsR0FBRyxJQUFBLG9CQUFXLEVBQUMsRUFBRSxDQUFDLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxHQUFHLE1BQU0sQ0FBQyxDQUFDO1FBRS9GLE1BQU0sY0FBYyxHQUNoQixTQUFTLENBQUMsTUFBTSxLQUFLLEVBQUU7WUFDbkIsQ0FBQyxDQUFDLElBQUEsbUJBQVUsRUFBQyxRQUFRLEVBQUUsU0FBUyxDQUFDLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxDQUFDLE1BQU0sRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDO1lBQ3pFLENBQUMsQ0FBQyxTQUFTLENBQUM7UUFFcEIsSUFBSSxLQUFLLEdBQStCLElBQUksQ0FBQztRQUU3QyxJQUFJLENBQUM7WUFDRCxNQUFNLGFBQWEsR0FBRyxJQUFBLHNCQUFpQixFQUFDLFdBQVcsQ0FBQyxDQUFDO1lBRXJELE1BQU0saUJBQVEsQ0FBQyxRQUFRLENBQUMsV0FBVyxFQUFFLGFBQWEsQ0FBQyxDQUFDO1lBRXBELEtBQUssR0FBd0IsSUFBSSxrQkFBa0IsQ0FBQyxXQUFXLEVBQUUsUUFBUSxFQUFFLGNBQWMsRUFBRSxLQUFLLENBQUMsQ0FBQztZQUNsRyxNQUFNLGdCQUFnQixHQUFHLEtBQUssQ0FBQyxJQUFJLEVBQUUsQ0FBQztZQUN0QyxNQUFNLGFBQWEsR0FBRyxPQUFPLEdBQUcsQ0FBQyxDQUFDO1lBQ2xDLElBQUksU0FBUyxHQUFHLEtBQUssQ0FBQztZQUN0QixJQUFJLE1BQU0sR0FBRyxDQUFDLENBQUM7WUFDZixJQUFJLGNBQWMsR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBRXJDLE1BQU0sZUFBZSxHQUFHLElBQUksaUJBQVEsQ0FBQztnQkFDakMsSUFBSSxFQUFFLEtBQUssV0FBVyxXQUFtQjtvQkFDckMsSUFBSSxTQUFTLElBQUksQ0FBQyxjQUFjLENBQUMsTUFBTSxFQUFFLENBQUM7d0JBQ3RDLElBQUksS0FBSyxFQUFFLENBQUM7NEJBQ1IsTUFBTSxLQUFLLENBQUMsS0FBSyxFQUFFLENBQUM7d0JBQ3hCLENBQUM7d0JBRUQsT0FBTyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDO29CQUMzQixDQUFDO29CQUVELElBQUksVUFBVSxHQUFHLGNBQWMsQ0FBQztvQkFDaEMsSUFBSSxnQkFBZ0IsR0FBRyxXQUFXLEdBQUcsVUFBVSxDQUFDLE1BQU0sQ0FBQztvQkFFdkQsT0FBTyxDQUFDLFNBQVMsSUFBSSxnQkFBZ0IsR0FBRyxDQUFDLEVBQUUsQ0FBQzt3QkFDeEMsTUFBTSxLQUFLLEdBQUcsTUFBTSxLQUFNLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxhQUFhLENBQUMsQ0FBQzt3QkFFdkQsSUFBSSxDQUFDLEtBQUssRUFBRSxNQUFNLEVBQUUsQ0FBQzs0QkFDakIsU0FBUyxHQUFHLElBQUksQ0FBQzs0QkFDakIsTUFBTTt3QkFDVixDQUFDO3dCQUVELFVBQVUsR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUMsVUFBVSxFQUFFLEtBQUssQ0FBQyxDQUFDLENBQUM7d0JBQ2hELE1BQU0sSUFBSSxLQUFLLENBQUMsTUFBTSxDQUFDO3dCQUN2QixnQkFBZ0IsSUFBSSxLQUFLLENBQUMsTUFBTSxDQUFDO3dCQUVqQyxJQUFJLEtBQUssQ0FBQyxNQUFNLEdBQUcsYUFBYSxFQUFFLENBQUM7NEJBQy9CLFNBQVMsR0FBRyxJQUFJLENBQUM7NEJBQ2pCLE1BQU07d0JBQ1YsQ0FBQztvQkFDTCxDQUFDO29CQUVELGNBQWMsR0FBRyxVQUFVLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxDQUFDO29CQUUvQyxJQUFJLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLFdBQVcsQ0FBQyxDQUFDLENBQUM7Z0JBQ2hELENBQUM7YUFDSixDQUFDLENBQUM7WUFFSCxPQUFPO2dCQUNILFFBQVEsRUFBRSxXQUFXO2dCQUNyQixVQUFVLEVBQUUsZUFBZTtnQkFDM0IsUUFBUSxFQUFFLGdCQUFnQjthQUM3QixDQUFDO1FBQ04sQ0FBQztRQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7WUFDYixNQUFNLGFBQVUsQ0FBQyxFQUFFLENBQUMsV0FBVyxFQUFFO2dCQUM3QixTQUFTLEVBQUUsSUFBSTtnQkFDZixLQUFLLEVBQUUsSUFBSTthQUNkLENBQUMsQ0FBQztZQUVILElBQUksS0FBSyxFQUFFLENBQUM7Z0JBQ1IsTUFBTSxLQUFLLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDeEIsQ0FBQztZQUVELE1BQU0sS0FBSyxDQUFDO1FBQ2hCLENBQUM7SUFDTCxDQUFDO0NBQ0o7QUEzTkQsd0NBMk5DIn0=

package/dist/sgx-native-module/errors.d.ts

@@ -0,0 +1,19 @@
+import { QuoteVerificationResultType } from "./consts";
+export declare class AttestationDcapQuoteVerifyEnclaveError extends Error {
+    constructor(msg?: string);
+}
+export declare class QuoteValidationError extends AttestationDcapQuoteVerifyEnclaveError {
+    readonly verifyResult: number;
+    criticalError: boolean;
+    constructor(verifyResult: number);
+}
+export declare class QuoteSecurityValidationError extends AttestationDcapQuoteVerifyEnclaveError {
+    readonly verifyResult: QuoteVerificationResultType;
+    constructor(verifyResult: QuoteVerificationResultType);
+}
+export declare class PkiServiceError extends Error {
+    constructor(msg?: string);
+}
+export declare class QuoteGenerationError extends Error {
+    constructor(msg?: string);
+}

package/dist/sgx-native-module/errors.js

@@ -0,0 +1,69 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.QuoteGenerationError = exports.PkiServiceError = exports.QuoteSecurityValidationError = exports.QuoteValidationError = exports.AttestationDcapQuoteVerifyEnclaveError = void 0;
+const consts_1 = require("./consts");
+class AttestationDcapQuoteVerifyEnclaveError extends Error {
+    constructor(msg) {
+        super(msg);
+        this.name = AttestationDcapQuoteVerifyEnclaveError.name;
+    }
+}
+exports.AttestationDcapQuoteVerifyEnclaveError = AttestationDcapQuoteVerifyEnclaveError;
+class QuoteValidationError extends AttestationDcapQuoteVerifyEnclaveError {
+    constructor(verifyResult) {
+        super();
+        this.verifyResult = verifyResult;
+        this.criticalError = false;
+        this.verifyResult = verifyResult;
+        this.criticalError = false;
+        switch (verifyResult) {
+            case 0xa001:
+                this.message = `The SGX platform firmware and SW are at the latest security patching level but there are
+                platform hardware configurations may expose the enclave to vulnerabilities.`;
+                break;
+            case 0xa002:
+            case 0xa003:
+            case 0xa004:
+                this.message = `The SGX platform firmware and SW are not at the latest security patching level. The
+                platform needs to be patched with firmware and/or software patches.`;
+                break;
+            case 0xa007:
+            case 0xa008:
+                this.message = `The SGX platform firmware and SW are at the latest security patching level but there
+                are certain vulnerabilities that can only be mitigated with software mitigations implemented by the enclave.`;
+                break;
+            default:
+                this.criticalError = true;
+                this.message = `Quote verification failed. Verification result: 0x${Number(verifyResult).toString(16)}`;
+                break;
+        }
+    }
+}
+exports.QuoteValidationError = QuoteValidationError;
+class QuoteSecurityValidationError extends AttestationDcapQuoteVerifyEnclaveError {
+    constructor(verifyResult) {
+        super();
+        this.verifyResult = verifyResult;
+        this.verifyResult = verifyResult;
+        this.message = "Invalid CPU settings are being used.";
+        if (verifyResult.smtEnabled === consts_1.PckFlag.PCK_FLAG_TRUE) {
+            this.message = " HyperThreading (SMT) is enabled. Please disable it in BIOS.";
+        }
+    }
+}
+exports.QuoteSecurityValidationError = QuoteSecurityValidationError;
+class PkiServiceError extends Error {
+    constructor(msg) {
+        super(msg);
+        this.name = PkiServiceError.name;
+    }
+}
+exports.PkiServiceError = PkiServiceError;
+class QuoteGenerationError extends Error {
+    constructor(msg) {
+        super(msg);
+        this.name = QuoteGenerationError.name;
+    }
+}
+exports.QuoteGenerationError = QuoteGenerationError;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXJyb3JzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3NneC1uYXRpdmUtbW9kdWxlL2Vycm9ycy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxxQ0FBZ0U7QUFFaEUsTUFBYSxzQ0FBdUMsU0FBUSxLQUFLO0lBQzdELFlBQVksR0FBWTtRQUNwQixLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDWCxJQUFJLENBQUMsSUFBSSxHQUFHLHNDQUFzQyxDQUFDLElBQUksQ0FBQztJQUM1RCxDQUFDO0NBQ0o7QUFMRCx3RkFLQztBQUVELE1BQWEsb0JBQXFCLFNBQVEsc0NBQXNDO0lBRTVFLFlBQTRCLFlBQW9CO1FBQzVDLEtBQUssRUFBRSxDQUFDO1FBRGdCLGlCQUFZLEdBQVosWUFBWSxDQUFRO1FBRHpDLGtCQUFhLEdBQUcsS0FBSyxDQUFDO1FBR3pCLElBQUksQ0FBQyxZQUFZLEdBQUcsWUFBWSxDQUFDO1FBQ2pDLElBQUksQ0FBQyxhQUFhLEdBQUcsS0FBSyxDQUFDO1FBRTNCLFFBQVEsWUFBWSxFQUFFLENBQUM7WUFDbkIsS0FBSyxNQUFNO2dCQUNQLElBQUksQ0FBQyxPQUFPLEdBQUc7NEZBQzZELENBQUM7Z0JBQzdFLE1BQU07WUFDVixLQUFLLE1BQU0sQ0FBQztZQUNaLEtBQUssTUFBTSxDQUFDO1lBQ1osS0FBSyxNQUFNO2dCQUNQLElBQUksQ0FBQyxPQUFPLEdBQUc7b0ZBQ3FELENBQUM7Z0JBQ3JFLE1BQU07WUFDVixLQUFLLE1BQU0sQ0FBQztZQUNaLEtBQUssTUFBTTtnQkFDUCxJQUFJLENBQUMsT0FBTyxHQUFHOzZIQUM4RixDQUFDO2dCQUM5RyxNQUFNO1lBQ1Y7Z0JBQ0ksSUFBSSxDQUFDLGFBQWEsR0FBRyxJQUFJLENBQUM7Z0JBQzFCLElBQUksQ0FBQyxPQUFPLEdBQUcscURBQXFELE1BQU0sQ0FBQyxZQUFZLENBQUMsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQztnQkFDeEcsTUFBTTtRQUNkLENBQUM7SUFDTCxDQUFDO0NBQ0o7QUE3QkQsb0RBNkJDO0FBRUQsTUFBYSw0QkFBNkIsU0FBUSxzQ0FBc0M7SUFDcEYsWUFBNEIsWUFBeUM7UUFDakUsS0FBSyxFQUFFLENBQUM7UUFEZ0IsaUJBQVksR0FBWixZQUFZLENBQTZCO1FBRWpFLElBQUksQ0FBQyxZQUFZLEdBQUcsWUFBWSxDQUFDO1FBQ2pDLElBQUksQ0FBQyxPQUFPLEdBQUcsc0NBQXNDLENBQUM7UUFDdEQsSUFBSSxZQUFZLENBQUMsVUFBVSxLQUFLLGdCQUFPLENBQUMsYUFBYSxFQUFFLENBQUM7WUFDcEQsSUFBSSxDQUFDLE9BQU8sR0FBRyw4REFBOEQsQ0FBQztRQUNsRixDQUFDO0lBQ0wsQ0FBQztDQUNKO0FBVEQsb0VBU0M7QUFFRCxNQUFhLGVBQWdCLFNBQVEsS0FBSztJQUN0QyxZQUFZLEdBQVk7UUFDcEIsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ1gsSUFBSSxDQUFDLElBQUksR0FBRyxlQUFlLENBQUMsSUFBSSxDQUFDO0lBQ3JDLENBQUM7Q0FDSjtBQUxELDBDQUtDO0FBRUQsTUFBYSxvQkFBcUIsU0FBUSxLQUFLO0lBQzNDLFlBQVksR0FBWTtRQUNwQixLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDWCxJQUFJLENBQUMsSUFBSSxHQUFHLG9CQUFvQixDQUFDLElBQUksQ0FBQztJQUMxQyxDQUFDO0NBQ0o7QUFMRCxvREFLQyJ9

package/dist/sgx-native-module/helpers.d.ts

@@ -0,0 +1 @@
+export declare function gramineCompatibleRmDir(dirPath: string): Promise<void>;

package/dist/sgx-native-module/helpers.js

@@ -0,0 +1,50 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.gramineCompatibleRmDir = void 0;
+const fs_1 = require("fs");
+const path = __importStar(require("path"));
+async function gramineCompatibleRmDir(dirPath) {
+    try {
+        await fs_1.promises.access(dirPath, fs_1.constants.F_OK);
+    }
+    catch {
+        return;
+    }
+    const files = await fs_1.promises.readdir(dirPath);
+    for (const file of files) {
+        const filePath = path.join(dirPath, file);
+        const stat = await fs_1.promises.lstat(filePath);
+        if (stat.isDirectory()) {
+            await gramineCompatibleRmDir(filePath);
+        }
+        else {
+            await fs_1.promises.unlink(filePath);
+        }
+    }
+    await fs_1.promises.rmdir(dirPath);
+}
+exports.gramineCompatibleRmDir = gramineCompatibleRmDir;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaGVscGVycy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9zZ3gtbmF0aXZlLW1vZHVsZS9oZWxwZXJzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsMkJBQStDO0FBQy9DLDJDQUE2QjtBQUV0QixLQUFLLFVBQVUsc0JBQXNCLENBQUMsT0FBZTtJQUN4RCxJQUFJLENBQUM7UUFDRCxNQUFNLGFBQUUsQ0FBQyxNQUFNLENBQUMsT0FBTyxFQUFFLGNBQVMsQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUM3QyxDQUFDO0lBQUMsTUFBTSxDQUFDO1FBQ0wsT0FBTztJQUNYLENBQUM7SUFFRCxNQUFNLEtBQUssR0FBRyxNQUFNLGFBQUUsQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLENBQUM7SUFFeEMsS0FBSyxNQUFNLElBQUksSUFBSSxLQUFLLEVBQUUsQ0FBQztRQUN2QixNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sRUFBRSxJQUFJLENBQUMsQ0FBQztRQUMxQyxNQUFNLElBQUksR0FBRyxNQUFNLGFBQUUsQ0FBQyxLQUFLLENBQUMsUUFBUSxDQUFDLENBQUM7UUFFdEMsSUFBSSxJQUFJLENBQUMsV0FBVyxFQUFFLEVBQUUsQ0FBQztZQUNyQixNQUFNLHNCQUFzQixDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQzNDLENBQUM7YUFBTSxDQUFDO1lBQ0osTUFBTSxhQUFFLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQzlCLENBQUM7SUFDTCxDQUFDO0lBQ0QsTUFBTSxhQUFFLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDO0FBQzVCLENBQUM7QUFwQkQsd0RBb0JDIn0=

package/dist/sgx-native-module/index.d.ts

@@ -0,0 +1,9 @@
+export * from "./consts";
+export * from "./errors";
+export * from "./enclave.service";
+export * from "./dcap-quote-verify.service";
+export * from "./pki.service";
+export * from "./sev-snp";
+export * from "./sev-snp-mrenclave";
+export * from "./sev-snp-schema";
+export * from "../proto/AmdSevSnp";

package/dist/sgx-native-module/index.js

@@ -0,0 +1,26 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./consts"), exports);
+__exportStar(require("./errors"), exports);
+__exportStar(require("./enclave.service"), exports);
+__exportStar(require("./dcap-quote-verify.service"), exports);
+__exportStar(require("./pki.service"), exports);
+__exportStar(require("./sev-snp"), exports);
+__exportStar(require("./sev-snp-mrenclave"), exports);
+__exportStar(require("./sev-snp-schema"), exports);
+__exportStar(require("../proto/AmdSevSnp"), exports);
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2d4LW5hdGl2ZS1tb2R1bGUvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLDJDQUF5QjtBQUN6QiwyQ0FBeUI7QUFDekIsb0RBQWtDO0FBQ2xDLDhEQUE0QztBQUM1QyxnREFBOEI7QUFDOUIsNENBQTBCO0FBQzFCLHNEQUFvQztBQUNwQyxtREFBaUM7QUFDakMscURBQW1DIn0=

package/dist/sgx-native-module/pki.service.d.ts

@@ -0,0 +1,50 @@
+/// <reference types="node" />
+export type TlsCertResult = {
+    key: Buffer;
+    cert: Buffer;
+};
+export declare enum CertificateKeyType {
+    RSA = "RSA",
+    ECP = "ECP"
+}
+export declare enum CertificateFormat {
+    PEM = "PEM",
+    DER = "DER"
+}
+export declare enum ECPCurve {
+    SECP192R1 = "SECP192R1" /*!< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1. */,
+    SECP224R1 = "SECP224R1" /*!< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1. */,
+    SECP256R1 = "SECP256R1" /*!< Domain parameters for the 256-bit curve defined by FIPS 186-4 and SEC1. */,
+    SECP384R1 = "SECP384R1" /*!< Domain parameters for the 384-bit curve defined by FIPS 186-4 and SEC1. */,
+    SECP521R1 = "SECP521R1" /*!< Domain parameters for the 521-bit curve defined by FIPS 186-4 and SEC1. */,
+    BP256R1 = "BP256R1" /*!< Domain parameters for 256-bit Brainpool curve. */,
+    BP384R1 = "BP384R1" /*!< Domain parameters for 384-bit Brainpool curve. */,
+    BP512R1 = "BP512R1" /*!< Domain parameters for 512-bit Brainpool curve. */,
+    SECP192K1 = "SECP192K1" /*!< Domain parameters for 192-bit "Koblitz" curve. */,
+    SECP224K1 = "SECP224K1" /*!< Domain parameters for 224-bit "Koblitz" curve. */,
+    SECP256K1 = "SECP256K1" /*!< Domain parameters for 256-bit "Koblitz" curve. */
+}
+export type TLSCertParams = {
+    format?: CertificateFormat;
+    subject?: {
+        commonName?: string;
+        countryName?: string;
+        state?: string;
+        localityName?: string;
+        organizationName?: string;
+        organizationUnit?: string;
+    };
+    keyType?: CertificateKeyType;
+    withQuote?: boolean;
+    rsaKeyBits?: number;
+    ecpCurve?: ECPCurve;
+    serialNumber?: string;
+    days?: number;
+    dnsNames?: string[];
+    ips?: string[];
+};
+export declare class PkiService {
+    private readonly cryptoPrimitives;
+    constructor();
+    generateTlsCertificate(params?: TLSCertParams): Promise<TlsCertResult>;
+}