@zeke-02/tinfoil 0.0.5 → 0.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +38 -24
- package/dist/ai-sdk-provider.d.ts +1 -1
- package/dist/ai-sdk-provider.js +2 -1
- package/dist/esm/ai-sdk-provider.d.ts +1 -1
- package/dist/esm/ai-sdk-provider.mjs +2 -1
- package/dist/esm/secure-client.mjs +8 -0
- package/dist/esm/verifier.d.ts +49 -49
- package/dist/esm/verifier.mjs +150 -362
- package/dist/secure-client.js +8 -0
- package/dist/verifier.d.ts +49 -49
- package/dist/verifier.js +150 -364
- package/package.json +2 -2
package/dist/verifier.d.ts
CHANGED
|
@@ -5,6 +5,14 @@ export interface AttestationMeasurement {
|
|
|
5
5
|
type: string;
|
|
6
6
|
registers: string[];
|
|
7
7
|
}
|
|
8
|
+
/**
|
|
9
|
+
* Hardware measurement from TDX platform verification
|
|
10
|
+
*/
|
|
11
|
+
export interface HardwareMeasurement {
|
|
12
|
+
ID: string;
|
|
13
|
+
MRTD: string;
|
|
14
|
+
RTMR0: string;
|
|
15
|
+
}
|
|
8
16
|
/**
|
|
9
17
|
* Attestation response containing cryptographic keys and measurements
|
|
10
18
|
* At least one of tlsPublicKeyFingerprint or hpkePublicKey must be present
|
|
@@ -31,6 +39,12 @@ export interface VerificationDocument {
|
|
|
31
39
|
releaseDigest: string;
|
|
32
40
|
codeMeasurement: AttestationMeasurement;
|
|
33
41
|
enclaveMeasurement: AttestationResponse;
|
|
42
|
+
tlsPublicKey: string;
|
|
43
|
+
hpkePublicKey: string;
|
|
44
|
+
hardwareMeasurement?: HardwareMeasurement;
|
|
45
|
+
codeFingerprint: string;
|
|
46
|
+
enclaveFingerprint: string;
|
|
47
|
+
selectedRouterEndpoint: string;
|
|
34
48
|
securityVerified: boolean;
|
|
35
49
|
steps: {
|
|
36
50
|
fetchDigest: VerificationStepState;
|
|
@@ -42,29 +56,19 @@ export interface VerificationDocument {
|
|
|
42
56
|
otherError?: VerificationStepState;
|
|
43
57
|
};
|
|
44
58
|
}
|
|
45
|
-
export interface MeasurementComparisonResult {
|
|
46
|
-
match: boolean;
|
|
47
|
-
error?: Error;
|
|
48
|
-
}
|
|
49
|
-
export declare function compareMeasurementsDetailed(codeMeasurement: AttestationMeasurement, runtimeMeasurement: AttestationMeasurement): MeasurementComparisonResult;
|
|
50
|
-
/**
|
|
51
|
-
* Compare two measurements according to platform-specific rules
|
|
52
|
-
* This is predicate function for comparing attestation measurements
|
|
53
|
-
* taken from https://github.com/tinfoilsh/verifier/blob/main/attestation/attestation.go
|
|
54
|
-
*
|
|
55
|
-
* @param codeMeasurement - Expected measurement from code attestation
|
|
56
|
-
* @param runtimeMeasurement - Actual measurement from runtime attestation
|
|
57
|
-
* @returns true if measurements match according to platform rules
|
|
58
|
-
*/
|
|
59
|
-
export declare function compareMeasurements(codeMeasurement: AttestationMeasurement, runtimeMeasurement: AttestationMeasurement): boolean;
|
|
60
59
|
/**
|
|
61
60
|
* Verifier performs attestation verification for Tinfoil enclaves
|
|
62
61
|
*
|
|
63
|
-
* The verifier loads a WebAssembly module that
|
|
62
|
+
* The verifier loads a WebAssembly module (compiled from Go) that performs
|
|
63
|
+
* end-to-end attestation verification:
|
|
64
64
|
* 1. Fetches the latest code release digest from GitHub
|
|
65
|
-
* 2.
|
|
66
|
-
* 3. Performs
|
|
67
|
-
* 4.
|
|
65
|
+
* 2. Verifies code provenance using Sigstore/Rekor
|
|
66
|
+
* 3. Performs runtime attestation against the enclave
|
|
67
|
+
* 4. Verifies hardware measurements (for TDX platforms)
|
|
68
|
+
* 5. Compares code and runtime measurements using platform-specific logic
|
|
69
|
+
*
|
|
70
|
+
* Primary method: verify() - Returns AttestationResponse with cryptographic keys
|
|
71
|
+
* Verification details: getVerificationDocument() - Returns step-by-step results
|
|
68
72
|
*/
|
|
69
73
|
export declare class Verifier {
|
|
70
74
|
private static goInstance;
|
|
@@ -86,56 +90,52 @@ export declare class Verifier {
|
|
|
86
90
|
*/
|
|
87
91
|
private static executeWithWasm;
|
|
88
92
|
/**
|
|
89
|
-
*
|
|
90
|
-
* @param configRepo - Repository name (e.g., "tinfoilsh/confidential-model-router")
|
|
91
|
-
* @returns The digest hash
|
|
92
|
-
*/
|
|
93
|
-
fetchLatestDigest(configRepo?: string): Promise<string>;
|
|
94
|
-
/**
|
|
95
|
-
* Perform runtime attestation on the enclave
|
|
96
|
-
* @param enclaveHost - The enclave hostname
|
|
97
|
-
* @returns Attestation response with measurement and keys
|
|
98
|
-
*/
|
|
99
|
-
verifyEnclave(enclaveHost?: string): Promise<AttestationResponse>;
|
|
100
|
-
/**
|
|
101
|
-
* Perform code attestation
|
|
102
|
-
* @param configRepo - Repository name
|
|
103
|
-
* @param digest - Code digest hash
|
|
104
|
-
* @returns Code measurement
|
|
105
|
-
*/
|
|
106
|
-
verifyCode(configRepo: string, digest: string): Promise<{
|
|
107
|
-
measurement: AttestationMeasurement;
|
|
108
|
-
}>;
|
|
109
|
-
/**
|
|
110
|
-
* Perform attestation verification
|
|
93
|
+
* Perform end-to-end attestation verification
|
|
111
94
|
*
|
|
112
|
-
* This method:
|
|
95
|
+
* This method performs all verification steps atomically via the Go WASM verify() function:
|
|
113
96
|
* 1. Fetches the latest code digest from GitHub releases
|
|
114
|
-
* 2.
|
|
115
|
-
* 3.
|
|
116
|
-
* 4.
|
|
117
|
-
* 5.
|
|
97
|
+
* 2. Verifies code provenance using Sigstore/Rekor
|
|
98
|
+
* 3. Performs runtime attestation against the enclave
|
|
99
|
+
* 4. Verifies hardware measurements (for TDX platforms)
|
|
100
|
+
* 5. Compares code and runtime measurements using platform-specific logic
|
|
118
101
|
*
|
|
119
102
|
* The WASM runtime is automatically initialized and cleaned up within this method.
|
|
103
|
+
* A detailed verification document is saved and can be accessed via getVerificationDocument().
|
|
120
104
|
*
|
|
121
|
-
* @
|
|
105
|
+
* @returns AttestationResponse containing cryptographic keys (TLS/HPKE) and enclave measurement
|
|
106
|
+
* @throws Error if measurements don't match or verification fails at any step
|
|
122
107
|
*/
|
|
123
108
|
verify(): Promise<AttestationResponse>;
|
|
109
|
+
/**
|
|
110
|
+
* Save a failed verification document
|
|
111
|
+
*/
|
|
112
|
+
private saveFailedVerificationDocument;
|
|
124
113
|
/**
|
|
125
114
|
* Internal verification logic that runs within WASM context
|
|
126
115
|
*/
|
|
127
116
|
private verifyInternal;
|
|
128
117
|
/**
|
|
129
|
-
* Returns the
|
|
118
|
+
* Returns the verification document from the last verify() call
|
|
119
|
+
*
|
|
120
|
+
* The document contains detailed step-by-step verification results including:
|
|
121
|
+
* - Step status (pending/success/failed) for each verification phase
|
|
122
|
+
* - Measurements, fingerprints, and cryptographic keys
|
|
123
|
+
* - Error messages for any failed steps
|
|
124
|
+
*
|
|
125
|
+
* Available even if verification failed, allowing inspection of which step failed.
|
|
126
|
+
*
|
|
127
|
+
* @returns VerificationDocument with complete verification details, or undefined if verify() hasn't been called
|
|
130
128
|
*/
|
|
131
129
|
getVerificationDocument(): VerificationDocument | undefined;
|
|
132
130
|
}
|
|
133
131
|
/**
|
|
134
132
|
* Control WASM log output
|
|
135
133
|
*
|
|
136
|
-
* The Go WASM runtime outputs logs through a polyfilled fs.writeSync.
|
|
134
|
+
* The Go WASM runtime outputs logs (stdout/stderr) through a polyfilled fs.writeSync.
|
|
137
135
|
* This function allows suppressing those logs without affecting other console output.
|
|
136
|
+
* By default, WASM logs are suppressed to reduce noise.
|
|
138
137
|
*
|
|
139
138
|
* @param suppress - Whether to suppress WASM logs (default: true)
|
|
139
|
+
* @returns void
|
|
140
140
|
*/
|
|
141
141
|
export declare function suppressWasmLogs(suppress?: boolean): void;
|