secretvm-verify 0.1.0

package/dist/rtmr.js

@@ -0,0 +1,45 @@
+import crypto from "node:crypto";
+// Initial MR value: 48 zero bytes
+const INIT_MR = Buffer.alloc(48).toString("hex");
+function measureSha256(data) {
+    return crypto.createHash("sha256").update(data).digest();
+}
+function replayRtmr(history) {
+    if (history.length === 0)
+        return INIT_MR;
+    let mr = Buffer.alloc(48);
+    for (const entry of history) {
+        const entryBytes = Buffer.from(entry, "hex");
+        let padded;
+        if (entryBytes.length < 48) {
+            padded = Buffer.concat([entryBytes, Buffer.alloc(48 - entryBytes.length)]);
+        }
+        else {
+            padded = entryBytes;
+        }
+        const h = crypto.createHash("sha384");
+        h.update(Buffer.concat([mr, padded]));
+        mr = h.digest().subarray(0, 48);
+    }
+    return mr.toString("hex");
+}
+/**
+ * Calculate RTMR3 from a docker-compose file content and rootfs_data.
+ *
+ * Mirrors portal logic exactly:
+ *   1. Parse docker-compose YAML and re-stringify (normalise)
+ *   2. SHA-256 of normalised YAML bytes  → log[0]
+ *   3. rootfs_data (hex)                 → log[1]
+ *   4. replayRtmr(log)
+ */
+export function calculateRtmr3(dockerCompose, rootfsData) {
+    const log = [];
+    // Hash raw bytes directly (no YAML normalization) — matches portal's Buffer path
+    const composeBuffer = typeof dockerCompose === "string"
+        ? Buffer.from(dockerCompose)
+        : dockerCompose;
+    log.push(measureSha256(composeBuffer).toString("hex"));
+    log.push(rootfsData.toLowerCase().replace(/^0x/, ""));
+    return replayRtmr(log);
+}
+//# sourceMappingURL=rtmr.js.map

package/dist/rtmr.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rtmr.js","sourceRoot":"","sources":["../src/rtmr.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAC;AAEjC,kCAAkC;AAClC,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAEjD,SAAS,aAAa,CAAC,IAAY;IAC/B,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;AAC7D,CAAC;AAED,SAAS,UAAU,CAAC,OAAiB;IACjC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,OAAO,CAAC;IAEzC,IAAI,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAE1B,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC1B,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QAC7C,IAAI,MAAc,CAAC;QACnB,IAAI,UAAU,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YACzB,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAC/E,CAAC;aAAM,CAAC;YACJ,MAAM,GAAG,UAAU,CAAC;QACxB,CAAC;QACD,MAAM,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QACtC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC;QACtC,EAAE,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACpC,CAAC;IAED,OAAO,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAC9B,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,cAAc,CAC1B,aAA8B,EAC9B,UAAkB;IAElB,MAAM,GAAG,GAAa,EAAE,CAAC;IAEzB,iFAAiF;IACjF,MAAM,aAAa,GACf,OAAO,aAAa,KAAK,QAAQ;QAC7B,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC;QAC5B,CAAC,CAAC,aAAa,CAAC;IAExB,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;IACvD,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC;IAEtD,OAAO,UAAU,CAAC,GAAG,CAAC,CAAC;AAC3B,CAAC"}

package/dist/sevGctx.d.ts

@@ -0,0 +1,38 @@
+/**
+ * SEV-SNP GCTX launch-digest computation.
+ * Ported from sev-snp-measure (IBM, Apache-2.0).
+ */
+/** vcpu_sig for EPYC / EPYC-v1..v4:  amd_cpu_sig(family=23, model=1, stepping=2) */
+export declare const VCPU_SIG_EPYC = 8392466;
+export declare const GUEST_FEATURES = 1;
+export declare const BSP_EIP = 4294967280;
+export declare const VCPU_MAP: Record<string, number>;
+export declare function gctxUpdateNormalPages(ld: Buffer, startGpa: bigint, data: Buffer): Buffer;
+export declare function gctxUpdateVmsaPage(ld: Buffer, data: Buffer): Buffer;
+export declare function gctxUpdateZeroPages(ld: Buffer, gpa: bigint, size: number): Buffer;
+export declare function gctxUpdateSecretsPage(ld: Buffer, gpa: bigint): Buffer;
+export declare function gctxUpdateCpuidPage(ld: Buffer, gpa: bigint): Buffer;
+export declare function buildHashesPage(kernelHashHex: string, initrdHashHex: string, append: string, offsetInPage: number): Buffer;
+export declare function buildVmsaPage(eip: number, vcpuSig: number, guestFeatures: bigint): Buffer;
+export interface SevRegistryEntry {
+    vm_type: string;
+    artifacts_ver: string;
+    kernel_hash: string;
+    initrd_hash: string;
+    vcpu_type: string;
+    rootfs_hash: string;
+    ovmf_hash: string;
+    sev_hashes_table_gpa: number;
+    sev_es_reset_eip: number;
+    ovmf_sections: Array<{
+        gpa: number;
+        size: number;
+        section_type: number;
+    }>;
+}
+export declare function calcSevMeasurement(entry: SevRegistryEntry, vcpus: number, cmdline: string): string;
+export declare function parseSevFamilyId(familyIdBytes: Buffer): {
+    vmType: string;
+    templateName: string;
+    vcpus: number;
+} | null;

package/dist/sevGctx.js

@@ -0,0 +1,213 @@
+/**
+ * SEV-SNP GCTX launch-digest computation.
+ * Ported from sev-snp-measure (IBM, Apache-2.0).
+ */
+import { createHash } from "node:crypto";
+// ---------------------------------------------------------------------------
+// Constants
+// ---------------------------------------------------------------------------
+const LD_SIZE = 48; // SHA-384 digest size
+const ZEROS = Buffer.alloc(LD_SIZE);
+const VMSA_GPA = BigInt("0xFFFFFFFFF000");
+/** vcpu_sig for EPYC / EPYC-v1..v4:  amd_cpu_sig(family=23, model=1, stepping=2) */
+export const VCPU_SIG_EPYC = 0x00800f12;
+export const GUEST_FEATURES = 0x1;
+export const BSP_EIP = 0xfffffff0;
+export const VCPU_MAP = {
+    small: 1,
+    medium: 2,
+    large: 4,
+    "2xlarge": 8,
+};
+// ---------------------------------------------------------------------------
+// SHA-384 helpers
+// ---------------------------------------------------------------------------
+function sha384(data) {
+    return createHash("sha384").update(data).digest();
+}
+// ---------------------------------------------------------------------------
+// GCTX page-update primitive
+// ---------------------------------------------------------------------------
+function gctxUpdate(ld, pageType, gpa, contents) {
+    // PAGE_INFO structure per AMD SNP spec §8.17.2 Table 67
+    const buf = Buffer.allocUnsafe(0x70);
+    ld.copy(buf, 0); // current launch digest (48 bytes)
+    contents.copy(buf, 48); // page content hash (48 bytes)
+    buf.writeUInt16LE(0x70, 96); // page_info_len
+    buf.writeUInt8(pageType, 98); // page_type
+    buf.writeUInt8(0, 99); // is_imi
+    buf.writeUInt8(0, 100); // vmpl3_perms
+    buf.writeUInt8(0, 101); // vmpl2_perms
+    buf.writeUInt8(0, 102); // vmpl1_perms
+    buf.writeUInt8(0, 103); // reserved
+    buf.writeBigUInt64LE(gpa, 104);
+    return sha384(buf);
+}
+// ---------------------------------------------------------------------------
+// Page-type update helpers
+// ---------------------------------------------------------------------------
+export function gctxUpdateNormalPages(ld, startGpa, data) {
+    for (let offset = 0; offset < data.length; offset += 4096) {
+        const page = data.subarray(offset, offset + 4096);
+        ld = gctxUpdate(ld, 0x01, startGpa + BigInt(offset), sha384(page));
+    }
+    return ld;
+}
+export function gctxUpdateVmsaPage(ld, data) {
+    return gctxUpdate(ld, 0x02, VMSA_GPA, sha384(data));
+}
+export function gctxUpdateZeroPages(ld, gpa, size) {
+    for (let offset = 0; offset < size; offset += 4096) {
+        ld = gctxUpdate(ld, 0x03, gpa + BigInt(offset), ZEROS);
+    }
+    return ld;
+}
+export function gctxUpdateSecretsPage(ld, gpa) {
+    return gctxUpdate(ld, 0x05, gpa, ZEROS);
+}
+export function gctxUpdateCpuidPage(ld, gpa) {
+    return gctxUpdate(ld, 0x06, gpa, ZEROS);
+}
+// ---------------------------------------------------------------------------
+// Kernel hashes page builder
+// Mirrors QEMU's sev_hashes_page construction exactly.
+// ---------------------------------------------------------------------------
+const SEV_HASH_TABLE_HEADER_GUID = "9438d606-4f22-4cc9-b479-a793d411fd21";
+const SEV_KERNEL_ENTRY_GUID = "4de79437-abd2-427f-b835-d5b172d2045b";
+const SEV_INITRD_ENTRY_GUID = "44baf731-3a2f-4bd7-9af1-41e29169781d";
+const SEV_CMDLINE_ENTRY_GUID = "97d02dd8-bd20-4c94-aa78-e7714d36ab2a";
+function uuidToLE(guid) {
+    // UUID string → RFC4122 bytes → convert first three groups to LE
+    const hex = guid.replace(/-/g, "");
+    const bytes = Buffer.from(hex, "hex");
+    // Swap bytes for little-endian encoding (groups 1, 2, 3)
+    const le = Buffer.from(bytes);
+    // group1: bytes 0-3 (4 bytes, swap)
+    le[0] = bytes[3];
+    le[1] = bytes[2];
+    le[2] = bytes[1];
+    le[3] = bytes[0];
+    // group2: bytes 4-5 (2 bytes, swap)
+    le[4] = bytes[5];
+    le[5] = bytes[4];
+    // group3: bytes 6-7 (2 bytes, swap)
+    le[6] = bytes[7];
+    le[7] = bytes[6];
+    // groups 4+5 remain big-endian
+    return le;
+}
+function sevHashTableEntry(guidStr, hash) {
+    // SevHashTableEntry: guid(16) + length(u16 LE) + hash(32) = 50 bytes
+    const entry = Buffer.allocUnsafe(50);
+    uuidToLE(guidStr).copy(entry, 0);
+    entry.writeUInt16LE(50, 16);
+    hash.copy(entry, 18);
+    return entry;
+}
+export function buildHashesPage(kernelHashHex, initrdHashHex, append, offsetInPage) {
+    const kernelHash = Buffer.from(kernelHashHex, "hex");
+    const initrdHash = initrdHashHex
+        ? Buffer.from(initrdHashHex, "hex")
+        : Buffer.from(createHash("sha256").update(Buffer.alloc(0)).digest());
+    const cmdlineBytes = append ? Buffer.from(append + "\0", "utf8") : Buffer.from("\0", "utf8");
+    const cmdlineHash = Buffer.from(createHash("sha256").update(cmdlineBytes).digest());
+    // SevHashTable: guid(16) + length(u16) + cmdline_entry(50) + initrd_entry(50) + kernel_entry(50) = 168 bytes
+    const ht = Buffer.allocUnsafe(168);
+    uuidToLE(SEV_HASH_TABLE_HEADER_GUID).copy(ht, 0);
+    ht.writeUInt16LE(168, 16);
+    sevHashTableEntry(SEV_CMDLINE_ENTRY_GUID, cmdlineHash).copy(ht, 18);
+    sevHashTableEntry(SEV_INITRD_ENTRY_GUID, initrdHash).copy(ht, 68);
+    sevHashTableEntry(SEV_KERNEL_ENTRY_GUID, kernelHash).copy(ht, 118);
+    // Pad to 16-byte alignment: 168 % 16 = 8 → 8 padding bytes → 176 bytes total
+    const padded = Buffer.concat([ht, Buffer.alloc(8)]);
+    const page = Buffer.alloc(4096);
+    padded.copy(page, offsetInPage);
+    return page;
+}
+// ---------------------------------------------------------------------------
+// VMSA page builder — QEMU SEV-SNP mode
+// ---------------------------------------------------------------------------
+export function buildVmsaPage(eip, vcpuSig, guestFeatures) {
+    const page = Buffer.alloc(4096);
+    function vmcbSeg(off, sel, attr, lim, base) {
+        page.writeUInt16LE(sel, off);
+        page.writeUInt16LE(attr, off + 2);
+        page.writeUInt32LE(lim, off + 4);
+        page.writeBigUInt64LE(base, off + 8);
+    }
+    const csBase = BigInt((eip & 0xffff0000) >>> 0);
+    const rip = BigInt(eip & 0x0000ffff);
+    vmcbSeg(0x000, 0, 0x0093, 0xffff, 0n); // es
+    vmcbSeg(0x010, 0xf000, 0x009b, 0xffff, csBase); // cs
+    vmcbSeg(0x020, 0, 0x0093, 0xffff, 0n); // ss
+    vmcbSeg(0x030, 0, 0x0093, 0xffff, 0n); // ds
+    vmcbSeg(0x040, 0, 0x0093, 0xffff, 0n); // fs
+    vmcbSeg(0x050, 0, 0x0093, 0xffff, 0n); // gs
+    vmcbSeg(0x060, 0, 0x0000, 0xffff, 0n); // gdtr
+    vmcbSeg(0x070, 0, 0x0082, 0xffff, 0n); // ldtr
+    vmcbSeg(0x080, 0, 0x0000, 0xffff, 0n); // idtr
+    vmcbSeg(0x090, 0, 0x008b, 0xffff, 0n); // tr
+    page.writeBigUInt64LE(0x1000n, 0x0d0); // efer (SVME)
+    page.writeBigUInt64LE(0x40n, 0x148); // cr4  (MCE)
+    page.writeBigUInt64LE(0x10n, 0x158); // cr0  (PE)
+    page.writeBigUInt64LE(0x400n, 0x160); // dr7
+    page.writeBigUInt64LE(0xffff0ff0n, 0x168); // dr6
+    page.writeBigUInt64LE(0x2n, 0x170); // rflags
+    page.writeBigUInt64LE(rip, 0x178); // rip
+    page.writeBigUInt64LE(0x0007040600070406n, 0x268); // g_pat
+    page.writeBigUInt64LE(BigInt(vcpuSig), 0x310); // rdx (CPUID sig)
+    page.writeBigUInt64LE(guestFeatures, 0x3b0); // sev_features
+    page.writeBigUInt64LE(0x1n, 0x3e8); // xcr0
+    page.writeUInt32LE(0x1f80, 0x408); // mxcsr
+    page.writeUInt16LE(0x037f, 0x410); // x87_fcw
+    return page;
+}
+export function calcSevMeasurement(entry, vcpus, cmdline) {
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    let ld = Buffer.from(entry.ovmf_hash, "hex");
+    const offsetInPage = entry.sev_hashes_table_gpa & 0xfff;
+    const hashesPage = buildHashesPage(entry.kernel_hash, entry.initrd_hash, cmdline, offsetInPage);
+    for (const sec of entry.ovmf_sections) {
+        const gpa = BigInt(sec.gpa);
+        switch (sec.section_type) {
+            case 1: // SNP_SEC_MEM
+                ld = gctxUpdateZeroPages(ld, gpa, sec.size);
+                break;
+            case 2: // SNP_SECRETS
+                ld = gctxUpdateSecretsPage(ld, gpa);
+                break;
+            case 3: // CPUID
+                ld = gctxUpdateCpuidPage(ld, gpa);
+                break;
+            case 4: // SVSM_CAA
+                ld = gctxUpdateZeroPages(ld, gpa, sec.size);
+                break;
+            case 0x10: // SNP_KERNEL_HASHES
+                ld = gctxUpdateNormalPages(ld, gpa, hashesPage);
+                break;
+        }
+    }
+    const apEip = entry.sev_es_reset_eip;
+    for (let i = 0; i < vcpus; i++) {
+        const eip = i === 0 ? BSP_EIP : apEip;
+        const vmsa = buildVmsaPage(eip, VCPU_SIG_EPYC, BigInt(GUEST_FEATURES));
+        ld = gctxUpdateVmsaPage(ld, vmsa);
+    }
+    return ld.toString("hex");
+}
+export function parseSevFamilyId(familyIdBytes) {
+    const s = familyIdBytes.subarray(0, 16).toString("utf8").replace(/[\x00#]+$/, "");
+    if (!s.endsWith("-sev"))
+        return null;
+    const core = s.slice(0, -4); // strip "-sev"
+    const idx = core.indexOf("-");
+    if (idx < 0)
+        return null;
+    const vmType = core.slice(0, idx);
+    const templateName = core.slice(idx + 1);
+    const vcpus = VCPU_MAP[templateName];
+    if (vcpus === undefined)
+        return null;
+    return { vmType, templateName, vcpus };
+}
+//# sourceMappingURL=sevGctx.js.map

package/dist/sevGctx.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sevGctx.js","sourceRoot":"","sources":["../src/sevGctx.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,UAAU,EAAc,MAAM,aAAa,CAAC;AAErD,8EAA8E;AAC9E,YAAY;AACZ,8EAA8E;AAE9E,MAAM,OAAO,GAAG,EAAE,CAAC,CAAC,sBAAsB;AAC1C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;AACpC,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,CAAC;AAE1C,oFAAoF;AACpF,MAAM,CAAC,MAAM,aAAa,GAAG,UAAU,CAAC;AACxC,MAAM,CAAC,MAAM,cAAc,GAAG,GAAG,CAAC;AAClC,MAAM,CAAC,MAAM,OAAO,GAAG,UAAU,CAAC;AAElC,MAAM,CAAC,MAAM,QAAQ,GAA2B;IAC5C,KAAK,EAAE,CAAC;IACR,MAAM,EAAE,CAAC;IACT,KAAK,EAAE,CAAC;IACR,SAAS,EAAE,CAAC;CACf,CAAC;AAEF,8EAA8E;AAC9E,kBAAkB;AAClB,8EAA8E;AAE9E,SAAS,MAAM,CAAC,IAAY;IACxB,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,EAAuB,CAAC;AAC3E,CAAC;AAED,8EAA8E;AAC9E,6BAA6B;AAC7B,8EAA8E;AAE9E,SAAS,UAAU,CAAC,EAAU,EAAE,QAAgB,EAAE,GAAW,EAAE,QAAgB;IAC3E,wDAAwD;IACxD,MAAM,GAAG,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IACrC,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAW,mCAAmC;IAC9D,QAAQ,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAI,+BAA+B;IAC1D,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAG,gBAAgB;IAC/C,GAAG,CAAC,UAAU,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAE,YAAY;IAC3C,GAAG,CAAC,UAAU,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAS,SAAS;IACxC,GAAG,CAAC,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAQ,cAAc;IAC7C,GAAG,CAAC,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAQ,cAAc;IAC7C,GAAG,CAAC,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAQ,cAAc;IAC7C,GAAG,CAAC,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAQ,WAAW;IAC1C,GAAG,CAAC,gBAAgB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC/B,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;AACvB,CAAC;AAED,8EAA8E;AAC9E,2BAA2B;AAC3B,8EAA8E;AAE9E,MAAM,UAAU,qBAAqB,CAAC,EAAU,EAAE,QAAgB,EAAE,IAAY;IAC5E,KAAK,IAAI,MAAM,GAAG,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,MAAM,IAAI,IAAI,EAAE,CAAC;QACxD,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC,CAAC;QAClD,EAAE,GAAG,UAAU,CAAC,EAAE,EAAE,IAAI,EAAE,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IACvE,CAAC;IACD,OAAO,EAAE,CAAC;AACd,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,EAAU,EAAE,IAAY;IACvD,OAAO,UAAU,CAAC,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AACxD,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,EAAU,EAAE,GAAW,EAAE,IAAY;IACrE,KAAK,IAAI,MAAM,GAAG,CAAC,EAAE,MAAM,GAAG,IAAI,EAAE,MAAM,IAAI,IAAI,EAAE,CAAC;QACjD,EAAE,GAAG,UAAU,CAAC,EAAE,EAAE,IAAI,EAAE,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,KAAK,CAAC,CAAC;IAC3D,CAAC;IACD,OAAO,EAAE,CAAC;AACd,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,EAAU,EAAE,GAAW;IACzD,OAAO,UAAU,CAAC,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;AAC5C,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,EAAU,EAAE,GAAW;IACvD,OAAO,UAAU,CAAC,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;AAC5C,CAAC;AAED,8EAA8E;AAC9E,6BAA6B;AAC7B,uDAAuD;AACvD,8EAA8E;AAE9E,MAAM,0BAA0B,GAAG,sCAAsC,CAAC;AAC1E,MAAM,qBAAqB,GAAG,sCAAsC,CAAC;AACrE,MAAM,qBAAqB,GAAG,sCAAsC,CAAC;AACrE,MAAM,sBAAsB,GAAG,sCAAsC,CAAC;AAEtE,SAAS,QAAQ,CAAC,IAAY;IAC1B,iEAAiE;IACjE,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACnC,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACtC,yDAAyD;IACzD,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9B,oCAAoC;IACpC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;IAAC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;IAAC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;IAAC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;IAC3E,oCAAoC;IACpC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;IAAC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;IACrC,oCAAoC;IACpC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;IAAC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;IACrC,+BAA+B;IAC/B,OAAO,EAAE,CAAC;AACd,CAAC;AAED,SAAS,iBAAiB,CAAC,OAAe,EAAE,IAAY;IACpD,qEAAqE;IACrE,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IACrC,QAAQ,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACjC,KAAK,CAAC,aAAa,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IAC5B,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACrB,OAAO,KAAK,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,eAAe,CAC3B,aAAqB,EACrB,aAAqB,EACrB,MAAc,EACd,YAAoB;IAEpB,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;IACrD,MAAM,UAAU,GAAG,aAAa;QAC5B,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,KAAK,CAAC;QACnC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IACzE,MAAM,YAAY,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC7F,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAEpF,6GAA6G;IAC7G,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IACnC,QAAQ,CAAC,0BAA0B,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IACjD,EAAE,CAAC,aAAa,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IAC1B,iBAAiB,CAAC,sBAAsB,EAAE,WAAW,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IACpE,iBAAiB,CAAC,qBAAqB,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IAClE,iBAAiB,CAAC,qBAAqB,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;IAEnE,6EAA6E;IAC7E,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAEpD,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAChC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IAChC,OAAO,IAAI,CAAC;AAChB,CAAC;AAED,8EAA8E;AAC9E,wCAAwC;AACxC,8EAA8E;AAE9E,MAAM,UAAU,aAAa,CAAC,GAAW,EAAE,OAAe,EAAE,aAAqB;IAC7E,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAEhC,SAAS,OAAO,CAAC,GAAW,EAAE,GAAW,EAAE,IAAY,EAAE,GAAW,EAAE,IAAY;QAC9E,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC7B,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC;QAClC,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC;QACjC,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC;IACzC,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;IAChD,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,GAAG,UAAU,CAAC,CAAC;IACrC,OAAO,CAAC,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC,CAAS,KAAK;IACpD,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAM,KAAK;IAC1D,OAAO,CAAC,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC,CAAU,KAAK;IACrD,OAAO,CAAC,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC,CAAU,KAAK;IACrD,OAAO,CAAC,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC,CAAU,KAAK;IACrD,OAAO,CAAC,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC,CAAU,KAAK;IACrD,OAAO,CAAC,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC,CAAU,OAAO;IACvD,OAAO,CAAC,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC,CAAU,OAAO;IACvD,OAAO,CAAC,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC,CAAU,OAAO;IACvD,OAAO,CAAC,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC,CAAU,KAAK;IACrD,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,cAAc;IACrD,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,aAAa;IAClD,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,YAAY;IACjD,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,MAAM;IAC5C,IAAI,CAAC,gBAAgB,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC,MAAM;IACjD,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS;IAC7C,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,MAAM;IACzC,IAAI,CAAC,gBAAgB,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ;IAC3D,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,kBAAkB;IACjE,IAAI,CAAC,gBAAgB,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC,CAAC,eAAe;IAC5D,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,OAAO;IAC3C,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ;IAC3C,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,UAAU;IAC7C,OAAO,IAAI,CAAC;AAChB,CAAC;AAmBD,MAAM,UAAU,kBAAkB,CAAC,KAAuB,EAAE,KAAa,EAAE,OAAe;IACtF,8DAA8D;IAC9D,IAAI,EAAE,GAAQ,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IAElD,MAAM,YAAY,GAAG,KAAK,CAAC,oBAAoB,GAAG,KAAK,CAAC;IACxD,MAAM,UAAU,GAAG,eAAe,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,CAAC,WAAW,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC;IAEhG,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC;QACpC,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,QAAQ,GAAG,CAAC,YAAY,EAAE,CAAC;YACvB,KAAK,CAAC,EAAG,cAAc;gBACnB,EAAE,GAAG,mBAAmB,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;gBAAC,MAAM;YACvD,KAAK,CAAC,EAAG,cAAc;gBACnB,EAAE,GAAG,qBAAqB,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;gBAAC,MAAM;YAC/C,KAAK,CAAC,EAAG,QAAQ;gBACb,EAAE,GAAG,mBAAmB,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;gBAAC,MAAM;YAC7C,KAAK,CAAC,EAAG,WAAW;gBAChB,EAAE,GAAG,mBAAmB,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;gBAAC,MAAM;YACvD,KAAK,IAAI,EAAE,oBAAoB;gBAC3B,EAAE,GAAG,qBAAqB,CAAC,EAAE,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;gBAAC,MAAM;QAC/D,CAAC;IACL,CAAC;IAED,MAAM,KAAK,GAAG,KAAK,CAAC,gBAAgB,CAAC;IACrC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7B,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC;QACtC,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,EAAE,aAAa,EAAE,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC;QACvE,EAAE,GAAG,kBAAkB,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;IACtC,CAAC;IAED,OAAO,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAC9B,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,aAAqB;IAClD,MAAM,CAAC,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;IAClF,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IACrC,MAAM,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,eAAe;IAC5C,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC9B,IAAI,GAAG,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAClC,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;IACzC,MAAM,KAAK,GAAG,QAAQ,CAAC,YAAY,CAAC,CAAC;IACrC,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IACrC,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC;AAC3C,CAAC"}

package/dist/tdx.d.ts

@@ -0,0 +1,11 @@
+import { AttestationResult } from "./types.js";
+export declare function checkTdxCpuAttestation(data: string): Promise<AttestationResult>;
+export interface TdxQuoteFields {
+    mrtd: string;
+    rtmr0: string;
+    rtmr1: string;
+    rtmr2: string;
+    rtmr3: string;
+}
+/** Parse a raw TDX quote (hex-encoded) and return measurement fields only. */
+export declare function parseTdxQuoteFields(data: string): TdxQuoteFields;