refactor(quote): move TCB level logic to a dedicated module

- Extracted `TcbLevel` functionality from `sgx` module to `quote::tcblevel`. - Updated all references to import `TcbLevel` and related utilities from `quote::tcblevel`. - Updated copyright headers to reflect the new year range. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2025-07-21 07:03:56 +02:00 · 2025-04-02 15:37:33 +02:00 · 2025-04-02 15:37:33 +02:00 · 1e853f653a
commit 1e853f653a
parent 2ba5c45d31
13 changed files with 35 additions and 31 deletions
--- a/bin/verify-attestation/src/main.rs
+++ b/bin/verify-attestation/src/main.rs
@ -7,9 +7,9 @@ use anyhow::{bail, Context, Result};
 use clap::Parser;
 use std::{fs, io::Read, path::PathBuf, str::FromStr, time::UNIX_EPOCH};
-use teepot::{
+use teepot::quote::{
-    quote::{error, tee_qv_get_collateral, verify_quote_with_collateral, QuoteVerificationResult},
+    error, tcblevel::TcbLevel, tee_qv_get_collateral, verify_quote_with_collateral,
-    sgx::TcbLevel,
+    QuoteVerificationResult,
 };
 #[derive(Parser, Debug)]
--- a/crates/teepot-vault/bin/tee-stress-client/src/main.rs
+++ b/crates/teepot-vault/bin/tee-stress-client/src/main.rs
@ -11,7 +11,7 @@ use anyhow::{Context, Result};
 use clap::Parser;
 use serde::{Deserialize, Serialize};
 use std::time::Duration;
-use teepot::sgx::{parse_tcb_levels, EnumSet, TcbLevel};
+use teepot::quote::tcblevel::{parse_tcb_levels, EnumSet, TcbLevel};
 use teepot_vault::{
    client::vault::VaultConnection,
    server::{
--- a/crates/teepot-vault/bin/tee-vault-admin/src/main.rs
+++ b/crates/teepot-vault/bin/tee-vault-admin/src/main.rs
@ -1,5 +1,5 @@
 // SPDX-License-Identifier: Apache-2.0
-// Copyright (c) 2023-2024 Matter Labs
+// Copyright (c) 2023-2025 Matter Labs
 //! Server to handle requests to the Vault TEE
@ -17,7 +17,7 @@ use digest::get_digest;
 use rustls::ServerConfig;
 use sign::post_sign;
 use std::{net::Ipv6Addr, sync::Arc};
-use teepot::sgx::{parse_tcb_levels, EnumSet, TcbLevel};
+use teepot::quote::tcblevel::{parse_tcb_levels, EnumSet, TcbLevel};
 use teepot_vault::{
    json::http::{SignRequest, VaultCommandRequest, DIGEST_URL},
    server::{
--- a/crates/teepot-vault/bin/tee-vault-unseal/src/main.rs
+++ b/crates/teepot-vault/bin/tee-vault-unseal/src/main.rs
@ -1,5 +1,5 @@
 // SPDX-License-Identifier: Apache-2.0
-// Copyright (c) 2023-2024 Matter Labs
+// Copyright (c) 2023-2025 Matter Labs
 //! Server to initialize and unseal the Vault TEE.
@ -22,7 +22,7 @@ use std::path::PathBuf;
 use std::sync::{Arc, RwLock};
 use std::time::Duration;
 use teepot::pki::make_self_signed_cert;
-use teepot::sgx::{parse_tcb_levels, EnumSet, TcbLevel};
+use teepot::quote::tcblevel::{parse_tcb_levels, EnumSet, TcbLevel};
 use teepot_vault::client::{AttestationArgs, TeeConnection};
 use teepot_vault::json::http::{Init, Unseal};
 use teepot_vault::json::secrets::AdminConfig;
--- a/crates/teepot-vault/src/client/mod.rs
+++ b/crates/teepot-vault/src/client/mod.rs
@ -1,5 +1,5 @@
 // SPDX-License-Identifier: Apache-2.0
-// Copyright (c) 2023-2024 Matter Labs
+// Copyright (c) 2023-2025 Matter Labs
 //! Helper functions for CLI clients to verify Intel SGX enclaves and other TEEs.
@ -25,11 +25,12 @@ use rustls::{
 };
 use sha2::{Digest, Sha256};
 use std::{sync::Arc, time, time::Duration};
 use teepot::{quote::Report, sgx::Quote};
 pub use teepot::{
    quote::tcblevel::{parse_tcb_levels, EnumSet, TcbLevel},
    quote::{verify_quote_with_collateral, QuoteVerificationResult},
-    sgx::{parse_tcb_levels, sgx_ql_qv_result_t, EnumSet, TcbLevel},
+    sgx::sgx_ql_qv_result_t,
 };
 use teepot::{quote::Report, sgx::Quote};
 use tracing::{debug, error, info, trace, warn};
 use x509_cert::{
    der::{Decode as _, Encode as _},
--- a/crates/teepot-vault/src/client/vault.rs
+++ b/crates/teepot-vault/src/client/vault.rs
@ -30,10 +30,11 @@ use std::{
 };
 use teepot::quote::error::QuoteContext;
 pub use teepot::{
-    quote::{verify_quote_with_collateral, QuoteVerificationResult},
+    quote::{
-    sgx::{
+        tcblevel::{parse_tcb_levels, EnumSet, TcbLevel},
-        parse_tcb_levels, sgx_gramine_get_quote, sgx_ql_qv_result_t, Collateral, EnumSet, TcbLevel,
+        verify_quote_with_collateral, QuoteVerificationResult,
    },
    sgx::{sgx_gramine_get_quote, sgx_ql_qv_result_t, Collateral},
 };
 use tracing::{debug, error, info, trace};
--- a/crates/teepot-vault/src/server/attestation.rs
+++ b/crates/teepot-vault/src/server/attestation.rs
@ -9,10 +9,13 @@ use serde::{Deserialize, Serialize};
 pub use teepot::{
    quote::{
-        attestation::get_quote_and_collateral, error::QuoteContext, get_quote,
+        attestation::get_quote_and_collateral,
        error::QuoteContext,
        get_quote,
        tcblevel::{parse_tcb_levels, EnumSet, TcbLevel},
        verify_quote_with_collateral, QuoteVerificationResult,
    },
-    sgx::{parse_tcb_levels, Collateral, EnumSet, TcbLevel},
+    sgx::Collateral,
 };
 /// Options and arguments needed to attest a TEE
--- a/crates/teepot/src/pki/mod.rs
+++ b/crates/teepot/src/pki/mod.rs
@ -2,9 +2,7 @@
 // Copyright (c) 2023-2025 Matter Labs
 //! Create a private key and a signed and self-signed certificates
 use crate::quote::{error::QuoteContext, get_quote};
 pub use crate::sgx::{parse_tcb_levels, sgx_ql_qv_result_t, EnumSet, TcbLevel};
 use anyhow::{Context, Result};
 use const_oid::{
    db::rfc5280::{ID_KP_CLIENT_AUTH, ID_KP_SERVER_AUTH},
--- a/crates/teepot/src/quote/attestation.rs
+++ b/crates/teepot/src/quote/attestation.rs
@ -3,11 +3,11 @@
 //! Common attestation API for all TEEs
-use crate::{
+use crate::quote::{
-    quote::{
+    error::QuoteContext,
-        error::QuoteContext, get_quote, verify_quote_with_collateral, QuoteVerificationResult,
+    get_quote,
-    },
+    tcblevel::{EnumSet, TcbLevel},
-    sgx::{Collateral, EnumSet, TcbLevel},
+    verify_quote_with_collateral, Collateral, QuoteVerificationResult,
 };
 use anyhow::{bail, Context, Result};
 use intel_tee_quote_verification_rs::tee_qv_get_collateral;
--- a/crates/teepot/src/quote/mod.rs
+++ b/crates/teepot/src/quote/mod.rs
@ -8,6 +8,7 @@
 pub mod attestation;
 pub mod error;
 pub mod tcblevel;
 use crate::{
    quote::error::{QuoteContext as _, QuoteError},
--- a/crates/teepot/src/quote/tcblevel.rs
+++ b/crates/teepot/src/quote/tcblevel.rs
@ -1,12 +1,15 @@
 // SPDX-License-Identifier: Apache-2.0
-// Copyright (c) 2023-2024 Matter Labs
+// Copyright (c) 2023-2025 Matter Labs
 //! Intel SGX Enclave TCB level wrapper
 use enumset::EnumSetType;
 use intel_tee_quote_verification_rs::sgx_ql_qv_result_t;
-use std::fmt::{Display, Formatter};
+use serde::{Deserialize, Serialize};
-use std::str::FromStr;
+use std::{
    fmt::{Display, Formatter},
    str::FromStr,
 };
 pub use enumset::EnumSet;
--- a/crates/teepot/src/sgx/mod.rs
+++ b/crates/teepot/src/sgx/mod.rs
@ -1,12 +1,11 @@
 // SPDX-License-Identifier: Apache-2.0
-// Copyright (c) 2023-2024 Matter Labs
+// Copyright (c) 2023-2025 Matter Labs
 // Copyright (c) The Enarx Project Developers https://github.com/enarx/sgx
 //! Intel SGX Enclave report structures.
 pub mod sign;
 pub mod tcblevel;
 use crate::quote::error::QuoteContext;
 pub use crate::quote::error::QuoteError;
@ -17,7 +16,6 @@ use std::{
    io::{Read, Write},
    mem,
 };
 pub use tcblevel::{parse_tcb_levels, EnumSet, TcbLevel};
 /// Structure of a quote
 #[derive(Copy, Clone, Debug, AnyBitPattern)]
--- a/crates/teepot/src/tdx/mod.rs
+++ b/crates/teepot/src/tdx/mod.rs
@ -1,11 +1,10 @@
 // SPDX-License-Identifier: Apache-2.0
-// Copyright (c) 2023-2024 Matter Labs
+// Copyright (c) 2023-2025 Matter Labs
 //! Intel TDX helper functions.
 pub mod rtmr;
 pub use crate::sgx::tcblevel::{parse_tcb_levels, EnumSet, TcbLevel};
 use crate::sgx::QuoteError;
 pub use intel_tee_quote_verification_rs::Collateral;
 use tdx_attest_rs::{tdx_att_get_quote, tdx_attest_error_t, tdx_report_data_t};