feat: add tdx-extend, sha384-extend and rtmr-calc

This enables pre-calculating the TDX rtmr[1,2,3] values for an attested boot process.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>

Cargo.lock

@@ -975,6 +975,18 @@ dependencies = [
  "cc",
 ]
 
+[[package]]
+name = "cms"
+version = "0.2.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7b77c319abfd5219629c45c34c89ba945ed3c5e49fcde9d16b6c3885f118a730"
+dependencies = [
+ "const-oid",
+ "der 0.7.9",
+ "spki 0.7.3",
+ "x509-cert",
+]
+
 [[package]]
 name = "combine"
 version = "4.6.7"
@@ -1039,6 +1051,21 @@ dependencies = [
  "libc",
 ]
 
+[[package]]
+name = "crc"
+version = "3.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "69e6e4d7b33a94f0991c26729976b10ebde1d34c3ee82408fb536164fa10d636"
+dependencies = [
+ "crc-catalog",
+]
+
+[[package]]
+name = "crc-catalog"
+version = "2.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "19d374276b40fb8bbdee95aef7c7fa6b5316ec764510eb64b8dd0e2ed0d7e7f5"
+
 [[package]]
 name = "crc24"
 version = "0.1.6"
@@ -1264,7 +1291,7 @@ dependencies = [
  "const-oid",
  "der_derive",
  "flagset",
- "pem-rfc7468",
+ "pem-rfc7468 0.7.0",
  "zeroize",
 ]
 
@@ -1527,7 +1554,7 @@ dependencies = [
  "generic-array",
  "group 0.13.0",
  "hkdf",
- "pem-rfc7468",
+ "pem-rfc7468 0.7.0",
  "pkcs8 0.10.2",
  "rand_core 0.6.4",
  "sec1 0.7.3",
@@ -1972,6 +1999,18 @@ dependencies = [
  "web-sys",
 ]
 
+[[package]]
+name = "gpt"
+version = "4.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ffa5448a0d9d541f1840c0e1b5fe513360861ca83c4b920619f54efe277f9254"
+dependencies = [
+ "bitflags 2.6.0",
+ "crc",
+ "simple-bytes",
+ "uuid",
+]
+
 [[package]]
 name = "group"
 version = "0.12.1"
@@ -3576,6 +3615,25 @@ version = "1.0.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a"
 
+[[package]]
+name = "pe-sign"
+version = "0.1.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c04c052a5cf901a229d69fb8804b04c8017c143712529c6e8277aac243fc2989"
+dependencies = [
+ "chrono",
+ "cms",
+ "der 0.7.9",
+ "digest",
+ "num-traits",
+ "pem-rfc7468 1.0.0-rc.2",
+ "reqwest 0.12.9",
+ "rsa",
+ "sha1",
+ "sha2",
+ "x509-cert",
+]
+
 [[package]]
 name = "peeking_take_while"
 version = "0.1.2"
@@ -3591,6 +3649,15 @@ dependencies = [
  "base64ct",
 ]
 
+[[package]]
+name = "pem-rfc7468"
+version = "1.0.0-rc.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c2dfbfa5c6f0906884269722c5478e72fd4d6c0e24fe600332c6d62359567ce1"
+dependencies = [
+ "base64ct",
+]
+
 [[package]]
 name = "percent-encoding"
 version = "2.3.1"
@@ -4251,6 +4318,20 @@ dependencies = [
  "zeroize",
 ]
 
+[[package]]
+name = "rtmr-calc"
+version = "0.3.0"
+dependencies = [
+ "anyhow",
+ "clap 4.5.23",
+ "gpt",
+ "hex",
+ "pe-sign",
+ "sha2",
+ "teepot",
+ "tracing",
+]
+
 [[package]]
 name = "rustc-demangle"
 version = "0.1.24"
@@ -4810,6 +4891,16 @@ dependencies = [
  "keccak",
 ]
 
+[[package]]
+name = "sha384-extend"
+version = "0.3.0"
+dependencies = [
+ "anyhow",
+ "clap 4.5.23",
+ "hex",
+ "sha2",
+]
+
 [[package]]
 name = "sha3_ce"
 version = "0.10.6"
@@ -4864,6 +4955,12 @@ dependencies = [
  "rand_core 0.6.4",
 ]
 
+[[package]]
+name = "simple-bytes"
+version = "0.2.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c11532d9d241904f095185f35dcdaf930b1427a94d5b01d7002d74ba19b44cc4"
+
 [[package]]
 name = "slab"
 version = "0.4.9"
@@ -5100,6 +5197,17 @@ dependencies = [
  "bindgen 0.59.2",
 ]
 
+[[package]]
+name = "tdx-extend"
+version = "0.3.0"
+dependencies = [
+ "anyhow",
+ "clap 4.5.23",
+ "hex",
+ "teepot",
+ "tracing",
+]
+
 [[package]]
 name = "tee-key-preexec"
 version = "0.3.0"