diff --git a/crates/teepot-vault/src/lib.rs b/crates/teepot-vault/src/lib.rs index d74a0ff..91fa082 100644 --- a/crates/teepot-vault/src/lib.rs +++ b/crates/teepot-vault/src/lib.rs @@ -9,7 +9,6 @@ pub mod client; pub mod json; pub mod server; -pub mod tdx; /// pad a byte slice to a fixed sized array pub fn pad(input: &[u8]) -> [u8; T] { diff --git a/crates/teepot-vault/src/tdx/mod.rs b/crates/teepot-vault/src/tdx/mod.rs deleted file mode 100644 index df787ac..0000000 --- a/crates/teepot-vault/src/tdx/mod.rs +++ /dev/null @@ -1,32 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// Copyright (c) 2023-2025 Matter Labs - -//! Intel TDX helper functions. - -pub mod rtmr; - -pub use intel_tee_quote_verification_rs::Collateral; -use tdx_attest_rs::{tdx_att_get_quote, tdx_attest_error_t, tdx_report_data_t}; -pub use teepot::sgx::tcblevel::{parse_tcb_levels, EnumSet, TcbLevel}; -use teepot::sgx::QuoteError; - -/// Get a TDX quote -pub fn tgx_get_quote(report_data_bytes: &[u8; 64]) -> Result, QuoteError> { - let mut tdx_report_data = tdx_report_data_t { d: [0; 64usize] }; - tdx_report_data.d.copy_from_slice(report_data_bytes); - - let (error, quote) = tdx_att_get_quote(Some(&tdx_report_data), None, None, 0); - - if error == tdx_attest_error_t::TDX_ATTEST_SUCCESS { - if let Some(quote) = quote { - Ok(quote.into()) - } else { - Err(QuoteError::TdxAttGetQuote { - msg: "tdx_att_get_quote: No quote returned".into(), - inner: error, - }) - } - } else { - Err(error.into()) - } -} diff --git a/crates/teepot-vault/src/tdx/rtmr.rs b/crates/teepot-vault/src/tdx/rtmr.rs deleted file mode 100644 index 9d11562..0000000 --- a/crates/teepot-vault/src/tdx/rtmr.rs +++ /dev/null @@ -1,90 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// Copyright (c) 2024-2025 Matter Labs - -//! rtmr event data - -use teepot::sgx::QuoteError; - -/// The actual rtmr event data handled in DCAP -#[repr(C, packed)] -pub struct TdxRtmrEvent { - /// Always 1 - version: u32, - - /// The RTMR that will be extended. As defined in - /// https://github.com/confidential-containers/td-shim/blob/main/doc/tdshim_spec.md#td-measurement - /// we will use RTMR 3 for guest application code and configuration. - rtmr_index: u64, - - /// Data that will be used to extend RTMR - extend_data: [u8; 48usize], - - /// Not used in DCAP - event_type: u32, - - /// Always 0 - event_data_size: u32, - - /// Not used in DCAP - event_data: Vec, -} - -impl Default for TdxRtmrEvent { - fn default() -> Self { - Self { - extend_data: [0; 48], - version: 1, - rtmr_index: 3, - event_type: 0, - event_data_size: 0, - event_data: Vec::new(), - } - } -} - -impl TdxRtmrEvent { - /// use the extend data - pub fn with_extend_data(mut self, extend_data: [u8; 48]) -> Self { - self.extend_data = extend_data; - self - } - - /// extend the rtmr index - pub fn with_rtmr_index(mut self, rtmr_index: u64) -> Self { - self.rtmr_index = rtmr_index; - self - } - - /// extending the index, consuming self - pub fn extend(self) -> Result<(), QuoteError> { - let event: Vec = self.into(); - - match tdx_attest_rs::tdx_att_extend(&event) { - tdx_attest_rs::tdx_attest_error_t::TDX_ATTEST_SUCCESS => Ok(()), - error_code => Err(error_code.into()), - } - } -} - -impl From for Vec { - fn from(val: TdxRtmrEvent) -> Self { - let event_ptr = &val as *const TdxRtmrEvent as *const u8; - let event_data_size = std::mem::size_of::() * val.event_data_size as usize; - let res_size = std::mem::size_of::() * 3 - + std::mem::size_of::() - + std::mem::size_of::<[u8; 48]>() - + event_data_size; - let mut res = vec![0; res_size]; - unsafe { - for (i, chunk) in res.iter_mut().enumerate().take(res_size - event_data_size) { - *chunk = *event_ptr.add(i); - } - } - let event_data = val.event_data; - for i in 0..event_data_size { - res[i + res_size - event_data_size] = event_data[i]; - } - - res - } -}