Commit graph

506 commits

Author SHA1 Message Date
renovate[bot]
0a3670fbc0
Merge fe38ec6613 into f91ff6c1c9 2025-10-14 17:58:54 +00:00
renovate[bot]
fe38ec6613
chore(deps): update rust crate tokio to v1.48.0 2025-10-14 17:58:52 +00:00
Igor Borodin
f91ff6c1c9
Merge pull request #345 from matter-labs/attic
Some checks failed
lint / check-spdx-headers (push) Failing after 13s
lint / taplo (push) Failing after 10s
nix / check (push) Failing after 10s
nix / build (push) Has been skipped
nix / push_to_docker (map[nixpackage:container-self-attestation-test-sgx-azure]) (push) Has been skipped
nix / push_to_docker (map[nixpackage:container-self-attestation-test-sgx-dcap]) (push) Has been skipped
nix / push_to_docker (map[nixpackage:container-tdx-test]) (push) Has been skipped
nix / push_to_docker (map[nixpackage:container-vault-admin-sgx-azure]) (push) Has been skipped
nix / push_to_docker (map[nixpackage:container-vault-admin]) (push) Has been skipped
nix / push_to_docker (map[nixpackage:container-vault-sgx-azure]) (push) Has been skipped
nix / push_to_docker (map[nixpackage:container-vault-unseal-sgx-azure]) (push) Has been skipped
nix / push_to_docker (map[nixpackage:container-vault-unseal]) (push) Has been skipped
nix / push_to_docker (map[nixpackage:container-verify-attestation-sgx]) (push) Has been skipped
nix / push_to_docker (map[nixpackage:container-verify-era-proof-attestation-sgx]) (push) Has been skipped
nix-non-x86 / macos-latest (push) Has been cancelled
fix: update extra substituter URL in nixConfig
2025-07-23 15:13:18 +02:00
Harald Hoyer
c369fb7c83
fix: update extra substituter URL in nixConfig
- Replaced outdated substituter URL with a new static IP-based URL.
- Ensures proper configuration and access to the required substituter.
2025-07-21 12:30:50 +02:00
Harald Hoyer
8773078d5a
Merge pull request #328 from matter-labs/renovate/cachix-install-nix-action-31.x
Some checks failed
lint / check-spdx-headers (push) Failing after 35s
lint / taplo (push) Failing after 13s
nix / check (push) Failing after 13s
nix / build (push) Has been skipped
nix / push_to_docker (map[nixpackage:container-self-attestation-test-sgx-azure]) (push) Has been skipped
nix / push_to_docker (map[nixpackage:container-self-attestation-test-sgx-dcap]) (push) Has been skipped
nix / push_to_docker (map[nixpackage:container-tdx-test]) (push) Has been skipped
nix / push_to_docker (map[nixpackage:container-vault-admin-sgx-azure]) (push) Has been skipped
nix / push_to_docker (map[nixpackage:container-vault-admin]) (push) Has been skipped
nix / push_to_docker (map[nixpackage:container-vault-sgx-azure]) (push) Has been skipped
nix / push_to_docker (map[nixpackage:container-vault-unseal-sgx-azure]) (push) Has been skipped
nix / push_to_docker (map[nixpackage:container-vault-unseal]) (push) Has been skipped
nix / push_to_docker (map[nixpackage:container-verify-attestation-sgx]) (push) Has been skipped
nix / push_to_docker (map[nixpackage:container-verify-era-proof-attestation-sgx]) (push) Has been skipped
nix-non-x86 / macos-latest (push) Has been cancelled
chore(deps): update cachix/install-nix-action action to v31
2025-07-09 10:44:28 +02:00
renovate[bot]
ce9560cff0
chore(deps): update cachix/install-nix-action action to v31 2025-06-27 15:14:32 +00:00
Harald Hoyer
093d6c44ed
Merge pull request #339 from matter-labs/crates_io_readme
docs: add README files for teepot-related crates
2025-06-27 17:12:38 +02:00
Harald Hoyer
ddbf099e45
docs: add README files for teepot-related crates
- Added comprehensive README files for the following new crates:
  - `teepot`
  - `teepot-tdx-attest-rs`
  - `teepot-tdx-attest-sys`
  - `teepot-tee-quote-verification-rs`
  - `teepot-vault`
- Each includes an overview, usage examples, installation instructions, and licensing details.
2025-06-25 13:55:00 +02:00
Harald Hoyer
18ed1aa769
Merge pull request #338 from matter-labs/bv0.6.0-ver
chore(deps): update `teepot` crates to version 0.6.0
2025-06-25 11:52:31 +02:00
Harald Hoyer
49bb4a3bef
chore(deps): update teepot crates to version 0.6.0
- Set `teepot`, `teepot-tee-quote-verification-rs`, and `teepot-vault` crate versions to 0.6.0 in `Cargo.toml`.
- Ensures consistency with the planned 0.6.0 release preparation.
2025-06-25 09:31:29 +02:00
Harald Hoyer
c34ff7ad27
Merge pull request #336 from matter-labs/bv0.6.0
chore(deps): prepare release 0.6.0
2025-06-24 17:25:09 +02:00
Harald Hoyer
b4e0014e4e
chore(deps): prepare release 0.6.0
- vendor unpublished tdx-attest-rs and tdx-attest-sys crates
  to be able to publish to crates.io
- Updated package versions in `Cargo.toml` and `Cargo.lock` to 0.6.0.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2025-06-24 16:39:00 +02:00
Harald Hoyer
8d965aa388
Merge pull request #333 from matter-labs/feature/update-dependencies
chore(deps): Update all dependencies to latest
2025-06-23 12:24:19 +02:00
Lucille L. Blumire
412e3b1698
chore(deps): Update all dependencies to latest 2025-06-23 10:09:50 +01:00
Harald Hoyer
f7c3717241
Merge pull request #327 from matter-labs/renovate/docker-login-action-3.x
chore(deps): update docker/login-action action to v3.4.0
2025-06-04 17:20:04 +02:00
renovate[bot]
c42d692863
chore(deps): update docker/login-action action to v3.4.0 2025-06-04 15:07:28 +00:00
Harald Hoyer
626dbbf846
Merge pull request #325 from matter-labs/cargo_update
chore(deps): update crates and nix flakes
2025-06-04 17:05:10 +02:00
Harald Hoyer
8c7922ae39
Merge branch 'main' into cargo_update 2025-06-04 16:02:47 +02:00
Harald Hoyer
716c782e6f
chore(deps): update crates and nix flakes
- Updated multiple Rust dependencies, including `opentelemetry`, `const-oid`, and `webpki-roots` for enhanced features and bug fixes.
- Upgraded `nixpkgs` and `crane` in the nix flake configuration.
- Removed unused dependencies and introduced missing dependencies for improved build integrity.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2025-05-30 17:54:30 +02:00
Harald Hoyer
e78fb22f88
Merge pull request #311 from matter-labs/renovate/enarx-spdx-digest
chore(deps): update enarx/spdx digest to d4020ee
2025-05-30 09:13:27 +02:00
renovate[bot]
a7e2939a54
chore(deps): update enarx/spdx digest to d4020ee 2025-05-30 06:43:14 +00:00
Harald Hoyer
37e7f7f8e2
Merge pull request #323 from matter-labs/intel-dcap-api-impr
feat(intel-dcap-api): add automatic retry logic for 429 rate limiting
2025-05-30 08:41:24 +02:00
Harald Hoyer
7c133c4e4b
ci(nix): disable sandbox in nix-non-x86 workflow
otherwise the mockito tests fail, because it cannot bind to 127.0.0.1 0

- Updated `nix build` command to include `--no-sandbox` flag.
2025-05-28 13:31:15 +02:00
Harald Hoyer
bb9c5b195e
feat(intel-dcap-api): add automatic retry logic for 429 rate limiting
- Add `max_retries` field to ApiClient with default of 3 retries
- Implement `execute_with_retry()` helper method in helpers.rs
- Update all HTTP requests to use retry wrapper for automatic 429 handling
- Add `TooManyRequests` error variant with request_id and retry_after fields
- Respect Retry-After header duration before retrying requests
- Add `set_max_retries()` method to configure retry behavior (0 disables)
- Update documentation and add handle_rate_limit example
- Enhanced error handling in check_status() for 429 responses

The client now transparently handles Intel API rate limiting while remaining
configurable for users who need different retry behavior or manual handling.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2025-05-28 11:52:32 +02:00
Harald Hoyer
205113ecfa
feat(intel-dcap-api): add comprehensive testing infrastructure and examples
- Add mock tests using real Intel API response data (25 tests)
- Create fetch_test_data tool to retrieve real API responses for testing
- Add integration_test example covering 17 API endpoints
- Add common_usage example demonstrating attestation verification patterns
- Add issuer chain validation checks to ensure signature verification is possible
- Add comprehensive documentation in CLAUDE.md

The test suite now covers all major Intel DCAP API functionality including
TCB info, enclave identities, PCK CRLs, FMSPCs, and evaluation data numbers
for both SGX and TDX platforms across API v3 and v4.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2025-05-28 11:52:31 +02:00
renovate[bot]
aeff962224
chore(deps): update rust crate enumset to v1.1.6 (#313) 2025-05-23 14:33:54 +01:00
renovate[bot]
c8692df37a
fix(deps): update rust crate chrono to v0.4.41 (#320) 2025-05-23 14:01:22 +01:00
renovate[bot]
7c655d151c
chore(deps): update rust crate reqwest to v0.12.15 (#315) 2025-05-23 12:13:46 +00:00
renovate[bot]
426e22138e
chore(deps): update rust crate sha2 to v0.10.9 (#318) 2025-05-23 11:40:12 +00:00
renovate[bot]
b16592ec34
chore(deps): update rust crate async-trait to v0.1.88 (#286) 2025-05-23 11:06:13 +00:00
renovate[bot]
119c2abe09
chore(deps): update rust crate bytes to v1.10.1 (#312) 2025-05-23 11:32:13 +01:00
renovate[bot]
5789fdd433
chore(deps): update rust crate getrandom to v0.3.3 (#314) 2025-05-22 16:49:26 +00:00
renovate[bot]
de010fd093
chore(deps): update rust crate thiserror to v2.0.12 (#287) 2025-05-22 16:14:06 +00:00
renovate[bot]
e039adf158
chore(deps): update rust crate tracing-actix-web to v0.7.18 (#280) 2025-05-22 15:40:23 +00:00
renovate[bot]
f2718456ef
chore(deps): update rust crate serde_json to v1.0.140 (#274) 2025-05-22 15:05:49 +00:00
renovate[bot]
bef406c456
chore(deps): update rust crate anyhow to v1.0.98 (#273) 2025-05-22 14:28:51 +00:00
renovate[bot]
bfd895e8f7
chore(deps): update rust crate clap to v4.5.38 (#266)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [clap](https://redirect.github.com/clap-rs/clap) |
workspace.dependencies | patch | `4.5.30` -> `4.5.38` |

---

### Release Notes

<details>
<summary>clap-rs/clap (clap)</summary>

###
[`v4.5.38`](https://redirect.github.com/clap-rs/clap/blob/HEAD/CHANGELOG.md#4538---2025-05-11)

[Compare
Source](https://redirect.github.com/clap-rs/clap/compare/v4.5.37...v4.5.38)

##### Fixes

-   *(help)* When showing aliases, include leading `--` or `-`

###
[`v4.5.37`](https://redirect.github.com/clap-rs/clap/blob/HEAD/CHANGELOG.md#4537---2025-04-18)

[Compare
Source](https://redirect.github.com/clap-rs/clap/compare/v4.5.36...v4.5.37)

##### Features

-   Added `ArgMatches::try_clear_id()`

###
[`v4.5.36`](https://redirect.github.com/clap-rs/clap/blob/HEAD/CHANGELOG.md#4536---2025-04-11)

[Compare
Source](https://redirect.github.com/clap-rs/clap/compare/v4.5.35...v4.5.36)

##### Fixes

- *(help)* Revert 4.5.35's "Don't leave space for shorts if there are
none" for now

###
[`v4.5.35`](https://redirect.github.com/clap-rs/clap/blob/HEAD/CHANGELOG.md#4535---2025-04-01)

[Compare
Source](https://redirect.github.com/clap-rs/clap/compare/v4.5.34...v4.5.35)

##### Fixes

- *(help)* Align positionals and flags when put in the same
`help_heading`
-   *(help)* Don't leave space for shorts if there are none

###
[`v4.5.34`](https://redirect.github.com/clap-rs/clap/blob/HEAD/CHANGELOG.md#4534---2025-03-27)

[Compare
Source](https://redirect.github.com/clap-rs/clap/compare/v4.5.33...v4.5.34)

##### Fixes

- *(help)* Don't add extra blank lines with `flatten_help(true)` and
subcommands without arguments

###
[`v4.5.33`](https://redirect.github.com/clap-rs/clap/blob/HEAD/CHANGELOG.md#4533---2025-03-26)

[Compare
Source](https://redirect.github.com/clap-rs/clap/compare/v4.5.32...v4.5.33)

##### Fixes

- *(error)* When showing the usage of a suggestion for an unknown
argument, don't show the group

###
[`v4.5.32`](https://redirect.github.com/clap-rs/clap/blob/HEAD/CHANGELOG.md#4532---2025-03-10)

[Compare
Source](https://redirect.github.com/clap-rs/clap/compare/v4.5.31...v4.5.32)

##### Features

-   Add `Error::remove`

##### Documentation

-   *(cookbook)* Switch from `humantime` to `jiff`
-   *(tutorial)* Better cover required vs optional

##### Internal

-   Update `pulldown-cmark`

###
[`v4.5.31`](https://redirect.github.com/clap-rs/clap/blob/HEAD/CHANGELOG.md#4531---2025-02-24)

[Compare
Source](https://redirect.github.com/clap-rs/clap/compare/v4.5.30...v4.5.31)

##### Features

-   Add `ValueParserFactory` for `Saturating<T>`

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/matter-labs/teepot).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xNjQuMSIsInVwZGF0ZWRJblZlciI6IjQwLjE2LjAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-05-22 14:52:46 +01:00
Harald Hoyer
8b01d8d5b0
Merge pull request #267 from matter-labs/renovate/trufflesecurity-trufflehog-3.x
chore(deps): update trufflesecurity/trufflehog action to v3.88.30
2025-05-22 09:08:54 +02:00
renovate[bot]
ad26c5e9ae
chore(deps): update trufflesecurity/trufflehog action to v3.88.30 2025-05-16 21:21:53 +00:00
Harald Hoyer
336576d812
Merge pull request #310 from matter-labs/add-dcap-collateral-updater
feat(teepot): add `Quote::tee_type` method for TEE type determination
2025-05-06 13:46:58 +02:00
Harald Hoyer
6379e9aa9e
feat(teepot): add Quote::tee_type method for TEE type determination
- Introduced `tee_type` method to extract TEE type from the quote header.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2025-05-06 13:18:17 +02:00
Harald Hoyer
1536e00d63
Merge pull request #309 from matter-labs/platform
feat: add platform-specific implementations for quote verification
2025-05-06 13:08:45 +02:00
Harald Hoyer
2a8614c08f
feat: add platform-specific implementations for quote verification
- Introduced conditional compilation for Intel SGX/TDX quote verification based on target OS and architecture.
- Moved Intel-specific logic to a separate module and added a fallback for unsupported platforms.

This is done, so we can pull in the `teepot` crate even on `linux-x86_64`
without the Intel SGX SDK lib dependency.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2025-05-06 12:36:01 +02:00
Harald Hoyer
905487dac8
Merge pull request #307 from matter-labs/fmspc
feat(quote): add FMSPC and CPUSVN extraction support
2025-05-06 12:31:15 +02:00
Harald Hoyer
2bbfb2415c
feat(quote): add FMSPC and CPUSVN extraction support
- Introduced new types `Fmspc`, `CpuSvn`, and `Svn` for SGX metadata.
- Added methods to extract raw certificate chains and FMSPC from SGX quotes.
- Created new test file for validating FMSPC extraction with example quotes.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2025-05-06 11:43:51 +02:00
Harald Hoyer
fca60adc1a
Merge pull request #306 from matter-labs/rm_dupl
refactor: replace custom Quote parsing with library version
2025-05-06 11:11:08 +02:00
Harald Hoyer
2118466a8a
refactor: replace custom Quote parsing with library version
- Removed custom `Quote` structure and parsing logic in `teepot/src/sgx/mod.rs`.
- Updated references to use the library-provided `Quote` methods, such as `Quote::parse` and `get_report_data`.
- Simplified code and reduced redundancy by leveraging existing library functionality.
2025-05-05 14:54:41 +02:00
Lucille Blumire
9bd0e9c36e
Merge pull request #305 from matter-labs/small-quality
refactor: many small code quality improvements
2025-04-17 17:43:22 +01:00
Lucille L. Blumire
d54f7b14ad
refactor: remove redundant continue 2025-04-17 16:53:01 +01:00
Lucille L. Blumire
2ca0b47169
refactor: improve punctuation readability 2025-04-17 16:52:59 +01:00