teepot

mirror of https://github.com/matter-labs/teepot.git synced 2025-07-21 23:23:57 +02:00

Author	SHA1	Message	Date
Harald Hoyer	bb9c5b195e	feat(intel-dcap-api): add automatic retry logic for 429 rate limiting - Add `max_retries` field to ApiClient with default of 3 retries - Implement `execute_with_retry()` helper method in helpers.rs - Update all HTTP requests to use retry wrapper for automatic 429 handling - Add `TooManyRequests` error variant with request_id and retry_after fields - Respect Retry-After header duration before retrying requests - Add `set_max_retries()` method to configure retry behavior (0 disables) - Update documentation and add handle_rate_limit example - Enhanced error handling in check_status() for 429 responses The client now transparently handles Intel API rate limiting while remaining configurable for users who need different retry behavior or manual handling. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-05-28 11:52:32 +02:00
Harald Hoyer	205113ecfa	feat(intel-dcap-api): add comprehensive testing infrastructure and examples - Add mock tests using real Intel API response data (25 tests) - Create fetch_test_data tool to retrieve real API responses for testing - Add integration_test example covering 17 API endpoints - Add common_usage example demonstrating attestation verification patterns - Add issuer chain validation checks to ensure signature verification is possible - Add comprehensive documentation in CLAUDE.md The test suite now covers all major Intel DCAP API functionality including TCB info, enclave identities, PCK CRLs, FMSPCs, and evaluation data numbers for both SGX and TDX platforms across API v3 and v4. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-05-28 11:52:31 +02:00
Harald Hoyer	6379e9aa9e	feat(teepot): add `Quote::tee_type` method for TEE type determination - Introduced `tee_type` method to extract TEE type from the quote header. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-05-06 13:18:17 +02:00
Harald Hoyer	2a8614c08f	feat: add platform-specific implementations for quote verification - Introduced conditional compilation for Intel SGX/TDX quote verification based on target OS and architecture. - Moved Intel-specific logic to a separate module and added a fallback for unsupported platforms. This is done, so we can pull in the `teepot` crate even on `linux-x86_64` without the Intel SGX SDK lib dependency. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-05-06 12:36:01 +02:00
Harald Hoyer	2bbfb2415c	feat(quote): add FMSPC and CPUSVN extraction support - Introduced new types `Fmspc`, `CpuSvn`, and `Svn` for SGX metadata. - Added methods to extract raw certificate chains and FMSPC from SGX quotes. - Created new test file for validating FMSPC extraction with example quotes. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-05-06 11:43:51 +02:00
Harald Hoyer	2118466a8a	refactor: replace custom Quote parsing with library version - Removed custom `Quote` structure and parsing logic in `teepot/src/sgx/mod.rs`. - Updated references to use the library-provided `Quote` methods, such as `Quote::parse` and `get_report_data`. - Simplified code and reduced redundancy by leveraging existing library functionality.	2025-05-05 14:54:41 +02:00
Lucille L. Blumire	2ca0b47169	refactor: improve punctuation readability	2025-04-17 16:52:59 +01:00
Lucille L. Blumire	6a9e035d19	refactor: combine equivalent match branches	2025-04-17 16:52:59 +01:00
Lucille L. Blumire	2ff169da9f	refactor: improve type ergonomics	2025-04-17 16:52:56 +01:00
Lucille L. Blumire	0768b0ad67	refactor: prefer conversion methods to infallable casts	2025-04-17 16:52:54 +01:00
Lucille L. Blumire	2dea589c0e	refactor: prefer inline format args	2025-04-17 16:52:53 +01:00
Harald Hoyer	d03ed96bb8	feat: add description to intel-dcap-api package - Added a description field to the Cargo.toml for the intel-dcap-api crate.	2025-04-14 17:26:21 +02:00
Harald Hoyer	1a392e800a	fixup! refactor(intel-dcap-api): split client.rs into smaller files Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-04-11 12:34:09 +02:00
Harald Hoyer	4501b3421c	fixup! refactor(intel-dcap-api): split client.rs into smaller files Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-04-11 12:23:53 +02:00
Harald Hoyer	0e69105a43	refactor(intel-dcap-api): split client.rs into smaller files Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-04-11 11:06:13 +02:00
Harald Hoyer	ed84a424db	feat(api): add Intel DCAP API client module Introduced a new `intel-dcap-api` crate for interacting with Intel's DCAP APIs. - Implemented various API client functionalities for SGX/TDX attestation services. - Added support for registration, certification, enclave identity, and FMSPC retrieval. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-04-10 14:51:51 +02:00
Harald Hoyer	0b8f1d54c7	feat: bump rust version to 1.86 fixes the hardcoded `/usr/bin/strip` issue on macos see https://github.com/rust-lang/rust/issues/131206 Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-04-10 11:57:47 +02:00
Harald Hoyer	eb39705ff1	feat: compat code for non `x86_64-linux` - do not build packages, which require `x86_64-linux` - use Phala `dcap-qvl` crate for remote attestation, if possible - nix: exclude `nixsgx` on non `x86_64-linux` platforms Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-04-10 11:57:46 +02:00
Harald Hoyer	2605e2ae3a	refactor(verify-era-proof-attestation): modularize and restructure proof verification logic - Split `verify-era-proof-attestation` into modular subcomponents for maintainability. - Moved client, proof handling, and core types into dedicated modules.	2025-04-04 17:05:30 +02:00
Harald Hoyer	1e853f653a	refactor(quote): move TCB level logic to a dedicated module - Extracted `TcbLevel` functionality from `sgx` module to `quote::tcblevel`. - Updated all references to import `TcbLevel` and related utilities from `quote::tcblevel`. - Updated copyright headers to reflect the new year range. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-04-04 17:05:23 +02:00
Harald Hoyer	8596e0dc6a	fix(teepot-vault): remove leftover `tdx` module Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-04-04 14:40:43 +02:00
Harald Hoyer	f03a8ba643	Merge branch 'main' into teepot_vault	2025-03-28 14:13:14 +01:00
Harald Hoyer	fa2ecee4bd	feat(sha384-extend): enhance SHA384 extend utility with padding and tests - Refactor `sha384-extend` to include digest padding and validation. - Add `extend_sha384` function for hex-string-based digest extension. - Introduce comprehensive test coverage for edge cases and errors. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-03-28 12:55:13 +01:00
Harald Hoyer	e62aff3511	feat(config): update OTLP endpoint and protocol handling - Change default OTLP endpoint to match the HTTP/JSON spec. - Add dynamic protocol-based exporter configuration. - Support both gRPC and HTTP/JSON transports for logging. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-03-25 11:49:57 +01:00
Harald Hoyer	f8bd9e6a08	chore: split-out vault code from `teepot` in `teepot-vault` Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-03-06 09:47:51 +01:00
Harald Hoyer	d6061c35a8	fix(teepot-vault): use `ring` as `CryptoProvider` for `rustls` New `rustls` needs global install of default `CryptoProvider`. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-02-28 14:14:57 +01:00
Harald Hoyer	d3c17a7ace	Merge branch 'main' into cargo_update	2025-02-25 13:22:35 +01:00
Harald Hoyer	f822c70721	chore: remove unused `rand` dependency and update crates - Removed `rand` dependency from multiple `.toml` files and updated relevant imports to use `rand_core::OsRng`. - Updated OpenTelemetry dependencies to latest versions and refactored SDK initialization to use `SdkLoggerProvider`. - Bumped versions of several dependencies including `clap`, `awc`, `ring`, and `smallvec` for compatibility and features. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-02-20 15:40:13 +01:00
Harald Hoyer	049f1b3de8	feat(tdx): add TDX RTMR extension support with UEFI marker - Added `UEFI_MARKER_DIGEST_BYTES` constant for TDX RTMR extension. - Implemented RTMR3 extension in `tee-key-preexec` for TDX attestation flow. - Updated `rtmr-calc` to use `UEFI_MARKER_DIGEST_BYTES` for RTMR1 extension. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-02-20 15:15:44 +01:00
Harald Hoyer	98a71b3e3a	fix(teepot): add custom HTTP header for google metadata and update default endpoint - Replace `reqwest::get` with a configured `reqwest::Client` to support custom headers (e.g., "Metadata-Flavor: Google"). - Update default OTLP endpoint to include the "http://" prefix for clarity.	2025-02-19 13:58:39 +01:00
Harald Hoyer	a41460b7f0	feat(tdx-google): enhance container service setup - Add `vector.service` and `chronyd.service` dependencies to `docker_start_container` service. - Use `EnvironmentFile` and a pre-start script to dynamically generate environment variables for container setup. - Improve error handling and clarity in container initialization.	2025-02-14 16:47:43 +01:00
Harald Hoyer	908579cd60	feat: rewrite google-metadata test as tdx-test Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-02-14 16:47:42 +01:00
Harald Hoyer	45309e58f4	chore: cargo deps update with code fixes for the new versions. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-02-10 15:44:16 +01:00
Patryk Bęza	afa524c18c	Address code review comments	2025-01-17 12:41:07 +01:00
Patryk Bęza	2d04ba0508	feat(tee-key-preexec): add support for Solidity-compatible pubkey in report_data This PR is part of the effort to implement on-chain TEE proof verification. This PR goes hand in hand with https://github.com/matter-labs/zksync-era/pull/3414.	2025-01-16 20:46:16 +01:00
Harald Hoyer	dc9263911f	fix(teepot-tee-quote-verification-rs): free collateral on ffi error Free the FFI collateral on rust checks anyway to prevent memory leaks. Also remove the `TryFrom<&sgx_ql_qve_collateral_t>` as it is unsafe. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-01-13 13:50:04 +01:00
Harald Hoyer	584223dc93	fix(teepot-tee-quote-verification-rs): memory leak Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2025-01-13 10:35:12 +01:00
Harald Hoyer	5d32396966	feat: add tdx-extend, sha384-extend and rtmr-calc This enables pre-calculating the TDX rtmr[1,2,3] values for an attested boot process. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-12-20 13:27:55 +01:00
Harald Hoyer	0b67a14cd1	chore: cargo update Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-12-20 12:20:39 +01:00
Harald Hoyer	4610475fae	feat: add TDX support Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-12-20 10:54:24 +01:00
Harald Hoyer	f4fba51e3e	chore: rustfmt	2024-12-20 09:31:03 +01:00
Harald Hoyer	f0fea5c122	refactor(logging): enhance logging setup and usage - Modified the `setup_logging` function to return a `Subscriber`, improving flexibility and reuse. - Integrated `tracing::subscriber::set_global_default` in the main functions to establish the logging subscriber globally. - Added configurations for span events and control over file and line information display. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-11-28 15:49:15 +01:00
Harald Hoyer	af3ab51320	feat(logging): centralize logging setup in teepot crate - Added a new logging module in `teepot` crate. - Removed redundant logging setup code from individual projects. - Updated dependencies and references for logging setup. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-09-18 16:08:13 +02:00
Harald Hoyer	77818cffef	chore: Release	2024-09-16 17:01:14 +02:00
Harald Hoyer	0bdc3425e4	chore: cargo update and fix `cargo clippy` issues. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-08-07 15:26:20 +02:00
Patryk Bęza	f90088be76	SGX attestation & batch signature verification tool	2024-07-10 14:47:07 +02:00
Harald Hoyer	a9bb266668	chore(deps): update to rust version 1.78 and fix the clippy warnings Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-06-10 13:09:05 +02:00
Harald Hoyer	af5df7864c	chore: Release	2024-03-12 15:23:51 +01:00
Harald Hoyer	ec553240c2	chore: Release	2024-03-12 15:09:31 +01:00
Harald Hoyer	8dd4c1292a	chore: rename intel-tee-quote-verification-rs to teepot-tee-quote-verification-rs and prepare to publish on crates.io Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-03-12 11:57:21 +01:00

1 2

53 commits