-
Notifications
You must be signed in to change notification settings - Fork 95
/
lib.rs
148 lines (119 loc) · 4.01 KB
/
lib.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
// Copyright (c) 2022 Alibaba Cloud
//
// SPDX-License-Identifier: Apache-2.0
//
use anyhow::*;
use kbs_types::Tee;
pub mod sample;
pub mod utils;
#[cfg(feature = "az-snp-vtpm-attester")]
pub mod az_snp_vtpm;
#[cfg(feature = "az-tdx-vtpm-attester")]
pub mod az_tdx_vtpm;
#[cfg(feature = "cca-attester")]
pub mod cca;
#[cfg(feature = "tdx-attester")]
pub mod tdx;
#[cfg(feature = "sgx-attester")]
pub mod sgx_dcap;
#[cfg(feature = "snp-attester")]
pub mod snp;
#[cfg(feature = "csv-attester")]
pub mod csv;
#[cfg(feature = "tsm-report")]
pub mod tsm_report;
#[cfg(feature = "se-attester")]
pub mod se;
pub type BoxedAttester = Box<dyn Attester + Send + Sync>;
impl TryFrom<Tee> for BoxedAttester {
type Error = anyhow::Error;
fn try_from(value: Tee) -> Result<Self> {
let attester: Box<dyn Attester + Send + Sync> = match value {
Tee::Sample => Box::<sample::SampleAttester>::default(),
#[cfg(feature = "tdx-attester")]
Tee::Tdx => Box::<tdx::TdxAttester>::default(),
#[cfg(feature = "sgx-attester")]
Tee::Sgx => Box::<sgx_dcap::SgxDcapAttester>::default(),
#[cfg(feature = "az-snp-vtpm-attester")]
Tee::AzSnpVtpm => Box::<az_snp_vtpm::AzSnpVtpmAttester>::default(),
#[cfg(feature = "az-tdx-vtpm-attester")]
Tee::AzTdxVtpm => Box::<az_tdx_vtpm::AzTdxVtpmAttester>::default(),
#[cfg(feature = "cca-attester")]
Tee::Cca => Box::<cca::CcaAttester>::default(),
#[cfg(feature = "snp-attester")]
Tee::Snp => Box::<snp::SnpAttester>::default(),
#[cfg(feature = "csv-attester")]
Tee::Csv => Box::<csv::CsvAttester>::default(),
#[cfg(feature = "se-attester")]
Tee::Se => Box::<se::SeAttester>::default(),
_ => bail!("TEE is not supported!"),
};
Ok(attester)
}
}
pub enum InitDataResult {
Ok,
Unsupported,
}
#[async_trait::async_trait]
pub trait Attester {
/// Call the hardware driver to get the Hardware specific evidence.
/// The parameter `report_data` will be used as the user input of the
/// evidence to avoid reply attack.
async fn get_evidence(&self, report_data: Vec<u8>) -> Result<String>;
/// Extend TEE specific dynamic measurement register
/// to enable dynamic measurement capabilities for input data at runtime.
async fn extend_runtime_measurement(
&self,
_event_digest: Vec<u8>,
_register_index: u64,
) -> Result<()> {
bail!("Unimplemented")
}
async fn bind_init_data(&self, _init_data_digest: &[u8]) -> Result<InitDataResult> {
Ok(InitDataResult::Unsupported)
}
/// This function is used to get the runtime measurement registry value of
/// the given PCR register index. Different platforms have different mapping
/// relationship between PCR and platform RTMR.
async fn get_runtime_measurement(&self, _pcr_index: u64) -> Result<Vec<u8>> {
bail!("Unimplemented")
}
}
// Detect which TEE platform the KBC running environment is.
pub fn detect_tee_type() -> Tee {
#[cfg(feature = "tdx-attester")]
if tdx::detect_platform() {
return Tee::Tdx;
}
#[cfg(feature = "sgx-attester")]
if sgx_dcap::detect_platform() {
return Tee::Sgx;
}
#[cfg(feature = "az-tdx-vtpm-attester")]
if az_tdx_vtpm::detect_platform() {
return Tee::AzTdxVtpm;
}
#[cfg(feature = "az-snp-vtpm-attester")]
if az_snp_vtpm::detect_platform() {
return Tee::AzSnpVtpm;
}
#[cfg(feature = "snp-attester")]
if snp::detect_platform() {
return Tee::Snp;
}
#[cfg(feature = "csv-attester")]
if csv::detect_platform() {
return Tee::Csv;
}
#[cfg(feature = "cca-attester")]
if cca::detect_platform() {
return Tee::Cca;
}
#[cfg(feature = "se-attester")]
if se::detect_platform() {
return Tee::Se;
}
log::warn!("No TEE platform detected. Sample Attester will be used.");
Tee::Sample
}