Skip to content

[RTE-659] Adding TDX Collateral collection in the dcap-artifact-retrieval and pcs crate #855

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
gilanghamidy wants to merge 9 commits into
base: master
Choose a base branch
from
+1,154 −497
Open

[RTE-659] Adding TDX Collateral collection in the dcap-artifact-retrieval and pcs crate #855

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
59cd607
Introducing static type to indicate TcbInfo and QeIdentity for SGX an…
gilanghamidy Dec 22, 2025
577acc8
Refactoring IO for overwriting file
gilanghamidy Jan 12, 2026
0b22b72
Add TCB Evaluation Numbers
gilanghamidy Jan 16, 2026
e170df1
Simplifying types and renaming types and function for consistencies
gilanghamidy Jan 16, 2026
fe965ea
Allow comparing any type of `TcbInfo` with `PckCrt` that only stores …
gilanghamidy Jan 17, 2026
c8585bc
Bump major version to `pcs` and `dcap-artifact-retrieval`
gilanghamidy Jan 5, 2026
1b20b6d
Introducing trait to select function from `ProvisioningClient` instance
gilanghamidy Jan 22, 2026
e8d1864
Adding `Send` trait to `PlatformType`
gilanghamidy Jan 22, 2026
064efb0
Make `filename` public
gilanghamidy Jan 22, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 3 additions & 3 deletions intel-sgx/dcap-artifact-retrieval/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "dcap-artifact-retrieval"
version = "0.4.2"
version = "0.5.0"
authors = ["Fortanix, Inc."]
license = "MPL-2.0"
edition = "2018"
Expand Down Expand Up @@ -28,7 +28,7 @@ mbedtls = { version = ">=0.12.0, <0.14.0", features = [
"std",
], default-features = false }
num_enum = { version = "0.7", features = ["complex-expressions"] }
pcs = { version = "0.7.3", path = "../pcs" }
pcs = { version = "0.8", path = "../pcs" }
percent-encoding = "2.3.2"
pkix = "0.2.0"
quick-error = "1.1.0"
Expand All @@ -44,7 +44,7 @@ rustls-tls = ["reqwest?/rustls-tls"]

[dev-dependencies]
yasna = { version = "0.3", features = ["num-bigint", "bit-vec"] }
pcs = { version = "0.7", path = "../pcs", features = ["verify"] }
pcs = { version = "0.8", path = "../pcs", features = ["verify"] }

[build-dependencies]
mbedtls = { version = ">=0.12.0, <0.14.0", features = ["ssl", "x509"] }
Expand Down
32 changes: 16 additions & 16 deletions intel-sgx/dcap-artifact-retrieval/src/cli.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
use std::path::{Path, PathBuf};

use clap::clap_app;
use pcs::{PckID, DcapArtifactIssuer};
use pcs::{PckID, DcapArtifactIssuer, WriteOptionsBuilder};
use reqwest::Url;
use rustc_serialize::hex::ToHex;
use serde::de::{value, IntoDeserializer};
Expand All @@ -32,7 +32,7 @@ enum Origin {
Pccs,
}

fn str_deserialize(s: &str) -> value::StrDeserializer<value::Error> {
fn str_deserialize<'a>(s: &'a str) -> value::StrDeserializer<'a, value::Error> {
s.into_deserializer()
}

Expand Down Expand Up @@ -72,30 +72,30 @@ fn download_dcap_artifacts(
// instead we mimic it using pckcert API.
let pckcerts = prov_client.pckcerts_with_fallback(&pckid)?;

let pckcerts_file = pckcerts.store(output_dir, pckid.qe_id.as_slice())?;
let pckcerts_file = pckcerts.write_to_file(output_dir, pckid.qe_id.as_slice(), WriteOptionsBuilder::new().build())?;

if verbose {
println!(" pckcerts: {}", pckcerts_file);
println!(" pckcerts: {}", pckcerts_file.unwrap().display());
}

let fmspc = pckcerts.fmspc()?;
let evaluation_data_numbers = prov_client
.tcb_evaluation_data_numbers()?;
.sgx_tcb_evaluation_data_numbers()?;

let file = evaluation_data_numbers.write_to_file(output_dir)?;
let file = evaluation_data_numbers.write_to_file(output_dir, WriteOptionsBuilder::new().build())?;
if verbose {
println!(" tcb evaluation data numbers: {}\n", file);
println!(" tcb evaluation data numbers: {}\n", file.unwrap().display());
}

for number in evaluation_data_numbers.evaluation_data_numbers()?.numbers() {
let tcb_info = prov_client
.tcbinfo(&fmspc, Some(number.number()));
.sgx_tcbinfo(&fmspc, Some(number.number()));

match tcb_info {
Ok(tcb_info) => {
let file = tcb_info.store(output_dir)?;
let file = tcb_info.write_to_file(output_dir, WriteOptionsBuilder::new().build())?;
if verbose {
println!(" tcb info: {}", file);
println!(" tcb info: {}", file.unwrap().display());
}
},
Err(Error::PCSError(StatusCode::Gone, _)) => {
Expand All @@ -114,9 +114,9 @@ fn download_dcap_artifacts(

match qe_identity {
Ok(qe_identity) => {
let file = qe_identity.write_to_file(output_dir)?;
let file = qe_identity.write_to_file(output_dir, WriteOptionsBuilder::new().build())?;
if verbose {
println!(" qe identity: {}\n", file);
println!(" qe identity: {}\n", file.unwrap().display());
}
}
Err(Error::PCSError(StatusCode::Gone, _)) => {
Expand All @@ -132,17 +132,17 @@ fn download_dcap_artifacts(
}
let pckcrl = prov_client
.pckcrl(DcapArtifactIssuer::PCKProcessorCA)
.and_then(|crl| crl.write_to_file_as(output_dir, DcapArtifactIssuer::PCKProcessorCA).map_err(|e| e.into()))?;
.and_then(|crl| crl.write_to_file_as(output_dir, DcapArtifactIssuer::PCKProcessorCA, WriteOptionsBuilder::new().build()).map_err(|e| e.into()))?;
if verbose {
println!("==[ generic ]==");
println!(" PCKProcessorCA Crl: {}", pckcrl);
println!(" PCKProcessorCA Crl: {}", pckcrl.unwrap().display());
}

let pckcrl = prov_client
.pckcrl(DcapArtifactIssuer::PCKPlatformCA)
.and_then(|crl| crl.write_to_file_as(output_dir, DcapArtifactIssuer::PCKPlatformCA).map_err(|e| e.into()))?;
.and_then(|crl| crl.write_to_file_as(output_dir, DcapArtifactIssuer::PCKPlatformCA, WriteOptionsBuilder::new().build()).map_err(|e| e.into()))?;
if verbose {
println!(" PCKPlatformCA Crl: {}", pckcrl);
println!(" PCKPlatformCA Crl: {}", pckcrl.unwrap().display());
}
Ok(())
}
Expand Down
17 changes: 10 additions & 7 deletions intel-sgx/dcap-artifact-retrieval/src/provisioning_client/azure.rs
View file
Open in desktop
Copy link
Collaborator

@Taowyoo Taowyoo Jan 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could we add tdx test cases

Original file line number Diff line number Diff line change
Expand Up @@ -46,10 +46,13 @@ impl AzureProvisioningClientBuilder {
let pck_cert = PckCertApi::new(self.api_version.clone());
let pck_crl = PckCrlApi::new(self.api_version.clone());
let qeid = QeIdApi::new(self.api_version.clone());
let tcbinfo = TcbInfoApi::new(self.api_version.clone());
let evaluation_data_numbers = TcbEvaluationDataNumbersApi::new(INTEL_BASE_URL.into());
let sgx_tcbinfo = TcbInfoApi::new(self.api_version.clone());
let tdx_tcbinfo = TcbInfoApi::new(self.api_version.clone());
let sgx_evaluation_data_numbers = TcbEvaluationDataNumbersApi::new(INTEL_BASE_URL.into());
let tdx_evaluation_data_numbers = TcbEvaluationDataNumbersApi::new(INTEL_BASE_URL.into());

self.client_builder
.build(pck_certs, pck_cert, pck_crl, qeid, tcbinfo, evaluation_data_numbers, fetcher)
.build(pck_certs, pck_cert, pck_crl, qeid, sgx_tcbinfo, tdx_tcbinfo, sgx_evaluation_data_numbers, tdx_evaluation_data_numbers, fetcher)
}
}

Expand Down Expand Up @@ -239,7 +242,7 @@ mod tests {
);

let fmspc = pck.fmspc().unwrap();
assert!(client.tcbinfo(&fmspc, None).is_ok());
assert!(client.sgx_tcbinfo(&fmspc, None).is_ok());
}
}
}
Expand Down Expand Up @@ -279,7 +282,7 @@ mod tests {
let pckcerts = client.pckcerts_with_fallback(&pckid).unwrap();
println!("Found {} PCK certs.", pckcerts.as_pck_certs().len());

let tcb_info = client.tcbinfo(&pckcerts.fmspc().unwrap(), None).unwrap();
let tcb_info = client.sgx_tcbinfo(&pckcerts.fmspc().unwrap(), None).unwrap();
let tcb_data = tcb_info.data().unwrap();

let selected = pckcerts.select_pck(
Expand All @@ -304,12 +307,12 @@ mod tests {
}

#[test]
pub fn tcb_evaluation_data_numbers() {
pub fn sgx_tcb_evaluation_data_numbers() {
for api_version in [PcsVersion::V3, PcsVersion::V4] {
let client = AzureProvisioningClientBuilder::new(api_version)
.set_retry_timeout(TIME_RETRY_TIMEOUT)
.build(reqwest_client());
assert!(client.tcb_evaluation_data_numbers().is_ok());
assert!(client.sgx_tcb_evaluation_data_numbers().is_ok());
}
}
}
Loading