feat: add new 0x9 tag for TDX TEE framework (#148)

Author: jbern0rd

src/main/java/com/iexec/commons/poco/order/OrderTag.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2023 IEXEC BLOCKCHAIN TECH
+ * Copyright 2020-2025 IEXEC BLOCKCHAIN TECH
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,13 +20,14 @@
 import com.iexec.commons.poco.utils.BytesUtils;
 import lombok.Getter;
 
-@Getter
 public enum OrderTag {
 
     STANDARD(BytesUtils.EMPTY_HEX_STRING_32),
     TEE_SCONE(TeeUtils.TEE_SCONE_ONLY_TAG),
-    TEE_GRAMINE(TeeUtils.TEE_GRAMINE_ONLY_TAG);
+    TEE_GRAMINE(TeeUtils.TEE_GRAMINE_ONLY_TAG),
+    TEE_TDX(TeeUtils.TEE_TDX_ONLY_TAG);
 
+    @Getter
     private final String value;
 
     OrderTag(String value) {

src/main/java/com/iexec/commons/poco/tee/TeeFramework.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2023 IEXEC BLOCKCHAIN TECH
+ * Copyright 2020-2025 IEXEC BLOCKCHAIN TECH
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,8 +17,7 @@
 package com.iexec.commons.poco.tee;
 
 public enum TeeFramework {
-
     SCONE,
-    GRAMINE
-
+    GRAMINE,
+    TDX
 }

src/main/java/com/iexec/commons/poco/tee/TeeUtils.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2023 IEXEC BLOCKCHAIN TECH
+ * Copyright 2020-2025 IEXEC BLOCKCHAIN TECH
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,65 +17,77 @@
 package com.iexec.commons.poco.tee;
 
 import com.iexec.commons.poco.utils.BytesUtils;
+import lombok.AccessLevel;
+import lombok.NoArgsConstructor;
 import org.web3j.utils.Numeric;
 
 import java.math.BigInteger;
 import java.util.Map;
 
+@NoArgsConstructor(access = AccessLevel.PRIVATE)
 public class TeeUtils {
 
     public static final int TEE_SCONE_BITS = 0b0011;
     public static final int TEE_GRAMINE_BITS = 0b0101;
+    public static final int TEE_TDX_BITS = 0b1001;
     private static final Map<Integer, TeeFramework> TEE_BITS_TO_FRAMEWORK = Map.of(
             TEE_SCONE_BITS, TeeFramework.SCONE,
-            TEE_GRAMINE_BITS, TeeFramework.GRAMINE
+            TEE_GRAMINE_BITS, TeeFramework.GRAMINE,
+            TEE_TDX_BITS, TeeFramework.TDX
     );
     public static final String TEE_SCONE_ONLY_TAG = BytesUtils.toByte32HexString(TEE_SCONE_BITS);
     public static final String TEE_GRAMINE_ONLY_TAG = BytesUtils.toByte32HexString(TEE_GRAMINE_BITS);
+    public static final String TEE_TDX_ONLY_TAG = BytesUtils.toByte32HexString(TEE_TDX_BITS);
     private static final int TEE_RUNTIME_FRAMEWORK_MASK = 0b1111; //last nibble (4 bits)
 
-    private TeeUtils() {
-        throw new UnsupportedOperationException();
-    }
-
     /**
      * Check if hexTag asks for a known TEE runtime framework.
      *
      * @param hexTag tag of the deal
      * @return true if a known TEE runtime framework is requested
      */
-    public static boolean isTeeTag(String hexTag) {
-        return hasTeeSconeInTag(hexTag) || hasTeeGramineInTag(hexTag);
+    public static boolean isTeeTag(final String hexTag) {
+        return hasTeeSconeInTag(hexTag) || hasTeeGramineInTag(hexTag) || hasTeeTdxInTag(hexTag);
     }
 
     /**
-     * Check if tag asks for Scone TEE runtime framework.
+     * Check if tag asks for Scone TEE framework.
      *
      * @param hexTag tag of the deal
-     * @return true if Scone TEE runtime framework is requested
+     * @return true if Scone TEE framework is requested
      */
-    public static boolean hasTeeSconeInTag(String hexTag) {
+    static boolean hasTeeSconeInTag(final String hexTag) {
         return hasTeeRuntimeFrameworkBitsInTag(TEE_SCONE_BITS, hexTag);
     }
 
     /**
-     * Check if tag asks for Gramine TEE runtime framework.
+     * Check if tag asks for Gramine TEE framework.
      *
      * @param hexTag tag of the deal
-     * @return true if Gramine TEE runtime framework is requested
+     * @return true if Gramine TEE framework is requested
      */
-    public static boolean hasTeeGramineInTag(String hexTag) {
+    static boolean hasTeeGramineInTag(final String hexTag) {
         return hasTeeRuntimeFrameworkBitsInTag(TEE_GRAMINE_BITS, hexTag);
     }
 
+    /**
+     * Check if tag asks for TDX TEE framework.
+     *
+     * @param hexTag tag of the deal
+     * @return true if TDX TEE framework is requested
+     */
+    static boolean hasTeeTdxInTag(final String hexTag) {
+        return hasTeeRuntimeFrameworkBitsInTag(TEE_TDX_BITS, hexTag);
+    }
+
     /**
      * Check if some bits are set on the TEE runtime framework range.
      *
      * @param expectedBits some bits expected to be in the tag
      * @param hexTag       tag of the deal
      * @return true if bits are set
      */
-    static boolean hasTeeRuntimeFrameworkBitsInTag(int expectedBits, String hexTag) {
+    static boolean hasTeeRuntimeFrameworkBitsInTag(final int expectedBits, final String hexTag) {
         return hexTag != null && Numeric.toBigInt(hexTag)
                 .and(BigInteger.valueOf(TEE_RUNTIME_FRAMEWORK_MASK))
                 .equals(BigInteger.valueOf(expectedBits));
@@ -98,6 +110,10 @@ public static TeeFramework getTeeFramework(String hexTag) {
         return null;
     }
 
+    /**
+     * @deprecated not used
+     */
+    @Deprecated(forRemoval = true)
     public static boolean isTeeChallenge(String challenge) {
         return challenge != null && !challenge.equals(BytesUtils.EMPTY_ADDRESS);
     }

src/test/java/com/iexec/commons/poco/tee/TeeUtilsTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2023 IEXEC BLOCKCHAIN TECH
+ * Copyright 2020-2025 IEXEC BLOCKCHAIN TECH
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
 
 package com.iexec.commons.poco.tee;
 
-import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
@@ -27,65 +26,74 @@
 import java.util.stream.Stream;
 
 import static com.iexec.commons.poco.utils.BytesUtils.toByte32HexString;
+import static org.assertj.core.api.Assertions.assertThat;
 
 class TeeUtilsTests {
 
     @Test
     void areValidFields() {
-        Assertions.assertEquals(0b0011, TeeUtils.TEE_SCONE_BITS);
-        Assertions.assertEquals(0b0101, TeeUtils.TEE_GRAMINE_BITS);
-        Assertions.assertEquals("0x0000000000000000000000000000000000000000000000000000000000000003",
-                TeeUtils.TEE_SCONE_ONLY_TAG);
-        Assertions.assertEquals("0x0000000000000000000000000000000000000000000000000000000000000005",
-                TeeUtils.TEE_GRAMINE_ONLY_TAG);
+        assertThat(TeeUtils.TEE_SCONE_BITS).isEqualTo(0b0011);
+        assertThat(TeeUtils.TEE_GRAMINE_BITS).isEqualTo(0b0101);
+        assertThat(TeeUtils.TEE_TDX_BITS).isEqualTo(0b1001);
+        assertThat(TeeUtils.TEE_SCONE_ONLY_TAG)
+                .isEqualTo("0x0000000000000000000000000000000000000000000000000000000000000003");
+        assertThat(TeeUtils.TEE_GRAMINE_ONLY_TAG)
+                .isEqualTo("0x0000000000000000000000000000000000000000000000000000000000000005");
+        assertThat(TeeUtils.TEE_TDX_ONLY_TAG)
+                .isEqualTo("0x0000000000000000000000000000000000000000000000000000000000000009");
     }
 
     @ParameterizedTest
-    @ValueSource(ints = {
-            0b0011, // 0x3: Scone
-            0b0101, // : 0x5: Gramine
-            0b11110011, // 0xf3: any (above TEE runtime framework mask) + Scone
-    })
+    @ValueSource(ints = {0x3, 0x5, 0x9, 0xf3, 0xf5, 0xf9})
     void isTeeTag(int tag) {
-        Assertions.assertTrue(TeeUtils.isTeeTag(toByte32HexString(tag)));
+        assertThat(TeeUtils.isTeeTag(toByte32HexString(tag))).isTrue();
     }
 
     @ParameterizedTest
     @ValueSource(ints = {
-            0b0000, // 0x0: empty
-            0b0001, // 0x1: missing TEE runtime framework
-            0b1001, // 0x9: no third TEE runtime framework existing for now ({Scone, Gramine, ?})
+            0b0000, 0b0001, 0b0010,
+            0b0100, 0b0110, 0b0111,
+            0b1000, 0b1010, 0b1011,
+            0b1100, 0b1101, 0b1110, 0b1111
     })
     void isNotTeeTag(int tag) {
-        Assertions.assertFalse(TeeUtils.isTeeTag(toByte32HexString(tag)));
+        assertThat(TeeUtils.isTeeTag(toByte32HexString(tag))).isFalse();
     }
 
     @ParameterizedTest
-    @ValueSource(ints = {
-            0b0011, // 0x3: Scone
-            0b11110011, // 0xf3: any (above TEE runtime framework mask) + Scone
-    })
-    void hasTeeSconeInTag(int tag) {
-        Assertions.assertTrue(TeeUtils.hasTeeSconeInTag(toByte32HexString(tag)));
+    @ValueSource(ints = {0x3, 0xf3})
+    void hasTeeSconeInTag(final int tag) {
+        assertThat(TeeUtils.hasTeeSconeInTag(toByte32HexString(tag))).isTrue();
     }
 
-    @Test
-    void hasNotTeeSconeInTag() {
-        Assertions.assertFalse(TeeUtils.hasTeeSconeInTag(toByte32HexString(0b0101))); // 0x5: Gramine
+    @ParameterizedTest
+    @ValueSource(ints = {0x5, 0x9, 0xf5, 0xf9})
+    void hasNotTeeSconeInTag(final int tag) {
+        assertThat(TeeUtils.hasTeeSconeInTag(toByte32HexString(tag))).isFalse();
     }
 
     @ParameterizedTest
-    @ValueSource(ints = {
-            0b0101, // 0x5: Gramine
-            0b11110101, // 0xf5: any (above TEE runtime framework mask) + Gramine
-    })
-    void hasTeeGramineInTag(int tag) {
-        Assertions.assertTrue(TeeUtils.hasTeeGramineInTag(toByte32HexString(tag)));
+    @ValueSource(ints = {0x5, 0xf5})
+    void hasTeeGramineInTag(final int tag) {
+        assertThat(TeeUtils.hasTeeGramineInTag(toByte32HexString(tag))).isTrue();
     }
 
-    @Test
-    void hasNotTeeGramineInTag() {
-        Assertions.assertFalse(TeeUtils.hasTeeGramineInTag(toByte32HexString(0b0011))); // 0x3: Scone
+    @ParameterizedTest
+    @ValueSource(ints = {0x3, 0x9, 0xf3, 0xf9})
+    void hasNotTeeGramineInTag(final int tag) {
+        assertThat(TeeUtils.hasTeeGramineInTag(toByte32HexString(tag))).isFalse();
+    }
+
+    @ParameterizedTest
+    @ValueSource(ints = {0x9, 0xf9})
+    void hasTeeTdxInTag(final int tag) {
+        assertThat(TeeUtils.hasTeeTdxInTag(toByte32HexString(tag))).isTrue();
+    }
+
+    @ParameterizedTest
+    @ValueSource(ints = {0x3, 0x5, 0xf3, 0xf5})
+    void hasNotTeeTdxInTag(final int tag) {
+        assertThat(TeeUtils.hasTeeTdxInTag(toByte32HexString(tag))).isFalse();
     }
 
     // ensures some bits are present within TEE runtime framework mask
@@ -101,20 +109,17 @@ static Stream<Arguments> validData() {
 
     @ParameterizedTest
     @MethodSource("validData")
-    void hasTeeRuntimeFrameworkBitsInTag(int expectedBits, int tag) {
-        Assertions.assertTrue(TeeUtils.hasTeeRuntimeFrameworkBitsInTag(expectedBits,
-                toByte32HexString(tag)));
+    void hasTeeRuntimeFrameworkBitsInTag(final int expectedBits, final int tag) {
+        assertThat(TeeUtils.hasTeeRuntimeFrameworkBitsInTag(expectedBits, toByte32HexString(tag))).isTrue();
     }
 
     @ParameterizedTest
     @NullSource
     @ValueSource(strings = {
-            "abc", // missing prefix
+            "abc", // after mask, 0xc -> 0b1100 does not match expected 0b1010
             "0x1", // no match
     })
     void hasNotTeeRuntimeFrameworkBitsInTag(String tag) {
-        int anyBits = 0b1010;
-        Assertions.assertFalse(TeeUtils.hasTeeRuntimeFrameworkBitsInTag(anyBits,
-                tag));
+        assertThat(TeeUtils.hasTeeRuntimeFrameworkBitsInTag(0b1010, tag)).isFalse();
     }
-}
+}