#quote #dcap #primitive #verify #attestation #sgx #logic

no-std dcap-qvl

This crate implements the quote verification logic for DCAP (Data Center Attestation Primitives) in pure Rust

7 releases

0.1.6 Nov 23, 2024
0.1.5 Nov 7, 2024
0.1.3 Sep 18, 2024

#10 in #dcap

Download history 403/week @ 2024-09-02 162/week @ 2024-09-16 25/week @ 2024-09-23 70/week @ 2024-09-30 6/week @ 2024-10-07 68/week @ 2024-10-14 30/week @ 2024-10-21 5/week @ 2024-10-28 261/week @ 2024-11-04 17/week @ 2024-11-11 156/week @ 2024-11-18 56/week @ 2024-11-25 25/week @ 2024-12-02

268 downloads per month
Used in 2 crates

MIT license

48KB
945 lines

dcap-qvl

This crate implements the quote verification logic for DCAP (Data Center Attestation Primitives) in pure Rust. It supports both SGX (Software Guard Extensions) and TDX (Trust Domain Extensions) quotes.

Features

  • Verify SGX and TDX quotes
  • Get collateral from PCCS
  • Extract information from quotes

Usage

Add the following dependency to your Cargo.toml file to use this crate:

[dependencies]
dcap-qvl = "0.1.0"

Examples

Get Collateral from PCCS_URL and Verify Quote

To get collateral from a PCCS_URL and verify a quote, you can use the following example code:

use dcap_qvl::collateral::get_collateral;
use dcap_qvl::verify::verify;

#[tokio::main]
async fn main() {
    // Get PCCS_URL from environment variable. The URL is like "https://localhost:8081/sgx/certification/v4/".
    let pccs_url = std::env::var("PCCS_URL").expect("PCCS_URL is not set");
    let quote = std::fs::read("tdx_quote").expect("tdx_quote is not found");
    let collateral = get_collateral(&pccs_url, &quote, std::time::Duration::from_secs(10)).await.expect("failed to get collateral");
    let now = std::time::SystemTime::now().duration_since(std::time::UNIX_EPOCH).unwrap().as_secs();
    let tcb = verify(&quote, &collateral, now).expect("failed to verify quote");
    println!("{:?}", tcb);
}

Get Collateral from Intel PCS and Verify Quote

use dcap_qvl::collateral::get_collateral_from_pcs;
use dcap_qvl::verify::verify;

#[tokio::main]
async fn main() {
    let quote = std::fs::read("tdx_quote").expect("tdx_quote is not found");
    let collateral = get_collateral_from_pcs(&quote, std::time::Duration::from_secs(10)).await.expect("failed to get collateral");
    let now = std::time::SystemTime::now().duration_since(std::time::UNIX_EPOCH).unwrap().as_secs();
    let tcb = verify(&quote, &collateral, now).expect("failed to verify quote");
    println!("{:?}", tcb);
}

License

This crate is licensed under the MIT license. See the LICENSE file for details.

Dependencies

~10–24MB
~451K SLoC