atlas-rs 0.2.0

attested TLS (aTLS) core library for verifying TEE attestations over TLS connections
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160

//! Configuration types for DStack TDX verification.

use crate::tdx::ExpectedBootchain;

/// Configuration for DstackTDXVerifier.
///
/// This struct holds all the expected values and settings for TDX verification.
#[derive(Debug, Clone)]
pub struct DstackTDXVerifierConfig {
    /// Expected app compose configuration (as JSON Value for hash calculation).
    ///
    /// The verifier will compute the hash of this configuration and compare
    /// it against the hash in the TCB info and event log.
    pub app_compose: Option<serde_json::Value>,

    /// Allowed TCB statuses.
    ///
    /// Only attestations with TCB status in this list will be accepted.
    /// Default: `["UpToDate"]`
    pub allowed_tcb_status: Vec<String>,

    /// Disable runtime verification (NOT RECOMMENDED).
    ///
    /// When true, bootchain, app_compose, and os_image_hash verification
    /// will be skipped. This should only be used for testing.
    pub disable_runtime_verification: bool,

    /// Expected bootchain measurements.
    ///
    /// If provided, the verifier will check that the attestation's MRTD
    /// and RTMR0-2 match these expected values.
    pub expected_bootchain: Option<ExpectedBootchain>,

    /// Expected OS image hash.
    ///
    /// The SHA256 hash of the OS image that should be running in the TD.
    pub os_image_hash: Option<String>,

    /// PCCS URL for collateral fetching.
    ///
    /// If None, uses Intel's default PCS endpoint.
    pub pccs_url: Option<String>,

    /// Cache collateral to avoid repeated PCS fetches.
    ///
    /// When true (default), collateral fetched from PCS will be cached
    /// and reused for subsequent verifications.
    pub cache_collateral: bool,
}

impl Default for DstackTDXVerifierConfig {
    fn default() -> Self {
        Self {
            app_compose: None,
            allowed_tcb_status: vec!["UpToDate".to_string()],
            disable_runtime_verification: false,
            expected_bootchain: None,
            os_image_hash: None,
            pccs_url: None,
            cache_collateral: true,
        }
    }
}

/// Builder for DstackTDXVerifierConfig.
///
/// Provides a fluent API for constructing verifier configurations.
///
/// # Example
///
/// ```
/// use atlas_rs::dstack::{DstackTDXVerifierBuilder};
/// use atlas_rs::tdx::ExpectedBootchain;
/// use serde_json::json;
///
/// let verifier = DstackTDXVerifierBuilder::new()
///     .app_compose(json!({
///         "runner": "docker-compose",
///         "docker_compose_file": "..."
///     }))
///     .expected_bootchain(ExpectedBootchain {
///         mrtd: "abc123...".to_string(),
///         rtmr0: "def456...".to_string(),
///         rtmr1: "ghi789...".to_string(),
///         rtmr2: "jkl012...".to_string(),
///     })
///     .os_image_hash("sha256:...".to_string())
///     .build()
///     .unwrap();
/// ```
pub struct DstackTDXVerifierBuilder {
    config: DstackTDXVerifierConfig,
}

impl Default for DstackTDXVerifierBuilder {
    fn default() -> Self {
        Self::new()
    }
}

impl DstackTDXVerifierBuilder {
    /// Create a new builder with default configuration.
    pub fn new() -> Self {
        Self {
            config: DstackTDXVerifierConfig::default(),
        }
    }

    /// Set the expected app compose configuration.
    pub fn app_compose(mut self, value: serde_json::Value) -> Self {
        self.config.app_compose = Some(value);
        self
    }

    /// Set the expected bootchain measurements.
    pub fn expected_bootchain(mut self, bootchain: ExpectedBootchain) -> Self {
        self.config.expected_bootchain = Some(bootchain);
        self
    }

    /// Set the expected OS image hash.
    pub fn os_image_hash(mut self, hash: impl Into<String>) -> Self {
        self.config.os_image_hash = Some(hash.into());
        self
    }

    /// Set the allowed TCB statuses.
    pub fn allowed_tcb_status(mut self, statuses: Vec<String>) -> Self {
        self.config.allowed_tcb_status = statuses;
        self
    }

    /// Set the PCCS URL for collateral fetching.
    pub fn pccs_url(mut self, url: impl Into<String>) -> Self {
        self.config.pccs_url = Some(url.into());
        self
    }

    /// Disable runtime verification (NOT RECOMMENDED).
    pub fn disable_runtime_verification(mut self) -> Self {
        self.config.disable_runtime_verification = true;
        self
    }

    /// Enable or disable collateral caching.
    pub fn cache_collateral(mut self, enabled: bool) -> Self {
        self.config.cache_collateral = enabled;
        self
    }

    /// Get the built configuration.
    pub fn into_config(self) -> DstackTDXVerifierConfig {
        self.config
    }

    /// Build the DstackTDXVerifier with the configured settings.
    pub fn build(self) -> Result<super::DstackTDXVerifier, crate::AtlsVerificationError> {
        super::DstackTDXVerifier::new(self.config)
    }
}