1use chacha20poly1305::Key;
2use fmd::FmdSecretKey;
3use hkdf::Hkdf;
4use shared::db::EncKey;
5use shared::{ClientMsg, ServerMsg};
6use tracing_subscriber::fmt::SubscriberBuilder;
7
8use crate::com::OutgoingTcp;
9use crate::config::Config;
10use crate::error::Error;
11
12mod ratls;
13
14pub mod com;
15pub mod config;
16pub mod error;
17pub mod query;
18#[cfg(feature = "tdx")]
19pub mod tdx;
20#[cfg(feature = "transparent")]
21pub mod transparent;
22
23pub const GAMMA: usize = 20;
24
25pub fn init_logging() {
26 SubscriberBuilder::default().with_ansi(true).init();
27}
28
29pub fn get_host_uuid(url: &str) -> error::Result<String> {
30 let mut stream = OutgoingTcp::new(url)?;
31 stream.write(ClientMsg::RequestUUID);
32 match stream.read() {
33 Ok(ServerMsg::UUID(uuid)) => Ok(uuid),
34 Ok(ServerMsg::Error(err)) => Err(Error::ServerError(err)),
35 _ => Err(Error::ServerError(format!(
36 "Requesting UUID from host at {url} failed. Could not parse response."
37 ))),
38 }
39}
40
41pub fn encryption_key(fmd_key: &FmdSecretKey, salt: &str) -> EncKey {
42 let hk = Hkdf::<sha2::Sha256>::new(
43 Some(salt.as_bytes()),
44 serde_json::to_string(fmd_key).unwrap().as_bytes(),
45 );
46 let mut encryption_key = [0u8; 32];
47 hk.expand("Database encryption key".as_bytes(), &mut encryption_key)
48 .expect("This operation should not fail.");
49 let enc_key: Key = encryption_key.into();
50 enc_key.into()
51}
52
53#[cfg(feature = "tdx")]
54pub fn register_fmd_key(
55 config: &Config,
56 key_hash: String,
57 fmd_key: &FmdSecretKey,
58 birthday: Option<u64>,
59) -> error::Result<()> {
60 ratls::register_fmd_key::<tdx::TdxClient>(config, key_hash, fmd_key, birthday)
61}
62#[cfg(feature = "transparent")]
63pub fn register_fmd_key(
64 config: &Config,
65 key_hash: String,
66 fmd_key: &FmdSecretKey,
67 birthday: Option<u64>,
68) -> error::Result<()> {
69 ratls::register_fmd_key::<transparent::TClient>(config, key_hash, fmd_key, birthday)
70}