kassandra_shared/
tee.rs

1//! Traits to abstract away particular TEE implementations
2
3use alloc::string::ToString;
4use rand_core::{CryptoRng, RngCore};
5
6use crate::{FramedBytes, MsgError, MsgFromHost, MsgToHost};
7
8/// Logic for clients to verify enclave reports and extract data
9/// from them
10pub trait EnclaveClient {
11    type Error: core::error::Error + core::fmt::Display;
12
13    /// Verifies an attestation report and returns the user data
14    /// if successful. The nonce is a challenge
15    /// provided by the client to protect against replays.
16    fn verify_quote(report: &[u8], nonce: u64) -> Result<[u8; 64], Self::Error>;
17}
18
19/// Logic for enclaves to generate remote attestation reports.
20pub trait RemoteAttestation: Clone {
21    fn init() -> Self;
22    fn get_quote(&self, report_data: [u8; 64]) -> alloc::vec::Vec<u8>;
23}
24
25/// High level methods for the enclave to communicate with
26/// its host and clients.
27pub trait EnclaveComm: FramedBytes {
28    /// Instantiate the communication channel
29    fn init() -> Self;
30
31    /// Read a message from the host
32    fn read(&mut self) -> Result<MsgFromHost, MsgError> {
33        let frame = self.get_frame()?;
34        frame.deserialize()
35    }
36
37    /// Write a message to the host
38    fn write(&mut self, msg: &MsgToHost) {
39        self.write_frame(msg)
40    }
41
42    /// A factory function for writing errors back
43    /// to the host.
44    fn write_err(&mut self, err: &str) {
45        self.write(&MsgToHost::Error(err.to_string()))
46    }
47
48    /// A factory function for writing errors back
49    /// to a client.
50    fn write_client_err(&mut self, err: &str) {
51        self.write(&MsgToHost::ErrorForClient(err.to_string()))
52    }
53}
54
55/// Stricter requirements on an RNG source
56pub trait EnclaveRNG: RngCore + CryptoRng + Clone {
57    fn init() -> Self;
58}