Crate dcap_qvl 

dcap-qvl

This crate implements the quote verification logic for DCAP (Data Center Attestation Primitives) in pure Rust. It supports both SGX (Software Guard Extensions) and TDX (Trust Domain Extensions) quotes.

Features

• Verify SGX and TDX quotes
• Get collateral from PCCS
• Extract information from quotes

Usage

Add the following dependency to your Cargo.toml file to use this crate:

[dependencies]
dcap-qvl = "0.1.0"

Example

use dcap_qvl::collateral::CollateralClient;
use dcap_qvl::verify::verify;
use dcap_qvl::PHALA_PCCS_URL;

#[tokio::main]
async fn main() {
    let quote = std::fs::read("quote").expect("quote file not found");

    // Use default Phala PCCS, or override with custom URL
    let pccs_url = std::env::var("PCCS_URL").unwrap_or_else(|_| PHALA_PCCS_URL.to_string());
    let collateral = CollateralClient::with_default_http(pccs_url)
        .expect("failed to build HTTP client")
        .fetch(&quote)
        .await
        .expect("failed to get collateral");

    let now = std::time::SystemTime::now().duration_since(std::time::UNIX_EPOCH).unwrap().as_secs();
    let report = verify(&quote, &collateral, now).expect("failed to verify quote");
    println!("{:?}", report);
}

Re-exports

pub use collateral::PHALA_PCCS_URL;

Modules

collateral

config

Pluggable configuration trait surface for quote verification.

configs

Preset Config bundles built from the audited in-tree backends.

crypto

Audited CryptoProvider implementations.

http

HTTP client abstraction used by crate::collateral.

intel

oids

quote

signature

Audited EcdsaSigEncoder implementation backed by der.

tcb_info

verify

x509

Audited X509Codec implementation backed by x509-cert + der.

Structs

QuoteCollateralV3

Constants

INTEL_QE_VENDOR_ID