intel_dcap_api

Struct ApiClient

Source 
pub struct ApiClient { /* private fields */ }
Expand description

Client for interacting with Intel Trusted Services API.

Provides methods to access both SGX and TDX certification services, supporting API versions V3 and V4. This client offers functionality to register platforms, retrieve PCK certificates and CRLs, fetch TCB information, enclave identities, as well as TCB evaluation data numbers.

§Examples

use intel_dcap_api::ApiClient;

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    // Create a client with default settings (V4 API)
    let client = ApiClient::new()?;

    // Retrieve TCB info for a specific FMSPC
    let tcb_info = client.get_sgx_tcb_info("00606A000000", None, None).await?;
    println!("TCB Info: {}", tcb_info.tcb_info_json);

    Ok(())
}

Implementations§

Source§

impl ApiClient

Source

pub async fn get_sgx_qe_identity( &self, update: Option<UpdateType>, tcb_evaluation_data_number: Option<u64>, ) -> Result<EnclaveIdentityResponse, IntelApiError>

Retrieves the SGX QE Identity from the Intel API.

Returns Enclave Identity JSON string (Appendix B) and Issuer Chain header. Supports both v3 and v4. The update and tcb_evaluation_data_number parameters are only valid in API v4. Returns the enclave identity JSON and an issuer chain header.

§Arguments
  • update - Optional UpdateType (v4 only).
  • tcb_evaluation_data_number - Optional TCB Evaluation Data Number (v4 only).
§Returns

An EnclaveIdentityResponse containing the JSON identity and issuer chain.

§Errors

Returns an IntelApiError if the request fails, if conflicting v4 parameters are used, or if the desired identity resource is not found.

Source

pub async fn get_tdx_qe_identity( &self, update: Option<UpdateType>, tcb_evaluation_data_number: Option<u64>, ) -> Result<EnclaveIdentityResponse, IntelApiError>

Retrieves the TDX QE Identity from the Intel API (API v4 only).

§Arguments
  • update - Optional UpdateType (v4 only).
  • tcb_evaluation_data_number - Optional TCB Evaluation Data Number (v4 only).
§Returns

An EnclaveIdentityResponse containing the JSON identity and issuer chain.

§Errors

Returns an IntelApiError if an unsupported API version is used, if conflicting parameters are provided, or if the identity resource is not found. GET /tdx/certification/v4/qe/identity - V4 ONLY

Source

pub async fn get_sgx_qve_identity( &self, update: Option<UpdateType>, tcb_evaluation_data_number: Option<u64>, ) -> Result<EnclaveIdentityResponse, IntelApiError>

Retrieves the SGX QVE Identity from the Intel API.

Supports API v3 and v4. The update and tcb_evaluation_data_number parameters are v4 only. Returns the QVE identity JSON and issuer chain.

§Arguments
  • update - Optional UpdateType (v4 only).
  • tcb_evaluation_data_number - Optional TCB Evaluation Data Number (v4 only).
§Returns

An EnclaveIdentityResponse containing the QVE identity JSON and issuer chain.

§Errors

Returns an IntelApiError if the request fails, if conflicting parameters are used, or if the identity resource is not found. GET /sgx/certification/{v3,v4}/qve/identity

Source

pub async fn get_sgx_qae_identity( &self, update: Option<UpdateType>, tcb_evaluation_data_number: Option<u64>, ) -> Result<EnclaveIdentityResponse, IntelApiError>

Retrieves the SGX QAE Identity from the Intel API (API v4 only).

§Arguments
  • update - Optional UpdateType (v4 only).
  • tcb_evaluation_data_number - Optional TCB Evaluation Data Number (v4 only).
§Returns

An EnclaveIdentityResponse containing the QAE identity JSON and issuer chain.

§Errors

Returns an IntelApiError if an unsupported API version is used, if conflicting parameters are provided, or if the QAE identity is not found. GET /sgx/certification/v4/qae/identity - V4 ONLY

Source§

impl ApiClient

Source

pub async fn get_fmspcs( &self, platform_filter: Option<PlatformFilter>, ) -> Result<FmspcJsonResponse, IntelApiError>

GET /sgx/certification/{v3,v4}/fmspcs Retrieves a list of FMSPC values for SGX and TDX platforms (API v4 only).

§Arguments
  • platform_filter - An optional filter specifying SGX or TDX platforms.
§Returns

Optional ‘platform’ filter. A String containing the JSON array of objects, each containing fmspc and platform.

§Errors

Returns an IntelApiError if an unsupported API version is used or if the request fails.

Source

pub async fn get_sgx_tcb_evaluation_data_numbers( &self, ) -> Result<TcbEvaluationDataNumbersResponse, IntelApiError>

GET /sgx/certification/v4/tcbevaluationdatanumbers - V4 ONLY Retrieves the currently supported SGX TCB Evaluation Data Numbers (API v4 only).

§Returns

A TcbEvaluationDataNumbersResponse containing the JSON structure of TCB Evaluation Data Numbers and an issuer chain header.

§Errors

Returns an IntelApiError if an unsupported API version is used or if the request fails.

Source

pub async fn get_tdx_tcb_evaluation_data_numbers( &self, ) -> Result<TcbEvaluationDataNumbersResponse, IntelApiError>

GET /tdx/certification/v4/tcbevaluationdatanumbers - V4 ONLY Retrieves the currently supported TDX TCB Evaluation Data Numbers (API v4 only).

§Returns

A TcbEvaluationDataNumbersResponse containing the JSON structure of TCB Evaluation Data Numbers and an issuer chain header.

§Errors

Returns an IntelApiError if an unsupported API version is used or if the request fails.

Source§

impl ApiClient

Source

pub async fn get_pck_certificate_by_ppid( &self, encrypted_ppid: &str, cpusvn: &str, pcesvn: &str, pceid: &str, subscription_key: Option<&str>, ppid_encryption_key_type: Option<&str>, ) -> Result<PckCertificateResponse, IntelApiError>

GET /sgx/certification/{v3,v4}/pckcert Retrieves a single SGX PCK certificate using encrypted PPID and SVNs.

Optionally requires a subscription key. The ppid_encryption_key_type parameter is only valid for API v4 and allows specifying the PPID encryption key type (e.g. “RSA-3072”).

§Arguments
  • encrypted_ppid - Hex-encoded encrypted PPID.
  • cpusvn - Hex-encoded CPUSVN value.
  • pcesvn - Hex-encoded PCESVN value.
  • pceid - Hex-encoded PCEID value.
  • subscription_key - Optional subscription key if the Intel API requires it.
  • ppid_encryption_key_type - Optional PPID encryption key type (V4 only).
§Returns

A PckCertificateResponse containing the PEM-encoded certificate, issuer chain, TCBm, and FMSPC.

§Errors

Returns an IntelApiError if the API call fails or the response contains an invalid status. Returns PEM Cert, Issuer Chain, TCBm, FMSPC.

Source

pub async fn get_pck_certificate_by_manifest( &self, platform_manifest: &str, cpusvn: &str, pcesvn: &str, pceid: &str, subscription_key: Option<&str>, ) -> Result<PckCertificateResponse, IntelApiError>

POST /sgx/certification/{v3,v4}/pckcert Retrieves a single SGX PCK certificate using a platform manifest and SVNs.

Optionally requires a subscription key.

§Arguments
  • platform_manifest - Hex-encoded platform manifest.
  • cpusvn - Hex-encoded CPUSVN value.
  • pcesvn - Hex-encoded PCESVN value.
  • pceid - Hex-encoded PCEID value.
  • subscription_key - Optional subscription key if the Intel API requires it.
§Returns

A PckCertificateResponse containing the PEM-encoded certificate, issuer chain, TCBm, and FMSPC.

§Errors

Returns an IntelApiError if the request fails or if the response is invalid. Returns PEM Cert, Issuer Chain, TCBm, FMSPC.

Source

pub async fn get_pck_certificates_by_ppid( &self, encrypted_ppid: &str, pceid: &str, subscription_key: Option<&str>, ppid_encryption_key_type: Option<&str>, ) -> Result<PckCertificatesResponse, IntelApiError>

GET /sgx/certification/{v3,v4}/pckcerts Retrieves all SGX PCK certificates for a platform using encrypted PPID.

Optionally requires a subscription key. The ppid_encryption_key_type parameter is only valid for API v4.

§Arguments
  • encrypted_ppid - Hex-encoded encrypted PPID.
  • pceid - Hex-encoded PCEID value.
  • subscription_key - Optional subscription key if the Intel API requires it.
  • ppid_encryption_key_type - Optional PPID encryption key type (V4 only).
§Returns

A PckCertificatesResponse containing JSON with {tcb, tcbm, cert} entries, as well as the issuer chain and FMSPC headers.

§Errors

Returns an IntelApiError if the API call fails or the response status is invalid.

Source

pub async fn get_pck_certificates_by_manifest( &self, platform_manifest: &str, pceid: &str, subscription_key: Option<&str>, ) -> Result<PckCertificatesResponse, IntelApiError>

POST /sgx/certification/{v3,v4}/pckcerts Retrieves all SGX PCK certificates for a platform using a platform manifest.

Optionally requires a subscription key.

§Arguments
  • platform_manifest - Hex-encoded platform manifest.
  • pceid - Hex-encoded PCEID value.
  • subscription_key - Optional subscription key if the Intel API requires it.
§Returns

A PckCertificatesResponse containing JSON with {tcb, tcbm, cert} entries, as well as the issuer chain and FMSPC headers.

§Errors

Returns an IntelApiError if the API call fails or the response status is invalid.

Source

pub async fn get_pck_certificates_config_by_ppid( &self, encrypted_ppid: &str, pceid: &str, cpusvn: &str, subscription_key: Option<&str>, ppid_encryption_key_type: Option<&str>, ) -> Result<PckCertificatesResponse, IntelApiError>

GET /sgx/certification/{v3,v4}/pckcerts/config (using PPID) Retrieves SGX PCK certificates for a specific configuration (CPUSVN) using encrypted PPID.

Optionally requires a subscription key. The ppid_encryption_key_type parameter is only valid for API v4. Returns JSON with {tcb, tcbm, cert} entries, as well as the issuer chain and FMSPC headers.

§Arguments
  • encrypted_ppid - Hex-encoded encrypted PPID.
  • pceid - Hex-encoded PCEID value.
  • cpusvn - Hex-encoded CPUSVN value for the requested configuration.
  • subscription_key - Optional subscription key if the Intel API requires it.
  • ppid_encryption_key_type - Optional PPID encryption key type (V4 only).
§Returns

A PckCertificatesResponse with the requested config’s certificate data.

§Errors

Returns an IntelApiError if the request fails or if the response status is not 200 OK.

Source

pub async fn get_pck_certificates_config_by_manifest( &self, platform_manifest: &str, pceid: &str, cpusvn: &str, subscription_key: Option<&str>, ) -> Result<PckCertificatesResponse, IntelApiError>

POST /sgx/certification/{v3,v4}/pckcerts/config (using Manifest) Retrieves SGX PCK certificates for a specific configuration (CPUSVN) using a platform manifest.

Optionally requires a subscription key. Returns JSON with {tcb, tcbm, cert} entries, as well as the issuer chain and FMSPC headers.

§Arguments
  • platform_manifest - Hex-encoded platform manifest.
  • pceid - Hex-encoded PCEID value.
  • cpusvn - Hex-encoded CPUSVN value for the requested configuration.
  • subscription_key - Optional subscription key if needed by the Intel API.
§Returns

A PckCertificatesResponse with the requested config’s certificate data.

§Errors

Returns an IntelApiError if the request fails or if the response status is not 200 OK.

Source§

impl ApiClient

Source

pub async fn get_pck_crl( &self, ca_type: CaType, encoding: Option<CrlEncoding>, ) -> Result<PckCrlResponse, IntelApiError>

GET /sgx/certification/{v3,v4}/pckcrl Retrieves the PCK Certificate Revocation List (CRL) for a specified CA type.

Optionally takes an encoding parameter indicating whether the CRL should be returned as PEM or DER. Defaults to PEM if not specified.

§Arguments
  • ca_type - The type of CA to retrieve the CRL for (e.g., “processor” or “platform”).
  • encoding - An optional CrlEncoding (PEM or DER).
§Returns

A PckCrlResponse containing the CRL data and the issuer chain.

§Errors

Returns an IntelApiError if the request fails or if the response status is not 200 OK. Optional ‘encoding’ parameter (“pem” or “der”). Returns CRL data (PEM or DER) and Issuer Chain header.

Source§

impl ApiClient

Source

pub async fn register_platform( &self, platform_manifest: Vec<u8>, ) -> Result<String, IntelApiError>

POST /sgx/registration/v1/platform Registers a multi-package SGX platform with the Intel Trusted Services API.

§Arguments
  • platform_manifest - Binary data representing the platform manifest.
§Returns

Request body is binary Platform Manifest Returns the hex-encoded PPID as a String upon success.

§Errors

Returns an IntelApiError if the request fails or if the response status is not HTTP 201 CREATED.

Source

pub async fn add_package( &self, add_package_request: Vec<u8>, subscription_key: &str, ) -> Result<AddPackageResponse, IntelApiError>

POST /sgx/registration/v1/package Adds new package(s) to an already registered SGX platform instance.

§Arguments
  • add_package_request - Binary data for the “Add Package” request body.
  • subscription_key - The subscription key required by the Intel API.
§Returns

A AddPackageResponse containing the Platform Membership Certificates and the count of them extracted from the response header.

§Errors

Returns an IntelApiError if the request fails, if the subscription key is invalid, or if the response status is not HTTP 200 OK.

Source§

impl ApiClient

Source

pub async fn get_sgx_tcb_info( &self, fmspc: &str, update: Option<UpdateType>, tcb_evaluation_data_number: Option<u64>, ) -> Result<TcbInfoResponse, IntelApiError>

GET /sgx/certification/{v3,v4}/tcb Retrieves SGX TCB information for a given FMSPC.

Returns TCB Info JSON string (Appendix A) and Issuer Chain header. This function supports both API v3 and v4. The update and tcbEvaluationDataNumber parameters are only supported by API v4. If both are provided at the same time (for v4), a conflict error is returned.

§Arguments
  • fmspc - Hex-encoded FMSPC value.
  • update - Optional UpdateType for API v4.
  • tcb_evaluation_data_number - Optional TCB Evaluation Data Number (v4 only).
§Returns

A TcbInfoResponse containing the TCB info JSON and the issuer chain.

§Errors

Returns an IntelApiError if the API request fails, if conflicting parameters are used, or if the requested TCB data is not found.

Source

pub async fn get_tdx_tcb_info( &self, fmspc: &str, update: Option<UpdateType>, tcb_evaluation_data_number: Option<u64>, ) -> Result<TcbInfoResponse, IntelApiError>

GET /tdx/certification/v4/tcb Retrieves TDX TCB information for a given FMSPC (API v4 only).

§Arguments
  • fmspc - Hex-encoded FMSPC value.
  • update - An optional UpdateType (v4 only).
  • tcb_evaluation_data_number - An optional TCB Evaluation Data Number (v4 only).
§Returns

A TcbInfoResponse containing TDX TCB info JSON and the issuer chain.

§Errors

Returns an IntelApiError if an unsupported API version is used, if there are conflicting parameters, or if the TDX TCB data is not found. Returns TCB Info JSON string (Appendix A) and Issuer Chain header.

Source§

impl ApiClient

Source

pub fn new() -> Result<Self, IntelApiError>

Creates a new client targeting the latest supported API version (V4).

§Returns

A result containing the newly created ApiClient or an IntelApiError if there was an issue building the underlying HTTP client.

§Errors

This function may fail if the provided TLS version or base URL cannot be used to build a reqwest client.

Source

pub fn new_with_version(api_version: ApiVersion) -> Result<Self, IntelApiError>

Creates a new client targeting a specific API version.

§Arguments
  • api_version - The desired API version to use (V3 or V4).
§Errors

Returns an IntelApiError if the reqwest client cannot be built with the specified options.

Source

pub fn new_with_base_url(base_url: impl IntoUrl) -> Result<Self, IntelApiError>

Creates a new client with a custom base URL, targeting the latest supported API version (V4).

§Arguments
  • base_url - The custom base URL for the Intel Trusted Services API.
§Errors

Returns an IntelApiError if the reqwest client cannot be built or if the provided base URL is invalid.

Source

pub fn new_with_options( base_url: impl IntoUrl, api_version: ApiVersion, ) -> Result<Self, IntelApiError>

Creates a new client with a custom base URL and specific API version.

§Arguments
  • base_url - The custom base URL for the Intel Trusted Services API.
  • api_version - The desired API version (V3 or V4).
§Errors

Returns an IntelApiError if the reqwest client cannot be built or if the provided base URL is invalid.

Source

pub fn set_max_retries(&mut self, max_retries: u32)

Sets the maximum number of automatic retries for rate-limited requests.

When the API returns a 429 (Too Many Requests) response, the client will automatically wait for the duration specified in the Retry-After header and retry the request up to this many times.

§Arguments
  • max_retries - Maximum number of retries (0 disables automatic retries)

Trait Implementations§

Source§

impl Clone for ApiClient

Source§

fn clone(&self) -> ApiClient

Returns a duplicate of the value. Read more
1.0.0 · Source§

const fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> ErasedDestructor for T
where T: 'static,