quartz-tee-ra

Crates.ioquartz-tee-ra
lib.rsquartz-tee-ra
version0.3.1
created_at2024-10-16 19:25:04.921087+00
updated_at2025-09-11 16:56:21.277808+00
descriptionInternal CosmWasm library for handling Intel SGX DCAP remote attestations.
homepagehttps://cycles.money
repositoryhttps://github.com/informalsystems/cycles-quartz
max_upload_size
id1412235
size80,988
Cycles Engineering (github:informalsystems:cycles-engineering)

documentation

README

Quartz TEE Remote Attestation (quartz-tee-ra)

This quartz-tee-ra handles Intel SGX remote attestation for DCAP.

Features

  • DCAP attestation verification
  • Support for Intel SGX quote parsing and validation
  • Integration with MobileCoin's attestation verifier

Usage

Here's a basic example of how to use quartz-tee-ra for DCAP attestation verification:

use quartz_tee_ra::{verify_dcap_attestation, intel_sgx::dcap::{Quote3, Collateral, TrustedIdentity}};

fn verify_attestation(quote: Quote3<Vec<u8>>, collateral: Collateral, identities: &[TrustedIdentity]) {
    let verification_output = verify_dcap_attestation(quote, collateral, identities);
    
    if verification_output.is_success().into() {
        println!("Attestation verified successfully!");
    } else {
        println!("Attestation verification failed: {:?}", verification_output);
    }
}

API Reference

The main functions exported by this library are:

pub use intel_sgx::{
    dcap::verify as verify_dcap_attestation,
    Error,
};

Dependencies

This package relies on several external crates and MobileCoin libraries. Key dependencies include:


[dependencies]
# external
der.workspace = true
hex-literal.workspace = true
num-bigint.workspace = true
serde.workspace = true
serde_json.workspace = true
sha2.workspace = true
thiserror.workspace = true
x509-cert.workspace = true
x509-parser.workspace = true

# mobilecoin
mc-attestation-verifier.workspace = true
mc-sgx-dcap-types.workspace = true

# cosmos
cosmwasm-schema.workspace = true
cosmwasm-std.workspace = true

[dev-dependencies]
hex = "0.4.3"
mc-sgx-dcap-types.workspace = true
mc-sgx-core-types.workspace = true
mc-sgx-dcap-sys-types.workspace = true

Development

To run tests:

cargo test

Safety

This crate uses #![deny(unsafe_code)] to ensure everything is implemented in 100% Safe Rust.

#![warn(
    clippy::checked_conversions,
    clippy::panic,
    clippy::panic_in_result_fn,
    clippy::unwrap_used,
    rust_2018_idioms,
    unused_lifetimes
)]
#![deny(
    trivial_casts,
    trivial_numeric_casts,
    unused_import_braces,
    unused_qualifications,
    warnings
)]
// FIXME(hu55a1n1) - uncomment once we have better wrappers for FFI structs and ctors
// #![forbid(unsafe_code)]

Note: There's a TODO to uncomment the #![forbid(unsafe_code)] once better wrappers for FFI structs and constructors are implemented.

Commit count: 312

cargo fmt