openhcl_attestation_protocol/
vmgs.rs1use zerocopy::FromBytes;
7use zerocopy::Immutable;
8use zerocopy::IntoBytes;
9use zerocopy::KnownLayout;
10
11pub const NUMBER_KP: usize = 2;
14
15pub const DEK_BUFFER_SIZE: usize = 512;
17
18pub const GSP_BUFFER_SIZE: usize = 512;
20
21pub const KEY_PROTECTOR_SIZE: usize = size_of::<KeyProtector>();
23
24#[repr(C)]
26#[derive(Debug, IntoBytes, Immutable, KnownLayout, FromBytes)]
27pub struct DekKp {
28 pub dek_buffer: [u8; DEK_BUFFER_SIZE],
30}
31
32#[repr(C)]
34#[derive(Debug, IntoBytes, Immutable, KnownLayout, FromBytes)]
35pub struct GspKp {
36 pub gsp_length: u32,
38 pub gsp_buffer: [u8; GSP_BUFFER_SIZE],
40}
41
42#[repr(C)]
44#[derive(Debug, IntoBytes, Immutable, KnownLayout, FromBytes)]
45pub struct KeyProtector {
46 pub dek: [DekKp; NUMBER_KP],
48 pub gsp: [GspKp; NUMBER_KP],
50 pub active_kp: u32,
52}
53
54#[repr(C)]
56#[derive(Debug, IntoBytes, Immutable, KnownLayout, FromBytes)]
57pub struct KeyProtectorById {
58 pub id_guid: guid::Guid,
60 pub ported: u8,
62 pub pad: [u8; 3],
64}
65
66pub const AGENT_DATA_MAX_SIZE: usize = 2048;
68
69#[repr(C)]
71#[derive(Debug, IntoBytes, Immutable, KnownLayout, FromBytes)]
72pub struct SecurityProfile {
73 pub agent_data: [u8; AGENT_DATA_MAX_SIZE],
75}
76
77pub const HW_KEY_PROTECTOR_VERSION_1: u32 = 1;
83pub const HW_KEY_PROTECTOR_VERSION_2: u32 = 2;
84pub const HW_KEY_PROTECTOR_CURRENT_VERSION: u32 = HW_KEY_PROTECTOR_VERSION_2;
85
86pub const HW_KEY_PROTECTOR_SIZE: usize = size_of::<HardwareKeyProtector>();
88
89pub const AES_GCM_KEY_LENGTH: usize = 32;
91
92pub const AES_CBC_KEY_LENGTH: usize = AES_GCM_KEY_LENGTH;
94
95pub const AES_CBC_IV_LENGTH: usize = 16;
97
98pub const HMAC_SHA_256_KEY_LENGTH: usize = 32;
100
101#[repr(C)]
103#[derive(Debug, IntoBytes, Immutable, KnownLayout, FromBytes)]
104pub struct HardwareKeyProtectorHeader {
105 pub version: u32,
107 pub length: u32,
109 pub tcb_version: u64,
111 pub mix_measurement: u8,
114 pub _reserved: [u8; 7],
116}
117
118impl HardwareKeyProtectorHeader {
119 pub fn new(version: u32, length: u32, tcb_version: u64, mix_measurement: u8) -> Self {
121 Self {
122 version,
123 length,
124 tcb_version,
125 mix_measurement,
126 _reserved: [0; 7],
127 }
128 }
129}
130
131#[repr(C)]
133#[derive(Debug, IntoBytes, Immutable, KnownLayout, FromBytes)]
134pub struct HardwareKeyProtector {
135 pub header: HardwareKeyProtectorHeader,
137 pub iv: [u8; AES_CBC_IV_LENGTH],
139 pub ciphertext: [u8; AES_GCM_KEY_LENGTH],
141 pub hmac: [u8; HMAC_SHA_256_KEY_LENGTH],
143}
144
145pub const GUEST_SECRET_KEY_MAX_SIZE: usize = 2048;
147
148#[repr(C)]
150#[derive(Debug, IntoBytes, Immutable, KnownLayout, FromBytes)]
151pub struct GuestSecretKey {
152 pub guest_secret_key: [u8; GUEST_SECRET_KEY_MAX_SIZE],
154}
155
156#[cfg(test)]
157mod tests {
158 use super::*;
159
160 #[test]
161 fn hardware_key_protector_header_new() {
162 let h = HardwareKeyProtectorHeader::new(2, 104, 0x1234, 1);
163 assert_eq!(h.version, 2);
164 assert_eq!(h.length, 104);
165 assert_eq!(h.tcb_version, 0x1234);
166 assert_eq!(h.mix_measurement, 1);
167 assert_eq!(h._reserved, [0; 7]);
168 }
169}