From 948c42ebce44e17ed1ff4432a4a8bc1c926bf26b Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 16 Nov 2023 08:50:49 +0000 Subject: [PATCH] Update gh-pages from e9fb3deba9cbbfc02f2859b5ac126cffcffc0597 --- doc/oak_dice/all.html | 2 +- .../evidence/constant.CERTIFICATE_SIZE.html | 2 +- .../constant.DICE_DATA_CMDLINE_PARAM.html | 2 +- .../constant.P256_PRIVATE_KEY_SIZE.html | 2 + .../evidence/constant.PUBLIC_KEY_SIZE.html | 2 +- .../evidence/constant.STAGE0_MAGIC.html | 2 +- doc/oak_dice/evidence/enum.TeePlatform.html | 8 +- doc/oak_dice/evidence/index.html | 4 +- doc/oak_dice/evidence/sidebar-items.js | 2 +- .../evidence/struct.ApplicationKeys.html | 8 +- .../struct.ApplicationPrivateKeys.html | 8 +- .../evidence/struct.CertificateAuthority.html | 8 +- doc/oak_dice/evidence/struct.Evidence.html | 8 +- .../evidence/struct.LayerEvidence.html | 8 +- .../struct.RestrictedKernelDiceData.html | 11 +- .../evidence/struct.RootLayerEvidence.html | 8 +- .../evidence/struct.Stage0DiceData.html | 8 +- doc/oak_functions_service/index.html | 2 +- .../oak/functions/trait.OakFunctions.html | 2 +- .../struct.OakFunctionsService.html | 10 +- doc/oak_remote_attestation/dice/index.html | 2 +- .../dice/struct.DiceBuilder.html | 8 +- .../oak/attestation/v1/struct.DiceData.html | 4 +- .../attestation/v1/struct.LayerEvidence.html | 2 +- doc/oak_restricted_kernel/fn.panic.html | 2 +- .../fn.start_kernel.html | 2 +- doc/oak_restricted_kernel/index.html | 2 +- .../static.FRAME_ALLOCATOR.html | 2 +- .../static.GUEST_HOST_HEAP.html | 2 +- .../static.PAGE_TABLES.html | 2 +- .../static.VMA_ALLOCATOR.html | 2 +- doc/search-index.js | 2 +- doc/src-files.js | 2 +- doc/src/oak_dice/evidence.rs.html | 10 +- doc/src/oak_functions_service/lib.rs.html | 52 +---- doc/src/oak_remote_attestation/dice.rs.html | 8 +- .../dice_attestation.rs.html | 191 ++++++++++++++++++ doc/src/oak_restricted_kernel/lib.rs.html | 12 +- .../oak_restricted_kernel/syscall/mod.rs.html | 12 +- 39 files changed, 292 insertions(+), 134 deletions(-) create mode 100644 doc/oak_dice/evidence/constant.P256_PRIVATE_KEY_SIZE.html create mode 100644 doc/src/oak_restricted_kernel/dice_attestation.rs.html diff --git a/doc/oak_dice/all.html b/doc/oak_dice/all.html index c23fae97833..8042a195644 100644 --- a/doc/oak_dice/all.html +++ b/doc/oak_dice/all.html @@ -1 +1 @@ -List of all items in this crate

List of all items

Structs

Enums

Functions

Constants

\ No newline at end of file +List of all items in this crate

List of all items

Structs

Enums

Functions

Constants

\ No newline at end of file diff --git a/doc/oak_dice/evidence/constant.CERTIFICATE_SIZE.html b/doc/oak_dice/evidence/constant.CERTIFICATE_SIZE.html index c9c6dacc53e..9a3efdd138a 100644 --- a/doc/oak_dice/evidence/constant.CERTIFICATE_SIZE.html +++ b/doc/oak_dice/evidence/constant.CERTIFICATE_SIZE.html @@ -1,2 +1,2 @@ -CERTIFICATE_SIZE in oak_dice::evidence - Rust

Constant oak_dice::evidence::CERTIFICATE_SIZE

source · 
pub const CERTIFICATE_SIZE: usize = 1024;
Expand description

The maximum size of a serialized CWT certificate.

+CERTIFICATE_SIZE in oak_dice::evidence - Rust

Constant oak_dice::evidence::CERTIFICATE_SIZE

source · 
pub const CERTIFICATE_SIZE: usize = 1024;
Expand description

The maximum size of a serialized CWT certificate.

\ No newline at end of file diff --git a/doc/oak_dice/evidence/constant.DICE_DATA_CMDLINE_PARAM.html b/doc/oak_dice/evidence/constant.DICE_DATA_CMDLINE_PARAM.html index aefedfcf71f..3907b3f57e1 100644 --- a/doc/oak_dice/evidence/constant.DICE_DATA_CMDLINE_PARAM.html +++ b/doc/oak_dice/evidence/constant.DICE_DATA_CMDLINE_PARAM.html @@ -1,3 +1,3 @@ -DICE_DATA_CMDLINE_PARAM in oak_dice::evidence - Rust

Constant oak_dice::evidence::DICE_DATA_CMDLINE_PARAM

source · 
pub const DICE_DATA_CMDLINE_PARAM: &str = "oak-dice";
Expand description

The name of the kernel command-line parameter that is used to send the physical address of the +DICE_DATA_CMDLINE_PARAM in oak_dice::evidence - Rust

Constant oak_dice::evidence::DICE_DATA_CMDLINE_PARAM

source · 
pub const DICE_DATA_CMDLINE_PARAM: &str = "oak-dice";
Expand description

The name of the kernel command-line parameter that is used to send the physical address of the Stage 0 DICE data struct.

\ No newline at end of file diff --git a/doc/oak_dice/evidence/constant.P256_PRIVATE_KEY_SIZE.html b/doc/oak_dice/evidence/constant.P256_PRIVATE_KEY_SIZE.html new file mode 100644 index 00000000000..f657a163e7b --- /dev/null +++ b/doc/oak_dice/evidence/constant.P256_PRIVATE_KEY_SIZE.html @@ -0,0 +1,2 @@ +P256_PRIVATE_KEY_SIZE in oak_dice::evidence - Rust

Constant oak_dice::evidence::P256_PRIVATE_KEY_SIZE

source · 
pub const P256_PRIVATE_KEY_SIZE: usize = 32;
Expand description

The actual size used when encoding a Nist P256 private key.

+
\ No newline at end of file diff --git a/doc/oak_dice/evidence/constant.PUBLIC_KEY_SIZE.html b/doc/oak_dice/evidence/constant.PUBLIC_KEY_SIZE.html index 791e6dcc5f0..34e26cf016d 100644 --- a/doc/oak_dice/evidence/constant.PUBLIC_KEY_SIZE.html +++ b/doc/oak_dice/evidence/constant.PUBLIC_KEY_SIZE.html @@ -1,2 +1,2 @@ -PUBLIC_KEY_SIZE in oak_dice::evidence - Rust

Constant oak_dice::evidence::PUBLIC_KEY_SIZE

source · 
pub const PUBLIC_KEY_SIZE: usize = 256;
Expand description

The maximum size of a serialized COSE Key object representing an ECDSA public key.

+PUBLIC_KEY_SIZE in oak_dice::evidence - Rust

Constant oak_dice::evidence::PUBLIC_KEY_SIZE

source · 
pub const PUBLIC_KEY_SIZE: usize = 256;
Expand description

The maximum size of a serialized COSE Key object representing an ECDSA public key.

\ No newline at end of file diff --git a/doc/oak_dice/evidence/constant.STAGE0_MAGIC.html b/doc/oak_dice/evidence/constant.STAGE0_MAGIC.html index d2544a1b35f..8771c978cac 100644 --- a/doc/oak_dice/evidence/constant.STAGE0_MAGIC.html +++ b/doc/oak_dice/evidence/constant.STAGE0_MAGIC.html @@ -1,2 +1,2 @@ -STAGE0_MAGIC in oak_dice::evidence - Rust

Constant oak_dice::evidence::STAGE0_MAGIC

source · 
pub const STAGE0_MAGIC: u64 = _; // 7_305_798_899_521_511_791u64
Expand description

The magic number used to identify the Stage 0 DICE data in memory.

+STAGE0_MAGIC in oak_dice::evidence - Rust

Constant oak_dice::evidence::STAGE0_MAGIC

source · 
pub const STAGE0_MAGIC: u64 = _; // 7_305_798_899_521_511_791u64
Expand description

The magic number used to identify the Stage 0 DICE data in memory.

\ No newline at end of file diff --git a/doc/oak_dice/evidence/enum.TeePlatform.html b/doc/oak_dice/evidence/enum.TeePlatform.html index 59a05778f38..3071e24f4b8 100644 --- a/doc/oak_dice/evidence/enum.TeePlatform.html +++ b/doc/oak_dice/evidence/enum.TeePlatform.html @@ -1,4 +1,4 @@ -TeePlatform in oak_dice::evidence - Rust

Enum oak_dice::evidence::TeePlatform

source · 
#[repr(u64)]
pub enum TeePlatform {
+TeePlatform in oak_dice::evidence - Rust
Enum oak_dice::evidence::TeePlatform
source · 
#[repr(u64)]
pub enum TeePlatform {
     Unspecified = 0,
     AmdSevSnp = 1,
     IntelTdx = 2,
@@ -6,10 +6,10 @@

Variants§

§

Unspecified = 0

Platform is not specified.

§

AmdSevSnp = 1

AMD SEV-SNP.

§

IntelTdx = 2

Intel TDX.

-

Implementations§

source§

impl TeePlatform

source

pub const fn from_repr(discriminant: u64) -> Option<TeePlatform>

Try to create Self from the raw representation

-

Trait Implementations§

source§

impl Clone for TeePlatform

source§

fn clone(&self) -> TeePlatform

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for TeePlatform

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl Display for TeePlatform

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
source§

impl PartialEq<TeePlatform> for TeePlatform

source§

fn eq(&self, other: &TeePlatform) -> bool

This method tests for self and other values to be equal, and is used +

Implementations§

source§

impl TeePlatform

source

pub const fn from_repr(discriminant: u64) -> Option<TeePlatform>

Try to create Self from the raw representation

+

Trait Implementations§

source§

impl Clone for TeePlatform

source§

fn clone(&self) -> TeePlatform

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for TeePlatform

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl Display for TeePlatform

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
source§

impl PartialEq<TeePlatform> for TeePlatform

source§

fn eq(&self, other: &TeePlatform) -> bool

This method tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always -sufficient, and should not be overridden without very good reason.
source§

impl Copy for TeePlatform

source§

impl Eq for TeePlatform

source§

impl StructuralEq for TeePlatform

source§

impl StructuralPartialEq for TeePlatform

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for Twhere +sufficient, and should not be overridden without very good reason.

source§

impl Copy for TeePlatform

source§

impl Eq for TeePlatform

source§

impl StructuralEq for TeePlatform

source§

impl StructuralPartialEq for TeePlatform

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for Twhere T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for Twhere T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for Twhere T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

diff --git a/doc/oak_dice/evidence/index.html b/doc/oak_dice/evidence/index.html index 0f8bc8d0760..4b13833b5f2 100644 --- a/doc/oak_dice/evidence/index.html +++ b/doc/oak_dice/evidence/index.html @@ -1,5 +1,5 @@ -oak_dice::evidence - Rust

Module oak_dice::evidence

source ·
Expand description

C-like structs for representing DICE data in environments where we don’t have protocol buffer +oak_dice::evidence - Rust

Module oak_dice::evidence

source ·
Expand description

C-like structs for representing DICE data in environments where we don’t have protocol buffer support.

Structs

  • ApplicationKeys
    Certificates for the ECDSA keys that can be used for an application for signing or encryption.
  • ApplicationPrivateKeys
    ECDSA private keys that can be used for an application for signing or encryption.
  • CertificateAuthority
    Private key that can be used by a layer to sign a certificate for the next layer.
  • Evidence
    Wrapper for passing the attestation evidence from the Restricted Kernel to the application.
  • LayerEvidence
    Attestation evidence for non-root layers.
  • RestrictedKernelDiceData
    Wrapper for passing the attestation evidence and private keys from the Restricted Kernel to the application.
  • RootLayerEvidence
    Attestation evidence generated by Stage 0.
  • Stage0DiceData
    Wrapper for passing DICE info from Stage0 to the next layer (Stage 1 or the Restricted Kernel).

Enums

  • TeePlatform
    The hardware platform providing the Trusted Execution Environment.

Constants

  • CERTIFICATE_SIZE
    The maximum size of a serialized CWT certificate.
  • DICE_DATA_CMDLINE_PARAM
    The name of the kernel command-line parameter that is used to send the physical address of the -Stage 0 DICE data struct.
  • PRIVATE_KEY_SIZE
    The maximum size of an ECDSA private key.
  • PUBLIC_KEY_SIZE
    The maximum size of a serialized COSE Key object representing an ECDSA public key.
  • REPORT_SIZE
    The maximum size of the signed attestation report.
  • STAGE0_MAGIC
    The magic number used to identify the Stage 0 DICE data in memory.
\ No newline at end of file +Stage 0 DICE data struct.
  • P256_PRIVATE_KEY_SIZE
    The actual size used when encoding a Nist P256 private key.
  • PRIVATE_KEY_SIZE
    The maximum size of an ECDSA private key.
  • PUBLIC_KEY_SIZE
    The maximum size of a serialized COSE Key object representing an ECDSA public key.
  • REPORT_SIZE
    The maximum size of the signed attestation report.
  • STAGE0_MAGIC
    The magic number used to identify the Stage 0 DICE data in memory.
    • \ No newline at end of file diff --git a/doc/oak_dice/evidence/sidebar-items.js b/doc/oak_dice/evidence/sidebar-items.js index 83b90eed6f5..bcb67647235 100644 --- a/doc/oak_dice/evidence/sidebar-items.js +++ b/doc/oak_dice/evidence/sidebar-items.js @@ -1 +1 @@ -window.SIDEBAR_ITEMS = {"constant":["CERTIFICATE_SIZE","DICE_DATA_CMDLINE_PARAM","PRIVATE_KEY_SIZE","PUBLIC_KEY_SIZE","REPORT_SIZE","STAGE0_MAGIC"],"enum":["TeePlatform"],"struct":["ApplicationKeys","ApplicationPrivateKeys","CertificateAuthority","Evidence","LayerEvidence","RestrictedKernelDiceData","RootLayerEvidence","Stage0DiceData"]}; \ No newline at end of file +window.SIDEBAR_ITEMS = {"constant":["CERTIFICATE_SIZE","DICE_DATA_CMDLINE_PARAM","P256_PRIVATE_KEY_SIZE","PRIVATE_KEY_SIZE","PUBLIC_KEY_SIZE","REPORT_SIZE","STAGE0_MAGIC"],"enum":["TeePlatform"],"struct":["ApplicationKeys","ApplicationPrivateKeys","CertificateAuthority","Evidence","LayerEvidence","RestrictedKernelDiceData","RootLayerEvidence","Stage0DiceData"]}; \ No newline at end of file diff --git a/doc/oak_dice/evidence/struct.ApplicationKeys.html b/doc/oak_dice/evidence/struct.ApplicationKeys.html index f30ad98874c..9ccf81a3ccf 100644 --- a/doc/oak_dice/evidence/struct.ApplicationKeys.html +++ b/doc/oak_dice/evidence/struct.ApplicationKeys.html @@ -1,4 +1,4 @@ -ApplicationKeys in oak_dice::evidence - Rust

    Struct oak_dice::evidence::ApplicationKeys

    source · 
    #[repr(C)]
    pub struct ApplicationKeys {
+ApplicationKeys in oak_dice::evidence - Rust
    Struct oak_dice::evidence::ApplicationKeys
    source · 
    #[repr(C)]
    pub struct ApplicationKeys {
     pub signing_public_key_certificate: [u8; 1024],
     pub encryption_public_key_certificate: [u8; 1024],
 }
    Expand description
    Certificates for the ECDSA keys that can be used for an application for signing or encryption.
    
@@ -6,14 +6,14 @@
 measurements of the application.
    
 
    §encryption_public_key_certificate: [u8; 1024]
    Serialized CWT certificate for the encryption private key. The certificate must include
 measurements of the application.
    
-
    Trait Implementations§
    source§
    impl AsBytes for ApplicationKeyswhere
+
    Trait Implementations§
    source§
    impl AsBytes for ApplicationKeyswhere
     [u8; 1024]: AsBytes,
     HasPadding<ApplicationKeys, { _ }>: ShouldBe<{ _ }>,
    §
    fn as_bytes(&self) -> &[u8] 
    Gets the bytes of this value. Read more
    §
    fn as_bytes_mut(&mut self) -> &mut [u8] where
-    Self: FromBytes,
    Gets the bytes of this value mutably. Read more
    §
    fn write_to(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to bytes. Read more
    §
    fn write_to_prefix(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to the prefix of bytes. Read more
    §
    fn write_to_suffix(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to the suffix of bytes. Read more
    source§
    impl FromBytes for ApplicationKeyswhere
+    Self: FromBytes,
    Gets the bytes of this value mutably. Read more
    §
    fn write_to(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to bytes. Read more
    §
    fn write_to_prefix(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to the prefix of bytes. Read more
    §
    fn write_to_suffix(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to the suffix of bytes. Read more
    source§
    impl FromBytes for ApplicationKeyswhere
     [u8; 1024]: FromBytes,
    §
    fn read_from(bytes: &[u8]) -> Option<Self>where
     Self: Sized,
    Reads a copy of Self from bytes. Read more
    §
    fn read_from_prefix(bytes: &[u8]) -> Option<Self>where
     Self: Sized,
    Reads a copy of Self from the prefix of bytes. Read more
    §
    fn read_from_suffix(bytes: &[u8]) -> Option<Self>where
-    Self: Sized,
    Reads a copy of Self from the suffix of bytes. Read more
    source§
    impl FromZeroes for ApplicationKeyswhere
+    Self: Sized,
    Reads a copy of Self from the suffix of bytes. Read more
    source§

    impl FromZeroes for ApplicationKeyswhere [u8; 1024]: FromZeroes,

    §

    fn zero(&mut self)

    Overwrites self with zeroes. Read more
    §

    fn new_zeroed() -> Selfwhere Self: Sized,

    Creates an instance of Self from zeroed bytes.

    Auto Trait Implementations§

    Blanket Implementations§

    source§

    impl<T> Any for Twhere T: 'static + ?Sized,

    source§

    fn type_id(&self) -> TypeId

    Gets the TypeId of self. Read more
    source§

    impl<T> Borrow<T> for Twhere diff --git a/doc/oak_dice/evidence/struct.ApplicationPrivateKeys.html b/doc/oak_dice/evidence/struct.ApplicationPrivateKeys.html index 3fa17ff863c..080d2cdb6ec 100644 --- a/doc/oak_dice/evidence/struct.ApplicationPrivateKeys.html +++ b/doc/oak_dice/evidence/struct.ApplicationPrivateKeys.html @@ -1,17 +1,17 @@ -ApplicationPrivateKeys in oak_dice::evidence - Rust

    Struct oak_dice::evidence::ApplicationPrivateKeys

    source · 
    #[repr(C)]
    pub struct ApplicationPrivateKeys {
+ApplicationPrivateKeys in oak_dice::evidence - Rust
    Struct oak_dice::evidence::ApplicationPrivateKeys
    source · 
    #[repr(C)]
    pub struct ApplicationPrivateKeys {
     pub signing_private_key: [u8; 64],
     pub encryption_private_key: [u8; 64],
 }
    Expand description
    ECDSA private keys that can be used for an application for signing or encryption.
    
 
    Fields§
    §signing_private_key: [u8; 64]
    The RAW bytes representing an ECDSA private key that can be used to sign arbitrary data.
    
 
    §encryption_private_key: [u8; 64]
    The RAW bytes representing an ECDSA private key that can be used for hybrid encryption.
    
-
    Trait Implementations§
    source§
    impl AsBytes for ApplicationPrivateKeyswhere
+
    Trait Implementations§
    source§
    impl AsBytes for ApplicationPrivateKeyswhere
     [u8; 64]: AsBytes,
     HasPadding<ApplicationPrivateKeys, { _ }>: ShouldBe<{ _ }>,
    §
    fn as_bytes(&self) -> &[u8] 
    Gets the bytes of this value. Read more
    §
    fn as_bytes_mut(&mut self) -> &mut [u8] where
-    Self: FromBytes,
    Gets the bytes of this value mutably. Read more
    §
    fn write_to(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to bytes. Read more
    §
    fn write_to_prefix(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to the prefix of bytes. Read more
    §
    fn write_to_suffix(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to the suffix of bytes. Read more
    source§
    impl Drop for ApplicationPrivateKeys
    source§
    fn drop(&mut self)
    Executes the destructor for this type. Read more
    source§
    impl FromBytes for ApplicationPrivateKeyswhere
+    Self: FromBytes,
    Gets the bytes of this value mutably. Read more
    §
    fn write_to(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to bytes. Read more
    §
    fn write_to_prefix(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to the prefix of bytes. Read more
    §
    fn write_to_suffix(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to the suffix of bytes. Read more

    source§

    impl Drop for ApplicationPrivateKeys

    source§

    fn drop(&mut self)

    Executes the destructor for this type. Read more
    source§

    impl FromBytes for ApplicationPrivateKeyswhere [u8; 64]: FromBytes,

    §

    fn read_from(bytes: &[u8]) -> Option<Self>where Self: Sized,

    Reads a copy of Self from bytes. Read more
    §

    fn read_from_prefix(bytes: &[u8]) -> Option<Self>where Self: Sized,

    Reads a copy of Self from the prefix of bytes. Read more
    §

    fn read_from_suffix(bytes: &[u8]) -> Option<Self>where - Self: Sized,

    Reads a copy of Self from the suffix of bytes. Read more
    source§

    impl FromZeroes for ApplicationPrivateKeyswhere + Self: Sized,

    Reads a copy of Self from the suffix of bytes. Read more
    source§

    impl FromZeroes for ApplicationPrivateKeyswhere [u8; 64]: FromZeroes,

    §

    fn zero(&mut self)

    Overwrites self with zeroes. Read more
    §

    fn new_zeroed() -> Selfwhere Self: Sized,

    Creates an instance of Self from zeroed bytes.

    Auto Trait Implementations§

    Blanket Implementations§

    source§

    impl<T> Any for Twhere T: 'static + ?Sized,

    source§

    fn type_id(&self) -> TypeId

    Gets the TypeId of self. Read more
    source§

    impl<T> Borrow<T> for Twhere diff --git a/doc/oak_dice/evidence/struct.CertificateAuthority.html b/doc/oak_dice/evidence/struct.CertificateAuthority.html index 71a4d4b6c23..aa19e6538d0 100644 --- a/doc/oak_dice/evidence/struct.CertificateAuthority.html +++ b/doc/oak_dice/evidence/struct.CertificateAuthority.html @@ -1,15 +1,15 @@ -CertificateAuthority in oak_dice::evidence - Rust

    Struct oak_dice::evidence::CertificateAuthority

    source · 
    #[repr(C)]
    pub struct CertificateAuthority {
+CertificateAuthority in oak_dice::evidence - Rust
    Struct oak_dice::evidence::CertificateAuthority
    source · 
    #[repr(C)]
    pub struct CertificateAuthority {
     pub eca_private_key: [u8; 64],
 }
    Expand description
    Private key that can be used by a layer to sign a certificate for the next layer.
    
 
    Fields§
    §eca_private_key: [u8; 64]
    The RAW bytes representing an ECDSA private key.
    
-
    Trait Implementations§
    source§
    impl AsBytes for CertificateAuthoritywhere
+
    Trait Implementations§
    source§
    impl AsBytes for CertificateAuthoritywhere
     [u8; 64]: AsBytes,
     HasPadding<CertificateAuthority, { _ }>: ShouldBe<{ _ }>,
    §
    fn as_bytes(&self) -> &[u8] 
    Gets the bytes of this value. Read more
    §
    fn as_bytes_mut(&mut self) -> &mut [u8] where
-    Self: FromBytes,
    Gets the bytes of this value mutably. Read more
    §
    fn write_to(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to bytes. Read more
    §
    fn write_to_prefix(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to the prefix of bytes. Read more
    §
    fn write_to_suffix(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to the suffix of bytes. Read more
    source§
    impl Drop for CertificateAuthority
    source§
    fn drop(&mut self)
    Executes the destructor for this type. Read more
    source§
    impl FromBytes for CertificateAuthoritywhere
+    Self: FromBytes,
    Gets the bytes of this value mutably. Read more
    §
    fn write_to(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to bytes. Read more
    §
    fn write_to_prefix(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to the prefix of bytes. Read more
    §
    fn write_to_suffix(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to the suffix of bytes. Read more

    source§

    impl Drop for CertificateAuthority

    source§

    fn drop(&mut self)

    Executes the destructor for this type. Read more
    source§

    impl FromBytes for CertificateAuthoritywhere [u8; 64]: FromBytes,

    §

    fn read_from(bytes: &[u8]) -> Option<Self>where Self: Sized,

    Reads a copy of Self from bytes. Read more
    §

    fn read_from_prefix(bytes: &[u8]) -> Option<Self>where Self: Sized,

    Reads a copy of Self from the prefix of bytes. Read more
    §

    fn read_from_suffix(bytes: &[u8]) -> Option<Self>where - Self: Sized,

    Reads a copy of Self from the suffix of bytes. Read more
    source§

    impl FromZeroes for CertificateAuthoritywhere + Self: Sized,

    Reads a copy of Self from the suffix of bytes. Read more
    source§

    impl FromZeroes for CertificateAuthoritywhere [u8; 64]: FromZeroes,

    §

    fn zero(&mut self)

    Overwrites self with zeroes. Read more
    §

    fn new_zeroed() -> Selfwhere Self: Sized,

    Creates an instance of Self from zeroed bytes.

    Auto Trait Implementations§

    Blanket Implementations§

    source§

    impl<T> Any for Twhere T: 'static + ?Sized,

    source§

    fn type_id(&self) -> TypeId

    Gets the TypeId of self. Read more
    source§

    impl<T> Borrow<T> for Twhere diff --git a/doc/oak_dice/evidence/struct.Evidence.html b/doc/oak_dice/evidence/struct.Evidence.html index 565fa36dcf8..7f49ee26c99 100644 --- a/doc/oak_dice/evidence/struct.Evidence.html +++ b/doc/oak_dice/evidence/struct.Evidence.html @@ -1,4 +1,4 @@ -Evidence in oak_dice::evidence - Rust

    Struct oak_dice::evidence::Evidence

    source · 
    #[repr(C)]
    pub struct Evidence {
+Evidence in oak_dice::evidence - Rust
    Struct oak_dice::evidence::Evidence
    source · 
    #[repr(C)]
    pub struct Evidence {
     pub root_layer_evidence: RootLayerEvidence,
     pub restricted_kernel_evidence: LayerEvidence,
     pub application_keys: ApplicationKeys,
@@ -7,18 +7,18 @@
 
    §restricted_kernel_evidence: LayerEvidence
    The evidence about the Restricted Kernel.
    
 
    §application_keys: ApplicationKeys
    Keys (and associated certificates) that can be used by the application for encryption or
 signing.
    
-
    Trait Implementations§
    source§
    impl AsBytes for Evidencewhere
+
    Trait Implementations§
    source§
    impl AsBytes for Evidencewhere
     RootLayerEvidence: AsBytes,
     LayerEvidence: AsBytes,
     ApplicationKeys: AsBytes,
     HasPadding<Evidence, { _ }>: ShouldBe<{ _ }>,
    §
    fn as_bytes(&self) -> &[u8] 
    Gets the bytes of this value. Read more
    §
    fn as_bytes_mut(&mut self) -> &mut [u8] where
-    Self: FromBytes,
    Gets the bytes of this value mutably. Read more
    §
    fn write_to(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to bytes. Read more
    §
    fn write_to_prefix(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to the prefix of bytes. Read more
    §
    fn write_to_suffix(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to the suffix of bytes. Read more
    source§
    impl FromBytes for Evidencewhere
+    Self: FromBytes,
    Gets the bytes of this value mutably. Read more
    §
    fn write_to(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to bytes. Read more
    §
    fn write_to_prefix(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to the prefix of bytes. Read more
    §
    fn write_to_suffix(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to the suffix of bytes. Read more

    source§

    impl FromBytes for Evidencewhere RootLayerEvidence: FromBytes, LayerEvidence: FromBytes, ApplicationKeys: FromBytes,

    §

    fn read_from(bytes: &[u8]) -> Option<Self>where Self: Sized,

    Reads a copy of Self from bytes. Read more
    §

    fn read_from_prefix(bytes: &[u8]) -> Option<Self>where Self: Sized,

    Reads a copy of Self from the prefix of bytes. Read more
    §

    fn read_from_suffix(bytes: &[u8]) -> Option<Self>where - Self: Sized,

    Reads a copy of Self from the suffix of bytes. Read more
    source§

    impl FromZeroes for Evidencewhere + Self: Sized,

    Reads a copy of Self from the suffix of bytes. Read more
    source§

    impl FromZeroes for Evidencewhere RootLayerEvidence: FromZeroes, LayerEvidence: FromZeroes, ApplicationKeys: FromZeroes,

    §

    fn zero(&mut self)

    Overwrites self with zeroes. Read more
    §

    fn new_zeroed() -> Selfwhere diff --git a/doc/oak_dice/evidence/struct.LayerEvidence.html b/doc/oak_dice/evidence/struct.LayerEvidence.html index 6df555f363b..d2e6a6baa6f 100644 --- a/doc/oak_dice/evidence/struct.LayerEvidence.html +++ b/doc/oak_dice/evidence/struct.LayerEvidence.html @@ -1,16 +1,16 @@ -LayerEvidence in oak_dice::evidence - Rust

    Struct oak_dice::evidence::LayerEvidence

    source · 
    #[repr(C)]
    pub struct LayerEvidence {
+LayerEvidence in oak_dice::evidence - Rust
    Struct oak_dice::evidence::LayerEvidence
    source · 
    #[repr(C)]
    pub struct LayerEvidence {
     pub eca_certificate: [u8; 1024],
 }
    Expand description
    Attestation evidence for non-root layers.
    
 
    Fields§
    §eca_certificate: [u8; 1024]
    Serialized CWT certificate for the ECA private key owned by the corresponding layer. The
 certificate must include measurements of the layer that owns the private key.
    
-
    Trait Implementations§
    source§
    impl AsBytes for LayerEvidencewhere
+
    Trait Implementations§
    source§
    impl AsBytes for LayerEvidencewhere
     [u8; 1024]: AsBytes,
     HasPadding<LayerEvidence, { _ }>: ShouldBe<{ _ }>,
    §
    fn as_bytes(&self) -> &[u8] 
    Gets the bytes of this value. Read more
    §
    fn as_bytes_mut(&mut self) -> &mut [u8] where
-    Self: FromBytes,
    Gets the bytes of this value mutably. Read more
    §
    fn write_to(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to bytes. Read more
    §
    fn write_to_prefix(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to the prefix of bytes. Read more
    §
    fn write_to_suffix(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to the suffix of bytes. Read more
    source§
    impl FromBytes for LayerEvidencewhere
+    Self: FromBytes,
    Gets the bytes of this value mutably. Read more
    §
    fn write_to(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to bytes. Read more
    §
    fn write_to_prefix(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to the prefix of bytes. Read more
    §
    fn write_to_suffix(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to the suffix of bytes. Read more

    source§

    impl FromBytes for LayerEvidencewhere [u8; 1024]: FromBytes,

    §

    fn read_from(bytes: &[u8]) -> Option<Self>where Self: Sized,

    Reads a copy of Self from bytes. Read more
    §

    fn read_from_prefix(bytes: &[u8]) -> Option<Self>where Self: Sized,

    Reads a copy of Self from the prefix of bytes. Read more
    §

    fn read_from_suffix(bytes: &[u8]) -> Option<Self>where - Self: Sized,

    Reads a copy of Self from the suffix of bytes. Read more
    source§

    impl FromZeroes for LayerEvidencewhere + Self: Sized,

    Reads a copy of Self from the suffix of bytes. Read more
    source§

    impl FromZeroes for LayerEvidencewhere [u8; 1024]: FromZeroes,

    §

    fn zero(&mut self)

    Overwrites self with zeroes. Read more
    §

    fn new_zeroed() -> Selfwhere Self: Sized,

    Creates an instance of Self from zeroed bytes.

    Auto Trait Implementations§

    Blanket Implementations§

    source§

    impl<T> Any for Twhere T: 'static + ?Sized,

    source§

    fn type_id(&self) -> TypeId

    Gets the TypeId of self. Read more
    source§

    impl<T> Borrow<T> for Twhere diff --git a/doc/oak_dice/evidence/struct.RestrictedKernelDiceData.html b/doc/oak_dice/evidence/struct.RestrictedKernelDiceData.html index 47c8e044c7e..70e77eab672 100644 --- a/doc/oak_dice/evidence/struct.RestrictedKernelDiceData.html +++ b/doc/oak_dice/evidence/struct.RestrictedKernelDiceData.html @@ -1,15 +1,18 @@ -RestrictedKernelDiceData in oak_dice::evidence - Rust

    Struct oak_dice::evidence::RestrictedKernelDiceData

    source · 
    #[repr(C)]
    pub struct RestrictedKernelDiceData { /* private fields */ }
    Expand description

    Wrapper for passing the attestation evidence and private keys from the Restricted Kernel to the +RestrictedKernelDiceData in oak_dice::evidence - Rust

    Struct oak_dice::evidence::RestrictedKernelDiceData

    source · 
    #[repr(C)]
    pub struct RestrictedKernelDiceData {
+    pub evidence: Evidence,
+    pub application_private_keys: ApplicationPrivateKeys,
+}
    Expand description

    Wrapper for passing the attestation evidence and private keys from the Restricted Kernel to the application.

    -

    Trait Implementations§

    source§

    impl AsBytes for RestrictedKernelDiceDatawhere +

    Fields§

    §evidence: Evidence§application_private_keys: ApplicationPrivateKeys

    Trait Implementations§

    source§

    impl AsBytes for RestrictedKernelDiceDatawhere Evidence: AsBytes, ApplicationPrivateKeys: AsBytes, HasPadding<RestrictedKernelDiceData, { _ }>: ShouldBe<{ _ }>,

    §

    fn as_bytes(&self) -> &[u8]

    Gets the bytes of this value. Read more
    §

    fn as_bytes_mut(&mut self) -> &mut [u8] where - Self: FromBytes,

    Gets the bytes of this value mutably. Read more
    §

    fn write_to(&self, bytes: &mut [u8]) -> Option<()>

    Writes a copy of self to bytes. Read more
    §

    fn write_to_prefix(&self, bytes: &mut [u8]) -> Option<()>

    Writes a copy of self to the prefix of bytes. Read more
    §

    fn write_to_suffix(&self, bytes: &mut [u8]) -> Option<()>

    Writes a copy of self to the suffix of bytes. Read more
    source§

    impl FromBytes for RestrictedKernelDiceDatawhere + Self: FromBytes,

    Gets the bytes of this value mutably. Read more
    §

    fn write_to(&self, bytes: &mut [u8]) -> Option<()>

    Writes a copy of self to bytes. Read more
    §

    fn write_to_prefix(&self, bytes: &mut [u8]) -> Option<()>

    Writes a copy of self to the prefix of bytes. Read more
    §

    fn write_to_suffix(&self, bytes: &mut [u8]) -> Option<()>

    Writes a copy of self to the suffix of bytes. Read more

    source§

    impl FromBytes for RestrictedKernelDiceDatawhere Evidence: FromBytes, ApplicationPrivateKeys: FromBytes,

    §

    fn read_from(bytes: &[u8]) -> Option<Self>where Self: Sized,

    Reads a copy of Self from bytes. Read more
    §

    fn read_from_prefix(bytes: &[u8]) -> Option<Self>where Self: Sized,

    Reads a copy of Self from the prefix of bytes. Read more
    §

    fn read_from_suffix(bytes: &[u8]) -> Option<Self>where - Self: Sized,

    Reads a copy of Self from the suffix of bytes. Read more
    source§

    impl FromZeroes for RestrictedKernelDiceDatawhere + Self: Sized,

    Reads a copy of Self from the suffix of bytes. Read more
    source§

    impl FromZeroes for RestrictedKernelDiceDatawhere Evidence: FromZeroes, ApplicationPrivateKeys: FromZeroes,

    §

    fn zero(&mut self)

    Overwrites self with zeroes. Read more
    §

    fn new_zeroed() -> Selfwhere Self: Sized,

    Creates an instance of Self from zeroed bytes.

    Auto Trait Implementations§

    Blanket Implementations§

    source§

    impl<T> Any for Twhere diff --git a/doc/oak_dice/evidence/struct.RootLayerEvidence.html b/doc/oak_dice/evidence/struct.RootLayerEvidence.html index 5fd713b99a8..7053aace29c 100644 --- a/doc/oak_dice/evidence/struct.RootLayerEvidence.html +++ b/doc/oak_dice/evidence/struct.RootLayerEvidence.html @@ -1,4 +1,4 @@ -RootLayerEvidence in oak_dice::evidence - Rust

    Struct oak_dice::evidence::RootLayerEvidence

    source · 
    #[repr(C)]
    pub struct RootLayerEvidence {
+RootLayerEvidence in oak_dice::evidence - Rust
    Struct oak_dice::evidence::RootLayerEvidence
    source · 
    #[repr(C)]
    pub struct RootLayerEvidence {
     pub tee_platform: u64,
     pub remote_attestation_report: [u8; 2048],
     pub eca_public_key: [u8; 256],
@@ -11,18 +11,18 @@
 
    The SHA2-256 digest of this field must included as additional data in the signed remote
 attestation report to bind the key to the report. This means that the attestation
 report effectively acts as a non-standard certificate for this key.
    
-
    Implementations§
    Trait Implementations§
    source§
    impl AsBytes for RootLayerEvidencewhere
+
    Implementations§
    Trait Implementations§
    source§
    impl AsBytes for RootLayerEvidencewhere
     u64: AsBytes,
     [u8; 2048]: AsBytes,
     [u8; 256]: AsBytes,
     HasPadding<RootLayerEvidence, { _ }>: ShouldBe<{ _ }>,
    §
    fn as_bytes(&self) -> &[u8] 
    Gets the bytes of this value. Read more
    §
    fn as_bytes_mut(&mut self) -> &mut [u8] where
-    Self: FromBytes,
    Gets the bytes of this value mutably. Read more
    §
    fn write_to(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to bytes. Read more
    §
    fn write_to_prefix(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to the prefix of bytes. Read more
    §
    fn write_to_suffix(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to the suffix of bytes. Read more
    source§
    impl FromBytes for RootLayerEvidencewhere
+    Self: FromBytes,
    Gets the bytes of this value mutably. Read more
    §
    fn write_to(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to bytes. Read more
    §
    fn write_to_prefix(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to the prefix of bytes. Read more
    §
    fn write_to_suffix(&self, bytes: &mut [u8]) -> Option<()>
    Writes a copy of self to the suffix of bytes. Read more

    source§

    impl FromBytes for RootLayerEvidencewhere u64: FromBytes, [u8; 2048]: FromBytes, [u8; 256]: FromBytes,

    §

    fn read_from(bytes: &[u8]) -> Option<Self>where Self: Sized,

    Reads a copy of Self from bytes. Read more
    §

    fn read_from_prefix(bytes: &[u8]) -> Option<Self>where Self: Sized,

    Reads a copy of Self from the prefix of bytes. Read more
    §

    fn read_from_suffix(bytes: &[u8]) -> Option<Self>where - Self: Sized,

    Reads a copy of Self from the suffix of bytes. Read more
    source§

    impl FromZeroes for RootLayerEvidencewhere + Self: Sized,

    Reads a copy of Self from the suffix of bytes. Read more
    source§

    impl FromZeroes for RootLayerEvidencewhere u64: FromZeroes, [u8; 2048]: FromZeroes, [u8; 256]: FromZeroes,

    §

    fn zero(&mut self)

    Overwrites self with zeroes. Read more
    §

    fn new_zeroed() -> Selfwhere diff --git a/doc/oak_dice/evidence/struct.Stage0DiceData.html b/doc/oak_dice/evidence/struct.Stage0DiceData.html index 33897bfd584..5aca4b7a56e 100644 --- a/doc/oak_dice/evidence/struct.Stage0DiceData.html +++ b/doc/oak_dice/evidence/struct.Stage0DiceData.html @@ -1,4 +1,4 @@ -Stage0DiceData in oak_dice::evidence - Rust

    Struct oak_dice::evidence::Stage0DiceData

    source · 
    #[repr(C, align(4096))]
    pub struct Stage0DiceData {
+Stage0DiceData in oak_dice::evidence - Rust
    Struct oak_dice::evidence::Stage0DiceData
    source · 
    #[repr(C, align(4096))]
    pub struct Stage0DiceData {
     pub magic: u64,
     pub root_layer_evidence: RootLayerEvidence,
     pub layer_1_evidence: LayerEvidence,
@@ -8,14 +8,14 @@

    Fields§

    §magic: u64

    Magic number that is expected to always be set to the value of STAGE0_MAGIC.

    §root_layer_evidence: RootLayerEvidence

    The evidence about Stage 0 and the initial state of the VM.

    §layer_1_evidence: LayerEvidence

    The evidence about the next layer.

    -
    §layer_1_certificate_authority: CertificateAuthority

    Trait Implementations§

    source§

    impl AsBytes for Stage0DiceDatawhere +

    §layer_1_certificate_authority: CertificateAuthority

    Trait Implementations§

    source§

    impl AsBytes for Stage0DiceDatawhere u64: AsBytes, RootLayerEvidence: AsBytes, LayerEvidence: AsBytes, CertificateAuthority: AsBytes, [u8; 672]: AsBytes, HasPadding<Stage0DiceData, { _ }>: ShouldBe<{ _ }>,

    §

    fn as_bytes(&self) -> &[u8]

    Gets the bytes of this value. Read more
    §

    fn as_bytes_mut(&mut self) -> &mut [u8] where - Self: FromBytes,

    Gets the bytes of this value mutably. Read more
    §

    fn write_to(&self, bytes: &mut [u8]) -> Option<()>

    Writes a copy of self to bytes. Read more
    §

    fn write_to_prefix(&self, bytes: &mut [u8]) -> Option<()>

    Writes a copy of self to the prefix of bytes. Read more
    §

    fn write_to_suffix(&self, bytes: &mut [u8]) -> Option<()>

    Writes a copy of self to the suffix of bytes. Read more
    source§

    impl FromBytes for Stage0DiceDatawhere + Self: FromBytes,

    Gets the bytes of this value mutably. Read more
    §

    fn write_to(&self, bytes: &mut [u8]) -> Option<()>

    Writes a copy of self to bytes. Read more
    §

    fn write_to_prefix(&self, bytes: &mut [u8]) -> Option<()>

    Writes a copy of self to the prefix of bytes. Read more
    §

    fn write_to_suffix(&self, bytes: &mut [u8]) -> Option<()>

    Writes a copy of self to the suffix of bytes. Read more
    source§

    impl FromBytes for Stage0DiceDatawhere u64: FromBytes, RootLayerEvidence: FromBytes, LayerEvidence: FromBytes, @@ -23,7 +23,7 @@ [u8; 672]: FromBytes,

    §

    fn read_from(bytes: &[u8]) -> Option<Self>where Self: Sized,

    Reads a copy of Self from bytes. Read more
    §

    fn read_from_prefix(bytes: &[u8]) -> Option<Self>where Self: Sized,

    Reads a copy of Self from the prefix of bytes. Read more
    §

    fn read_from_suffix(bytes: &[u8]) -> Option<Self>where - Self: Sized,

    Reads a copy of Self from the suffix of bytes. Read more
    source§

    impl FromZeroes for Stage0DiceDatawhere + Self: Sized,

    Reads a copy of Self from the suffix of bytes. Read more
    source§

    impl FromZeroes for Stage0DiceDatawhere u64: FromZeroes, RootLayerEvidence: FromZeroes, LayerEvidence: FromZeroes, diff --git a/doc/oak_functions_service/index.html b/doc/oak_functions_service/index.html index 9cb89539ec4..2af6232abf7 100644 --- a/doc/oak_functions_service/index.html +++ b/doc/oak_functions_service/index.html @@ -1,2 +1,2 @@ oak_functions_service - Rust

    Crate oak_functions_service

    source ·

    Modules

    Structs

    \ No newline at end of file +
  • All Items

    • Crate oak_functions_service

    source ·

    Modules

    Structs

    \ No newline at end of file diff --git a/doc/oak_functions_service/proto/oak/functions/trait.OakFunctions.html b/doc/oak_functions_service/proto/oak/functions/trait.OakFunctions.html index 25f025f3102..368f9bc770b 100644 --- a/doc/oak_functions_service/proto/oak/functions/trait.OakFunctions.html +++ b/doc/oak_functions_service/proto/oak/functions/trait.OakFunctions.html @@ -35,4 +35,4 @@ ) -> Result<FinishNextLookupDataResponse, Status>

    source

    fn abort_next_lookup_data( &self, request: Empty -) -> Result<AbortNextLookupDataResponse, Status>

    Implementors§

    \ No newline at end of file +) -> Result<AbortNextLookupDataResponse, Status>

    Implementors§

    \ No newline at end of file diff --git a/doc/oak_functions_service/struct.OakFunctionsService.html b/doc/oak_functions_service/struct.OakFunctionsService.html index cab74fa5ab3..bae8afeaf7a 100644 --- a/doc/oak_functions_service/struct.OakFunctionsService.html +++ b/doc/oak_functions_service/struct.OakFunctionsService.html @@ -1,18 +1,18 @@ OakFunctionsService in oak_functions_service - Rust

    Struct oak_functions_service::OakFunctionsService

    source · 
    pub struct OakFunctionsService { /* private fields */ }

    Implementations§

    source§

    impl OakFunctionsService

    source

    pub fn new( attestation_report_generator: Arc<dyn AttestationReportGenerator> -) -> Self

    Trait Implementations§

    Trait Implementations§

    Auto Trait Implementations§

    Blanket Implementations§

    source§

    impl<T> Any for Twhere diff --git a/doc/oak_remote_attestation/dice/index.html b/doc/oak_remote_attestation/dice/index.html index 5d06e28d96a..fb8ed6bb33e 100644 --- a/doc/oak_remote_attestation/dice/index.html +++ b/doc/oak_remote_attestation/dice/index.html @@ -1 +1 @@ -oak_remote_attestation::dice - Rust

    Module oak_remote_attestation::dice

    source ·

    Structs

    • DiceBuilder
      Builds the DICE evidence and certificate authority for the next DICE layer.
    \ No newline at end of file +oak_remote_attestation::dice - Rust

    Module oak_remote_attestation::dice

    source ·

    Structs

    • DiceBuilder
      Builds the DICE evidence and certificate authority for the next DICE layer.
    \ No newline at end of file diff --git a/doc/oak_remote_attestation/dice/struct.DiceBuilder.html b/doc/oak_remote_attestation/dice/struct.DiceBuilder.html index 8b3d9d4278c..971519bd544 100644 --- a/doc/oak_remote_attestation/dice/struct.DiceBuilder.html +++ b/doc/oak_remote_attestation/dice/struct.DiceBuilder.html @@ -1,5 +1,5 @@ -DiceBuilder in oak_remote_attestation::dice - Rust

    Struct oak_remote_attestation::dice::DiceBuilder

    source · 
    pub struct DiceBuilder { /* private fields */ }
    Expand description

    Builds the DICE evidence and certificate authority for the next DICE layer.

    -

    Implementations§

    source§

    impl DiceBuilder

    source

    pub fn add_layer( +DiceBuilder in oak_remote_attestation::dice - Rust

    Struct oak_remote_attestation::dice::DiceBuilder

    source · 
    pub struct DiceBuilder { /* private fields */ }
    Expand description

    Builds the DICE evidence and certificate authority for the next DICE layer.

    +

    Implementations§

    source§

    impl DiceBuilder

    source

    pub fn add_layer( &mut self, additional_claims: Vec<(ClaimName, Value)> ) -> Result<()>

    Adds an additional layer of evidence to the DICE data.

    @@ -7,7 +7,7 @@ provided. Adding a layer generates a new ECA private key for the layer and uses it to replace the existing signing key. The CWT certificate contains the public key for this new signing key.

    -
    source

    pub fn add_application_keys( +

    source

    pub fn add_application_keys( self, additional_claims: Vec<(ClaimName, Value)>, kem_public_key: &[u8], @@ -15,7 +15,7 @@ ) -> Result<Evidence>

    Adds the CWT certificates application keys to the DICE data.

    Since no additional evidence can be added after the application keys are added, this consumes DICE data, discards the signing key and returns the finalized evidence.

    -

    Trait Implementations§

    source§

    impl From<DiceBuilder> for DiceData

    source§

    fn from(value: DiceBuilder) -> Self

    Converts to this type from the input type.
    source§

    impl TryFrom<DiceData> for DiceBuilder

    §

    type Error = Error

    The type returned in the event of a conversion error.
    source§

    fn try_from(value: DiceData) -> Result<Self>

    Performs the conversion.

    Auto Trait Implementations§

    Blanket Implementations§

    source§

    impl<T> Any for Twhere +

    Trait Implementations§

    source§

    impl From<DiceBuilder> for DiceData

    source§

    fn from(value: DiceBuilder) -> Self

    Converts to this type from the input type.
    source§

    impl TryFrom<DiceData> for DiceBuilder

    §

    type Error = Error

    The type returned in the event of a conversion error.
    source§

    fn try_from(value: DiceData) -> Result<Self>

    Performs the conversion.

    Auto Trait Implementations§

    Blanket Implementations§

    source§

    impl<T> Any for Twhere T: 'static + ?Sized,

    source§

    fn type_id(&self) -> TypeId

    Gets the TypeId of self. Read more
    source§

    impl<T> Borrow<T> for Twhere T: ?Sized,

    source§

    fn borrow(&self) -> &T

    Immutably borrows from an owned value. Read more
    source§

    impl<T> BorrowMut<T> for Twhere T: ?Sized,

    source§

    fn borrow_mut(&mut self) -> &mut T

    Mutably borrows from an owned value. Read more
    source§

    impl<T> From<T> for T

    source§

    fn from(t: T) -> T

    Returns the argument unchanged.

    diff --git a/doc/oak_remote_attestation/proto/oak/attestation/v1/struct.DiceData.html b/doc/oak_remote_attestation/proto/oak/attestation/v1/struct.DiceData.html index 00bf710d68f..07eb26547f5 100644 --- a/doc/oak_remote_attestation/proto/oak/attestation/v1/struct.DiceData.html +++ b/doc/oak_remote_attestation/proto/oak/attestation/v1/struct.DiceData.html @@ -2,7 +2,7 @@ pub evidence: Option<Evidence>, pub certificate_authority: Option<CertificateAuthority>, }
    Expand description

    Message that is sent between DICE layers.

    -

    Fields§

    §evidence: Option<Evidence>§certificate_authority: Option<CertificateAuthority>

    Trait Implementations§

    source§

    impl Clone for DiceData

    source§

    fn clone(&self) -> DiceData

    Returns a copy of the value. Read more
    1.0.0 · source§

    fn clone_from(&mut self, source: &Self)

    Performs copy-assignment from source. Read more
    source§

    impl Debug for DiceData

    source§

    fn fmt(&self, f: &mut Formatter<'_>) -> Result

    Formats the value using the given formatter. Read more
    source§

    impl Default for DiceData

    source§

    fn default() -> Self

    Returns the “default value” for a type. Read more
    source§

    impl Drop for DiceData

    source§

    fn drop(&mut self)

    Executes the destructor for this type. Read more
    source§

    impl From<DiceBuilder> for DiceData

    source§

    fn from(value: DiceBuilder) -> Self

    Converts to this type from the input type.
    source§

    impl Message for DiceData

    source§

    fn encoded_len(&self) -> usize

    Returns the encoded length of the message without a length delimiter.
    source§

    fn clear(&mut self)

    Clears the message, resetting all fields to their default.
    source§

    fn encode<B>(&self, buf: &mut B) -> Result<(), EncodeError>where +

    Fields§

    §evidence: Option<Evidence>§certificate_authority: Option<CertificateAuthority>

    Trait Implementations§

    source§

    impl Clone for DiceData

    source§

    fn clone(&self) -> DiceData

    Returns a copy of the value. Read more
    1.0.0 · source§

    fn clone_from(&mut self, source: &Self)

    Performs copy-assignment from source. Read more
    source§

    impl Debug for DiceData

    source§

    fn fmt(&self, f: &mut Formatter<'_>) -> Result

    Formats the value using the given formatter. Read more
    source§

    impl Default for DiceData

    source§

    fn default() -> Self

    Returns the “default value” for a type. Read more
    source§

    impl Drop for DiceData

    source§

    fn drop(&mut self)

    Executes the destructor for this type. Read more
    source§

    impl From<DiceBuilder> for DiceData

    source§

    fn from(value: DiceBuilder) -> Self

    Converts to this type from the input type.
    source§

    impl Message for DiceData

    source§

    fn encoded_len(&self) -> usize

    Returns the encoded length of the message without a length delimiter.
    source§

    fn clear(&mut self)

    Clears the message, resetting all fields to their default.
    source§

    fn encode<B>(&self, buf: &mut B) -> Result<(), EncodeError>where B: BufMut, Self: Sized,

    Encodes the message to a buffer. Read more
    source§

    fn encode_to_vec(&self) -> Vec<u8, Global>where Self: Sized,

    Encodes the message to a newly allocated buffer.
    source§

    fn encode_length_delimited<B>(&self, buf: &mut B) -> Result<(), EncodeError>where @@ -19,7 +19,7 @@ Self: Sized,

    Decodes a length-delimited instance of the message from buffer, and merges it into self.
    source§

    impl PartialEq<DiceData> for DiceData

    source§

    fn eq(&self, other: &DiceData) -> bool

    This method tests for self and other values to be equal, and is used by ==.
    1.0.0 · source§

    fn ne(&self, other: &Rhs) -> bool

    This method tests for !=. The default implementation is almost always -sufficient, and should not be overridden without very good reason.
    source§

    impl TryFrom<DiceData> for DiceBuilder

    §

    type Error = Error

    The type returned in the event of a conversion error.
    source§

    fn try_from(value: DiceData) -> Result<Self>

    Performs the conversion.
    source§

    impl TryFrom<Stage0DiceData> for DiceData

    §

    type Error = Error

    The type returned in the event of a conversion error.
    source§

    fn try_from(value: Stage0DiceData) -> Result<Self>

    Performs the conversion.
    source§

    impl StructuralPartialEq for DiceData

    Auto Trait Implementations§

    Blanket Implementations§

    source§

    impl<T> Any for Twhere +sufficient, and should not be overridden without very good reason.

    source§

    impl TryFrom<DiceData> for DiceBuilder

    §

    type Error = Error

    The type returned in the event of a conversion error.
    source§

    fn try_from(value: DiceData) -> Result<Self>

    Performs the conversion.
    source§

    impl TryFrom<Stage0DiceData> for DiceData

    §

    type Error = Error

    The type returned in the event of a conversion error.
    source§

    fn try_from(value: Stage0DiceData) -> Result<Self>

    Performs the conversion.
    source§

    impl StructuralPartialEq for DiceData

    Auto Trait Implementations§

    Blanket Implementations§

    source§

    impl<T> Any for Twhere T: 'static + ?Sized,

    source§

    fn type_id(&self) -> TypeId

    Gets the TypeId of self. Read more
    source§

    impl<T> Borrow<T> for Twhere T: ?Sized,

    source§

    fn borrow(&self) -> &T

    Immutably borrows from an owned value. Read more
    source§

    impl<T> BorrowMut<T> for Twhere T: ?Sized,

    source§

    fn borrow_mut(&mut self) -> &mut T

    Mutably borrows from an owned value. Read more
    source§

    impl<T> From<T> for T

    source§

    fn from(t: T) -> T

    Returns the argument unchanged.

    diff --git a/doc/oak_remote_attestation/proto/oak/attestation/v1/struct.LayerEvidence.html b/doc/oak_remote_attestation/proto/oak/attestation/v1/struct.LayerEvidence.html index e5669ed5739..1890789a9fa 100644 --- a/doc/oak_remote_attestation/proto/oak/attestation/v1/struct.LayerEvidence.html +++ b/doc/oak_remote_attestation/proto/oak/attestation/v1/struct.LayerEvidence.html @@ -4,7 +4,7 @@

    Fields§

    §eca_certificate: Vec<u8>

    Certificate signing current layer’s measurements and the ECA key.

    Represented as a CBOR/COSE/CWT ECA certificate. <https://www.rfc-editor.org/rfc/rfc8392.html>

    -

    Implementations§

    source§

    impl LayerEvidence

    source

    pub fn get_claims(&self) -> Result<ClaimsSet>

    Extracts the ClaimsSet encoded in the ECA certificate of the layer.

    +

    Implementations§

    source§

    impl LayerEvidence

    source

    pub fn get_claims(&self) -> Result<ClaimsSet>

    Extracts the ClaimsSet encoded in the ECA certificate of the layer.

    Trait Implementations§

    source§

    impl Clone for LayerEvidence

    source§

    fn clone(&self) -> LayerEvidence

    Returns a copy of the value. Read more
    1.0.0 · source§

    fn clone_from(&mut self, source: &Self)

    Performs copy-assignment from source. Read more
    source§

    impl Debug for LayerEvidence

    source§

    fn fmt(&self, f: &mut Formatter<'_>) -> Result

    Formats the value using the given formatter. Read more
    source§

    impl Default for LayerEvidence

    source§

    fn default() -> Self

    Returns the “default value” for a type. Read more
    source§

    impl Message for LayerEvidence

    source§

    fn encoded_len(&self) -> usize

    Returns the encoded length of the message without a length delimiter.
    source§

    fn clear(&mut self)

    Clears the message, resetting all fields to their default.
    source§

    fn encode<B>(&self, buf: &mut B) -> Result<(), EncodeError>where B: BufMut, Self: Sized,

    Encodes the message to a buffer. Read more
    source§

    fn encode_to_vec(&self) -> Vec<u8, Global>where diff --git a/doc/oak_restricted_kernel/fn.panic.html b/doc/oak_restricted_kernel/fn.panic.html index 14c8ff5fb84..967ad8b6f4b 100644 --- a/doc/oak_restricted_kernel/fn.panic.html +++ b/doc/oak_restricted_kernel/fn.panic.html @@ -1,3 +1,3 @@ -panic in oak_restricted_kernel - Rust

    Function oak_restricted_kernel::panic

    source · 
    pub fn panic(info: &PanicInfo<'_>) -> !
    Expand description

    Common panic routine for the kernel. This needs to be wrapped in a +panic in oak_restricted_kernel - Rust

    Function oak_restricted_kernel::panic

    source · 
    pub fn panic(info: &PanicInfo<'_>) -> !
    Expand description

    Common panic routine for the kernel. This needs to be wrapped in a panic_handler function in individual bootloader crates.

    \ No newline at end of file diff --git a/doc/oak_restricted_kernel/fn.start_kernel.html b/doc/oak_restricted_kernel/fn.start_kernel.html index b61aebb00f6..c1c2e97140f 100644 --- a/doc/oak_restricted_kernel/fn.start_kernel.html +++ b/doc/oak_restricted_kernel/fn.start_kernel.html @@ -1,2 +1,2 @@ -start_kernel in oak_restricted_kernel - Rust

    Function oak_restricted_kernel::start_kernel

    source · 
    pub fn start_kernel(info: &BootParams) -> !
    Expand description

    Main entry point for the kernel, to be called from bootloader.

    +start_kernel in oak_restricted_kernel - Rust

    Function oak_restricted_kernel::start_kernel

    source · 
    pub fn start_kernel(info: &BootParams) -> !
    Expand description

    Main entry point for the kernel, to be called from bootloader.

    \ No newline at end of file diff --git a/doc/oak_restricted_kernel/index.html b/doc/oak_restricted_kernel/index.html index 38f2c1f250b..7b5398dead2 100644 --- a/doc/oak_restricted_kernel/index.html +++ b/doc/oak_restricted_kernel/index.html @@ -1,5 +1,5 @@ oak_restricted_kernel - Rust

    Crate oak_restricted_kernel

    source ·
    Expand description

    Main ‘kernel’ for baremetal Oak Functions.

    +
  • All Items

    • Crate oak_restricted_kernel

    source ·
    Expand description

    Main ‘kernel’ for baremetal Oak Functions.

    This code takes care of initializing the x86-64 machine properly and handing the reins over to the oak_baremetal_runtime. It is in a separate crate so that we could support different boot protocols (eg Linux boot protocol or PVH) that diff --git a/doc/oak_restricted_kernel/static.FRAME_ALLOCATOR.html b/doc/oak_restricted_kernel/static.FRAME_ALLOCATOR.html index 9dbf77c07a5..4d81cf16823 100644 --- a/doc/oak_restricted_kernel/static.FRAME_ALLOCATOR.html +++ b/doc/oak_restricted_kernel/static.FRAME_ALLOCATOR.html @@ -1,3 +1,3 @@ -FRAME_ALLOCATOR in oak_restricted_kernel - Rust

    Static oak_restricted_kernel::FRAME_ALLOCATOR

    source · 
    pub static FRAME_ALLOCATOR: Spinlock<PhysicalMemoryAllocator<4096>>
    Expand description

    Allocator for physical memory frames in the system. +FRAME_ALLOCATOR in oak_restricted_kernel - Rust

    Static oak_restricted_kernel::FRAME_ALLOCATOR

    source · 
    pub static FRAME_ALLOCATOR: Spinlock<PhysicalMemoryAllocator<4096>>
    Expand description

    Allocator for physical memory frames in the system. We reserve enough room to handle up to 512 GiB of memory, for now.

    \ No newline at end of file diff --git a/doc/oak_restricted_kernel/static.GUEST_HOST_HEAP.html b/doc/oak_restricted_kernel/static.GUEST_HOST_HEAP.html index 09a0183a1b6..02ca262a4c5 100644 --- a/doc/oak_restricted_kernel/static.GUEST_HOST_HEAP.html +++ b/doc/oak_restricted_kernel/static.GUEST_HOST_HEAP.html @@ -1,2 +1,2 @@ -GUEST_HOST_HEAP in oak_restricted_kernel - Rust

    Static oak_restricted_kernel::GUEST_HOST_HEAP

    source · 
    pub static GUEST_HOST_HEAP: OnceCell<LockedHeap>
    Expand description

    The allocator for allocating space in the memory area that is shared with the hypervisor.

    +GUEST_HOST_HEAP in oak_restricted_kernel - Rust

    Static oak_restricted_kernel::GUEST_HOST_HEAP

    source · 
    pub static GUEST_HOST_HEAP: OnceCell<LockedHeap>
    Expand description

    The allocator for allocating space in the memory area that is shared with the hypervisor.

    \ No newline at end of file diff --git a/doc/oak_restricted_kernel/static.PAGE_TABLES.html b/doc/oak_restricted_kernel/static.PAGE_TABLES.html index 85a8edbe493..64ad8835143 100644 --- a/doc/oak_restricted_kernel/static.PAGE_TABLES.html +++ b/doc/oak_restricted_kernel/static.PAGE_TABLES.html @@ -1,2 +1,2 @@ -PAGE_TABLES in oak_restricted_kernel - Rust

    Static oak_restricted_kernel::PAGE_TABLES

    source · 
    pub static PAGE_TABLES: OnceCell<RootPageTable>
    Expand description

    Active page tables.

    +PAGE_TABLES in oak_restricted_kernel - Rust

    Static oak_restricted_kernel::PAGE_TABLES

    source · 
    pub static PAGE_TABLES: OnceCell<RootPageTable>
    Expand description

    Active page tables.

    \ No newline at end of file diff --git a/doc/oak_restricted_kernel/static.VMA_ALLOCATOR.html b/doc/oak_restricted_kernel/static.VMA_ALLOCATOR.html index 7994bb2bd39..42ffcad9165 100644 --- a/doc/oak_restricted_kernel/static.VMA_ALLOCATOR.html +++ b/doc/oak_restricted_kernel/static.VMA_ALLOCATOR.html @@ -1,2 +1,2 @@ -VMA_ALLOCATOR in oak_restricted_kernel - Rust

    Static oak_restricted_kernel::VMA_ALLOCATOR

    source · 
    pub static VMA_ALLOCATOR: Spinlock<VirtualAddressAllocator<Size2MiB>>
    Expand description

    Allocator for long-lived pages in the kernel.

    +VMA_ALLOCATOR in oak_restricted_kernel - Rust

    Static oak_restricted_kernel::VMA_ALLOCATOR

    source · 
    pub static VMA_ALLOCATOR: Spinlock<VirtualAddressAllocator<Size2MiB>>
    Expand description

    Allocator for long-lived pages in the kernel.

    \ No newline at end of file diff --git a/doc/search-index.js b/doc/search-index.js index b6e4de73541..ebbbc676f6a 100644 --- a/doc/search-index.js +++ b/doc/search-index.js @@ -19,7 +19,7 @@ var searchIndex = JSON.parse('{\ "oak_containers_syslogd":{"doc":"","t":"DLLLLLLLLLLLLLMAFFALLLLLLFSSSDDSSSSSLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLMLLLLLLLLLLLAMLLLLLLLLLLLMMLLLLLDFFFFFFLLLL","n":["Args","augment_args","augment_args_for_update","borrow","borrow_mut","command","command_for_update","fmt","from","from_arg_matches","from_arg_matches_mut","group_id","into","into_request","launcher_addr","log_relay","main","signal_handler","systemd_journal","try_from","try_into","type_id","update_from_arg_matches","update_from_arg_matches_mut","vzip","run","ALL_NAMESPACES","CURRENT_USER","INCLUDE_DEFAULT_NAMESPACE","Journal","JournalOpenFlags","LOCAL_ONLY","OS_ROOT","RUNTIME_ONLY","SYSTEM","TAKE_DIRECTORY_FD","all","bitand","bitand_assign","bitor","bitor_assign","bits","bits","bitxor","bitxor_assign","borrow","borrow","borrow_mut","borrow_mut","complement","contains","difference","drop","empty","extend","fmt","fmt","fmt","fmt","from","from","from_bits","from_bits_retain","from_bits_retain","from_bits_truncate","from_iter","from_name","insert","intersection","intersects","into","into","into_iter","into_iter","into_request","into_request","is_all","is_empty","iter","iter_names","journal","new","next","next","next_data","not","remove","seek_head","set","sub","sub_assign","symmetric_difference","systemd_sys","terminate","toggle","try_from","try_from","try_into","try_into","type_id","type_id","union","vzip","vzip","wait","_data","_marker","borrow","borrow_mut","from","into","into_request","sd_journal","sd_journal_close","sd_journal_enumerate_data","sd_journal_next","sd_journal_open","sd_journal_seek_head","sd_journal_wait","try_from","try_into","type_id","vzip"],"q":[[0,"oak_containers_syslogd"],[25,"oak_containers_syslogd::log_relay"],[26,"oak_containers_syslogd::systemd_journal"],[105,"oak_containers_syslogd::systemd_journal::systemd_sys"],[123,"clap::builder::command"],[124,"core::fmt"],[125,"core::fmt"],[126,"clap"],[127,"core::result"],[128,"clap::util::id"],[129,"core::option"],[130,"tonic::request"],[131,"core::error"],[132,"alloc::boxed"],[133,"signal_hook_tokio"],[134,"tokio::sync::once_cell"],[135,"alloc::sync"],[136,"core::any"],[137,"oak_containers_orchestrator_client"],[138,"anyhow"],[139,"core::ffi"],[140,"core::iter::traits::collect"],[141,"bitflags::iter"],[142,"bitflags::iter"],[143,"alloc::string"],[144,"std::collections::hash::map"]],"d":["","","","","","","","","Returns the argument unchanged.","","","","Calls U::from(self).","","","","","","","","","","","","","","","","","Simple wrapper around libsystemd for reading entries from …","","","","","","","Returns the set containing all flags.","Returns the intersection between the two sets of flags.","Disables all flags disabled in the set.","Returns the union of the two sets of flags.","Adds the set of flags.","","Returns the raw value of the flags currently stored.","Returns the left flags, but with all the right flags …","Toggles the set of flags.","","","","","Returns the complement of this set of flags.","Returns true if all of the flags in other are contained …","Returns the difference between the flags in self and other.","","Returns an empty set of flags.","","","","","","Returns the argument unchanged.","Returns the argument unchanged.","Convert from underlying bit representation, unless that …","Convert from underlying bit representation, preserving all …","","Convert from underlying bit representation, dropping any …","","Get the value for a flag from its stringified name.","Inserts the specified flags in-place.","Returns the intersection between the flags in self and …","Returns true if there are flags common to both self and …","Calls U::from(self).","Calls U::from(self).","","","","","Returns true if all flags are currently set.","Returns true if no flags are currently stored.","Iterate over enabled flag values.","Iterate over enabled flag values with their stringified …","","","Reads the next entry from the journal; returns None if …","","","Returns the complement of this set of flags.","Removes the specified flags in-place.","Moves the cursor to before the first record in the journal.","Inserts or removes the specified flags depending on the …","Returns the set difference of the two sets of flags.","Disables all flags enabled in the set.","Returns the symmetric difference between the flags in self …","","","Toggles the specified flags in-place.","","","","","","","Returns the union of between the flags in self and other.","","","Blocks until something is added to the journal.","","","","","Returns the argument unchanged.","Calls U::from(self).","","Opaque type representing the systemd journal obtained via …","","","","","","","","","",""],"i":[0,2,2,2,2,2,2,2,2,2,2,2,2,2,2,0,0,0,0,2,2,2,2,2,2,0,20,20,20,0,0,20,20,20,20,20,20,20,20,20,20,20,20,20,20,23,20,23,20,20,20,20,23,20,20,20,20,20,20,23,20,20,20,20,20,20,20,20,20,20,23,20,23,20,23,20,20,20,20,20,23,23,23,23,23,20,20,23,20,20,20,20,0,23,20,23,20,23,20,23,20,20,23,20,23,33,33,33,33,33,33,33,0,0,0,0,0,0,0,33,33,33,33],"f":[0,[1,1],[1,1],[-1,-2,[],[]],[-1,-2,[],[]],[[],1],[[],1],[[2,3],4],[-1,-1,[]],[5,[[7,[2,6]]]],[5,[[7,[2,6]]]],[[],[[9,[8]]]],[-1,-2,[],[]],[-1,[[10,[-2]]],[],[]],0,0,[[],[[7,[11,[13,[12]]]]]],[[14,[16,[[15,[11]]]]],11],0,[-1,[[7,[-2]]],[],[]],[-1,[[7,[-2]]],[],[]],[-1,17,[]],[[2,5],[[7,[11,6]]]],[[2,5],[[7,[11,6]]]],[-1,-2,[],[]],[[18,[16,[[15,[11]]]]],[[19,[11]]]],0,0,0,0,0,0,0,0,0,0,[[],20],[[20,20],20],[[20,20],11],[[20,20],20],[[20,20],11],[20,21],[20,21],[[20,20],20],[[20,20],11],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[20,20],[[20,20],22],[[20,20],20],[23,11],[[],20],[[20,-1],11,24],[[20,3],4],[[20,3],4],[[20,3],4],[[20,3],4],[-1,-1,[]],[-1,-1,[]],[21,[[9,[20]]]],[21,20],[21,20],[21,20],[-1,20,24],[25,[[9,[20]]]],[[20,20],11],[[20,20],20],[[20,20],22],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[20],[-1,[[10,[-2]]],[],[]],[-1,[[10,[-2]]],[],[]],[20,22],[20,22],[20,[[26,[20]]]],[20,[[27,[20]]]],0,[[20,[16,[[15,[11]]]]],[[7,[23,28]]]],[23,[[7,[[9,[[30,[29,29]]]],28]]]],[23,9],[23,[[7,[[9,[[32,[31]]]],28]]]],[20,20],[[20,20],11],[23,[[7,[11,28]]]],[[20,20,22],11],[[20,20],20],[[20,20],11],[[20,20],20],0,0,[[20,20],11],[-1,[[7,[-2]]],[],[]],[-1,[[7,[-2]]],[],[]],[-1,[[7,[-2]]],[],[]],[-1,[[7,[-2]]],[],[]],[-1,17,[]],[-1,17,[]],[[20,20],20],[-1,-2,[],[]],[-1,-2,[],[]],[23,[[7,[22,28]]]],0,0,[-1,-2,[],[]],[-1,-2,[],[]],[-1,-1,[]],[-1,-2,[],[]],[-1,[[10,[-2]]],[],[]],0,0,0,0,0,0,0,[-1,[[7,[-2]]],[],[]],[-1,[[7,[-2]]],[],[]],[-1,17,[]],[-1,-2,[],[]]],"c":[],"p":[[3,"Command",123],[3,"Args",0],[3,"Formatter",124],[6,"Result",124],[3,"ArgMatches",125],[6,"Error",126],[4,"Result",127],[3,"Id",128],[4,"Option",129],[3,"Request",130],[15,"tuple"],[8,"Error",131],[3,"Box",132],[6,"Signals",133],[3,"OnceCell",134],[3,"Arc",135],[3,"TypeId",136],[3,"LauncherClient",137],[6,"Result",138],[3,"JournalOpenFlags",26],[6,"c_int",139],[15,"bool"],[3,"Journal",26],[8,"IntoIterator",140],[15,"str"],[3,"Iter",141],[3,"IterNames",141],[4,"Errno",142],[3,"String",143],[3,"HashMap",144],[15,"u8"],[15,"slice"],[3,"sd_journal",105]],"b":[[41,"impl-Flags-for-JournalOpenFlags"],[42,"impl-JournalOpenFlags"],[55,"impl-Binary-for-JournalOpenFlags"],[56,"impl-LowerHex-for-JournalOpenFlags"],[57,"impl-UpperHex-for-JournalOpenFlags"],[58,"impl-Octal-for-JournalOpenFlags"],[62,"impl-JournalOpenFlags"],[63,"impl-Flags-for-JournalOpenFlags"],[82,"impl-Journal"],[83,"impl-Iterator-for-Journal"]]},\ "oak_core":{"doc":"","t":"AAAIDLLLLLLLKLKLLLLDLLLLLLLLLLDLLLLLLLLFLLLL","n":["samplestore","sync","timer","SampleStore","StaticSampleStore","borrow","borrow_mut","eq","fmt","from","into","new","percentile","percentile","record","record","try_from","try_into","type_id","OnceCell","borrow","borrow_mut","from","get","into","new","set","try_from","try_into","type_id","Timer","borrow","borrow_mut","elapsed","fmt","from","into","new","new_rdtsc","rdtsc","timed","try_from","try_into","type_id"],"q":[[0,"oak_core"],[3,"oak_core::samplestore"],[19,"oak_core::sync"],[30,"oak_core::timer"],[44,"core::fmt"],[45,"core::fmt"],[46,"core::result"],[47,"core::any"],[48,"core::ops::function"]],"d":["","","","","Basic probabilisting sample store to compute percentiles …","","","","","Returns the argument unchanged.","Calls U::from(self).","","Gets the n-th percentile. n needs to be between 0 and 100, …","","Records a new data point value.","","","","","A synchronised implementation of a cell that can be …","","","Returns the argument unchanged.","Gets a reference to the inner value if the cell has been …","Calls U::from(self).","","Sets the inner value of the cell if it has not been …","","","","Measures the number of clock cycles between new() and …","","","Returns the approximate number of clock cycles elapsed …","","Returns the argument unchanged.","Calls U::from(self).","","Constructs a new timer, recording the current tick counter …","Read the timestamp counter register from the CPU.","Returns the approximate number of clock cycles it took to …","","",""],"i":[0,0,0,0,0,1,1,1,1,1,1,1,14,1,14,1,1,1,1,0,11,11,11,11,11,11,11,11,11,11,0,12,12,12,12,12,12,12,12,0,12,12,12,12],"f":[0,0,0,0,0,[-1,-2,[],[]],[-1,-2,[],[]],[[1,1],2],[[1,3],4],[-1,-1,[]],[-1,-2,[],[]],[[],[[5,[1]]]],[[-1,6],[[5,[7]]],[]],[[1,6],[[5,[7]]]],[[-1,7],8,[]],[[1,7],8],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,10,[]],0,[-1,-2,[],[]],[-1,-2,[],[]],[-1,-1,[]],[[[11,[-1]]],[[5,[-1]]],[]],[-1,-2,[],[]],[[],[[11,[-1]]],[]],[[[11,[-1]],-1],[[9,[8,-1]]],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,10,[]],0,[-1,-2,[],[]],[-1,-2,[],[]],[12,7],[[12,3],4],[-1,-1,[]],[-1,-2,[],[]],[7,12],[[],12],[[],7],[-1,7,13],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,10,[]]],"c":[],"p":[[3,"StaticSampleStore",3],[15,"bool"],[3,"Formatter",44],[6,"Result",44],[4,"Option",45],[15,"f64"],[15,"u64"],[15,"tuple"],[4,"Result",46],[3,"TypeId",47],[3,"OnceCell",19],[3,"Timer",30],[8,"FnOnce",48],[8,"SampleStore",3]],"b":[]},\ "oak_crypto":{"doc":"","t":"AAAAIDDDIDLLLLLLLLLLLLLLLLLLLLLKKLLLLLLLLLLLLLLLLLLLLLGDDLLLLLLLLLLLLLLLLAAADDDDMLLLLLLLLMLLLLLLLLLLLLLLLLLLLLMMLLLLLLLLLLLLLLLLMMMMMMLMLLLLLLLLLLLLLLLLDLLLLLLL","n":["encryptor","hpke","proto","signer","AsyncRecipientContextGenerator","AsyncServerEncryptor","ClientEncryptor","EncryptionKeyProvider","RecipientContextGenerator","ServerEncryptor","borrow","borrow","borrow","borrow","borrow_mut","borrow_mut","borrow_mut","borrow_mut","create","create","decrypt","decrypt","decrypt","default","encrypt","encrypt","encrypt","from","from","from","from","generate_recipient_context","generate_recipient_context","generate_recipient_context","get_serialized_public_key","into","into","into","into","new","new","new","try_from","try_from","try_from","try_from","try_into","try_into","try_into","try_into","type_id","type_id","type_id","type_id","PublicKey","RecipientContext","SenderContext","borrow","borrow","borrow_mut","borrow_mut","deserialize","from","from","into","into","serialize","try_from","try_from","try_into","try_into","type_id","type_id","oak","crypto","v1","AeadEncryptedMessage","CryptoContext","EncryptedRequest","EncryptedResponse","associated_data","borrow","borrow","borrow","borrow","borrow_mut","borrow_mut","borrow_mut","borrow_mut","ciphertext","clear","clear","clear","clear","clone","clone","clone","clone","clone_into","clone_into","clone_into","clone_into","default","default","default","default","encoded_len","encoded_len","encoded_len","encoded_len","encrypted_message","encrypted_message","eq","eq","eq","eq","fmt","fmt","fmt","fmt","from","from","from","from","into","into","into","into","request_base_nonce","request_key","request_sequence_number","response_base_nonce","response_key","response_sequence_number","serialized_encapsulated_public_key","serialized_encapsulated_public_key","to_owned","to_owned","to_owned","to_owned","try_from","try_from","try_from","try_from","try_into","try_into","try_into","try_into","type_id","type_id","type_id","type_id","Signer","borrow","borrow_mut","from","into","try_from","try_into","type_id"],"q":[[0,"oak_crypto"],[4,"oak_crypto::encryptor"],[54,"oak_crypto::hpke"],[73,"oak_crypto::proto"],[74,"oak_crypto::proto::oak"],[75,"oak_crypto::proto::oak::crypto"],[76,"oak_crypto::proto::oak::crypto::v1"],[152,"oak_crypto::signer"],[160,"anyhow"],[161,"alloc::sync"],[162,"alloc::vec"],[163,"core::future::future"],[164,"alloc::boxed"],[165,"core::pin"],[166,"core::result"],[167,"core::any"],[168,"core::fmt"],[169,"core::fmt"]],"d":["Implementation of the Bidirectional Hybrid Public Key …","","","","","Encryptor object for decrypting client requests that are …","Encryptor object for encrypting client requests that will …","","","Encryptor object for decrypting client requests that are …","","","","","","","","","Creates an HPKE crypto context by generating an new …","","Decrypts a EncryptedResponse proto message using AEAD. …","Decrypts a EncryptedRequest proto message using AEAD. …","Decrypts a EncryptedRequest proto message using AEAD. …","","Encrypts plaintext and authenticates associated_data using …","Encrypts plaintext and authenticates associated_data using …","Encrypts plaintext and authenticates associated_data using …","Returns the argument unchanged.","Returns the argument unchanged.","Returns the argument unchanged.","Returns the argument unchanged.","","","","Returns a NIST P-256 SEC1 encoded point public key. …","Calls U::from(self).","Calls U::from(self).","Calls U::from(self).","Calls U::from(self).","Creates a crypto provider with a newly generated key pair.","","","","","","","","","","","","","","","","","","","","","","Deserializes recipient context from a CryptoContext …","Returns the argument unchanged.","Returns the argument unchanged.","Calls U::from(self).","Calls U::from(self).","Serializes recipient context into a CryptoContext Protobuf …","","","","","","","","","","Message encrypted with Authenticated Encryption with …","Envelope containing session keys required to …","Request message encrypted using Hybrid Public Key …","Response message encrypted Hybrid Public Key Encryption …","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","Message encrypted with Authenticated Encryption with …","Message encrypted with Authenticated Encryption with …","","","","","","","","","Returns the argument unchanged.","Returns the argument unchanged.","Returns the argument unchanged.","Returns the argument unchanged.","Calls U::from(self).","Calls U::from(self).","Calls U::from(self).","Calls U::from(self).","","AEAD key and nonce for encrypting/decrypting client …","","","Symmetric key and nonce for encrypting/decrypting enclave …","","Returns the value of serialized_encapsulated_public_key, …","Ephemeral Diffie-Hellman client public key that is needed …","","","","","","","","","","","","","","","","","","","","Returns the argument unchanged.","Calls U::from(self).","","",""],"i":[0,0,0,0,0,0,0,0,0,0,13,3,7,12,13,3,7,12,3,7,3,7,12,13,3,7,12,13,3,7,12,5,18,13,13,13,3,7,12,13,7,12,13,3,7,12,13,3,7,12,13,3,7,12,0,0,0,27,14,27,14,14,27,14,27,14,14,27,14,27,14,27,14,0,0,0,0,0,0,0,22,11,8,22,21,11,8,22,21,22,11,8,22,21,11,8,22,21,11,8,22,21,11,8,22,21,11,8,22,21,11,8,11,8,22,21,11,8,22,21,11,8,22,21,11,8,22,21,21,21,21,21,21,21,11,11,11,8,22,21,11,8,22,21,11,8,22,21,11,8,22,21,0,28,28,28,28,28,28,28],"f":[0,0,0,0,0,0,0,0,0,0,[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[[[2,[1]]],[[4,[3]]]],[[[2,[1]],[6,[5]]],[[4,[7]]]],[[3,8],[[4,[[10,[[9,[1]],[9,[1]]]]]]]],[[7,11],[[4,[[10,[[9,[1]],[9,[1]]]]]]]],[[12,11],[[4,[[10,[[9,[1]],[9,[1]]]]]]]],[[],13],[[3,[2,[1]],[2,[1]]],[[4,[11]]]],[[7,[2,[1]],[2,[1]]],[[4,[8]]]],[[12,[2,[1]],[2,[1]]],[[4,[8]]]],[-1,-1,[]],[-1,-1,[]],[-1,-1,[]],[-1,-1,[]],[[-1,[2,[1]]],[[4,[14]]],[]],[[-1,[2,[1]]],[[17,[[16,[15]]]]],[]],[[13,[2,[1]]],[[4,[14]]]],[13,[[9,[1]]]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[[],13],[14,7],[[[6,[18]]],12],[-1,[[19,[-2]]],[],[]],[-1,[[19,[-2]]],[],[]],[-1,[[19,[-2]]],[],[]],[-1,[[19,[-2]]],[],[]],[-1,[[19,[-2]]],[],[]],[-1,[[19,[-2]]],[],[]],[-1,[[19,[-2]]],[],[]],[-1,[[19,[-2]]],[],[]],[-1,20,[]],[-1,20,[]],[-1,20,[]],[-1,20,[]],0,0,0,[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[21,[[4,[14]]]],[-1,-1,[]],[-1,-1,[]],[-1,-2,[],[]],[-1,-2,[],[]],[14,[[4,[21]]]],[-1,[[19,[-2]]],[],[]],[-1,[[19,[-2]]],[],[]],[-1,[[19,[-2]]],[],[]],[-1,[[19,[-2]]],[],[]],[-1,20,[]],[-1,20,[]],0,0,0,0,0,0,0,0,[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],0,[11,10],[8,10],[22,10],[21,10],[11,11],[8,8],[22,22],[21,21],[[-1,-2],10,[],[]],[[-1,-2],10,[],[]],[[-1,-2],10,[],[]],[[-1,-2],10,[],[]],[[],11],[[],8],[[],22],[[],21],[11,23],[8,23],[22,23],[21,23],0,0,[[11,11],24],[[8,8],24],[[22,22],24],[[21,21],24],[[11,25],26],[[8,25],26],[[22,25],26],[[21,25],26],[-1,-1,[]],[-1,-1,[]],[-1,-1,[]],[-1,-1,[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],0,0,0,0,0,0,[11,[[2,[1]]]],0,[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,[[19,[-2]]],[],[]],[-1,[[19,[-2]]],[],[]],[-1,[[19,[-2]]],[],[]],[-1,[[19,[-2]]],[],[]],[-1,[[19,[-2]]],[],[]],[-1,[[19,[-2]]],[],[]],[-1,[[19,[-2]]],[],[]],[-1,[[19,[-2]]],[],[]],[-1,20,[]],[-1,20,[]],[-1,20,[]],[-1,20,[]],0,[-1,-2,[],[]],[-1,-2,[],[]],[-1,-1,[]],[-1,-2,[],[]],[-1,[[19,[-2]]],[],[]],[-1,[[19,[-2]]],[],[]],[-1,20,[]]],"c":[],"p":[[15,"u8"],[15,"slice"],[3,"ClientEncryptor",4],[6,"Result",160],[8,"RecipientContextGenerator",4],[3,"Arc",161],[3,"ServerEncryptor",4],[3,"EncryptedResponse",76],[3,"Vec",162],[15,"tuple"],[3,"EncryptedRequest",76],[3,"AsyncServerEncryptor",4],[3,"EncryptionKeyProvider",4],[3,"RecipientContext",54],[8,"Future",163],[3,"Box",164],[3,"Pin",165],[8,"AsyncRecipientContextGenerator",4],[4,"Result",166],[3,"TypeId",167],[3,"CryptoContext",76],[3,"AeadEncryptedMessage",76],[15,"usize"],[15,"bool"],[3,"Formatter",168],[6,"Result",168],[3,"SenderContext",54],[3,"Signer",152]],"b":[]},\ -"oak_dice":{"doc":"Structs and helpers for implementing DICE-based …","t":"AARSSSSSSRRRSSSRRDRRRRRRLLLLLLLLLLLLLLLFFFFLLLLLLLLLLLLLLLFFFFFLLLLLLLLLLLLLLLLLLLLLFNDDRDRDNDRRRDDRDENMLLLLLLLLLLLLLLLLLLLLLLMMMMMLLLLLLLLLLLLLLLLLLLLLLLMMMMMMMMMMLLLLLLLLLLLLLLLLLLLLLLLLLLLLL","n":["cert","evidence","ACPI_MEASUREMENT_ID","CONTENT_COMMITMENT","CRL_SIGN","DATA_ENCIPHERMENT","DECIPHER_ONLY","DIGITAL_SIGNATURE","ENCIPHER_ONLY","INITRD_MEASUREMENT_ID","KERNEL_COMMANDLINE_MEASUREMENT_ID","KERNEL_MEASUREMENT_ID","KEY_AGREEMENT","KEY_CERT_SIGN","KEY_ENCIPHERMENT","KEY_ID_LENGTH","KEY_USAGE_ID","KeyUsage","LAYER_2_CODE_MEASUREMENT_ID","LAYER_3_CODE_MEASUREMENT_ID","LAYER_3_CONFIG_MEASUREMENT_ID","MEMORY_MAP_MEASUREMENT_ID","SETUP_DATA_MEASUREMENT_ID","SUBJECT_PUBLIC_KEY_ID","all","bitand","bitand_assign","bitor","bitor_assign","bits","bits","bitxor","bitxor_assign","borrow","borrow_mut","clone","clone_into","complement","contains","cose_key_to_hpke_public_key","cose_key_to_verifying_key","derive_kem_public_key_id","derive_verifying_key_id","difference","empty","extend","fmt","fmt","fmt","fmt","fmt","from","from_bits","from_bits_retain","from_bits_retain","from_bits_truncate","from_iter","from_name","generate_ecdsa_key_pair","generate_kem_certificate","generate_signing_certificate","get_claims_set_from_certificate_bytes","hpke_public_key_to_cose_key","insert","intersection","intersects","into","into_iter","is_all","is_empty","iter","iter_names","not","remove","set","sub","sub_assign","symmetric_difference","to_owned","toggle","try_from","try_into","type_id","union","verifying_key_to_cose_key","AmdSevSnp","ApplicationKeys","ApplicationPrivateKeys","CERTIFICATE_SIZE","CertificateAuthority","DICE_DATA_CMDLINE_PARAM","Evidence","IntelTdx","LayerEvidence","PRIVATE_KEY_SIZE","PUBLIC_KEY_SIZE","REPORT_SIZE","RestrictedKernelDiceData","RootLayerEvidence","STAGE0_MAGIC","Stage0DiceData","TeePlatform","Unspecified","application_keys","borrow","borrow","borrow","borrow","borrow","borrow","borrow","borrow","borrow","borrow_mut","borrow_mut","borrow_mut","borrow_mut","borrow_mut","borrow_mut","borrow_mut","borrow_mut","borrow_mut","clone","clone_into","drop","drop","eca_certificate","eca_private_key","eca_public_key","encryption_private_key","encryption_public_key_certificate","eq","fmt","fmt","from","from","from","from","from","from","from","from","from","from_repr","get_tee_platform","into","into","into","into","into","into","into","into","into","layer_1_certificate_authority","layer_1_evidence","magic","remote_attestation_report","restricted_kernel_evidence","root_layer_evidence","root_layer_evidence","signing_private_key","signing_public_key_certificate","tee_platform","to_owned","to_string","try_from","try_from","try_from","try_from","try_from","try_from","try_from","try_from","try_from","try_into","try_into","try_into","try_into","try_into","try_into","try_into","try_into","try_into","type_id","type_id","type_id","type_id","type_id","type_id","type_id","type_id","type_id"],"q":[[0,"oak_dice"],[2,"oak_dice::cert"],[85,"oak_dice::evidence"],[193,"coset::key"],[194,"alloc::vec"],[195,"core::result"],[196,"p256::ecdsa"],[197,"core::iter::traits::collect"],[198,"core::fmt"],[199,"core::fmt"],[200,"p256::ecdsa"],[201,"coset::cwt"],[202,"ciborium::value"],[203,"coset::sign"],[204,"coset::common"],[205,"coset::cwt"],[206,"bitflags::iter"],[207,"core::fmt"]],"d":["Constants and helper functions to work with CWT-based DICE …","C-like structs for representing DICE data in environments …","ID for the CWT private claim ID corresponding to the hash …","","","","","","","ID for the CWT private claim ID corresponding to the …","ID for the CWT private claim ID corresponding to the VM …","ID for the CWT private claim ID corresponding to the VM …","","","","Length of the unique ID for ECDSA keys generated.","ID for the bitstring used to describe the intended usage …","Intended usage of a key.","ID for the CWT private claim label corresponding to the …","ID for the CWT private claim label corresponding to the …","ID for the CWT private claim label corresponding to the …","ID for the CWT private claim ID corresponding to the …","ID for the CWT private claim ID corresponding to the VM …","ID for the CWT private claim corresponding to the Subject …","Returns the set containing all flags.","Returns the intersection between the two sets of flags.","Disables all flags disabled in the set.","Returns the union of the two sets of flags.","Adds the set of flags.","Returns the raw value of the flags currently stored.","","Returns the left flags, but with all the right flags …","Toggles the set of flags.","","","","","Returns the complement of this set of flags.","Returns true if all of the flags in other are contained …","Converts a COSE_Key to a serialized HPKE KEM public key.","Converts a COSE_Key to a ECDSA verifying key.","Derives an ID from an HPKE KEM public key.","Derives an ID from a verifying key.","Returns the difference between the flags in self and other.","Returns an empty set of flags.","","","","","","","Returns the argument unchanged.","Convert from underlying bit representation, unless that …","Convert from underlying bit representation, preserving all …","","Convert from underlying bit representation, dropping any …","","Get the value for a flag from its stringified name.","Generates private/public ECDSA key pair.","Generates a CWT certificate representing a Key …","Generates a CWT certificate representing an ECDSA signing …","Parses a bytes slice as a CWT certificate and extracts the …","Converts a serialized HPKE KEM public key to a COSE_Key …","Inserts the specified flags in-place.","Returns the intersection between the flags in self and …","Returns true if there are flags common to both self and …","Calls U::from(self).","","Returns true if all flags are currently set.","Returns true if no flags are currently stored.","Iterate over enabled flag values.","Iterate over enabled flag values with their stringified …","Returns the complement of this set of flags.","Removes the specified flags in-place.","Inserts or removes the specified flags depending on the …","Returns the set difference of the two sets of flags.","Disables all flags enabled in the set.","Returns the symmetric difference between the flags in self …","","Toggles the specified flags in-place.","","","","Returns the union of between the flags in self and other.","Converts an ECDSA verifying key to a COSE_Key …","AMD SEV-SNP.","Certificates for the ECDSA keys that can be used for an …","ECDSA private keys that can be used for an application for …","The maximum size of a serialized CWT certificate.","Private key that can be used by a layer to sign a …","The name of the kernel command-line parameter that is used …","Wrapper for passing the attestation evidence from the …","Intel TDX.","Attestation evidence for non-root layers.","The maximum size of an ECDSA private key.","The maximum size of a serialized COSE Key object …","The maximum size of the signed attestation report.","Wrapper for passing the attestation evidence and private …","Attestation evidence generated by Stage 0.","The magic number used to identify the Stage 0 DICE data in …","Wrapper for passing DICE info from Stage0 to the next …","The hardware platform providing the Trusted Execution …","Platform is not specified.","Keys (and associated certificates) that can be used by the …","","","","","","","","","","","","","","","","","","","","","","","Serialized CWT certificate for the ECA private key owned …","The RAW bytes representing an ECDSA private key.","Serialized COSE Key representation of the ECDSA public key …","The RAW bytes representing an ECDSA private key that can …","Serialized CWT certificate for the encryption private key. …","","","","Returns the argument unchanged.","Returns the argument unchanged.","Returns the argument unchanged.","Returns the argument unchanged.","Returns the argument unchanged.","Returns the argument unchanged.","Returns the argument unchanged.","Returns the argument unchanged.","Returns the argument unchanged.","Try to create Self from the raw representation","","Calls U::from(self).","Calls U::from(self).","Calls U::from(self).","Calls U::from(self).","Calls U::from(self).","Calls U::from(self).","Calls U::from(self).","Calls U::from(self).","Calls U::from(self).","","The evidence about the next layer.","Magic number that is expected to always be set to the …","Byte representation of the signed attestation report …","The evidence about the Restricted Kernel.","The evidence about Stage 0 and the initial state of the VM.","Evidence about Stage 0 and the initial state of the VM.","The RAW bytes representing an ECDSA private key that can …","Serialized CWT certificate for the signing private key. …","The hardware platform that generated the remote …","","","","","","","","","","","","","","","","","","","","","","","","","","","","",""],"i":[0,0,0,1,1,1,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,27,0,0,0,0,0,0,27,0,0,0,0,0,0,0,0,0,27,33,27,32,34,28,35,36,29,33,37,27,32,34,28,35,36,29,33,37,27,27,28,29,34,28,32,29,36,27,27,27,27,32,34,28,35,36,29,33,37,27,32,27,32,34,28,35,36,29,33,37,35,35,35,32,33,35,33,29,36,32,27,27,27,32,34,28,35,36,29,33,37,27,32,34,28,35,36,29,33,37,27,32,34,28,35,36,29,33,37],"f":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,[[],1],[[1,1],1],[[1,1],2],[[1,1],1],[[1,1],2],[1,3],[1,3],[[1,1],1],[[1,1],2],[-1,-2,[],[]],[-1,-2,[],[]],[1,1],[[-1,-2],2,[],[]],[1,1],[[1,1],4],[5,[[9,[[7,[6]],8]]]],[5,[[9,[10,8]]]],[[[11,[6]]],[[12,[6]]]],[10,[[12,[6]]]],[[1,1],1],[[],1],[[1,-1],2,13],[[1,14],15],[[1,14],15],[[1,14],15],[[1,14],15],[[1,14],15],[-1,-1,[]],[3,[[16,[1]]]],[3,1],[3,1],[3,1],[-1,1,13],[8,[[16,[1]]]],[[],[[2,[17,10]]]],[[17,18,[11,[6]],[7,[[2,[19,20]]]]],[[9,[21,22]]]],[[17,18,10,[7,[[2,[19,20]]]]],[[9,[21,22]]]],[[[11,[6]]],[[9,[23,22]]]],[[[11,[6]]],5],[[1,1],2],[[1,1],1],[[1,1],4],[-1,-2,[],[]],[1],[1,4],[1,4],[1,[[24,[1]]]],[1,[[25,[1]]]],[1,1],[[1,1],2],[[1,1,4],2],[[1,1],1],[[1,1],2],[[1,1],1],[-1,-2,[],[]],[[1,1],2],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,26,[]],[[1,1],1],[10,5],0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[27,27],[[-1,-2],2,[],[]],[28,2],[29,2],0,0,0,0,0,[[27,27],4],[[27,14],[[9,[2,30]]]],[[27,14],15],[-1,-1,[]],[-1,-1,[]],[-1,-1,[]],[-1,-1,[]],[-1,-1,[]],[-1,-1,[]],[-1,-1,[]],[-1,-1,[]],[-1,-1,[]],[31,[[16,[27]]]],[32,[[16,[27]]]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],0,0,0,0,0,0,0,0,0,0,[-1,-2,[],[]],[-1,18,[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,26,[]],[-1,26,[]],[-1,26,[]],[-1,26,[]],[-1,26,[]],[-1,26,[]],[-1,26,[]],[-1,26,[]],[-1,26,[]]],"c":[],"p":[[3,"KeyUsage",2],[15,"tuple"],[15,"u16"],[15,"bool"],[3,"CoseKey",193],[15,"u8"],[3,"Vec",194],[15,"str"],[4,"Result",195],[6,"VerifyingKey",196],[15,"slice"],[15,"array"],[8,"IntoIterator",197],[3,"Formatter",198],[6,"Result",198],[4,"Option",199],[6,"SigningKey",196],[3,"String",200],[6,"ClaimName",201],[4,"Value",202],[3,"CoseSign1",203],[4,"CoseError",204],[3,"ClaimsSet",201],[3,"Iter",205],[3,"IterNames",205],[3,"TypeId",206],[4,"TeePlatform",85],[3,"CertificateAuthority",85],[3,"ApplicationPrivateKeys",85],[3,"Error",198],[15,"u64"],[3,"RootLayerEvidence",85],[3,"Evidence",85],[3,"LayerEvidence",85],[3,"Stage0DiceData",85],[3,"ApplicationKeys",85],[3,"RestrictedKernelDiceData",85]],"b":[[29,"impl-KeyUsage"],[30,"impl-Flags-for-KeyUsage"],[46,"impl-Debug-for-KeyUsage"],[47,"impl-Octal-for-KeyUsage"],[48,"impl-LowerHex-for-KeyUsage"],[49,"impl-UpperHex-for-KeyUsage"],[50,"impl-Binary-for-KeyUsage"],[53,"impl-KeyUsage"],[54,"impl-Flags-for-KeyUsage"],[132,"impl-Display-for-TeePlatform"],[133,"impl-Debug-for-TeePlatform"]]},\ +"oak_dice":{"doc":"Structs and helpers for implementing DICE-based …","t":"AARSSSSSSRRRSSSRRDRRRRRRLLLLLLLLLLLLLLLFFFFLLLLLLLLLLLLLLLFFFFFLLLLLLLLLLLLLLLLLLLLLFNDDRDRDNDRRRRDDRDENMMLLLLLLLLLLLLLLLLLLLLLLMMMMMLMLLLLLLLLLLLLLLLLLLLLLLMMMMMMMMMMLLLLLLLLLLLLLLLLLLLLLLLLLLLLL","n":["cert","evidence","ACPI_MEASUREMENT_ID","CONTENT_COMMITMENT","CRL_SIGN","DATA_ENCIPHERMENT","DECIPHER_ONLY","DIGITAL_SIGNATURE","ENCIPHER_ONLY","INITRD_MEASUREMENT_ID","KERNEL_COMMANDLINE_MEASUREMENT_ID","KERNEL_MEASUREMENT_ID","KEY_AGREEMENT","KEY_CERT_SIGN","KEY_ENCIPHERMENT","KEY_ID_LENGTH","KEY_USAGE_ID","KeyUsage","LAYER_2_CODE_MEASUREMENT_ID","LAYER_3_CODE_MEASUREMENT_ID","LAYER_3_CONFIG_MEASUREMENT_ID","MEMORY_MAP_MEASUREMENT_ID","SETUP_DATA_MEASUREMENT_ID","SUBJECT_PUBLIC_KEY_ID","all","bitand","bitand_assign","bitor","bitor_assign","bits","bits","bitxor","bitxor_assign","borrow","borrow_mut","clone","clone_into","complement","contains","cose_key_to_hpke_public_key","cose_key_to_verifying_key","derive_kem_public_key_id","derive_verifying_key_id","difference","empty","extend","fmt","fmt","fmt","fmt","fmt","from","from_bits","from_bits_retain","from_bits_retain","from_bits_truncate","from_iter","from_name","generate_ecdsa_key_pair","generate_kem_certificate","generate_signing_certificate","get_claims_set_from_certificate_bytes","hpke_public_key_to_cose_key","insert","intersection","intersects","into","into_iter","is_all","is_empty","iter","iter_names","not","remove","set","sub","sub_assign","symmetric_difference","to_owned","toggle","try_from","try_into","type_id","union","verifying_key_to_cose_key","AmdSevSnp","ApplicationKeys","ApplicationPrivateKeys","CERTIFICATE_SIZE","CertificateAuthority","DICE_DATA_CMDLINE_PARAM","Evidence","IntelTdx","LayerEvidence","P256_PRIVATE_KEY_SIZE","PRIVATE_KEY_SIZE","PUBLIC_KEY_SIZE","REPORT_SIZE","RestrictedKernelDiceData","RootLayerEvidence","STAGE0_MAGIC","Stage0DiceData","TeePlatform","Unspecified","application_keys","application_private_keys","borrow","borrow","borrow","borrow","borrow","borrow","borrow","borrow","borrow","borrow_mut","borrow_mut","borrow_mut","borrow_mut","borrow_mut","borrow_mut","borrow_mut","borrow_mut","borrow_mut","clone","clone_into","drop","drop","eca_certificate","eca_private_key","eca_public_key","encryption_private_key","encryption_public_key_certificate","eq","evidence","fmt","fmt","from","from","from","from","from","from","from","from","from","from_repr","get_tee_platform","into","into","into","into","into","into","into","into","into","layer_1_certificate_authority","layer_1_evidence","magic","remote_attestation_report","restricted_kernel_evidence","root_layer_evidence","root_layer_evidence","signing_private_key","signing_public_key_certificate","tee_platform","to_owned","to_string","try_from","try_from","try_from","try_from","try_from","try_from","try_from","try_from","try_from","try_into","try_into","try_into","try_into","try_into","try_into","try_into","try_into","try_into","type_id","type_id","type_id","type_id","type_id","type_id","type_id","type_id","type_id"],"q":[[0,"oak_dice"],[2,"oak_dice::cert"],[85,"oak_dice::evidence"],[196,"coset::key"],[197,"alloc::vec"],[198,"core::result"],[199,"p256::ecdsa"],[200,"core::iter::traits::collect"],[201,"core::fmt"],[202,"core::fmt"],[203,"p256::ecdsa"],[204,"coset::cwt"],[205,"ciborium::value"],[206,"coset::sign"],[207,"coset::common"],[208,"coset::cwt"],[209,"bitflags::iter"],[210,"core::fmt"]],"d":["Constants and helper functions to work with CWT-based DICE …","C-like structs for representing DICE data in environments …","ID for the CWT private claim ID corresponding to the hash …","","","","","","","ID for the CWT private claim ID corresponding to the …","ID for the CWT private claim ID corresponding to the VM …","ID for the CWT private claim ID corresponding to the VM …","","","","Length of the unique ID for ECDSA keys generated.","ID for the bitstring used to describe the intended usage …","Intended usage of a key.","ID for the CWT private claim label corresponding to the …","ID for the CWT private claim label corresponding to the …","ID for the CWT private claim label corresponding to the …","ID for the CWT private claim ID corresponding to the …","ID for the CWT private claim ID corresponding to the VM …","ID for the CWT private claim corresponding to the Subject …","Returns the set containing all flags.","Returns the intersection between the two sets of flags.","Disables all flags disabled in the set.","Returns the union of the two sets of flags.","Adds the set of flags.","Returns the raw value of the flags currently stored.","","Returns the left flags, but with all the right flags …","Toggles the set of flags.","","","","","Returns the complement of this set of flags.","Returns true if all of the flags in other are contained …","Converts a COSE_Key to a serialized HPKE KEM public key.","Converts a COSE_Key to a ECDSA verifying key.","Derives an ID from an HPKE KEM public key.","Derives an ID from a verifying key.","Returns the difference between the flags in self and other.","Returns an empty set of flags.","","","","","","","Returns the argument unchanged.","Convert from underlying bit representation, unless that …","Convert from underlying bit representation, preserving all …","","Convert from underlying bit representation, dropping any …","","Get the value for a flag from its stringified name.","Generates private/public ECDSA key pair.","Generates a CWT certificate representing a Key …","Generates a CWT certificate representing an ECDSA signing …","Parses a bytes slice as a CWT certificate and extracts the …","Converts a serialized HPKE KEM public key to a COSE_Key …","Inserts the specified flags in-place.","Returns the intersection between the flags in self and …","Returns true if there are flags common to both self and …","Calls U::from(self).","","Returns true if all flags are currently set.","Returns true if no flags are currently stored.","Iterate over enabled flag values.","Iterate over enabled flag values with their stringified …","Returns the complement of this set of flags.","Removes the specified flags in-place.","Inserts or removes the specified flags depending on the …","Returns the set difference of the two sets of flags.","Disables all flags enabled in the set.","Returns the symmetric difference between the flags in self …","","Toggles the specified flags in-place.","","","","Returns the union of between the flags in self and other.","Converts an ECDSA verifying key to a COSE_Key …","AMD SEV-SNP.","Certificates for the ECDSA keys that can be used for an …","ECDSA private keys that can be used for an application for …","The maximum size of a serialized CWT certificate.","Private key that can be used by a layer to sign a …","The name of the kernel command-line parameter that is used …","Wrapper for passing the attestation evidence from the …","Intel TDX.","Attestation evidence for non-root layers.","The actual size used when encoding a Nist P256 private key.","The maximum size of an ECDSA private key.","The maximum size of a serialized COSE Key object …","The maximum size of the signed attestation report.","Wrapper for passing the attestation evidence and private …","Attestation evidence generated by Stage 0.","The magic number used to identify the Stage 0 DICE data in …","Wrapper for passing DICE info from Stage0 to the next …","The hardware platform providing the Trusted Execution …","Platform is not specified.","Keys (and associated certificates) that can be used by the …","","","","","","","","","","","","","","","","","","","","","","","","Serialized CWT certificate for the ECA private key owned …","The RAW bytes representing an ECDSA private key.","Serialized COSE Key representation of the ECDSA public key …","The RAW bytes representing an ECDSA private key that can …","Serialized CWT certificate for the encryption private key. …","","","","","Returns the argument unchanged.","Returns the argument unchanged.","Returns the argument unchanged.","Returns the argument unchanged.","Returns the argument unchanged.","Returns the argument unchanged.","Returns the argument unchanged.","Returns the argument unchanged.","Returns the argument unchanged.","Try to create Self from the raw representation","","Calls U::from(self).","Calls U::from(self).","Calls U::from(self).","Calls U::from(self).","Calls U::from(self).","Calls U::from(self).","Calls U::from(self).","Calls U::from(self).","Calls U::from(self).","","The evidence about the next layer.","Magic number that is expected to always be set to the …","Byte representation of the signed attestation report …","The evidence about the Restricted Kernel.","The evidence about Stage 0 and the initial state of the VM.","Evidence about Stage 0 and the initial state of the VM.","The RAW bytes representing an ECDSA private key that can …","Serialized CWT certificate for the signing private key. …","The hardware platform that generated the remote …","","","","","","","","","","","","","","","","","","","","","","","","","","","","",""],"i":[0,0,0,1,1,1,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,27,0,0,0,0,0,0,27,0,0,0,0,0,0,0,0,0,0,27,33,34,27,32,35,28,36,37,29,33,34,27,32,35,28,36,37,29,33,34,27,27,28,29,35,28,32,29,37,27,34,27,27,27,32,35,28,36,37,29,33,34,27,32,27,32,35,28,36,37,29,33,34,36,36,36,32,33,36,33,29,37,32,27,27,27,32,35,28,36,37,29,33,34,27,32,35,28,36,37,29,33,34,27,32,35,28,36,37,29,33,34],"f":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,[[],1],[[1,1],1],[[1,1],2],[[1,1],1],[[1,1],2],[1,3],[1,3],[[1,1],1],[[1,1],2],[-1,-2,[],[]],[-1,-2,[],[]],[1,1],[[-1,-2],2,[],[]],[1,1],[[1,1],4],[5,[[9,[[7,[6]],8]]]],[5,[[9,[10,8]]]],[[[11,[6]]],[[12,[6]]]],[10,[[12,[6]]]],[[1,1],1],[[],1],[[1,-1],2,13],[[1,14],15],[[1,14],15],[[1,14],15],[[1,14],15],[[1,14],15],[-1,-1,[]],[3,[[16,[1]]]],[3,1],[3,1],[3,1],[-1,1,13],[8,[[16,[1]]]],[[],[[2,[17,10]]]],[[17,18,[11,[6]],[7,[[2,[19,20]]]]],[[9,[21,22]]]],[[17,18,10,[7,[[2,[19,20]]]]],[[9,[21,22]]]],[[[11,[6]]],[[9,[23,22]]]],[[[11,[6]]],5],[[1,1],2],[[1,1],1],[[1,1],4],[-1,-2,[],[]],[1],[1,4],[1,4],[1,[[24,[1]]]],[1,[[25,[1]]]],[1,1],[[1,1],2],[[1,1,4],2],[[1,1],1],[[1,1],2],[[1,1],1],[-1,-2,[],[]],[[1,1],2],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,26,[]],[[1,1],1],[10,5],0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[27,27],[[-1,-2],2,[],[]],[28,2],[29,2],0,0,0,0,0,[[27,27],4],0,[[27,14],15],[[27,14],[[9,[2,30]]]],[-1,-1,[]],[-1,-1,[]],[-1,-1,[]],[-1,-1,[]],[-1,-1,[]],[-1,-1,[]],[-1,-1,[]],[-1,-1,[]],[-1,-1,[]],[31,[[16,[27]]]],[32,[[16,[27]]]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],0,0,0,0,0,0,0,0,0,0,[-1,-2,[],[]],[-1,18,[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,[[9,[-2]]],[],[]],[-1,26,[]],[-1,26,[]],[-1,26,[]],[-1,26,[]],[-1,26,[]],[-1,26,[]],[-1,26,[]],[-1,26,[]],[-1,26,[]]],"c":[],"p":[[3,"KeyUsage",2],[15,"tuple"],[15,"u16"],[15,"bool"],[3,"CoseKey",196],[15,"u8"],[3,"Vec",197],[15,"str"],[4,"Result",198],[6,"VerifyingKey",199],[15,"slice"],[15,"array"],[8,"IntoIterator",200],[3,"Formatter",201],[6,"Result",201],[4,"Option",202],[6,"SigningKey",199],[3,"String",203],[6,"ClaimName",204],[4,"Value",205],[3,"CoseSign1",206],[4,"CoseError",207],[3,"ClaimsSet",204],[3,"Iter",208],[3,"IterNames",208],[3,"TypeId",209],[4,"TeePlatform",85],[3,"CertificateAuthority",85],[3,"ApplicationPrivateKeys",85],[3,"Error",201],[15,"u64"],[3,"RootLayerEvidence",85],[3,"Evidence",85],[3,"RestrictedKernelDiceData",85],[3,"LayerEvidence",85],[3,"Stage0DiceData",85],[3,"ApplicationKeys",85]],"b":[[29,"impl-KeyUsage"],[30,"impl-Flags-for-KeyUsage"],[46,"impl-Debug-for-KeyUsage"],[47,"impl-Octal-for-KeyUsage"],[48,"impl-LowerHex-for-KeyUsage"],[49,"impl-UpperHex-for-KeyUsage"],[50,"impl-Binary-for-KeyUsage"],[53,"impl-KeyUsage"],[54,"impl-Flags-for-KeyUsage"],[135,"impl-Debug-for-TeePlatform"],[136,"impl-Display-for-TeePlatform"]]},\ "oak_docker_linux_init":{"doc":"","t":"RAFF","n":["DOCKER_COMMAND_PATH","init","main","init"],"q":[[0,"oak_docker_linux_init"],[3,"oak_docker_linux_init::init"],[4,"anyhow"]],"d":["","","","Performs the minimum initialization required from the …"],"i":[0,0,0,0],"f":[0,0,[[],1],[[],[[3,[2]]]]],"c":[],"p":[[15,"never"],[15,"tuple"],[6,"Result",4]],"b":[]},\ "oak_echo_linux_init":{"doc":"","t":"RAFFF","n":["DEVICE_PATH","init","main","set_console_to_raw_mode","init"],"q":[[0,"oak_echo_linux_init"],[4,"oak_echo_linux_init::init"],[5,"std::os::fd::raw"],[6,"anyhow"]],"d":["","","","","Performs the minimum initialization required from the …"],"i":[0,0,0,0,0],"f":[0,0,[[],1],[2,3],[[],[[4,[3]]]]],"c":[],"p":[[15,"never"],[6,"RawFd",5],[15,"tuple"],[6,"Result",6]],"b":[]},\ "oak_echo_service":{"doc":"","t":"DLLLLLLALLLIDDDDDMMLLLLLLLLLLLLLLLLLLLLKLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL","n":["EchoService","borrow","borrow_mut","default","echo","from","into","proto","try_from","try_into","type_id","Echo","EchoAsyncClient","EchoClient","EchoRequest","EchoResponse","EchoServer","body","body","borrow","borrow","borrow","borrow","borrow","borrow_mut","borrow_mut","borrow_mut","borrow_mut","borrow_mut","clear","clear","clone","clone","clone","clone_into","clone_into","clone_into","default","default","echo","echo","echo","encoded_len","encoded_len","eq","eq","fmt","fmt","from","from","from","from","from","into","into","into","into","into","invoke","new","new","new","to_owned","to_owned","to_owned","try_from","try_from","try_from","try_from","try_from","try_into","try_into","try_into","try_into","try_into","type_id","type_id","type_id","type_id","type_id"],"q":[[0,"oak_echo_service"],[11,"oak_echo_service::proto"],[80,"micro_rpc::status"],[81,"core::result"],[82,"core::any"],[83,"core::clone"],[84,"micro_rpc"],[85,"micro_rpc"],[86,"core::fmt"]],"d":["","","","","","Returns the argument unchanged.","Calls U::from(self).","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","Returns the argument unchanged.","Returns the argument unchanged.","Returns the argument unchanged.","Returns the argument unchanged.","Returns the argument unchanged.","Calls U::from(self).","Calls U::from(self).","Calls U::from(self).","Calls U::from(self).","Calls U::from(self).","","","","","","","","","","","","","","","","","","","","","",""],"i":[0,1,1,1,1,1,1,0,1,1,1,0,0,0,0,0,0,2,3,10,12,2,3,8,10,12,2,3,8,2,3,2,3,8,2,3,8,2,3,22,10,12,2,3,2,3,2,3,10,12,2,3,8,10,12,2,3,8,8,10,12,8,2,3,8,10,12,2,3,8,10,12,2,3,8,10,12,2,3,8],"f":[0,[-1,-2,[],[]],[-1,-2,[],[]],[[],1],[[1,2],[[5,[3,4]]]],[-1,-1,[]],[-1,-2,[],[]],0,[-1,[[5,[-2]]],[],[]],[-1,[[5,[-2]]],[],[]],[-1,6,[]],0,0,0,0,0,0,0,0,[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[2,7],[3,7],[2,2],[3,3],[[[8,[-1]]],[[8,[-1]]],9],[[-1,-2],7,[],[]],[[-1,-2],7,[],[]],[[-1,-2],7,[],[]],[[],2],[[],3],[[-1,2],[[5,[3,4]]],[]],[[[10,[-1]],2],[[5,[[5,[3,4]]]]],11],[[[12,[-1]],2],[[5,[[5,[3,4]]]]],13],[2,14],[3,14],[[2,2],15],[[3,3],15],[[2,16],17],[[3,16],17],[-1,-1,[]],[-1,-1,[]],[-1,-1,[]],[-1,-1,[]],[-1,-1,[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[[[8,[-1]],[19,[18]]],[[5,[[20,[18]],21]]],22],[-1,[[10,[-1]]],11],[-1,[[12,[-1]]],13],[-1,[[8,[-1]]],22],[-1,-2,[],[]],[-1,-2,[],[]],[-1,-2,[],[]],[-1,[[5,[-2]]],[],[]],[-1,[[5,[-2]]],[],[]],[-1,[[5,[-2]]],[],[]],[-1,[[5,[-2]]],[],[]],[-1,[[5,[-2]]],[],[]],[-1,[[5,[-2]]],[],[]],[-1,[[5,[-2]]],[],[]],[-1,[[5,[-2]]],[],[]],[-1,[[5,[-2]]],[],[]],[-1,[[5,[-2]]],[],[]],[-1,6,[]],[-1,6,[]],[-1,6,[]],[-1,6,[]],[-1,6,[]]],"c":[],"p":[[3,"EchoService",0],[3,"EchoRequest",11],[3,"EchoResponse",11],[3,"Status",80],[4,"Result",81],[3,"TypeId",82],[15,"tuple"],[3,"EchoServer",11],[8,"Clone",83],[3,"EchoClient",11],[8,"Transport",84],[3,"EchoAsyncClient",11],[8,"AsyncTransport",84],[15,"usize"],[15,"bool"],[3,"Formatter",85],[6,"Result",85],[15,"u8"],[15,"slice"],[3,"Vec",86],[15,"never"],[8,"Echo",11]],"b":[]},\ diff --git a/doc/src-files.js b/doc/src-files.js index a448bb54e6a..754db134204 100644 --- a/doc/src-files.js +++ b/doc/src-files.js @@ -41,7 +41,7 @@ var srcIndex = JSON.parse('{\ "oak_linux_boot_params":["",[],["lib.rs"]],\ "oak_remote_attestation":["",[],["attester.rs","dice.rs","handler.rs","lib.rs"]],\ "oak_remote_attestation_verification":["",[],["lib.rs","rekor.rs","verifier.rs"]],\ -"oak_restricted_kernel":["",[["boot",[],["mod.rs"]],["mm",[],["bitmap_frame_allocator.rs","encrypted_mapper.rs","frame_allocator.rs","mod.rs","page_tables.rs","virtual_address_allocator.rs"]],["syscall",[],["channel.rs","dice_data.rs","fd.rs","key.rs","mmap.rs","mod.rs","process.rs","stdio.rs"]]],["acpi.rs","args.rs","avx.rs","descriptors.rs","elf.rs","ghcb.rs","interrupts.rs","lib.rs","libm.rs","logging.rs","memory.rs","payload.rs","shutdown.rs","snp.rs","snp_guest.rs","virtio.rs"]],\ +"oak_restricted_kernel":["",[["boot",[],["mod.rs"]],["mm",[],["bitmap_frame_allocator.rs","encrypted_mapper.rs","frame_allocator.rs","mod.rs","page_tables.rs","virtual_address_allocator.rs"]],["syscall",[],["channel.rs","dice_data.rs","fd.rs","key.rs","mmap.rs","mod.rs","process.rs","stdio.rs"]]],["acpi.rs","args.rs","avx.rs","descriptors.rs","dice_attestation.rs","elf.rs","ghcb.rs","interrupts.rs","lib.rs","libm.rs","logging.rs","memory.rs","payload.rs","shutdown.rs","snp.rs","snp_guest.rs","virtio.rs"]],\ "oak_restricted_kernel_api":["",[],["channel.rs","lib.rs","logging.rs","raw_syscall.rs","syscall.rs"]],\ "oak_restricted_kernel_interface":["",[],["errno.rs","lib.rs","syscalls.rs"]],\ "oak_sev_guest":["",[],["ap_jump_table.rs","cpuid.rs","crypto.rs","ghcb.rs","guest.rs","instructions.rs","interrupts.rs","io.rs","lib.rs","msr.rs","secrets.rs","vmsa.rs"]],\ diff --git a/doc/src/oak_dice/evidence.rs.html b/doc/src/oak_dice/evidence.rs.html index bcdcc6ca245..7f8d19654f3 100644 --- a/doc/src/oak_dice/evidence.rs.html +++ b/doc/src/oak_dice/evidence.rs.html @@ -181,6 +181,9 @@ 181 182 183 +184 +185 +186 
    //
 // Copyright 2023 The Project Oak Authors
 //
@@ -209,6 +212,9 @@
 /// The maximum size of an ECDSA private key.
 pub const PRIVATE_KEY_SIZE: usize = 64;
 
+/// The actual size used when encoding a Nist P256 private key.
+pub const P256_PRIVATE_KEY_SIZE: usize = 32;
+
 /// The maximum size of a serialized COSE Key object representing an ECDSA public key.
 pub const PUBLIC_KEY_SIZE: usize = 256;
 
@@ -359,8 +365,8 @@
 #[derive(AsBytes, FromZeroes, FromBytes)]
 #[repr(C)]
 pub struct RestrictedKernelDiceData {
-    evidence: Evidence,
-    application_private_keys: ApplicationPrivateKeys,
+    pub evidence: Evidence,
+    pub application_private_keys: ApplicationPrivateKeys,
 }
 
 static_assertions::assert_eq_size!([u8; 5520], RestrictedKernelDiceData);
diff --git a/doc/src/oak_functions_service/lib.rs.html b/doc/src/oak_functions_service/lib.rs.html
index 336b052f2cd..9c4e763c859 100644
--- a/doc/src/oak_functions_service/lib.rs.html
+++ b/doc/src/oak_functions_service/lib.rs.html
@@ -187,25 +187,6 @@
 187
 188
 189
-190
-191
-192
-193
-194
-195
-196
-197
-198
-199
-200
-201
-202
-203
-204
-205
-206
-207
-208
 
    //
 // Copyright 2022 The Project Oak Authors
 //
@@ -247,10 +228,10 @@
 pub mod lookup;
 pub mod wasm;
 
-use alloc::{format, sync::Arc, vec, vec::Vec};
+use alloc::{format, string::ToString, sync::Arc, vec, vec::Vec};
 use instance::OakFunctionsInstance;
 use oak_core::sync::OnceCell;
-use oak_crypto::{encryptor::EncryptionKeyProvider, proto::oak::crypto::v1::EncryptedRequest};
+use oak_crypto::encryptor::EncryptionKeyProvider;
 use oak_remote_attestation::{
     attester::{AttestationReportGenerator, Attester},
     handler::EncryptionHandler,
@@ -337,16 +318,14 @@
         let encryption_key_provider = self.encryption_key_provider.clone();
         let instance = self.get_instance()?;
 
-        // TODO(#4037): Remove once explicit crypto protos are implemented.
-        // Deserialize request.
-        let encrypted_request = EncryptedRequest::decode(request.body.as_ref()).map_err(|err| {
+        let encrypted_request = request.encrypted_request.ok_or_else(|| {
             micro_rpc::Status::new_with_message(
-                micro_rpc::StatusCode::Internal,
-                format!("couldn't deserialize request: {:?}", err),
+                micro_rpc::StatusCode::InvalidArgument,
+                "InvokeRequest doesn't contain an encrypted request".to_string(),
             )
         })?;
 
-        let mut result = EncryptionHandler::create(encryption_key_provider, |r| {
+        EncryptionHandler::create(encryption_key_provider, |r| {
             // Wrap the invocation result (which may be an Error) into a micro RPC Response
             // wrapper protobuf, and encode that as bytes.
             let response_result: Result<Vec<u8>, micro_rpc::Status> =
@@ -367,24 +346,7 @@
                 micro_rpc::StatusCode::Internal,
                 format!("couldn't call handle_user_request handler: {:?}", err),
             )
-        });
-
-        // TODO(#4037): Remove once explicit crypto protos are implemented.
-        if let Ok(ref mut result) = result {
-            // Serialize response.
-            let serialized_response = result
-                .encrypted_response
-                .as_ref()
-                .ok_or_else(|| {
-                    micro_rpc::Status::new_with_message(
-                        micro_rpc::StatusCode::Internal,
-                        "no encrypted response provided",
-                    )
-                })?
-                .encode_to_vec();
-            result.body = serialized_response;
-        }
-        result
+        })
     }
 
     fn extend_next_lookup_data(
diff --git a/doc/src/oak_remote_attestation/dice.rs.html b/doc/src/oak_remote_attestation/dice.rs.html
index 248d6a86fc1..8d243fd1c7e 100644
--- a/doc/src/oak_remote_attestation/dice.rs.html
+++ b/doc/src/oak_remote_attestation/dice.rs.html
@@ -246,9 +246,6 @@
 246
 247
 248
-249
-250
-251
 
    //
 // Copyright 2023 The Project Oak Authors
 //
@@ -285,9 +282,6 @@
 };
 use p256::ecdsa::{SigningKey, VerifyingKey};
 
-/// The actual size used when encoding a Nist P256 private key.
-const P256_PRIVATE_KEY_SIZE: usize = 32;
-
 /// The size of the attestation report generated by AMD SEV-SNP.
 ///
 /// See Table 21 in <https://www.amd.com/system/files/TechDocs/56860.pdf>.
@@ -474,7 +468,7 @@
         });
         let certificate_authority = Some(CertificateAuthority {
             eca_private_key: value.layer_1_certificate_authority.eca_private_key
-                [..P256_PRIVATE_KEY_SIZE]
+                [..oak_dice::evidence::P256_PRIVATE_KEY_SIZE]
                 .to_vec(),
         });
 
diff --git a/doc/src/oak_restricted_kernel/dice_attestation.rs.html b/doc/src/oak_restricted_kernel/dice_attestation.rs.html
new file mode 100644
index 00000000000..e74541777f9
--- /dev/null
+++ b/doc/src/oak_restricted_kernel/dice_attestation.rs.html
@@ -0,0 +1,191 @@
+dice_attestation.rs - source
    1
+2
+3
+4
+5
+6
+7
+8
+9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+50
+51
+52
+53
+54
+55
+56
+57
+58
+59
+60
+61
+62
+63
+64
+65
+66
+67
+68
+69
+70
+71
+72
+73
+74
+75
+76
+77
+78
+79
+80
+81
+82
+83
+84
+85
+86
+87
+88
+89
+90
+91
+92
+93
+94
+95
+
    //
+// Copyright 2023 The Project Oak Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+use crate::alloc::string::ToString;
+use coset::CborSerializable;
+use zerocopy::FromZeroes;
+
+/// Generates an ECA certificate for use by the application.
+fn generate_application_certificate(
+    kernel_signing_key: &p256::ecdsa::SigningKey,
+    kernel_cert_issuer: alloc::string::String,
+    application_verifying_key: &p256::ecdsa::VerifyingKey,
+    app_digest: &[u8],
+) -> coset::CoseSign1 {
+    let additional_claims = alloc::vec![(
+        coset::cwt::ClaimName::PrivateUse(oak_dice::cert::LAYER_2_CODE_MEASUREMENT_ID),
+        coset::cbor::value::Value::Bytes(app_digest.into()),
+    )];
+    oak_dice::cert::generate_signing_certificate(
+        kernel_signing_key,
+        kernel_cert_issuer,
+        application_verifying_key,
+        additional_claims,
+    )
+    .expect("couldn't generate signing certificate")
+}
+
+/// Generates attestation evidence for the 'measurement' of the application.
+pub fn generate_dice_data(
+    stage0_dice_data: oak_dice::evidence::Stage0DiceData,
+    app_digest: &[u8],
+) -> oak_dice::evidence::RestrictedKernelDiceData {
+    let (application_signing_key, application_verifying_key) =
+        oak_dice::cert::generate_ecdsa_key_pair();
+
+    let kernel_signing_key = p256::ecdsa::SigningKey::from_slice(
+        &stage0_dice_data
+            .layer_1_certificate_authority
+            .eca_private_key[..oak_dice::evidence::P256_PRIVATE_KEY_SIZE],
+    )
+    .expect("failed to parse the layer1 ECDSA private key bytes");
+
+    let application_eca_cert = generate_application_certificate(
+        &kernel_signing_key,
+        // TODO(#4074): Pass the correct cert issuer by parsing the stage0_dice_data and retrieving
+        // it.
+        "Mock Cert issuer.".to_string(),
+        &application_verifying_key,
+        app_digest,
+    );
+
+    let application_keys = {
+        let mut keys = oak_dice::evidence::ApplicationKeys::new_zeroed();
+        let application_eca_cert_vec = application_eca_cert
+            .to_vec()
+            .expect("couldn't serialize application signing 1 ECA certificate");
+        keys.signing_public_key_certificate[..application_eca_cert_vec.len()]
+            .copy_from_slice(&application_eca_cert_vec);
+        // TODO(#4074): Implement the encryption key.
+        keys
+    };
+
+    let application_private_keys: oak_dice::evidence::ApplicationPrivateKeys = {
+        let signing_private_key_bytes = application_signing_key.to_bytes();
+        let mut keys = oak_dice::evidence::ApplicationPrivateKeys::new_zeroed();
+        keys.signing_private_key[..signing_private_key_bytes.as_slice().len()]
+            .copy_from_slice(signing_private_key_bytes.as_slice());
+        // TODO(#4074): Implement the encryption key.
+        keys
+    };
+
+    let evidence = oak_dice::evidence::Evidence {
+        root_layer_evidence: stage0_dice_data.root_layer_evidence,
+        restricted_kernel_evidence: stage0_dice_data.layer_1_evidence,
+        application_keys,
+    };
+
+    oak_dice::evidence::RestrictedKernelDiceData {
+        evidence,
+        application_private_keys,
+    }
+}
+
    
\ No newline at end of file
diff --git a/doc/src/oak_restricted_kernel/lib.rs.html b/doc/src/oak_restricted_kernel/lib.rs.html
index 33f5c810420..cfeaa548f92 100644
--- a/doc/src/oak_restricted_kernel/lib.rs.html
+++ b/doc/src/oak_restricted_kernel/lib.rs.html
@@ -395,6 +395,10 @@
 395
 396
 397
+398
+399
+400
+401
 
    //
 // Copyright 2022 The Project Oak Authors
 //
@@ -438,6 +442,7 @@
 mod avx;
 mod boot;
 mod descriptors;
+mod dice_attestation;
 mod elf;
 mod ghcb;
 mod interrupts;
@@ -580,7 +585,7 @@
             .unwrap()
     };
 
-    let _stage0_dice_data = {
+    let stage0_dice_data = {
         let dice_memory_slice = {
             let e820_dice_data_entry = info
                 .e820_table()
@@ -724,6 +729,9 @@
     let application = payload::Application::load_raw(&mut *channel)
         .expect("failed to load application binary from channel");
 
+    let restricted_kernel_dice_data =
+        dice_attestation::generate_dice_data(stage0_dice_data, application.digest());
+
     let derived_key = if sev_snp_enabled {
         snp_guest::get_derived_key().expect("couldn't derive key")
     } else {
@@ -736,7 +744,7 @@
     extraction.input_ikm(application.digest());
     let (derived_key, _) = extraction.finalize();
 
-    syscall::enable_syscalls(channel, derived_key.into());
+    syscall::enable_syscalls(channel, restricted_kernel_dice_data, derived_key.into());
 
     // Safety: we've loaded the Restricted Application. Whether that's valid or not is no longer
     // under the kernel's control.
diff --git a/doc/src/oak_restricted_kernel/syscall/mod.rs.html b/doc/src/oak_restricted_kernel/syscall/mod.rs.html
index 9e071060237..ee111f5198f 100644
--- a/doc/src/oak_restricted_kernel/syscall/mod.rs.html
+++ b/doc/src/oak_restricted_kernel/syscall/mod.rs.html
@@ -251,10 +251,6 @@
 251
 252
 253
-254
-255
-256
-257
 
    //
 // Copyright 2022 The Project Oak Authors
 //
@@ -320,15 +316,11 @@
     user_flags: usize,
 }
 
-fn mock_dice_data() -> DiceData {
-    <DiceData as zerocopy::FromZeroes>::new_zeroed()
-}
-
-pub fn enable_syscalls(channel: Box<dyn Channel>, derived_key: DerivedKey) {
+pub fn enable_syscalls(channel: Box<dyn Channel>, dice_data: DiceData, derived_key: DerivedKey) {
     channel::register(channel);
     stdio::register();
     key::register(derived_key);
-    dice_data::register(mock_dice_data());
+    dice_data::register(dice_data);
 
     // Allocate a stack for the system call handler.
     let kernel_sp = mm::allocate_stack();