dtrfs/dtrfs_api/src/snp.rs

use base64::prelude::{Engine, BASE64_URL_SAFE};
use thiserror::Error;
use sev::error::UserApiError;
use sev::firmware::guest::{AttestationReport, DerivedKey, Firmware, GuestFieldSelect};

#[derive(Debug, Error)]
pub enum SNPError {
    #[error("Could not parse the derived key: {0}")]
    KeyParsingError(#[from] std::num::ParseIntError),
    #[error("authorized_keys already contains: {0}")]
    UserApiError(#[from] UserApiError),
    #[error("I/O error: {0}")]
    FirmwareIOError(#[from] std::io::Error),
    #[error("bincode Base64 decoding error: {0}")]
    Base64Error(#[from] bincode::Error),
}

fn request_hardware_report(data: [u8; 64]) -> Result<AttestationReport, SNPError> {
    let mut fw = Firmware::open()?;
    Ok(fw.get_report(None, Some(data), Some(0))?)
}

pub fn get_report_as_base64(data: [u8; 64]) -> Result<String, SNPError> {
    let report = request_hardware_report(data)?;
    Ok(BASE64_URL_SAFE.encode(bincode::serialize(&report)?))
}

pub fn get_derived_key() -> Result<String, SNPError> {
    let mut fw = Firmware::open()?;
    let request =
        DerivedKey::new(false, GuestFieldSelect(u64::from_str_radix("11111", 2)?), 1, 0, 0);
    let derived_key: [u8; 32] = fw.get_derived_key(None, request)?;
    Ok(BASE64_URL_SAFE.encode(derived_key))
}