Skip to content

Phala-Network/dcap-qvl

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

107 Commits
.github
.github
 
 
cli
cli
 
 
python-bindings
python-bindings
 
 
sample
sample
 
 
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

dcap-qvl

This crate implements the quote verification logic for DCAP (Data Center Attestation Primitives) in pure Rust. It supports both SGX (Software Guard Extensions) and TDX (Trust Domain Extensions) quotes.

Features

  • Verify SGX and TDX quotes
  • Get collateral from PCCS
  • Extract information from quotes

Usage

Add the following dependency to your Cargo.toml file to use this crate:

[dependencies]
dcap-qvl = "0.1.0"

Examples

Get Collateral from PCCS_URL and Verify Quote

To get collateral from a PCCS_URL and verify a quote, you can use the following example code:

use dcap_qvl::collateral::get_collateral;
use dcap_qvl::verify::verify;

#[tokio::main]
async fn main() {
    // Get PCCS_URL from environment variable. The URL is like "https://localhost:8081/sgx/certification/v4/".
    let pccs_url = std::env::var("PCCS_URL").expect("PCCS_URL is not set");
    let quote = std::fs::read("tdx_quote").expect("tdx_quote is not found");
    let collateral = get_collateral(&pccs_url, &quote, std::time::Duration::from_secs(10)).await.expect("failed to get collateral");
    let now = std::time::SystemTime::now().duration_since(std::time::UNIX_EPOCH).unwrap().as_secs();
    let tcb = verify(&quote, &collateral, now).expect("failed to verify quote");
    println!("{:?}", tcb);
}

Get Collateral from Intel PCS and Verify Quote

use dcap_qvl::collateral::get_collateral_from_pcs;
use dcap_qvl::verify::verify;

#[tokio::main]
async fn main() {
    let quote = std::fs::read("tdx_quote").expect("tdx_quote is not found");
    let collateral = get_collateral_from_pcs(&quote, std::time::Duration::from_secs(10)).await.expect("failed to get collateral");
    let now = std::time::SystemTime::now().duration_since(std::time::UNIX_EPOCH).unwrap().as_secs();
    let tcb = verify(&quote, &collateral, now).expect("failed to verify quote");
    println!("{:?}", tcb);
}

Python Bindings

Python bindings are available for this crate, providing a Pythonic interface to the DCAP quote verification functionality.

Quick Start

# Build and test Python bindings
make build_python
make test_python

# Test across Python versions (3.8-3.12)
make test_python_versions

Usage

import dcap_qvl

# Create collateral from JSON
collateral = dcap_qvl.QuoteCollateralV3.from_json(json_data)

# Verify quote
result = dcap_qvl.verify(quote_bytes, collateral, timestamp)
print(f"Status: {result.status}")

See python-bindings/ for complete documentation, examples, and testing information.

License

This crate is licensed under the MIT license. See the LICENSE file for details.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

19 stars

Watchers

5 watching

Forks

11 forks
Report repository

Releases 2

Release v0.3.0 Latest
Jul 31, 2025
+ 1 release

Packages

No packages published

Contributors 7

Languages