ccatoken

package module
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 2, 2024 License: Apache-2.0 Imports: 21 Imported by: 7

README

ccatoken

This repository is an implementation of the Confidential Computing Architecture (CCA) Attestation Token Library.

This work is based on the Attestation Token as detailed by the Realm Management Monitor (RMM) Specification

The package allows to:

  • Construct CCA Evidence by separately setting the CCA platform and Realm claims.

  • Sign and serialise the CCA token to CBOR

  • Decode a CBOR-encoded CCA token

  • Verify the CCA token

Documentation

Overview

CCA Realm Claims

Index

Constants

View Source 
const (
	MaxLenRealmExtendedMeas = 4
)

Variables

View Source 
var (
	ErrClaimUndefined        = errors.New("undefined claim")
	ErrOptionalClaimMissing  = errors.New("missing optional claim")
	ErrMandatoryClaimMissing = errors.New("missing mandatory claim")
	ErrWrongClaimSyntax      = errors.New("wrong syntax for claim")
	ErrWrongProfile          = errors.New("wrong profile")
)

Functions

This section is empty.

Types

type CBORClaimer 

type CBORClaimer interface {
	ToCBOR() ([]byte, error)
	ToUnvalidatedCBOR() ([]byte, error)
}

type CBORCollection 

type CBORCollection struct {
	PlatformToken *[]byte `cbor:"44234,keyasint"`
	RealmToken    *[]byte `cbor:"44241,keyasint"`
}

type Evidence 

type Evidence struct {
	PlatformClaims psatoken.IClaims
	RealmClaims    IClaims
	// contains filtered or unexported fields
}

Evidence is a wrapper around CcaToken

func (*Evidence) FromCBOR 

func (e *Evidence) FromCBOR(buf []byte) error

FromCBOR extracts and validates the realm and platform tokens from the serialized collection.

func (*Evidence) GetImplementationID 

func (e *Evidence) GetImplementationID() *[]byte

GetImplementationID returns the ImplementationID from CCA platform token or a nil pointer if no suitable ImplementationID could be located.

func (*Evidence) GetInstanceID 

func (e *Evidence) GetInstanceID() *[]byte

GetInstanceID returns the InstanceID from CCA platform token or a nil pointer if no suitable InstanceID could be located.

func (*Evidence) GetRealmPublicKey 

func (e *Evidence) GetRealmPublicKey() *[]byte

GetRealmPublicKey returns the RMM Public Key RMM Public Key is used to verify the signature on the Realm Token

func (*Evidence) MarshalJSON 

func (e *Evidence) MarshalJSON() ([]byte, error)

func (*Evidence) MarshalUnvalidatedJSON added in v1.1.0 

func (e *Evidence) MarshalUnvalidatedJSON() ([]byte, error)

func (*Evidence) SetClaims 

func (e *Evidence) SetClaims(p psatoken.IClaims, r IClaims) error

func (*Evidence) SetUnvalidatedClaims added in v1.1.0 

func (e *Evidence) SetUnvalidatedClaims(p psatoken.IClaims, r IClaims) error

func (*Evidence) Sign 

func (e *Evidence) Sign(pSigner cose.Signer, rSigner cose.Signer) ([]byte, error)

Sign signs the given evidence using the supplied Platform and Realm Signer and returns the complete CCA token as CBOR bytes

func (*Evidence) SignUnvalidated added in v1.1.0 

func (e *Evidence) SignUnvalidated(pSigner cose.Signer, rSigner cose.Signer) ([]byte, error)

Sign signs the given evidence using the supplied Platform and Realm Signer and returns the complete CCA token as CBOR bytes

func (*Evidence) UnmarshalJSON 

func (e *Evidence) UnmarshalJSON(data []byte) error

func (*Evidence) UnmarshalUnvalidatedJSON added in v1.1.0 

func (e *Evidence) UnmarshalUnvalidatedJSON(data []byte) error

func (*Evidence) Verify 

func (e *Evidence) Verify(iak crypto.PublicKey) error

Verify verifies the CCA evidence using the supplied platform public key. The integrity of the realm token is checked by extracting the inlined realm public key. This also checks the correctness of the chaining between platform and realm tokens.

type IClaims 

type IClaims interface {
	// Getters
	GetChallenge() ([]byte, error)
	GetPersonalizationValue() ([]byte, error)
	GetInitialMeasurement() ([]byte, error)
	GetExtensibleMeasurements() ([][]byte, error)
	GetHashAlgID() (string, error)
	GetPubKey() ([]byte, error)
	GetPubKeyHashAlgID() (string, error)

	// Setters
	SetChallenge([]byte) error
	SetPersonalizationValue([]byte) error
	SetInitialMeasurement([]byte) error
	SetExtensibleMeasurements([][]byte) error
	SetHashAlgID(string) error
	SetPubKey([]byte) error
	SetPubKeyHashAlgID(string) error

	// CBOR codecs
	FromCBOR([]byte) error
	ToCBOR() ([]byte, error)
	FromUnvalidatedCBOR([]byte) error
	ToUnvalidatedCBOR() ([]byte, error)

	// JSON codecs
	FromJSON([]byte) error
	ToJSON() ([]byte, error)
	FromUnvalidatedJSON([]byte) error
	ToUnvalidatedJSON() ([]byte, error)

	// Semantic validation
	Validate() error
}

IClaims provides a uniform interface for dealing with CCA realm claims

func DecodeClaims 

func DecodeClaims(buf []byte) (IClaims, error)

func NewClaims 

func NewClaims() IClaims

type JSONCollection 

type JSONCollection struct {
	PlatformToken json.RawMessage `json:"cca-platform-token,omitempty"`
	RealmToken    json.RawMessage `json:"cca-realm-delegated-token,omitempty"`
}

type RealmClaims 

type RealmClaims struct {
	Challenge              *eat.Nonce `cbor:"10,keyasint" json:"cca-realm-challenge"`
	PersonalizationValue   *[]byte    `cbor:"44235,keyasint" json:"cca-realm-personalization-value"`
	InitialMeasurement     *[]byte    `cbor:"44238,keyasint" json:"cca-realm-initial-measurement"`
	ExtensibleMeasurements *[][]byte  `cbor:"44239,keyasint" json:"cca-realm-extensible-measurements"`
	HashAlgID              *string    `cbor:"44236,keyasint" json:"cca-realm-hash-algo-id"`
	PublicKey              *[]byte    `cbor:"44237,keyasint" json:"cca-realm-public-key"`
	PublicKeyHashAlgID     *string    `cbor:"44240,keyasint" json:"cca-realm-public-key-hash-algo-id"`
}

func (*RealmClaims) FromCBOR 

func (c *RealmClaims) FromCBOR(buf []byte) error

func (*RealmClaims) FromJSON 

func (c *RealmClaims) FromJSON(buf []byte) error

func (*RealmClaims) FromUnvalidatedCBOR added in v1.1.0 

func (c *RealmClaims) FromUnvalidatedCBOR(buf []byte) error

func (*RealmClaims) FromUnvalidatedJSON added in v1.1.0 

func (c *RealmClaims) FromUnvalidatedJSON(buf []byte) error

func (RealmClaims) GetChallenge 

func (c RealmClaims) GetChallenge() ([]byte, error)

Getters

func (RealmClaims) GetExtensibleMeasurements 

func (c RealmClaims) GetExtensibleMeasurements() ([][]byte, error)

func (RealmClaims) GetHashAlgID 

func (c RealmClaims) GetHashAlgID() (string, error)

func (RealmClaims) GetInitialMeasurement 

func (c RealmClaims) GetInitialMeasurement() ([]byte, error)

func (RealmClaims) GetPersonalizationValue 

func (c RealmClaims) GetPersonalizationValue() ([]byte, error)

func (RealmClaims) GetPubKey 

func (c RealmClaims) GetPubKey() ([]byte, error)

func (RealmClaims) GetPubKeyHashAlgID 

func (c RealmClaims) GetPubKeyHashAlgID() (string, error)

func (*RealmClaims) SetChallenge 

func (c *RealmClaims) SetChallenge(v []byte) error

func (*RealmClaims) SetExtensibleMeasurements 

func (c *RealmClaims) SetExtensibleMeasurements(v [][]byte) error

func (*RealmClaims) SetHashAlgID 

func (c *RealmClaims) SetHashAlgID(v string) error

func (*RealmClaims) SetInitialMeasurement 

func (c *RealmClaims) SetInitialMeasurement(v []byte) error

func (*RealmClaims) SetPersonalizationValue 

func (c *RealmClaims) SetPersonalizationValue(v []byte) error

func (*RealmClaims) SetPubKey 

func (c *RealmClaims) SetPubKey(v []byte) error

func (*RealmClaims) SetPubKeyHashAlgID 

func (c *RealmClaims) SetPubKeyHashAlgID(v string) error

func (RealmClaims) ToCBOR 

func (c RealmClaims) ToCBOR() ([]byte, error)

func (RealmClaims) ToJSON 

func (c RealmClaims) ToJSON() ([]byte, error)

func (RealmClaims) ToUnvalidatedCBOR added in v1.1.0 

func (c RealmClaims) ToUnvalidatedCBOR() ([]byte, error)

func (RealmClaims) ToUnvalidatedJSON added in v1.1.0 

func (c RealmClaims) ToUnvalidatedJSON() ([]byte, error)

func (RealmClaims) Validate 

func (c RealmClaims) Validate() error

Semantic validation

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.