ccatoken

package module
v1.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 12, 2024 License: Apache-2.0 Imports: 22 Imported by: 6

README

ccatoken

This repository is an implementation of the Confidential Computing Architecture (CCA) Attestation Token Library.

This work is based on the Attestation Token as detailed by the Realm Management Monitor (RMM) Specification

The package allows to:

  • Construct CCA Evidence by separately setting the CCA platform and Realm claims.

  • Sign and serialise the CCA token to CBOR

  • Decode a CBOR-encoded CCA token

  • Verify the CCA token

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func EncodeEvidenceToJSON added in v1.3.0 

func EncodeEvidenceToJSON(e *Evidence) ([]byte, error)

EncodeEvidenceToJSON marshals CCA evidence to JSON.

func ValidateAndEncodeEvidenceToJSON added in v1.3.0 

func ValidateAndEncodeEvidenceToJSON(e *Evidence) ([]byte, error)

ValidateAndEncodeEvidenceToJSON validates and then marshals CCA evidence to JSON.

Types

type CBORCollection 

type CBORCollection struct {
	PlatformToken *[]byte `cbor:"44234,keyasint"`
	RealmToken    *[]byte `cbor:"44241,keyasint"`
}

CBORCollection is a wrapper containing the CBOR data for both platform and realm tokens.

type Evidence 

type Evidence struct {
	PlatformClaims platform.IClaims
	RealmClaims    realm.IClaims
	// contains filtered or unexported fields
}

Evidence is a wrapper around CcaToken

func DecodeAndValidateEvidenceFromCBOR added in v1.3.0 

func DecodeAndValidateEvidenceFromCBOR(buf []byte) (*Evidence, error)

DecodeAndValidateEvidenceFromCBOR unmarshals CCA claims collection from provided CBOR and validates both sets of claims.

func DecodeAndValidateEvidenceFromJSON added in v1.3.0 

func DecodeAndValidateEvidenceFromJSON(buf []byte) (*Evidence, error)

DecodeAndValidateEvidenceFromJSON unmarshals CCA claims collection from provided JSON and validates both sets of claims.

func DecodeEvidenceFromCBOR added in v1.3.0 

func DecodeEvidenceFromCBOR(buf []byte) (*Evidence, error)

DecodeEvidenceFromCBOR unmarshals CCA claims collection from provided CBOR.

func DecodeEvidenceFromJSON added in v1.3.0 

func DecodeEvidenceFromJSON(buf []byte) (*Evidence, error)

DecodeEvidenceFromJSON unmarshals CCA claims collection from provided JSON.

func (*Evidence) GetImplementationID 

func (e *Evidence) GetImplementationID() *[]byte

GetImplementationID returns the ImplementationID from CCA platform token or a nil pointer if no suitable ImplementationID could be located.

func (*Evidence) GetInstanceID 

func (e *Evidence) GetInstanceID() *[]byte

GetInstanceID returns the InstanceID from CCA platform token or a nil pointer if no suitable InstanceID could be located.

func (*Evidence) GetRealmPublicKey 

func (e *Evidence) GetRealmPublicKey() *[]byte

GetRealmPublicKey returns the RMM Public Key RMM Public Key is used to verify the signature on the Realm Token

func (*Evidence) MarshalJSON 

func (e *Evidence) MarshalJSON() ([]byte, error)

MarshalJSON encodes the realm and platform claims into a JSON object.

func (*Evidence) SetClaims 

func (e *Evidence) SetClaims(p platform.IClaims, r realm.IClaims) error

SetClaims sets the specified realm and platform claims in the evidence aend ensures they are valid.

func (*Evidence) SetUnvalidatedClaims added in v1.1.0 

func (e *Evidence) SetUnvalidatedClaims(p platform.IClaims, r realm.IClaims)

SetUnvalidatedClaims is the same as SetClaims but without validation.

func (*Evidence) Sign 

func (e *Evidence) Sign(pSigner cose.Signer, rSigner cose.Signer) ([]byte, error)

Sign signs the given evidence using the supplied Platform and Realm Signer and returns the complete CCA token as CBOR bytes

func (*Evidence) UnmarshalCBOR added in v1.3.0 

func (e *Evidence) UnmarshalCBOR(buf []byte) error

UnmarshalCBOR extracts the realm and platform tokens from the serialized collection.

func (*Evidence) UnmarshalJSON 

func (e *Evidence) UnmarshalJSON(data []byte) error

UnmarshalJSON extracts the realm and platform tokens from the serialized collection.

func (*Evidence) Validate added in v1.3.0 

func (e *Evidence) Validate() error

Validate that both platform and realm cliams have been set and are valid.

func (*Evidence) ValidateAndSign added in v1.3.0 

func (e *Evidence) ValidateAndSign(pSigner cose.Signer, rSigner cose.Signer) ([]byte, error)

ValidateAndSign validates and then signs the given evidence using the supplied Platform and Realm Signer and returns the complete CCA token as CBOR bytes

func (*Evidence) Verify 

func (e *Evidence) Verify(iak crypto.PublicKey) error

Verify verifies the CCA evidence using the supplied platform public key. The integrity of the realm token is checked by extracting the inlined realm public key. This also checks the correctness of the chaining between platform and realm tokens.

type JSONCollection 

type JSONCollection struct {
	PlatformToken json.RawMessage `json:"cca-platform-token,omitempty"`
	RealmToken    json.RawMessage `json:"cca-realm-delegated-token,omitempty"`
}

JSONCollection is a wrapper containing the JSON data for both platform and realm tokens.

Source Files

View all Source files

Directories

Path Synopsis
CCA Realm Claims
 CCA Realm Claims

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.