ccatoken 0.1.0

CCA attestation token decoding, verification, and appraisal
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

// Copyright 2023 Contributors to the Veraison project.
// SPDX-License-Identifier: Apache-2.0

use super::cpak::Cpak;
use super::errors::Error;
use super::ITrustAnchorStore;
use jsonwebtoken::jwk;
use std::collections::HashMap;
use std::sync::RwLock;

/// The store where the active CPAKs are stashed.  CPAKs are indexed by their
/// instance-id.
#[derive(Debug)]
pub struct MemoTrustAnchorStore {
    p: RwLock<HashMap<[u8; 33], Cpak>>,
}

impl Default for MemoTrustAnchorStore {
    fn default() -> Self {
        Self::new()
    }
}

impl MemoTrustAnchorStore {
    /// Returns a new empty TrustAnchorStore
    pub fn new() -> Self {
        Self {
            p: Default::default(),
        }
    }

    /// Add to an existing (and possibly empty) TrustAnchorStore the trust
    /// anchors loaded from the given JSON file
    pub fn load_json(&mut self, j: &str) -> Result<(), Error> {
        let mut tas: Vec<Cpak> =
            serde_json::from_str(j).map_err(|e| Error::Syntax(e.to_string()))?;

        for ta in tas.iter_mut() {
            ta.parse_pkey()?;
            self.p.write().unwrap().insert(ta.inst_id, ta.clone());
        }

        Ok(())
    }
}

impl ITrustAnchorStore for MemoTrustAnchorStore {
    /// Lookup a trust anchor from the store given the corresponding Instance ID
    fn lookup(&self, inst_id: &[u8; 33]) -> Option<Cpak> {
        return self.p.read().unwrap().get(inst_id).cloned();
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    const TEST_JSON_TA_OK_0: &str = include_str!("../../testdata/ta.json");
    const TEST_INST_ID_0: &[u8; 33] = include_bytes!("../../testdata/inst-id.bin");
    const TEST_IMPL_ID_0: &[u8; 32] = include_bytes!("../../testdata/impl-id.bin");
    const TEST_PKEY_0: &str = include_str!("../../testdata/pkey.json");

    #[test]
    fn load_json_and_lookup_ok() {
        let mut s: MemoTrustAnchorStore = Default::default();

        // load store from JSON
        s.load_json(TEST_JSON_TA_OK_0).unwrap();

        // lookup a known platform reference value
        let ta = s.lookup(TEST_INST_ID_0);
        assert!(ta.is_some());

        let res = ta.unwrap();

        assert_eq!(res.inst_id, *TEST_INST_ID_0);
        assert_eq!(res.impl_id, *TEST_IMPL_ID_0);

        let pkey = serde_json::from_str::<jwk::Jwk>(TEST_PKEY_0).unwrap();
        assert_eq!(res.pkey, Some(pkey));
    }
}