ccatoken 0.1.0

CCA attestation token decoding, verification, and appraisal
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

// Copyright 2023 Contributors to the Veraison project.
// SPDX-License-Identifier: Apache-2.0

use crate::token;
use serde::{Deserialize, Serialize};

/// CCA measured firmware component descriptor
#[serde_with::serde_as]
#[derive(Clone, Deserialize, Serialize, Debug)]
pub struct SwComponent {
    /// The measurement value
    #[serde(rename = "measurement-value")]
    #[serde_as(as = "serde_with::hex::Hex")]
    pub mval: Vec<u8>,

    /// The identifier of the ROTPK that signs the firmware image
    #[serde(rename = "signer-id")]
    #[serde_as(as = "serde_with::hex::Hex")]
    pub signer_id: Vec<u8>,

    /// (Optional) versionining information of the firmare release, e.g., using
    /// SemVer
    #[serde(rename = "version")]
    pub version: Option<String>,

    /// (Optional) human readable label describing the firwmare, e.g., "TF-A"
    #[serde(rename = "component-type")]
    pub mtyp: Option<String>,
}

impl SwComponent {
    pub fn new() -> Self {
        Self {
            mval: Default::default(),
            signer_id: Default::default(),
            version: Default::default(),
            mtyp: Default::default(),
        }
    }
}

impl Default for SwComponent {
    fn default() -> Self {
        Self::new()
    }
}

// Allow comparison between SwComponents in evidence and reference values
impl PartialEq<token::SwComponent> for SwComponent {
    fn eq(&self, other: &token::SwComponent) -> bool {
        if self.mval != other.mval {
            return false;
        }

        if self.signer_id != other.signer_id {
            return false;
        }

        if self.mtyp.is_some() && (other.mtyp.is_none() || Some(&self.mtyp) != Some(&other.mtyp)) {
            return false;
        }

        if self.version.is_some()
            && (other.version.is_none() || Some(&self.version) != Some(&other.version))
        {
            return false;
        }

        true
    }
}

/// A CCA platform reference value set, comprising all the firmware components
/// and platform configuration.  It describes an acceptable state for a certain
/// platform, identified by its implementation identifier.  There may be
/// multiple platform-rv records for the same platform at any point in time,
/// each describing one possible "good" state.
#[serde_with::serde_as]
#[derive(Clone, Deserialize, Serialize, Debug, Default)]
pub struct PlatformRefValue {
    /// The platform's implementation identifier
    #[serde(rename = "implementation-id")]
    #[serde_as(as = "serde_with::hex::Hex")]
    pub impl_id: [u8; 32],

    /// The TCB firmare components
    #[serde(rename = "sw-components")]
    pub sw_components: Vec<SwComponent>,

    /// The CCA platform config contains the System Properties field which is
    /// present in the Root NVS public parameters
    #[serde(rename = "platform-configuration")]
    #[serde_as(as = "serde_with::hex::Hex")]
    pub config: Vec<u8>,
}