Implementation of the Arm CCA attestation token in Rust
License: Apache License 2.0
This repository is no longer in use. Various aspects of Veraison have been split into separate repositories.
If you're looking for the main Veraison services repository, you can find it here:
https://github.com/veraison/services
Please look into the the project overview on Veraison Organization for the description of how Veraison code is organized and where to look for specific things:
https://github.com/veraison
We should have a binary alongside the library code that exercises all the (sub)modules of this crate.
It can be used as a quick demonstrator of the integrated functionality exposed by the crate, e.g.:
$ ccatoken verify token.cbor tastore.json$ ccatoken appraise token.cbor rvstore.jsonThe stores (reference values and trust anchors) should be defined as interfaces.
The library should offer a concrete implementation of the traits that is simple and minimalist. The current in-memory stores can be repurposed for that.
Define the test plan for the crate. The document (e.g., an entry in the wiki of this repo), should contain separate sections:
Each section should describe a number of meaningful tests for functionality and should include a test description, test vector(s) and the expected outcome (i.e., success, or failure w/ reason).
After successful verification, the platform and realm claims-sets are appraised against the configured reference values. The output of the appraisal is an ar4si trustworthiness vector.
Not sure how, but I managed to confuse CPAK with RAK in the trust anchor store.
CPAK should be provisioned in a JSON-friendly format to fit in the store data model.
JWK is preferred over textual SPKI as it's a native JSON format and doesn't need any escaping on serialisation.
On receipt of the CCA token, the first thing to do is to (CBOR) decode the EAT collection wrapper around the platform and realm tokens.
Verification of the CCA token is a three-legged procedure comprising cryptographic verification of the platform and realm tokens, as well as their hash-lock binding.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.