CCF
Loading...
Searching...
No Matches
uvm_endorsements.h
Go to the documentation of this file.
1// Copyright (c) Microsoft Corporation. All rights reserved.
2// Licensed under the Apache 2.0 License.
3#pragma once
4
5#include "ccf/crypto/base64.h"
6#include "ccf/ds/json.h"
7#include "ccf/pal/measurement.h"
8#include "ccf/pal/uvm_endorsements.h"
9#include "ccf/service/tables/uvm_endorsements.h"
10#include "crypto/openssl/cose_verifier.h"
11#include "node/cose_common.h"
12
13#include <didx509cpp/didx509cpp.h>
14#include <nlohmann/json.hpp>
15#include <qcbor/qcbor.h>
16#include <qcbor/qcbor_spiffy_decode.h>
17#include <span>
18#include <t_cose/t_cose_sign1_verify.h>
19
20namespace ccf
21{
27 DECLARE_JSON_TYPE(UVMEndorsementsPayload);
28 DECLARE_JSON_REQUIRED_FIELDS_WITH_RENAMES(
29 UVMEndorsementsPayload,
30 sevsnpvm_guest_svn,
31 "x-ms-sevsnpvm-guestsvn",
32 sevsnpvm_launch_measurement,
33 "x-ms-sevsnpvm-launchmeasurement");
34
35 struct UvmEndorsementsProtectedHeader
36 {
37 int64_t alg;
38 std::string content_type;
39 std::vector<std::vector<uint8_t>> x5_chain;
40 std::string iss;
41 std::string feed;
42 };
43
44 // Roots of trust for UVM endorsements/measurement in AMD SEV-SNP attestations
45 static std::vector<pal::UVMEndorsements> default_uvm_roots_of_trust = {
46 // Confidential Azure Kubertnetes Service (AKS)
47 {"did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6."
48 "1.4.1.311.76.59.1.2",
49 "ContainerPlat-AMD-UVM",
50 "100"},
51 // Confidential Azure Container Instances (ACI)
52 {"did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6."
53 "1.4.1.311.76.59.1.5",
54 "ConfAKS-AMD-UVM",
55 "1"}};
56
57 pal::UVMEndorsements verify_uvm_endorsements_against_roots_of_trust(
58 const std::vector<uint8_t>& uvm_endorsements_raw,
59 const pal::PlatformAttestationMeasurement& uvm_measurement,
60 const std::vector<pal::UVMEndorsements>& uvm_roots_of_trust);
61}
cose_common.h
uvm_endorsements.h
uvm_endorsements.h
DECLARE_JSON_TYPE
#define DECLARE_JSON_TYPE(TYPE)
Definition json.h:663
DECLARE_JSON_REQUIRED_FIELDS_WITH_RENAMES
#define DECLARE_JSON_REQUIRED_FIELDS_WITH_RENAMES(TYPE,...)
Definition json.h:752
ccf
Definition app_interface.h:14
ccf::verify_uvm_endorsements_against_roots_of_trust
pal::UVMEndorsements verify_uvm_endorsements_against_roots_of_trust(const std::vector< uint8_t > &uvm_endorsements_raw, const pal::PlatformAttestationMeasurement &uvm_measurement, const std::vector< pal::UVMEndorsements > &uvm_roots_of_trust)
Definition uvm_endorsements.cpp:316
cose_verifier.h
ccf::UVMEndorsementsPayload
Definition uvm_endorsements.h:23
ccf::UVMEndorsementsPayload::sevsnpvm_guest_svn
std::string sevsnpvm_guest_svn
Definition uvm_endorsements.h:24
ccf::UVMEndorsementsPayload::sevsnpvm_launch_measurement
std::string sevsnpvm_launch_measurement
Definition uvm_endorsements.h:25
ccf::UvmEndorsementsProtectedHeader
Definition uvm_endorsements.h:36
ccf::UvmEndorsementsProtectedHeader::feed
std::string feed
Definition uvm_endorsements.h:41
ccf::UvmEndorsementsProtectedHeader::alg
int64_t alg
Definition uvm_endorsements.h:37
ccf::UvmEndorsementsProtectedHeader::iss
std::string iss
Definition uvm_endorsements.h:40
ccf::UvmEndorsementsProtectedHeader::x5_chain
std::vector< std::vector< uint8_t > > x5_chain
Definition uvm_endorsements.h:39
ccf::UvmEndorsementsProtectedHeader::content_type
std::string content_type
Definition uvm_endorsements.h:38
Generated by doxygen 1.9.8