Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add a keybroker client implementation #8

Conversation

Arnaud-de-Grandmaison-ARM
Copy link
Collaborator

This series of patches adds support for a keybroker client.

The first 5 patches relate to the keybroker-server, either adding features or fixes in order to prepare the landing of the client.

The client itself is in the last (chunky) patch. The client is divided in 2 parts: a client library and a demo application that makes use of the client library.

CI tests from veraison/keybroker-demo are passing. keybroker-app has been succesfully used in a realm running on an FVP, connecting to a keybroker-server running elsewhere (that did communicate with a veraison instance), achieving the first end-to-end attestation with an FVP.

…mand line argument

Signed-off-by: Arnaud de Grandmaison <arnaud.degrandmaison@arm.com>
…to from its FQDN.

Signed-off-by: Arnaud de Grandmaison <arnaud.degrandmaison@arm.com>
Signed-off-by: Arnaud de Grandmaison <arnaud.degrandmaison@arm.com>
The verbose flag is generally useful for debug purpose obviously, but
also for new comers to the code base who want to understand the flow
of operations.

Signed-off-by: Arnaud de Grandmaison <arnaud.degrandmaison@arm.com>
as well as to optionnally provide a mock challenge, reusing the CCA
example token nonce. This can be useful during system bring-up for example.

Signed-off-by: Arnaud de Grandmaison <arnaud.degrandmaison@arm.com>
Copy link
Collaborator

@paulhowardarm paulhowardarm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great stuff - I just have one minor request to simplify the client configuration with a single endpoint string rather than separate address and port. Other comments are just observations and things we might change in the future. Otherwise happy for this to be merged.

rust-keybroker/keybroker-app/src/main.rs Outdated Show resolved Hide resolved
Copy link
Contributor

@thomas-fossati thomas-fossati left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks! I've left a few comments inline.

rust-keybroker/keybroker-app/src/main.rs Outdated Show resolved Hide resolved
rust-keybroker/keybroker-app/src/main.rs Outdated Show resolved Hide resolved
rust-keybroker/keybroker-app/src/main.rs Outdated Show resolved Hide resolved
rust-keybroker/keybroker-client/src/lib.rs Show resolved Hide resolved
rust-keybroker/keybroker-client/src/lib.rs Outdated Show resolved Hide resolved
rust-keybroker/keybroker-server/src/main.rs Outdated Show resolved Hide resolved
The core of the functionality is provided as a library, with 2 main routines:
 - get_wrapped_key: is the core routine to get a key, with the crypto
   related to the ephemeral wrapping key left to the caller.
 - get_key: is a convenience routine which calls get_wrapped_key and handle
   the crypto when there is no specific requirement.

The demo application illustrates how to use the client library to connect
to the keybroker server and get an attestation. This enables running a
demo of the 2 API calls needed to request the key, supply the evidence
and RSA-decrypt the result.

Co-authored-by: Paul Howard <paul.howard@arm.com>
Signed-off-by: Arnaud de Grandmaison <arnaud.degrandmaison@arm.com>
Copy link
Contributor

@thomas-fossati thomas-fossati left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

Copy link
Collaborator

@paulhowardarm paulhowardarm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All good!

@Arnaud-de-Grandmaison-ARM Arnaud-de-Grandmaison-ARM merged commit f8bc788 into veraison:main Sep 23, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants