-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add a keybroker client implementation #8
feat: add a keybroker client implementation #8
Conversation
…mand line argument Signed-off-by: Arnaud de Grandmaison <arnaud.degrandmaison@arm.com>
…to from its FQDN. Signed-off-by: Arnaud de Grandmaison <arnaud.degrandmaison@arm.com>
Signed-off-by: Arnaud de Grandmaison <arnaud.degrandmaison@arm.com>
The verbose flag is generally useful for debug purpose obviously, but also for new comers to the code base who want to understand the flow of operations. Signed-off-by: Arnaud de Grandmaison <arnaud.degrandmaison@arm.com>
as well as to optionnally provide a mock challenge, reusing the CCA example token nonce. This can be useful during system bring-up for example. Signed-off-by: Arnaud de Grandmaison <arnaud.degrandmaison@arm.com>
a0b0f96
to
2072cb5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great stuff - I just have one minor request to simplify the client configuration with a single endpoint
string rather than separate address and port. Other comments are just observations and things we might change in the future. Otherwise happy for this to be merged.
2072cb5
to
55bc8fb
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks! I've left a few comments inline.
8b10f98
to
139962a
Compare
139962a
to
7fd90e2
Compare
The core of the functionality is provided as a library, with 2 main routines: - get_wrapped_key: is the core routine to get a key, with the crypto related to the ephemeral wrapping key left to the caller. - get_key: is a convenience routine which calls get_wrapped_key and handle the crypto when there is no specific requirement. The demo application illustrates how to use the client library to connect to the keybroker server and get an attestation. This enables running a demo of the 2 API calls needed to request the key, supply the evidence and RSA-decrypt the result. Co-authored-by: Paul Howard <paul.howard@arm.com> Signed-off-by: Arnaud de Grandmaison <arnaud.degrandmaison@arm.com>
7fd90e2
to
0de4028
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All good!
This series of patches adds support for a keybroker client.
The first 5 patches relate to the
keybroker-server
, either adding features or fixes in order to prepare the landing of the client.The client itself is in the last (chunky) patch. The client is divided in 2 parts: a client library and a demo application that makes use of the client library.
CI tests from
veraison/keybroker-demo
are passing.keybroker-app
has been succesfully used in a realm running on an FVP, connecting to akeybroker-server
running elsewhere (that did communicate with a veraison instance), achieving the first end-to-end attestation with an FVP.