README
¶
Token generation
gen-token is used to generate test attestation tokens from JSON descriptions
of the payload. This is build and used when running the tests.
Token Format
An attestation token has the following format:
NODE_ID||TPMS_ATTEST_LEN||TPMS_ATTEST||TPMS_ATTEST_SIGNATURE
where
NODE_ID is the 16 byte UUID of the attesting node, TPMS_ATTEST_LEN is a
uint16 value containing the length (in bytes) of the following TPMS_ATTEST
structure. TPMS_ATTEST is structured according to
TPM 2.0
Specification.
TPMS_ATTEST_SIGNATURE is the ES256 signature of the TPMS_ATTEST structure.
Token Payload Description Format
gen-token takes a path to a file containing the description of the payload
of the token. This description is a JSON object in the following form:
{
"node-id": "7df7714e-aa04-4638-bcbf-434b1dd720f1",
"firmware": 7,
"pcrs": [1, 2, 3, 4],
"algorithm": 4,
"digest": "h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc="
}
note: "digest" is decoded as []byte, and so, as per
encoding/json marshalling rules,
should be represented as the base64 encoding of its actual value.
Key generation
gen-key.sh is used to generate EC P-256 keys that gen-token uses to create
the signature part of of the token. These keys are already pre-generated inside
../../keys/, and the script is not utilized when running the tests.
Documentation
Source Files