Merge pull request #176 from gmandyam/CCA-Example

Add CCA Token example
lamps-wg · Jan 30, 2025 · 7557b88 · 7557b88
2 parents 500fe12 + 9ed9276
commit 7557b88
Show file tree

Hide file tree

Showing 2 changed files with 83 additions and 5 deletions.
diff --git a/draft-ietf-lamps-csr-attestation.md b/draft-ietf-lamps-csr-attestation.md
@@ -79,6 +79,7 @@ informative:
   I-D.ietf-rats-daa:
   I-D.ietf-lamps-attestation-freshness:
   I-D.tschofenig-rats-psa-token:
+  I-D.ffm-rats-cca-token:
   TPM20:
     author:
       org: Trusted Computing Group
@@ -1346,6 +1347,50 @@ the result of CBOR encoding the CMW collection shown below
 }
 ~~~
 
+## Confidential Compute Architecture (CCA) Platform Token in CSR
+
+The Confidential Compute Architecture (CCA) Platform Token is described in
+{{I-D.ffm-rats-cca-token}} and is also based on the EAT format.  Although the
+full CCA attestation is composed of Realm and Platform Evidence, for the purposes
+of this example only the Platform token is provided.
+~~~
+EvidenceBundle
+   +
+   |
+   + Evidences
+   |
+   +---->  EvidenceStatement
+        +
+        |
+        +-> type: OID for CCA Platform Attestation Toekn
+        |         1 3 6 1 5 5 7 1 TBD
+        |
+        +-> stmt: CCA Platform Token
+~~~
+Although the CCA Platform Token follows the EAT/CMW format, it is untagged.
+This is because the encoding can be discerned in the CSR based on the OID alone.
+The untagged token based on a sample claim set is provided below:
+~~~
+{::include-fold sampledata/cca.diag}
+~~~
+Realm evidence can be included in a CMW bundle, similar to the PSA token.
+In this case, the CSR is constructed as follows:
+~~~
+EvidenceBundle
+   +
+   |
+   + Evidences
+   |
+   +---->  EvidenceStatement
+        +
+        |
+        +-> type: OID for CMW Collection
+        |         1 3 6 1 5 5 7 1 TBD
+        |
+        +-> stmt: Realm Token/Platform Token CMW Collection or
+                         Realm Claim Set/Platform Token CMW Collection
+~~~
+
 # ASN.1 Module
 
 ~~~
@@ -1385,9 +1430,10 @@ Smith.
 We would like to specifically thank Mike StJohns for his work on an earlier
 version of this draft.
 
-We would also like to specifically thank Monty Wiseman for providing the
-appendix showing how to carry a TPM 2.0 Attestation, and to Corey Bonnell for helping with the hackathon scripts to bundle it into a CSR.
+We would also like to specifically thank Giri Mandyam for providing the
+appendix illustrating the confidential computing scenario, and to Corey
+Bonnell for helping with the hackathon scripts to bundle it into a CSR.
 
-Finally, we would like to thank Andreas Kretschmer, Hendrik Brockhaus, David von Oheimb,
-and Thomas Fossati for their feedback based on implementation experience, and Daniel Migault and Russ Housley
-for their review comments.
+Finally, we would like to thank Andreas Kretschmer, Hendrik Brockhaus,
+David von Oheimb, and Thomas Fossati for their feedback based on implementation
+experience, and Daniel Migault and Russ Housley for their review comments.
diff --git a/sampledata/cca.diag b/sampledata/cca.diag
@@ -0,0 +1,32 @@
+
+/ Sample Platform Claims Set in CDDL                          /
+{
+   / cca-platform-profile / 265:"tag:arm.com,2023:cca_platform#1.0.0"
+   / arm-platform-challenge, SHA-256 calculation of ‘RAK’ / 10: h' c9cdc457ebe981d563b19b5a8e0e3cbef5b944d58e278c9c6779f77beb65bbd5’
+   / arm-platform-lifecycle / 2395: h'3000' /secured/
+   / arm-platform-sw-components / 2399: [ {1:"ROTFMC", 2:h'903a36d3a0a511ecac4548fee8601af54247c110ce220f680a0b274441729105’, 5:h'd4cf61e472d18c8e926ce0d44496674792587c88706e8a123b294c000895d9ea’},
+      {1:"ROTFW", 2:h'59d4116525e974b5b62ffd7c4ffcbaa0b98e08263403aeb6638797132d2af959’, 5:h'd4cf61e472d18c8e926ce0d44496674792587c88706e8a123b294c000895d9ea’} ]
+   /arm-platform-id/ 256: h’ 946338159d767f9f37098a00a60f133b6d57886fc656f5f9eed13760b4893fa1’
+   /arm-platform-implementation-id/ 2396: h’0000000000000000000000000000000000000000000000000000000000000001’
+}
+
+/ This is a full CWT-formatted token. The payload is a sample
+/ Platform Claim Set. The main structure                       /
+/ visible is that of the COSE_Sign1.                          /
+
+61( 18( [
+    h'a10126',  / protected headers  /
+    {}, / empty unprotected headers / 
+    h’a419010978237461673a61726d2e636f6d2c323032333a6363615f706c74666f726d23312e392e300a580020c9cdc457ebe981d563b19b5a8e0e3cbef5b944d58e278c9c6779f77beb65bbd519095b42300019095f82
+      a30166524f54464d4302580020903a36d3a0a511ecac4548fee8601af54247c110ce220f680a0b27444172910505580020d4cf61e472d18c8e926ce0d44496674792587c88706e8a123b294c000895d9eaae0165524f
+      5446575800200259d4116525e974b5b62ffd7c4ffcbaa0b98e08263403aeb6638797132d2af95905580020d4cf61e472d18c8e926ce0d44496674792587c88706e8a123b294c000895d9ea1901007820946338159d76
+      7f9f37098a00a60f133b6d57886fc656f5f9eed13760b4893fa11a095c58200000000000000000000000000000000000000000000000000000000000000001' /payload/
+    h'cbbfa929cb9b846cb5527d7ef9b7657256412a5f22a6e1a8d3a0c71145022100db4b1b97913b1cd9d6e11c1fadbc0869882ba6644b9db09d221f198e3286654b' /signature/
+] ) )
+
+/Untagged serialized token/
+h'8443a10126a0590141a419010978237461673a61726d2e636f6d2c323032333a6363615f706c74666f726d23312e392e300a580020c9cdc457ebe981d563b19b5a8e0e3cbef5b944d58e278c9c6779f77beb65bbd519095b42300019095f82
+  a30166524f54464d4302580020903a36d3a0a511ecac4548fee8601af54247c110ce220f680a0b27444172910505580020d4cf61e472d18c8e926ce0d44496674792587c88706e8a123b294c000895d9eaae0165524f5446575800200259d4
+  116525e974b5b62ffd7c4ffcbaa0b98e08263403aeb6638797132d2af95905580020d4cf61e472d18c8e926ce0d44496674792587c88706e8a123b294c000895d9ea1901007820946338159d767f9f37098a00a60f133b6d57886fc656f5f9
+  eed13760b4893fa11a095c582000000000000000000000000000000000000000000000000000000000000000015840cbbfa929cb9b846cb5527d7ef9b7657256412a5f22a6e1a8d3a0c71145022100db4b1b97913b1cd9d6e11c1fadbc0869
+  882ba6644b9db09d221f198e3286654b'