ccnp.quote package

Submodules

ccnp.quote.quote_sdk module

This package provides the definitions and helper class for Quote of confidetial computing, which will be used for remote attestation.

Reference: 1. Part 2: Structures, Trusted Platform Module Library https://trustedcomputinggroup.org/wp-content/uploads/TCG_TPM2_r1p59_Part2_Structures_pub.pdf 2. Architecture Specification: Intel® Trust Domain Extensions (Intel® TDX) Module https://cdrdv2.intel.com/v1/dl/getContent/733568

class ccnp.quote.quote_sdk.Quote(quote: str | None = None, quote_type: str | None = None)

Bases: object

An abstract base class for Quote

This class a abstract class with a common static method get_quote for external SDK interface, the subclasses need to implement parse method to parse Quote information.

_quote

The bytes of a quote.

Type:

bytes

_type

The type of a quote.

Type:

str

static get_quote(nonce: str | None = None, user_data: str | None = None)

Get quote interface

The get quote interface to expose to SDK.

Parameters:

• nonce (str) – Base64 encoded nonce to prevent replay attack.

• user_data (str) – Base64 encoded user data to be measured in a quote.

Returns:

The quote object for specific quote type. None: Filed to get a quote.

Return type:

Quote

property quote: bytes

the bytes of the quote

Type:

bytes

property quote_type: int

The type of the quote.

Type:

str

class ccnp.quote.quote_sdk.QuoteClient(server: str = 'unix:/run/ccnp/uds/quote-server.sock')

Bases: object

Quote client class

This class is a client to connect to Quote Server and do gRPC call getting the server.

_server

The gRPC server to connect.

Type:

str

_channel

The gRPC channel, thread-safe.

Type:

Channel

_nonce

The nonce parameter to get quote.

Type:

str

_user_data

The user data parameter to get quote.

Type:

str

_stub

The get quote stub for gRPC.

Type:

GetQuoteStub

_request

The get quote request for gRPC.

Type:

GetQuoteRequest

request(nonce: str, user_data: str) → GetQuoteResponse | None

Do reuqest to Quote Server Detect the Quote Server and gRPC connect to the server. Make the getting quote stub and request for communication.

Parameters:

• nonce (str) – The nonce parameters for getting quote.

• user_data (str) – The user data parameters for getting quote.

Raises:

• RuntimeError – If Quote Server does not start.

• ConnectionRefusedError – If connect to Quote Server failed.

class ccnp.quote.quote_sdk.QuoteTDX(quote: bytes, quote_type: str)

Bases: Quote

TDX quote class

This class is a subclass of Quote to parse TDX sepecific quote. Refer: https://cdrdv2.intel.com/v1/dl/getContent/733568

_version

TD quote version

Type:

int

_tdreport

The bytes of TD report.

Type:

bytes

_tee_type

Type of TEE for which the Quote has been generated.

Type:

int

_tee_tcb_svn

Array of TEE TCB SVNs.

Type:

bytes

_mrseam

Measurement of the SEAM module (SHA384 hash).

Type:

bytes

_mrsignerseam

Measurement of a 3rd party SEAM module’s signer (SHA384 hash).

Type:

bytes

_seamattributes

SEAM’s ATTRIBUTES.

Type:

bytes

_tdattributes

TD’s ATTRIBUTES.

Type:

bytes

_xfam

TD’s XFAM.

Type:

bytes

_mrtd

Measurement of the initial contents of the TD (SHA384 hash).

Type:

bytes

_mrconfigid

Software defined ID for non-owner-defined configuration of the TD

Type:

bytes

_mrowner

Software defined ID for the guest TD’s owner.

Type:

bytes

_mrownerconfig

Software defined ID for owner-defined configuration of the TD

Type:

bytes

_rtmr

Array of 4 runtime extendable measurement registers (SHA384 hash).

Type:

bytes

_reportdata

Additional Report Data.

Type:

bytes

_signature

ECDSA signature, r component followed by s component, 2 x 32 bytes.

Type:

bytes

_attestation_key

Public part of ECDSA Attestation Key generated by Quoting Enclave.

Type:

bytes

_cert_data

Data required to certify Attestation Key used to sign the Quote.

Type:

bytes

property attestation_key: bytes

the bytes of attestation key in the quote

Type:

bytes

property cert_data: bytes

the bytes of certification data in the quote

Type:

bytes

property mrconfigid: bytes

the bytes of MRCONFIGID in the quote

Type:

bytes

property mrowner: bytes

the bytes of MROWNER in the quote

Type:

bytes

property mrownerconfig: bytes

the bytes of MROWNERCONFIG in the quote

Type:

bytes

property mrseam: bytes

the MRSEAM in the quote

Type:

bytes

property mrsignerseam: bytes

the bytes of MRSIGNERSEAM in the quote

Type:

bytes

property mrtd: bytes

the bytes of MRTD in the quote

Type:

bytes

parse()

Parse TD quote

This method is to parse the TD quote and TD report data. Refer: https://cdrdv2.intel.com/v1/dl/getContent/733568

Raises:

struct.error – Unpack quote data failed.

property report_data: bytes

the bytes of REPORTDATA in the quote

Type:

bytes

property rtmrs: bytes

the bytes of RTMRs in the quote

Type:

bytes

property seam_attributes: bytes

the bytes of SEAM ATTRIBUTES in the quote

Type:

bytes

property signature: bytes

the bytes of signature of the quote

Type:

bytes

property td_attributes: bytes

the bytes of TD ATTRIBUTES in the quote

Type:

bytes

property tdreport: bytes

the bytes of the TD report

Type:

bytes

property tee_type: int

the TEE type of the quote

Type:

int

property version: int

the version of the quote

Type:

int

property xfam: bytes

the bytes of XFAM in the quote

Type:

bytes

class ccnp.quote.quote_sdk.QuoteTPM(quote: bytes, quote_type: str)

Bases: Quote

TODO: implement TPM Quote class

Module contents