commit 2dedd32ea0450b715b0a6a682613f49d8be79c61
author Livia Seibert <livseibert@gmail.com> Tue Apr 16 20:41:26 2024
committer Chromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com> Tue Apr 16 20:41:26 2024
tree e05c708bbb720d3665ea2fe9523e1708b049f69c
parent 353d3fbb841d0f433d42d50d667deaca89779086

Porting attestation verification from Rust to C++.

Header file for https://github.com/project-oak/oak/blob/main/oak_attestation_verification/src/endorsement.rs

Change-Id: I616b8ee851b61888b7c42b82937ad7330c399bb9
Bug: b/324141620
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5454987
Reviewed-by: Adam Langley <agl@chromium.org>
Commit-Queue: Livia Seibert <livseibert@google.com>
Reviewed-by: Ken Buchanan <kenrb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1288285}

device/fido/BUILD.gn

diff --git a/device/fido/BUILD.gn b/device/fido/BUILD.gn
index 32f50f3..3fdcec61 100644
--- a/device/fido/BUILD.gn
+++ b/device/fido/BUILD.gn
@@ -165,6 +165,8 @@
       "enclave/types.h",
       "enclave/verify/claim.cc",
       "enclave/verify/claim.h",
+      "enclave/verify/endorsement.cc",
+      "enclave/verify/endorsement.h",
       "enclave/verify/verify.h",
       "fido_authenticator.cc",
       "fido_authenticator.h",

device/fido/enclave/verify/endorsement.cc

diff --git a/device/fido/enclave/verify/endorsement.cc b/device/fido/enclave/verify/endorsement.cc
new file mode 100644
index 0000000..8c2ac3d
--- /dev/null
+++ b/device/fido/enclave/verify/endorsement.cc
@@ -0,0 +1,7 @@
+// Copyright 2024 The Chromium Authors
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "device/fido/enclave/verify/endorsement.h"
+
+namespace device::enclave {}  // namespace device::enclave

device/fido/enclave/verify/endorsement.h

diff --git a/device/fido/enclave/verify/endorsement.h b/device/fido/enclave/verify/endorsement.h
new file mode 100644
index 0000000..e1c5988
--- /dev/null
+++ b/device/fido/enclave/verify/endorsement.h
@@ -0,0 +1,35 @@
+// Copyright 2024 The Chromium Authors
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef DEVICE_FIDO_ENCLAVE_VERIFY_ENDORSEMENT_H_
+#define DEVICE_FIDO_ENCLAVE_VERIFY_ENDORSEMENT_H_
+
+#include <cstdint>
+#include <vector>
+
+#include "base/containers/span.h"
+#include "base/time/time.h"
+#include "device/fido/enclave/verify/claim.h"
+
+namespace device::enclave {
+
+bool VerifyBinaryDigest(base::span<const uint8_t> endorsement,
+                        base::span<const uint8_t> expected);
+
+bool VerifyBinaryEndorsement(base::Time now,
+                             base::span<const uint8_t> endorsement,
+                             base::span<const uint8_t> signature,
+                             base::span<const uint8_t> log_entry,
+                             base::span<const uint8_t> endorser_public_key,
+                             base::span<const uint8_t> rekor_public_key);
+
+bool VerifyEndorsementStatement(base::Time now,
+                                const EndorsementStatement& statement);
+
+bool VerifyEndorserPublicKey(base::span<const uint8_t> log_entry,
+                             base::span<const uint8_t> endorser_public_key);
+
+}  // namespace device::enclave
+
+#endif  // DEVICE_FIDO_ENCLAVE_VERIFY_ENDORSEMENT_H_