Add an Attester that only uses Event Logs

This Attester will be needed for use-cases, where we use authentication instead of attestation, and there is no DICE or TEE involved. Bug: 397026432 Change-Id: Icad6e489c59a4807d23e94c0a185af0d8e1f2af1
project-oak · Feb 28, 2025 · fccd13d · fccd13d
1 parent e914236
commit fccd13d
Showing 1 changed file with 43 additions and 1 deletion.
diff --git a/oak_attestation/src/lib.rs b/oak_attestation/src/lib.rs
@@ -19,12 +19,54 @@
 extern crate alloc;
 
 pub use dice::LayerData;
-use oak_proto_rust::oak::{attestation::v1::Evidence, RawDigest};
+use oak_attestation_types::attester::Attester;
+use oak_proto_rust::oak::{
+    attestation::v1::{EventLog, Evidence},
+    RawDigest,
+};
 use p256::ecdsa::VerifyingKey;
 use sha2::Digest;
 
 pub mod dice;
 
+/// Attester that can build an Event Log but doesn't use attestation mechanisms
+/// to sign the events. Can be used for tests or for use-cases that don't have
+/// hardware-based attestation.
+#[derive(Default)]
+pub struct EventLogAttester {
+    evidence: Evidence,
+}
+
+impl EventLogAttester {
+    pub fn new() -> Self {
+        Self { evidence: Evidence::default() }
+    }
+}
+
+impl From<Evidence> for EventLogAttester {
+    fn from(evidence: Evidence) -> Self {
+        Self { evidence }
+    }
+}
+
+impl Attester for EventLogAttester {
+    /// Add an `encoded_event` to the [`EventLog`].
+    fn extend(&mut self, encoded_event: &[u8]) -> anyhow::Result<()> {
+        self.evidence
+            .event_log
+            .get_or_insert_with(EventLog::default)
+            .encoded_events
+            .push(encoded_event.to_vec());
+
+        Ok(())
+    }
+
+    /// Get [`Evidence`] with the Event Log built using the `extend` function.
+    fn quote(&self) -> anyhow::Result<Evidence> {
+        Ok(self.evidence.clone())
+    }
+}
+
 /// Deprecated trait that allow for explicitly adding application keys to the
 /// attestation evidence.
 #[deprecated = "Use application keys from the event log."]