diff --git a/packages/common/README.md b/packages/common/README.md new file mode 100644 index 0000000..c9b27e8 --- /dev/null +++ b/packages/common/README.md @@ -0,0 +1,85 @@ +# @peculiar/attestation-common + +A common module providing tools and interfaces for verifying HSM attestation files from various HSMs, including support for certificate chain validation and attestation data extraction. + +## Installation + +To install the library, use npm: + +```sh +npm install @peculiar/attestation-common +``` + +## Usage + +This example demonstrates how to use the common attestation interfaces and types: + +```typescript +import { X509Certificate, PublicKey } from "@peculiar/x509"; +import { + Attestation, + AttestationVerificationParams, + AttestationVerificationResult, + AttestationProvider, +} from "@peculiar/attestation-common"; + +// Example implementation of an AttestationProvider +class ExampleAttestationProvider implements AttestationProvider { + format = "example"; + + async read(data: BufferSource): Promise { + // Implement the logic to read attestation data + return { + format: this.format, + publicKey: new PublicKey(/* public key data */), + metadata: { + /* metadata */ + }, + }; + } + + async verify( + params: AttestationVerificationParams + ): Promise { + // Implement the logic to verify attestation data + return { + status: true, + chain: params.intermediateCerts, + signer: params.intermediateCerts[0], + }; + } +} + +// Example usage +const provider = new ExampleAttestationProvider(); + +// Example attestation data and certificate chain data +const attestationData = new Uint8Array([ + /* attestation data bytes */ +]); +const certChainPem = `-----BEGIN CERTIFICATE----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7V1... +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7V1... +-----END CERTIFICATE-----`; + +// Read the attestation data +const attestation = await provider.read(attestationData); + +// Decode the certificate chain +const certBlobs = x509.PemConverter.decode(certChainPem); +const certs = certBlobs.map((blob) => new x509.X509Certificate(blob)); + +// Verify the attestation using the provided certificate chain +const result = await provider.verify({ + attestation, + intermediateCerts: certs, +}); + +console.log(result); +``` + +## License + +This project is licensed under the MIT License. diff --git a/packages/common/package.json b/packages/common/package.json index a7e9c4d..45064da 100644 --- a/packages/common/package.json +++ b/packages/common/package.json @@ -1,7 +1,7 @@ { "name": "@peculiar/attestation-common", "version": "1.0.0", - "description": "Common module for attestation packages", + "description": "A common module providing tools and interfaces for verifying HSM attestation files.", "main": "build/cjs/index.js", "module": "build/esm/index.js", "types": "build/types/index.d.ts", diff --git a/packages/common/src/index.ts b/packages/common/src/index.ts index 8e16e78..08b70fa 100644 --- a/packages/common/src/index.ts +++ b/packages/common/src/index.ts @@ -1,4 +1,5 @@ import { X509Certificate, PublicKey } from '@peculiar/x509'; + export interface Attestation { format: string; publicKey: PublicKey;