CCNP Package¶

ccnp.sdk module¶

This package provides the definitions and helper class for CCNP SDK.

class ccnp.sdk.CcnpSdk(server: str = 'unix:/run/ccnp/uds/ccnp-server.sock')¶

Bases: CCTrustedApi

CCNP SDK class

This class is a client to connect to CCNP Server and do gRPC call getting the server.

_server¶

The gRPC server to connect.

Type:: str

_channel¶

The gRPC channel, thread-safe.

Type:: Channel

_stub¶

The get CCNP stub for gRPC.

Type:: ccnpStub

get_cc_eventlog(start: int = None, count: int = None) → list¶

Get eventlog for given index and count.

TCG log in Eventlog. Verify to spoof events in the TCG log, hence defeating remotely-attested measured-boot. To measure the full CC runtime environment, the eventlog may include addtional OS type and cloud native type event beyond the measured-boot.

Parameters:

start (int) – the first index of event log to fetch
count (int) – the number of event logs to fetch

Returns:

Parsed event logs following TCG Spec.

get_cc_measurement(imr_select: [<class 'int'>, <class 'int'>]) → TcgDigest¶

Get measurement register according to given selected index and algorithms

Each trusted foundation in CC environment provides the multiple measurement registers, the count is update to get_measurement_count(). And for each measurement register, it may provides multiple digest for different algorithms.

Parameters:: imr_select ([int, int]) – The first is index of measurement register, the second is the alrogithms ID
Returns:: The object of TcgIMR

get_cc_report(nonce: bytearray = None, data: bytearray = None, extraArgs=None) → CcReport¶

Get the CcReport (i.e. quote) for given nonce and data.

The CcReport is signing of attestation data (IMR values or hashes of IMR values), made by a trusted foundation (TPM) using a key trusted by the verifier.

Different trusted foundation may use different quote format.

Parameters:

nonce (bytearray) – against replay attacks.
data (bytearray) – user data
extraArgs – for TPM, it will be given list of IMR/PCRs

Returns:

The CcReport object. Return None if it fails.

get_default_algorithms() → TcgAlgorithmRegistry¶

Get the default Digest algorithms supported by trusted foundation.

Different trusted foundation may support different algorithms, for example the Intel TDX use SHA384, TPM uses SHA256.

Beyond the default digest algorithm, some trusted foundation like TPM may support multiple algorithms.

Returns:: The default algorithms.

get_measurement_count() → int¶

Get the count of measurement register.

Different trusted foundation may provide different count of measurement register. For example, Intel TDX TDREPORT provides the 4 measurement register by default. TPM provides 24 measurement (0~16 for SRTM and 17~24 for DRTM).

Beyond the real mesurement register, some SDK may extend virtual measurement reigster for additional trust chain like container, namespace, cluster in cloud native paradiagm.

Returns:: The count of measurement registers

classmethod inst()¶: Singleton instance function.