{"id":29675751,"url":"https://github.com/oxidecomputer/sprockets","last_synced_at":"2025-07-22T23:38:36.722Z","repository":{"id":39582971,"uuid":"478319281","full_name":"oxidecomputer/sprockets","owner":"oxidecomputer","description":"Now's the time on sprockets when we dance","archived":false,"fork":false,"pushed_at":"2025-07-14T16:51:42.000Z","size":324,"stargazers_count":9,"open_issues_count":14,"forks_count":1,"subscribers_count":21,"default_branch":"main","last_synced_at":"2025-07-14T18:39:44.991Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/oxidecomputer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-04-05T22:24:43.000Z","updated_at":"2025-07-14T16:51:46.000Z","dependencies_parsed_at":"2023-12-22T00:53:32.952Z","dependency_job_id":"fe65aac8-e858-4138-ac36-d43d941c46db","html_url":"https://github.com/oxidecomputer/sprockets","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/oxidecomputer/sprockets","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxidecomputer%2Fsprockets","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxidecomputer%2Fsprockets/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxidecomputer%2Fsprockets/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxidecomputer%2Fsprockets/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/oxidecomputer","download_url":"https://codeload.github.com/oxidecomputer/sprockets/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxidecomputer%2Fsprockets/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266591232,"owners_count":23953082,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-22T02:00:09.085Z","response_time":66,"last_error":null,"robots_txt_status":null,"robots_txt_updated_at":null,"robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-07-22T23:38:22.755Z","updated_at":"2025-07-22T23:38:36.714Z","avatar_url":"https://github.com/oxidecomputer.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"## Overview\n\nSprockets provides a secure transport protocol for use in the Oxide bootstrap\nnetwork. It is designed specifically to work with a Root of Trust (RoT) capable\nof providing device identities, signing capabilities, and a mechanism to\nretrieve measurements for remote attestation. The protocol utilizes TLS 1.3\nvia [rustls](https://github.com/rustls/rustls) for secure session establishment\nbetween bootstrap agents with authentication provided by local RoTs. Remote\nattestation is performed over secure TLS 1.3 channels.\n\n### Test Data\n\nTest cases rely on a PKI that we define in `tls/test-keys/config.kdl`. Before\n`cargo test` will execute tests as expected the test PKI must be generated\nusing the `pki-playground` tool. This is automated by `tls/build.rs`.\n\n### Remote Attestation\n\nAfter the TLS handshake is complete, the peers on either end of the connection\nexchange, verify, and appraise attestations generated by their respective RoTs.\nThe protocol used to carry out this process is roughly:\n\n```mermaid\n%% sequence diagram describing the protocol used to exchange attestation\n%% evidence between client \u0026 server\nsequenceDiagram\n    Client-\u003e\u003eClient: Generate Nonce\n    Server-\u003e\u003eServer: Generate Nonce\n    Client-\u003e\u003eServer: Nonce\n    Server-\u003e\u003eClient: Nonce\n    Client-\u003e\u003eClient: Generate attest data\u003cbr/\u003e(Cert Chain, Log, Attestation)\n    Server-\u003e\u003eServer: Generate attest data\u003cbr/\u003e(Cert Chain, Log, Attestation)\n    Client-\u003e\u003eClient: Verify own attestation\n    Server-\u003e\u003eServer: Verify own attestation\n    Client-\u003e\u003eServer: Cert Chain\n    Server-\u003e\u003eServer: Appraise\u003cbr/\u003eCert Chain\n    Server-\u003e\u003eClient: Cert Chain\n    Client-\u003e\u003eClient: Appraise\u003cbr/\u003eCert Chain\n    Client-\u003e\u003eServer: Measurement Log\n    Server-\u003e\u003eClient: Measurement Log\n    Client-\u003e\u003eServer: Attestation\n    Server-\u003e\u003eServer: Verify signature over attestation\u003cbr/\u003e/w Leaf cert from chain\n    Server-\u003e\u003eServer: Appraise measurements\n    Server-\u003e\u003eClient: Attestation\n    Client-\u003e\u003eClient: Verify signature over attestation\u003cbr/\u003e/w Leaf cert from chain\n    Client-\u003e\u003eClient: Appraise measurements\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foxidecomputer%2Fsprockets","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foxidecomputer%2Fsprockets","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foxidecomputer%2Fsprockets/lists"}