This workspace contains tooling for Arm Authenticated Debug an Access Control (ADAC) specification. It provides the core library, command-line utilities, cryptographic provider backends, and tests needed to create, sign, and validate ADAC certificates and attestation tokens.
Arm ADAC specifications (DEN0101) contain full normative definitions of ADAC data structures and processing rules.
adac: Core library with ADAC data structures, certificate parsing, and signing/verification primitives.adac-cli: Command-line utility for creating, inspecting, and verifying ADAC artifacts.adac-crypto-*: Cryptographic provider backends (RustCrypto, AWS-LC, PKCS#11, Cryptoki) that plug into the core library.adac-tests: Integration and conformance harnesses. Seeadac-tests/README.mdfor the full matrix and environment setup.
- Rust stable toolchain (install via
rustup); the workspace tracks the latest stable release, sorustup updatebeforehand is recommended. cargo(bundled with rustup) for building and running binaries.- Optional:
SoftHSM2or another PKCS#11 provider if you plan to exercise the PKCS#11 backends.
# Build the CLI (release builds live in target/release)
cargo build -p adac-cli
# Run the CLI; pass --help to see the available subcommands
cargo run -p adac-cli -- --help
# Install the CLI into ~/.cargo/bin
cargo install --path adac-cliMost CLI subcommands operate on ADAC certificates or tokens. Add the
appropriate flags (for example display, sign, verify) as documented
by the --help output.
# Run the default workspace test suite
cargo test
# Focus on a single crate (example: the CLI)
cargo test -p adac-cliAdvanced and cross-environment validation lives in adac-tests. Refer to
adac-tests/README.md for setup instructions
(SoftHSM2, hardware tokens) and the commands needed to execute the broader
matrix.
| CryptoSystem | Rust Crypto | AWS-LC | PKCS#11 |
|---|---|---|---|
| EcdsaP256Sha256 | ✅ | ✅ | ✅ |
| EcdsaP384Sha384 | ✅ | ✅ | ✅ |
| EcdsaP521Sha512 | 🚧 (1) | ✅ | ✅ |
| Ed25519Sha512 | ✅ | ❌ | 🚧 (2) |
| Ed448Shake256 | ✅ | ❌ | 🚧 (2) |
| MlDsa44Sha256 | ✅ | ✅ | ❌ |
| MlDsa65Sha384 | ✅ | ✅ | ❌ |
| MlDsa87Sha512 | ✅ | ✅ | ❌ |
| Rsa3072Sha256 | ✅ | ✅ | ✅ |
| Rsa4096Sha256 | ✅ | ✅ | ✅ |
| SmSm2Sm3 | ✅ | ❌ | ❌ |
- (1): Only verification works. There is an issue with the p521 crate for signature.
- (2): Implementation untested,
SoftHSM2does not supportphFlag=1option for EdDSA signature or verification.
Legend: ✅ implemented and tested, 🚧 planned or partially implemented, ❌ not currently available.
adac-rs is provided under the terms of the the BSD 3-Clause license. See LICENSE for more information.