akissuer

package
v0.0.0-...-b6f6796 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 13, 2025 License: MulanPSL-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// ZERO_VALUE means the value of zero.
	ZERO_VALUE = 0
	// UINT32_BYTES_LENGTH means the length of uint32 bytes.
	UINT32_BYTES_LENGTH = 4
	// UINT64_BYTES_LENGTH means the length of uint64 bytes.
	UINT64_BYTES_LENGTH = 8
	// tag type
	// KEY_TAG_TYPE_MOVE_BITS means the bits of key tag type
	KEY_TAG_TYPE_MOVE_BITS = 28
	// RA_INTEGER means ra integer
	RA_INTEGER = (1 << KEY_TAG_TYPE_MOVE_BITS)
	// RA_BYTES means ra bytes
	RA_BYTES = (2 << KEY_TAG_TYPE_MOVE_BITS)
	// RA_TAG_SIGN_TYPE means ra tag sign type
	RA_TAG_SIGN_TYPE = RA_INTEGER
	// RA_TAG_HASH_TYPE means ra tag hash type
	RA_TAG_HASH_TYPE = RA_INTEGER | 1
	// RA_TAG_CURVE_TYPE means ra tag curve type
	RA_TAG_CURVE_TYPE = RA_INTEGER | 2
	// RA_TAG_QTA_IMG_HASH means ra tag qta img hash
	RA_TAG_QTA_IMG_HASH = RA_BYTES
	// RA_TAG_TA_IMG_HASH means ra tag ta img hash
	RA_TAG_TA_IMG_HASH = RA_BYTES | 1
	// RA_TAG_QTA_MEM_HASH means ra tag qta mem hash
	RA_TAG_QTA_MEM_HASH = RA_BYTES | 2
	// RA_TAG_TA_MEM_HASH means ra tag ta mem hash
	RA_TAG_TA_MEM_HASH = RA_BYTES | 3
	// RA_TAG_RESERVED means ra tag reserved
	RA_TAG_RESERVED = RA_BYTES | 4
	// RA_TAG_AK_PUB means ra tag ak pub
	RA_TAG_AK_PUB = RA_BYTES | 5
	// RA_TAG_SIGN_DRK means ra tag sign drk
	RA_TAG_SIGN_DRK = RA_BYTES | 6
	// RA_TAG_SIGN_AK means ra tag sign ak
	RA_TAG_SIGN_AK = RA_BYTES | 7
	// RA_TAG_CERT_DRK means ra tag cert drk
	RA_TAG_CERT_DRK = RA_BYTES | 8
	// RA_TAG_CERT_AK means ra tag cert ak
	RA_TAG_CERT_AK = RA_BYTES | 9
	// RA_ALG_RSA_3072 means the code name of
	// RSA algorithm with thr key length of 3072
	RA_ALG_RSA_3072 = 0x20000
	// RA_ALG_RSA_4096 means the code name of
	// RSA algorithm with thr key length of 4096
	RA_ALG_RSA_4096 = 0x20001 // PSS padding
	// RA_ALG_SHA_256 means the code name of
	// SHA256 algorithm
	RA_ALG_SHA_256 = 0x20002
	// RA_ALG_SHA_384 means the code name of
	// SHA384 algorithm
	RA_ALG_SHA_384 = 0x20003
	// RA_ALG_SHA_512 means the code name of
	// SHA512 algorithm
	RA_ALG_SHA_512 = 0x20004
	// RA_ALG_ECDSA means the code name of
	// ECDSA algorithm
	RA_ALG_ECDSA = 0x20005
	// RA_ALG_ED25519 means the code name of
	// ED25519 algorithm
	RA_ALG_ED25519 = 0x20006
	// RA_ALG_SM2_DSA_SM3 means the code name of
	// DSA SM3 algorithm
	RA_ALG_SM2_DSA_SM3 = 0x20007
	// RA_ALG_SM3 means the code name of
	// SM3 algorithm
	RA_ALG_SM3 = 0x20008
	// RA_ALG_DAA_GRP_FP512BN means the code name of
	// DAA GRP FP512BN algorithm
	RA_ALG_DAA_GRP_FP512BN = 0x20009

	RA_SCENARIO_NO_AS_INT       = 0
	RA_SCENARIO_AS_NO_DAA_INT   = 1
	RA_SCENARIO_AS_WITH_DAA_INT = 2
)
View Source 
const (
	RA_ALG_RSA_4096_STR = "PS256" // TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256, RSA key is 4096bit
	RA_ALG_SHA_256_STR  = "HS256"
	// version type: "TEE.RA.[Major].[Minor]"
	RA_VERSION = "TEE.RA.1.0"
	// app scenario
	RA_SCENARIO_NO_AS       = "sce_no_as"
	RA_SCENARIO_AS_NO_DAA   = "sce_as_no_daa"
	RA_SCENARIO_AS_WITH_DAA = "sce_as_with_daa"
)
View Source 
const (
	// RemoteAttest Handler
	RAProvisionInHandler  = "provisioning-input"
	RAProvisionOutHandler = "provisioning-output"
	RAReportInHandler     = "report-input"
	RAReportOutHandler    = "report-output"
	RASaveAKCertHandler   = "saveakcert-input"
	// daa ENC_ALG_TYPE
	RA_ALG_A256GCMKW    = "A256GCMKW"
	RA_ALG_RSA_OAEP_256 = "RSA-OAEP-256"
)

Variables

This section is empty.

Functions

func GenerateAKCert 

func GenerateAKCert(oldAKCert []byte, scenario int32) ([]byte, error)

GenerateAKCert generates new ak cert from the old ak cert.

func GenerateDAAAKCert 

func GenerateDAAAKCert(oldAKCert []byte) ([]byte, []byte, error)

GenerateDAAAKCert generates ak cert in the scenario of DAA.

func GenerateNoDAAAKCert 

func GenerateNoDAAAKCert(oldAKCert []byte) ([]byte, error)

The input parameter is the AK certificate issued by the target platform device certificate GenerateNoDAAAKCert after receiving the AK certificate, parses and extracts the signed data fields, signature fields, and DRK certificate fields Parse the DRK certificate Use huawei Level-2 certificate to check the DRK certificate. If the DRK certificate passes the check, the DRK certificate is trusted Use the DRK certificate to check the AK certificate. If the AK certificate passes the check, the AK certificate is trusted Re-sign the AK certificate using the AS private key Return the re-signed AK certificate

func GetDataFromAKCertNoDAA 

func GetDataFromAKCertNoDAA(oldAKCert []byte) (drkpub *rsa.PublicKey, drkcert *x509.Certificate, akpub []byte, err error)

GetDataFromAKCertNoDAA gets data from ak cert in the scenario of No DAA.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.