typdefs

package
v0.0.0-...-9b07614 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 7, 2023 License: MulanPSL-2.0 Imports: 16 Imported by: 0

Documentation

Overview

typdefs package defines common const/type/var for both ras and rac. DON'T include other parts in it, just import 3rd part packages.

Index

Constants

View Source 
const (
	CmdSendConfig uint64 = 1 << iota // send new configuration to RAC.
	CmdGetReport                     // get a new trust report from RAC.
	CmdNone       uint64 = 0         // clear all pending commands.
)

Command value is used for nextAction which determined what to do for RAC.

View Source 
const (
	StrPcr          = "pcr"
	StrBios         = "bios"
	StrIma          = "ima"
	StrImaNg        = "ima-ng"
	StrHost         = "host"
	StrContainer    = "container"
	StrDevice       = "device"
	Sha1DigestLen   = 20
	Sha256DigestLen = 32
	SM3DigestLen    = 32
	Sha1AlgStr      = "sha1"
	Sha256AlgStr    = "sha256"
	Sm3AlgStr       = "sm3"
	PcrMaxNum       = 24
	StrTimeFormat   = `2006-01-02 15:04:05.999 -07:00`
	DigestAlgStr    = "digestAlg"
	TaBaseLen       = 64
)

definitions for global use.

View Source 
const (
	ImaLogItemNum     = 5
	BiosLogItemNum    = 6
	SM3BiosLogItemNum = 7
)

definitions for BIOS/IMA log parse used only in this package.

Variables

View Source 
var (
	// NewLine is used to change to a new line
	NewLine = []byte("\n")
	// Space is used to represent a space
	Space = []byte(" ")
	// Colon is used to represent a colon
	Colon = []byte(":")
	// SpaceZero is used to represent
	SpaceZero = " \x00"
	// EmptyBase means a empty Baserow
	EmptyBase = BaseRow{}

	// ErrPcrIndexWrong means pcr index wrong error
	ErrPcrIndexWrong = errors.New("pcr index wrong")
	// ErrImaLogFormatWrong means ima log format wrong error
	ErrImaLogFormatWrong = errors.New("ima log format wrong")
	// ErrBiosLogFormatWrong means bios log format wrong error
	ErrBiosLogFormatWrong = errors.New("bios log format wrong")
	// ErrBiosAggregateFail means bios aggregate not match error
	ErrBiosAggregateFail = errors.New("bios aggregate not match")
	// ErrValidateIMAFail means validate ima log fail
	ErrValidateIMAFail = errors.New("validate ima log fail")

	// client database handle errors
	// ErrParameterWrong means parameter is wrong
	ErrParameterWrong = errors.New("parameter is wrong")
	// ErrAlgorithmWrong means report algorithm is wrong
	ErrAlgorithmWrong = errors.New("report algorithm is wrong")
	// ErrConnectFailed means create connection failed
	ErrConnectFailed = errors.New("create connection failed")
	// ErrDoesnotRegistered means client does not registered
	ErrDoesnotRegistered = errors.New("client does not registered")
	// ErrAlreadyRegistered means client already registered
	ErrAlreadyRegistered = errors.New("client already registered")
	// ErrIKCertNull means client ik cert null
	ErrIKCertNull = errors.New("client ik cert null")
	// ErrNonceNotMatch means report nonce not match
	ErrNonceNotMatch = errors.New("report nonce not match")
	// ErrPCRNotMatch means report pcr not match
	ErrPCRNotMatch = errors.New("report pcr not match")
	// ErrNotSupportAlg means algorithm is not supported
	ErrNotSupportAlg = errors.New("algorithm is not supported")
	// ErrNotMatchAlg means algorithms in ima measurement and ras don't match
	ErrNotMatchAlg = errors.New("algorithms in ima measurement and ras don't match")

	// SupportAlgAndLenMap means the pairing of
	// supported algorithms and algorithm lengths
	SupportAlgAndLenMap = map[string]int{
		Sha1AlgStr:   Sha1DigestLen,
		Sha256AlgStr: Sha256DigestLen,
		Sm3AlgStr:    SM3DigestLen,
	}
)

Functions

func AddPcr8And9FromPcrMap 

func AddPcr8And9FromPcrMap(pcrs *PcrGroups, pcrMap map[int]string, algStr string) error
	AddPcr8And9FromPcrMap is called because of this commit in openEuler 2203 :

	commit 20c59ce010f84300f6c655d32db2610d3433f85c
    ima: extend boot_aggregate with kernel measurements
    Registers 8-9 are used to store measurements of the kernel and its
    command line (e.g., grub2 bootloader with tpm module enabled). IMA
    should include them in the boot aggregate. Registers 8-9 should be
    only included in non-SHA1 digests to avoid ambiguity.

func CompareIMALog 

func CompareIMALog(baseFile string, imaLog string) bool

CompareIMALog compares the base file and IMA log of trust report, return trust or not. Base file has the following format per line:

"sha1 value" + space + "sha256 value" + "/path/to/filename"

IMA log report has the following format per line:

"PCR value" + space + "sha1" + space + "type string" + "sha1/sha256" + "/path/to/filename"

func ExtendPCRWithBIOSTxtLog 

func ExtendPCRWithBIOSTxtLog(pcrs *PcrGroups, biosTxtLog []byte)

ExtendPCRWithBIOSTxtLog extends the bios log into pcrs. it use column nums of one line to get type of bios log.

func ExtendPCRWithIMALog 

func ExtendPCRWithIMALog(pcrs *PcrGroups, imaLog []byte, algStr string) (bool, error)

ExtendPCRWithIMALog first verifies the bios aggregate, then extends ima logs into pcr and verifies them one by one.

func GetHFromAlg 

func GetHFromAlg(algStr string) (hash.Hash, error)

GetHFromAlg returns hash.Hash corresponding to algStr.

func GetHashValue 

func GetHashValue(alg string, evt *BIOSManifestItem) string

GetHashValue determines if alg and BIOSManifestItem's Digest.Item.AlgID are the same, if they are, return corresponding hash value, otherwise return naStr.

func GetIP 

func GetIP() string

GetIP returns the host ipv4 address

func TransformBIOSBinLogToTxt 

func TransformBIOSBinLogToTxt(bin []byte) ([]byte, error)

TransformBIOSBinLogToTxt transforms the bios binary log to text. The text log has the following fields, separated by space:

column 1: index column 2: pcr index column 3: BType column 4: sha1 hash text column 5: sha256 hash text column 6: sm3 hash text column 7: data hex string

Notes: 1) if sha1/sha256/sm3 doesn't exist, use "N/A" string to place. 2) column7 data string is hex string, needs to explain later...

Types

type ArrNodeInfo 

type ArrNodeInfo []NodeInfo

ArrNodeInfo means struct NodeInfo array

func (ArrNodeInfo) Len 

func (ni ArrNodeInfo) Len() int

func (ArrNodeInfo) Less 

func (ni ArrNodeInfo) Less(i, j int) bool

func (ArrNodeInfo) Swap 

func (ni ArrNodeInfo) Swap(i, j int)

type BIOSManifestItem 

type BIOSManifestItem struct {
	// pcr number
	Pcr uint32
	// bios manifest type, as known as name, corresponding name in the ManifestItem
	BType uint32
	// hash digest
	Digest DigestValues
	// data length
	DataLen uint32
	// store data hex value
	DataHex string
}

for generating detail in ManifestItem, defined according to PCG doc

func ReadBIOSEvent2Log 

func ReadBIOSEvent2Log(origin []byte, point *int64, algAndLenMap map[string]int) (*BIOSManifestItem, error)

ReadBIOSEvent2Log gets Pcr, BType and Digest from origin and returns *BIOSManifestItem.

type BaseRow 

type BaseRow struct {
	ID         int64
	ClientID   int64
	BaseType   string
	Uuid       string
	CreateTime time.Time
	Name       string
	Enabled    bool
	Pcr        string
	Bios       string
	Ima        string
	Verified   bool
	Trusted    bool
}

BaseRow stores one record of the base information in database table `base`, which is specified by customer and will be used to verify trust report.

type ClientRow 

type ClientRow struct {
	ID         int64
	RegTime    time.Time
	Registered bool
	Info       string
	IKCert     string
}

ClientRow stores one record of client basic information in database table `client`.

type DigestItem 

type DigestItem struct {
	// algorithm ID. it is also defined in PCG doc
	AlgID string
	// every digest value
	Item string
}

type DigestValues 

type DigestValues struct {
	// digest count
	Count uint32
	// digest item
	Item []DigestItem
}

type ExtractRules 

type ExtractRules struct {
	// pcr extract rule
	PcrRule PcrRule `mapstructure:"pcrinfo"`
	// manifest extract rule
	ManifestRules []ManifestRule `mapstructure:"manifest"`
}

ExtractRules corresponds to basevalue-extract-rules in config

type GetHandler 

type GetHandler struct {
	Get func(ctx context.Context, payload *GetRequestPayload) (*GetResponsePayload, error)
}

GetHandler contains get function which gets request and returns response.

func (*GetHandler) HandleItem 

func (h *GetHandler) HandleItem(ctx context.Context, req *kmip.Request) (*kmip.ResponseBatchItem, error)

HandleItem handles request payload and returns kmip response batch item.

type GetRequestPayload 

type GetRequestPayload struct {
	TemplateAttribute *kmip.TemplateAttribute
}

GetRequestPayload means kms request information.

type GetResponsePayload 

type GetResponsePayload struct {
	TemplateAttribute *kmip.TemplateAttribute
}

GetResponsePayload means kms response information.

type KeyinfoRow 

type KeyinfoRow struct {
	ID         int64
	TaID       string
	KeyID      string
	Ciphertext string
}

KeyinfoRow stores one record of the key information in database table `keyinfo`.

type Manifest 

type Manifest struct {
	Key   string // pcr/bios/ima
	Value []byte // log file content
}

Manifest stores the pcr/bios/ima log part of trust report.

type ManifestRule 

type ManifestRule struct {
	// manifest type : bios or ima
	MType string `mapstructure:"type"`
	// manifest item name which is expected to be extracted
	Name []string `mapstructure:"name"`
}

ManifestRule means manifest extract rule

type NodeInfo 

type NodeInfo struct {
	ID           int64  `json:"id" form:"id"`
	RegTime      string `json:"regtime" form:"regtime"`
	Registered   bool   `json:"registered" form:"registered"`
	Online       bool   `json:"online" form:"online"`
	Trusted      string `json:"trusted" form:"trusted"`
	IsAutoUpdate bool   `json:"isautoupdate" form:"isautoupdate"`
	IPAddress    string `json:"ipaddress" form:"ipaddress"`
}

node info for rest api query. NodeInfo means one node's information

type PcrGroups 

type PcrGroups struct {
	Sha1Hash   [PcrMaxNum]hash.Hash
	Sha256Hash [PcrMaxNum]hash.Hash
	SM3Hash    [PcrMaxNum]hash.Hash
	Sha1Pcrs   [PcrMaxNum][]byte
	Sha256Pcrs [PcrMaxNum][]byte
	SM3Pcrs    [PcrMaxNum][]byte
}

PCR handle PcrGroups means groups of pcr

func NewPcrGroups 

func NewPcrGroups() *PcrGroups

NewPcrGroups returns one new PcrGroups.

func (*PcrGroups) AggregateSM3 

func (pcrs *PcrGroups) AggregateSM3(from, to int) string

AggregateSM3 returns the specified pcrs.SM3Pcrs string.

func (*PcrGroups) AggregateSha1 

func (pcrs *PcrGroups) AggregateSha1(from, to int) string

AggregateSha1 returns the specified pcrs.Sha1Pcrs string.

func (*PcrGroups) AggregateSha256 

func (pcrs *PcrGroups) AggregateSha256(from, to int) string

AggregateSha256 returns the specified pcrs.Sha256Pcrs string.

func (*PcrGroups) ExtendIMALog 

func (pcrs *PcrGroups) ExtendIMALog(index int, value, name []byte, algStr string)

ExtendIMALog modified PcrGroups with value and name according to algStr.

func (*PcrGroups) ExtendIMANGLog 

func (pcrs *PcrGroups) ExtendIMANGLog(index int, value, name []byte, algStr string)

ima-ng doesn't support sha1 alg

func (*PcrGroups) ExtendSM3 

func (pcrs *PcrGroups) ExtendSM3(index int, value []byte)

ExtendSM3 returns SM3 hash with extending value.

func (*PcrGroups) ExtendSha1 

func (pcrs *PcrGroups) ExtendSha1(index int, value []byte)

ExtendSha1 returns Sha1 hash with extending value.

func (*PcrGroups) ExtendSha256 

func (pcrs *PcrGroups) ExtendSha256(index int, value []byte)

ExtendSha256 returns Sha256 hash with extending value.

type PcrRule 

type PcrRule struct {
	// pcr number slice which is expected to be extracted
	PcrSelection []int `mapstructure:"pcrselection"`
}

PcrRule means pcr extract rule

type PubKeyinfoRow 

type PubKeyinfoRow struct {
	ID         int64
	DeviceID   int64
	PubKeyCert string
}

PubKeyinfoRow stores one record of the public key cert information in database table `pubkeyinfo`.

type ReportRow 

type ReportRow struct {
	ID         int64
	ClientID   int64
	CreateTime time.Time
	Validated  bool
	Trusted    bool
	Quoted     string // hex code of quote
	Signature  string // json string of signature info
	PcrLog     string // text format of pcr log
	BiosLog    string // store the text format of bios log
	ImaLog     string // original text format of ima log
}

ReportRow stores one record of trust report information in database table `report`.

type TaBaseRow 

type TaBaseRow struct {
	ID         int64
	ClientID   int64
	Uuid       string
	CreateTime time.Time
	Name       string
	Valueinfo  []byte
}

TaBaseRow stores one record of the TA base information in database table `tabase`, which is specified by customer and will be used to verify TA trust report.

type TaReportInput 

type TaReportInput struct {
	Uuid     string
	UserData []byte
	WithTcb  bool
}

TaReportInput means ta report information

type TaReportRow 

type TaReportRow struct {
	ID         int64
	ClientID   int64
	CreateTime time.Time
	Validated  bool
	Trusted    bool
	Uuid       string
	Value      []byte
}

TaReportRow stores one record of TA trust report information in database table `tareport`.

type TrustReport 

type TrustReport struct {
	ClientID   int64
	Nonce      uint64
	ClientInfo string
	Quoted     []byte
	Signature  []byte
	Manifests  []Manifest
	TaReports  map[string][]byte // map[uuid]TaReport
}

TrustReport stores the original trust report data sending from raagent to ras.

type TrustReportInput 

type TrustReportInput struct {
	ClientID   int64
	Nonce      uint64
	ClientInfo string
}

TrustReportInput is used to describe the input of trust report

func (*TrustReportInput) Hash 

func (t *TrustReportInput) Hash(algStr string) ([]byte, error)

Get the hash value of TrustReportIn, as user data of Quote Hash returns trustreportinput's hash value.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.