Documentation
¶
Index ¶
- Constants
- func CreateCsr(priv crypto.PrivateKey, params CsrParams) (*x509.CertificateRequest, error)
- func EmptyEventdata(evData *EventData) bool
- func ExtKeyUsageToString(usage []x509.ExtKeyUsage) []string
- func GetMediaType(s Serializer) message.MediaType
- func GetVersion() string
- func KeyUsageToString(usage x509.KeyUsage) []string
- type Artifact
- type AttestationReport
- type AttributesCheck
- type BooleanMatch
- type CborSerializer
- func (s CborSerializer) GetPayload(raw []byte) ([]byte, error)
- func (s CborSerializer) Marshal(v any) ([]byte, error)
- func (s CborSerializer) Sign(data []byte, signer Driver, sel KeySelection) ([]byte, error)
- func (s CborSerializer) String() string
- func (s CborSerializer) Unmarshal(data []byte, v any) error
- func (s CborSerializer) Verify(data []byte, roots []*x509.Certificate) (MetadataResult, []byte, bool)
- type CertConfig
- type CompatibilityResult
- type CsrParams
- type CtrData
- type DeviceConfig
- type DeviceDescription
- type DigestResult
- type Driver
- type DriverConfig
- type EFILoadOption
- type Environment
- type ErrorCode
- type EventData
- type ExternalInterface
- type FilePathList
- type GPTHeader
- type GPTPartitionEntry
- type Hash
- type HexByte
- type ImageLoadEvent
- type IntelCollateral
- type JsonSerializer
- func (s JsonSerializer) GetPayload(raw []byte) ([]byte, error)
- func (s JsonSerializer) Marshal(v any) ([]byte, error)
- func (s JsonSerializer) Sign(data []byte, driver Driver, sel KeySelection) ([]byte, error)
- func (s JsonSerializer) String() string
- func (s JsonSerializer) Unmarshal(data []byte, v any) error
- func (s JsonSerializer) Verify(data []byte, roots []*x509.Certificate) (MetadataResult, []byte, bool)
- type KeySelection
- type Manifest
- type ManifestDescription
- type MeasureEvent
- type Measurement
- type MeasurementResult
- type MetaInfo
- type Metadata
- type MetadataDigest
- type MetadataResult
- type MetadataSummary
- type Name
- type PCClientTaggedEvent
- type PcrResult
- type PkixExtension
- type PolicyCheck
- type ReferenceValue
- type Result
- type RtMrHashChainElem
- type SGXAttributes
- type SGXDetails
- type Serializer
- type SgxAttributesCheck
- type SgxResult
- type SignConfig
- type SignatureDatabase
- type SignatureResult
- type SnpDetails
- type SnpFw
- type SnpPolicy
- type SnpResult
- type SnpTcb
- type SwEvidence
- type TDAttributes
- type TDId
- type TDMeasurements
- type TDXDetails
- type TcbCheck
- type TcbLevelResult
- type TdAttributesCheck
- type TdxResult
- type TpmResult
- type UEFICertificate
- type UefiConfigurationTable
- type UefiHandoffTablePointer
- type UefiPlatformFirmwareBlob
- type UefiVariableData
- type Validity
- type VerificationResult
- type VersionCheck
- type X509CertExtracted
- type X509Name
Constants ¶
View Source
const ( UNKNOWN = iota AK IK )
View Source
const ( SHA1_DIGEST_LEN = 20 SHA256_DIGEST_LEN = 32 SHA384_DIGEST_LEN = 48 )
Variables ¶
This section is empty.
Functions ¶
func CreateCsr ¶ added in v0.6.0
func CreateCsr(priv crypto.PrivateKey, params CsrParams, ) (*x509.CertificateRequest, error)
func EmptyEventdata ¶ added in v0.6.0
func ExtKeyUsageToString ¶ added in v0.6.0
func ExtKeyUsageToString(usage []x509.ExtKeyUsage) []string
ExtKeyUsageToString translates the internal representation of allowed extended key usage in an x509 certificate to a string array.
func GetMediaType ¶ added in v0.8.0
func GetMediaType(s Serializer) message.MediaType
GetMediaType returns the media type that corresponds to the serializer
func GetVersion ¶ added in v0.8.0
func GetVersion() string
func KeyUsageToString ¶ added in v0.6.0
KeyUsageToString translates the internal representation of allowed key usage in an x509 certificate to a string array.
Types ¶
type Artifact ¶ added in v0.7.2
type Artifact struct {
Type string `json:"type" cbor:"0,keyasint"` // PCR Summary, PCR Eventlog, SW Eventlog
Pcr *int `json:"pcr,omitempty" cbor:"1,keyasint"`
Summary HexByte `json:"summary,omitempty" cbor:"2,keyasint,omitempty"` // Either summary
Events []MeasureEvent `json:"events,omitempty" cbor:"3,keyasint,omitempty"` // Or Events
}
Artifact represents the digests of a measurement, e.g., of a single PCR. If the type is 'PCR Summary', Summary is the final PCR value. If the type is 'PCR Eventlog', Events contains a list of the extends that lead to the final PCR value. The list is retrieved by the prover, e.g., from the TPM binary bios measurements list or the IMA runtime measurements list. If the type is 'SW Eventlog', Events contains a list of digests that have been recorded as SW measurements
type AttestationReport ¶ added in v0.6.0
type AttestationReport struct {
Version string `json:"version" cbor:"0,keyasint"`
Type string `json:"type" cbor:"1,keyasint"`
Measurements []Measurement `json:"measurements,omitempty" cbor:"2,keyasint,omitempty"`
Metadata []MetadataDigest `json:"metadata,omitempty" cbor:"3,keyasint,omitempty"`
}
AttestationReport represents the attestation report in JWS/COSE format with its contents already in signed JWS/COSE format
func (*AttestationReport) CheckVersion ¶ added in v0.8.0
func (report *AttestationReport) CheckVersion() error
type AttributesCheck ¶ added in v0.6.0
type BooleanMatch ¶ added in v0.4.0
type CborSerializer ¶ added in v0.5.0
type CborSerializer struct{}
func (CborSerializer) GetPayload ¶ added in v0.5.0
func (s CborSerializer) GetPayload(raw []byte) ([]byte, error)
func (CborSerializer) Marshal ¶ added in v0.5.0
func (s CborSerializer) Marshal(v any) ([]byte, error)
func (CborSerializer) Sign ¶ added in v0.5.0
func (s CborSerializer) Sign(data []byte, signer Driver, sel KeySelection) ([]byte, error)
func (CborSerializer) String ¶ added in v0.8.0
func (s CborSerializer) String() string
func (CborSerializer) Unmarshal ¶ added in v0.5.0
func (s CborSerializer) Unmarshal(data []byte, v any) error
func (CborSerializer) Verify ¶ added in v0.8.0
func (s CborSerializer) Verify(data []byte, roots []*x509.Certificate) (MetadataResult, []byte, bool)
type CertConfig ¶ added in v0.8.0
type CertConfig struct {
AkCsr CsrParams `json:"akCsr,omitempty" cbor:"3,keyasint,omitempty"`
IkCsr CsrParams `json:"ikCsr,omitempty" cbor:"4,keyasint,omitempty"`
}
CertConfig contains the subject parameters for CSRs/Certs
type CompatibilityResult ¶ added in v0.8.0
type CompatibilityResult struct {
Summary Result `json:"result" cbor:"0,keyasint"`
DescriptionMatch []Result `json:"descriptionMatch,omitempty" cbor:"1,keyasint,omitempty"`
ManifestMatch []Result `json:"manifestMatch,omitempty" cbor:"2,keyasint,omitempty"`
ManifestCompatibility []Result `json:"manifestCompatibility,omitempty" cbor:"3,keyasint,omitempty"`
}
type CsrParams ¶ added in v0.6.0
type CsrParams struct {
Subject Name `json:"subject,omitempty" cbor:"0,keyasint,omitempty"`
SANs []string `json:"sans,omitempty" cbor:"1,keyasint,omitempty"`
}
CsrParams contains certificate signing request parameters
type CtrData ¶ added in v0.7.0
type CtrData struct {
ConfigSha256 HexByte `json:"configSha256" cbor:"0,keyasint"`
RootfsSha256 HexByte `json:"rootfsSha256" cbor:"1,keyasint"`
OciSpec *oci.Spec `json:"ociSpec,omitempty" cbor:"ociSpec,omitempty"`
}
func GetCtrDetailsFromRefVal ¶ added in v0.8.0
func GetCtrDetailsFromRefVal(r *ReferenceValue, s Serializer) *CtrData
type DeviceConfig ¶ added in v0.6.0
type DeviceConfig struct {
Tpm CertConfig `json:"tpm,omitempty" cbor:"30,keyasint,omitempty"`
Snp CertConfig `json:"snp,omitempty" cbor:"31,keyasint,omitempty"`
Sgx CertConfig `json:"sgx,omitempty" cbor:"32,keyasint,omitempty"`
Sw CertConfig `json:"sw,omitempty" cbor:"33,keyasint,omitempty"`
SgxValues struct {
EncryptedPPID HexByte `json:"encryptedPPID,omitempty" cbor:"34,keyasint,omitempty"`
Pceid HexByte `json:"pceid,omitempty" cbor:"35,keyasint,omitempty"`
Cpusvn HexByte `json:"cpusvn,omitempty" cbor:"36,keyasint,omitempty"`
Pcesvn HexByte `json:"pcesvn,omitempty" cbor:"37,keyasint,omitempty"`
}
}
DeviceConfig contains the local device configuration parameters
func GetDeviceConfig ¶ added in v0.8.0
func GetDeviceConfig(s Serializer, metadata map[string][]byte) (*DeviceConfig, error)
type DeviceDescription ¶ added in v0.2.0
type DeviceDescription struct {
Location string `json:"location,omitempty" cbor:"20,keyasint,omitempty"`
Descriptions []ManifestDescription `json:"descriptions,omitempty" cbor:"21,keyasint,omitempty"`
}
type DigestResult ¶ added in v0.6.0
type DigestResult struct {
Success bool `json:"success" cbor:"0,keyasint"`
Launched bool `json:"launched" cbor:"1,keyasint"`
Pcr *int `json:"pcr,omitempty" cbor:"2,keyasint,omitempty"`
Name string `json:"name,omitempty" cbor:"3,keyasint,omitempty"`
Digest string `json:"digest,omitempty" cbor:"4,keyasint,omitempty"`
Description string `json:"description,omitempty" cbor:"5,keyasint,omitempty"`
Type string `json:"type,omitempty" cbor:"6,keyasint,omitempty"`
EventData *EventData `json:"eventData,omitempty" cbor:"7,keyasint,omitempty"`
CtrDetails *CtrData `json:"ctrDetails,omitempty" cbor:"8,keyasint,omitempty"`
}
DigestResult represents a generic result for a digest that was processed during attestation
type Driver ¶ added in v0.6.0
type Driver interface {
Init(c *DriverConfig) error
Measure(nonce []byte) (Measurement, error)
Lock() error
Unlock() error
GetKeyHandles(keyType KeySelection) (crypto.PrivateKey, crypto.PublicKey, error)
GetCertChain(keyType KeySelection) ([]*x509.Certificate, error)
Name() string
}
Driver is an interface representing a driver for a hardware trust anchor, capable of providing attestation evidence and signing data. This can be e.g. a Trusted Platform Module (TPM), AMD SEV-SNP, or the ARM PSA Initial Attestation Service (IAS). The driver must be capable of performing measurements, i.e. retrieving attestation evidence, such as a TPM Quote or an SNP attestation report, as well as signing data. For measurements, the driver must provide handles for attestation keys. For signing, the driver provides handles for identity keys.
type DriverConfig ¶ added in v0.6.0
type DriverConfig struct {
StoragePath string
ServerAddr string
KeyConfig string
Ima bool
ImaPcr int
Serializer Serializer
MeasurementLog bool
Ctr bool
CtrPcr int
CtrLog string
ExtCtrLog bool
CtrDriver string
DeviceConfig DeviceConfig
}
DriverConfig contains all configuration values required for the different drivers
type EFILoadOption ¶ added in v0.6.0
type EFILoadOption struct {
Attributes uint32 `json:"attributes" cbor:"0,keyasint"`
// - could also get resolved to the different options UEFISpec:73
//-ex filePathListLength uint16
Description string `json:"description" cbor:"1,keyasint"`
FilepathList []FilePathList `json:"filepathlist" cbor:"2,keyasint"`
// optional Data
OptionalData HexByte `json:"optionaldata,omitempty" cbor:"3,keyasint,omitempty"`
}
type Environment ¶ added in v0.7.0
type Environment struct {
Key string `json:"key" cbor:"0,keyasint"`
Value string `json:"value" cbor:"1,keyasint"`
}
Environment represents environment variables for apps
type ErrorCode ¶ added in v0.6.0
type ErrorCode int
const ( NotSet ErrorCode = iota CaFingerprint CRLCheckRoot CRLCheckPCK CRLCheckSigningCert DecodeCertChain UnknownSerialization DownloadRootCRL DownloadPCKCRL EvidenceLength EvidenceType Expired ExtractPubKey Internal InvalidCertLevel JWSNoSignatures JWSSignatureOrder JWSPayload COSENoSignatures MeasurementNoMatch MeasurementTypeNotSupported NotPresent NotYetValid OidLength OidNotPresent OidTag Parse ParseAR ParseX5C ParseCA ParseCAFingerprint ParseCert ParseTcbInfo ParseJSON ParseCBOR ParseManifest ParseEvidence ParseExtensions ParseQEIdentity ParseTime PolicyEngineNotImplemented RefValTypeNotSupported SetupSystemCA SgxFmpcMismatch SgxPceidMismatch SignatureLength DetailsNotPresent RefValMultiple RefValNotPresent RefValType RefValNoMatch TcbInfoExpired TcbLevelUnsupported TcbLevelRevoked UnsupportedAlgorithm VerifyAR VerifyCertChain VerifyPCKChain VerifyManifest VerifyPolicies VerifyQEIdentityErr VerifySignature VerifyTCBChain VerifyTcbInfo ExtensionsCheck PcrNotSpecified DeviceDescriptionNotPresent UnknownMetadata InvalidVersion NoRootManifest MultipleRootManifests VerifyEvidence VerifyAggregatedSwHash )
type EventData ¶ added in v0.6.0
type EventData struct {
//for certain Uefi variable information events
Uefivariabledata *UefiVariableData `json:"uefivariabledata,omitempty" cbor:"0,keyasint,omitempty"`
//for the GPT_Event
GPTHeader *GPTHeader `json:"gptheader,omitempty" cbor:"1,keyasint,omitempty"`
//for PCClientTaggedEvent
PCClientTaggedEvent *PCClientTaggedEvent `json:"pcclienttaggedevent,omitempty" cbor:"2,keyasint,omitempty"`
ImageLoadEvent *ImageLoadEvent `json:"imageloadevent,omitempty" cbor:"3,keyasint,omitempty"`
UefiHandoffTablePointer *UefiHandoffTablePointer `json:"uefihandofftablepointer,omitempty" cbor:"4,keyasint,omitempty"`
UefiPlatformFirmwareBlob *UefiPlatformFirmwareBlob `json:"uefiplatformfirmwareblob,omitempty" cbor:"5,keyasint,omitempty"`
//used e.g. for EFI_IPL event
StringContent string `json:"stringcontent,omitempty" cbor:"6,keyasint,omitempty"`
//generic data (when no further differentiation is implemented)
GenericData HexByte `json:"genericdata,omitempty" cbor:"7,keyasint,omitempty"`
}
func ParseEventData ¶ added in v0.6.0
type ExternalInterface ¶
type ExternalInterface struct {
Type string `json:"type" cbor:"0,keyasint"`
AppEndpoint string `json:"appEndpoint" cbor:"1,keyasint"`
Interface string `json:"interface" cbor:"2,keyasint"`
Port int `json:"port" cbor:"3,keyasint"`
}
ExternalInterface represents the attestation report element of type 'External Interface'
type FilePathList ¶ added in v0.6.0
type FilePathList struct {
Type string `json:"type" cbor:"0,keyasint"`
Subtype string `json:"subtype" cbor:"1,keyasint"`
//optional stuff
// - 2.1 (ACPI Device Path)
HID HexByte `json:"hid,omitempty" cbor:"2,keyasint,omitempty"`
UID HexByte `json:"uid,omitempty" cbor:"3,keyasint,omitempty"`
// - 3.a (messaging device path: vendor-defined messaging device path)
VendorGUID string `json:"vendorguid,omitempty" cbor:"4,keyasint,omitempty"`
VendorDefinedData HexByte `json:"vendordefineddata,omitempty" cbor:"4,keyasint,omitempty"`
// - 4.1 (media device path: hard drive)
PartitionNumber uint32 `json:"partitionnumber,omitempty" cbor:"5,keyasint,omitempty"`
PartitionStart uint64 `json:"partitionstart,omitempty" cbor:"6,keyasint,omitempty"`
PartitionSize uint64 `json:"partitionsize,omitempty" cbor:"7,keyasint,omitempty"`
PartitionSignature HexByte `json:"partitionsignature,omitempty" cbor:"8,keyasint,omitempty"` //[16]byte
PartitionFormat byte `json:"partitionformat,omitempty" cbor:"9,keyasint,omitempty"`
SignaturType byte `json:"signaturetype,omitempty" cbor:"10,keyasint,omitempty"`
// - 4.2 (media device path: CD-ROM Media Device Path)
BootEntry uint32 `json:"bootentry,omitempty" cbor:"11,keyasint,omitempty"`
// - 4.4 (media device path: file path media device path)
PathName string `json:"pathname,omitempty" cbor:"12,keyasint,omitempty"`
// - 4.5 (media device path: Media Protocol Device Path)
ProtocolGUID string `json:"protocolguid,omitempty" cbor:"13,keyasint,omitempty"`
// - 4.9 (media device path: RAM Disk)
StartingAddress uint64 `json:"startingaddress,omitempty" cbor:"14,keyasint,omitempty"`
EndingAddress uint64 `json:"endingaddress,omitempty" cbor:"15,keyasint,omitempty"`
DiskTypeGUID string `json:"disktypeguid,omitempty" cbor:"16,keyasint,omitempty"`
DiskInstance uint16 `json:"diskinstance,omitempty" cbor:"17,keyasint,omitempty"`
// - 5.1 (BIOS Boot Specification Device Path)
DeviceType uint16 `json:"devicetype,omitempty" cbor:"18,keyasint,omitempty"`
StatusFlag uint16 `json:"statusflag,omitempty" cbor:"19,keyasint,omitempty"`
DescriptionString string `json:"descriptionstring,omitempty" cbor:"20,keyasint,omitempty"`
}
type GPTHeader ¶ added in v0.6.0
type GPTHeader struct {
Signature uint64 `json:"signature,omitempty" cbor:"0,keyasint,omitempty"`
Revision uint32 `json:"revision,omitempty" cbor:"1,keyasint,omitempty"`
HeaderSize uint32 `json:"headersize,omitempty" cbor:"2,keyasint,omitempty"`
HeaderCRC32 uint32 `json:"headercrc32,omitempty" cbor:"3,keyasint,omitempty"`
Reserved uint32 `json:"reserved,omitempty" cbor:"4,keyasint,omitempty"`
MyLBA uint64 `json:"mylba,omitempty" cbor:"5,keyasint,omitempty"`
AlternativeLBA uint64 `json:"alternativelba,omitempty" cbor:"6,keyasint,omitempty"`
FirstUsableLBA uint64 `json:"firstusablelba,omitempty" cbor:"7,keyasint,omitempty"`
LastUsableLBA uint64 `json:"lastusablelba,omitempty" cbor:"8,keyasint,omitempty"`
DiskGUID string `json:"diskguid,omitempty" cbor:"9,keyasint,omitempty"`
PartitionEntryLBA uint64 `json:"partitionentrylba,omitempty" cbor:"10,keyasint,omitempty"`
NumberOfPartitionEntries uint32 `json:"numberofpartitionentries,omitempty" cbor:"11,keyasint,omitempty"`
SizeOfPartitionEntry uint32 `json:"sizeofpartitionentry,omitempty" cbor:"12,keyasint,omitempty"`
PartitionEntryArrayCRC32 uint32 `json:"partitionentryarraycrc32,omitempty" cbor:"13,keyasint,omitempty"`
Partitions []GPTPartitionEntry `json:"partitions,omitempty" cbor:"13,keyasint,omitempty"`
}
type GPTPartitionEntry ¶ added in v0.6.0
type GPTPartitionEntry struct {
PartitionTypeGUID string `json:"paritiontypeguid,omitempty" cbor:"0,keyasint,omitempty"`
UniquePartitionGUID string `json:"uniquepartitionguid,omitempty" cbor:"0,keyasint,omitempty"`
StartingLBA uint64 `json:"startinglba,omitempty" cbor:"0,keyasint,omitempty"`
EndingLBA uint64 `json:"endinglba,omitempty" cbor:"0,keyasint,omitempty"`
Attributes uint64 `json:"attributes,omitempty" cbor:"0,keyasint,omitempty"`
ParitionName string `json:"partitionname,omitempty" cbor:"0,keyasint,omitempty"` //ParitionName parsed in [36] UTF16
}
type HexByte ¶ added in v0.5.0
type HexByte []byte
Custom type for JSON unmarshaller as byte arrays are encoded as hex strings in JSON but used as byte arrays internally and by CBOR encoding
func (*HexByte) MarshalJSON ¶ added in v0.5.0
MarshalJSON marshalls a byte array into a hex string
func (*HexByte) UnmarshalJSON ¶ added in v0.5.0
UnmarshalJSON unmarshalls JSON hex strings into byte arrays
type ImageLoadEvent ¶ added in v0.6.0
type ImageLoadEvent struct {
ImageLocationInMemory address `json:"imagelocationinmemory" cbor:"0,keyasint"` //(assume 64 bit architecture)
ImageLengthInMemory uint64 `json:"imagelengthinmemory" cbor:"1,keyasint"`
ImageLinkTimeAddress uint64 `json:"imagelinktimeaddress" cbor:"2,keyasint"`
// LengthOfDevicePath uint64
//device path
UefiDevicePath *FilePathList `json:"uefidevicepath" cbor:"3,keyasint"`
}
type IntelCollateral ¶ added in v0.6.0
type IntelCollateral struct {
TeeType uint32 `json:"teeType" cbor:"0,keyasint"`
TcbInfo json.RawMessage `json:"tcbInfo" cbor:"1,keyasint"`
TcbInfoSize uint32 `json:"tcbInfoSize" cbor:"2,keyasint"`
QeIdentity json.RawMessage `json:"qeIdentity" cbor:"3,keyasint"`
QeIdentitySize uint32 `json:"qeIdentitySize" cbor:"4,keyasint"`
}
type JsonSerializer ¶ added in v0.5.0
type JsonSerializer struct{}
func (JsonSerializer) GetPayload ¶ added in v0.5.0
func (s JsonSerializer) GetPayload(raw []byte) ([]byte, error)
func (JsonSerializer) Marshal ¶ added in v0.5.0
func (s JsonSerializer) Marshal(v any) ([]byte, error)
func (JsonSerializer) Sign ¶ added in v0.5.0
func (s JsonSerializer) Sign(data []byte, driver Driver, sel KeySelection) ([]byte, error)
Sign signs data with the specified driver (to enable hardware-based signatures)
func (JsonSerializer) String ¶ added in v0.8.0
func (s JsonSerializer) String() string
func (JsonSerializer) Unmarshal ¶ added in v0.5.0
func (s JsonSerializer) Unmarshal(data []byte, v any) error
func (JsonSerializer) Verify ¶ added in v0.8.0
func (s JsonSerializer) Verify(data []byte, roots []*x509.Certificate) (MetadataResult, []byte, bool)
Verify verifies signatures and certificate chains for JWS tokens
type KeySelection ¶ added in v0.8.0
type KeySelection int
type Manifest ¶ added in v0.8.0
type Manifest struct {
ReferenceValues []ReferenceValue `json:"referenceValues,omitempty" cbor:"10,keyasint,omitempty"`
DevCommonName string `json:"developerCommonName,omitempty" cbor:"11,keyasint,omitempty"`
BaseLayers []string `json:"baseLayers,omitempty" cbor:"12,keyasint,omitempty"`
CertLevel int `json:"certLevel,omitempty" cbor:"13,keyasint,omitempty"`
Details map[string]interface{} `json:"details,omitempty" cbor:"14,keyasint,omitempty"`
OciSpec *oci.Spec `json:"ociSpec,omitempty" cbor:"ociSpec,omitempty"` // TODO move to app description
}
type ManifestDescription ¶ added in v0.8.0
type ManifestDescription struct {
Type string `json:"type" cbor:"0,keyasint"`
Name string `json:"name" cbor:"1,keyasint"`
Description string `json:"description,omitempty" cbor:"2,keyasint,omitempty"`
Manifest string `json:"manifest,omitempty" cbor:"3,keyasint,omitempty"`
External []ExternalInterface `json:"externalConnections,omitempty" cbor:"4,keyasint,omitempty"`
Environment []Environment `json:"environment,omitempty" cbor:"5,keyasint,omitempty"`
}
ManifestDescription represents the attestation report element of type 'Manifest Description'
type MeasureEvent ¶ added in v0.7.2
type MeasureEvent struct {
Sha256 HexByte `json:"sha256" cbor:"0,keyasint"`
EventName string `json:"eventname,omitempty" cbor:"1,keyasint,omitempty"`
EventData *EventData `json:"eventdata,omitempty" cbor:"2,keyasint,omitempty"`
CtrData *CtrData `json:"ctrData,omitempty" cbor:"3,keyasint,omitempty"`
}
type Measurement ¶
type Measurement struct {
Type string `json:"type" cbor:"0,keyasint"`
Evidence []byte `json:"evidence,omitempty" cbor:"1,keyasint"`
Certs [][]byte `json:"certs,omitempty" cbor:"3,keyasint"`
Signature []byte `json:"signature,omitempty" cbor:"2,keyasint,omitempty"`
Artifacts []Artifact `json:"artifacts,omitempty" cbor:"4,keyasint,omitempty"`
}
Measurement represents the attestation report elements of type 'TPM Measurement', 'SNP Measurement', 'TDX Measurement', 'SGX Measurement', 'IAS Measurement' or 'SW Measurement'
type MeasurementResult ¶ added in v0.2.0
type MeasurementResult struct {
Type string `json:"type" cbor:"0,keyasint"`
Summary Result `json:"summary" cbor:"1,keyasint"`
Freshness Result `json:"freshness" cbor:"2,keyasint"`
Signature SignatureResult `json:"signature" cbor:"3,keyasint"`
Artifacts []DigestResult `json:"artifacts" cbor:"4,keyasint"`
TpmResult *TpmResult `json:"tpmResult,omitempty" cbor:"5,keyasint,omitempty"`
SnpResult *SnpResult `json:"snpResult,omitempty" cbor:"6,keyasint,omitempty"`
SgxResult *SgxResult `json:"sgxResult,omitempty" cbor:"7,keyasint,omitempty"`
TdxResult *TdxResult `json:"tdxResult,omitempty" cbor:"8,keyasint,omitempty"`
}
type MetaInfo ¶ added in v0.6.0
type MetaInfo struct {
Type string `json:"type" cbor:"0,keyasint"`
Name string `json:"name" cbor:"1,keyasint"`
Version string `json:"version" cbor:"2,keyasint"`
Validity Validity `json:"validity" cbor:"3,keyasint"`
Description string `json:"description,omitempty" cbor:"4,keyasint,omitempty"`
}
MetaInfo is a helper struct for generic info present in every metadata object
type Metadata ¶ added in v0.6.0
type Metadata struct {
MetaInfo
Manifest
DeviceDescription
*DeviceConfig
}
Metadata represents attestation report elements of type 'Manifest' 'Device Description', 'Manifest Description' and 'Company Description'
type MetadataDigest ¶ added in v0.8.0
type MetadataDigest struct {
Type string `json:"type" cbor:"0,keyasint"`
Digest HexByte `json:"digest" cbor:"1,keyasint"`
}
MetadataDigest represents attestation report metadata elements
type MetadataResult ¶ added in v0.6.0
type MetadataResult struct {
Metadata
Summary Result `json:"result" cbor:"40,keyasint"`
ValidityCheck Result `json:"validityCheck,omitempty" cbor:"41,keyasint,omitempty"`
SignatureCheck []SignatureResult `json:"signatureValidation" cbor:"42,keyasint,omitempty"`
}
type MetadataSummary ¶ added in v0.8.0
type MetadataSummary struct {
DevDescResult MetadataResult `json:"deviceDescValidation" cbor:"0,keyasint"`
ManifestResults []MetadataResult `json:"manifestValidation" cbor:"1,keyasint"`
CompDescResult *MetadataResult `json:"companyValidation,omitempty" cbor:"2,keyasint,omitempty"`
CompatibilityResult CompatibilityResult `json:"compatibilityValidation" cbor:"3,keyasint"`
}
type Name ¶
type Name struct {
CommonName string `json:"commonName,omitempty" cbor:"0,keyasint,omitempty"`
Country string `json:"country,omitempty" cbor:"1,keyasint,omitempty"`
Organization string `json:"organization,omitempty" cbor:"2,keyasint,omitempty"`
OrganizationalUnit string `json:"organizationalUnit,omitempty" cbor:"3,keyasint,omitempty"`
Locality string `json:"locality,omitempty" cbor:"4,keyasint,omitempty"`
Province string `json:"province,omitempty" cbor:"5,keyasint,omitempty"`
StreetAddress string `json:"streetAddress,omitempty" cbor:"6,keyasint,omitempty"`
PostalCode string `json:"postalCode,omitempty" cbor:"7,keyasint,omitempty"`
Names []interface{} `json:"names,omitempty" cbor:"8,keyasint,omitempty"`
}
Name is the PKIX Name for CsrParams
type PCClientTaggedEvent ¶ added in v0.6.0
type PkixExtension ¶ added in v0.6.0
type PkixExtension struct {
Id string `json:"id" cbor:"0,keyasint"`
Critical bool `json:"critical" cbor:"1,keyasint"`
Value []byte `json:"value" cbor:"2,keyasint"`
}
PkixExtension represents extensions of a x509 certificate.
type PolicyCheck ¶ added in v0.4.0
type PolicyCheck struct {
Summary Result `json:"result" cbor:"0,keyasint"`
Abi VersionCheck `json:"abi" cbor:"1,keyasint"`
Smt BooleanMatch `json:"smt" cbor:"2,keyasint"`
Migration BooleanMatch `json:"migration" cbor:"3,keyasint"`
Debug BooleanMatch `json:"debug" cbor:"4,keyasint"`
SingleSocket BooleanMatch `json:"singleSocket" cbor:"5,keyasint"`
}
type ReferenceValue ¶ added in v0.5.0
type ReferenceValue struct {
Type string `json:"type" cbor:"0,keyasint"`
Sha256 HexByte `json:"sha256,omitempty" cbor:"1,keyasint,omitempty"`
Sha384 HexByte `json:"sha384,omitempty" cbor:"2,keyasint,omitempty"`
Name string `json:"name,omitempty" cbor:"3,keyasint,omitempty"`
Optional bool `json:"optional,omitempty" cbor:"4,keyasint,omitempty"`
Pcr *int `json:"pcr,omitempty" cbor:"5,keyasint,omitempty"`
Snp *SnpDetails `json:"snp,omitempty" cbor:"6,keyasint,omitempty"`
Tdx *TDXDetails `json:"tdx,omitempty" cbor:"7,keyasint,omitempty"`
Sgx *SGXDetails `json:"sgx,omitempty" cbor:"8,keyasint,omitempty"`
Description string `json:"description,omitempty" cbor:"9,keyasint,omitempty"`
EventData *EventData `json:"eventdata,omitempty" cbor:"10,keyasint,omitempty"`
// contains filtered or unexported fields
}
ReferenceValue represents the attestation report element of types 'SNP Reference Value', 'TPM Reference Value', 'TDX Reference Value', 'SGX Reference Value' and 'SW Reference Value'
func (*ReferenceValue) GetManifest ¶ added in v0.8.0
func (r *ReferenceValue) GetManifest() (*Metadata, error)
func (*ReferenceValue) SetManifest ¶ added in v0.8.0
func (r *ReferenceValue) SetManifest(m *Metadata)
type Result ¶ added in v0.2.0
type Result struct {
Success bool `json:"success"`
Got string `json:"got,omitempty" cbor:"0,keyasint,omitempty"`
Expected string `json:"expected,omitempty" cbor:"1,keyasint,omitempty"`
ExpectedOneOf []string `json:"expectedOneOf,omitempty" cbor:"2,keyasint,omitempty"`
ExpectedBetween []string `json:"expectedBetween,omitempty" cbor:"3,keyasint,omitempty"`
ErrorCode ErrorCode `json:"errorCode,omitempty" cbor:"4,keyasint,omitempty"`
}
type RtMrHashChainElem ¶ added in v0.6.0
type RtMrHashChainElem struct {
Type string `json:"type" cbor:"0,keyasint"`
Name string `json:"name" cbor:"1,keyasint"`
Hashes []HexByte `json:"Hashes" cbor:"2,keyasint"`
Summary bool `json:"summary" cbor:"3,keyasint"` // Indicates if element represents final RMTR value or single artifact
}
RtMrHashChainElem represents the attestation report element of type 'HashChain' embedded in 'TDXDetails'
type SGXAttributes ¶ added in v0.6.0
type SGXAttributes struct {
Initted bool `json:"initted" cbor:"0,keyasint"`
Debug bool `json:"debug" cbor:"1,keyasint"`
Mode64Bit bool `json:"mode64Bit" cbor:"2,keyasint"`
ProvisionKey bool `json:"provisionKey" cbor:"3,keyasint"`
EInitToken bool `json:"eInitToken" cbor:"4,keyasint"`
Kss bool `json:"kss" cbor:"5,keyasint"`
Legacy bool `json:"legacy" cbor:"6,keyasint"`
Avx bool `json:"avx" cbor:"7,keyasint"`
}
SGX attributes according to https://download.01.org/intel-sgx/latest/linux-latest/docs/Intel_SGX_Developer_Reference_Linux_2.22_Open_Source.pdf (page 414)
type SGXDetails ¶ added in v0.6.0
type SGXDetails struct {
Version uint16 `json:"version" cbor:"0,keyasint"`
Collateral IntelCollateral `json:"collateral" cbor:"1,keyasint"`
CaFingerprint string `json:"caFingerprint" cbor:"2,keyasint"` // Intel Root CA Certificate Fingerprint
IsvProdId uint16 `json:"isvProdId" cbor:"3,keyasint"`
MrSigner string `json:"mrSigner" cbor:"4,keyasint"`
IsvSvn uint16 `json:"isvSvn" cbor:"5,keyasint"`
Attributes SGXAttributes `json:"attributes" cbor:"6,keyasint"`
}
type Serializer ¶ added in v0.5.0
type Serializer interface {
GetPayload(raw []byte) ([]byte, error)
Marshal(v any) ([]byte, error)
Unmarshal(data []byte, v any) error
Sign(data []byte, driver Driver, sel KeySelection) ([]byte, error)
Verify(data []byte, roots []*x509.Certificate) (MetadataResult, []byte, bool)
String() string
}
Serializer is a generic interface providing methods for data serialization and de-serialization. This enables to generate and verify attestation reports in different formats, such as JSON/JWS or CBOR/COSE
func DetectSerialization ¶ added in v0.8.0
func DetectSerialization(payload []byte) (Serializer, error)
type SgxAttributesCheck ¶ added in v0.6.0
type SgxAttributesCheck struct {
Initted BooleanMatch `json:"initted" cbor:"0,keyasint"`
Debug BooleanMatch `json:"debug" cbor:"1,keyasint"`
Mode64Bit BooleanMatch `json:"mode64Bit" cbor:"2,keyasint"`
ProvisionKey BooleanMatch `json:"provisionKey" cbor:"3,keyasint"`
EInitToken BooleanMatch `json:"eInitToken" cbor:"4,keyasint"`
Kss BooleanMatch `json:"kss" cbor:"5,keyasint"`
Legacy BooleanMatch `json:"legacy" cbor:"6,keyasint"`
Avx BooleanMatch `json:"avx" cbor:"7,keyasint"`
}
type SgxResult ¶ added in v0.6.0
type SgxResult struct {
VersionMatch Result `json:"reportVersionMatch" cbor:"0,keyasint"`
TcbInfoCheck TcbLevelResult `json:"tcbInfoCheck" cbor:"1,keyasint"`
QeIdentityCheck TcbLevelResult `json:"qeIdentityCheck" cbor:"2,keyasint"`
SgxAttributesCheck SgxAttributesCheck `json:"sgxAttributesCheck" cbor:"3,keyasint"`
}
type SignConfig ¶ added in v0.8.0
type SignConfig struct {
UseAk bool // Use the AK instead of the IK for signing
}
SignConfig allows to specify options for signing with the specified serializer
type SignatureDatabase ¶ added in v0.6.0
type SignatureDatabase struct {
SignatureTypeGUID string `json:"efisignaturelistguid,omitempty" cbor:"0,keyasint,omitempty"`
SignatureHeader HexByte `json:"signatureheader,omitempty" cbor:"1,keyasint,omitempty"`
//only one of the following per SignatureDataBase
Certificates []UEFICertificate `json:"ueficertificates,omitempty" cbor:"2,keyasint,omitempty"`
Sha256Hash []Hash `json:"sha256hashes,omitempty" cbor:"3,keyasint,omitempty"`
}
type SignatureResult ¶ added in v0.2.0
type SignatureResult struct {
SignCheck Result `json:"signatureVerification" cbor:"0,keyasint"`
CertChainCheck Result `json:"certChainValidation" cbor:"1,keyasint"`
Certs [][]X509CertExtracted `json:"certs,omitempty" cbor:"2,keyasint"`
}
SignatureResult shows the result of the signature check, the certificate chain check and includes all certificates present in the metadata item. If the certificate chain check was successful, Certs is always a valid chain. If not, certs contains the collected certificates present in the metadata item
func (*SignatureResult) PrintErr ¶ added in v0.6.0
func (r *SignatureResult) PrintErr(format string, args ...interface{})
type SnpDetails ¶ added in v0.4.0
type SnpPolicy ¶ added in v0.4.0
type SnpPolicy struct {
Type string `json:"type" cbor:"0,keyasint"`
SingleSocket bool `json:"singleSocket" cbor:"1,keyasint"`
Debug bool `json:"debug" cbor:"2,keyasint"`
Migration bool `json:"migration" cbor:"3,keyasint"`
Smt bool `json:"smt" cbor:"4,keyasint"`
AbiMajor uint8 `json:"abiMajor" cbor:"5,keyasint"`
AbiMinor uint8 `json:"abiMinor" cbor:"6,keyasint"`
}
type SnpResult ¶ added in v0.6.0
type SnpResult struct {
VersionMatch Result `json:"reportVersionMatch" cbor:"0,keyasint"`
FwCheck VersionCheck `json:"fwCheck" cbor:"1,keyasint"`
TcbCheck TcbCheck `json:"tcbCheck" cbor:"2,keyasint"`
PolicyCheck PolicyCheck `json:"policyCheck" cbor:"3,keyasint"`
ExtensionsCheck []Result `json:"extensionsCheck" cbor:"4,keyasint"`
}
type SwEvidence ¶ added in v0.8.0
type SwEvidence struct {
Nonce []byte `json:"nonce" cbor:"0,keyasint"`
Sha256 []byte `json:"sha256,omitempty" cbor:"1,keyasint,omitempty"`
}
SwEvidence represents the CMC's own format for software-based container measurement evidences
type TDAttributes ¶ added in v0.6.0
type TDAttributes struct {
Debug bool `json:"debug" cbor:"0,keyasint"`
SeptVEDisable bool `json:"septVEDisable" cbor:"1,keyasint"`
Pks bool `json:"pks" cbor:"2,keyasint"`
Kl bool `json:"kl" cbor:"3,keyasint"`
}
Structure of the security relevant attributes for a TD (Bits 0 - 31 of attributes array in quote) according to https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf (page 40)
type TDMeasurements ¶ added in v0.6.0
type TDMeasurements struct {
RtMr0 RtMrHashChainElem `json:"rtMr0" cbor:"0,keyasint"` // Firmware measurement
RtMr1 RtMrHashChainElem `json:"rtMr1" cbor:"1,keyasint"` // BIOS measurement
RtMr2 RtMrHashChainElem `json:"rtMr2" cbor:"2,keyasint"` // OS measurement
RtMr3 RtMrHashChainElem `json:"rtMr3" cbor:"3,keyasint"` // Runtime measurement
MrSeam HexByte `json:"mrSeam" cbor:"4,keyasint"` // TDX Module measurement
}
type TDXDetails ¶ added in v0.6.0
type TDXDetails struct {
Version uint16 `json:"version" cbor:"0,keyasint"`
Collateral IntelCollateral `json:"collateral" cbor:"1,keyasint"`
CaFingerprint string `json:"caFingerprint" cbor:"2,keyasint"` // Intel Root CA Certificate Fingerprint
TdId TDId `json:"tdId" cbor:"3,keyasint"`
TdMeas TDMeasurements `json:"tdMeasurements" cbor:"4,keyasint"`
Xfam [8]byte `json:"xfam" cbor:"5,keyasint"`
TdAttributes TDAttributes `json:"tdAttributes" cbor:"6,keyasint"`
}
type TcbCheck ¶ added in v0.4.0
type TcbCheck struct {
Summary Result `json:"result" cbor:"0,keyasint"`
Bl VersionCheck `json:"bl" cbor:"1,keyasint"`
Tee VersionCheck `json:"tee" cbor:"2,keyasint"`
Snp VersionCheck `json:"snp" cbor:"3,keyasint"`
Ucode VersionCheck `json:"ucode" cbor:"4,keyasint"`
}
type TcbLevelResult ¶ added in v0.6.0
type TcbLevelResult struct {
Summary Result `json:"success" cbor:"0,keyasint"`
MrSigner Result `json:"mrsigner" cbor:"1,keyasint"`
IsvProdId Result `json:"isvProdId" cbor:"2,keyasint"`
MiscSelect Result `json:"miscSelect" cbor:"3,keyasint"`
Attributes Result `json:"attributes" cbor:"4,keyasint"`
TcbLevelStatus string `json:"status" cbor:"5,keyasint"`
TcbLevelDate time.Time `json:"date" cbor:"6,keyasint"`
}
type TdAttributesCheck ¶ added in v0.6.0
type TdAttributesCheck struct {
Debug BooleanMatch `json:"debug" cbor:"0,keyasint"`
SeptVEDisable BooleanMatch `json:"septVEDisable" cbor:"1,keyasint"`
Pks BooleanMatch `json:"pks" cbor:"2,keyasint"`
Kl BooleanMatch `json:"kl" cbor:"3,keyasint"`
}
type TdxResult ¶ added in v0.6.0
type TdxResult struct {
VersionMatch Result `json:"reportVersionMatch" cbor:"0,keyasint"`
TcbInfoCheck TcbLevelResult `json:"tcbInfoCheck" cbor:"1,keyasint"`
QeIdentityCheck TcbLevelResult `json:"qeIdentityCheck" cbor:"2,keyasint"`
TdAttributesCheck TdAttributesCheck `json:"tdAttributesCheck" cbor:"3,keyasint"`
SeamAttributesCheck AttributesCheck `json:"seamAttributesCheck" cbor:"4,keyasint"`
XfamCheck AttributesCheck `json:"xfamCheck" cbor:"5,keyasint"`
}
type UEFICertificate ¶ added in v0.6.0
type UEFICertificate struct {
SignatureOwnerGUID string `json:"signatureownerguid" cbor:"0,keyasint"`
Certificates X509CertExtracted `json:"certificates" cbor:"1,keyasint"`
}
type UefiConfigurationTable ¶ added in v0.6.0
type UefiConfigurationTable struct {
EFIGuid string `json:"guid" cbor:"0,keyasint"`
VendorTable address `json:"tableaddress" cbor:"1,keyasint"`
}
type UefiHandoffTablePointer ¶ added in v0.6.0
type UefiHandoffTablePointer struct {
// NumberOfTables uint64
TableEntry []UefiConfigurationTable `json:"ueficonfigurationtable" cbor:"0,keyasint"`
}
type UefiPlatformFirmwareBlob ¶ added in v0.6.0
type UefiVariableData ¶ added in v0.6.0
type UefiVariableData struct {
VariableNameGUID string `json:"variablenameguid,omitempty" cbor:"0,keyasint,omitempty"`
UnicodeName string `json:"unicodename,omitempty" cbor:"1,keyasint,omitempty"`
//can be one of the following
Signaturedb []SignatureDatabase `json:"signaturedb,omitempty" cbor:"2,keyasint,omitempty"`
BootOrder []uint16 `json:"bootorder,omitempty" cbor:"3,keyasint,omitempty"`
BootNext uint16 `json:"bootnext,omitempty" cbor:"4,keyasint,omitempty"`
BootCurrent uint16 `json:"bootcurrent,omitempty" cbor:"5,keyasint,omitempty"`
BootOptionSupport uint32 `json:"bootoptionsupport,omitempty" cbor:"6,keyasint,omitempty"`
EFILoadOption *EFILoadOption `json:"efiloadoption,omitempty" cbor:"7,keyasint,omitempty"`
DriverOrder []uint16 `json:"driverorder,omitempty" cbor:"8,keyasint,omitempty"`
//genericData
StringContent string `json:"stringcontent,omitempty" cbor:"9,keyasint,omitempty"`
VariableData HexByte `json:"variabledata,omitempty" cbor:"10,keyasint,omitempty"`
// DevicePath *FilePathList `json:"devicepath,omitempty" cbor:"10,keyasint,omitempty"`
GUIDArray []string `json:"guidarray,omitempty" cbor:"11,keyasint,omitempty"`
}
type Validity ¶
type Validity struct {
NotBefore string `json:"notBefore" cbor:"0,keyasint"`
NotAfter string `json:"notAfter" cbor:"1,keyasint"`
}
Validity is a helper struct for 'Validity'
type VerificationResult ¶
type VerificationResult struct {
Version string `json:"version" cbor:"0,keyasint"`
Type string `json:"type" cbor:"1,keyasint"`
Success bool `json:"success" cbor:"2,keyasint"`
ErrorCodes []ErrorCode `json:"errorCodes,omitempty" cbor:"3,keyasint,omitempty"`
Prover string `json:"prover,omitempty" cbor:"4,keyasint,omitempty"`
Created string `json:"created,omitempty" cbor:"5,keyasint,omitempty"`
CertLevel int `json:"certLevel" cbor:"6,keyasint"`
Measurements []MeasurementResult `json:"measurements" cbor:"7,keyasint"`
Metadata MetadataSummary `json:"metadata" cbor:"8,keyasint"`
PolicySuccess bool `json:"policySuccess,omitempty" cbor:"9,keyasint,omitempty"`
ReportSignature []SignatureResult `json:"reportSignatureCheck" cbor:"10,keyasint"`
}
VerificationResult represents the results of all steps taken during the validation of an attestation report.
func (*VerificationResult) CheckVersion ¶ added in v0.8.0
func (result *VerificationResult) CheckVersion() error
func (*VerificationResult) PrintErr ¶ added in v0.6.0
func (r *VerificationResult) PrintErr()
type VersionCheck ¶ added in v0.4.0
type X509CertExtracted ¶ added in v0.6.0
type X509CertExtracted struct {
Version int `json:"version" cbor:"0,keyasint"`
SerialNumber *big.Int `json:"serialNumber" cbor:"1,keyasint"`
Issuer X509Name `json:"issuer" cbor:"2,keyasint"`
Subject X509Name `json:"subject" cbor:"3,keyasint"`
Validity Validity `json:"validity" cbor:"4,keyasint"`
KeyUsage []string `json:"keyUsage" cbor:"5,keyasint"`
SignatureAlgorithm string `json:"signatureAlgorithm" cbor:"6,keyasint"`
PublicKeyAlgorithm string `json:"publicKeyAlgorithm" cbor:"7,keyasint"`
PublicKey string `json:"publicKey" cbor:"8,keyasint"`
// Extensions contains raw X.509 extensions extracted during parsing.
Extensions []PkixExtension `json:"pkixExtensions" cbor:"9,keyasint"`
ExtKeyUsage []string `json:"extKeyUsage,omitempty" cbor:"10,keyasint,omitempty"`
UnknownExtKeyUsage []string `json:"unknownExtKeyUsage,omitempty" cbor:"11,keyasint,omitempty"`
BasicConstraintsValid bool `json:"basicConstraintsValid" cbor:"12,keyasint"`
IsCA bool `json:"isCA,omitempty" cbor:"13,keyasint"`
// MaxPathLen and MaxPathLenZero indicate the presence and
// value of the BasicConstraints' "pathLenConstraint".
//
// A positive non-zero MaxPathLen means that the field was specified,
// -1 means it was unset, and MaxPathLenZero being true means that the field was
// explicitly set to zero. The case of MaxPathLen==0 with MaxPathLenZero==false
// should be treated equivalent to -1 (unset).
MaxPathLen int `json:"maxPathLen,omitempty" cbor:"14,keyasint,omitempty"`
// MaxPathLenZero indicates that BasicConstraintsValid==true
// and MaxPathLen==0 should be interpreted as an actual
// maximum path length of zero. Otherwise, that combination is
// interpreted as MaxPathLen not being set.
MaxPathLenZero bool `json:"maxPathLenZero,omitempty" cbor:"15,keyasint,omitempty"`
SubjectKeyId HexByte `json:"subjectKeyId"`
AuthorityKeyId HexByte `json:"authorityKeyId,omitempty" cbor:"16,keyasint,omitempty"`
// Subject Alternate Name values.
DNSNames []string `json:"dnsNames,omitempty" cbor:"17,keyasint,omitempty"`
EmailAddresses []string `json:"emailAddresses,omitempty" cbor:"18,keyasint,omitempty"`
IPAddresses []string `json:"ipAddresses,omitempty" cbor:"19,keyasint,omitempty"`
URIs []string `json:"uris,omitempty" cbor:"20,keyasint,omitempty"`
}
X509CertExtracted represents a x509 certificate with attributes in a human-readable way and prepared for (un)marshaling JSON objects. It is based on the type Certificate from the crypto/x509 package.
func ExtractX509Infos ¶ added in v0.6.0
func ExtractX509Infos(cert *x509.Certificate) X509CertExtracted
ExtractX509Infos extracts relevant attributes from cert and transform some attribute into a more human-readable form by translating enums to a string representations.
type X509Name ¶ added in v0.6.0
type X509Name struct {
Country []string `json:"country,omitempty" cbor:"0,keyasint,omitempty"`
Organization []string `json:"organization,omitempty" cbor:"1,keyasint,omitempty"`
OrganizationalUnit []string `json:"organizationalUnit,omitempty" cbor:"2,keyasint,omitempty"`
Locality []string `json:"locality,omitempty" cbor:"3,keyasint,omitempty"`
Province []string `json:"province,omitempty" cbor:"4,keyasint,omitempty"`
StreetAddress []string `json:"streetAddress,omitempty" cbor:"5,keyasint,omitempty"`
PostalCode []string `json:"postalCode,omitempty" cbor:"6,keyasint,omitempty"`
SerialNumber string `json:"serialNumber,omitempty" cbor:"7,keyasint,omitempty"`
CommonName string `json:"commonName,omitempty" cbor:"8,keyasint,omitempty"`
}
X509Name represents an X.509 distinguished name. This only includes the common elements of a DN. Note that the structure is not a complete representation of the X.509 structure.
Source Files
Click to show internal directories.
Click to hide internal directories.