Documentation
¶
Index ¶
- Constants
- func CrlCheck(crl *x509.RevocationList, cert *x509.Certificate, parentCert *x509.Certificate) (bool, error)
- func DecodeSnpReport(report []byte) (snpreport, error)
- func Verify(arRaw, nonce, casPem []byte, policies []byte, polEng PolicyEngineSelect, ...) ar.VerificationResult
- func VerifyIntelCertChainFull(quoteCerts SgxCertificates, ca string, intelCache string) ([][]*x509.Certificate, ar.ErrorCode)
- func VerifyIntelQuoteSignature(reportRaw []byte, quoteSignature any, quoteSignatureSize uint32, ...) (ar.SignatureResult, bool)
- func VerifyQEIdentity(qeReportBody *EnclaveReportBody, qeIdentity *QEIdentity, ...) (ar.TcbLevelResult, error)
- func VerifySgxQuoteBody(body *EnclaveReportBody, tcbInfo *TcbInfo, sgxExtensions *SGXExtensionsValue, ...) error
- func VerifyTCBSigningCertChain(quoteCerts SgxCertificates, intelCache string) ([][]*x509.Certificate, ar.ErrorCode)
- type Configuration
- type DukTapePolicyEngine
- type ECDSA256QuoteSignatureDataStructure
- type ECDSA256QuoteSignatureDataStructureV4
- type EnclaveID
- type EnclaveReportBody
- type FMSPC
- type Iat
- type JsPolicyEngine
- type PCEID
- type PPID
- type PlatformInstanceId
- type PolicyEngineSelect
- type PolicyValidator
- type QEIdentity
- type QEIdentityBody
- type QEReportCertDataV4
- type QuoteHeader
- type SGXExtensionsValue
- type SGXExtensionsWrapper
- type SGXTYPE
- type SgxCertificates
- type SgxReport
- type SwComponent
- type TCB
- type TCBComp
- type TcbComponent
- type TcbInfo
- type TcbInfoBody
- type TcbLevel
- type TcbLevelEnclaveId
- type TcbStatus
- type TdxModule
- type TdxReportBody
- type TdxReportV4
Constants ¶
View Source
const ( SGX_QUOTE_TYPE uint32 = 0x0 TDX_QUOTE_TYPE uint32 = 0x81 ECDSA_P_256 = 2 SGX_EXTENSION_INDEX = 5 QUOTE_HEADER_SIZE = 48 SGX_QUOTE_BODY_SIZE = 384 SGX_QUOTE_SIGNATURE_OFFSET = 436 SGX_QUOTE_MIN_SIZE = 1020 // value from Intel SGX QVL TDX_QUOTE_BODY_SIZE = 584 TDX_QUOTE_SIGNATURE_OFFSET = 636 // Url params: ca = processor/platform, encoding = pem/der PCS_PCK_CERT_CRL_URI = "https://api.trustedservices.intel.com/sgx/certification/v4/pckcrl?ca=%v&encoding=der" PCS_ROOT_CA_CRL_URI = "https://certificates.trustedservices.intel.com/IntelSGXRootCA.der" CA_PLATFORM = "platform" CA_PROCESSOR = "processor" ROOT_CA_CRL_NAME = "RootCaCRL" PCK_CERT_CRL_NAME = "PCKCertCRL" CACHE_DIR = "cache" // stores the CRLs QE EnclaveID = "QE" QVE EnclaveID = "QVE" TD_QE EnclaveID = "TD_QE" UpToDate TcbStatus = "UpToDate" ConfigurationNeeded TcbStatus = "ConfigurationNeeded" OutOfDate TcbStatus = "OutOfDate" OutOfDateConfigurationNeeded TcbStatus = "OutOfDateConfigurationNeeded" Revoked TcbStatus = "REVOKED" NotSupported TcbStatus = "NotSupported" )
Variables ¶
This section is empty.
Functions ¶
func CrlCheck ¶
func CrlCheck(crl *x509.RevocationList, cert *x509.Certificate, parentCert *x509.Certificate) (bool, error)
Check if CRL parameters are valid and check if the certificate has been revoked
func DecodeSnpReport ¶
func Verify ¶
func Verify(arRaw, nonce, casPem []byte, policies []byte, polEng PolicyEngineSelect, intelCache string) ar.VerificationResult
Verify verifies an attestation report in full serialized JWS format against the supplied nonce and CA certificate. Verifies the certificate chains of all attestation report elements as well as the measurements against the reference values and the compatibility of software artefacts.
func VerifyIntelCertChainFull ¶
func VerifyIntelCertChainFull(quoteCerts SgxCertificates, ca string, intelCache string) ([][]*x509.Certificate, ar.ErrorCode)
Verifies a given SGX certificate chain, fetches CRLs and checks if the certs are outdated
func VerifyIntelQuoteSignature ¶
func VerifyIntelQuoteSignature(reportRaw []byte, quoteSignature any, quoteSignatureSize uint32, quoteSignatureType int, certs SgxCertificates, fingerprint string, intelCache string, quoteType uint32) (ar.SignatureResult, bool)
Verifies the quote signature Params: QuoteType = 0x00 (SGX) or 0x81 (TDX)
func VerifyQEIdentity ¶
func VerifyQEIdentity(qeReportBody *EnclaveReportBody, qeIdentity *QEIdentity, qeIdentityBodyRaw string, tcbKeyCert *x509.Certificate, teeType uint32) (ar.TcbLevelResult, error)
verify QE Identity and compare the values to the QE (SGX/TDX)
func VerifySgxQuoteBody ¶
func VerifySgxQuoteBody(body *EnclaveReportBody, tcbInfo *TcbInfo, sgxExtensions *SGXExtensionsValue, sgxReferenceValue *ar.ReferenceValue, result *ar.MeasurementResult) error
func VerifyTCBSigningCertChain ¶
func VerifyTCBSigningCertChain(quoteCerts SgxCertificates, intelCache string) ([][]*x509.Certificate, ar.ErrorCode)
Verifies the TCB signing cert chain
Types ¶
type Configuration ¶
type Configuration struct {
Id asn1.ObjectIdentifier
Value []struct {
ConfigurationId asn1.ObjectIdentifier
ConfigurationValue bool
}
}
ConfigurationId determines the type of the ConfigurationValue: [0]: dynamicPlatform, [1]: cachedKeys, [2]: sMTenabled
type DukTapePolicyEngine ¶
type DukTapePolicyEngine struct{}
func (DukTapePolicyEngine) Validate ¶
func (p DukTapePolicyEngine) Validate(policies []byte, result ar.VerificationResult) bool
type ECDSA256QuoteSignatureDataStructureV4 ¶
type ECDSA256QuoteSignatureDataStructureV4 struct {
QuoteSignature [64]byte
ECDSAAttestationKey [64]byte
QECertDataType uint16
QECertDataSize uint32
QECertData QEReportCertDataV4 // Version 4
}
Quote Signature for TDX, contains QE Certification Data version 4
type EnclaveReportBody ¶
type EnclaveReportBody struct {
CPUSVN [16]byte
MISCSELECT uint32
Reserved1 [28]byte
Attributes [16]byte
MRENCLAVE [32]byte
Reserved2 [32]byte
MRSIGNER [32]byte
Reserved3 [96]byte
ISVProdID uint16
ISVSVN uint16
Reserved4 [60]byte
ReportData [64]byte
}
384 bytes
type FMSPC ¶
type FMSPC struct {
Id asn1.ObjectIdentifier
Value []byte
}
type Iat ¶
type Iat struct {
ProfileDefinition string `cbor:"-75000,keyasint"`
ClientId int `cbor:"-75001,keyasint"`
LifeCycle uint16 `cbor:"-75002,keyasint"`
ImplementationId [32]byte `cbor:"-75003,keyasint"`
BootSeed [32]byte `cbor:"-75004,keyasint"`
HwVersion string `cbor:"-75005,keyasint"`
SwComponents []SwComponent `cbor:"-75006,keyasint"`
NoSwMeasurements int `cbor:"-75007,keyasint"`
AuthChallenge []byte `cbor:"-75008,keyasint"`
InstanceId [33]byte `cbor:"-75009,keyasint"`
Vsi string `cbor:"-75010,keyasint,omitempty"`
}
type JsPolicyEngine ¶
type JsPolicyEngine struct{}
func (JsPolicyEngine) Validate ¶
func (p JsPolicyEngine) Validate(policies []byte, result ar.VerificationResult) bool
type PCEID ¶
type PCEID struct {
Id asn1.ObjectIdentifier
Value []byte
}
type PPID ¶
type PPID struct {
Id asn1.ObjectIdentifier
Value []byte
}
type PlatformInstanceId ¶
type PlatformInstanceId struct {
Id asn1.ObjectIdentifier
Value []byte
}
type PolicyEngineSelect ¶
type PolicyEngineSelect uint32
const ( PolicyEngineSelect_None PolicyEngineSelect = 0 PolicyEngineSelect_JS PolicyEngineSelect = 1 PolicyEngineSelect_DukTape PolicyEngineSelect = 2 )
type PolicyValidator ¶
type PolicyValidator interface {
Validate(policies []byte, result ar.VerificationResult) bool
}
type QEIdentity ¶
type QEIdentity struct {
EnclaveIdentity QEIdentityBody `json:"enclaveIdentity"`
Signature ar.HexByte `json:"signature"`
}
type QEIdentityBody ¶
type QEIdentityBody struct {
Id EnclaveID `json:"id"`
Version uint32 `json:"version"`
IssueDate time.Time `json:"issueDate"`
NextUpdate time.Time `json:"nextUpdate"`
TcbEvaluationDataNumber uint32 `json:"tcbEvaluationDataNumber"`
Miscselect ar.HexByte `json:"miscselect"`
MiscselectMask ar.HexByte `json:"miscselectMask"`
Attributes ar.HexByte `json:"attributes"`
AttributesMask ar.HexByte `json:"attributesMask"`
Mrsigner ar.HexByte `json:"mrsigner"`
IsvProdId uint32 `json:"isvprodid"`
TcbLevels []TcbLevelEnclaveId `json:"tcbLevels"`
}
type QEReportCertDataV4 ¶
type QEReportCertDataV4 struct {
QEReport EnclaveReportBody
QEReportSignature [64]byte
QEAuthDataSize uint16
QEAuthData []byte
QECertDataType uint16 // Type 5 (PCK Cert Chain)
QECertDataSize uint32
QECertData SgxCertificates
}
This is the datastructure of QECertDataType 6
type QuoteHeader ¶
type QuoteHeader struct {
Version uint16
AttestationKeyType uint16 // 2: ECDSA-256-with-P-256 curve
TeeType uint32
QESVN uint16
PCESVN uint16
QEVendorID [16]byte
UserData [20]byte
}
48 bytes
type SGXExtensionsValue ¶
type SGXExtensionsValue struct {
// required:
Ppid PPID
Tcb TCB
PceId PCEID
Fmspc FMSPC
SgxType SGXTYPE
// optional:
PlatformInstanceId PlatformInstanceId
Configuration Configuration
}
func ParseSGXExtensions ¶
func ParseSGXExtensions(extensions []byte) (SGXExtensionsValue, error)
type SGXExtensionsWrapper ¶
type SGXExtensionsWrapper struct {
Value SGXExtensionsValue
}
------------------------- start SGX Extensions ------------------------- asn1 encoded data structure from pck certificate
type SGXTYPE ¶
type SGXTYPE struct {
Id asn1.ObjectIdentifier
Value asn1.Enumerated
}
type SgxCertificates ¶
type SgxCertificates struct {
RootCACert *x509.Certificate
IntermediateCert *x509.Certificate // Processor or Platform
PCKCert *x509.Certificate
TCBSigningCert *x509.Certificate
}
type SgxReport ¶
type SgxReport struct {
QuoteHeader QuoteHeader
ISVEnclaveReport EnclaveReportBody
QuoteSignatureDataLen uint32
QuoteSignatureData ECDSA256QuoteSignatureDataStructure // variable size
}
Overall structure: table 2 from https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_ECDSA_QuoteLibReference_DCAP_API.pdf Endianess: Little Endian (all Integer fields)
func DecodeSgxReport ¶
Parses the report into the SgxReport structure
type SwComponent ¶
type TCB ¶
type TCB struct {
Id asn1.ObjectIdentifier
Value struct {
Comp_01 TCBComp
Comp_02 TCBComp
Comp_03 TCBComp
Comp_04 TCBComp
Comp_05 TCBComp
Comp_06 TCBComp
Comp_07 TCBComp
Comp_08 TCBComp
Comp_09 TCBComp
Comp_10 TCBComp
Comp_11 TCBComp
Comp_12 TCBComp
Comp_13 TCBComp
Comp_14 TCBComp
Comp_15 TCBComp
Comp_16 TCBComp
PceSvn TCBComp
CpuSvn struct {
Svn asn1.ObjectIdentifier
Value []byte
}
}
}
type TCBComp ¶
type TCBComp struct {
Svn asn1.ObjectIdentifier
Value int
}
type TcbComponent ¶
type TcbInfo ¶
type TcbInfo struct {
TcbInfo TcbInfoBody `json:"tcbInfo"`
Signature ar.HexByte `json:"signature"`
}
type TcbInfoBody ¶
type TcbInfoBody struct {
Id string `json:"id"`
Version uint32 `json:"version"`
IssueDate time.Time `json:"issueDate"`
NextUpdate time.Time `json:"nextUpdate"`
Fmspc ar.HexByte `json:"fmspc"`
PceId ar.HexByte `json:"pceId"`
TcbType uint32 `json:"tcbType"`
TcbEvaluationDataNumber uint32 `json:"tcbEvaluationDataNumber"`
TcbLevels []TcbLevel `json:"tcbLevels"`
TdxModule TdxModule `json:"tdxModule"` // Only required for TDX (SEAM Module)
}
type TcbLevel ¶
type TcbLevel struct {
Tcb struct {
SgxTcbComponents []TcbComponent `json:"sgxTcbComponents"`
TdxTcbComponents []TcbComponent `json:"tdxTcbComponents"`
PceSvn uint32 `json:"pceSvn"`
} `json:"tcb"`
TcbStatus string `json:"tcbStatus"`
TcbDate time.Time `json:"tcbDate"`
AdvisoryIDs []string `json:"advisoryIDs"`
}
type TcbLevelEnclaveId ¶
type TdxReportBody ¶
type TdxReportBody struct {
TeeTcbSvn [16]byte
MrSeam [48]byte
MrSignerSeam [48]byte
SeamAttributes [8]byte
TdAttributes [8]byte
XFAM [8]byte
MrTd [48]byte
MrConfigId [48]byte
MrOwner [48]byte
MrOwnerConfig [48]byte
RtMr0 [48]byte
RtMr1 [48]byte
RtMr2 [48]byte
RtMr3 [48]byte
ReportData [64]byte
}
TDX 1.0: 584 bytes
type TdxReportV4 ¶
type TdxReportV4 struct {
QuoteHeader QuoteHeader
QuoteBody TdxReportBody
QuoteSignatureDataLen uint32
QuoteSignatureData ECDSA256QuoteSignatureDataStructureV4 // variable size
}
TDX Report V4
Source Files
Click to show internal directories.
Click to hide internal directories.