Documentation ¶
Index ¶
- func DecodeSnpReport(report []byte) (snpreport, error)
- func Generate(nonce []byte, metadata [][]byte, measurements []Measurement, s Serializer) ([]byte, error)
- func Sign(report []byte, signer Signer, s Serializer) (bool, []byte)
- type AppDescription
- type AppManifest
- type ArPacked
- type ArPlain
- type BooleanMatch
- type CborSerializer
- func (s CborSerializer) GetPayload(raw []byte) ([]byte, error)
- func (s CborSerializer) Marshal(v any) ([]byte, error)
- func (s CborSerializer) Sign(report []byte, signer Signer) (bool, []byte)
- func (s CborSerializer) Unmarshal(data []byte, v any) error
- func (s CborSerializer) VerifyToken(data []byte, roots []*x509.Certificate) (TokenResult, []byte, bool)
- type CertChain
- type CertParams
- type CompDescResult
- type CompanyDescription
- type DevDescResult
- type DeviceDescription
- type ExternalInterface
- type HashChainElem
- type HexByte
- type IasMeasurement
- type IasMeasurementResult
- type Iat
- type InternalConnection
- type JsonSerializer
- func (s JsonSerializer) GetPayload(raw []byte) ([]byte, error)
- func (s JsonSerializer) Marshal(v any) ([]byte, error)
- func (s JsonSerializer) Sign(report []byte, signer Signer) (bool, []byte)
- func (s JsonSerializer) Unmarshal(data []byte, v any) error
- func (s JsonSerializer) VerifyToken(data []byte, roots []*x509.Certificate) (TokenResult, []byte, bool)
- type ManifestResult
- type Measurement
- type MeasurementResult
- type Measurer
- type Name
- type OsManifest
- type PcrResult
- type Policies
- type PolicyCheck
- type PolicyValidator
- type ReferenceValue
- type Result
- type ResultMulti
- type RtmManifest
- type Serializer
- type SignatureResult
- type Signer
- type Signing
- type SnpDetails
- type SnpFw
- type SnpMeasurement
- type SnpMeasurementResult
- type SnpPolicy
- type SnpTcb
- type SwComponent
- type SwMeasurement
- type SwMeasurementResult
- type TcbCheck
- type TokenResult
- type TpmMeasurement
- type TpmMeasurementResult
- type Type
- type Validity
- type VerificationResult
- type VersionCheck
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DecodeSnpReport ¶ added in v0.4.0
func Generate ¶ added in v0.2.0
func Generate(nonce []byte, metadata [][]byte, measurements []Measurement, s Serializer) ([]byte, error)
Generate generates an attestation report with the provided nonce 'nonce' and manifests and descriptions 'metadata'. The manifests and descriptions must be either raw JWS tokens in the JWS JSON full serialization format or CBOR COSE tokens. Takes a list of 'measurements' implementing the attestation report 'Measurer' interface providing a method for collecting the measurements from a hardware or software interface
Types ¶
type AppDescription ¶
type AppDescription struct { Type string `json:"type" cbor:"0,keyasint,omitempty"` Name string `json:"name" cbor:"1,keyasint,omitempty"` AppManifest string `json:"appManifest" cbor:"2,keyasint,omitempty"` // Links to App Manifest.Name External []ExternalInterface `json:"externalConnections" cbor:"3,keyasint"` }
AppDescription represents the attestation report element of type 'App Description'
type AppManifest ¶
type AppManifest struct { Type string `json:"type" cbor:"0,keyasint"` Name string `json:"name" cbor:"1,keyasint"` DevCommonName string `json:"developerCommonName" cbor:"2,keyasint"` Version string `json:"version" cbor:"3,keyasint"` Oss []string `json:"oss" cbor:"4,keyasint"` // Links to OsManifest.Name Description string `json:"description" cbor:"5,keyasint"` CertificationLevel int `json:"certificationLevel" cbor:"6,keyasint"` Validity Validity `json:"validity" cbor:"7,keyasint"` ReferenceValues []ReferenceValue `json:"referenceValues" cbor:"8,keyasint"` }
AppManifest represents the attestation report element of type 'App Manifest'
type ArPacked ¶ added in v0.5.0
type ArPacked struct { Type string `json:"type" cbor:"0,keyasint"` TpmM *TpmMeasurement `json:"tpmMeasurement,omitempty" cbor:"1,keyasint,omitempty"` SnpM *SnpMeasurement `json:"snpMeasurement,omitempty" cbor:"2,keyasint,omitempty"` SWM []SwMeasurement `json:"swMeasurements,omitempty" cbor:"3,keyasint,omitempty"` RtmManifest []byte `json:"rtmManifests" cbor:"4,keyasint"` OsManifest []byte `json:"osManifest" cbor:"5,keyasint"` AppManifests [][]byte `json:"appManifests,omitempty" cbor:"6,keyasint,omitempty"` CompanyDescription []byte `json:"companyDescription,omitempty" cbor:"7,keyasint,omitempty"` DeviceDescription []byte `json:"deviceDescription" cbor:"8,keyasint"` Nonce []byte `json:"nonce" cbor:"9,keyasint"` }
ArPacked represents the attestation report in JWS/COSE format with its contents already in signed JWS/COSE format
type ArPlain ¶
type ArPlain struct { Type string `json:"type" cbor:"0,keyasint"` TpmM *TpmMeasurement `json:"tpmMeasurement,omitempty" cbor:"1,keyasint,omitempty"` SnpM *SnpMeasurement `json:"snpMeasurement,omitempty" cbor:"2,keyasint,omitempty"` IasM *IasMeasurement `cbor:"10,keyasint,omitempty"` SWM []SwMeasurement `json:"swMeasurements,omitempty" cbor:"3,keyasint,omitempty"` RtmManifest RtmManifest `json:"rtmManifest" cbor:"4,keyasint"` OsManifest OsManifest `json:"osManifest" cbor:"5,keyasint"` AppManifests []AppManifest `json:"appManifests,omitempty" cbor:"6,keyasint,omitempty"` CompanyDescription *CompanyDescription `json:"companyDescription,omitempty" cbor:"7,keyasint,omitempty"` DeviceDescription DeviceDescription `json:"deviceDescription" cbor:"8,keyasint"` Nonce []byte `json:"nonce" cbor:"9,keyasint"` }
ArPlain represents the attestation report with its plain elements
type BooleanMatch ¶ added in v0.4.0
type CborSerializer ¶ added in v0.5.0
type CborSerializer struct{}
func (CborSerializer) GetPayload ¶ added in v0.5.0
func (s CborSerializer) GetPayload(raw []byte) ([]byte, error)
func (CborSerializer) Marshal ¶ added in v0.5.0
func (s CborSerializer) Marshal(v any) ([]byte, error)
func (CborSerializer) Sign ¶ added in v0.5.0
func (s CborSerializer) Sign(report []byte, signer Signer) (bool, []byte)
func (CborSerializer) Unmarshal ¶ added in v0.5.0
func (s CborSerializer) Unmarshal(data []byte, v any) error
func (CborSerializer) VerifyToken ¶ added in v0.5.0
func (s CborSerializer) VerifyToken(data []byte, roots []*x509.Certificate) (TokenResult, []byte, bool)
type CertChain ¶ added in v0.4.0
type CertChain struct { Leaf []byte `json:"leaf" cbor:"0,keyasint"` Intermediates [][]byte `json:"intermediates" cbor:"1,keyasint"` Ca []byte `json:"ca" cbor:"2,keyasint"` }
CertChain is a helper struct for certificate chains, consisting of a leaf certificate, an arbitrary number of intermediate (sub-CA) certificates and a CA certificate
type CertParams ¶
type CertParams struct { Type string `json:"type" cbor:"0,keyasint"` Subject Name `json:"subject,omitempty" cbor:"1,keyasint,omitempty"` SANs []string `json:"sans,omitempty" cbor:"2,keyasint,omitempty"` }
CertParams contains params of an x.509 certificate. The tpm module cannot send an AK CSR to the server, as the AK is a restricted key which does not allow signing of non-TPM-based objects such as CSRs. Therefore, pass the certificate parameters encoded in this structure
type CompDescResult ¶ added in v0.2.0
type CompDescResult struct { Name string `json:"name"` CompCertLevel int `json:"compCertLevel"` // Overall certification level for the company operating the device Summary ResultMulti `json:"resultSummary"` SignatureCheck []SignatureResult `json:"signatureValidation"` // Results for validation of the Description Signatures and the used certificates ValidityCheck Result `json:"validityCheck"` // Result from checking the validity of the manifest }
CompDescResult represents the results of the validation of the Company Description and its mapping to the used device certificate
type CompanyDescription ¶
type CompanyDescription struct { Type string `json:"type" cbor:"0,keyasint"` DN string `json:"dn" cbor:"1,keyasint"` CertificationLevel int `json:"certificationLevel" cbor:"2,keyasint"` Description string `json:"description" cbor:"3,keyasint"` Validity Validity `json:"validity" cbor:"4,keyasint"` }
CompanyDescription represents the attestation report element of type 'Company Description'
type DevDescResult ¶ added in v0.2.0
type DevDescResult struct { Summary ResultMulti `json:"resultSummary"` CorrectRtm Result `json:"correctRtm"` // Result for comparison of RTM in the Device Description and the provided RTM Manifest CorrectOs Result `json:"correctOs"` // Result for comparison of OS in the Device Description and the provided OS Manifest CorrectApps ResultMulti `json:"correctApps"` // Result for comparison of App List in the Device Description and the provided App Manifest RtmOsCompatibility Result `json:"rtmOsCompatibility"` // Result for consistency check for mapping from OS Manifest to RTM Manifest OsAppsCompatibility ResultMulti `json:"osAppCompatibility"` // Result for consistency check for mapping from App Manifests to OS Manifest SignatureCheck []SignatureResult `json:"signatureValidation"` // Results for validation of the Device Description Signature(s) and the used certificates }
DevDescResult represents the results of the validation of the Device Description in the Attestation Report
type DeviceDescription ¶ added in v0.2.0
type DeviceDescription struct { Type string `json:"type" cbor:"0,keyasint"` Fqdn string `json:"fqdn" cbor:"1,keyasint"` Description string `json:"description" cbor:"2,keyasint"` Location string `json:"location" cbor:"3,keyasint"` RtmManifest string `json:"rtmManifest" cbor:"4,keyasint"` OsManifest string `json:"osManifest" cbor:"5,keyasint"` AppDescriptions []AppDescription `json:"appDescriptions" cbor:"6,keyasint"` Internal []InternalConnection `json:"internalConnections" cbor:"7,keyasint"` External []ExternalInterface `json:"externalEndpoints" cbor:"8,keyasint"` }
DeviceDescription represents the attestation report element of type 'Device Description'
type ExternalInterface ¶
type ExternalInterface struct { Type string `json:"type" cbor:"0,keyasint"` AppEndpoint string `json:"appEndpoint" cbor:"1,keyasint"` // Links to AppManifest.Endpoint Interface string `json:"interface" cbor:"2,keyasint"` // Links to AppDescription.Name Port int `json:"port" cbor:"3,keyasint"` // Links to App Manifest.Endpoint }
ExternalInterface represents the attestation report element of type 'External Interface'
type HashChainElem ¶
type HashChainElem struct { Type string `json:"type" cbor:"0,keyasint"` Pcr int32 `json:"pcr" cbor:"1,keyasint"` Sha256 []HexByte `json:"sha256" cbor:"2,keyasint"` }
HashChainElem represents the attestation report element of type 'Hash Chain' embedded in 'TPM Measurement'
type HexByte ¶ added in v0.5.0
type HexByte []byte
Custom type for JSON unmarshaller as byte arrays are encoded as hex strings in JSON but used as byte arrays internally and by CBOR encoding
func (*HexByte) MarshalJSON ¶ added in v0.5.0
MarshalJSON marshalls a byte array into a hex string
func (*HexByte) UnmarshalJSON ¶ added in v0.5.0
UnmarshalJSON unmarshalls JSON hex strings into byte arrays
type IasMeasurement ¶ added in v0.5.0
type IasMeasurement struct { Type string `json:"type" cbor:"0,keyasint"` Report []byte `json:"blob" cbor:"1,keyasint"` Certs CertChain `json:"certs" cbor:"2,keyasint"` }
IasMeasurement represents the attestation report element of type 'IAS Measurement' signed by the device
type IasMeasurementResult ¶ added in v0.5.0
type IasMeasurementResult struct { Summary Result `json:"resultSummary"` FreshnessCheck Result `json:"quoteFreshness"` ReferenceValueCheck ResultMulti `json:"referenceValueCheck"` IasSignature SignatureResult `json:"reportSignatureCheck"` }
IasMeasurementResult represents the results for the verification of ARM PSA Initial Attestation Service Token measurements
type Iat ¶ added in v0.5.0
type Iat struct { ProfileDefinition string `cbor:"-75000,keyasint"` ClientId int `cbor:"-75001,keyasint"` LifeCycle uint16 `cbor:"-75002,keyasint"` ImplementationId [32]byte `cbor:"-75003,keyasint"` BootSeed [32]byte `cbor:"-75004,keyasint"` HwVersion string `cbor:"-75005,keyasint"` SwComponents []SwComponent `cbor:"-75006,keyasint"` NoSwMeasurements int `cbor:"-75007,keyasint"` AuthChallenge []byte `cbor:"-75008,keyasint"` InstanceId [33]byte `cbor:"-75009,keyasint"` Vsi string `cbor:"-75010,keyasint,omitempty"` }
type InternalConnection ¶
type InternalConnection struct { Type string `json:"type" cbor:"0,keyasint"` NameAppA string `json:"nameAppA" cbor:"1,keyasint"` // Links to AppDescription.Name EndpointAppA string `json:"endpointAppA" cbor:"2,keyasint"` // Links to AppManifest.Endpoint NameAppB string `json:"nameAppB" cbor:"3,keyasint"` // Links to AppDescription.Name EndpointAppB string `json:"endpointAppB" cbor:"4,keyasint"` // Links to AppManifest.Endpoint }
InternalConnection represents the attestation report element of type 'Internal Connection'
type JsonSerializer ¶ added in v0.5.0
type JsonSerializer struct{}
func (JsonSerializer) GetPayload ¶ added in v0.5.0
func (s JsonSerializer) GetPayload(raw []byte) ([]byte, error)
func (JsonSerializer) Marshal ¶ added in v0.5.0
func (s JsonSerializer) Marshal(v any) ([]byte, error)
func (JsonSerializer) Sign ¶ added in v0.5.0
func (s JsonSerializer) Sign(report []byte, signer Signer) (bool, []byte)
Sign signs the attestation report with the specified signer 'signer'
func (JsonSerializer) Unmarshal ¶ added in v0.5.0
func (s JsonSerializer) Unmarshal(data []byte, v any) error
func (JsonSerializer) VerifyToken ¶ added in v0.5.0
func (s JsonSerializer) VerifyToken(data []byte, roots []*x509.Certificate) (TokenResult, []byte, bool)
VerifyToken verifies signatures and certificate chains for JWS tokens
type ManifestResult ¶ added in v0.2.0
type ManifestResult struct { Name string `json:"name"` Summary ResultMulti `json:"resultSummary"` SignatureCheck []SignatureResult `json:"signatureValidation"` // Results for validation of the Manifest Signatures and the used certificates ValidityCheck Result `json:"validityCheck"` // Result from checking the validity of the manifest }
ManifestResult represents the results of the validation of a manifest provided in the Attestation Report
type Measurement ¶
type Measurement interface{}
Measurement is a generic interface for a Measurement, such as a TpmMeasurement
type MeasurementResult ¶ added in v0.2.0
type MeasurementResult struct { TpmMeasResult *TpmMeasurementResult `json:"tpm,omitempty"` SnpMeasResult *SnpMeasurementResult `json:"snp,omitempty"` IasMeasResult *IasMeasurementResult `json:"ias,omitempty"` SwMeasResult []SwMeasurementResult `json:"sw,omitempty"` }
MeasurementResult represents the results of the comparison of reference values and measurements. The used attributes depend on the technologies used for calculating the measurements
type Measurer ¶
type Measurer interface {
Measure(nonce []byte) (Measurement, error)
}
Measurer is an interface implementing the Measure method for each type of measurement Each type of interface that is capable of providing measurements (such as the tpmw module) is expected to implement this method. The attestationreport module will call this method to retrieve the measurements of the platform during attestation report generation.
type Name ¶
type Name struct { CommonName string `json:"commonName,omitempty" cbor:"0,keyasint,omitempty"` Country string `json:"country,omitempty" cbor:"1,keyasint,omitempty"` Organization string `json:"organization,omitempty" cbor:"2,keyasint,omitempty"` OrganizationalUnit string `json:"organizationalUnit,omitempty" cbor:"3,keyasint,omitempty"` Locality string `json:"locality,omitempty" cbor:"4,keyasint,omitempty"` Province string `json:"province,omitempty" cbor:"5,keyasint,omitempty"` StreetAddress string `json:"streetAddress,omitempty" cbor:"6,keyasint,omitempty"` PostalCode string `json:"postalCode,omitempty" cbor:"7,keyasint,omitempty"` Names []interface{} `json:"names,omitempty" cbor:"8,keyasint,omitempty"` }
Name is the PKIX Name for CertParams
type OsManifest ¶
type OsManifest struct { Type string `json:"type" cbor:"0,keyasint"` Name string `json:"name" cbor:"1,keyasint"` DevCommonName string `json:"developerCommonName" cbor:"2,keyasint"` Version string `json:"version" cbor:"3,keyasint"` Rtms []string `json:"rtms" cbor:"4,keyasint"` // Links to Type RtmManifest.Name Description string `json:"description" cbor:"5,keyasint"` CertificationLevel int `json:"certificationLevel" cbor:"6,keyasint"` Validity Validity `json:"validity" cbor:"7,keyasint"` ReferenceValues []ReferenceValue `json:"referenceValues" cbor:"8,keyasint"` }
OsManifest represents the attestation report element of type 'OsManifest'
type PcrResult ¶ added in v0.2.0
type PcrResult struct { Pcr int `json:"pcr"` // Number for the PCR which was validated Validation ResultMulti `json:"validation"` }
PcrResult represents the results for the recalculation of a specific PCR
type PolicyCheck ¶ added in v0.4.0
type PolicyCheck struct { Summary Result `json:"resultSummary"` Abi VersionCheck `json:"abi"` Smt BooleanMatch `json:"smt"` Migration BooleanMatch `json:"migration"` Debug BooleanMatch `json:"debug"` SingleSocket BooleanMatch `json:"singleSocket"` }
type PolicyValidator ¶ added in v0.4.0
type PolicyValidator interface {
Validate(result VerificationResult) bool
}
type ReferenceValue ¶ added in v0.5.0
type ReferenceValue struct { Type string `json:"type" cbor:"0,keyasint"` Sha256 HexByte `json:"sha256,omitempty" cbor:"1,keyasint,omitempty"` Sha384 HexByte `json:"sha384,omitempty" cbor:"2,keyasint,omitempty"` Name string `json:"name,omitempty" cbor:"3,keyasint,omitempty"` Pcr *int `json:"pcr,omitempty" cbor:"4,keyasint,omitempty"` Snp *SnpDetails `json:"snp,omitempty" cbor:"5,keyasint,omitempty"` }
ReferenceValue represents the attestation report element of types 'SNP Reference Value', 'TPM Reference Value' and 'SW Reference Value'
type Result ¶ added in v0.2.0
type Result struct { Success bool `json:"success"` Details string `json:"details,omitempty"` // Details on the issue which was detected during validation, remains empty if validation was successful }
Result is a generic type for storing a boolean result value and details on the validation (used in case of errors)
type ResultMulti ¶ added in v0.3.0
type ResultMulti struct { Success bool `json:"success"` Details []string `json:"details,omitempty"` // Details on the issue which was detected during validation, remains empty if validation was successful }
ResultMulti is a generic type for storing a boolean result value and possibly multiple details on the validation (used in case of errors)
type RtmManifest ¶
type RtmManifest struct { Type string `json:"type" cbor:"0,keyasint"` Name string `json:"name" cbor:"1,keyasint"` DevCommonName string `json:"developerCommonName" cbor:"2,keyasint"` Version string `json:"version" cbor:"3,keyasint"` Description string `json:"description" cbor:"4,keyasint"` CertificationLevel int `json:"certificationLevel" cbor:"5,keyasint"` Validity Validity `json:"validity" cbor:"6,keyasint"` ReferenceValues []ReferenceValue `json:"referenceValues" cbor:"7,keyasint"` }
RtmManifest represents the attestation report element of type 'RTM Manifest'
type Serializer ¶ added in v0.5.0
type Serializer interface { GetPayload(raw []byte) ([]byte, error) Marshal(v any) ([]byte, error) Unmarshal(data []byte, v any) error Sign(report []byte, signer Signer) (bool, []byte) VerifyToken(data []byte, roots []*x509.Certificate) (TokenResult, []byte, bool) }
Serializer is a generic interface providing methods for data serialization and de-serialization. This enables to generate and verify attestation reports in different formats, such as JSON/JWS or CBOR/COSE
type SignatureResult ¶ added in v0.2.0
type SignatureResult struct { Name string `json:"commonName"` // Name of the certificate used for calculating the signature Organization []string `json:"organization"` // Name of the organization the signer belongs to SubjectKeyId string `json:"subjectKeyIdentifier"` // Hex-encoded certificate Subject Key Identifier AuthorityKeyId string `json:"authoritykeyidentifier"` // Hex-encoded certificate autorithy key identifier Signature Result `json:"signatureVerification"` // Result from checking the signature has been calculated with this certificate CertCheck Result `json:"certChainValidation"` // Result from validatint the certification chain back to a shared root of trust RoleCheck *Result `json:"roleCheck,omitempty"` // Result for checking the role in the certificate (optional) ExtensionsCheck *ResultMulti `json:"extensionsCheck,omitempty"` }
SignatureResults represents the results for validation of a provided signature and the used certificates
type Signing ¶ added in v0.4.0
type Signing interface{}
Signer is a generic interface for an entity capable of signing an attestation report, such as a TPM or other hardware interface
type SnpDetails ¶ added in v0.4.0
type SnpMeasurement ¶ added in v0.4.0
type SnpMeasurement struct { Type string `json:"type" cbor:"0,keyasint"` Report []byte `json:"blob" cbor:"1,keyasint"` Certs CertChain `json:"certs" cbor:"2,keyasint"` }
SnpMeasurement represents the attestation report element of type 'SNP Measurement' signed by the device
type SnpMeasurementResult ¶ added in v0.4.0
type SnpMeasurementResult struct { Summary Result `json:"resultSummary"` Freshness Result `json:"freshness"` Signature SignatureResult `json:"signature"` MeasurementMatch Result `json:"measurementMatch"` VersionMatch Result `json:"reportVersionMatch"` FwCheck VersionCheck `json:"fwCheck"` TcbCheck TcbCheck `json:"tcbCheck"` PolicyCheck PolicyCheck `json:"policyCheck"` ReferenceValueCheck ResultMulti `json:"referenceValueCheck"` // Checks that every SNP Reference Value was part of the measurements }
SnpMeasurementResult represents the results for the verification of AMD SEV SNP measurements
type SnpPolicy ¶ added in v0.4.0
type SnpPolicy struct { Type string `json:"type" cbor:"0,keyasint"` SingleSocket bool `json:"singleSocket" cbor:"1,keyasint"` Debug bool `json:"debug" cbor:"2,keyasint"` Migration bool `json:"migration" cbor:"3,keyasint"` Smt bool `json:"smt" cbor:"4,keyasint"` AbiMajor uint8 `json:"abiMajor" cbor:"5,keyasint"` AbiMinor uint8 `json:"abiMinor" cbor:"6,keyasint"` }
type SwComponent ¶ added in v0.5.0
type SwMeasurement ¶
type SwMeasurement struct { Type string `json:"type" cbor:"0,keyasint"` Name string `json:"name" cbor:"1,keyasint"` Sha256 HexByte `json:"sha256" cbor:"2,keyasint"` }
SwMeasurement represents the attestation report element of type 'Software Measurement'
type SwMeasurementResult ¶ added in v0.2.0
type SwMeasurementResult struct { MeasName string `json:"measurementName"` // Name associated with the measurement used for validation VerName string `json:"referenceValueName"` // Name of the reference value information used for validation Validation Result `json:"validation"` }
SwMeasurementResult represents the results for the reference values of a software measurement (currently only used for app reference values)
type TcbCheck ¶ added in v0.4.0
type TcbCheck struct { Summary Result `json:"resultSummary"` Bl VersionCheck `json:"bl"` Tee VersionCheck `json:"tee"` Snp VersionCheck `json:"Snp"` Ucode VersionCheck `json:"ucode"` }
type TokenResult ¶ added in v0.5.0
type TokenResult struct { Summary ResultMulti `json:"resultSummary"` SignatureCheck []SignatureResult `json:"signatureValidation"` }
TokenResult is a helper struct for the validation of JWS or COSE tokens focussing on the validation of the provided signatures
type TpmMeasurement ¶
type TpmMeasurement struct { Type string `json:"type" cbor:"0,keyasint"` Message HexByte `json:"message" cbor:"1,keyasint"` Signature HexByte `json:"signature" cbor:"2,keyasint"` Certs CertChain `json:"certs" cbor:"3,keyasint"` HashChain []*HashChainElem `json:"hashChain" cbor:"4,keyasint"` }
TpmMeasurement represents the attestation report element of type 'TPM Measurement'
type TpmMeasurementResult ¶ added in v0.2.0
type TpmMeasurementResult struct { Summary Result `json:"resultSummary"` PcrRecalculation []PcrResult `json:"pcrRecalculation"` // Result for validation whether the measured PCR values match the provided reference values AggPcrQuoteMatch Result `json:"aggPcrQuoteMatch"` // Result for comparing the aggregated PCR values with the value in the TPM Quote QuoteFreshness Result `json:"quoteFreshness"` // Result for comparison of the expected nonce to the one provided in the TPM Quote QuoteSignature SignatureResult `json:"quoteSignature"` // Results for validation of the TPM Quote Signature and the used certificates ReferenceValueCheck ResultMulti `json:"referenceValueCheck"` // Checks that every TPM Reference Value was part of the measurements }
TpmMeasurementResults represents the results of the validation of the provided TPM Quote and its comparison to the reference values in the manifests
type Type ¶ added in v0.5.0
type Type struct {
Type string `json:"type" cbor:"0,keyasint"`
}
Type is a helper struct for just extracting the 'Type' of metadata
type Validity ¶
type Validity struct { NotBefore string `json:"notBefore" cbor:"0,keyasint"` NotAfter string `json:"notAfter" cbor:"1,keyasint"` }
Validity is a helper struct for 'Validity'
type VerificationResult ¶
type VerificationResult struct { Type string `json:"type"` Success bool `json:"raSuccessful"` // Summarizing value illustrating whether any issues were detected during validation SwCertLevel int `json:"swCertLevel"` // Overall certification level for the entire software stack (the minimum of all CertificationLevels in the used manifests) FreshnessCheck Result `json:"freshnessCheck"` // Result for comparison of the expected nonce to the one provided in the attestation report ReportSignature []SignatureResult `json:"reportSignatureCheck"` // Result for validation of the overall report signature CompDescResult *CompDescResult `json:"companyValidation,omitempty"` RtmResult ManifestResult `json:"rtmValidation"` OsResult ManifestResult `json:"osValidation"` AppResults []ManifestResult `json:"appValidation,omitempty"` MeasResult MeasurementResult `json:"measurementValidation"` DevDescResult DevDescResult `json:"deviceDescValidation"` ProcessingError []string `json:"processingError,omitempty"` // used to document any processing errors (dependent from provided Attestation Report) which hindered a complete validation InternalError bool `json:"internalError,omitempty"` // used to document if internal errors (independent from provided Attestation Report) occurred which hindered a complete validation PlainAttReport ArPlain `json:"validatedAttestationReport"` // The unpacked and validated attestation report content for further processing }
VerificationResult represents the results of all steps taken during the validation of an attestation report
func Verify ¶ added in v0.2.0
func Verify(arRaw string, nonce, casPem []byte, policies []Policies, s Serializer) VerificationResult
Verify verifies an attestation report in full serialized JWS format against the supplied nonce and CA certificate. Verifies the certificate chains of all attestation report elements as well as the measurements against the reference values and the compatibility of software artefacts.