attestationreport

package
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 24, 2024 License: Apache-2.0 Imports: 24 Imported by: 2

Documentation

Index

Constants

View Source
const (
	SHA1_DIGEST_LEN   = 20
	SHA256_DIGEST_LEN = 32
	SHA384_DIGEST_LEN = 48
)

Variables

This section is empty.

Functions

func CreateCsr added in v0.6.0

func CreateCsr(priv crypto.PrivateKey, s Serializer, metadata [][]byte) (*x509.CertificateRequest, error)

func EmptyEventdata added in v0.6.0

func EmptyEventdata(evData *EventData) bool

func ExtKeyUsageToString added in v0.6.0

func ExtKeyUsageToString(usage []x509.ExtKeyUsage) []string

ExtKeyUsageToString translates the internal representation of allowed extended key usage in an x509 certificate to a string array.

func KeyUsageToString added in v0.6.0

func KeyUsageToString(usage x509.KeyUsage) []string

KeyUsageToString translates the internal representation of allowed key usage in an x509 certificate to a string array.

Types

type AppDescResult added in v0.7.0

type AppDescResult struct {
	MetaInfo
	AppManifest string              `json:"appManifest"`
	Environment []Environment       `json:"environment,omitempty"`
	External    []ExternalInterface `json:"external,omitempty"`
}

type AppDescription

type AppDescription struct {
	MetaInfo
	AppManifest string              `json:"appManifest" cbor:"3,keyasint"` // Links to App Manifest.Name
	External    []ExternalInterface `json:"externalConnections,omitempty" cbor:"4,keyasint,omitempty"`
	Environment []Environment       `json:"environment,omitempty" cbor:"5,keyasint,omitempty"`
}

AppDescription represents the attestation report element of type 'App Description'

type AppManifest

type AppManifest struct {
	MetaInfo
	DevCommonName      string           `json:"developerCommonName"  cbor:"3,keyasint"`
	Oss                []string         `json:"oss" cbor:"4,keyasint"` // Links to OsManifest.Name
	Description        string           `json:"description" cbor:"5,keyasint"`
	CertificationLevel int              `json:"certificationLevel" cbor:"6,keyasint"`
	Validity           Validity         `json:"validity" cbor:"7,keyasint"`
	ReferenceValues    []ReferenceValue `json:"referenceValues" cbor:"8,keyasint"`
}

AppManifest represents the attestation report element of type 'App Manifest'

type AttestationReport added in v0.6.0

type AttestationReport struct {
	Type               string        `json:"type" cbor:"0,keyasint"`
	Measurements       []Measurement `json:"measurements,omitempty" cbor:"1,keyasint,omitempty"`
	RtmManifest        []byte        `json:"rtmManifests" cbor:"2,keyasint"`
	OsManifest         []byte        `json:"osManifest" cbor:"3,keyasint"`
	AppManifests       [][]byte      `json:"appManifests,omitempty" cbor:"4,keyasint,omitempty"`
	CompanyDescription []byte        `json:"companyDescription,omitempty" cbor:"5,keyasint,omitempty"`
	DeviceDescription  []byte        `json:"deviceDescription" cbor:"6,keyasint"`
	Nonce              []byte        `json:"nonce" cbor:"7,keyasint"`
}

AttestationReport represents the attestation report in JWS/COSE format with its contents already in signed JWS/COSE format

type AttributesCheck added in v0.6.0

type AttributesCheck struct {
	Success  bool    `json:"success"`
	Claimed  HexByte `json:"claimed"`
	Measured HexByte `json:"measured"`
}

type BooleanMatch added in v0.4.0

type BooleanMatch struct {
	Success  bool `json:"success"`
	Claimed  bool `json:"claimed"`
	Measured bool `json:"measured"`
}

type CborSerializer added in v0.5.0

type CborSerializer struct{}

func (CborSerializer) GetPayload added in v0.5.0

func (s CborSerializer) GetPayload(raw []byte) ([]byte, error)

func (CborSerializer) Marshal added in v0.5.0

func (s CborSerializer) Marshal(v any) ([]byte, error)

func (CborSerializer) Sign added in v0.5.0

func (s CborSerializer) Sign(report []byte, signer Driver) ([]byte, error)

func (CborSerializer) Unmarshal added in v0.5.0

func (s CborSerializer) Unmarshal(data []byte, v any) error

func (CborSerializer) VerifyToken added in v0.5.0

func (s CborSerializer) VerifyToken(data []byte, roots []*x509.Certificate) (TokenResult, []byte, bool)

type CompDescResult added in v0.2.0

type CompDescResult struct {
	MetaInfo
	CompCertLevel  int               `json:"compCertLevel"`       // Certification level for the company operating the device
	Summary        Result            `json:"result"`              // Summarizing value illustrating whether any issues were detected during validation of the Company Description
	SignatureCheck []SignatureResult `json:"signatureValidation"` // Results for validation of the Description Signatures and the used certificates
	ValidityCheck  Result            `json:"validityCheck"`       // Result from checking the validity of the description
}

CompDescResult represents the results of the validation of the Company Description and its mapping to the used device certificate.

type CompanyDescription

type CompanyDescription struct {
	MetaInfo
	CertificationLevel int      `json:"certificationLevel" cbor:"3,keyasint"`
	Description        string   `json:"description" cbor:"4,keyasint"`
	Validity           Validity `json:"validity" cbor:"5,keyasint"`
}

CompanyDescription represents the attestation report element of type 'Company Description'

type CsrParams added in v0.6.0

type CsrParams struct {
	Subject Name     `json:"subject" cbor:"0,keyasint"`
	SANs    []string `json:"sans,omitempty" cbor:"1,keyasint,omitempty"`
}

CsrParams contains certificate signing request parameters

type CtrData added in v0.7.0

type CtrData struct {
	ConfigSha256 HexByte `json:"configSha256" cbor:"0,keyasint"`
	RootfsSha256 HexByte `json:"rootfsSha256" cbor:"1,keyasint"`
}

type DevDescResult added in v0.2.0

type DevDescResult struct {
	MetaInfo
	Description         string            `json:"description"`
	Location            string            `json:"location"`
	Summary             Result            `json:"result"`
	CorrectRtm          Result            `json:"correctRtm"`
	CorrectOs           Result            `json:"correctOs"`
	CorrectApps         []Result          `json:"correctApps"`
	RtmOsCompatibility  Result            `json:"rtmOsCompatibility"`
	OsAppsCompatibility []Result          `json:"osAppCompatibility"`
	AppResults          []AppDescResult   `json:"appDescResults"`
	SignatureCheck      []SignatureResult `json:"signatureValidation"`
}

DevDescResult represents the results of the validation of the Device Description in the Attestation Report.

type DeviceConfig added in v0.6.0

type DeviceConfig struct {
	MetaInfo
	AkCsr     CsrParams `json:"akCsr" cbor:"3,keyasint"`
	IkCsr     CsrParams `json:"ikCsr" cbor:"4,keyasint"`
	SgxValues struct {
		EncryptedPPID HexByte `json:"encryptedPPID" cbor:"5,keyasint"`
		Pceid         HexByte `json:"pceid" cbor:"6,keyasint"`
		Cpusvn        HexByte `json:"cpusvn" cbor:"7,keyasint"`
		Pcesvn        HexByte `json:"pcesvn" cbor:"8,keyasint"`
	}
}

DeviceConfig contains the local device configuration parameters

type DeviceDescription added in v0.2.0

type DeviceDescription struct {
	MetaInfo
	Description     string               `json:"description" cbor:"3,keyasint"`
	Location        string               `json:"location" cbor:"4,keyasint"`
	RtmManifest     string               `json:"rtmManifest" cbor:"5,keyasint"`
	OsManifest      string               `json:"osManifest" cbor:"6,keyasint"`
	AppDescriptions []AppDescription     `json:"appDescriptions" cbor:"7,keyasint"`
	Internal        []InternalConnection `json:"internalConnections" cbor:"8,keyasint"`
	External        []ExternalInterface  `json:"externalEndpoints" cbor:"9,keyasint"`
}

DeviceDescription represents the attestation report element of type 'Device Description'

type DigestResult added in v0.6.0

type DigestResult struct {
	Pcr         *int       `json:"pcr,omitempty"`         // Number for the PCR if present (TPM)
	Name        string     `json:"name,omitempty"`        // Name of the software artifact
	Digest      string     `json:"digest"`                // Digest that was processed
	Description string     `json:"description,omitempty"` // Optional description
	Success     bool       `json:"success"`               // Indicates whether match was found
	Type        string     `json:"type,omitempty"`        // On fail, indicates whether digest is reference or measurement
	EventData   *EventData `json:"eventdata,omitempty"`   // data that was included from bioseventlog
}

DigestResult represents a generic result for a digest that was processed during attestation

type Driver added in v0.6.0

type Driver interface {
	Init(c *DriverConfig) error                                   // Initializes the driver
	Measure(nonce []byte) (Measurement, error)                    // Retrieves measurements
	Lock() error                                                  // For sync, if required
	Unlock() error                                                // For sync, if required
	GetSigningKeys() (crypto.PrivateKey, crypto.PublicKey, error) // Get Signing key handles
	GetCertChain() ([]*x509.Certificate, error)                   // Get cert chain for signing key
}

Driver is an interface representing a driver for a hardware trust anchor, capable of providing attestation evidence and signing data. This can be e.g. a Trusted Platform Module (TPM), AMD SEV-SNP, or the ARM PSA Initial Attestation Service (IAS). The driver must be capable of performing measurements, i.e. retrieving attestation evidence such as a TPM Quote or an SNP attestation report and providing handles to signing keys and their certificate chains

type DriverConfig added in v0.6.0

type DriverConfig struct {
	StoragePath    string
	ServerAddr     string
	KeyConfig      string
	Metadata       [][]byte
	UseIma         bool
	ImaPcr         int
	Serializer     Serializer
	MeasurementLog bool
	UseCtr         bool
	CtrPcr         int
	CtrLog         string
}

DriverConfig contains all configuration values required for the different drivers

type EFILoadOption added in v0.6.0

type EFILoadOption struct {
	Attributes uint32 `json:"attributes" cbor:"0,keyasint"`
	// - could also get resolved to the different options UEFISpec:73
	//-ex filePathListLength uint16
	Description  string         `json:"description" cbor:"1,keyasint"`
	FilepathList []FilePathList `json:"filepathlist" cbor:"2,keyasint"`
	// optional Data
	OptionalData HexByte `json:"optionaldata,omitempty" cbor:"3,keyasint,omitempty"`
}

type Environment added in v0.7.0

type Environment struct {
	Key   string `json:"key" cbor:"0,keyasint"`
	Value string `json:"value" cbor:"1,keyasint"`
}

Environment represents environment variables for apps

type ErrorCode added in v0.6.0

type ErrorCode int
const (
	NotSet ErrorCode = iota
	CaFingerprint
	CRLCheckRoot
	CRLCheckPCK
	CRLCheckSigningCert
	DecodeCertChain
	UnknownSerialization
	DownloadRootCRL
	DownloadPCKCRL
	EvidenceLength
	EvidenceType
	Expired
	ExtractPubKey
	Internal
	InvalidCertificationLevel
	JWSNoSignatures
	JWSSignatureOrder
	JWSPayload
	MeasurementNoMatch
	MeasurementTypeNotSupported
	NotPresent
	NotYetValid
	OidLength
	OidNotPresent
	OidTag
	Parse
	ParseAR
	ParseX5C
	ParseCA
	ParseCAFingerprint
	ParseCert
	ParseTcbInfo
	ParseJSON
	ParseOSManifest
	ParseEvidence
	ParseExtensions
	ParseQEIdentity
	ParseRTMManifest
	ParseTime
	PolicyEngineNotImplemented
	RefValTypeNotSupported
	SetupSystemCA
	SgxFmpcMismatch
	SgxPceidMismatch
	SignatureLength
	DetailsNotPresent
	RefValMultiple
	RefValNotPresent
	RefValType
	RefValNoMatch
	TcbInfoExpired
	TcbLevelUnsupported
	TcbLevelRevoked
	UnsupportedAlgorithm
	VerifyAR
	VerifyCertChain
	VerifyPCKChain
	VerifyOSManifest
	VerifyPolicies
	VerifyQEIdentityErr
	VerifyRTMManifest
	VerifySignature
	VerifyTCBChain
	VerifyTcbInfo
	ExtensionsCheck
)

func (ErrorCode) String added in v0.6.0

func (e ErrorCode) String() string

type EventData added in v0.6.0

type EventData struct {
	//for certain Uefi variable information events
	Uefivariabledata *UefiVariableData `json:"uefivariabledata,omitempty" cbor:"0,keyasint,omitempty"`

	//for the GPT_Event
	GPTHeader *GPTHeader `json:"gptheader,omitempty" cbor:"1,keyasint,omitempty"`
	//for PCClientTaggedEvent
	PCClientTaggedEvent      *PCClientTaggedEvent      `json:"pcclienttaggedevent,omitempty" cbor:"2,keyasint,omitempty"`
	ImageLoadEvent           *ImageLoadEvent           `json:"imageloadevent,omitempty" cbor:"3,keyasint,omitempty"`
	UefiHandoffTablePointer  *UefiHandoffTablePointer  `json:"uefihandofftablepointer,omitempty" cbor:"4,keyasint,omitempty"`
	UefiPlatformFirmwareBlob *UefiPlatformFirmwareBlob `json:"uefiplatformfirmwareblob,omitempty" cbor:"5,keyasint,omitempty"`
	//used e.g. for EFI_IPL event
	StringContent string `json:"stringcontent,omitempty" cbor:"6,keyasint,omitempty"`
	//generic data (when no further differentiation is implemented)
	GenericData HexByte `json:"genericdata,omitempty" cbor:"7,keyasint,omitempty"`
}

func ParseEventData added in v0.6.0

func ParseEventData(eventBytes []uint8, eventName string) *EventData

type ExternalInterface

type ExternalInterface struct {
	Type        string `json:"type" cbor:"0,keyasint"`
	AppEndpoint string `json:"appEndpoint" cbor:"1,keyasint"` // Links to AppManifest.Endpoint
	Interface   string `json:"interface" cbor:"2,keyasint"`   // Links to AppDescription.Name
	Port        int    `json:"port" cbor:"3,keyasint"`        // Links to App Manifest.Endpoint
}

ExternalInterface represents the attestation report element of type 'External Interface'

type FilePathList added in v0.6.0

type FilePathList struct {
	Type    string `json:"type" cbor:"0,keyasint"`
	Subtype string `json:"subtype" cbor:"1,keyasint"`

	//optional stuff
	//     - 2.1 (ACPI Device Path)
	HID HexByte `json:"hid,omitempty" cbor:"2,keyasint,omitempty"`
	UID HexByte `json:"uid,omitempty" cbor:"3,keyasint,omitempty"`

	//     - 3.a (messaging device path: vendor-defined messaging device path)
	VendorGUID        string  `json:"vendorguid,omitempty" cbor:"4,keyasint,omitempty"`
	VendorDefinedData HexByte `json:"vendordefineddata,omitempty" cbor:"4,keyasint,omitempty"`

	//     - 4.1 (media device path: hard drive)
	PartitionNumber    uint32  `json:"partitionnumber,omitempty" cbor:"5,keyasint,omitempty"`
	PartitionStart     uint64  `json:"partitionstart,omitempty" cbor:"6,keyasint,omitempty"`
	PartitionSize      uint64  `json:"partitionsize,omitempty" cbor:"7,keyasint,omitempty"`
	PartitionSignature HexByte `json:"partitionsignature,omitempty" cbor:"8,keyasint,omitempty"` //[16]byte
	PartitionFormat    byte    `json:"partitionformat,omitempty" cbor:"9,keyasint,omitempty"`
	SignaturType       byte    `json:"signaturetype,omitempty" cbor:"10,keyasint,omitempty"`

	//	- 4.2 (media device path: CD-ROM Media Device Path)
	BootEntry uint32 `json:"bootentry,omitempty" cbor:"11,keyasint,omitempty"`

	//     - 4.4 (media device path: file path media device path)
	PathName string `json:"pathname,omitempty" cbor:"12,keyasint,omitempty"`

	//     - 4.5 (media device path: Media Protocol Device Path)
	ProtocolGUID string `json:"protocolguid,omitempty" cbor:"13,keyasint,omitempty"`

	//     - 4.9 (media device path: RAM Disk)
	StartingAddress uint64 `json:"startingaddress,omitempty" cbor:"14,keyasint,omitempty"`
	EndingAddress   uint64 `json:"endingaddress,omitempty" cbor:"15,keyasint,omitempty"`
	DiskTypeGUID    string `json:"disktypeguid,omitempty" cbor:"16,keyasint,omitempty"`
	DiskInstance    uint16 `json:"diskinstance,omitempty" cbor:"17,keyasint,omitempty"`

	//	- 5.1 (BIOS Boot Specification Device Path)
	DeviceType        uint16 `json:"devicetype,omitempty" cbor:"18,keyasint,omitempty"`
	StatusFlag        uint16 `json:"statusflag,omitempty" cbor:"19,keyasint,omitempty"`
	DescriptionString string `json:"descriptionstring,omitempty" cbor:"20,keyasint,omitempty"`
}

type GPTHeader added in v0.6.0

type GPTHeader struct {
	Signature                uint64              `json:"signature,omitempty" cbor:"0,keyasint,omitempty"`
	Revision                 uint32              `json:"revision,omitempty" cbor:"1,keyasint,omitempty"`
	HeaderSize               uint32              `json:"headersize,omitempty" cbor:"2,keyasint,omitempty"`
	HeaderCRC32              uint32              `json:"headercrc32,omitempty" cbor:"3,keyasint,omitempty"`
	Reserved                 uint32              `json:"reserved,omitempty" cbor:"4,keyasint,omitempty"`
	MyLBA                    uint64              `json:"mylba,omitempty" cbor:"5,keyasint,omitempty"`
	AlternativeLBA           uint64              `json:"alternativelba,omitempty" cbor:"6,keyasint,omitempty"`
	FirstUsableLBA           uint64              `json:"firstusablelba,omitempty" cbor:"7,keyasint,omitempty"`
	LastUsableLBA            uint64              `json:"lastusablelba,omitempty" cbor:"8,keyasint,omitempty"`
	DiskGUID                 string              `json:"diskguid,omitempty" cbor:"9,keyasint,omitempty"`
	PartitionEntryLBA        uint64              `json:"partitionentrylba,omitempty" cbor:"10,keyasint,omitempty"`
	NumberOfPartitionEntries uint32              `json:"numberofpartitionentries,omitempty" cbor:"11,keyasint,omitempty"`
	SizeOfPartitionEntry     uint32              `json:"sizeofpartitionentry,omitempty" cbor:"12,keyasint,omitempty"`
	PartitionEntryArrayCRC32 uint32              `json:"partitionentryarraycrc32,omitempty" cbor:"13,keyasint,omitempty"`
	Partitions               []GPTPartitionEntry `json:"partitions,omitempty" cbor:"13,keyasint,omitempty"`
}

type GPTPartitionEntry added in v0.6.0

type GPTPartitionEntry struct {
	PartitionTypeGUID   string `json:"paritiontypeguid,omitempty" cbor:"0,keyasint,omitempty"`
	UniquePartitionGUID string `json:"uniquepartitionguid,omitempty" cbor:"0,keyasint,omitempty"`
	StartingLBA         uint64 `json:"startinglba,omitempty" cbor:"0,keyasint,omitempty"`
	EndingLBA           uint64 `json:"endinglba,omitempty" cbor:"0,keyasint,omitempty"`
	Attributes          uint64 `json:"attributes,omitempty" cbor:"0,keyasint,omitempty"`
	ParitionName        string `json:"partitionname,omitempty" cbor:"0,keyasint,omitempty"` //ParitionName parsed in [36] UTF16
}

type Hash added in v0.6.0

type Hash struct {
	SignatureOwnerGUID string  `json:"signatureownerguid" cbor:"0,keyasint"`
	Hash               HexByte `json:"hash,omitempty" cbor:"1,keyasint,omitempty"`
}

type HexByte added in v0.5.0

type HexByte []byte

Custom type for JSON unmarshaller as byte arrays are encoded as hex strings in JSON but used as byte arrays internally and by CBOR encoding

func (*HexByte) MarshalJSON added in v0.5.0

func (h *HexByte) MarshalJSON() ([]byte, error)

MarshalJSON marshalls a byte array into a hex string

func (*HexByte) UnmarshalJSON added in v0.5.0

func (h *HexByte) UnmarshalJSON(data []byte) error

UnmarshalJSON unmarshalls JSON hex strings into byte arrays

type ImageLoadEvent added in v0.6.0

type ImageLoadEvent struct {
	ImageLocationInMemory address `json:"imagelocationinmemory" cbor:"0,keyasint"` //(assume 64 bit architecture)
	ImageLengthInMemory   uint64  `json:"imagelengthinmemory" cbor:"1,keyasint"`
	ImageLinkTimeAddress  uint64  `json:"imagelinktimeaddress" cbor:"2,keyasint"`
	// LengthOfDevicePath uint64
	//device path
	UefiDevicePath *FilePathList `json:"uefidevicepath" cbor:"3,keyasint"`
}

type IntelCollateral added in v0.6.0

type IntelCollateral struct {
	TeeType        uint32          `json:"teeType" cbor:"0,keyasint"`
	TcbInfo        json.RawMessage `json:"tcbInfo" cbor:"1,keyasint"`
	TcbInfoSize    uint32          `json:"tcbInfoSize" cbor:"2,keyasint"`
	QeIdentity     json.RawMessage `json:"qeIdentity" cbor:"3,keyasint"`
	QeIdentitySize uint32          `json:"qeIdentitySize" cbor:"4,keyasint"`
}

type InternalConnection

type InternalConnection struct {
	Type         string `json:"type" cbor:"0,keyasint"`
	NameAppA     string `json:"nameAppA" cbor:"1,keyasint"`     // Links to AppDescription.Name
	EndpointAppA string `json:"endpointAppA" cbor:"2,keyasint"` // Links to AppManifest.Endpoint
	NameAppB     string `json:"nameAppB" cbor:"3,keyasint"`     // Links to AppDescription.Name
	EndpointAppB string `json:"endpointAppB" cbor:"4,keyasint"` // Links to AppManifest.Endpoint
}

InternalConnection represents the attestation report element of type 'Internal Connection'

type JsonSerializer added in v0.5.0

type JsonSerializer struct{}

func (JsonSerializer) GetPayload added in v0.5.0

func (s JsonSerializer) GetPayload(raw []byte) ([]byte, error)

func (JsonSerializer) Marshal added in v0.5.0

func (s JsonSerializer) Marshal(v any) ([]byte, error)

func (JsonSerializer) Sign added in v0.5.0

func (s JsonSerializer) Sign(report []byte, signer Driver) ([]byte, error)

Sign signs the attestation report with the specified signer 'signer'

func (JsonSerializer) Unmarshal added in v0.5.0

func (s JsonSerializer) Unmarshal(data []byte, v any) error

func (JsonSerializer) VerifyToken added in v0.5.0

func (s JsonSerializer) VerifyToken(data []byte, roots []*x509.Certificate) (TokenResult, []byte, bool)

VerifyToken verifies signatures and certificate chains for JWS tokens

type ManifestResult added in v0.2.0

type ManifestResult struct {
	MetaInfo
	Summary        Result            `json:"result"`
	SignatureCheck []SignatureResult `json:"signatureValidation"`
	ValidityCheck  Result            `json:"validityCheck"`
	Details        any               `json:"details,omitempty"`
}

ManifestResult represents the results of the validation of a manifest provided in the Attestation Report.

type Measurement

type Measurement struct {
	Type        string           `json:"type" cbor:"0,keyasint"`
	Evidence    []byte           `json:"evidence" cbor:"1,keyasint"`
	Certs       [][]byte         `json:"certs" cbor:"3,keyasint"`
	Signature   []byte           `json:"signature,omitempty" cbor:"2,keyasint,omitempty"`
	Pcrs        []PcrMeasurement `json:"pcrs,omitempty" cbor:"4,keyasint,omitempty"`
	Sha256      HexByte          `json:"sha256,omitempty" cbor:"5,keyasint,omitempty"`
	Description string           `json:"description,omitempty" cbor:"6,keyasint,omitempty"`
}

TpmMeasurement represents the attestation report elements of type 'TPM Measurement', 'SNP Measurement', 'TDX Measurement', 'SGX Measurement', 'IAS Measurement' or 'SW Measurement'

type MeasurementResult added in v0.2.0

type MeasurementResult struct {
	Type      string          `json:"type"`
	Summary   Result          `json:"summary"`
	Freshness Result          `json:"freshness"`
	Signature SignatureResult `json:"signature"`
	Artifacts []DigestResult  `json:"artifacts"`
	TpmResult *TpmResult      `json:"tpmResult,omitempty"`
	SnpResult *SnpResult      `json:"snpResult,omitempty"`
	SgxResult *SgxResult      `json:"sgxResult,omitempty"`
	TdxResult *TdxResult      `json:"tdxResult,omitempty"`
	SwResult  *SwResult       `json:"swResult,omitempty"`
}

type MetaInfo added in v0.6.0

type MetaInfo struct {
	Type    string `json:"type" cbor:"0,keyasint"`
	Name    string `json:"name" cbor:"1,keyasint"`
	Version string `json:"version" cbor:"2,keyasint"`
}

MetaInfo is a helper struct for generic info present in every metadata object

type Metadata added in v0.6.0

type Metadata struct {
	RtmManifest        RtmManifest         `json:"rtmManifest" cbor:"2,keyasint"`
	OsManifest         OsManifest          `json:"osManifest" cbor:"3,keyasint"`
	AppManifests       []AppManifest       `json:"appManifests,omitempty" cbor:"4,keyasint,omitempty"`
	CompanyDescription *CompanyDescription `json:"companyDescription,omitempty" cbor:"5,keyasint,omitempty"`
	DeviceDescription  DeviceDescription   `json:"deviceDescription" cbor:"6,keyasint"`
}

Metadata is an internal structure for manifests and descriptions

type MetadataResult added in v0.6.0

type MetadataResult struct {
	CompDescResult *CompDescResult  `json:"companyValidation,omitempty"`
	RtmResult      ManifestResult   `json:"rtmValidation"`
	OsResult       ManifestResult   `json:"osValidation"`
	AppResults     []ManifestResult `json:"appValidation,omitempty"`
	DevDescResult  DevDescResult    `json:"deviceDescValidation"`
}

type Name

type Name struct {
	CommonName         string        `json:"commonName,omitempty" cbor:"0,keyasint,omitempty"`
	Country            string        `json:"country,omitempty" cbor:"1,keyasint,omitempty"`
	Organization       string        `json:"organization,omitempty" cbor:"2,keyasint,omitempty"`
	OrganizationalUnit string        `json:"organizationalUnit,omitempty" cbor:"3,keyasint,omitempty"`
	Locality           string        `json:"locality,omitempty" cbor:"4,keyasint,omitempty"`
	Province           string        `json:"province,omitempty" cbor:"5,keyasint,omitempty"`
	StreetAddress      string        `json:"streetAddress,omitempty" cbor:"6,keyasint,omitempty"`
	PostalCode         string        `json:"postalCode,omitempty" cbor:"7,keyasint,omitempty"`
	Names              []interface{} `json:"names,omitempty" cbor:"8,keyasint,omitempty"`
}

Name is the PKIX Name for CsrParams

type OsManifest

type OsManifest struct {
	MetaInfo
	DevCommonName      string           `json:"developerCommonName" cbor:"3,keyasint"`
	Rtms               []string         `json:"rtms" cbor:"4,keyasint"` // Links to Type RtmManifest.Name
	Description        string           `json:"description" cbor:"5,keyasint"`
	CertificationLevel int              `json:"certificationLevel" cbor:"6,keyasint"`
	Validity           Validity         `json:"validity" cbor:"7,keyasint"`
	ReferenceValues    []ReferenceValue `json:"referenceValues" cbor:"8,keyasint"`
	Details            any              `json:"details,omitempty" cbor:"9,keyasint,omitempty"`
}

OsManifest represents the attestation report element of type 'OsManifest'

type PCClientTaggedEvent added in v0.6.0

type PCClientTaggedEvent struct {
	TaggedEventID uint32 `json:"taggedeventid" cbor:"0,keyasint"`
	// TaggedEventDataSize uint32
	TaggedEventData HexByte `json:"taggedeventdata" cbor:"0,keyasint"`
}

type PcrEvent added in v0.6.0

type PcrEvent struct {
	Sha256    HexByte    `json:"sha256" cbor:"2,keyasint"`
	EventName string     `json:"eventname,omitempty" cbor:"4,keyasint,omitempty"`
	EventData *EventData `json:"eventdata,omitempty" cbor:"5,keyasint,omitempty"`
	CtrData   *CtrData   `json:"ctrData,omitempty" cbor:"6,keyasint,omitempty"`
}

type PcrMeasurement added in v0.6.0

type PcrMeasurement struct {
	Type    string     `json:"type" cbor:"0,keyasint"`
	Pcr     int        `json:"pcr" cbor:"1,keyasint"`
	Summary HexByte    `json:"summary,omitempty" cbor:"2,keyasint,omitempty"`
	Events  []PcrEvent `json:"events,omitempty" cbor:"3,keyasint,omitempty"`
}

PcrMeasurement represents the measurements of a single PCR. If the type is 'PCR Summary', Sha256 is the final PCR value. If the type is 'PCR Eventlog', Sha256 is a list of the extends that leads to the final PCR value. The list is retrieved by the prover e.g. from the TPM binary bios measurements list or the IMA runtime measurements list.

type PcrResult added in v0.2.0

type PcrResult struct {
	Pcr        int    `json:"pcr"`                  // Number for the PCR which was validated
	Calculated string `json:"calculated,omitempty"` // PCR Digest that was recalculated
	Measured   string `json:"measured,omitempty"`   // PCR Digest from the measurement
	Success    bool   `json:"success"`
}

PcrResult represents the results for the recalculation of a specific PCR.

type PkixExtension added in v0.6.0

type PkixExtension struct {
	Id       string `json:"id"`
	Critical bool   `json:"critical"`
	Value    []byte `json:"value"`
}

PkixExtension represents extensions of a x509 certificate.

type PolicyCheck added in v0.4.0

type PolicyCheck struct {
	Summary      Result       `json:"result"`
	Abi          VersionCheck `json:"abi"`
	Smt          BooleanMatch `json:"smt"`
	Migration    BooleanMatch `json:"migration"`
	Debug        BooleanMatch `json:"debug"`
	SingleSocket BooleanMatch `json:"singleSocket"`
}

type ReferenceValue added in v0.5.0

type ReferenceValue struct {
	Type        string      `json:"type" cbor:"0,keyasint"`
	Sha256      HexByte     `json:"sha256,omitempty" cbor:"1,keyasint,omitempty"`
	Sha384      HexByte     `json:"sha384,omitempty" cbor:"2,keyasint,omitempty"`
	Name        string      `json:"name,omitempty" cbor:"3,keyasint,omitempty"`
	Optional    bool        `json:"optional,omitempty" cbor:"4,keyasint,omitempty"`
	Pcr         *int        `json:"pcr,omitempty" cbor:"5,keyasint,omitempty"`
	Snp         *SnpDetails `json:"snp,omitempty" cbor:"6,keyasint,omitempty"`
	Tdx         *TDXDetails `json:"tdx,omitempty" cbor:"7,keyasint,omitempty"`
	Sgx         *SGXDetails `json:"sgx,omitempty" cbor:"8,keyasint,omitempty"`
	Description string      `json:"description,omitempty" cbor:"9,keyasint,omitempty"`
	EventData   *EventData  `json:"eventdata,omitempty" cbor:"10,keyasint,omitempty"`
}

ReferenceValue represents the attestation report element of types 'SNP Reference Value', 'TPM Reference Value', 'TDX Reference Value', 'SGX Reference Value' and 'SW Reference Value'

type Result added in v0.2.0

type Result struct {
	Success         bool      `json:"success"`
	Got             string    `json:"got,omitempty"`
	Expected        string    `json:"expected,omitempty"`
	ExpectedOneOf   []string  `json:"expectedOneOf,omitempty"`   // Required for compatibility
	ExpectedBetween []string  `json:"expectedBetween,omitempty"` // Required for validity
	ErrorCode       ErrorCode `json:"errorCode,omitempty"`
}

func (*Result) PrintErr added in v0.6.0

func (r *Result) PrintErr(format string, args ...interface{})

func (*Result) SetErr added in v0.6.0

func (r *Result) SetErr(e ErrorCode)

type RtMrHashChainElem added in v0.6.0

type RtMrHashChainElem struct {
	Type    string    `json:"type" cbor:"0,keyasint"`
	Name    string    `json:"name" cbor:"1,keyasint"`
	Hashes  []HexByte `json:"Hashes" cbor:"2,keyasint"`
	Summary bool      `json:"summary" cbor:"3,keyasint"` // Indicates if element represents final RMTR value or single artifact
}

RtMrHashChainElem represents the attestation report element of type 'HashChain' embedded in 'TDXDetails'

type RtmManifest

type RtmManifest struct {
	MetaInfo
	DevCommonName      string           `json:"developerCommonName" cbor:"3,keyasint"`
	Description        string           `json:"description" cbor:"4,keyasint"`
	CertificationLevel int              `json:"certificationLevel" cbor:"5,keyasint"`
	Validity           Validity         `json:"validity" cbor:"6,keyasint"`
	ReferenceValues    []ReferenceValue `json:"referenceValues" cbor:"7,keyasint"`
	Details            any              `json:"details,omitempty" cbor:"8,keyasint,omitempty"`
}

RtmManifest represents the attestation report element of type 'RTM Manifest'

type SGXAttributes added in v0.6.0

type SGXAttributes struct {
	Initted      bool `json:"initted" cbor:"0,keyasint"`
	Debug        bool `json:"debug" cbor:"1,keyasint"`
	Mode64Bit    bool `json:"mode64Bit" cbor:"2,keyasint"`
	ProvisionKey bool `json:"provisionKey" cbor:"3,keyasint"`
	EInitToken   bool `json:"eInitToken" cbor:"4,keyasint"`
	Kss          bool `json:"kss" cbor:"5,keyasint"`
	Legacy       bool `json:"legacy" cbor:"6,keyasint"`
	Avx          bool `json:"avx" cbor:"7,keyasint"`
}

SGX attributes according to https://download.01.org/intel-sgx/latest/linux-latest/docs/Intel_SGX_Developer_Reference_Linux_2.22_Open_Source.pdf (page 414)

type SGXDetails added in v0.6.0

type SGXDetails struct {
	Version       uint16          `json:"version" cbor:"0,keyasint"`
	Collateral    IntelCollateral `json:"collateral" cbor:"1,keyasint"`
	CaFingerprint string          `json:"caFingerprint" cbor:"2,keyasint"` // Intel Root CA Certificate Fingerprint
	IsvProdId     uint16          `json:"isvProdId" cbor:"3,keyasint"`
	MrSigner      string          `json:"mrSigner" cbor:"4,keyasint"`
	IsvSvn        uint16          `json:"isvSvn" cbor:"5,keyasint"`
	Attributes    SGXAttributes   `json:"attributes" cbor:"6,keyasint"`
}

type Serializer added in v0.5.0

type Serializer interface {
	GetPayload(raw []byte) ([]byte, error)
	Marshal(v any) ([]byte, error)
	Unmarshal(data []byte, v any) error
	Sign(report []byte, signer Driver) ([]byte, error)
	VerifyToken(data []byte, roots []*x509.Certificate) (TokenResult, []byte, bool)
}

Serializer is a generic interface providing methods for data serialization and de-serialization. This enables to generate and verify attestation reports in different formats, such as JSON/JWS or CBOR/COSE

type SgxAttributesCheck added in v0.6.0

type SgxAttributesCheck struct {
	Initted      BooleanMatch `json:"initted"`
	Debug        BooleanMatch `json:"debug"`
	Mode64Bit    BooleanMatch `json:"mode64Bit"`
	ProvisionKey BooleanMatch `json:"provisionKey"`
	EInitToken   BooleanMatch `json:"eInitToken"`
	Kss          BooleanMatch `json:"kss"`
	Legacy       BooleanMatch `json:"legacy"`
	Avx          BooleanMatch `json:"avx"`
}

type SgxResult added in v0.6.0

type SgxResult struct {
	VersionMatch       Result             `json:"reportVersionMatch"`
	TcbInfoCheck       TcbLevelResult     `json:"tcbInfoCheck"`
	QeIdentityCheck    TcbLevelResult     `json:"qeIdentityCheck"`
	SgxAttributesCheck SgxAttributesCheck `json:"sgxAttributesCheck"`
}

type SignatureDatabase added in v0.6.0

type SignatureDatabase struct {
	SignatureTypeGUID string `json:"efisignaturelistguid,omitempty" cbor:"0,keyasint,omitempty"`

	SignatureHeader HexByte `json:"signatureheader,omitempty" cbor:"1,keyasint,omitempty"`

	//only one of the following per SignatureDataBase
	Certificates []UEFICertificate `json:"ueficertificates,omitempty" cbor:"2,keyasint,omitempty"`
	Sha256Hash   []Hash            `json:"sha256hashes,omitempty" cbor:"3,keyasint,omitempty"`
}

type SignatureResult added in v0.2.0

type SignatureResult struct {
	SignCheck       Result                `json:"signatureVerification"` // Result from checking the signature has been calculated with this certificate
	CertChainCheck  Result                `json:"certChainValidation"`   // Result from validatint the certification chain back to a shared root of trust
	ExtensionsCheck []Result              `json:"extensionsCheck,omitempty"`
	ValidatedCerts  [][]X509CertExtracted `json:"validatedCerts"` //Stripped information from validated x509 cert chain(s) for additional checks from the policies module
}

SignatureResults represents the results for validation of a provided signature and the used certificates.

func (*SignatureResult) PrintErr added in v0.6.0

func (r *SignatureResult) PrintErr(format string, args ...interface{})

type SnpDetails added in v0.4.0

type SnpDetails struct {
	Version       uint32    `json:"version" cbor:"0,keyasint"`
	CaFingerprint string    `json:"caFingerprint" cbor:"1,keyasint"`
	Policy        SnpPolicy `json:"policy" cbor:"2,keyasint"`
	Fw            SnpFw     `json:"fw" cbor:"3,keyasint"`
	Tcb           SnpTcb    `json:"tcb" cbor:"4,keyasint"`
}

type SnpFw added in v0.4.0

type SnpFw struct {
	Build uint8 `json:"build" cbor:"0,keyasint"`
	Major uint8 `json:"major" cbor:"1,keyasint"`
	Minor uint8 `json:"minor" cbor:"2,keyasint"`
}

type SnpPolicy added in v0.4.0

type SnpPolicy struct {
	Type         string `json:"type" cbor:"0,keyasint"`
	SingleSocket bool   `json:"singleSocket" cbor:"1,keyasint"`
	Debug        bool   `json:"debug" cbor:"2,keyasint"`
	Migration    bool   `json:"migration" cbor:"3,keyasint"`
	Smt          bool   `json:"smt" cbor:"4,keyasint"`
	AbiMajor     uint8  `json:"abiMajor" cbor:"5,keyasint"`
	AbiMinor     uint8  `json:"abiMinor" cbor:"6,keyasint"`
}

type SnpResult added in v0.6.0

type SnpResult struct {
	VersionMatch Result       `json:"reportVersionMatch"`
	FwCheck      VersionCheck `json:"fwCheck"`
	TcbCheck     TcbCheck     `json:"tcbCheck"`
	PolicyCheck  PolicyCheck  `json:"policyCheck"`
}

type SnpTcb added in v0.4.0

type SnpTcb struct {
	Bl    uint8 `json:"bl" cbor:"0,keyasint"`
	Tee   uint8 `json:"tee" cbor:"1,keyasint"`
	Snp   uint8 `json:"snp" cbor:"2,keyasint"`
	Ucode uint8 `json:"ucode" cbor:"3,keyasint"`
}

type SwResult added in v0.6.0

type SwResult struct {
	MeasName string `json:"measurementName"`    // Name associated with the measurement used for validation
	VerName  string `json:"referenceValueName"` // Name of the reference value information used for validation
}

type TDAttributes added in v0.6.0

type TDAttributes struct {
	Debug         bool `json:"debug" cbor:"0,keyasint"`
	SeptVEDisable bool `json:"septVEDisable" cbor:"1,keyasint"`
	Pks           bool `json:"pks" cbor:"2,keyasint"`
	Kl            bool `json:"kl" cbor:"3,keyasint"`
}

Structure of the security relevant attributes for a TD (Bits 0 - 31 of attributes array in quote) according to https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf (page 40)

type TDId added in v0.6.0

type TDId struct {
	MrOwner       [48]byte `json:"mrOwner" cbor:"0,keyasint"`
	MrOwnerConfig [48]byte `json:"mrOwnerConfig" cbor:"1,keyasint"`
	MrConfigId    [48]byte `json:"mrConfigId" cbor:"2,keyasint"`
}

type TDMeasurements added in v0.6.0

type TDMeasurements struct {
	RtMr0  RtMrHashChainElem `json:"rtMr0" cbor:"0,keyasint"`  // Firmware measurement
	RtMr1  RtMrHashChainElem `json:"rtMr1" cbor:"1,keyasint"`  // BIOS measurement
	RtMr2  RtMrHashChainElem `json:"rtMr2" cbor:"2,keyasint"`  // OS measurement
	RtMr3  RtMrHashChainElem `json:"rtMr3" cbor:"3,keyasint"`  // Runtime measurement
	MrSeam HexByte           `json:"mrSeam" cbor:"4,keyasint"` // TDX Module measurement
}

type TDXDetails added in v0.6.0

type TDXDetails struct {
	Version       uint16          `json:"version" cbor:"0,keyasint"`
	Collateral    IntelCollateral `json:"collateral" cbor:"1,keyasint"`
	CaFingerprint string          `json:"caFingerprint" cbor:"2,keyasint"` // Intel Root CA Certificate Fingerprint
	TdId          TDId            `json:"tdId" cbor:"3,keyasint"`
	TdMeas        TDMeasurements  `json:"tdMeasurements" cbor:"4,keyasint"`
	Xfam          [8]byte         `json:"xfam" cbor:"5,keyasint"`
	TdAttributes  TDAttributes    `json:"tdAttributes" cbor:"6,keyasint"`
}

type TcbCheck added in v0.4.0

type TcbCheck struct {
	Summary Result       `json:"result"`
	Bl      VersionCheck `json:"bl"`
	Tee     VersionCheck `json:"tee"`
	Snp     VersionCheck `json:"snp"`
	Ucode   VersionCheck `json:"ucode"`
}

type TcbLevelResult added in v0.6.0

type TcbLevelResult struct {
	Summary        Result    `json:"success"`
	MrSigner       Result    `json:"mrsigner"`
	IsvProdId      Result    `json:"isvProdId"`
	MiscSelect     Result    `json:"miscSelect"`
	Attributes     Result    `json:"attributes"`
	TcbLevelStatus string    `json:"status"`
	TcbLevelDate   time.Time `json:"date"`
}

type TdAttributesCheck added in v0.6.0

type TdAttributesCheck struct {
	Debug         BooleanMatch `json:"debug"`
	SeptVEDisable BooleanMatch `json:"septVEDisable"`
	Pks           BooleanMatch `json:"pks"`
	Kl            BooleanMatch `json:"kl"`
}

type TdxResult added in v0.6.0

type TdxResult struct {
	VersionMatch        Result            `json:"reportVersionMatch"`
	TcbInfoCheck        TcbLevelResult    `json:"tcbInfoCheck"`
	QeIdentityCheck     TcbLevelResult    `json:"qeIdentityCheck"`
	TdAttributesCheck   TdAttributesCheck `json:"tdAttributesCheck"`
	SeamAttributesCheck AttributesCheck   `json:"seamAttributesCheck"`
	XfamCheck           AttributesCheck   `json:"xfamCheck"`
}

type TokenResult added in v0.5.0

type TokenResult struct {
	Summary        Result            `json:"result"`
	SignatureCheck []SignatureResult `json:"signatureValidation"`
}

TokenResult is a helper struct for the validation of JWS or COSE tokens focussing on the validation of the provided signatures.

type TpmResult added in v0.6.0

type TpmResult struct {
	PcrMatch         []PcrResult `json:"pcrMatch"`
	AggPcrQuoteMatch Result      `json:"aggPcrQuoteMatch"`
}

type UEFICertificate added in v0.6.0

type UEFICertificate struct {
	SignatureOwnerGUID string            `json:"signatureownerguid" cbor:"0,keyasint"`
	Certificates       X509CertExtracted `json:"certificates" cbor:"1,keyasint"`
}

type UefiConfigurationTable added in v0.6.0

type UefiConfigurationTable struct {
	EFIGuid     string  `json:"guid" cbor:"0,keyasint"`
	VendorTable address `json:"tableaddress" cbor:"1,keyasint"`
}

type UefiHandoffTablePointer added in v0.6.0

type UefiHandoffTablePointer struct {
	// NumberOfTables uint64
	TableEntry []UefiConfigurationTable `json:"ueficonfigurationtable" cbor:"0,keyasint"`
}

type UefiPlatformFirmwareBlob added in v0.6.0

type UefiPlatformFirmwareBlob struct {
	BlobBase   HexByte `json:"blobbase" cbor:"0,keyasint"` //(assumes 64 bit architecture)
	BlobLength HexByte `json:"bloblength" cbor:"1,keyasint"`
}

type UefiVariableData added in v0.6.0

type UefiVariableData struct {
	VariableNameGUID string `json:"variablenameguid,omitempty" cbor:"0,keyasint,omitempty"`
	UnicodeName      string `json:"unicodename,omitempty" cbor:"1,keyasint,omitempty"`

	//can be one of the following
	Signaturedb       []SignatureDatabase `json:"signaturedb,omitempty" cbor:"2,keyasint,omitempty"`
	BootOrder         []uint16            `json:"bootorder,omitempty" cbor:"3,keyasint,omitempty"`
	BootNext          uint16              `json:"bootnext,omitempty" cbor:"4,keyasint,omitempty"`
	BootCurrent       uint16              `json:"bootcurrent,omitempty" cbor:"5,keyasint,omitempty"`
	BootOptionSupport uint32              `json:"bootoptionsupport,omitempty" cbor:"6,keyasint,omitempty"`
	EFILoadOption     *EFILoadOption      `json:"efiloadoption,omitempty" cbor:"7,keyasint,omitempty"`

	DriverOrder []uint16 `json:"driverorder,omitempty" cbor:"8,keyasint,omitempty"`

	//genericData
	StringContent string  `json:"stringcontent,omitempty" cbor:"9,keyasint,omitempty"`
	VariableData  HexByte `json:"variabledata,omitempty" cbor:"10,keyasint,omitempty"`
	// DevicePath	*FilePathList		`json:"devicepath,omitempty" cbor:"10,keyasint,omitempty"`
	GUIDArray []string `json:"guidarray,omitempty" cbor:"11,keyasint,omitempty"`
}

type Validity

type Validity struct {
	NotBefore string `json:"notBefore" cbor:"0,keyasint"`
	NotAfter  string `json:"notAfter" cbor:"1,keyasint"`
}

Validity is a helper struct for 'Validity'

type VerificationResult

type VerificationResult struct {
	Type            string              `json:"type"`
	Success         bool                `json:"raSuccessful"`
	ErrorCode       ErrorCode           `json:"errorCode,omitempty"` // Set in case of global errors
	Prover          string              `json:"prover,omitempty"`    // Name of the proving device the report was created for
	Created         string              `json:"created,omitempty"`   // Timestamp the attestation verification was completed
	SwCertLevel     int                 `json:"swCertLevel"`         // Overall certification level for the software stack
	FreshnessCheck  Result              `json:"freshnessCheck"`      // Result for comparison of the expected nonce to the one provided in the attestation report
	Measurements    []MeasurementResult `json:"measurements"`
	ReportSignature []SignatureResult   `json:"reportSignatureCheck"` // Result for validation of the overall report signature
	MetadataResult
	PolicySuccess bool `json:"policySuccess,omitempty"` // Result of custom policy validation (if utilized)
}

VerificationResult represents the results of all steps taken during the validation of an attestation report.

func (*VerificationResult) PrintErr added in v0.6.0

func (r *VerificationResult) PrintErr()

type VersionCheck added in v0.4.0

type VersionCheck struct {
	Success  bool  `json:"success"`
	Claimed  []int `json:"claimed"`
	Measured []int `json:"measured"`
}

type X509CertExtracted added in v0.6.0

type X509CertExtracted struct {
	Version            int      `json:"version"`
	SerialNumber       *big.Int `json:"serialNumber"`
	Issuer             X509Name `json:"issuer"`
	Subject            X509Name `json:"subject"`
	Validity           Validity `json:"validity"`
	KeyUsage           []string `json:"keyUsage"`
	SignatureAlgorithm string   `json:"signatureAlgorithm"`
	PublicKeyAlgorithm string   `json:"publicKeyAlgorithm"`
	PublicKey          string   `json:"publicKey"`

	// Extensions contains raw X.509 extensions extracted during parsing.
	Extensions []PkixExtension `json:"pkixExtensions"`

	ExtKeyUsage        []string `json:"extKeyUsage,omitempty"`        // Sequence of extended key usages.
	UnknownExtKeyUsage []string `json:"unknownExtKeyUsage,omitempty"` // Encountered extended key usages unknown to this package.

	BasicConstraintsValid bool `json:"basicConstraintsValid"` // BasicConstraintsValid indicates whether IsCA, MaxPathLen, and MaxPathLenZero are valid.
	IsCA                  bool `json:"isCA,omitempty"`

	// MaxPathLen and MaxPathLenZero indicate the presence and
	// value of the BasicConstraints' "pathLenConstraint".
	//
	// A positive non-zero MaxPathLen means that the field was specified,
	// -1 means it was unset, and MaxPathLenZero being true means that the field was
	// explicitly set to zero. The case of MaxPathLen==0 with MaxPathLenZero==false
	// should be treated equivalent to -1 (unset).
	MaxPathLen int `json:"maxPathLen,omitempty"`
	// MaxPathLenZero indicates that BasicConstraintsValid==true
	// and MaxPathLen==0 should be interpreted as an actual
	// maximum path length of zero. Otherwise, that combination is
	// interpreted as MaxPathLen not being set.
	MaxPathLenZero bool `json:"maxPathLenZero,omitempty"`

	SubjectKeyId   []byte `json:"subjectKeyId"`
	AuthorityKeyId []byte `json:"authorityKeyId"`

	// Subject Alternate Name values.
	DNSNames       []string `json:"dnsNames,omitempty"`
	EmailAddresses []string `json:"emailAddresses,omitempty"`
	IPAddresses    []string `json:"ipAddresses,omitempty"`
	URIs           []string `json:"uris,omitempty"`
}

X509CertExtracted represents a x509 certificate with attributes in a human-readable way and prepared for (un)marshaling JSON objects. It is based on the type Certificate from the crypto/x509 package.

func ExtractX509Infos added in v0.6.0

func ExtractX509Infos(cert *x509.Certificate) X509CertExtracted

ExtractX509Infos extracts relevant attributes from cert and transform some attribute into a more human-readable form by translating enums to a string representations.

type X509Name added in v0.6.0

type X509Name struct {
	Country            []string `json:"country,omitempty"`
	Organization       []string `json:"organization,omitempty"`
	OrganizationalUnit []string `json:"organizationalUnit,omitempty"`
	Locality           []string `json:"locality,omitempty"`
	Province           []string `json:"province,omitempty"`
	StreetAddress      []string `json:"streetAddress,omitempty"`
	PostalCode         []string `json:"postalCode,omitempty"`
	SerialNumber       string   `json:"serialNumber,omitempty"`
	CommonName         string   `json:"commonName,omitempty"`
}

X509Name represents an X.509 distinguished name. This only includes the common elements of a DN. Note that the structure is not a complete representation of the X.509 structure.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL