
v0.8.2 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Feb 25, 2025 License: Apache-2.0 Imports: 33 Imported by: 0




View Source
const (
	SGX_QUOTE_TYPE      uint32 = 0x0
	TDX_QUOTE_TYPE      uint32 = 0x81
	ECDSA_P_256                = 2

	QUOTE_HEADER_SIZE          = 48
	SGX_QUOTE_BODY_SIZE        = 384
	SGX_QUOTE_MIN_SIZE         = 1020 // value from Intel SGX QVL
	TDX_QUOTE_BODY_SIZE        = 584

	// Url params: ca = processor/platform, encoding = pem/der
	CA_PLATFORM          = "platform"
	CA_PROCESSOR         = "processor"
	CACHE_DIR            = "cache" // stores the CRLs

	QE    EnclaveID = "QE"
	QVE   EnclaveID = "QVE"
	TD_QE EnclaveID = "TD_QE"

	UpToDate                     TcbStatus = "UpToDate"
	ConfigurationNeeded          TcbStatus = "ConfigurationNeeded"
	OutOfDate                    TcbStatus = "OutOfDate"
	OutOfDateConfigurationNeeded TcbStatus = "OutOfDateConfigurationNeeded"
	Revoked                      TcbStatus = "REVOKED"
	NotSupported                 TcbStatus = "NotSupported"
View Source
const (
	UNKNOWN = iota


This section is empty.


func CalculateSpecHash

func CalculateSpecHash(spec *specs.Spec) ([]byte, error)

func ConvertSpec

func ConvertSpec(s ar.Serializer, spec *specs.Spec) (map[string]interface{}, error)

func CrlCheck

func CrlCheck(crl *x509.RevocationList, cert *x509.Certificate, parentCert *x509.Certificate) (bool, error)

Check if CRL parameters are valid and check if the certificate has been revoked

func DecodeSnpReport

func DecodeSnpReport(report []byte) (snpreport, error)

func ValidateConfig

func ValidateConfig(reference, measurement, rules map[string]interface{}) error

func ValidateTemplateHash

func ValidateTemplateHash(s ar.Serializer, ref *ar.ReferenceValue, measured *ar.CtrData) ([]byte, bool, error)

func Verify

func Verify(
	arRaw, nonce, casPem, policies []byte,
	peer string,
	polEng PolicyEngineSelect,
	metadatamap map[string][]byte,
	intelCache string,
) *ar.VerificationResult

Verify verifies an attestation report in full serialized JWS format against the supplied nonce and CA certificate. Verifies the certificate chains of all attestation report elements as well as the measurements against the reference values and the compatibility of software artefacts.

func VerifyIntelCertChainFull

func VerifyIntelCertChainFull(quoteCerts SgxCertificates, ca string, intelCache string) ([][]*x509.Certificate, ar.ErrorCode)

Verifies a given SGX certificate chain, fetches CRLs and checks if the certs are outdated

func VerifyIntelQuoteSignature

func VerifyIntelQuoteSignature(reportRaw []byte, quoteSignature any,
	quoteSignatureSize uint32, quoteSignatureType int, certs SgxCertificates,
	fingerprint string, intelCache string, quoteType uint32) (ar.SignatureResult, bool)

Verifies the quote signature Params: QuoteType = 0x00 (SGX) or 0x81 (TDX)

func VerifyQEIdentity

func VerifyQEIdentity(qeReportBody *EnclaveReportBody, qeIdentity *QEIdentity, qeIdentityBodyRaw string, tcbKeyCert *x509.Certificate, teeType uint32) (ar.TcbLevelResult, error)

verify QE Identity and compare the values to the QE (SGX/TDX)

func VerifySgxQuoteBody

func VerifySgxQuoteBody(body *EnclaveReportBody, tcbInfo *TcbInfo,
	sgxExtensions *SGXExtensionsValue, sgxReferenceValue *ar.ReferenceValue, result *ar.MeasurementResult) error

func VerifyTCBSigningCertChain

func VerifyTCBSigningCertChain(quoteCerts SgxCertificates, intelCache string) ([][]*x509.Certificate, ar.ErrorCode)

Verifies the TCB signing cert chain


type AkType

type AkType int

func GetAkType

func GetAkType(keySelection uint32) (AkType, error)

type Configuration

type Configuration struct {
	Id    asn1.ObjectIdentifier
	Value []struct {
		ConfigurationId    asn1.ObjectIdentifier
		ConfigurationValue bool

ConfigurationId determines the type of the ConfigurationValue: [0]: dynamicPlatform, [1]: cachedKeys, [2]: sMTenabled

type DukTapePolicyEngine

type DukTapePolicyEngine struct{}

func (DukTapePolicyEngine) Validate

func (p DukTapePolicyEngine) Validate(policies []byte, result *ar.VerificationResult) bool

type ECDSA256QuoteSignatureDataStructure

type ECDSA256QuoteSignatureDataStructure struct {
	ISVEnclaveReportSignature [64]byte
	ECDSAAttestationKey       [64]byte
	QEReport                  EnclaveReportBody
	QEReportSignature         [64]byte

	QEAuthDataSize uint16
	QEAuthData     []byte

	QECertDataType uint16
	QECertDataSize uint32
	QECertData     []byte

type ECDSA256QuoteSignatureDataStructureV4

type ECDSA256QuoteSignatureDataStructureV4 struct {
	QuoteSignature      [64]byte
	ECDSAAttestationKey [64]byte
	QECertDataType      uint16
	QECertDataSize      uint32
	QECertData          QEReportCertDataV4 // Version 4

Quote Signature for TDX, contains QE Certification Data version 4

type EnclaveID

type EnclaveID string

type EnclaveReportBody

type EnclaveReportBody struct {
	CPUSVN     [16]byte
	Reserved1  [28]byte
	Attributes [16]byte
	MRENCLAVE  [32]byte
	Reserved2  [32]byte
	MRSIGNER   [32]byte
	Reserved3  [96]byte
	ISVProdID  uint16
	ISVSVN     uint16
	Reserved4  [60]byte
	ReportData [64]byte

384 bytes

type FMSPC

type FMSPC struct {
	Id    asn1.ObjectIdentifier
	Value []byte

type Iat

type Iat struct {
	ProfileDefinition string        `cbor:"-75000,keyasint"`
	ClientId          int           `cbor:"-75001,keyasint"`
	LifeCycle         uint16        `cbor:"-75002,keyasint"`
	ImplementationId  [32]byte      `cbor:"-75003,keyasint"`
	BootSeed          [32]byte      `cbor:"-75004,keyasint"`
	HwVersion         string        `cbor:"-75005,keyasint"`
	SwComponents      []SwComponent `cbor:"-75006,keyasint"`
	NoSwMeasurements  int           `cbor:"-75007,keyasint"`
	AuthChallenge     []byte        `cbor:"-75008,keyasint"`
	InstanceId        [33]byte      `cbor:"-75009,keyasint"`
	Vsi               string        `cbor:"-75010,keyasint,omitempty"`

type JsPolicyEngine

type JsPolicyEngine struct{}

func (JsPolicyEngine) Validate

func (p JsPolicyEngine) Validate(policies []byte, result *ar.VerificationResult) bool

type PCEID

type PCEID struct {
	Id    asn1.ObjectIdentifier
	Value []byte

type PPID

type PPID struct {
	Id    asn1.ObjectIdentifier
	Value []byte

type PlatformInstanceId

type PlatformInstanceId struct {
	Id    asn1.ObjectIdentifier
	Value []byte

type PolicyEngineSelect

type PolicyEngineSelect uint32
const (
	PolicyEngineSelect_None    PolicyEngineSelect = 0
	PolicyEngineSelect_JS      PolicyEngineSelect = 1
	PolicyEngineSelect_DukTape PolicyEngineSelect = 2

type PolicyValidator

type PolicyValidator interface {
	Validate(policies []byte, result *ar.VerificationResult) bool

type QEIdentity

type QEIdentity struct {
	EnclaveIdentity QEIdentityBody `json:"enclaveIdentity"`
	Signature       ar.HexByte     `json:"signature"`

type QEIdentityBody

type QEIdentityBody struct {
	Id                      EnclaveID           `json:"id"`
	Version                 uint32              `json:"version"`
	IssueDate               time.Time           `json:"issueDate"`
	NextUpdate              time.Time           `json:"nextUpdate"`
	TcbEvaluationDataNumber uint32              `json:"tcbEvaluationDataNumber"`
	Miscselect              ar.HexByte          `json:"miscselect"`
	MiscselectMask          ar.HexByte          `json:"miscselectMask"`
	Attributes              ar.HexByte          `json:"attributes"`
	AttributesMask          ar.HexByte          `json:"attributesMask"`
	Mrsigner                ar.HexByte          `json:"mrsigner"`
	IsvProdId               uint32              `json:"isvprodid"`
	TcbLevels               []TcbLevelEnclaveId `json:"tcbLevels"`

type QEReportCertDataV4

type QEReportCertDataV4 struct {
	QEReport          EnclaveReportBody
	QEReportSignature [64]byte
	QEAuthDataSize    uint16
	QEAuthData        []byte
	QECertDataType    uint16 // Type 5 (PCK Cert Chain)
	QECertDataSize    uint32
	QECertData        SgxCertificates

This is the datastructure of QECertDataType 6

type QuoteHeader

type QuoteHeader struct {
	Version            uint16
	AttestationKeyType uint16 // 2: ECDSA-256-with-P-256 curve
	TeeType            uint32
	QESVN              uint16
	PCESVN             uint16
	QEVendorID         [16]byte
	UserData           [20]byte

48 bytes

type SGXExtensionsValue

type SGXExtensionsValue struct {
	// required:
	Ppid    PPID
	Tcb     TCB
	PceId   PCEID
	Fmspc   FMSPC

	// optional:
	PlatformInstanceId PlatformInstanceId
	Configuration      Configuration

func ParseSGXExtensions

func ParseSGXExtensions(extensions []byte) (SGXExtensionsValue, error)

type SGXExtensionsWrapper

type SGXExtensionsWrapper struct {
	Value SGXExtensionsValue

------------------------- start SGX Extensions ------------------------- asn1 encoded data structure from pck certificate


type SGXTYPE struct {
	Id    asn1.ObjectIdentifier
	Value asn1.Enumerated

type SgxCertificates

type SgxCertificates struct {
	RootCACert       *x509.Certificate
	IntermediateCert *x509.Certificate // Processor or Platform
	PCKCert          *x509.Certificate
	TCBSigningCert   *x509.Certificate

type SgxReport

type SgxReport struct {
	QuoteHeader           QuoteHeader
	ISVEnclaveReport      EnclaveReportBody
	QuoteSignatureDataLen uint32
	QuoteSignatureData    ECDSA256QuoteSignatureDataStructure // variable size

Overall structure: table 2 from Endianess: Little Endian (all Integer fields)

func DecodeSgxReport

func DecodeSgxReport(report []byte) (SgxReport, error)

Parses the report into the SgxReport structure

type SwComponent

type SwComponent struct {
	MeasurementType        string `cbor:"1,keyasint"`
	MeasurementValue       []byte `cbor:"2,keyasint"`
	Version                string `cbor:"4,keyasint"`
	SignerId               []byte `cbor:"5,keyasint"`
	MeasurementDescription string `cbor:"6,keyasint"`

type TCB

type TCB struct {
	Id    asn1.ObjectIdentifier
	Value struct {
		Comp_01 TCBComp
		Comp_02 TCBComp
		Comp_03 TCBComp
		Comp_04 TCBComp
		Comp_05 TCBComp
		Comp_06 TCBComp
		Comp_07 TCBComp
		Comp_08 TCBComp
		Comp_09 TCBComp
		Comp_10 TCBComp
		Comp_11 TCBComp
		Comp_12 TCBComp
		Comp_13 TCBComp
		Comp_14 TCBComp
		Comp_15 TCBComp
		Comp_16 TCBComp
		PceSvn  TCBComp
		CpuSvn  struct {
			Svn   asn1.ObjectIdentifier
			Value []byte

type TCBComp

type TCBComp struct {
	Svn   asn1.ObjectIdentifier
	Value int

type TcbComponent

type TcbComponent struct {
	Svn      byte   `json:"svn"`
	Category string `json:"category"`
	Type     string `json:"type"`

type TcbInfo

type TcbInfo struct {
	TcbInfo   TcbInfoBody `json:"tcbInfo"`
	Signature ar.HexByte  `json:"signature"`

type TcbInfoBody

type TcbInfoBody struct {
	Id                      string     `json:"id"`
	Version                 uint32     `json:"version"`
	IssueDate               time.Time  `json:"issueDate"`
	NextUpdate              time.Time  `json:"nextUpdate"`
	Fmspc                   ar.HexByte `json:"fmspc"`
	PceId                   ar.HexByte `json:"pceId"`
	TcbType                 uint32     `json:"tcbType"`
	TcbEvaluationDataNumber uint32     `json:"tcbEvaluationDataNumber"`
	TcbLevels               []TcbLevel `json:"tcbLevels"`

	TdxModule TdxModule `json:"tdxModule"` // Only required for TDX (SEAM Module)

type TcbLevel

type TcbLevel struct {
	Tcb struct {
		SgxTcbComponents []TcbComponent `json:"sgxTcbComponents"`
		TdxTcbComponents []TcbComponent `json:"tdxTcbComponents"`
		PceSvn           uint32         `json:"pceSvn"`
	} `json:"tcb"`

	TcbStatus   string    `json:"tcbStatus"`
	TcbDate     time.Time `json:"tcbDate"`
	AdvisoryIDs []string  `json:"advisoryIDs"`

type TcbLevelEnclaveId

type TcbLevelEnclaveId struct {
	Tcb struct {
		Isvsvn uint32 `json:"isvsvn"`
	} `json:"tcb"`
	TcbDate     time.Time `json:"tcbDate"`
	TcbStatus   TcbStatus `json:"tcbStatus"`
	AdvisoryIDs []string  `json:"advisoryIDs"`

type TcbStatus

type TcbStatus string

type TdxModule

type TdxModule struct {
	Mrsigner       ar.HexByte `json:"mrsigner"`
	Attributes     ar.HexByte `json:"attributes"`
	AttributesMask ar.HexByte `json:"attributesMask"`

type TdxReportBody

type TdxReportBody struct {
	TeeTcbSvn      [16]byte
	MrSeam         [48]byte
	MrSignerSeam   [48]byte
	SeamAttributes [8]byte
	TdAttributes   [8]byte
	XFAM           [8]byte
	MrTd           [48]byte
	MrConfigId     [48]byte
	MrOwner        [48]byte
	MrOwnerConfig  [48]byte
	RtMr0          [48]byte
	RtMr1          [48]byte
	RtMr2          [48]byte
	RtMr3          [48]byte
	ReportData     [64]byte

TDX 1.0: 584 bytes

type TdxReportV4

type TdxReportV4 struct {
	QuoteHeader           QuoteHeader
	QuoteBody             TdxReportBody
	QuoteSignatureDataLen uint32
	QuoteSignatureData    ECDSA256QuoteSignatureDataStructureV4 // variable size

TDX Report V4

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL