Documentation
¶
Index ¶
- Variables
- func VerifyAttestation(data string, cf *conf.Bootstrap) (bool, error)
- func VerifySignature(pubKeyBytes, signatureBytes, message []byte, untagged bool) error
- type Base
- type CertData
- type EnclaveId
- type EnclaveIdStatus
- type Ext
- type PCK
- type Quote
- type QuoteV3Auth
- type Report
- type TCB
- type Tcb
- type TcbInfo
- type TcbLevel
- type TcbLevelInfo
- type TrusTEEInfo
- type VerifyingKey
Constants ¶
This section is empty.
Variables ¶
View Source
var ( OIDTCBCompSVN = []asn1.ObjectIdentifier{ {1, 2, 840, 113741, 1, 13, 1, 2, 1}, {1, 2, 840, 113741, 1, 13, 1, 2, 2}, {1, 2, 840, 113741, 1, 13, 1, 2, 3}, {1, 2, 840, 113741, 1, 13, 1, 2, 4}, {1, 2, 840, 113741, 1, 13, 1, 2, 5}, {1, 2, 840, 113741, 1, 13, 1, 2, 6}, {1, 2, 840, 113741, 1, 13, 1, 2, 7}, {1, 2, 840, 113741, 1, 13, 1, 2, 8}, {1, 2, 840, 113741, 1, 13, 1, 2, 9}, {1, 2, 840, 113741, 1, 13, 1, 2, 10}, {1, 2, 840, 113741, 1, 13, 1, 2, 11}, {1, 2, 840, 113741, 1, 13, 1, 2, 12}, {1, 2, 840, 113741, 1, 13, 1, 2, 13}, {1, 2, 840, 113741, 1, 13, 1, 2, 14}, {1, 2, 840, 113741, 1, 13, 1, 2, 15}, {1, 2, 840, 113741, 1, 13, 1, 2, 16}, } OIDTCBPCESVN = asn1.ObjectIdentifier{1, 2, 840, 113741, 1, 13, 1, 2, 17} OIDPCEID = asn1.ObjectIdentifier{1, 2, 840, 113741, 1, 13, 1, 3} OIDFMSPC = asn1.ObjectIdentifier{1, 2, 840, 113741, 1, 13, 1, 4} OIDSGXExtension = asn1.ObjectIdentifier{1, 2, 840, 113741, 1, 13, 1} OIDTCB = asn1.ObjectIdentifier{1, 2, 840, 113741, 1, 13, 1, 2} )
Functions ¶
func VerifySignature ¶
VerifySignature verifies a signature using the ECDSA public key, SHA256 hashing, and ASN.1 DER-encoded signature.
Types ¶
type Base ¶
type Base struct {
Version [2]byte `json:"version"`
KeyType [2]byte `json:"key_type"`
Reserved [4]byte `json:"reserved"`
QeSvn [2]byte `json:"qe_svn"`
PceSvn [2]byte `json:"pce_svn"`
QeVendorId [16]byte `json:"qe_vendor_id"`
UserData [20]byte `json:"user_data"`
}
Header mirrors the Rust Header struct
type EnclaveId ¶
type EnclaveId struct {
Miscselect uint32
MiscselectMask uint32
Isvprodid uint16
Attributes [16]byte
AttributesMask [16]byte
Mrsigner [32]byte
TcbLevels []TcbLevel
}
func (*EnclaveId) GetEnclaveID ¶
type EnclaveIdStatus ¶
type EnclaveIdStatus string
const ( OK EnclaveIdStatus = "OK" SGX_ENCLAVE_REPORT_ISVSVN_REVOKED EnclaveIdStatus = "SGX_ENCLAVE_REPORT_ISVSVN_REVOKED" )
type PCK ¶
type PCK struct {
Inner *x509.Certificate
Fmspc [6]byte
PceID [2]byte
TCB TCB
}
func ParseCertificates ¶
func ParseCertificates(certData []byte) (rootCert, caCert *x509.Certificate, pck *PCK, err error)
ParseCertificates parses a PEM-encoded certificate chain and returns the root CA certificate, the intermediate CA certificate, and the PCK certificate.
type Quote ¶
func (*Quote) VerifyQuote ¶
func (q *Quote) VerifyQuote(quoteByte []byte, load *TrusTEEInfo, q3Atuth *QuoteV3Auth, cf *conf.Bootstrap) error
VerifyQuote validates both the header and the enclave report of a quote
type QuoteV3Auth ¶
type QuoteV3Auth struct {
Signature [64]byte `json:"signature"`
AttestationKey [64]byte `json:"attestation_key"`
RawQEReport [384]byte `json:"raw_qe_report"`
QEReportSignature [64]byte `json:"qe_report_signature"`
QEAuthData []byte `json:"qe_auth_data"`
QECert CertData `json:"qe_cert"`
}
func GetQuoteV3Auth ¶
func GetQuoteV3Auth(quote []byte) (QuoteV3Auth, error)
func (*QuoteV3Auth) FromBytes ¶
func (e *QuoteV3Auth) FromBytes(data []byte) error
FromBytes deserializes bytes into ECDSAQuoteV3AuthData
func (*QuoteV3Auth) GetQEReport ¶
func (q *QuoteV3Auth) GetQEReport() (Report, error)
func (*QuoteV3Auth) ToBytes ¶
func (e *QuoteV3Auth) ToBytes() ([]byte, error)
ToBytes serializes ECDSAQuoteV3AuthData into bytes
type Report ¶
type Report struct {
Cpusvn [16]byte `json:"cpusvn"`
Miscselect [4]byte `json:"miscselect"`
Reserved1 [28]byte `json:"reserved1"`
Attributes [16]byte `json:"attributes"`
MrEnclave [32]byte `json:"mrenclave"`
Reserved2 [32]byte `json:"reserved2"`
MrSigner [32]byte `json:"mrsigner"`
Reserved3 [96]byte `json:"reserved3"`
IsvProdid [2]byte `json:"isv_prodid"`
IsvSvn [2]byte `json:"isv_svn"`
Reserved4 [60]byte `json:"reserved4"`
ReportData [64]byte `json:"reportdata"`
}
EnclaveReport mirrors the Rust EnclaveReport struct
func (*Report) Verify ¶
func (e *Report) Verify(info *TrusTEEInfo) error
FromBytes populates an EnclaveReport from a byte slice
type TcbInfo ¶
type TcbInfo struct {
Version uint8
IssueDate time.Time
NextUpdate time.Time
Fmspc []byte
PceID []byte
TcbType uint8
TcbEvaluationDataNumber uint8
TcbLevels []TcbLevelInfo
}
func (*TcbInfo) GetTcbInfo ¶
GetTcbInfo initializes or returns the singleton instance of TcbInfo GetTcbInfo uses sync.Once to ensure the TcbInfo is loaded only once
type TcbLevel ¶
type TcbLevel struct {
Isvsvn uint16
TcbStatus EnclaveIdStatus
}
type TrusTEEInfo ¶
func TrustedLoad ¶
func TrustedLoad(path string) (TrusTEEInfo, error)
type VerifyingKey ¶
Source Files
Click to show internal directories.
Click to hide internal directories.