dcap

package

v0.1.1 Latest Latest Go to latest Published: May 11, 2024 License: MIT Imports: 22 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/carv-protocol/verifier

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func VerifyAttestation(data string, cf *conf.Bootstrap) (bool, error)
func VerifySignature(pubKeyBytes, signatureBytes, message []byte, untagged bool) error
type Base
- func (b *Base) Verify() error
type CertData
- func (q *CertData) FromBytes(data []byte) error
- func (q *CertData) ToBytes() ([]byte, error)
type EnclaveId
- func (e *EnclaveId) GetEnclaveID(path string) *EnclaveId
type EnclaveIdStatus
type Ext
type PCK
- func NewPCK(cert *x509.Certificate) (*PCK, error)
- func ParseCertificates(certData []byte) (rootCert, caCert *x509.Certificate, pck *PCK, err error)
type Quote
- func (q *Quote) VerifyQuote(quoteByte []byte, load *TrusTEEInfo, q3Atuth *QuoteV3Auth, cf *conf.Bootstrap) error
type QuoteV3Auth
- func GetQuoteV3Auth(quote []byte) (QuoteV3Auth, error)
- func (e *QuoteV3Auth) FromBytes(data []byte) error
- func (q *QuoteV3Auth) GetQEReport() (Report, error)
- func (e *QuoteV3Auth) ToBytes() ([]byte, error)
- func (q *QuoteV3Auth) Verify(cf *conf.Bootstrap) error
type Report
- func (e *Report) Verify(info *TrusTEEInfo) error
type TCB
type Tcb
type TcbInfo
- func (e *TcbInfo) GetTcbInfo(path string) *TcbInfo
type TcbLevel
type TcbLevelInfo
type TrusTEEInfo
- func TrustedLoad(path string) (TrusTEEInfo, error)
type VerifyingKey

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	OIDTCBCompSVN = []asn1.ObjectIdentifier{
		{1, 2, 840, 113741, 1, 13, 1, 2, 1},
		{1, 2, 840, 113741, 1, 13, 1, 2, 2},
		{1, 2, 840, 113741, 1, 13, 1, 2, 3},
		{1, 2, 840, 113741, 1, 13, 1, 2, 4},
		{1, 2, 840, 113741, 1, 13, 1, 2, 5},
		{1, 2, 840, 113741, 1, 13, 1, 2, 6},
		{1, 2, 840, 113741, 1, 13, 1, 2, 7},
		{1, 2, 840, 113741, 1, 13, 1, 2, 8},
		{1, 2, 840, 113741, 1, 13, 1, 2, 9},
		{1, 2, 840, 113741, 1, 13, 1, 2, 10},
		{1, 2, 840, 113741, 1, 13, 1, 2, 11},
		{1, 2, 840, 113741, 1, 13, 1, 2, 12},
		{1, 2, 840, 113741, 1, 13, 1, 2, 13},
		{1, 2, 840, 113741, 1, 13, 1, 2, 14},
		{1, 2, 840, 113741, 1, 13, 1, 2, 15},
		{1, 2, 840, 113741, 1, 13, 1, 2, 16},
	}
	OIDTCBPCESVN    = asn1.ObjectIdentifier{1, 2, 840, 113741, 1, 13, 1, 2, 17}
	OIDPCEID        = asn1.ObjectIdentifier{1, 2, 840, 113741, 1, 13, 1, 3}
	OIDFMSPC        = asn1.ObjectIdentifier{1, 2, 840, 113741, 1, 13, 1, 4}
	OIDSGXExtension = asn1.ObjectIdentifier{1, 2, 840, 113741, 1, 13, 1}
	OIDTCB          = asn1.ObjectIdentifier{1, 2, 840, 113741, 1, 13, 1, 2}
)

Functions ¶

func VerifyAttestation ¶

func VerifyAttestation(data string, cf *conf.Bootstrap) (bool, error)

func VerifySignature ¶

func VerifySignature(pubKeyBytes, signatureBytes, message []byte, untagged bool) error

VerifySignature verifies a signature using the ECDSA public key, SHA256 hashing, and ASN.1 DER-encoded signature.

Types ¶

type Base ¶

type Base struct {
	Version    [2]byte  `json:"version"`
	KeyType    [2]byte  `json:"key_type"`
	Reserved   [4]byte  `json:"reserved"`
	QeSvn      [2]byte  `json:"qe_svn"`
	PceSvn     [2]byte  `json:"pce_svn"`
	QeVendorId [16]byte `json:"qe_vendor_id"`
	UserData   [20]byte `json:"user_data"`
}

Header mirrors the Rust Header struct

func (*Base) Verify ¶

func (b *Base) Verify() error

type CertData ¶

type CertData struct {
	CertType uint16 `json:"cert_type"`
	CertData []byte `json:"cert_data"`
}

func (*CertData) FromBytes ¶

func (q *CertData) FromBytes(data []byte) error

FromBytes deserializes bytes into QECertData

func (*CertData) ToBytes ¶

func (q *CertData) ToBytes() ([]byte, error)

ToBytes serializes QECertData into bytes

type EnclaveId ¶

type EnclaveId struct {
	Miscselect     uint32
	MiscselectMask uint32
	Isvprodid      uint16
	Attributes     [16]byte
	AttributesMask [16]byte
	Mrsigner       [32]byte
	TcbLevels      []TcbLevel
}

func (*EnclaveId) GetEnclaveID ¶

func (e *EnclaveId) GetEnclaveID(path string) *EnclaveId

type EnclaveIdStatus ¶

type EnclaveIdStatus string

const (
	OK                                EnclaveIdStatus = "OK"
	SGX_ENCLAVE_REPORT_ISVSVN_REVOKED EnclaveIdStatus = "SGX_ENCLAVE_REPORT_ISVSVN_REVOKED"
)

type Ext ¶

type Ext struct {
	Key   asn1.ObjectIdentifier
	Value asn1.RawValue
}

ASN.1

type PCK ¶

type PCK struct {
	Inner *x509.Certificate
	Fmspc [6]byte
	PceID [2]byte
	TCB   TCB
}

func NewPCK ¶

func NewPCK(cert *x509.Certificate) (*PCK, error)

func ParseCertificates ¶

func ParseCertificates(certData []byte) (rootCert, caCert *x509.Certificate, pck *PCK, err error)

ParseCertificates parses a PEM-encoded certificate chain and returns the root CA certificate, the intermediate CA certificate, and the PCK certificate.

type Quote ¶

type Quote struct {
	Base   Base   `json:"base"`
	Report Report `json:"report_body"`
}

func (*Quote) VerifyQuote ¶

func (q *Quote) VerifyQuote(quoteByte []byte, load *TrusTEEInfo, q3Atuth *QuoteV3Auth, cf *conf.Bootstrap) error

VerifyQuote validates both the header and the enclave report of a quote

type QuoteV3Auth ¶

type QuoteV3Auth struct {
	Signature         [64]byte  `json:"signature"`
	AttestationKey    [64]byte  `json:"attestation_key"`
	RawQEReport       [384]byte `json:"raw_qe_report"`
	QEReportSignature [64]byte  `json:"qe_report_signature"`
	QEAuthData        []byte    `json:"qe_auth_data"`
	QECert            CertData  `json:"qe_cert"`
}

func GetQuoteV3Auth ¶

func GetQuoteV3Auth(quote []byte) (QuoteV3Auth, error)

func (*QuoteV3Auth) FromBytes ¶

func (e *QuoteV3Auth) FromBytes(data []byte) error

FromBytes deserializes bytes into ECDSAQuoteV3AuthData

func (*QuoteV3Auth) GetQEReport ¶

func (q *QuoteV3Auth) GetQEReport() (Report, error)

func (*QuoteV3Auth) ToBytes ¶

func (e *QuoteV3Auth) ToBytes() ([]byte, error)

ToBytes serializes ECDSAQuoteV3AuthData into bytes

func (*QuoteV3Auth) Verify ¶

func (q *QuoteV3Auth) Verify(cf *conf.Bootstrap) error

type Report ¶

type Report struct {
	Cpusvn     [16]byte `json:"cpusvn"`
	Miscselect [4]byte  `json:"miscselect"`
	Reserved1  [28]byte `json:"reserved1"`
	Attributes [16]byte `json:"attributes"`
	MrEnclave  [32]byte `json:"mrenclave"`
	Reserved2  [32]byte `json:"reserved2"`
	MrSigner   [32]byte `json:"mrsigner"`
	Reserved3  [96]byte `json:"reserved3"`
	IsvProdid  [2]byte  `json:"isv_prodid"`
	IsvSvn     [2]byte  `json:"isv_svn"`
	Reserved4  [60]byte `json:"reserved4"`
	ReportData [64]byte `json:"reportdata"`
}

EnclaveReport mirrors the Rust EnclaveReport struct

func (*Report) Verify ¶

func (e *Report) Verify(info *TrusTEEInfo) error

FromBytes populates an EnclaveReport from a byte slice

type TCB ¶

type TCB struct {
	PceSVN       uint16
	CompSVNArray [16]byte
}

type Tcb ¶

type Tcb struct {
	SgxtcbcompSvn [16]uint8
	Pcesvn        uint16
}

type TcbInfo ¶

type TcbInfo struct {
	Version                 uint8
	IssueDate               time.Time
	NextUpdate              time.Time
	Fmspc                   []byte
	PceID                   []byte
	TcbType                 uint8
	TcbEvaluationDataNumber uint8
	TcbLevels               []TcbLevelInfo
}

func (*TcbInfo) GetTcbInfo ¶

func (e *TcbInfo) GetTcbInfo(path string) *TcbInfo

GetTcbInfo initializes or returns the singleton instance of TcbInfo GetTcbInfo uses sync.Once to ensure the TcbInfo is loaded only once

type TcbLevel ¶

type TcbLevel struct {
	Isvsvn    uint16
	TcbStatus EnclaveIdStatus
}

type TcbLevelInfo ¶

type TcbLevelInfo struct {
	Tcb       Tcb
	TcbDate   time.Time
	TcbStatus string
}

type TrusTEEInfo ¶

type TrusTEEInfo struct {
	TrustedEnclaves map[string][]string
}

func TrustedLoad ¶

func TrustedLoad(path string) (TrusTEEInfo, error)

type VerifyingKey ¶

type VerifyingKey struct {
	*ecdsa.PublicKey
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL