tdx

package
v0.0.0-...-560dec0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 6, 2024 License: Apache-2.0 Imports: 11 Imported by: 4

Documentation

Index

Constants

View Source 
const (
	TDX_VERSION_1_0        evidence_api.DeviceVersion = "1.0"
	TDX_VERSION_1_0_DEVICE string                     = "/dev/tdx-guest"

	TDX_VERSION_1_5        evidence_api.DeviceVersion = "1.5"
	TDX_VERSION_1_5_DEVICE string                     = "/dev/tdx_guest"

	TDX_QUOTE_VERSION_4 = 4
	TDX_QUOTE_VERSION_5 = 5

	// The length of the reportdata
	TD_REPORTDATA_LEN = 64
	// The length of the tdreport
	TD_REPORT_LEN = 1024
	// The length of the report/quote
	TDX_QUOTE_LEN = 4 * 4096

	// Allowd Operation
	// Get td report, td report is a structure consisting of some
	// info from tdx module and td vm. Being signed by the Intel PCS,
	// it becomes the report for remote attestation.
	GetTdReport OperatorName = "GetTdReport"
	// Get td quote
	GetQuote OperatorName = "GetQuote"

	GetQuoteReq  QgsMsgType = 0
	GetQuoteResp QgsMsgType = 1

	AttestationKeyType_ECDSA_P256 AttestationKeyType = 2
	AttestationKeyType_ECDSA_P384 AttestationKeyType = 3

	TEE_SGX TeeType = 0x00000000
	TEE_TDX TeeType = 0x00000081

	TDX_ATTEST_CONFIG_PATH = "/etc/tdx-attest.conf"
)
View Source 
const (
	RTMRMaxIndex = 3
)

Variables

View Source 
var (
	TdxDeviceSpecs = map[string]TDXDeviceSpec{
		TDX_VERSION_1_0_DEVICE: {
			Version:             TDX_VERSION_1_0,
			DevicePath:          TDX_VERSION_1_0_DEVICE,
			TdxAttestConfigPath: TDX_ATTEST_CONFIG_PATH,
			AllowedOperation: map[OperatorName]uintptr{
				GetTdReport: uintptr(binary.BigEndian.Uint32([]byte{192, 8, 'T', 1})),
				GetQuote:    uintptr(binary.BigEndian.Uint32([]byte{128, 8, 'T', 2})),
			},
		},
		TDX_VERSION_1_5_DEVICE: {
			Version:             TDX_VERSION_1_5,
			DevicePath:          TDX_VERSION_1_5_DEVICE,
			TdxAttestConfigPath: TDX_ATTEST_CONFIG_PATH,
			AllowedOperation: map[OperatorName]uintptr{
				GetTdReport: uintptr(binary.BigEndian.Uint32([]byte{196, 64, 'T', 1})),
				GetQuote:    uintptr(binary.BigEndian.Uint32([]byte{128, 16, 'T', 4})),
			},
		},
	}
)

Functions

func NewRTMR 

func NewRTMR(digest [48]byte) evidence_api.TcgDigest

Types

type AttestationKeyType 

type AttestationKeyType uint16

func (AttestationKeyType) String 

func (t AttestationKeyType) String() string

type OperatorName 

type OperatorName string

type QeCertDataType 

type QeCertDataType uint32
const (
	PCK_ID_PLAIN         QeCertDataType = 1
	PCK_ID_RSA_2048_OAEP QeCertDataType = 2
	PCK_ID_RSA_3072_OAEP QeCertDataType = 3
	PCK_LEAF_CERT_PLAIN  QeCertDataType = 4 // Currently not supported
	PCK_CERT_CHAIN       QeCertDataType = 5
	QE_REPORT_CERT       QeCertDataType = 6
	PLATFORM_MANIFEST    QeCertDataType = 7 // Currently not supported

	// QE Vendor ID. Unique identifier of the QE Vendor.
	// Note: Each vendor that decides to provide a customized Quote data
	// structure should have unique ID.
	//     e.g. Value: 939A7233F79C4CA9940A0DB3957F0607 (Intel® SGX QE Vendor)
	QE_VENDOR_INTEL_SGX = "939a7233f79c4ca9940a0db3957f0607"
)

func (QeCertDataType) String 

func (t QeCertDataType) String() string

type QgsMsgGetQuoteReq 

type QgsMsgGetQuoteReq struct {
	Header     QgsMsgHeader
	ReportSize uint32 // cannot be 0
	IdListSize uint32 // length of id_list, in byte, can be 0
	// ReportIdList stores tdreport and id list.
	// TD_REPORT_LEN-fixed-lengthed tdreport in front of array,
	// and id list with the length IdListSize is stored in the tail.
	ReportIdList []uint8
}

func NewQgsMsgGetQuoteReqVer15 

func NewQgsMsgGetQuoteReqVer15(tdreport [TD_REPORT_LEN]uint8) *QgsMsgGetQuoteReq

func (*QgsMsgGetQuoteReq) Bytes 

func (q *QgsMsgGetQuoteReq) Bytes() []byte

type QgsMsgGetQuoteResp 

type QgsMsgGetQuoteResp struct {
	Header         QgsMsgHeader         // header.type = GET_QUOTE_RESP
	SelectedIdSize uint32               // can be 0 in case only one id is sent in request
	QuoteSize      uint32               // length of quote_data, in byte
	IdQuote        [TDX_QUOTE_LEN]uint8 // selected id followed by quote
}

func NewQgsMsgGetQuoteRespFromBytes 

func NewQgsMsgGetQuoteRespFromBytes(b []byte) *QgsMsgGetQuoteResp

type QgsMsgHeader 

type QgsMsgHeader struct {
	MajorVersion uint16     // TDX major version
	MinorVersion uint16     // TDX minor version
	MsgType      QgsMsgType // GET_QUOTE_REQ or GET_QUOTE_RESP
	Size         uint32     // size of the whole message, include this header, in byte
	ErrorCode    uint32     // used in response only
}

func NewQgsMsgHeaderFromBytes 

func NewQgsMsgHeaderFromBytes(b []byte) *QgsMsgHeader

func NewQgsMsgHeaderVer15 

func NewQgsMsgHeaderVer15() *QgsMsgHeader

func (*QgsMsgHeader) Bytes 

func (q *QgsMsgHeader) Bytes() []byte

func (*QgsMsgHeader) LenOfBytes 

func (q *QgsMsgHeader) LenOfBytes() uint32

type QgsMsgType 

type QgsMsgType uint32

type TDXDeviceSpec 

type TDXDeviceSpec struct {
	Version             evidence_api.DeviceVersion
	DevicePath          string
	TdxAttestConfigPath string
	AllowedOperation    map[OperatorName]uintptr
}

func (*TDXDeviceSpec) ProbeAttestConfig 

func (spec *TDXDeviceSpec) ProbeAttestConfig() map[string]string

type TdxEnclaveReportBody 

type TdxEnclaveReportBody struct {
	CpuSvn     [16]byte
	Miscselect uint32
	Reserved1  [28]byte
	Attributes [16]byte
	Mrenclave  [32]byte
	Reserved2  [32]byte
	MrSigner   [32]byte
	Reserved3  [96]byte
	IsvProdid  uint16
	IsvSvn     uint16
	Reserved4  [60]byte
	ReportData [64]byte
	// contains filtered or unexported fields
}

func NewTdxEnclaveReportBody 

func NewTdxEnclaveReportBody(b []byte) *TdxEnclaveReportBody

func (*TdxEnclaveReportBody) Dump 

func (b *TdxEnclaveReportBody) Dump(format evidence_api.QuoteDumpFormat, indent string)

type TdxQuote 

type TdxQuote struct {
	Header    *TdxQuoteHeader
	Body      *TdxQuoteBody
	Signature TdxQuoteSignature
}

func NewTdxQuote 

func NewTdxQuote(b []byte) (*TdxQuote, error)

func (*TdxQuote) Dump 

func (q *TdxQuote) Dump(format evidence_api.QuoteDumpFormat, indent string)

type TdxQuoteBody 

type TdxQuoteBody struct {
	TeeTcbSvn      TdxQuoteTeeTcbSvn
	MrSeam         [48]byte
	MrSignerSeam   [48]byte
	SeamAttributes [8]byte
	TdAttributes   [8]byte
	Xfam           [8]byte
	MrTd           [48]byte
	MrConfigId     [48]byte
	MrOwner        [48]byte
	MrOwnerConfig  [48]byte
	Rtmr0          [48]byte
	Rtmr1          [48]byte
	Rtmr2          [48]byte
	Rtmr3          [48]byte
	ReportData     [64]byte
	// contains filtered or unexported fields
}

func NewTdxQuoteBody 

func NewTdxQuoteBody(b []byte) *TdxQuoteBody

func (*TdxQuoteBody) Dump 

func (b *TdxQuoteBody) Dump(format evidence_api.QuoteDumpFormat, indent string)

type TdxQuoteHdr 

type TdxQuoteHdr struct {
	Version        uint64               // Quote version, filled by TD
	Status         uint64               // Status code of Quote request, filled by VMM
	InLen          uint32               // Length of TDREPORT, filled by TD
	OutLen         uint32               // Length of Quote, filled by VMM
	DataLenBeBytes [4]uint8             // big-endian 4 bytes indicate the size of data following
	Data           [TDX_QUOTE_LEN]uint8 // Actual Quote data or TDREPORT on input
}

func NewTdxQuoteHdrFromBytes 

func NewTdxQuoteHdrFromBytes(b []byte) *TdxQuoteHdr

func NewTdxQuoteHdrVer15 

func NewTdxQuoteHdrVer15(req *QgsMsgGetQuoteReq) *TdxQuoteHdr

func (*TdxQuoteHdr) LenOfBytes 

func (t *TdxQuoteHdr) LenOfBytes() uint32

type TdxQuoteHeader 

type TdxQuoteHeader struct {
	Version   uint16
	AKType    AttestationKeyType
	TeeType   TeeType
	Reserved1 [2]byte
	Reserved2 [2]byte
	QeVendor  [16]byte
	UserData  [20]byte
	// contains filtered or unexported fields
}

func NewTdxQuoteHeader 

func NewTdxQuoteHeader(b []byte) *TdxQuoteHeader

func (*TdxQuoteHeader) Dump 

func (h *TdxQuoteHeader) Dump(format evidence_api.QuoteDumpFormat, indent string)

type TdxQuoteQeCert 

type TdxQuoteQeCert struct {
	CertType   QeCertDataType
	ReportCert *TdxQuoteQeReportCert
	CertData   []byte
	// contains filtered or unexported fields
}

func NewTdxQuoteQeCert 

func NewTdxQuoteQeCert(b []byte) *TdxQuoteQeCert

func (*TdxQuoteQeCert) Dump 

func (c *TdxQuoteQeCert) Dump(format evidence_api.QuoteDumpFormat, indent string)

type TdxQuoteQeReportCert 

type TdxQuoteQeReportCert struct {
	QeReport    TdxEnclaveReportBody
	QeReportSig [64]byte
	QeAuthData  []byte
	QeCertData  *TdxQuoteQeCert
	// contains filtered or unexported fields
}

func NewTdxQuoteQeReportCert 

func NewTdxQuoteQeReportCert(b []byte) *TdxQuoteQeReportCert

func (*TdxQuoteQeReportCert) Dump 

func (c *TdxQuoteQeReportCert) Dump(format evidence_api.QuoteDumpFormat, indent string)

type TdxQuoteReq 

type TdxQuoteReq struct {
	Buf uint64 // Pass user data that includes TDREPORT as input. Upon successful completion of IOCTL, output is copied back to the same buffer
	Len uint64 // Length of the Quote buffer
}

func NewTdxQuoteReqVer15 

func NewTdxQuoteReqVer15(hdr *TdxQuoteHdr) *TdxQuoteReq

type TdxQuoteSignature 

type TdxQuoteSignature interface {
	Dump(evidence_api.QuoteDumpFormat, string)
}

type TdxQuoteSignatureDefault 

type TdxQuoteSignatureDefault struct {
}

func NewTdxQuoteSignatureDefault 

func NewTdxQuoteSignatureDefault(b []byte) *TdxQuoteSignatureDefault

func (*TdxQuoteSignatureDefault) Dump 

func (*TdxQuoteSignatureDefault) Dump(evidence_api.QuoteDumpFormat, string)

Dump implements TdxQuoteSignature.

type TdxQuoteSignatureEcdsa256 

type TdxQuoteSignatureEcdsa256 struct {
	Sig    [64]byte
	Ak     [64]byte
	QeCert TdxQuoteQeCert
	// contains filtered or unexported fields
}

func NewTdxQuoteSignatureEcdsa256 

func NewTdxQuoteSignatureEcdsa256(b []byte) *TdxQuoteSignatureEcdsa256

func (*TdxQuoteSignatureEcdsa256) Dump 

func (s *TdxQuoteSignatureEcdsa256) Dump(format evidence_api.QuoteDumpFormat, indent string)

Dump implements TdxQuoteSignature.

type TdxQuoteTeeTcbSvn 

type TdxQuoteTeeTcbSvn struct {
	// contains filtered or unexported fields
}

func NewTdxQuoteTeeTcbSvn 

func NewTdxQuoteTeeTcbSvn(b []byte) *TdxQuoteTeeTcbSvn

func (*TdxQuoteTeeTcbSvn) Dump 

func (s *TdxQuoteTeeTcbSvn) Dump(format evidence_api.QuoteDumpFormat, indent string)

type TdxReport 

type TdxReport struct {
	Quote *TdxQuote
}

func NewTdxReportFromBytes 

func NewTdxReportFromBytes(b []byte) (*TdxReport, error)

func (*TdxReport) Dump 

func (t *TdxReport) Dump(format evidence_api.QuoteDumpFormat)

Dump implements evidence_api.Report

func (*TdxReport) IMRGroup 

func (t *TdxReport) IMRGroup() evidence_api.IMRGroup

IMRGroup implements evidence_api.Report.

func (*TdxReport) InitFromBytes 

func (t *TdxReport) InitFromBytes(b []byte) (err error)

InitFromBytes implements evidence_api.Report.

func (*TdxReport) Marshal 

func (t *TdxReport) Marshal() ([]byte, error)

Marshal can marshal the TdxReport structure into bytes

type TdxReportReq15 

type TdxReportReq15 struct {
	ReportData [TD_REPORTDATA_LEN]uint8
	Tdreport   [TD_REPORT_LEN]uint8
}

type TeeType 

type TeeType uint32

func (TeeType) String 

func (t TeeType) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.