Documentation ¶
Overview ¶
Package pcs defines values specified for the Intel's Provisioning Certification Service
Index ¶
- Variables
- func PckCrlURL(ca string) string
- func QeIdentityURL() string
- func TcbInfoURL(fmspc string) string
- type EnclaveIdentity
- type HexBytes
- type PckCertTCB
- type PckExtensions
- type QeIdentity
- type Tcb
- type TcbComponent
- type TcbComponentStatus
- type TcbInfo
- type TcbLevel
- type TdxModule
- type TdxModuleIdentity
- type TdxTcbInfo
Constants ¶
This section is empty.
Variables ¶
var ( // OidSgxExtension is the x509v3 extension for PCK certificate's SGX Extension. OidSgxExtension = asn1.ObjectIdentifier([]int{1, 2, 840, 113741, 1, 13, 1}) // OidPPID is the x509v3 extension for PCK certificate's SGX Extensions PPID value. OidPPID = asn1.ObjectIdentifier([]int{1, 2, 840, 113741, 1, 13, 1, 1}) // OidTCB is the x509v3 extension for PCK certificate's SGX Extensions TCB struct. OidTCB = asn1.ObjectIdentifier([]int{1, 2, 840, 113741, 1, 13, 1, 2}) // OidPCESvn is the x509v3 extension for PCK certificate's SGX Extensions PCESVN component in TCB struct. OidPCESvn = asn1.ObjectIdentifier([]int{1, 2, 840, 113741, 1, 13, 1, 2, 17}) // OidCPUSvn is the x509v3 extension for PCK certificate's SGX Extensions CPUSVN component in TCB struct. OidCPUSvn = asn1.ObjectIdentifier([]int{1, 2, 840, 113741, 1, 13, 1, 2, 18}) // OidPCEID is the x509v3 extension for PCK certificate's SGX Extensions PCEID value. OidPCEID = asn1.ObjectIdentifier([]int{1, 2, 840, 113741, 1, 13, 1, 3}) // OidFMSPC is the x509v3 extension for PCK certificate's SGX Extensions FMSPC value. OidFMSPC = asn1.ObjectIdentifier([]int{1, 2, 840, 113741, 1, 13, 1, 4}) // ErrPckExtInvalid error returned when parsing PCK certificate's extension returns leftover bytes ErrPckExtInvalid = errors.New("unexpected leftover bytes for PCK certificate's extension") // ErrTcbExtInvalid error returned when parsing of TCB in SGX Extension returns leftover bytes ErrTcbExtInvalid = errors.New("unexpected leftover bytes for TCB extension inside SGX extension field") // ErrTcbCompInvalid error returned when parsing of TCB components in SGX Extension returns leftover bytes ErrTcbCompInvalid = errors.New("unexpected leftover bytes for TCB components in TCB Extension inside SGX extension field") // ErrSgxExtInvalid error returned when parsing SGX extensions returns leftover bytes ErrSgxExtInvalid = errors.New("unexpected leftover bytes when parsing SGX extensions") )
Functions ¶
func QeIdentityURL ¶
func QeIdentityURL() string
QeIdentityURL returns the Intel PCS URL for retrieving QE identity
func TcbInfoURL ¶
TcbInfoURL returns the Intel PCS URL for retrieving TCB Info
Types ¶
type EnclaveIdentity ¶
type EnclaveIdentity struct { ID string `json:"id"` Version byte `json:"version"` IssueDate time.Time `json:"issueDate"` NextUpdate time.Time `json:"nextUpdate"` TcbEvaluationDataNumber int `json:"tcbEvaluationDataNumber"` Miscselect HexBytes `json:"miscselect"` MiscselectMask HexBytes `json:"miscselectMask"` Attributes HexBytes `json:"attributes"` AttributesMask HexBytes `json:"attributesMask"` Mrsigner HexBytes `json:"mrsigner"` IsvProdID uint16 `json:"isvprodid"` TcbLevels []TcbLevel `json:"tcbLevels"` }
EnclaveIdentity struct is used to map enclave identity field
type HexBytes ¶
type HexBytes struct {
Bytes []byte
}
HexBytes struct contains hex decoded string to bytes value
func (*HexBytes) UnmarshalJSON ¶
UnmarshalJSON for hex bytes converts hex encoded string to bytes
type PckCertTCB ¶
PckCertTCB represents struct that store information related to TCB components
type PckExtensions ¶
type PckExtensions struct { PPID string TCB PckCertTCB PCEID string FMSPC string }
PckExtensions represents the information stored in the x509 extensions of a PCK certificate which will be required for verification
func PckCertificateExtensions ¶
func PckCertificateExtensions(cert *x509.Certificate) (*PckExtensions, error)
PckCertificateExtensions returns only those x509v3 extensions from the PCK certificate into a struct type which will be required in verification purpose.
type QeIdentity ¶
type QeIdentity struct { EnclaveIdentity EnclaveIdentity `json:"enclaveIdentity"` Signature string `json:"signature"` }
QeIdentity struct is used to map response from enclaveIdentity PCS API Call
type Tcb ¶
type Tcb struct { SgxTcbcomponents []TcbComponent `json:"sgxtcbcomponents"` Pcesvn uint16 `json:"pcesvn"` TdxTcbcomponents []TcbComponent `json:"tdxtcbcomponents"` Isvsvn uint32 `json:"isvsvn"` }
Tcb struct is used to map TCB field
type TcbComponent ¶
type TcbComponent struct { Svn byte `json:"svn"` Category string `json:"category"` Type string `json:"type"` }
TcbComponent struct is used to map sgx/tdx tcb components
type TcbComponentStatus ¶
type TcbComponentStatus string
TcbComponentStatus represents the status of corresponding TCB field
const ( // TcbComponentStatusUpToDate denotes tcb status as UpToDate TcbComponentStatusUpToDate TcbComponentStatus = "UpToDate" // TcbComponentStatusSwHardeningNeeded denotes tcb status as SWHardeningNeeded TcbComponentStatusSwHardeningNeeded TcbComponentStatus = "SWHardeningNeeded" // TcbComponentStatusConfigurationNeeded denotes tcb status as ConfigurationNeeded TcbComponentStatusConfigurationNeeded TcbComponentStatus = "ConfigurationNeeded" // TcbComponentStatusConfigurationAndSWHardeningNeeded denotes tcb status as ConfigurationAndSWHardeningNeeded TcbComponentStatusConfigurationAndSWHardeningNeeded TcbComponentStatus = "ConfigurationAndSWHardeningNeeded" // TcbComponentStatusOutOfDate denotes tcb status as OutOfDate TcbComponentStatusOutOfDate TcbComponentStatus = "OutOfDate" // TcbComponentStatusOutOfDateConfigurationNeeded denotes tcb status as OutOfDateConfigurationNeeded TcbComponentStatusOutOfDateConfigurationNeeded TcbComponentStatus = "OutOfDateConfigurationNeeded" // TcbComponentStatusRevoked denotes tcb status as Revoked TcbComponentStatusRevoked TcbComponentStatus = "Revoked" )
func (*TcbComponentStatus) UnmarshalJSON ¶
func (st *TcbComponentStatus) UnmarshalJSON(s []byte) error
UnmarshalJSON for TcbComponentStatus maps tcb status to corresponding valid strings
type TcbInfo ¶
type TcbInfo struct { ID string `json:"id"` Version byte `json:"version"` IssueDate time.Time `json:"issueDate"` NextUpdate time.Time `json:"nextUpdate"` Fmspc string `json:"fmspc"` PceID string `json:"pceId"` TcbType byte `json:"tcbType"` TcbEvaluationDataNumber int `json:"tcbEvaluationDataNumber"` TdxModule TdxModule `json:"tdxModule"` TdxModuleIdentities []TdxModuleIdentity `json:"tdxModuleIdentities"` TcbLevels []TcbLevel `json:"tcbLevels"` }
TcbInfo struct is used to map response from tcbInfo field
type TcbLevel ¶
type TcbLevel struct { Tcb Tcb `json:"tcb"` TcbDate string `json:"tcbDate"` TcbStatus TcbComponentStatus `json:"tcbStatus"` AdvisoryIDs []string `json:"advisoryIDs"` }
TcbLevel struct is used to map TCB Level field
type TdxModule ¶
type TdxModule struct { Mrsigner HexBytes `json:"mrsigner"` Attributes HexBytes `json:"attributes"` AttributesMask HexBytes `json:"attributesMask"` }
TdxModule struct is used to map response from tcbInfo for tdxModule field
type TdxModuleIdentity ¶ added in v0.3.1
type TdxModuleIdentity struct { ID string `json:"id"` Mrsigner HexBytes `json:"mrsigner"` Attributes HexBytes `json:"attributes"` AttributesMask HexBytes `json:"attributesMask"` TcbLevels []TcbLevel `json:"tcbLevels"` }
TdxModuleIdentity struct is used to map response from tcbInfo for TdxModuleIdentity field
type TdxTcbInfo ¶
TdxTcbInfo struct is used to map response from tcbInfo PCS API Service