sigstruct

package
v0.2202.10 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 28, 2023 License: Apache-2.0 Imports: 10 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func UnsafeDebugForEnclave

func UnsafeDebugForEnclave(sgxs []byte) ([]byte, error)

UnsafeDebugForEnclave returns the SIGSTRUCT corresponding to the provided SGX enclave binary, signed using the Fortanix Rust SDK's dummy signing key.

This routine is deterministic, and MUST only ever be used for testing.

Types

type Option

type Option func(*Sigstruct)

Option is an option used when constructing a Sigstruct.

func WithAttributes

func WithAttributes(attributes sgx.Attributes) Option

WithAttributes sets the ATTRIBUTES field.

func WithAttributesMask

func WithAttributesMask(attributesMask [2]uint64) Option

WithAttributesMask sets the ATTRIBUTESMASK field.

func WithBuildDate

func WithBuildDate(date time.Time) Option

WithBuildDate sets the BUILDDATE field.

func WithEnclaveHash

func WithEnclaveHash(enclaveHash sgx.MrEnclave) Option

WithEnclaveHash sets the ENCLAVEHASH field.

func WithISVProdID

func WithISVProdID(isvProdID uint16) Option

WithISVProdID sets the ISVPRODID field.

func WithISVSVN

func WithISVSVN(isvSVN uint16) Option

WithISVSVN sets the ISVSVN field.

func WithMiscSelect

func WithMiscSelect(miscSelect uint32) Option

WithMiscSelect sets the MISCSELECT field.

func WithMiscSelectMask

func WithMiscSelectMask(miscSelectMask uint32) Option

WithMiscSelectMask sets the MISCSELECTMASK field.

func WithSwDefined

func WithSwDefined(swDefined [4]byte) Option

WithSwDefined sets the SWDEFINED field.

type Sigstruct

type Sigstruct struct {
	BuildDate      time.Time
	SwDefined      [4]byte
	MiscSelect     uint32
	MiscSelectMask uint32
	Attributes     sgx.Attributes
	AttributesMask [2]uint64
	EnclaveHash    sgx.MrEnclave
	ISVProdID      uint16
	ISVSVN         uint16
}

Sigstruct is an SGX enclave SIGSTRUCT.

The most recent version of the Intel documentation defines more fields that were formerly reserved, however support for setting such things is currently not implemented.

func New

func New(opts ...Option) *Sigstruct

New creates a new Sigstruct ready to be signed.

func Verify

func Verify(buf []byte) (*rsa.PublicKey, *Sigstruct, error)

Verify validates a byte serialized SIGSTRUCT, and returns the signing public key and parsed SIGSTRUCT.

Note: The returned SIGSTRUCT omits fields not currently used.

func (*Sigstruct) HashForSignature added in v0.2201.9

func (s *Sigstruct) HashForSignature() []byte

HashForSignature returns the SHA-256 hash that is to be signed.

This method can be used for offline signing.

func (*Sigstruct) Sign

func (s *Sigstruct) Sign(privateKey *rsa.PrivateKey) ([]byte, error)

Sign signs the SIGSTRUCT with the provided private key.

func (*Sigstruct) WithSignature added in v0.2201.9

func (s *Sigstruct) WithSignature(rawSig []byte, pubKey *rsa.PublicKey) ([]byte, error)

WithSignature combines the provided raw signature (which must be over the result of an earlier call to HashForSignature) with the given SIGSTRUCT.

The SIGSTRUCT that was signed MUST match this structure and an error will be returned otherwise to prevent returning a malformed SIGSTRUCT.

This method can be used after an offline signing process has produced a signature.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL