pcs

package
v0.2402.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 20, 2024 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	CertificationDataPPIDCleartext        = 1
	CertificationDataPPIDEncryptedRSA2048 = 2
	CertificationDataPPIDEncryptedRSA3072 = 3
	CertificationDataPCKLeafCertificate   = 4
	CertificationDataPCKCertificateChain  = 5
	CertificationDataPlatformManifest     = 7
)
View Source 
const (
	// TCBKindPlatform is the platform TCB kind (e.g. the CPU/microcode/config).
	TCBKindPlatform = 0
	// TCBKindEnclave is the enclave TCB kind (e.g. the QE).
	TCBKindEnclave = 1
)
View Source 
const (

	// DefaultMinTCBEvaluationDataNumber is the default minimum TCB evaluation data number.
	DefaultMinTCBEvaluationDataNumber = 12 // As of 2022-08-01.
)
View Source 
const TimestampFormat = "2006-01-02T15:04:05.999999999Z"

TimestampFormat is the format of the TCB timestamp, suitable for use with time.Parse.

Workaround for https://github.com/golang/go/issues/21990

Variables

View Source 
var (
	// PCK_SGX_Extensions is the ASN1 Object Identifier for the SGX Extensions X509 extension.
	PCK_SGX_Extensions = asn1.ObjectIdentifier{1, 2, 840, 113741, 1, 13, 1} // nolint: revive

	// PCK_SGX_Extensions_FMSPC is the ASN1 Object Identifier for the FMSPC SGX Extension.
	PCK_SGX_Extensions_FMSPC = asn1.ObjectIdentifier{1, 2, 840, 113741, 1, 13, 1, 4} // nolint: revive

	// PCK_SGX_Extensions_TCB is the ASN1 Object Identifier for the TCB SGX Extension.
	PCK_SGX_Extensions_TCB = asn1.ObjectIdentifier{1, 2, 840, 113741, 1, 13, 1, 2} // nolint: revive
)
View Source 
var IntelTrustRoots = func() *x509.CertPool {
	pool := x509.NewCertPool()
	if raw := []byte(pcsTrustRootCert); !pool.AppendCertsFromPEM(raw) {

		_, _, err := CertFromPEM(raw)
		panic("sgx/pcs: invalid Intel trust root cert: " + err.Error())
	}
	return pool
}()

IntelTrustRoots are Intel's PCS signing root certificates.

View Source 
var QEVendorID_Intel = []byte{0x93, 0x9a, 0x72, 0x33, 0xf7, 0x9c, 0x4c, 0xa9, 0x94, 0x0a, 0x0d, 0xb3, 0x95, 0x7f, 0x06, 0x07} // nolint: revive

QEVendorID_Intel is the Quoting Enclave vendor ID for Intel (939A7233F79C4CA9940A0DB3957F0607).

Functions

func BuildMrSignerBlacklist 

func BuildMrSignerBlacklist(allowTestKeys bool)

BuildMrSignerBlacklist builds the MRSIGNER blacklist.

func CertFromPEM 

func CertFromPEM(raw []byte) (*x509.Certificate, []byte, error)

func NewMockQuote added in v0.2400.0 

func NewMockQuote(rawReport []byte) ([]byte, error)

NewMockQuote generates a mock quote from the given report, after doing some light sanity checking on the report.

This is only useful for runtimes with quote verification disabled at compile time (ie: built with `OASIS_UNSAFE_SKIP_AVR_VERIFY=1`).

func SetAllowDebugEnclaves 

func SetAllowDebugEnclaves()

SetAllowDebugEnclaves will enable running and communicating with enclaves with debug flag enabled in report body for the remainder of the process' lifetime.

func SetSkipVerify added in v0.2400.0 

func SetSkipVerify()

SetSkipVerify will disable quote signature verification for the remainder of the process' lifetime.

func SetUnsafeLaxVerify added in v0.2300.11 

func SetUnsafeLaxVerify()

SetUnsafeLaxVerify enables the unsafe, more lax TCB status verification.

OutOfDate and OutOfDateConfigurationNeeded TCB statuses will be treated as valid.

func UnsetAllowDebugEnclaves 

func UnsetAllowDebugEnclaves()

UnsetAllowDebugEnclaves will disable running and communicating with enclaves with debug flag enabled in report body for the remainder of the process' lifetime.

Types

type AttestationKeyType 

type AttestationKeyType uint16

AttestationKeyType is the attestation key type. 

const (
	// AttestationKeyECDSA_P256 is the ECDSA-P256 attestation key type.
	AttestationKeyECDSA_P256 AttestationKeyType = 2 // nolint: revive
)

func (AttestationKeyType) String 

func (kt AttestationKeyType) String() string

String returns a string representation of the attestation key type.

type CertificationData 

type CertificationData interface {
	// CertificationDataType returns the certification data type.
	CertificationDataType() CertificationDataType
}

CertificationData is the data required to verify the QE Report signature.

type CertificationDataType 

type CertificationDataType uint16

CertificationDataType is the type of data required to verify the QE Report signature in the QuoteSignature data structure.

func (CertificationDataType) String 

func (ct CertificationDataType) String() string

type CertificationData_PCKCertificateChain 

type CertificationData_PCKCertificateChain struct {
	CertificateChain []*x509.Certificate
}

CertificationData_PCKCertificateChain is the PCK certificate chain certification data.

func (*CertificationData_PCKCertificateChain) CertificationDataType 

func (cd *CertificationData_PCKCertificateChain) CertificationDataType() CertificationDataType

CertificationDataType returns the certification data type.

func (*CertificationData_PCKCertificateChain) UnmarshalBinary 

func (cd *CertificationData_PCKCertificateChain) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes CertificationData_PCKCertificateChain from a byte array.

type CertificationData_PPID 

type CertificationData_PPID struct {
	PPID   [384]byte
	CPUSVN [16]byte
	PCESVN uint16
	PCEID  uint16
	// contains filtered or unexported fields
}

CertificationData_PPID is the PPID certification data.

func (*CertificationData_PPID) CertificationDataType 

func (cd *CertificationData_PPID) CertificationDataType() CertificationDataType

CertificationDataType returns the certification data type.

func (*CertificationData_PPID) UnmarshalBinary 

func (cd *CertificationData_PPID) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes CertificationData_PPID from a byte array.

type Client 

type Client interface {
	// GetTCBBundle retrieves the signed TCB artifacts needed to verify a quote.
	GetTCBBundle(ctx context.Context, fmspc []byte, update UpdateType) (*TCBBundle, error)

	// GetPCKCertificateChain retrieves the PCK certificate chain for the given platform data or PPID.
	//
	// If platform data is provided, it is used instead of the encrypted PPID for certificate retrieval.
	GetPCKCertificateChain(ctx context.Context, platformData []byte, encPpid [384]byte, cpusvn [16]byte, pcesvn uint16, pceid uint16) ([]*x509.Certificate, error)
}

Client is an Intel SGX PCS client interface.

func NewHTTPClient 

func NewHTTPClient(cfg *HTTPClientConfig) (Client, error)

NewHTTPClient returns a new PCS HTTP endpoint.

type EnclaveTCBLevel 

type EnclaveTCBLevel struct {
	TCB struct {
		ISVSVN uint16 `json:"isvsvn"`
	} `json:"tcb"`
	Date        string    `json:"tcbDate"`
	Status      TCBStatus `json:"tcbStatus"`
	AdvisoryIDs []string  `json:"advisoryIDs"`
}

EnclaveTCBLevel is the enclave TCB level.

type HTTPClientConfig 

type HTTPClientConfig struct {
	// SubscriptionKey is the Intel PCS API key used for client authentication (needed for PCK
	// certificate retrieval).
	SubscriptionKey string
}

HTTPClientConfig is the Intel SGX PCS client configuration.

type PCKInfo 

type PCKInfo struct {
	PublicKey  *ecdsa.PublicKey
	FMSPC      []byte
	TCBCompSVN [16]int32
	PCESVN     uint16
	CPUSVN     [16]byte
}

PCKInfo contains information extracted from the PCK certificate.

type QEIdentity 

type QEIdentity struct {
	ID                      string            `json:"id"`
	Version                 int               `json:"version"`
	IssueDate               string            `json:"issueDate"`
	NextUpdate              string            `json:"nextUpdate"`
	TCBEvaluationDataNumber uint32            `json:"tcbEvaluationDataNumber"`
	MiscSelect              string            `json:"miscselect"`
	MiscSelectMask          string            `json:"miscselectMask"`
	Attributes              string            `json:"attributes"`
	AttributesMask          string            `json:"attributesMask"`
	MRSIGNER                string            `json:"mrsigner"`
	ISVProdID               uint16            `json:"isvprodid"`
	TCBLevels               []EnclaveTCBLevel `json:"tcbLevels"`
	AdvisoryIDs             []int             `json:"advisoryIDs,omitempty"`
}

QEIdentity is the Quoting Enclave identity.

type Quote 

type Quote struct {
	Header    QuoteHeader
	ISVReport ReportBody
	Signature QuoteSignature
}

Quote is an enclave quote.

func (*Quote) UnmarshalBinary 

func (q *Quote) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes a Quote from a byte array.

func (*Quote) Verify 

func (q *Quote) Verify(policy *QuotePolicy, ts time.Time, tcb *TCBBundle) (*sgx.VerifiedQuote, error)

Verify verifies the quote.

In case of successful verification it returns the TCB level.

type QuoteBundle 

type QuoteBundle struct {
	// Quote is the raw attestation quote.
	Quote []byte `json:"quote"`

	// TCB is the TCB bundle required to verify an attestation quote.
	TCB TCBBundle `json:"tcb"`
}

QuoteBundle is an attestation quote together with the TCB bundle required for its verification.

func (*QuoteBundle) Verify 

func (bnd *QuoteBundle) Verify(policy *QuotePolicy, ts time.Time) (*sgx.VerifiedQuote, error)

Verify verifies the quote bundle.

In case of successful verification it returns the verified quote.

type QuoteHeader 

type QuoteHeader struct {
	Version    uint16
	TEEType    uint32
	QESVN      uint16
	PCESVN     uint16
	QEVendorID [16]byte
	UserData   [20]byte
	// contains filtered or unexported fields
}

QuoteHeader is a quote header.

func (*QuoteHeader) UnmarshalBinary 

func (qh *QuoteHeader) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes QuoteHeader from a byte array.

type QuotePolicy 

type QuotePolicy struct {
	// Disabled specifies whether PCS quotes are disabled and will always be rejected.
	Disabled bool `json:"disabled,omitempty" yaml:"disabled,omitempty"`

	// TCBValidityPeriod is the validity (in days) of the TCB collateral.
	TCBValidityPeriod uint16 `json:"tcb_validity_period" yaml:"tcb_validity_period"`

	// MinTCBEvaluationDataNumber is the minimum TCB evaluation data number that is considered to be
	// valid. TCB bundles containing smaller values will be invalid.
	MinTCBEvaluationDataNumber uint32 `json:"min_tcb_evaluation_data_number" yaml:"min_tcb_evaluation_data_number"`

	// FMSPCBlacklist is a list of hexadecimal encoded FMSPCs specifying which processor
	// packages and platform instances are blocked.
	FMSPCBlacklist []string `json:"fmspc_blacklist,omitempty" yaml:"fmspc_blacklist,omitempty"`
}

QuotePolicy is the quote validity policy.

type QuoteSignature 

type QuoteSignature interface {
	// AttestationKeyType returns the type of the attestation key used in this quote signature.
	AttestationKeyType() AttestationKeyType

	// Verify verifies the quote signature of the header and ISV report.
	Verify(
		header *QuoteHeader,
		isvReport *ReportBody,
		ts time.Time,
		tcb *TCBBundle,
		policy *QuotePolicy,
	) error
}

QuoteSignature is a quote signature.

type QuoteSignatureECDSA_P256 

type QuoteSignatureECDSA_P256 struct {
	Signature            SignatureECDSA_P256
	AttestationPublicKey [64]byte
	QEReport             ReportBody
	QESignature          SignatureECDSA_P256
	AuthenticationData   []byte
	CertificationData    CertificationData
}

QuoteSignatureECDSA_P256 is an ECDSA-P256 quote signature.

func (*QuoteSignatureECDSA_P256) AttestationKeyType 

func (qs *QuoteSignatureECDSA_P256) AttestationKeyType() AttestationKeyType

AttestationKeyType returns the type of the attestation key used in this quote signature.

func (*QuoteSignatureECDSA_P256) UnmarshalBinary 

func (qs *QuoteSignatureECDSA_P256) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes QuoteSignatureECDSA_P256 from a byte array.

func (*QuoteSignatureECDSA_P256) Verify 

func (qs *QuoteSignatureECDSA_P256) Verify(
	header *QuoteHeader,
	isvReport *ReportBody,
	ts time.Time,
	tcb *TCBBundle,
	policy *QuotePolicy,
) error

Verify verifies the quote signature.

func (*QuoteSignatureECDSA_P256) VerifyPCK 

func (qs *QuoteSignatureECDSA_P256) VerifyPCK(ts time.Time) (*PCKInfo, error)

VerifyPCK verifies the PCK certificate and returns the extracted information.

type ReportBody 

type ReportBody struct {
	CPUSVN     [16]byte
	MiscSelect uint32
	Attributes sgx.Attributes
	MRENCLAVE  sgx.MrEnclave
	MRSIGNER   sgx.MrSigner
	ISVProdID  uint16
	ISVSVN     uint16
	ReportData [64]byte
	// contains filtered or unexported fields
}

ReportBody is an enclave report body.

func (*ReportBody) MarshalBinary 

func (r *ReportBody) MarshalBinary() ([]byte, error)

MarshalBinary encodes ReportBody into byte array.

func (*ReportBody) UnmarshalBinary 

func (r *ReportBody) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes ReportBody from a byte array.

type SGXExtension 

type SGXExtension struct {
	Id    asn1.ObjectIdentifier // nolint: revive
	Value asn1.RawValue
}

SGXExtension is an ASN1 SGX extension.

type SignatureECDSA_P256 

type SignatureECDSA_P256 [64]byte // nolint: revive

SignatureECDSA_P256 is an ECDSA-P256 signature in the form r || s.

func (*SignatureECDSA_P256) UnmarshalHex 

func (ec *SignatureECDSA_P256) UnmarshalHex(data string) error

UnmarshalHex decodes the signature from a hex-encoded string.

func (*SignatureECDSA_P256) Verify 

func (ec *SignatureECDSA_P256) Verify(pk *ecdsa.PublicKey, hash []byte) bool

Verify verifies the signature of hash using the passed public key.

type SignedQEIdentity 

type SignedQEIdentity struct {
	EnclaveIdentity json.RawMessage `cbor:"enclave_identity" json:"enclaveIdentity"`
	Signature       string          `cbor:"signature" json:"signature"`
}

SignedQEIdentity is the signed Quoting Enclave identity.

type SignedTCBInfo 

type SignedTCBInfo struct {
	TCBInfo   json.RawMessage `cbor:"tcb_info" json:"tcbInfo"`
	Signature string          `cbor:"signature" json:"signature"`
}

SignedTCBInfo is the signed TCB info structure.

type TCBBundle 

type TCBBundle struct {
	TCBInfo      SignedTCBInfo    `json:"tcb_info"`
	QEIdentity   SignedQEIdentity `json:"qe_id"`
	Certificates []byte           `json:"certs"`
}

TCBBundle contains all the required components to verify a quote's TCB.

func (*TCBBundle) Verify added in v0.2300.0 

func (bnd *TCBBundle) Verify(
	ts time.Time,
	policy *QuotePolicy,
	fmspc []byte,
	tcbCompSvn [16]int32,
	pcesvn uint16,
	qe *ReportBody,
) error

Verify verifies the TCB info and the QE identity corresponding to the passed SVN information.

type TCBComponent added in v0.2300.0 

type TCBComponent struct {
	SVN      int32  `json:"svn"`
	Category string `json:"category,omitempty"`
	Type     string `json:"type,omitempty"`
}

TCBComponent is a TCB component.

type TCBInfo 

type TCBInfo struct {
	ID                      string     `json:"id"`
	Version                 int        `json:"version"`
	IssueDate               string     `json:"issueDate"`
	NextUpdate              string     `json:"nextUpdate"`
	FMSPC                   string     `json:"fmspc"`
	PCEID                   string     `json:"pceId"`
	TCBType                 int        `json:"tcbType"`
	TCBEvaluationDataNumber uint32     `json:"tcbEvaluationDataNumber"`
	TDXModule               TDXModule  `json:"tdxModule,omitempty"`
	TCBLevels               []TCBLevel `json:"tcbLevels"`
}

TCBInfo is the TCB info body.

type TCBKind 

type TCBKind uint8

TCBKind is the kind of the TCB.

func (TCBKind) String 

func (tk TCBKind) String() string

String returns a string representation of the TCB kind.

type TCBLevel 

type TCBLevel struct {
	TCB struct {
		PCESVN        uint16           `json:"pcesvn"`
		SGXComponents [16]TCBComponent `json:"sgxtcbcomponents"`
		TDXComponents [16]TCBComponent `json:"tdxtcbcomponents,omitempty"`
	} `json:"tcb"`
	Date        string    `json:"tcbDate"`
	Status      TCBStatus `json:"tcbStatus"`
	AdvisoryIDs []string  `json:"advisoryIDs,omitempty"`
}

TCBLevel is a platform TCB level.

type TCBOutOfDateError 

type TCBOutOfDateError struct {
	Kind        TCBKind
	Status      TCBStatus
	AdvisoryIDs []string
}

TCBOutOfDateError is an error saying that the TCB of the platform or enclave is out of date.

func (*TCBOutOfDateError) Error 

func (tle *TCBOutOfDateError) Error() string

Error returns the error message.

type TCBStatus 

type TCBStatus int

TCBStatus is the TCB status. 

const (
	StatusUpToDate TCBStatus
	StatusSWHardeningNeeded
	StatusConfigurationNeeded
	StatusConfigurationAndSWHardeningNeeded
	StatusOutOfDate
	StatusOutOfDateConfigurationNeeded
	StatusRevoked
)

func (*TCBStatus) MarshalText 

func (s *TCBStatus) MarshalText() ([]byte, error)

MarshalText implements the encoding.TextMarshaler interface.

func (TCBStatus) String 

func (s TCBStatus) String() string

String returns the string representation of the TCB status.

func (*TCBStatus) UnmarshalText 

func (s *TCBStatus) UnmarshalText(text []byte) error

UnmarshalText implements the encoding.TextUnmarshaler interface.

type TDXModule added in v0.2300.0 

type TDXModule struct {
	MRSIGNER       string  `json:"mrsigner"`
	Attributes     [8]byte `json:"attributes"`
	AttributesMask [8]byte `json:"attributesMask"`
}

TDXModule is a representation of the properties of Intel’s TDX SEAM module.

type UpdateType added in v0.2300.10 

type UpdateType string

UpdateType is the type of update to TCB info. 

const (
	// UpdateStandard indicates standard access to updated TCB Info provided as part of a TCB
	// recovery event.
	UpdateStandard UpdateType = "standard"
	// UpdateEarly indicates an early access to updated TCB Info provided as part of a TCB recovery
	// event.
	UpdateEarly UpdateType = "early"
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.