publickey

package
v2.5.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 21, 2024 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Overview

Package publickey facilitiates communication with Intel® AMT devices to access and configure Public Key Certificates and Public Key Management Service classes for AMT

Certificate: This class represents a X.509 Certificate in the Intel® AMT CertStore. Instances of this class can be created using the AMT_PublicKeyManagementService.AddCertificate and AMT_PublicKeyManagementService.AddTrustedRootCertificate methods. A certificate cannot be deleted while it is being used by any service (TLS/EAC).

Management Service: This service contains the information necessary to represent and manage the functionality provided by the Intel® AMT CertStore.

Index

Constants

View Source
const (
	AMTPublicKeyCertificate       string = "AMT_PublicKeyCertificate"
	AMTPublicKeyManagementService string = "AMT_PublicKeyManagementService"
	GeneratePKCS10RequestEx       string = "GeneratePKCS10RequestEx"
	AddTrustedRootCertificate     string = "AddTrustedRootCertificate"
	AddCertificate                string = "AddCertificate"
	GenerateKeyPair               string = "GenerateKeyPair"
	AddKey                        string = "AddKey"
	ValueNotFound                 string = "Value not found in map"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AddCertificate_INPUT

type AddCertificate_INPUT struct {
	XMLName         xml.Name `xml:"h:AddCertificate_INPUT"`
	H               string   `xml:"xmlns:h,attr"`
	CertificateBlob string   `xml:"h:CertificateBlob"` // The use of ECC 192/224 is blocked starting from Intel® CSME 18.0.
}

INPUTS Request Types.

type AddCertificate_OUTPUT

type AddCertificate_OUTPUT struct {
	XMLName            xml.Name                   `xml:"AddCertificate_OUTPUT"`
	CreatedCertificate CreatedCertificateResponse `xml:"CreatedCertificate,omitempty"`
	ReturnValue        ReturnValue                `xml:"ReturnValue,omitempty"`
}

OUTPUTS Response Types.

type AddKey_INPUT

type AddKey_INPUT struct {
	XMLName xml.Name `xml:"h:AddKey_INPUT"`
	H       string   `xml:"xmlns:h,attr"`
	KeyBlob string   `xml:"h:KeyBlob"` // The use of ECC 192/224 is blocked starting from Intel® CSME 18.0.
}

INPUTS Request Types.

type AddKey_OUTPUT

type AddKey_OUTPUT struct {
	XMLName     xml.Name           `xml:"AddKey_OUTPUT,omitempty"`
	CreatedKey  CreatedKeyResponse `xml:"CreatedKey,omitempty"`
	ReturnValue ReturnValue        `xml:"ReturnValue,omitempty"`
}

OUTPUTS Response Types.

type AddTrustedRootCertificate_INPUT

type AddTrustedRootCertificate_INPUT struct {
	XMLName         xml.Name `xml:"h:AddTrustedRootCertificate_INPUT"`
	H               string   `xml:"xmlns:h,attr"`
	CertificateBlob string   `xml:"h:CertificateBlob"` // The use of ECC 192/224 is blocked starting from Intel® CSME 18.0.
}

INPUTS Request Types.

type AddTrustedRootCertificate_OUTPUT

type AddTrustedRootCertificate_OUTPUT struct {
	XMLName            xml.Name                   `xml:"AddTrustedRootCertificate_OUTPUT"`
	CreatedCertificate CreatedCertificateResponse `xml:"CreatedCertificate,omitempty"`
	ReturnValue        ReturnValue                `xml:"ReturnValue,omitempty"`
}

OUTPUTS Response Types.

type Body

type Body struct {
	XMLName                               xml.Name                         `xml:"Body"`
	AddTrustedRootCertificate_OUTPUT      AddTrustedRootCertificate_OUTPUT `xml:"AddTrustedRootCertificate_OUTPUT,omitempty"`
	AddCertificate_OUTPUT                 AddCertificate_OUTPUT            `xml:"AddCertificate_OUTPUT,omitempty"`
	AddKey_OUTPUT                         AddKey_OUTPUT                    `xml:"AddKey_OUTPUT,omitempty"`
	GenerateKeyPair_OUTPUT                GenerateKeyPair_OUTPUT           `xml:"GenerateKeyPair_OUTPUT,omitempty"`
	GeneratePKCS10RequestEx_OUTPUT        GeneratePKCS10RequestEx_OUTPUT   `xml:"GeneratePKCS10RequestEx_OUTPUT,omitempty"`
	KeyManagementGetResponse              KeyManagementResponse            `xml:"AMT_PublicKeyManagementService,omitempty"`
	PublicKeyCertificateGetAndPutResponse PublicKeyCertificateResponse     `xml:"AMT_PublicKeyCertificate,omitempty"`
	EnumerateResponse                     common.EnumerateResponse
	PullResponse                          PullResponse
}

OUTPUTS Response Types.

type Certificate

type Certificate struct {
	// contains filtered or unexported fields
}

func NewPublicKeyCertificateWithClient

func NewPublicKeyCertificateWithClient(wsmanMessageCreator *message.WSManMessageCreator, client client.WSMan) Certificate

NewPublicKeyCertificateWithClient instantiates a new Certificate.

func (Certificate) Delete

func (certificate Certificate) Delete(instanceID string) (response Response, err error)

Delete removes a the specified instance.

func (Certificate) Enumerate

func (certificate Certificate) Enumerate() (response Response, err error)

Enumerate returns an enumeration context which is used in a subsequent Pull call.

func (Certificate) Get

func (certificate Certificate) Get(instanceID string) (response Response, err error)

Get retrieves the representation of the instance.

func (Certificate) Pull

func (certificate Certificate) Pull(enumerationContext string) (response Response, err error)

Pull returns the instances of this class. An enumeration context provided by the Enumerate call is used as input.

func (Certificate) Put

func (certificate Certificate) Put(instanceID, cert string) (response Response, err error)

Put will change properties of the selected instance.

type CreatedCertificateResponse

type CreatedCertificateResponse struct {
	XMLName             xml.Name                    `xml:"CreatedCertificate,omitempty"`
	Address             string                      `xml:"Address,omitempty"`
	ReferenceParameters ReferenceParametersResponse `xml:"ReferenceParameters,omitempty"`
}

OUTPUTS Response Types.

type CreatedKeyResponse

type CreatedKeyResponse struct {
	XMLName             xml.Name                    `xml:"CreatedKey,omitempty"`
	Address             string                      `xml:"Address,omitempty"`
	ReferenceParameters ReferenceParametersResponse `xml:"ReferenceParameters,omitempty"`
}

OUTPUTS Response Types.

type EnabledDefault

type EnabledDefault int

EnabledDefault is an integer enumeration that indicates an administrator's default or startup configuration for the Enabled State of an element.

const (
	EnabledDefaultEnabled           EnabledDefault = 2
	EnabledDefaultDisabled          EnabledDefault = 3
	EnabledDefaultNotApplicable     EnabledDefault = 5
	EnabledDefaultEnabledButOffline EnabledDefault = 6
	EnabledDefaultNoDefault         EnabledDefault = 7
	EnabledDefaultQuiesce           EnabledDefault = 9
)

func (EnabledDefault) String added in v2.2.4

func (e EnabledDefault) String() string

String returns the string representation of the EnabledDefault value.

type EnabledState

type EnabledState int

EnabledState is an integer enumeration that indicates the enabled and disabled states of an element.

const (
	EnabledStateUnknown EnabledState = iota
	EnabledStateOther
	EnabledStateEnabled
	EnabledStateDisabled
	EnabledStateShuttingDown
	EnabledStateNotApplicable
	EnabledStateEnabledButOffline
	EnabledStateInTest
	EnabledStateDeferred
	EnabledStateQuiesce
	EnabledStateStarting
)

func (EnabledState) String added in v2.2.4

func (e EnabledState) String() string

String returns the string representation of the EnabledState value.

type GenerateKeyPair_INPUT

type GenerateKeyPair_INPUT struct {
	XMLName      xml.Name     `xml:"h:GenerateKeyPair_INPUT"`
	H            string       `xml:"xmlns:h,attr"`
	KeyAlgorithm KeyAlgorithm `xml:"h:KeyAlgorithm"` // The algorithm of the generated key.
	KeyLength    KeyLength    `xml:"h:KeyLength"`    // The length of the generatd key in bits.
}

INPUTS Request Types.

type GenerateKeyPair_OUTPUT

type GenerateKeyPair_OUTPUT struct {
	XMLName     xml.Name        `xml:"GenerateKeyPair_OUTPUT,omitempty"`
	KeyPair     KeyPairResponse `xml:"KeyPair,omitempty"`
	ReturnValue ReturnValue     `xml:"ReturnValue,omitempty"`
}

OUTPUTS Response Types.

type GeneratePKCS10RequestEx_OUTPUT added in v2.1.7

type GeneratePKCS10RequestEx_OUTPUT struct {
	XMLName                  xml.Name    `xml:"GeneratePKCS10RequestEx_OUTPUT,omitempty"`
	SignedCertificateRequest string      `xml:"SignedCertificateRequest,omitempty"`
	ReturnValue              ReturnValue `xml:"ReturnValue,omitempty"`
}

OUTPUTS Response Types.

type KeyAlgorithm

type KeyAlgorithm int

The algorithm of the generated key.

Required

ValueMap={0, ..}

Values={RSA, Reserved}.

const (
	RSA KeyAlgorithm = 0
)

type KeyLength

type KeyLength int

The length of the generatd key in bits.

const (
	KeyLength2048 KeyLength = 2048
)

type KeyManagementResponse

type KeyManagementResponse struct {
	XMLName                 xml.Name            `xml:"AMT_PublicKeyManagementService,omitempty"`
	CreationClassName       string              `xml:"CreationClassName,omitempty"`       // CreationClassName indicates the name of the class or the subclass that is used in the creation of an instance. When used with the other key properties of this class, this property allows all instances of this class and its subclasses to be uniquely identified.
	ElementName             string              `xml:"ElementName,omitempty"`             // A user-friendly name for the object. This property allows each instance to define a user-friendly name in addition to its key properties, identity data, and description information. Note that the Name property of ManagedSystemElement is also defined as a user-friendly name. But, it is often subclassed to be a Key. It is not reasonable that the same property can convey both identity and a user-friendly name, without inconsistencies. Where Name exists and is not a Key (such as for instances of LogicalDevice), the same information can be present in both the Name and ElementName properties. Note that if there is an associated instance of CIM_EnabledLogicalElementCapabilities, restrictions on this properties may exist as defined in ElementNameMask and MaxElementNameLen properties defined in that class.
	EnabledDefault          EnabledDefault      `xml:"EnabledDefault"`                    // An enumerated value indicating an administrator's default or startup configuration for the Enabled State of an element. By default, the element is "Enabled" (value=2).
	EnabledState            EnabledState        `xml:"EnabledState"`                      // EnabledState is an integer enumeration that indicates the enabled and disabled states of an element.
	Name                    string              `xml:"Name,omitempty"`                    // The Name property uniquely identifies the Service and provides an indication of the functionality that is managed. This functionality is described in more detail in the Description property of the object.
	OperationalStatus       []OperationalStatus `xml:"OperationalStatus,omitempty"`       // Indicates the current statuses of the element.
	RequestedState          RequestedState      `xml:"RequestedState"`                    // RequestedState is an integer enumeration that indicates the last requested or desired state for the element, irrespective of the mechanism through which it was requested.
	SystemCreationClassName string              `xml:"SystemCreationClassName,omitempty"` // The CreationClassName of the scoping System.
	SystemName              string              `xml:"SystemName,omitempty"`              // The Name of the scoping System.
}

OUTPUTS Response Types.

type KeyPair added in v2.1.7

type KeyPair struct {
	XMLName             xml.Name                   `xml:"h:KeyPair,omitempty"`
	Address             string                     `xml:"a:Address,omitempty"`
	ReferenceParameters ReferenceParametersRequest `xml:"a:ReferenceParameters,omitempty"`
}

INPUTS Request Types.

type KeyPairResponse

type KeyPairResponse struct {
	XMLName             xml.Name                    `xml:"KeyPair,omitempty"`
	Address             string                      `xml:"Address,omitempty"`
	ReferenceParameters ReferenceParametersResponse `xml:"ReferenceParameters,omitempty"`
}

OUTPUTS Response Types.

type ManagementService

type ManagementService struct {
	// contains filtered or unexported fields
}

func NewPublicKeyManagementServiceWithClient

func NewPublicKeyManagementServiceWithClient(wsmanMessageCreator *message.WSManMessageCreator, client client.WSMan) ManagementService

NewPublicKeyManagementServiceWithClient instantiates a new ManagementService.

func (ManagementService) AddCertificate

func (managementService ManagementService) AddCertificate(certificateBlob string) (response Response, err error)

This function adds new certificate to the Intel® AMT CertStore. A certificate cannot be removed if it is referenced (for example, used by TLS, 802.1X or EAC).

func (ManagementService) AddKey

func (managementService ManagementService) AddKey(keyBlob string) (response Response, err error)

This function adds new certificate key to the Intel® AMT CertStore. A key cannot be removed if its corresponding certificate is referenced (for example, used by TLS, 802.1X or EAC). After the method succeeds, a new instance of AMT_PublicPrivateKeyPair will be created. Possible return values are: PT_STATUS_SUCCESS(0), PT_STATUS_INTERNAL_ERROR(1), PT_STATUS_MAX_LIMIT_REACHED(23), PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED(38), PT_STATUS_DUPLICATE(2068), PT_STATUS_INVALID_KEY(2062).

func (ManagementService) AddTrustedRootCertificate

func (managementService ManagementService) AddTrustedRootCertificate(certificateBlob string) (response Response, err error)

This function adds new root certificate to the Intel® AMT CertStore. A certificate cannot be removed if it is referenced (for example, used by TLS, 802.1X or EAC).

func (ManagementService) Delete

func (managementService ManagementService) Delete(instanceID string) (response Response, err error)

Delete removes a the specified instance.

func (ManagementService) Enumerate

func (managementService ManagementService) Enumerate() (response Response, err error)

Enumerate returns an enumeration context which is used in a subsequent Pull call.

func (ManagementService) GenerateKeyPair

func (managementService ManagementService) GenerateKeyPair(keyAlgorithm KeyAlgorithm, keyLength KeyLength) (response Response, err error)

This API is used to generate a key in the FW.

func (ManagementService) GeneratePKCS10RequestEx

func (managementService ManagementService) GeneratePKCS10RequestEx(keyPair, nullSignedCertificateRequest string, signingAlgorithm SigningAlgorithm) (response Response, err error)

This API is used to create a PKCS#10 certificate signing request based on a key from the key store.

func (ManagementService) Get

func (managementService ManagementService) Get() (response Response, err error)

Get retrieves the representation of the instance.

func (ManagementService) Pull

func (managementService ManagementService) Pull(enumerationContext string) (response Response, err error)

Pull returns the instances of this class. An enumeration context provided by the Enumerate call is used as input.

type OperationalStatus

type OperationalStatus int

OperationalStatus is an integer enumeration that indicates the current statuses of the element.

const (
	OperationalStatusUnknown OperationalStatus = iota
	OperationalStatusOther
	OperationalStatusOK
	OperationalStatusDegraded
	OperationalStatusStressed
	OperationalStatusPredictiveFailure
	OperationalStatusError
	OperationalStatusNonRecoverableError
	OperationalStatusStarting
	OperationalStatusStopping
	OperationalStatusStopped
	OperationalStatusInService
	OperationalStatusNoContact
	OperationalStatusLostCommunication
	OperationalStatusAborted
	OperationalStatusDormant
	OperationalStatusSupportingEntityInError
	OperationalStatusCompleted
	OperationalStatusPowerMode
	OperationalStatusRelocating
)

func (OperationalStatus) String added in v2.2.4

func (o OperationalStatus) String() string

String returns the string representation of the OperationalStatus value.

type PKCS10Request

type PKCS10Request struct {
	XMLName                      xml.Name         `xml:"h:GeneratePKCS10RequestEx_INPUT"`
	H                            string           `xml:"xmlns:h,attr"`
	KeyPair                      KeyPair          `xml:"h:KeyPair"`
	SigningAlgorithm             SigningAlgorithm `xml:"h:SigningAlgorithm"`             // The signing algorithm that the FW should use for signing the certificate request
	NullSignedCertificateRequest string           `xml:"h:NullSignedCertificateRequest"` // A binary representation of the null-signed PKCS#10 request.the request must include a valid PKCS10RequestInfo, that will be signed by AMT FW. The Public Key specified in the request must match the public key of the referenced KeyPair parameter.
}

INPUTS Request Types.

type PublicKeyCertificateRequest

type PublicKeyCertificateRequest struct {
	XMLName                xml.Name `xml:"h:AMT_PublicKeyCertificate"`
	H                      string   `xml:"xmlns:h,attr"`
	ElementName            string   `xml:"h:ElementName"`            // A user-friendly name for the object. This property allows each instance to define a user-friendly name in addition to its key properties, identity data, and description information. Note that the Name property of ManagedSystemElement is also defined as a user-friendly name. But, it is often subclassed to be a Key. It is not reasonable that the same property can convey both identity and a user-friendly name, without inconsistencies. Where Name exists and is not a Key (such as for instances of LogicalDevice), the same information can be present in both the Name and ElementName properties. Note that if there is an associated instance of CIM_EnabledLogicalElementCapabilities, restrictions on this properties may exist as defined in ElementNameMask and MaxElementNameLen properties defined in that class.
	InstanceID             string   `xml:"h:InstanceID"`             // Within the scope of the instantiating Namespace, InstanceID opaquely and uniquely identifies an instance of this class.
	X509Certificate        string   `xml:"h:X509Certificate"`        // uint8[4100] // The X.509 Certificate blob.
	TrustedRootCertificate bool     `xml:"h:TrustedRootCertificate"` // For root certificate [that were added by AMT_PublicKeyManagementService.AddTrustedRootCertificate()]this property will be true.
	Issuer                 string   `xml:"h:Issuer"`                 // The Issuer field of this certificate.
	Subject                string   `xml:"h:Subject"`                // The Subject field of this certificate.
	ReadOnlyCertificate    bool     `xml:"h:ReadOnlyCertificate"`    // Indicates whether the certificate is an Intel AMT self-signed certificate. If True, the certificate cannot be deleted.
}

INPUTS Request Types.

type PublicKeyCertificateResponse

type PublicKeyCertificateResponse struct {
	XMLName                xml.Name `xml:"AMT_PublicKeyCertificate,omitempty"`
	ElementName            string   `xml:"ElementName,omitempty"`     // A user-friendly name for the object . . .
	InstanceID             string   `xml:"InstanceID,omitempty"`      // Within the scope of the instantiating Namespace, InstanceID opaquely and uniquely identifies an instance of this class.
	X509Certificate        string   `xml:"X509Certificate,omitempty"` // uint8[4100] // The X.509 Certificate blob.
	TrustedRootCertificate bool     `xml:"TrustedRootCertficate"`     // For root certificate [that were added by AMT_PublicKeyManagementService.AddTrustedRootCertificate()]this property will be true. FYI Certificate is spelled wrong comimg from AMT.
	Issuer                 string   `xml:"Issuer,omitempty"`          // The Issuer field of this certificate.
	Subject                string   `xml:"Subject,omitempty"`         // The Subject field of this certificate.
	ReadOnlyCertificate    bool     `xml:"ReadOnlyCertificate"`       // Indicates whether the certificate is an Intel AMT self-signed certificate. If True, the certificate cannot be deleted.
}

OUTPUTS Response Types.

type PullResponse

type PullResponse struct {
	XMLName                   xml.Name                       `xml:"PullResponse,omitempty"`
	KeyManagementItems        []KeyManagementResponse        `xml:"Items>AMT_PublicKeyManagementService,omitempty"`
	PublicKeyCertificateItems []PublicKeyCertificateResponse `xml:"Items>AMT_PublicKeyCertificate,omitempty"`
}

OUTPUTS Response Types.

type ReferenceParametersRequest added in v2.1.7

type ReferenceParametersRequest struct {
	XMLName     xml.Name           `xml:"a:ReferenceParameters,omitempty"`
	ResourceURI string             `xml:"w:ResourceURI"`
	SelectorSet SelectorSetRequest `xml:"w:SelectorSet,omitempty"`
}

INPUTS Request Types.

type ReferenceParametersResponse

type ReferenceParametersResponse struct {
	XMLName     xml.Name            `xml:"ReferenceParameters,omitempty"`
	ResourceURI string              `xml:"ResourceURI,omitempty"`
	SelectorSet SelectorSetResponse `xml:"SelectorSet,omitempty"`
}

OUTPUTS Response Types.

type RequestedState

type RequestedState int

RequestedState is an integer enumeration that indicates the last requested or desired state for the element, irrespective of the mechanism through which it was requested.

const (
	RequestedStateUnknown       RequestedState = 0
	RequestedStateEnabled       RequestedState = 2
	RequestedStateDisabled      RequestedState = 3
	RequestedStateShutDown      RequestedState = 4
	RequestedStateNoChange      RequestedState = 5
	RequestedStateOffline       RequestedState = 6
	RequestedStateTest          RequestedState = 7
	RequestedStateDeferred      RequestedState = 8
	RequestedStateQuiesce       RequestedState = 9
	RequestedStateReboot        RequestedState = 10
	RequestedStateReset         RequestedState = 11
	RequestedStateNotApplicable RequestedState = 12
)

func (RequestedState) String added in v2.2.4

func (r RequestedState) String() string

String returns the string representation of the RequestedState value.

type Response

type Response struct {
	*client.Message
	XMLName xml.Name       `xml:"Envelope"`
	Header  message.Header `xml:"Header"`
	Body    Body           `xml:"Body"`
}

OUTPUTS Response Types.

func (*Response) JSON

func (r *Response) JSON() string

JSON marshals the type into JSON format.

func (*Response) YAML

func (r *Response) YAML() string

YAML marshals the type into YAML format.

type ReturnValue added in v2.2.4

type ReturnValue int

ReturnValue is an integer enumeration that indicates the return status of the method.

const (
	ReturnValueSuccess                 ReturnValue = 0
	ReturnValueInternalError           ReturnValue = 1
	ReturnValueNotPermitted            ReturnValue = 16
	ReturnValueMaxLimitReached         ReturnValue = 23
	ReturnValueInvalidParameter        ReturnValue = 36
	ReturnValueFlashWriteLimitExceeded ReturnValue = 38
	ReturnValueDuplicate               ReturnValue = 2058
	ReturnValueInvalidKeyLength        ReturnValue = 2062
	ReturnValueInvalidCert             ReturnValue = 2063
	ReturnValueUnsupported             ReturnValue = 2066
	ReturnValueOperationInProgress     ReturnValue = 2082
)

func (ReturnValue) String added in v2.2.4

func (p ReturnValue) String() string

String returns the string representation of the ReturnValue value.

type SelectorRequest added in v2.1.7

type SelectorRequest struct {
	XMLName xml.Name `xml:"w:Selector,omitempty"`
	Name    string   `xml:"Name,attr"`
	Text    string   `xml:",chardata"`
}

INPUTS Request Types.

type SelectorResponse

type SelectorResponse struct {
	XMLName xml.Name `xml:"Selector,omitempty"`
	Name    string   `xml:"Name,attr"`
	Text    string   `xml:",chardata"`
}

OUTPUTS Response Types.

type SelectorSetRequest added in v2.1.7

type SelectorSetRequest struct {
	XMLName   xml.Name          `xml:"w:SelectorSet,omitempty"`
	Selectors []SelectorRequest `xml:"w:Selector"`
}

INPUTS Request Types.

type SelectorSetResponse

type SelectorSetResponse struct {
	XMLName   xml.Name           `xml:"SelectorSet,omitempty"`
	Selectors []SelectorResponse `xml:"Selector,omitempty"`
}

OUTPUTS Response Types.

type SigningAlgorithm

type SigningAlgorithm int

The signing algorithm that the FW should use for signing the certificate request

Required

ValueMap={0, 1, ..}

Values={SHA1-RSA, SHA256-RSA, Reserved} Note: SHA1 is no longer available starting from Intel CSME 18.0.

const (
	SHA1RSA SigningAlgorithm = iota
	SHA256RSA
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL