Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var DiceOID = asn1.ObjectIdentifier{2, 23, 133, 5, 4, 1}
DiceOID is the standard object identifier for the DICE extension
View Source
var DiceTcbInfoOid = asn1.ObjectIdentifier{2, 23, 133, 5, 4, 2}
DiceTcbInfoOid encodes the TCBInfo extension OID
Functions ¶
This section is empty.
Types ¶
type CompositeDeviceID ¶
type CompositeDeviceID struct {
Version int
DeviceID SubjectPublicKeyInfo
Fwid FirmwareID
}
CompositeDeviceID combines the firmware id with
type DiceData ¶
type DiceData struct {
Oid asn1.ObjectIdentifier
CompositeDeviceID CompositeDeviceID
}
DiceData is the attestation data encapsulated in the DiceExtension nolint: golint
type DiceExtension ¶
type DiceExtension struct {
DiceData `asn1:"tag:0,implicit,optional"`
}
DiceExtension is the x509 v3 extension for DICE attestation. nolint: golint
func (*DiceExtension) UnmarshalDER ¶
func (re *DiceExtension) UnmarshalDER(data []byte) ([]byte, error)
UnmarshalDER populates the DiceExtension from the provided DER-encoded data extracted from the certificate extension.
type FirmwareID ¶
type FirmwareID struct {
HashAlg asn1.ObjectIdentifier
Fwid []byte
}
FirmwareID contains the digest that is result of applying the specified hash algorithm over the object being measured.
type FwID ¶
type FwID struct {
// HashAlg is an algorithm identifier for the hash algorithm used to
// produce the Digest value.
HashAlg asn1.ObjectIdentifier
// Digest is a digest of firmware, initialization values or other
// settings of the target TCB.
Digest []byte
}
type SubjectPublicKeyInfo ¶
type SubjectPublicKeyInfo struct {
Algorithm pkix.AlgorithmIdentifier
SubjectPublicKey asn1.BitString
}
This structure is defined in pkix package but is not exported, so re-definding here.
type TcbInfo ¶
type TcbInfo struct {
// Vender is the entity that created the target TCB (e.g., a TCI
// value).
Vendor string `asn1:"tag:0,implicit,optional,utf8"`
// Model is the product name associated with the target TCB.
Model string `asn1:"tag:1,implicit,optional,utf8"`
// Version is the revision string associated with the target TCB.
Version string `asn1:"tag:2,implicit,optional,utf8"`
// Svn is the security version number associated with the target TCB.
Svn int `asn1:"tag:3,implicit,optional"`
// Layer is the DICE layer associated with the target TCB.
Layer int `asn1:"tag:4,implicit,optional"`
// Index enumerates assests or keys within the target TCB and DICE
// layer.
Index int `asn1:"tag:5,implicit,optional"`
// FwIDList is a list of FWID valuees resulting from applying the
// HashAlg function over the target TCB values used to compute TCI and
// CDI values. It is computed by the DICE layer that is the Attesting
// Environment and certificate Issues.
FwIDList []FwID `asn1:"tag:6,implicit,optional,omitempty"`
// Flags enumerates possible TCB states. A TCB MAY operate according to
// combinations of these operational states (in bit order, starting
// with bit 0): notConfigured, notSecure, recover, debug.
Flags asn1.BitString `asn1:"tag:7,implicit,optional"`
// VendorInfo contains vendor-supplied values that encode vendor-,
// model-, or device-specific state.
VendorInfo []byte `asn1:"tag:8,implicit,optional,omitempty"`
}
func (TcbInfo) IsNotConfigured ¶
func (TcbInfo) IsNotSecure ¶
func (TcbInfo) IsRecovery ¶
Source Files
Click to show internal directories.
Click to hide internal directories.