psatoken

package module
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 30, 2023 License: Apache-2.0 Imports: 20 Imported by: 14

README

Features

This is a compliant implementation of three specifications:

The package exposes the following functionalities:

  • get / set claims in a profile independent way
  • validate the claims-set
  • sign / verify (using COSE_Sign1) the claims-set

Make targets

  • make test (or just make) to run the unit tests;

Documentation

Overview

CCA platform Claims

Package psatoken provides an implementation of the following two PSA attestation token profiles: PSA_IOT_PROFILE_1 and http://arm.com/psa/2.0.0

Creating a PSA Token

The creation of a PSA Token with profile http://arm.com/psa/2.0.0 comprises the following steps (error checking omitted for brevity):

1. Create a claims-set with the desired profile: 

claims, _ := NewClaims(PsaProfile2)

  1. Populate the mandatory part of the claims-set using the provided setter methods

    _ = claims.SetClientID(myClientID) _ = claims.SetSecurityLifeCycle(mySecurityLifeCycle) _ = claims.SetImplID(myImplID) _ = claims.SetInstID(myInstID) _ = claims.SetNonce(myNonce) _ = claims.SetSoftwareComponents(mySwComponents)

3. Populate any remaining optional claims: 

_ = claims.SetBootSeed(myBootSeed)
_ = claims.SetCertificationReference(myCertificationReference)
_ = claims.SetVSI(myVSI)

  1. Add the claims to a psatoken.Evidence object (this will check the claims-set syntactic validity):

    evidence := psatoken.Evidence{}

    _ := evidence.SetClaims(claims)

4. Seal the evidence and serialize it to CBOR: 

// create a cose.Signer from private key
signer, _ := cose.NewSignerFromKey(alg, key)

cwt, _ := evidence.Sign(signer)

The output is a COSE Web Token that can be used as PDU in an attestation protocol.

Consuming a PSA Token

Consuming a PSA Token comprises the following steps:

1. Decode the COSE Web Token: 

evidence := psatoken.Evidence{}

_ := evidence.FromCOSE(cwt)

  1. Verify using the public key associated with the InstanceID claim contained in the token:

    // Lookup the verification public key (crypto.PublicKey) using the // InstanceID pk := myTrustAnchorStore.Lookup(evidence.GetInstanceID()

    err := evidence.Verify(pk) if err != nil { // handle error }

3. If cryptographic verification is successful, the PSA claims can be safely processed, e.g.: 

myPolicy.VerifyAttestation(evidence.Claims)

Index

Constants

View Source 
const (
	ImplIDLen = 32 // psa-implementation-id size (bytes .size 32)
	InstIDLen = 33 // psa-instance-id size (bytes .size 33)
)
View Source 
const (
	// PsaProfile1 is the legacy profile defined in
	// draft-tschofenig-rats-psa-token-07 and earlier
	// nolint
	PsaProfile1 = "PSA_IOT_PROFILE_1"

	// PsaProfile2 is the new profile in
	// draft-tschofenig-rats-psa-token-08 and newer
	// which uses EAT claims where possible
	// nolint
	PsaProfile2 = "http://arm.com/psa/2.0.0"

	// CcaProfile is the new profile as defined in
	// RMM Monitor Specification, which uses EAT claims
	// where possible
	// nolint
	CcaProfile = "http://arm.com/CCA-SSD/1.0.0"
)
View Source 
const (
	SecurityLifecycleUnknownMin                = 0x0000
	SecurityLifecycleUnknownMax                = 0x00ff
	SecurityLifecycleAssemblyAndTestMin        = 0x1000
	SecurityLifecycleAssemblyAndTestMax        = 0x10ff
	SecurityLifecyclePsaRotProvisioningMin     = 0x2000
	SecurityLifecyclePsaRotProvisioningMax     = 0x20ff
	SecurityLifecycleSecuredMin                = 0x3000
	SecurityLifecycleSecuredMax                = 0x30ff
	SecurityLifecycleNonPsaRotDebugMin         = 0x4000
	SecurityLifecycleNonPsaRotDebugMax         = 0x40ff
	SecurityLifecycleRecoverablePsaRotDebugMin = 0x5000
	SecurityLifecycleRecoverablePsaRotDebugMax = 0x50ff
	SecurityLifecycleDecommissionedMin         = 0x6000
	SecurityLifecycleDecommissionedMax         = 0x60ff
)
View Source 
const (
	CcaPlatformLifecycleUnknownMin                     = 0x0000
	CcaPlatformLifecycleUnknownMax                     = 0x00ff
	CcaPlatformLifecycleAssemblyAndTestMin             = 0x1000
	CcaPlatformLifecycleAssemblyAndTestMax             = 0x10ff
	CcaPlatformLifecycleRotProvisioningMin             = 0x2000
	CcaPlatformLifecycleRotProvisioningMax             = 0x20ff
	CcaPlatformLifecycleSecuredMin                     = 0x3000
	CcaPlatformLifecycleSecuredMax                     = 0x30ff
	CcaPlatformLifecycleNonCcaPlatformDebugMin         = 0x4000
	CcaPlatformLifecycleNonCcaPlatformDebugMax         = 0x40ff
	CcaPlatformLifecycleRecoverableCcaPlatformDebugMin = 0x5000
	CcaPlatformLifecycleRecoverableCcaPlatformDebugMax = 0x50ff
	CcaPlatformLifecycleDecommissionedMin              = 0x6000
	CcaPlatformLifecycleDecommissionedMax              = 0x60ff
)

Variables

View Source 
var (
	CertificationReferenceP1RE = regexp.MustCompile(`^\d{13}$`)
	CertificationReferenceP2RE = regexp.MustCompile(`^\d{13}-\d{5}$`)
)
View Source 
var (
	ErrClaimUndefined        = errors.New("undefined claim")
	ErrOptionalClaimMissing  = errors.New("missing optional claim")
	ErrMandatoryClaimMissing = errors.New("missing mandatory claim")
	ErrWrongClaimSyntax      = errors.New("wrong syntax for claim")
	ErrWrongProfile          = errors.New("wrong profile")
)

Functions

This section is empty.

Types

type CcaLifeCycleState added in v1.1.0 

type CcaLifeCycleState uint16
const (
	CcaStateUnknown CcaLifeCycleState = iota
	CcaStateAssemblyAndTest
	CcaStateCcaRotProvisioning
	CcaStateSecured
	CcaStateNonCcaPlatformDebug
	CcaStateRecoverableCcaPlatformDebug
	CcaStateDecommissioned

	CcaStateInvalid // must be last
)

func CcaLifeCycleToState added in v1.1.0 

func CcaLifeCycleToState(v uint16) CcaLifeCycleState

func (CcaLifeCycleState) IsValid added in v1.1.0 

func (o CcaLifeCycleState) IsValid() bool

func (CcaLifeCycleState) String added in v1.1.0 

func (o CcaLifeCycleState) String() string

type CcaPlatformClaims added in v1.0.0 

type CcaPlatformClaims struct {
	Profile      *eat.Profile   `cbor:"265,keyasint" json:"cca-platform-profile"`
	Challenge    *eat.Nonce     `cbor:"10,keyasint" json:"cca-platform-challenge"`
	ImplID       *[]byte        `cbor:"2396,keyasint" json:"cca-platform-implementation-id"`
	InstID       *eat.UEID      `cbor:"256,keyasint" json:"cca-platform-instance-id"`
	Config       *[]byte        `cbor:"2401,keyasint" json:"cca-platform-config"`
	LifeCycle    *uint16        `cbor:"2395,keyasint" json:"cca-platform-lifecycle"`
	SwComponents *[]SwComponent `cbor:"2399,keyasint" json:"cca-platform-sw-components"`

	VSI       *string `cbor:"2400,keyasint,omitempty" json:"cca-platform-service-indicator,omitempty"`
	HashAlgID *string `cbor:"2402,keyasint" json:"cca-platform-hash-algo-id"`
}

func (*CcaPlatformClaims) FromCBOR added in v1.0.0 

func (c *CcaPlatformClaims) FromCBOR(buf []byte) error

func (*CcaPlatformClaims) FromJSON added in v1.0.0 

func (c *CcaPlatformClaims) FromJSON(buf []byte) error

func (*CcaPlatformClaims) FromUnvalidatedCBOR added in v1.2.0 

func (c *CcaPlatformClaims) FromUnvalidatedCBOR(buf []byte) error

func (*CcaPlatformClaims) FromUnvalidatedJSON added in v1.2.0 

func (c *CcaPlatformClaims) FromUnvalidatedJSON(buf []byte) error

func (CcaPlatformClaims) GetBootSeed added in v1.0.0 

func (c CcaPlatformClaims) GetBootSeed() ([]byte, error)

func (CcaPlatformClaims) GetCertificationReference added in v1.0.0 

func (c CcaPlatformClaims) GetCertificationReference() (string, error)

func (CcaPlatformClaims) GetClientID added in v1.0.0 

func (c CcaPlatformClaims) GetClientID() (int32, error)

func (CcaPlatformClaims) GetConfig added in v1.0.0 

func (c CcaPlatformClaims) GetConfig() ([]byte, error)

func (CcaPlatformClaims) GetHashAlgID added in v1.0.0 

func (c CcaPlatformClaims) GetHashAlgID() (string, error)

func (CcaPlatformClaims) GetImplID added in v1.0.0 

func (c CcaPlatformClaims) GetImplID() ([]byte, error)

func (CcaPlatformClaims) GetInstID added in v1.0.0 

func (c CcaPlatformClaims) GetInstID() ([]byte, error)

func (CcaPlatformClaims) GetNonce added in v1.0.0 

func (c CcaPlatformClaims) GetNonce() ([]byte, error)

func (CcaPlatformClaims) GetProfile added in v1.0.0 

func (c CcaPlatformClaims) GetProfile() (string, error)

func (CcaPlatformClaims) GetSecurityLifeCycle added in v1.0.0 

func (c CcaPlatformClaims) GetSecurityLifeCycle() (uint16, error)

func (CcaPlatformClaims) GetSoftwareComponents added in v1.0.0 

func (c CcaPlatformClaims) GetSoftwareComponents() ([]SwComponent, error)

func (CcaPlatformClaims) GetVSI added in v1.0.0 

func (c CcaPlatformClaims) GetVSI() (string, error)

func (*CcaPlatformClaims) SetBootSeed added in v1.0.0 

func (c *CcaPlatformClaims) SetBootSeed(v []byte) error

func (*CcaPlatformClaims) SetCertificationReference added in v1.0.0 

func (c *CcaPlatformClaims) SetCertificationReference(v string) error

func (CcaPlatformClaims) SetClientID added in v1.0.0 

func (c CcaPlatformClaims) SetClientID(int32) error

func (*CcaPlatformClaims) SetConfig added in v1.0.0 

func (c *CcaPlatformClaims) SetConfig(v []byte) error

func (*CcaPlatformClaims) SetHashAlgID added in v1.0.0 

func (c *CcaPlatformClaims) SetHashAlgID(v string) error

func (*CcaPlatformClaims) SetImplID added in v1.0.0 

func (c *CcaPlatformClaims) SetImplID(v []byte) error

func (*CcaPlatformClaims) SetInstID added in v1.0.0 

func (c *CcaPlatformClaims) SetInstID(v []byte) error

func (*CcaPlatformClaims) SetNonce added in v1.0.0 

func (c *CcaPlatformClaims) SetNonce(v []byte) error

func (*CcaPlatformClaims) SetSecurityLifeCycle added in v1.0.0 

func (c *CcaPlatformClaims) SetSecurityLifeCycle(v uint16) error

func (*CcaPlatformClaims) SetSoftwareComponents added in v1.0.0 

func (c *CcaPlatformClaims) SetSoftwareComponents(scs []SwComponent) error

func (*CcaPlatformClaims) SetVSI added in v1.0.0 

func (c *CcaPlatformClaims) SetVSI(v string) error

func (CcaPlatformClaims) ToCBOR added in v1.0.0 

func (c CcaPlatformClaims) ToCBOR() ([]byte, error)

func (CcaPlatformClaims) ToJSON added in v1.0.0 

func (c CcaPlatformClaims) ToJSON() ([]byte, error)

func (CcaPlatformClaims) ToUnvalidatedCBOR added in v1.2.0 

func (c CcaPlatformClaims) ToUnvalidatedCBOR() ([]byte, error)

func (CcaPlatformClaims) ToUnvalidatedJSON added in v1.2.0 

func (c CcaPlatformClaims) ToUnvalidatedJSON() ([]byte, error)

func (CcaPlatformClaims) Validate added in v1.0.0 

func (c CcaPlatformClaims) Validate() error

Semantic validation

type Evidence added in v1.0.0 

type Evidence struct {
	Claims IClaims
	// contains filtered or unexported fields
}

Evidence is the wrapper around the PSA token, including the COSE envelope and the underlying claims nolint: golint

func (*Evidence) FromCOSE added in v1.0.0 

func (e *Evidence) FromCOSE(cwt []byte) error

FromCOSE extracts the PSA claims wrapped in the supplied CWT. As per spec, the only acceptable security envelope is COSE_Sign1.

func (*Evidence) FromUnvalidatedCOSE added in v1.2.0 

func (e *Evidence) FromUnvalidatedCOSE(cwt []byte) error

FromUnvalidatedCOSE extracts unvalidated claims wrapped in the supplied CWT. As per spec, the only acceptable security envelope is COSE_Sign1.

func (*Evidence) GetImplementationID added in v1.0.0 

func (e *Evidence) GetImplementationID() *[]byte

GetImplementationID returns the ImplementationID claim from the PSA token or a nil pointer if no suitable ImplementationID could be located.

func (*Evidence) GetInstanceID added in v1.0.0 

func (e *Evidence) GetInstanceID() *[]byte

GetInstanceID returns the InstanceID claim that is to be used to locate the verification key or a nil pointer if no suitable InstanceID could be located. A call to this function on Evidence that has not been successfully verified is meaningless.

func (*Evidence) SetClaims added in v1.0.0 

func (e *Evidence) SetClaims(claims IClaims) error

SetClaims attaches the supplied claims to the Evidence instance. Only successfully validated claims are allowed to be set.

func (*Evidence) Sign added in v1.0.0 

func (e *Evidence) Sign(signer cose.Signer) ([]byte, error)

Sign returns the Evidence wrapped in a CWT according to the supplied go-cose Signer. (For now only COSE-Sign1 is supported.)

func (*Evidence) SignUnvalidated added in v1.2.0 

func (e *Evidence) SignUnvalidated(signer cose.Signer) ([]byte, error)

SignUnvalidated returns the Evidence wrapped in a CWT according to the supplied go-cose Signer. (For now only COSE-Sign1 is supported.) Unlike Sign, this does not validate the evidence before signing.

func (*Evidence) Verify added in v1.0.0 

func (e *Evidence) Verify(pk crypto.PublicKey) error

Verify verifies any attached signature for the Evidence.

type IClaims added in v1.0.0 

type IClaims interface {
	// Getters
	GetProfile() (string, error)
	GetClientID() (int32, error)
	GetSecurityLifeCycle() (uint16, error)
	GetImplID() ([]byte, error)
	GetBootSeed() ([]byte, error)
	GetCertificationReference() (string, error)
	GetSoftwareComponents() ([]SwComponent, error)
	GetNonce() ([]byte, error)
	GetInstID() ([]byte, error)
	GetVSI() (string, error)
	GetConfig() ([]byte, error)
	GetHashAlgID() (string, error)

	// Setters
	SetClientID(int32) error
	SetSecurityLifeCycle(uint16) error
	SetImplID([]byte) error
	SetBootSeed([]byte) error
	SetCertificationReference(string) error
	SetSoftwareComponents([]SwComponent) error
	SetNonce([]byte) error
	SetInstID([]byte) error
	SetVSI(string) error
	SetConfig([]byte) error
	SetHashAlgID(string) error

	// CBOR codecs
	FromCBOR([]byte) error
	ToCBOR() ([]byte, error)
	FromUnvalidatedCBOR([]byte) error
	ToUnvalidatedCBOR() ([]byte, error)

	// JSON codecs
	FromJSON([]byte) error
	ToJSON() ([]byte, error)
	FromUnvalidatedJSON([]byte) error
	ToUnvalidatedJSON() ([]byte, error)

	// Semantic validation
	Validate() error
}

IClaims provides a uniform interface for dealing with claims in all supported profiles

func DecodeClaims added in v1.0.0 

func DecodeClaims(buf []byte) (IClaims, error)

func DecodeJSONClaims added in v1.0.0 

func DecodeJSONClaims(buf []byte) (IClaims, error)

func DecodeUnvalidatedClaims added in v1.2.0 

func DecodeUnvalidatedClaims(buf []byte) (IClaims, error)

func DecodeUnvalidatedJSONClaims added in v1.2.0 

func DecodeUnvalidatedJSONClaims(buf []byte) (IClaims, error)

func NewClaims added in v1.0.0 

func NewClaims(profile string) (IClaims, error)

type P1Claims added in v1.0.0 

type P1Claims struct {
	Profile                *string        `cbor:"-75000,keyasint,omitempty" json:"psa-profile"`
	ClientID               *int32         `cbor:"-75001,keyasint" json:"psa-client-id"`
	SecurityLifeCycle      *uint16        `cbor:"-75002,keyasint" json:"psa-security-lifecycle"`
	ImplID                 *[]byte        `cbor:"-75003,keyasint" json:"psa-implementation-id"`
	BootSeed               *[]byte        `cbor:"-75004,keyasint" json:"psa-boot-seed"`
	CertificationReference *string        `cbor:"-75005,keyasint,omitempty" json:"psa-hwver,omitempty"`
	SwComponents           *[]SwComponent `cbor:"-75006,keyasint,omitempty" json:"psa-software-components,omitempty"`
	NoSwMeasurements       *uint          `cbor:"-75007,keyasint,omitempty" json:"psa-no-software-measurements,omitempty"`
	Nonce                  *[]byte        `cbor:"-75008,keyasint" json:"psa-nonce"`
	InstID                 *[]byte        `cbor:"-75009,keyasint" json:"psa-instance-id"`
	VSI                    *string        `cbor:"-75010,keyasint,omitempty" json:"psa-verification-service-indicator,omitempty"`
}

P1Claims are associated with profile "PSA_IOT_PROFILE_1"

func (*P1Claims) FromCBOR added in v1.0.0 

func (c *P1Claims) FromCBOR(buf []byte) error

func (*P1Claims) FromJSON added in v1.0.0 

func (c *P1Claims) FromJSON(buf []byte) error

func (*P1Claims) FromUnvalidatedCBOR added in v1.2.0 

func (c *P1Claims) FromUnvalidatedCBOR(buf []byte) error

func (*P1Claims) FromUnvalidatedJSON added in v1.2.0 

func (c *P1Claims) FromUnvalidatedJSON(buf []byte) error

func (P1Claims) GetBootSeed added in v1.0.0 

func (c P1Claims) GetBootSeed() ([]byte, error)

func (P1Claims) GetCertificationReference added in v1.0.0 

func (c P1Claims) GetCertificationReference() (string, error)

func (P1Claims) GetClientID added in v1.0.0 

func (c P1Claims) GetClientID() (int32, error)

func (P1Claims) GetConfig added in v1.0.0 

func (c P1Claims) GetConfig() ([]byte, error)

func (P1Claims) GetHashAlgID added in v1.0.0 

func (c P1Claims) GetHashAlgID() (string, error)

func (P1Claims) GetImplID added in v1.0.0 

func (c P1Claims) GetImplID() ([]byte, error)

func (P1Claims) GetInstID added in v1.0.0 

func (c P1Claims) GetInstID() ([]byte, error)

func (P1Claims) GetNonce added in v1.0.0 

func (c P1Claims) GetNonce() ([]byte, error)

func (P1Claims) GetProfile added in v1.0.0 

func (c P1Claims) GetProfile() (string, error)

func (P1Claims) GetSecurityLifeCycle added in v1.0.0 

func (c P1Claims) GetSecurityLifeCycle() (uint16, error)

func (P1Claims) GetSoftwareComponents added in v1.0.0 

func (c P1Claims) GetSoftwareComponents() ([]SwComponent, error)

Caveat: this may return nil on success if psa-no-sw-measurement is asserted

func (P1Claims) GetVSI added in v1.0.0 

func (c P1Claims) GetVSI() (string, error)

func (*P1Claims) SetBootSeed added in v1.0.0 

func (c *P1Claims) SetBootSeed(v []byte) error

func (*P1Claims) SetCertificationReference added in v1.0.0 

func (c *P1Claims) SetCertificationReference(v string) error

func (*P1Claims) SetClientID added in v1.0.0 

func (c *P1Claims) SetClientID(v int32) error

func (*P1Claims) SetConfig added in v1.0.0 

func (c *P1Claims) SetConfig(v []byte) error

func (*P1Claims) SetHashAlgID added in v1.0.0 

func (c *P1Claims) SetHashAlgID(v string) error

func (*P1Claims) SetImplID added in v1.0.0 

func (c *P1Claims) SetImplID(v []byte) error

func (*P1Claims) SetInstID added in v1.0.0 

func (c *P1Claims) SetInstID(v []byte) error

func (*P1Claims) SetNonce added in v1.0.0 

func (c *P1Claims) SetNonce(v []byte) error

func (*P1Claims) SetSecurityLifeCycle added in v1.0.0 

func (c *P1Claims) SetSecurityLifeCycle(v uint16) error

func (*P1Claims) SetSoftwareComponents added in v1.0.0 

func (c *P1Claims) SetSoftwareComponents(scs []SwComponent) error

pass scs==nil to set the no-sw-measurements flag

func (*P1Claims) SetVSI added in v1.0.0 

func (c *P1Claims) SetVSI(v string) error

func (P1Claims) ToCBOR added in v1.0.0 

func (c P1Claims) ToCBOR() ([]byte, error)

func (P1Claims) ToJSON added in v1.0.0 

func (c P1Claims) ToJSON() ([]byte, error)

func (P1Claims) ToUnvalidatedCBOR added in v1.2.0 

func (c P1Claims) ToUnvalidatedCBOR() ([]byte, error)

func (P1Claims) ToUnvalidatedJSON added in v1.2.0 

func (c P1Claims) ToUnvalidatedJSON() ([]byte, error)

func (P1Claims) Validate added in v1.0.0 

func (c P1Claims) Validate() error

Semantic validation

type P2Claims added in v1.0.0 

type P2Claims struct {
	Profile                *eat.Profile   `cbor:"265,keyasint" json:"eat-profile"`
	ClientID               *int32         `cbor:"2394,keyasint" json:"psa-client-id"`
	SecurityLifeCycle      *uint16        `cbor:"2395,keyasint" json:"psa-security-lifecycle"`
	ImplID                 *[]byte        `cbor:"2396,keyasint" json:"psa-implementation-id"`
	BootSeed               *[]byte        `cbor:"2397,keyasint,omitempty" json:"psa-boot-seed,omitempty"`
	CertificationReference *string        `cbor:"2398,keyasint,omitempty" json:"psa-certification-reference,omitempty"`
	SwComponents           *[]SwComponent `cbor:"2399,keyasint" json:"psa-software-components"`
	Nonce                  *eat.Nonce     `cbor:"10,keyasint" json:"psa-nonce"`
	InstID                 *eat.UEID      `cbor:"256,keyasint" json:"psa-instance-id"`
	VSI                    *string        `cbor:"2400,keyasint,omitempty" json:"psa-verification-service-indicator,omitempty"`
}

P2Claims are associated with profile "http://arm.com/psa/2.0.0"

func (*P2Claims) FromCBOR added in v1.0.0 

func (c *P2Claims) FromCBOR(buf []byte) error

func (*P2Claims) FromJSON added in v1.0.0 

func (c *P2Claims) FromJSON(buf []byte) error

func (*P2Claims) FromUnvalidatedCBOR added in v1.2.0 

func (c *P2Claims) FromUnvalidatedCBOR(buf []byte) error

func (*P2Claims) FromUnvalidatedJSON added in v1.2.0 

func (c *P2Claims) FromUnvalidatedJSON(buf []byte) error

func (P2Claims) GetBootSeed added in v1.0.0 

func (c P2Claims) GetBootSeed() ([]byte, error)

func (P2Claims) GetCertificationReference added in v1.0.0 

func (c P2Claims) GetCertificationReference() (string, error)

func (P2Claims) GetClientID added in v1.0.0 

func (c P2Claims) GetClientID() (int32, error)

func (P2Claims) GetConfig added in v1.0.0 

func (c P2Claims) GetConfig() ([]byte, error)

func (P2Claims) GetHashAlgID added in v1.0.0 

func (c P2Claims) GetHashAlgID() (string, error)

func (P2Claims) GetImplID added in v1.0.0 

func (c P2Claims) GetImplID() ([]byte, error)

func (P2Claims) GetInstID added in v1.0.0 

func (c P2Claims) GetInstID() ([]byte, error)

func (P2Claims) GetNonce added in v1.0.0 

func (c P2Claims) GetNonce() ([]byte, error)

func (P2Claims) GetProfile added in v1.0.0 

func (c P2Claims) GetProfile() (string, error)

func (P2Claims) GetSecurityLifeCycle added in v1.0.0 

func (c P2Claims) GetSecurityLifeCycle() (uint16, error)

func (P2Claims) GetSoftwareComponents added in v1.0.0 

func (c P2Claims) GetSoftwareComponents() ([]SwComponent, error)

func (P2Claims) GetVSI added in v1.0.0 

func (c P2Claims) GetVSI() (string, error)

func (*P2Claims) SetBootSeed added in v1.0.0 

func (c *P2Claims) SetBootSeed(v []byte) error

func (*P2Claims) SetCertificationReference added in v1.0.0 

func (c *P2Claims) SetCertificationReference(v string) error

func (*P2Claims) SetClientID added in v1.0.0 

func (c *P2Claims) SetClientID(v int32) error

func (*P2Claims) SetConfig added in v1.0.0 

func (c *P2Claims) SetConfig(v []byte) error

func (*P2Claims) SetHashAlgID added in v1.0.0 

func (c *P2Claims) SetHashAlgID(v string) error

func (*P2Claims) SetImplID added in v1.0.0 

func (c *P2Claims) SetImplID(v []byte) error

func (*P2Claims) SetInstID added in v1.0.0 

func (c *P2Claims) SetInstID(v []byte) error

func (*P2Claims) SetNonce added in v1.0.0 

func (c *P2Claims) SetNonce(v []byte) error

func (*P2Claims) SetSecurityLifeCycle added in v1.0.0 

func (c *P2Claims) SetSecurityLifeCycle(v uint16) error

func (*P2Claims) SetSoftwareComponents added in v1.0.0 

func (c *P2Claims) SetSoftwareComponents(scs []SwComponent) error

func (*P2Claims) SetVSI added in v1.0.0 

func (c *P2Claims) SetVSI(v string) error

func (P2Claims) ToCBOR added in v1.0.0 

func (c P2Claims) ToCBOR() ([]byte, error)

func (P2Claims) ToJSON added in v1.0.0 

func (c P2Claims) ToJSON() ([]byte, error)

func (P2Claims) ToUnvalidatedCBOR added in v1.2.0 

func (c P2Claims) ToUnvalidatedCBOR() ([]byte, error)

func (P2Claims) ToUnvalidatedJSON added in v1.2.0 

func (c P2Claims) ToUnvalidatedJSON() ([]byte, error)

func (P2Claims) Validate added in v1.0.0 

func (c P2Claims) Validate() error

Semantic validation

type PsaLifeCycleState added in v1.1.0 

type PsaLifeCycleState uint16
const (
	PsaStateUnknown PsaLifeCycleState = iota
	PsaStateAssemblyAndTest
	PsaStatePsaRotProvisioning
	PsaStateSecured
	PsaStateNonPsaRotDebug
	PsaStateRecoverablePsaRotDebug
	PsaStateDecommissioned

	PsaStateInvalid // must be last
)

func PsaLifeCycleToState added in v1.1.0 

func PsaLifeCycleToState(v uint16) PsaLifeCycleState

func (PsaLifeCycleState) IsValid added in v1.1.0 

func (o PsaLifeCycleState) IsValid() bool

func (PsaLifeCycleState) String added in v1.1.0 

func (o PsaLifeCycleState) String() string

type SwComponent added in v1.0.0 

type SwComponent struct {
	MeasurementType  *string `cbor:"1,keyasint,omitempty" json:"measurement-type,omitempty"`
	MeasurementValue *[]byte `cbor:"2,keyasint" json:"measurement-value"`
	Version          *string `cbor:"4,keyasint,omitempty" json:"version,omitempty"`
	SignerID         *[]byte `cbor:"5,keyasint" json:"signer-id"`
	MeasurementDesc  *string `cbor:"6,keyasint,omitempty" json:"measurement-description,omitempty"`
}

SwComponent is the internal representation of a Software Component

func (SwComponent) GetMeasurementDesc added in v1.0.0 

func (sc SwComponent) GetMeasurementDesc() (string, error)

func (SwComponent) GetMeasurementType added in v1.0.0 

func (sc SwComponent) GetMeasurementType() (string, error)

func (SwComponent) GetMeasurementValue added in v1.0.0 

func (sc SwComponent) GetMeasurementValue() ([]byte, error)

func (SwComponent) GetSignerID added in v1.0.0 

func (sc SwComponent) GetSignerID() ([]byte, error)

func (SwComponent) GetVersion added in v1.0.0 

func (sc SwComponent) GetVersion() (string, error)

func (SwComponent) Validate added in v1.0.0 

func (sc SwComponent) Validate() error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.