akissuer

package

v0.0.0-...-9b07614 Latest Latest Go to latest Published: Nov 7, 2023 License: MulanPSL-2.0 Imports: 21 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

gitee.com/openeuler/kunpengsecl.git

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func GenerateAKCert(oldAKCert []byte, scenario int32) ([]byte, error)
func GenerateDAAAKCert(oldAKCert []byte) ([]byte, []byte, error)
func GenerateNoDAAAKCert(oldAKCert []byte) ([]byte, error)
func GetDataFromAKCertNoDAA(oldAKCert []byte) (drkpub *rsa.PublicKey, drkcert *x509.Certificate, akpub []byte, err error)

Constants ¶

View Source

const (
	// ZERO_VALUE means the value of zero.
	ZERO_VALUE = 0
	// UINT32_BYTES_LENGTH means the length of uint32 bytes.
	UINT32_BYTES_LENGTH = 4
	// UINT64_BYTES_LENGTH means the length of uint64 bytes.
	UINT64_BYTES_LENGTH = 8
	// tag type
	// KEY_TAG_TYPE_MOVE_BITS means the bits of key tag type
	KEY_TAG_TYPE_MOVE_BITS = 28
	// RA_INTEGER means ra integer
	RA_INTEGER = (1 << KEY_TAG_TYPE_MOVE_BITS)
	// RA_BYTES means ra bytes
	RA_BYTES = (2 << KEY_TAG_TYPE_MOVE_BITS)
	// RA_TAG_SIGN_TYPE means ra tag sign type
	RA_TAG_SIGN_TYPE = RA_INTEGER
	// RA_TAG_HASH_TYPE means ra tag hash type
	RA_TAG_HASH_TYPE = RA_INTEGER | 1
	// RA_TAG_CURVE_TYPE means ra tag curve type
	RA_TAG_CURVE_TYPE = RA_INTEGER | 2
	// RA_TAG_QTA_IMG_HASH means ra tag qta img hash
	RA_TAG_QTA_IMG_HASH = RA_BYTES
	// RA_TAG_TA_IMG_HASH means ra tag ta img hash
	RA_TAG_TA_IMG_HASH = RA_BYTES | 1
	// RA_TAG_QTA_MEM_HASH means ra tag qta mem hash
	RA_TAG_QTA_MEM_HASH = RA_BYTES | 2
	// RA_TAG_TA_MEM_HASH means ra tag ta mem hash
	RA_TAG_TA_MEM_HASH = RA_BYTES | 3
	// RA_TAG_RESERVED means ra tag reserved
	RA_TAG_RESERVED = RA_BYTES | 4
	// RA_TAG_AK_PUB means ra tag ak pub
	RA_TAG_AK_PUB = RA_BYTES | 5
	// RA_TAG_SIGN_DRK means ra tag sign drk
	RA_TAG_SIGN_DRK = RA_BYTES | 6
	// RA_TAG_SIGN_AK means ra tag sign ak
	RA_TAG_SIGN_AK = RA_BYTES | 7
	// RA_TAG_CERT_DRK means ra tag cert drk
	RA_TAG_CERT_DRK = RA_BYTES | 8
	// RA_TAG_CERT_AK means ra tag cert ak
	RA_TAG_CERT_AK = RA_BYTES | 9
	// RA_ALG_RSA_3072 means the code name of
	// RSA algorithm with thr key length of 3072
	RA_ALG_RSA_3072 = 0x20000
	// RA_ALG_RSA_4096 means the code name of
	// RSA algorithm with thr key length of 4096
	RA_ALG_RSA_4096 = 0x20001 // PSS padding
	// RA_ALG_SHA_256 means the code name of
	// SHA256 algorithm
	RA_ALG_SHA_256 = 0x20002
	// RA_ALG_SHA_384 means the code name of
	// SHA384 algorithm
	RA_ALG_SHA_384 = 0x20003
	// RA_ALG_SHA_512 means the code name of
	// SHA512 algorithm
	RA_ALG_SHA_512 = 0x20004
	// RA_ALG_ECDSA means the code name of
	// ECDSA algorithm
	RA_ALG_ECDSA = 0x20005
	// RA_ALG_ED25519 means the code name of
	// ED25519 algorithm
	RA_ALG_ED25519 = 0x20006
	// RA_ALG_SM2_DSA_SM3 means the code name of
	// DSA SM3 algorithm
	RA_ALG_SM2_DSA_SM3 = 0x20007
	// RA_ALG_SM3 means the code name of
	// SM3 algorithm
	RA_ALG_SM3 = 0x20008
	// RA_ALG_DAA_GRP_FP512BN means the code name of
	// DAA GRP FP512BN algorithm
	RA_ALG_DAA_GRP_FP512BN = 0x20009

	RA_SCENARIO_NO_AS_INT       = 0
	RA_SCENARIO_AS_NO_DAA_INT   = 1
	RA_SCENARIO_AS_WITH_DAA_INT = 2
)

View Source

const (
	RA_ALG_RSA_4096_STR = "PS256" // TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256, RSA key is 4096bit
	RA_ALG_SHA_256_STR  = "HS256"
	// version type: "TEE.RA.[Major].[Minor]"
	RA_VERSION = "TEE.RA.1.0"
	// app scenario
	RA_SCENARIO_NO_AS       = "sce_no_as"
	RA_SCENARIO_AS_NO_DAA   = "sce_as_no_daa"
	RA_SCENARIO_AS_WITH_DAA = "sce_as_with_daa"
)

View Source

const (
	// RemoteAttest Handler
	RAProvisionInHandler  = "provisioning-input"
	RAProvisionOutHandler = "provisioning-output"
	RAReportInHandler     = "report-input"
	RAReportOutHandler    = "report-output"
	RASaveAKCertHandler   = "saveakcert-input"
	// daa ENC_ALG_TYPE
	RA_ALG_A256GCMKW    = "A256GCMKW"
	RA_ALG_RSA_OAEP_256 = "RSA-OAEP-256"
)

Variables ¶

This section is empty.

Functions ¶

func GenerateAKCert ¶

func GenerateAKCert(oldAKCert []byte, scenario int32) ([]byte, error)

GenerateAKCert generates new ak cert from the old ak cert.

func GenerateDAAAKCert ¶

func GenerateDAAAKCert(oldAKCert []byte) ([]byte, []byte, error)

GenerateDAAAKCert generates ak cert in the scenario of DAA.

func GenerateNoDAAAKCert ¶

func GenerateNoDAAAKCert(oldAKCert []byte) ([]byte, error)

The input parameter is the AK certificate issued by the target platform device certificate GenerateNoDAAAKCert after receiving the AK certificate, parses and extracts the signed data fields, signature fields, and DRK certificate fields Parse the DRK certificate Use huawei Level-2 certificate to check the DRK certificate. If the DRK certificate passes the check, the DRK certificate is trusted Use the DRK certificate to check the AK certificate. If the AK certificate passes the check, the AK certificate is trusted Re-sign the AK certificate using the AS private key Return the re-signed AK certificate

func GetDataFromAKCertNoDAA ¶

func GetDataFromAKCertNoDAA(oldAKCert []byte) (drkpub *rsa.PublicKey, drkcert *x509.Certificate, akpub []byte, err error)

GetDataFromAKCertNoDAA gets data from ak cert in the scenario of No DAA.

Types ¶

This section is empty.

Source Files ¶

View all Source files

akissuer.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL