Documentation
¶
Overview ¶
Package pcs defines values specified for the Intel's Provisioning Certification Service
Index ¶
- Variables
- func PckCrlURL(ca string) string
- func QeIdentityURL() string
- func TcbInfoURL(fmspc string) string
- type EnclaveIdentity
- type HexBytes
- type PckCertTCB
- type PckExtensions
- type QeIdentity
- type Tcb
- type TcbComponent
- type TcbComponentStatus
- type TcbInfo
- type TcbLevel
- type TdxModule
- type TdxModuleIdentity
- type TdxTcbInfo
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // OidSgxExtension is the x509v3 extension for PCK certificate's SGX Extension. OidSgxExtension = asn1.ObjectIdentifier([]int{1, 2, 840, 113741, 1, 13, 1}) // OidPPID is the x509v3 extension for PCK certificate's SGX Extensions PPID value. OidPPID = asn1.ObjectIdentifier([]int{1, 2, 840, 113741, 1, 13, 1, 1}) // OidTCB is the x509v3 extension for PCK certificate's SGX Extensions TCB struct. OidTCB = asn1.ObjectIdentifier([]int{1, 2, 840, 113741, 1, 13, 1, 2}) // OidPCESvn is the x509v3 extension for PCK certificate's SGX Extensions PCESVN component in TCB struct. OidPCESvn = asn1.ObjectIdentifier([]int{1, 2, 840, 113741, 1, 13, 1, 2, 17}) // OidCPUSvn is the x509v3 extension for PCK certificate's SGX Extensions CPUSVN component in TCB struct. OidCPUSvn = asn1.ObjectIdentifier([]int{1, 2, 840, 113741, 1, 13, 1, 2, 18}) // OidPCEID is the x509v3 extension for PCK certificate's SGX Extensions PCEID value. OidPCEID = asn1.ObjectIdentifier([]int{1, 2, 840, 113741, 1, 13, 1, 3}) // OidFMSPC is the x509v3 extension for PCK certificate's SGX Extensions FMSPC value. OidFMSPC = asn1.ObjectIdentifier([]int{1, 2, 840, 113741, 1, 13, 1, 4}) // ErrPckExtInvalid error returned when parsing PCK certificate's extension returns leftover bytes ErrPckExtInvalid = errors.New("unexpected leftover bytes for PCK certificate's extension") // ErrTcbExtInvalid error returned when parsing of TCB in SGX Extension returns leftover bytes ErrTcbExtInvalid = errors.New("unexpected leftover bytes for TCB extension inside SGX extension field") // ErrTcbCompInvalid error returned when parsing of TCB components in SGX Extension returns leftover bytes ErrTcbCompInvalid = errors.New("unexpected leftover bytes for TCB components in TCB Extension inside SGX extension field") // ErrSgxExtInvalid error returned when parsing SGX extensions returns leftover bytes ErrSgxExtInvalid = errors.New("unexpected leftover bytes when parsing SGX extensions") )
Functions ¶
func QeIdentityURL ¶
func QeIdentityURL() string
QeIdentityURL returns the Intel PCS URL for retrieving QE identity
func TcbInfoURL ¶
TcbInfoURL returns the Intel PCS URL for retrieving TCB Info
Types ¶
type EnclaveIdentity ¶
type EnclaveIdentity struct {
ID string `json:"id"`
Version byte `json:"version"`
IssueDate time.Time `json:"issueDate"`
NextUpdate time.Time `json:"nextUpdate"`
TcbEvaluationDataNumber int `json:"tcbEvaluationDataNumber"`
Miscselect HexBytes `json:"miscselect"`
MiscselectMask HexBytes `json:"miscselectMask"`
Attributes HexBytes `json:"attributes"`
AttributesMask HexBytes `json:"attributesMask"`
Mrsigner HexBytes `json:"mrsigner"`
IsvProdID uint16 `json:"isvprodid"`
TcbLevels []TcbLevel `json:"tcbLevels"`
}
EnclaveIdentity struct is used to map enclave identity field
type HexBytes ¶
type HexBytes struct {
Bytes []byte
}
HexBytes struct contains hex decoded string to bytes value
func (*HexBytes) UnmarshalJSON ¶
UnmarshalJSON for hex bytes converts hex encoded string to bytes
type PckCertTCB ¶
PckCertTCB represents struct that store information related to TCB components
type PckExtensions ¶
type PckExtensions struct {
PPID string
TCB PckCertTCB
PCEID string
FMSPC string
}
PckExtensions represents the information stored in the x509 extensions of a PCK certificate which will be required for verification
func PckCertificateExtensions ¶
func PckCertificateExtensions(cert *x509.Certificate) (*PckExtensions, error)
PckCertificateExtensions returns only those x509v3 extensions from the PCK certificate into a struct type which will be required in verification purpose.
type QeIdentity ¶
type QeIdentity struct {
EnclaveIdentity EnclaveIdentity `json:"enclaveIdentity"`
Signature string `json:"signature"`
}
QeIdentity struct is used to map response from enclaveIdentity PCS API Call
type Tcb ¶
type Tcb struct {
SgxTcbcomponents []TcbComponent `json:"sgxtcbcomponents"`
Pcesvn uint16 `json:"pcesvn"`
TdxTcbcomponents []TcbComponent `json:"tdxtcbcomponents"`
Isvsvn uint32 `json:"isvsvn"`
}
Tcb struct is used to map TCB field
type TcbComponent ¶
type TcbComponent struct {
Svn byte `json:"svn"`
Category string `json:"category"`
Type string `json:"type"`
}
TcbComponent struct is used to map sgx/tdx tcb components
type TcbComponentStatus ¶
type TcbComponentStatus string
TcbComponentStatus represents the status of corresponding TCB field
const ( // TcbComponentStatusUpToDate denotes tcb status as UpToDate TcbComponentStatusUpToDate TcbComponentStatus = "UpToDate" // TcbComponentStatusSwHardeningNeeded denotes tcb status as SWHardeningNeeded TcbComponentStatusSwHardeningNeeded TcbComponentStatus = "SWHardeningNeeded" // TcbComponentStatusConfigurationNeeded denotes tcb status as ConfigurationNeeded TcbComponentStatusConfigurationNeeded TcbComponentStatus = "ConfigurationNeeded" // TcbComponentStatusConfigurationAndSWHardeningNeeded denotes tcb status as ConfigurationAndSWHardeningNeeded TcbComponentStatusConfigurationAndSWHardeningNeeded TcbComponentStatus = "ConfigurationAndSWHardeningNeeded" // TcbComponentStatusOutOfDate denotes tcb status as OutOfDate TcbComponentStatusOutOfDate TcbComponentStatus = "OutOfDate" // TcbComponentStatusOutOfDateConfigurationNeeded denotes tcb status as OutOfDateConfigurationNeeded TcbComponentStatusOutOfDateConfigurationNeeded TcbComponentStatus = "OutOfDateConfigurationNeeded" // TcbComponentStatusRevoked denotes tcb status as Revoked TcbComponentStatusRevoked TcbComponentStatus = "Revoked" )
func (*TcbComponentStatus) UnmarshalJSON ¶
func (st *TcbComponentStatus) UnmarshalJSON(s []byte) error
UnmarshalJSON for TcbComponentStatus maps tcb status to corresponding valid strings
type TcbInfo ¶
type TcbInfo struct {
ID string `json:"id"`
Version byte `json:"version"`
IssueDate time.Time `json:"issueDate"`
NextUpdate time.Time `json:"nextUpdate"`
Fmspc string `json:"fmspc"`
PceID string `json:"pceId"`
TcbType byte `json:"tcbType"`
TcbEvaluationDataNumber int `json:"tcbEvaluationDataNumber"`
TdxModule TdxModule `json:"tdxModule"`
TdxModuleIdentities []TdxModuleIdentity `json:"tdxModuleIdentities"`
TcbLevels []TcbLevel `json:"tcbLevels"`
}
TcbInfo struct is used to map response from tcbInfo field
type TcbLevel ¶
type TcbLevel struct {
Tcb Tcb `json:"tcb"`
TcbDate string `json:"tcbDate"`
TcbStatus TcbComponentStatus `json:"tcbStatus"`
AdvisoryIDs []string `json:"advisoryIDs"`
}
TcbLevel struct is used to map TCB Level field
type TdxModule ¶
type TdxModule struct {
Mrsigner HexBytes `json:"mrsigner"`
Attributes HexBytes `json:"attributes"`
AttributesMask HexBytes `json:"attributesMask"`
}
TdxModule struct is used to map response from tcbInfo for tdxModule field
type TdxModuleIdentity ¶ added in v0.3.1
type TdxModuleIdentity struct {
ID string `json:"id"`
Mrsigner HexBytes `json:"mrsigner"`
Attributes HexBytes `json:"attributes"`
AttributesMask HexBytes `json:"attributesMask"`
TcbLevels []TcbLevel `json:"tcbLevels"`
}
TdxModuleIdentity struct is used to map response from tcbInfo for TdxModuleIdentity field
type TdxTcbInfo ¶
TdxTcbInfo struct is used to map response from tcbInfo PCS API Service
Source Files
Click to show internal directories.
Click to hide internal directories.