Documentation ¶
Index ¶
- func AddFactFromSignedClaim(signedClaim *certprotos.SignedClaimMessage, ...) bool
- func AddKeySeen(list *CertSeenList, k *certprotos.KeyMessage) bool
- func Asn1ToX509(in []byte) *x509.Certificate
- func Attest(eType string, toSay []byte) []byte
- func AuthenticatedDecrypt(in []byte, key []byte) []byte
- func AuthenticatedEncrypt(in []byte, key []byte, iv []byte) []byte
- func BytesToUint64(b []byte) uint64
- func CheckTimeRange(nb *string, na *string) bool
- func CompareTimePoints(t1 *certprotos.TimePoint, t2 *certprotos.TimePoint) int
- func ConstructEnclaveKeySpeaksForMeasurement(k *certprotos.KeyMessage, m []byte) *certprotos.VseClause
- func ConstructGramineClaim(enclaveKey *certprotos.KeyMessage, measurement []byte) *certprotos.VseClause
- func ConstructGramineIsEnvironmentClaim(measurement []byte, attestation []byte) *certprotos.VseClause
- func ConstructGramineSpeaksForClaim(enclaveKey *certprotos.KeyMessage, env *certprotos.EntityMessage) *certprotos.VseClause
- func ConstructIsletSpeaksForMeasurementStatement(attestKey *certprotos.KeyMessage, enclaveKey *certprotos.KeyMessage, ...) *certprotos.VseClause
- func ConstructKeyForProtect(keyName string, keyType string) *certprotos.KeyMessage
- func ConstructKeystoneSpeaksForMeasurementStatement(attestKey *certprotos.KeyMessage, enclaveKey *certprotos.KeyMessage, ...) *certprotos.VseClause
- func ConstructOESpeaksForStatement(vcertKey *certprotos.KeyMessage, enclaveKey *certprotos.KeyMessage, ...) *certprotos.VseClause
- func ConstructPlatformEvidencePackage(attestingEnclaveType string, evList *certprotos.EvidenceList, ...) *certprotos.EvidencePackage
- func ConstructProofFromExtendedGramineEvidence(publicPolicyKey *certprotos.KeyMessage, purpose string, ...) (*certprotos.VseClause, *certprotos.Proof)
- func ConstructProofFromGramineEvidence(publicPolicyKey *certprotos.KeyMessage, purpose string, ...) (*certprotos.VseClause, *certprotos.Proof)
- func ConstructProofFromInternalPlatformEvidence(publicPolicyKey *certprotos.KeyMessage, purpose string, ...) (*certprotos.VseClause, *certprotos.Proof)
- func ConstructProofFromIsletEvidence(publicPolicyKey *certprotos.KeyMessage, purpose string, ...) (*certprotos.VseClause, *certprotos.Proof)
- func ConstructProofFromKeystoneEvidence(publicPolicyKey *certprotos.KeyMessage, purpose string, ...) (*certprotos.VseClause, *certprotos.Proof)
- func ConstructProofFromOeEvidence(publicPolicyKey *certprotos.KeyMessage, purpose string, ...) (*certprotos.VseClause, *certprotos.Proof)
- func ConstructProofFromOeEvidenceWithEndorsement(publicPolicyKey *certprotos.KeyMessage, purpose string, ...) (*certprotos.VseClause, *certprotos.Proof)
- func ConstructProofFromOeEvidenceWithoutEndorsement(publicPolicyKey *certprotos.KeyMessage, purpose string, ...) (*certprotos.VseClause, *certprotos.Proof)
- func ConstructProofFromSevPlatformEvidence(publicPolicyKey *certprotos.KeyMessage, purpose string, ...) (*certprotos.VseClause, *certprotos.Proof)
- func ConstructSevIsEnvironmentStatement(vcekKey *certprotos.KeyMessage, binSevAttest []byte) *certprotos.VseClause
- func ConstructSevSpeaksForEnvironmentStatement(vcekKey *certprotos.KeyMessage, enclaveKey *certprotos.KeyMessage, ...) *certprotos.VseClause
- func ConstructVseAttestClaim(attestKey *certprotos.KeyMessage, enclaveKey *certprotos.KeyMessage, ...) *certprotos.VseClause
- func ConstructVseAttestationFromCert(subjKey *certprotos.KeyMessage, signerKey *certprotos.KeyMessage) *certprotos.VseClause
- func DecapsulateData(ek *certprotos.KeyMessage, edm *certprotos.EncapsulatedDataMessage) []byte
- func Decrypt(in []byte, key []byte) []byte
- func Depad(in []byte) []byte
- func Digest(in []byte) [32]byte
- func Dominates(root *PredicateDominance, parent string, descendant string) bool
- func EncapsulateData(ek *certprotos.KeyMessage, alg string, data []byte, ...) bool
- func Encrypt(in []byte, key []byte, iv []byte) []byte
- func FakeRsaSha256Verify(r *rsa.PublicKey, in []byte, sig []byte) bool
- func FilterExtendedGraminePolicy(policyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, ...) *certprotos.ProvedStatements
- func FilterGraminePolicy(policyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, ...) *certprotos.ProvedStatements
- func FilterInternalPolicy(policyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, ...) *certprotos.ProvedStatements
- func FilterIsletPolicy(policyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, ...) *certprotos.ProvedStatements
- func FilterKeystonePolicy(policyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, ...) *certprotos.ProvedStatements
- func FilterOePolicy(policyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, ...) *certprotos.ProvedStatements
- func FilterSevPolicy(policyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, ...) *certprotos.ProvedStatements
- func FindKeySeen(list *CertSeenList, name string) *certprotos.KeyMessage
- func FindPolicyStoreEntry(ps *certprotos.PolicyStoreMessage, tag string, valueType string) int
- func FindProperty(propName string, p []*certprotos.Property) *certprotos.Property
- func GeneralAuthenticatedDecrypt(alg string, in []byte, key []byte) []byte
- func GeneralAuthenticatedEncrypt(alg string, in []byte, key []byte, iv []byte) []byte
- func GetEccKeysFromInternal(k *certprotos.KeyMessage) (*ecdsa.PrivateKey, *ecdsa.PublicKey, error)
- func GetGramineMeasurementFromAttestation(evBuf []byte) []byte
- func GetInternalKeyFromEccPublicKey(name string, PK *ecdsa.PublicKey, km *certprotos.KeyMessage) bool
- func GetInternalKeyFromRsaPrivateKey(name string, pK *rsa.PrivateKey, km *certprotos.KeyMessage) bool
- func GetInternalKeyFromRsaPublicKey(name string, PK *rsa.PublicKey, km *certprotos.KeyMessage) bool
- func GetIsletMeasurementFromAttestation(evBuf []byte) []byte
- func GetIssuerKey(cert *x509.Certificate) *certprotos.KeyMessage
- func GetIssuerNameFromCert(cert *x509.Certificate) string
- func GetKeystoneMeasurementFromAttestation(evBuf []byte) []byte
- func GetMeasurement(eType string, id string) []byte
- func GetMeasurementEntityFromSevAttest(binSevAttest []byte) *certprotos.EntityMessage
- func GetMeasurementFromSevAttest(binSevAttest []byte) []byte
- func GetOeMeasurementFromAttestation(prevEvidence *certprotos.Evidence, curEvidence *certprotos.Evidence) []byte
- func GetPlatformAttributesFromGramineAttest(binGramineAttest []byte) (uint16, uint16, []byte, bool, bool)
- func GetPlatformFromGramineAttest(binAttest []byte) *certprotos.Platform
- func GetPlatformFromSevAttest(binSevAttest []byte) *certprotos.Platform
- func GetRelevantMeasurementPolicy(pool *PolicyPool, evType string, evp *certprotos.EvidencePackage) *certprotos.VseClause
- func GetRelevantPlatformFeaturePolicy(pool *PolicyPool, evType string, evp *certprotos.EvidencePackage) *certprotos.VseClause
- func GetRelevantPlatformKeyPolicy(pool *PolicyPool, evType string, evp *certprotos.EvidencePackage) *certprotos.VseClause
- func GetRsaKeysFromInternal(k *certprotos.KeyMessage, pK *rsa.PrivateKey, PK *rsa.PublicKey) bool
- func GetSevMeasurementFromAttestation(evBuf []byte) []byte
- func GetSubjectKey(cert *x509.Certificate) *certprotos.KeyMessage
- func GetSubjectNameFromCert(cert *x509.Certificate) *string
- func GetTcbVersionFromSevAttest(binSevAttest []byte) uint64
- func GetUserDataHashFromSevAttest(binSevAttest []byte) []byte
- func GetVcekExtValue(ext pkix.Extension) (uint8, error)
- func GetVseFromSignedClaim(sc *certprotos.SignedClaimMessage) *certprotos.VseClause
- func GetVseMeasurementFromAttestation(evBuf []byte) []byte
- func InitAxiom(pk certprotos.KeyMessage, ps *certprotos.ProvedStatements) bool
- func InitCerifierRules(cr *certprotos.CertifierRules) bool
- func InitDominance(root *PredicateDominance) bool
- func InitPolicy(publicPolicyKey *certprotos.KeyMessage, ...) bool
- func InitPolicyPool(pool *PolicyPool, original *certprotos.ProvedStatements) bool
- func InitProvedStatements(pk certprotos.KeyMessage, evidenceList []*certprotos.Evidence, ...) bool
- func InitSimulatedEnclave() bool
- func Insert(r *PredicateDominance, parent string, descendant string) bool
- func InsertOrUpdatePolicyStoreEntry(ps *certprotos.PolicyStoreMessage, tag string, valueType string, value []byte) bool
- func InternalPublicFromPrivateKey(privateKey *certprotos.KeyMessage) *certprotos.KeyMessage
- func IsChild(r *PredicateDominance, descendant string) bool
- func KeyFromPemFormat(pem string) *certprotos.KeyMessage
- func LittleToBigEndian(in []byte) []byte
- func MakeClaim(serialized []byte, format string, desc string, nb string, na string) *certprotos.ClaimMessage
- func MakeEnvironment(pl *certprotos.Platform, measurement []byte) *certprotos.Environment
- func MakeEnvironmentEntity(e *certprotos.Environment) *certprotos.EntityMessage
- func MakeIndirectVseClause(subject *certprotos.EntityMessage, verb *string, cl *certprotos.VseClause) *certprotos.VseClause
- func MakeKeyEntity(k *certprotos.KeyMessage) *certprotos.EntityMessage
- func MakeMeasurementEntity(m []byte) *certprotos.EntityMessage
- func MakePlatform(t string, k *certprotos.KeyMessage, props *certprotos.Properties) *certprotos.Platform
- func MakePlatformEntity(pl *certprotos.Platform) *certprotos.EntityMessage
- func MakeProperty(name string, t string, sv *string, c *string, iv *uint64) *certprotos.Property
- func MakeRsaKey(n int) *rsa.PrivateKey
- func MakeSignedClaim(s *certprotos.ClaimMessage, k *certprotos.KeyMessage) *certprotos.SignedClaimMessage
- func MakeSimpleVseClause(subject *certprotos.EntityMessage, verb *string, ...) *certprotos.VseClause
- func MakeUnaryVseClause(subject *certprotos.EntityMessage, verb *string) *certprotos.VseClause
- func MakeVseRsaKey(n int) *certprotos.KeyMessage
- func NewPolicyStore(maxEnts int) *certprotos.PolicyStoreMessage
- func NewPolicyStoreEntry(tag string, valueType string, value []byte) *certprotos.PolicyStoreEntry
- func Pad(in []byte) []byte
- func PolicyStoreDeleteEntry(ent int)
- func PolicyStoreNumEntries(ps *certprotos.PolicyStoreMessage) int
- func PrintAttestationUserData(sr *certprotos.AttestationUserData)
- func PrintBytes(b []byte)
- func PrintClaim(c *certprotos.ClaimMessage)
- func PrintDominanceNode(ind int, node *PredicateDominance)
- func PrintDominanceTree(ind int, tree *PredicateDominance)
- func PrintEccKey(e *certprotos.EccMessage)
- func PrintEntity(e *certprotos.EntityMessage)
- func PrintEntityDescriptor(e *certprotos.EntityMessage)
- func PrintEnvironment(e *certprotos.Environment)
- func PrintEnvironmentDescriptor(e *certprotos.Environment)
- func PrintEvidence(ev *certprotos.Evidence)
- func PrintEvidencePackage(evp *certprotos.EvidencePackage, printAll bool)
- func PrintKey(k *certprotos.KeyMessage)
- func PrintKeyDescriptor(k *certprotos.KeyMessage)
- func PrintKeyRequestMessage(kr *certprotos.KeyRequestMessage)
- func PrintKeyResponseMessage(kr *certprotos.KeyResponseMessage)
- func PrintPlatform(p *certprotos.Platform)
- func PrintPlatformDescriptor(p *certprotos.Platform)
- func PrintPolicyStore(ps *certprotos.PolicyStoreMessage)
- func PrintPolicyStoreEntry(e *certprotos.PolicyStoreEntry)
- func PrintProof(pf *certprotos.Proof)
- func PrintProofStep(prefix string, step *certprotos.ProofStep)
- func PrintProperties(p *certprotos.Properties)
- func PrintProperty(p *certprotos.Property)
- func PrintPropertyDescriptor(p *certprotos.Property)
- func PrintProvedStatements(ps *certprotos.ProvedStatements)
- func PrintRsaKey(r *certprotos.RsaMessage)
- func PrintSignedClaim(s *certprotos.SignedClaimMessage)
- func PrintSignedReport(sr *certprotos.SignedReport)
- func PrintTimePoint(tp *certprotos.TimePoint)
- func PrintTrustReponse(res *certprotos.TrustResponseMessage)
- func PrintTrustRequest(req *certprotos.TrustRequestMessage)
- func PrintVseAttestationReportInfo(info *certprotos.VseAttestationReportInfo)
- func PrintVseClause(c *certprotos.VseClause)
- func PrintX509Cert(cert *x509.Certificate)
- func ProduceAdmissionCert(remoteIP string, issuerKey *certprotos.KeyMessage, ...) *x509.Certificate
- func ProducePlatformRule(issuerKey *certprotos.KeyMessage, issuerCert *x509.Certificate, ...) []byte
- func ProtectBlob(enclaveType string, k *certprotos.KeyMessage, buffer []byte) []byte
- func RecoverPolicyStore(enclaveType string, fileName string, ps *certprotos.PolicyStoreMessage) bool
- func RsaPrivateDecrypt(r *rsa.PrivateKey, in []byte) []byte
- func RsaPublicEncrypt(r *rsa.PublicKey, in []byte) []byte
- func RsaSha256Sign(r *rsa.PrivateKey, in []byte) []byte
- func RsaSha256Verify(r *rsa.PublicKey, in []byte, sig []byte) bool
- func SameEntity(e1 *certprotos.EntityMessage, e2 *certprotos.EntityMessage) bool
- func SameEnvironment(p1 *certprotos.Environment, p2 *certprotos.Environment) bool
- func SameKey(k1 *certprotos.KeyMessage, k2 *certprotos.KeyMessage) bool
- func SameMeasurement(m1 []byte, m2 []byte) bool
- func SamePlatform(p1 *certprotos.Platform, p2 *certprotos.Platform) bool
- func SamePoint(p1 *certprotos.PointMessage, p2 *certprotos.PointMessage) bool
- func SameProperties(p1 *certprotos.Properties, p2 *certprotos.Properties) bool
- func SameProperty(p1 *certprotos.Property, p2 *certprotos.Property) bool
- func SameVseClause(c1 *certprotos.VseClause, c2 *certprotos.VseClause) bool
- func SatisfyingProperties(p1 *certprotos.Properties, p2 *certprotos.Properties) bool
- func SatisfyingProperty(p1 *certprotos.Property, p2 *certprotos.Property) bool
- func SavePolicyStore(enclaveType string, ps *certprotos.PolicyStoreMessage, fileName string) bool
- func Seal(eType string, eId string, toSeal []byte) []byte
- func SizedSocketRead(conn net.Conn) []byte
- func SizedSocketWrite(conn net.Conn, b []byte) bool
- func Spaces(i int)
- func StatementAlreadyProved(c1 *certprotos.VseClause, ps *certprotos.ProvedStatements) bool
- func StringToTimePoint(s string) *certprotos.TimePoint
- func StripPemHeaderAndTrailer(pem string) *string
- func TEEAttest(enclave_type string, what_to_say []byte) ([]byte, error)
- func TEESeal(enclave_type string, enclave_id string, in []byte, outMax int) ([]byte, error)
- func TEESimulatedInit(asn1_policy_cert string, attest_key_file string, measurement_file string, ...) error
- func TEEUnSeal(enclave_type string, enclave_id string, in []byte, outMax int) ([]byte, error)
- func TimePointNow() *certprotos.TimePoint
- func TimePointPlus(t *certprotos.TimePoint, d float64) *certprotos.TimePoint
- func TimePointToString(tp *certprotos.TimePoint) string
- func UnprotectBlob(enclaveType string, k *certprotos.KeyMessage, blob []byte) []byte
- func Unseal(eType string, eId string, toUnseal []byte) []byte
- func ValidateExtendedGramineEvidence(pubPolicyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, ...) (bool, *certprotos.VseClause, []byte)
- func ValidateGramineEvidence(pubPolicyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, ...) (bool, *certprotos.VseClause, []byte)
- func ValidateInternalEvidence(pubPolicyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, ...) (bool, *certprotos.VseClause, []byte)
- func ValidateIsletEvidence(pubPolicyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, ...) (bool, *certprotos.VseClause, []byte)
- func ValidateKeystoneEvidence(pubPolicyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, ...) (bool, *certprotos.VseClause, []byte)
- func ValidateOeEvidence(pubPolicyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, ...) (bool, *certprotos.VseClause, []byte)
- func ValidateSevEvidence(pubPolicyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, ...) (bool, *certprotos.VseClause, []byte)
- func VerifyAdmissionCert(policyCert *x509.Certificate, cert *x509.Certificate) bool
- func VerifyExternalProofStep(tree *PredicateDominance, step *certprotos.ProofStep) bool
- func VerifyGramineAttestation(serializedEvidence []byte) (bool, []byte, []byte, error)
- func VerifyInternalProofStep(tree *PredicateDominance, c1 *certprotos.VseClause, c2 *certprotos.VseClause, ...) bool
- func VerifyIsletAttestation(serialized []byte, k *certprotos.KeyMessage) []byte
- func VerifyKeystoneAttestation(serialized []byte, k *certprotos.KeyMessage) []byte
- func VerifyProof(policyKey *certprotos.KeyMessage, toProve *certprotos.VseClause, ...) bool
- func VerifyReport(etype string, pk *certprotos.KeyMessage, serialized []byte) bool
- func VerifyRule1(tree *PredicateDominance, c1 *certprotos.VseClause, c2 *certprotos.VseClause, ...) bool
- func VerifyRule10(tree *PredicateDominance, c1 *certprotos.VseClause, c2 *certprotos.VseClause, ...) bool
- func VerifyRule11(tree *PredicateDominance, c1 *certprotos.VseClause, c2 *certprotos.VseClause, ...) bool
- func VerifyRule2(tree *PredicateDominance, c1 *certprotos.VseClause, c2 *certprotos.VseClause, ...) bool
- func VerifyRule3(tree *PredicateDominance, c1 *certprotos.VseClause, c2 *certprotos.VseClause, ...) bool
- func VerifyRule4(tree *PredicateDominance, c1 *certprotos.VseClause, c2 *certprotos.VseClause, ...) bool
- func VerifyRule5(tree *PredicateDominance, c1 *certprotos.VseClause, c2 *certprotos.VseClause, ...) bool
- func VerifyRule6(tree *PredicateDominance, c1 *certprotos.VseClause, c2 *certprotos.VseClause, ...) bool
- func VerifyRule7(tree *PredicateDominance, c1 *certprotos.VseClause, c2 *certprotos.VseClause, ...) bool
- func VerifyRule8(tree *PredicateDominance, c1 *certprotos.VseClause, c2 *certprotos.VseClause, ...) bool
- func VerifyRule9(tree *PredicateDominance, c1 *certprotos.VseClause, c2 *certprotos.VseClause, ...) bool
- func VerifySevAttestation(serialized []byte, k *certprotos.KeyMessage) []byte
- func VerifySignedAssertion(scm certprotos.SignedClaimMessage, k *certprotos.KeyMessage, ...) bool
- func VerifySignedClaim(c *certprotos.SignedClaimMessage, k *certprotos.KeyMessage) bool
- func X509ToAsn1(cert *x509.Certificate) []byte
- type CertKeysSeen
- type CertSeenList
- type PolicyPool
- type PredicateDominance
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AddFactFromSignedClaim ¶
func AddFactFromSignedClaim(signedClaim *certprotos.SignedClaimMessage, alreadyProved *certprotos.ProvedStatements) bool
func AddKeySeen ¶
func AddKeySeen(list *CertSeenList, k *certprotos.KeyMessage) bool
func Asn1ToX509 ¶
func Asn1ToX509(in []byte) *x509.Certificate
func AuthenticatedDecrypt ¶
func BytesToUint64 ¶
func CheckTimeRange ¶
func CompareTimePoints ¶
func CompareTimePoints(t1 *certprotos.TimePoint, t2 *certprotos.TimePoint) int
if t1 is later than t2, return 1 if t1 the same as t2, return 0 if t1 is earlier than t2, return -1
func ConstructEnclaveKeySpeaksForMeasurement ¶
func ConstructEnclaveKeySpeaksForMeasurement(k *certprotos.KeyMessage, m []byte) *certprotos.VseClause
func ConstructGramineClaim ¶
func ConstructGramineClaim(enclaveKey *certprotos.KeyMessage, measurement []byte) *certprotos.VseClause
func ConstructGramineIsEnvironmentClaim ¶
func ConstructGramineIsEnvironmentClaim(measurement []byte, attestation []byte) *certprotos.VseClause
func ConstructGramineSpeaksForClaim ¶
func ConstructGramineSpeaksForClaim(enclaveKey *certprotos.KeyMessage, env *certprotos.EntityMessage) *certprotos.VseClause
func ConstructIsletSpeaksForMeasurementStatement ¶
func ConstructIsletSpeaksForMeasurementStatement(attestKey *certprotos.KeyMessage, enclaveKey *certprotos.KeyMessage, mEnt *certprotos.EntityMessage) *certprotos.VseClause
attestKey says enclaveKey speaksfor environment
func ConstructKeyForProtect ¶
func ConstructKeyForProtect(keyName string, keyType string) *certprotos.KeyMessage
func ConstructKeystoneSpeaksForMeasurementStatement ¶
func ConstructKeystoneSpeaksForMeasurementStatement(attestKey *certprotos.KeyMessage, enclaveKey *certprotos.KeyMessage, mEnt *certprotos.EntityMessage) *certprotos.VseClause
attestKey says enclaveKey speaksfor environment
func ConstructOESpeaksForStatement ¶
func ConstructOESpeaksForStatement(vcertKey *certprotos.KeyMessage, enclaveKey *certprotos.KeyMessage, measurement []byte) *certprotos.VseClause
func ConstructPlatformEvidencePackage ¶
func ConstructPlatformEvidencePackage(attestingEnclaveType string, evList *certprotos.EvidenceList, serializedAttestation []byte) *certprotos.EvidencePackage
func ConstructProofFromExtendedGramineEvidence ¶
func ConstructProofFromExtendedGramineEvidence(publicPolicyKey *certprotos.KeyMessage, purpose string, alreadyProved *certprotos.ProvedStatements) (*certprotos.VseClause, *certprotos.Proof)
Incoming evidence:
- Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] is-trusted
- Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] says Key[rsa, platformKey, cdc8112d97fce6767143811f0ed5fb6c21aee424] is-trusted-for-attestation
- Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] says Measurement[0001020304050607...] is-trusted
- Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] says platform has-trusted-platform-property
- Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] says Key[rsa, platformKey, cdc8112d97fce6767143811f0ed5fb6c21aee424] is-trusted-for-attestation
- environment(platform, measurement) is-environment
- enclaveKey speaks-for Measurement[00010203...]
Produced proof should be:
- Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] is-trusted AND Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] says Measurement[0001020304050607...] is-trusted --> Measurement[0001020304050607...] is-trusted
- policy-key is-trusted AND policy-key says platform has-trusted-platform-property --> platform has-trusted-platform-property (r3)
- environment(platform, measurement) is-environment AND platform[amd-sev-snp, no-debug,...] has-trusted-platform-property --> environment(platform, measurement) environment-platform-is-trusted [3, ]
- environment(platform, measurement) is-environment AND measurement is-trusted --> environment(platform, measurement) environment-measurement-is-trusted
- environment(platform, measurement) environment-platform-is-trusted" AND environment(platform, measurement) environment-measurement-is-trusted" --> environment(platform, measurement) is-trusted
- environment is-trusted and enclaveKey speaks-for environment --> enclaveKey is-trusted-for-authentication
func ConstructProofFromGramineEvidence ¶
func ConstructProofFromGramineEvidence(publicPolicyKey *certprotos.KeyMessage, purpose string, alreadyProved *certprotos.ProvedStatements) (*certprotos.VseClause, *certprotos.Proof)
func ConstructProofFromInternalPlatformEvidence ¶
func ConstructProofFromInternalPlatformEvidence(publicPolicyKey *certprotos.KeyMessage, purpose string, alreadyProved *certprotos.ProvedStatements) (*certprotos.VseClause, *certprotos.Proof)
This is used for simulated enclave and the application enclave
func ConstructProofFromIsletEvidence ¶
func ConstructProofFromIsletEvidence(publicPolicyKey *certprotos.KeyMessage, purpose string, alreadyProved *certprotos.ProvedStatements) (*certprotos.VseClause, *certprotos.Proof)
func ConstructProofFromKeystoneEvidence ¶
func ConstructProofFromKeystoneEvidence(publicPolicyKey *certprotos.KeyMessage, purpose string, alreadyProved *certprotos.ProvedStatements) (*certprotos.VseClause, *certprotos.Proof)
func ConstructProofFromOeEvidence ¶
func ConstructProofFromOeEvidence(publicPolicyKey *certprotos.KeyMessage, purpose string, alreadyProved *certprotos.ProvedStatements) (*certprotos.VseClause, *certprotos.Proof)
func ConstructProofFromOeEvidenceWithEndorsement ¶
func ConstructProofFromOeEvidenceWithEndorsement(publicPolicyKey *certprotos.KeyMessage, purpose string, alreadyProved *certprotos.ProvedStatements) (*certprotos.VseClause, *certprotos.Proof)
func ConstructProofFromOeEvidenceWithoutEndorsement ¶
func ConstructProofFromOeEvidenceWithoutEndorsement(publicPolicyKey *certprotos.KeyMessage, purpose string, alreadyProved *certprotos.ProvedStatements) (*certprotos.VseClause, *certprotos.Proof)
func ConstructProofFromSevPlatformEvidence ¶
func ConstructProofFromSevPlatformEvidence(publicPolicyKey *certprotos.KeyMessage, purpose string, alreadyProved *certprotos.ProvedStatements) (*certprotos.VseClause, *certprotos.Proof)
func ConstructSevIsEnvironmentStatement ¶
func ConstructSevIsEnvironmentStatement(vcekKey *certprotos.KeyMessage, binSevAttest []byte) *certprotos.VseClause
vcek says environment is-environment
func ConstructSevSpeaksForEnvironmentStatement ¶
func ConstructSevSpeaksForEnvironmentStatement(vcekKey *certprotos.KeyMessage, enclaveKey *certprotos.KeyMessage, env *certprotos.EntityMessage) *certprotos.VseClause
vcekKey says enclaveKey speaksfor environment
func ConstructVseAttestClaim ¶
func ConstructVseAttestClaim(attestKey *certprotos.KeyMessage, enclaveKey *certprotos.KeyMessage, measurement []byte) *certprotos.VseClause
func ConstructVseAttestationFromCert ¶
func ConstructVseAttestationFromCert(subjKey *certprotos.KeyMessage, signerKey *certprotos.KeyMessage) *certprotos.VseClause
func DecapsulateData ¶
func DecapsulateData(ek *certprotos.KeyMessage, edm *certprotos.EncapsulatedDataMessage) []byte
func EncapsulateData ¶
func EncapsulateData(ek *certprotos.KeyMessage, alg string, data []byte, edm *certprotos.EncapsulatedDataMessage) bool
func FilterExtendedGraminePolicy ¶
func FilterExtendedGraminePolicy(policyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, policyPool *PolicyPool) *certprotos.ProvedStatements
Filtered policy should be
Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] is-trusted Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] says Key[rsa, platformKey, cdc8112d97fce6767143811f0ed5fb6c21aee424] is-trusted-for-attestation Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] says Measurement[0001020304050607...] is-trusted Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] says platform has-trusted-platform-property
Filter out irrelevant platforms and measurements
func FilterGraminePolicy ¶
func FilterGraminePolicy(policyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, policyPool *PolicyPool) *certprotos.ProvedStatements
Filtered policy should be
Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] is-trusted Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] says Key[rsa, platformKey, cdc8112d97fce6767143811f0ed5fb6c21aee424] is-trusted-for-attestation Key[rsa, policyKey, d240a7e9489e8adc4eb5261166a0b080f4f5f4d0] says Measurement[0001020304050607...] is-trusted
func FilterInternalPolicy ¶
func FilterInternalPolicy(policyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, policyPool *PolicyPool) *certprotos.ProvedStatements
Filtered Policy should be
0: "policyKey is-trusted" 1: "policyKey says platformKey is-trusted-for-attestation" 2: "policyKey says measurement is-trusted"
func FilterIsletPolicy ¶
func FilterIsletPolicy(policyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, policyPool *PolicyPool) *certprotos.ProvedStatements
func FilterKeystonePolicy ¶
func FilterKeystonePolicy(policyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, policyPool *PolicyPool) *certprotos.ProvedStatements
func FilterOePolicy ¶
func FilterOePolicy(policyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, policyPool *PolicyPool) *certprotos.ProvedStatements
Filtered OePolicy should be
00: "policyKey is-trusted" 01: "Key[rsa, policyKey, f2663e9ca042fcd261ab051b3a4e3ac83d79afdd] says Key[rsa, VSE, cbfced04cfc0f1f55df8cbe437c3aba79af1657a] is-trusted-for-attestation" 02: "policyKey says measurement is-trusted"
func FilterSevPolicy ¶
func FilterSevPolicy(policyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, policyPool *PolicyPool) *certprotos.ProvedStatements
Filtered Policy should be
00 Key[rsa, policyKey, f91d6331b1fd99b3fa8641fd16dcd4c272a92b8a] is-trusted 01 Key[rsa, policyKey, f91d6331b1fd99b3fa8641fd16dcd4c272a92b8a] says Key[rsa, ARKKey, c36d3343d69d9d8000d32d0979adff876e98ec79] is-trusted-for-attestation 02 Key[rsa, policyKey, f91d6331b1fd99b3fa8641fd16dcd4c272a92b8a] says Measurement[010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708] is-trusted 03 Key[rsa, policyKey, f91d6331b1fd99b3fa8641fd16dcd4c272a92b8a] says platform[amd-sev-snp, debug: no, migrate: no, api-major: >=0, api-minor: >=0, key-share: no, tcb-version: >=0] has-trusted-platform-property
func FindKeySeen ¶
func FindKeySeen(list *CertSeenList, name string) *certprotos.KeyMessage
func FindPolicyStoreEntry ¶
func FindPolicyStoreEntry(ps *certprotos.PolicyStoreMessage, tag string, valueType string) int
func FindProperty ¶
func FindProperty(propName string, p []*certprotos.Property) *certprotos.Property
func GeneralAuthenticatedEncrypt ¶
Todo: implement the others
func GetEccKeysFromInternal ¶
func GetEccKeysFromInternal(k *certprotos.KeyMessage) (*ecdsa.PrivateKey, *ecdsa.PublicKey, error)
func GetInternalKeyFromEccPublicKey ¶
func GetInternalKeyFromEccPublicKey(name string, PK *ecdsa.PublicKey, km *certprotos.KeyMessage) bool
func GetInternalKeyFromRsaPrivateKey ¶
func GetInternalKeyFromRsaPrivateKey(name string, pK *rsa.PrivateKey, km *certprotos.KeyMessage) bool
func GetInternalKeyFromRsaPublicKey ¶
func GetInternalKeyFromRsaPublicKey(name string, PK *rsa.PublicKey, km *certprotos.KeyMessage) bool
func GetIssuerKey ¶
func GetIssuerKey(cert *x509.Certificate) *certprotos.KeyMessage
func GetIssuerNameFromCert ¶
func GetIssuerNameFromCert(cert *x509.Certificate) string
func GetMeasurement ¶
func GetMeasurementEntityFromSevAttest ¶
func GetMeasurementEntityFromSevAttest(binSevAttest []byte) *certprotos.EntityMessage
func GetOeMeasurementFromAttestation ¶
func GetOeMeasurementFromAttestation(prevEvidence *certprotos.Evidence, curEvidence *certprotos.Evidence) []byte
func GetPlatformAttributesFromGramineAttest ¶
func GetPlatformAttributesFromGramineAttest(binGramineAttest []byte) (uint16, uint16, []byte, bool, bool)
The returned quantities are sort of described in the Intel Architecure manual in chapter 38 but not in detail. They are:
qesvm: The quoting enclave security version number (16 bits). pceSvn: The provisioning enclave security version number (16 bits). cpuSvn: The cpu security version number (128 bits) which consists of "small integers describing the version numbers of compnents". debug: Whether the enclave is debugable. mode64bit: Running as x64 (rather than i32).
The last two come from the attributes field.
func GetPlatformFromGramineAttest ¶
func GetPlatformFromGramineAttest(binAttest []byte) *certprotos.Platform
func GetPlatformFromSevAttest ¶
func GetPlatformFromSevAttest(binSevAttest []byte) *certprotos.Platform
Policy byte:
Bit 3: Guest can be activated on multiple sockets. Bit 2: Debugging disallowed if 0 Bit 1: Migration disallowed if 0 Bit 0: SMT disallowed if 0
func GetRelevantMeasurementPolicy ¶
func GetRelevantMeasurementPolicy(pool *PolicyPool, evType string, evp *certprotos.EvidencePackage) *certprotos.VseClause
Returns the single policy statement naming the relevant measurement policy statement for a this evidence package
func GetRelevantPlatformFeaturePolicy ¶
func GetRelevantPlatformFeaturePolicy(pool *PolicyPool, evType string, evp *certprotos.EvidencePackage) *certprotos.VseClause
Returns the single policy statement naming the relevant trusted-platform policy statement for a this evidence package
func GetRelevantPlatformKeyPolicy ¶
func GetRelevantPlatformKeyPolicy(pool *PolicyPool, evType string, evp *certprotos.EvidencePackage) *certprotos.VseClause
Returns the single policy statement naming the relevant platform key policy statement for a this evidence package
func GetRsaKeysFromInternal ¶
func GetRsaKeysFromInternal(k *certprotos.KeyMessage, pK *rsa.PrivateKey, PK *rsa.PublicKey) bool
func GetSubjectKey ¶
func GetSubjectKey(cert *x509.Certificate) *certprotos.KeyMessage
func GetSubjectNameFromCert ¶
func GetSubjectNameFromCert(cert *x509.Certificate) *string
func GetUserDataHashFromSevAttest ¶
Caution: This can change if attestation.h below changes
struct attestation_report { uint32_t version; // 0x000 uint32_t guest_svn; // 0x004 uint64_t policy; // 0x008 uint8_t family_id[16]; // 0x010 uint8_t image_id[16]; // 0x020 uint32_t vmpl; // 0x030 uint32_t signature_algo; // 0x034 union tcb_version platform_version; // 0x038 uint64_t platform_info; // 0x040 uint32_t flags; // 0x048 uint32_t reserved0; // 0x04C uint8_t report_data[64]; // 0x050 uint8_t measurement[48]; // 0x090 uint8_t host_data[32]; // 0x0C0 uint8_t id_key_digest[48]; // 0x0E0 uint8_t author_key_digest[48]; // 0x110 uint8_t report_id[32]; // 0x140 uint8_t report_id_ma[32]; // 0x160 union tcb_version reported_tcb; // 0x180 uint8_t reserved1[24]; // 0x188 uint8_t chip_id[64]; // 0x1A0 uint8_t reserved2[192]; // 0x1E0 struct signature signature; // 0x2A0 };
func GetVseFromSignedClaim ¶
func GetVseFromSignedClaim(sc *certprotos.SignedClaimMessage) *certprotos.VseClause
func InitAxiom ¶
func InitAxiom(pk certprotos.KeyMessage, ps *certprotos.ProvedStatements) bool
func InitCerifierRules ¶
func InitCerifierRules(cr *certprotos.CertifierRules) bool
func InitDominance ¶
func InitDominance(root *PredicateDominance) bool
func InitPolicy ¶
func InitPolicy(publicPolicyKey *certprotos.KeyMessage, signedPolicy *certprotos.SignedClaimSequence, alreadyProved *certprotos.ProvedStatements) bool
func InitPolicyPool ¶
func InitPolicyPool(pool *PolicyPool, original *certprotos.ProvedStatements) bool
func InitProvedStatements ¶
func InitProvedStatements(pk certprotos.KeyMessage, evidenceList []*certprotos.Evidence, ps *certprotos.ProvedStatements) bool
func InitSimulatedEnclave ¶
func InitSimulatedEnclave() bool
func InsertOrUpdatePolicyStoreEntry ¶
func InsertOrUpdatePolicyStoreEntry(ps *certprotos.PolicyStoreMessage, tag string, valueType string, value []byte) bool
func InternalPublicFromPrivateKey ¶
func InternalPublicFromPrivateKey(privateKey *certprotos.KeyMessage) *certprotos.KeyMessage
func IsChild ¶
func IsChild(r *PredicateDominance, descendant string) bool
func KeyFromPemFormat ¶
func KeyFromPemFormat(pem string) *certprotos.KeyMessage
func LittleToBigEndian ¶
func MakeClaim ¶
func MakeClaim(serialized []byte, format string, desc string, nb string, na string) *certprotos.ClaimMessage
func MakeEnvironment ¶
func MakeEnvironment(pl *certprotos.Platform, measurement []byte) *certprotos.Environment
func MakeEnvironmentEntity ¶
func MakeEnvironmentEntity(e *certprotos.Environment) *certprotos.EntityMessage
func MakeIndirectVseClause ¶
func MakeIndirectVseClause(subject *certprotos.EntityMessage, verb *string, cl *certprotos.VseClause) *certprotos.VseClause
func MakeKeyEntity ¶
func MakeKeyEntity(k *certprotos.KeyMessage) *certprotos.EntityMessage
func MakeMeasurementEntity ¶
func MakeMeasurementEntity(m []byte) *certprotos.EntityMessage
func MakePlatform ¶
func MakePlatform(t string, k *certprotos.KeyMessage, props *certprotos.Properties) *certprotos.Platform
func MakePlatformEntity ¶
func MakePlatformEntity(pl *certprotos.Platform) *certprotos.EntityMessage
func MakeProperty ¶
func MakeRsaKey ¶
func MakeRsaKey(n int) *rsa.PrivateKey
func MakeSignedClaim ¶
func MakeSignedClaim(s *certprotos.ClaimMessage, k *certprotos.KeyMessage) *certprotos.SignedClaimMessage
func MakeSimpleVseClause ¶
func MakeSimpleVseClause(subject *certprotos.EntityMessage, verb *string, object *certprotos.EntityMessage) *certprotos.VseClause
func MakeUnaryVseClause ¶
func MakeUnaryVseClause(subject *certprotos.EntityMessage, verb *string) *certprotos.VseClause
func MakeVseRsaKey ¶
func MakeVseRsaKey(n int) *certprotos.KeyMessage
func NewPolicyStore ¶
func NewPolicyStore(maxEnts int) *certprotos.PolicyStoreMessage
func NewPolicyStoreEntry ¶
func NewPolicyStoreEntry(tag string, valueType string, value []byte) *certprotos.PolicyStoreEntry
func PolicyStoreDeleteEntry ¶
func PolicyStoreDeleteEntry(ent int)
func PolicyStoreNumEntries ¶
func PolicyStoreNumEntries(ps *certprotos.PolicyStoreMessage) int
func PrintAttestationUserData ¶
func PrintAttestationUserData(sr *certprotos.AttestationUserData)
func PrintBytes ¶
func PrintBytes(b []byte)
func PrintClaim ¶
func PrintClaim(c *certprotos.ClaimMessage)
func PrintDominanceNode ¶
func PrintDominanceNode(ind int, node *PredicateDominance)
func PrintDominanceTree ¶
func PrintDominanceTree(ind int, tree *PredicateDominance)
func PrintEccKey ¶
func PrintEccKey(e *certprotos.EccMessage)
func PrintEntity ¶
func PrintEntity(e *certprotos.EntityMessage)
func PrintEntityDescriptor ¶
func PrintEntityDescriptor(e *certprotos.EntityMessage)
func PrintEnvironment ¶
func PrintEnvironment(e *certprotos.Environment)
func PrintEnvironmentDescriptor ¶
func PrintEnvironmentDescriptor(e *certprotos.Environment)
func PrintEvidence ¶
func PrintEvidence(ev *certprotos.Evidence)
func PrintEvidencePackage ¶
func PrintEvidencePackage(evp *certprotos.EvidencePackage, printAll bool)
func PrintKey ¶
func PrintKey(k *certprotos.KeyMessage)
func PrintKeyDescriptor ¶
func PrintKeyDescriptor(k *certprotos.KeyMessage)
func PrintKeyRequestMessage ¶
func PrintKeyRequestMessage(kr *certprotos.KeyRequestMessage)
func PrintKeyResponseMessage ¶
func PrintKeyResponseMessage(kr *certprotos.KeyResponseMessage)
func PrintPlatform ¶
func PrintPlatform(p *certprotos.Platform)
func PrintPlatformDescriptor ¶
func PrintPlatformDescriptor(p *certprotos.Platform)
func PrintPolicyStore ¶
func PrintPolicyStore(ps *certprotos.PolicyStoreMessage)
func PrintPolicyStoreEntry ¶
func PrintPolicyStoreEntry(e *certprotos.PolicyStoreEntry)
func PrintProof ¶
func PrintProof(pf *certprotos.Proof)
func PrintProofStep ¶
func PrintProofStep(prefix string, step *certprotos.ProofStep)
func PrintProperties ¶
func PrintProperties(p *certprotos.Properties)
func PrintProperty ¶
func PrintProperty(p *certprotos.Property)
func PrintPropertyDescriptor ¶
func PrintPropertyDescriptor(p *certprotos.Property)
func PrintProvedStatements ¶
func PrintProvedStatements(ps *certprotos.ProvedStatements)
func PrintRsaKey ¶
func PrintRsaKey(r *certprotos.RsaMessage)
func PrintSignedClaim ¶
func PrintSignedClaim(s *certprotos.SignedClaimMessage)
func PrintSignedReport ¶
func PrintSignedReport(sr *certprotos.SignedReport)
func PrintTimePoint ¶
func PrintTimePoint(tp *certprotos.TimePoint)
func PrintTrustReponse ¶
func PrintTrustReponse(res *certprotos.TrustResponseMessage)
func PrintTrustRequest ¶
func PrintTrustRequest(req *certprotos.TrustRequestMessage)
func PrintVseAttestationReportInfo ¶
func PrintVseAttestationReportInfo(info *certprotos.VseAttestationReportInfo)
func PrintVseClause ¶
func PrintVseClause(c *certprotos.VseClause)
func PrintX509Cert ¶
func PrintX509Cert(cert *x509.Certificate)
func ProduceAdmissionCert ¶
func ProduceAdmissionCert(remoteIP string, issuerKey *certprotos.KeyMessage, issuerCert *x509.Certificate, subjKey *certprotos.KeyMessage, subjName string, subjOrg string, serialNumber uint64, durationSeconds float64) *x509.Certificate
func ProducePlatformRule ¶
func ProducePlatformRule(issuerKey *certprotos.KeyMessage, issuerCert *x509.Certificate, subjKey *certprotos.KeyMessage, durationSeconds float64) []byte
func ProtectBlob ¶
func ProtectBlob(enclaveType string, k *certprotos.KeyMessage, buffer []byte) []byte
func RecoverPolicyStore ¶
func RecoverPolicyStore(enclaveType string, fileName string, ps *certprotos.PolicyStoreMessage) bool
func RsaPrivateDecrypt ¶
func RsaPrivateDecrypt(r *rsa.PrivateKey, in []byte) []byte
func RsaSha256Sign ¶
func RsaSha256Sign(r *rsa.PrivateKey, in []byte) []byte
func SameEntity ¶
func SameEntity(e1 *certprotos.EntityMessage, e2 *certprotos.EntityMessage) bool
func SameEnvironment ¶
func SameEnvironment(p1 *certprotos.Environment, p2 *certprotos.Environment) bool
func SameKey ¶
func SameKey(k1 *certprotos.KeyMessage, k2 *certprotos.KeyMessage) bool
func SameMeasurement ¶
func SamePlatform ¶
func SamePlatform(p1 *certprotos.Platform, p2 *certprotos.Platform) bool
func SamePoint ¶
func SamePoint(p1 *certprotos.PointMessage, p2 *certprotos.PointMessage) bool
func SameProperties ¶
func SameProperties(p1 *certprotos.Properties, p2 *certprotos.Properties) bool
func SameProperty ¶
func SameProperty(p1 *certprotos.Property, p2 *certprotos.Property) bool
func SameVseClause ¶
func SameVseClause(c1 *certprotos.VseClause, c2 *certprotos.VseClause) bool
func SatisfyingProperties ¶
func SatisfyingProperties(p1 *certprotos.Properties, p2 *certprotos.Properties) bool
func SatisfyingProperty ¶
func SatisfyingProperty(p1 *certprotos.Property, p2 *certprotos.Property) bool
func SavePolicyStore ¶
func SavePolicyStore(enclaveType string, ps *certprotos.PolicyStoreMessage, fileName string) bool
func SizedSocketRead ¶
func StatementAlreadyProved ¶
func StatementAlreadyProved(c1 *certprotos.VseClause, ps *certprotos.ProvedStatements) bool
func StringToTimePoint ¶
func StringToTimePoint(s string) *certprotos.TimePoint
func TEESimulatedInit ¶
func TimePointNow ¶
func TimePointNow() *certprotos.TimePoint
func TimePointPlus ¶
func TimePointPlus(t *certprotos.TimePoint, d float64) *certprotos.TimePoint
func TimePointToString ¶
func TimePointToString(tp *certprotos.TimePoint) string
func UnprotectBlob ¶
func UnprotectBlob(enclaveType string, k *certprotos.KeyMessage, blob []byte) []byte
func ValidateExtendedGramineEvidence ¶
func ValidateExtendedGramineEvidence(pubPolicyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, policyPool *PolicyPool, purpose string) (bool, *certprotos.VseClause, []byte)
returns success, toProve, measurement
func ValidateGramineEvidence ¶
func ValidateGramineEvidence(pubPolicyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, policyPool *PolicyPool, purpose string) (bool, *certprotos.VseClause, []byte)
returns success, toProve, measurement
func ValidateInternalEvidence ¶
func ValidateInternalEvidence(pubPolicyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, policyPool *PolicyPool, purpose string) (bool, *certprotos.VseClause, []byte)
returns success, toProve, measurement
func ValidateIsletEvidence ¶
func ValidateIsletEvidence(pubPolicyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, policyPool *PolicyPool, purpose string) (bool, *certprotos.VseClause, []byte)
returns success, toProve, measurement
func ValidateKeystoneEvidence ¶
func ValidateKeystoneEvidence(pubPolicyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, policyPool *PolicyPool, purpose string) (bool, *certprotos.VseClause, []byte)
returns success, toProve, measurement
func ValidateOeEvidence ¶
func ValidateOeEvidence(pubPolicyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, policyPool *PolicyPool, purpose string) (bool, *certprotos.VseClause, []byte)
returns success, toProve, measurement
func ValidateSevEvidence ¶
func ValidateSevEvidence(pubPolicyKey *certprotos.KeyMessage, evp *certprotos.EvidencePackage, policyPool *PolicyPool, purpose string) (bool, *certprotos.VseClause, []byte)
returns success, toProve, measurement
func VerifyAdmissionCert ¶
func VerifyAdmissionCert(policyCert *x509.Certificate, cert *x509.Certificate) bool
func VerifyExternalProofStep ¶
func VerifyExternalProofStep(tree *PredicateDominance, step *certprotos.ProofStep) bool
func VerifyInternalProofStep ¶
func VerifyInternalProofStep(tree *PredicateDominance, c1 *certprotos.VseClause, c2 *certprotos.VseClause, c *certprotos.VseClause, rule int) bool
func VerifyIsletAttestation ¶
func VerifyIsletAttestation(serialized []byte, k *certprotos.KeyMessage) []byte
Returns measurement serialized is the serialized islet_attestation_message
func VerifyKeystoneAttestation ¶
func VerifyKeystoneAttestation(serialized []byte, k *certprotos.KeyMessage) []byte
Returns measurement serialized is the serialized keystone_attestation_message
func VerifyProof ¶
func VerifyProof(policyKey *certprotos.KeyMessage, toProve *certprotos.VseClause, p *certprotos.Proof, ps *certprotos.ProvedStatements) bool
func VerifyReport ¶
func VerifyReport(etype string, pk *certprotos.KeyMessage, serialized []byte) bool
func VerifyRule1 ¶
func VerifyRule1(tree *PredicateDominance, c1 *certprotos.VseClause, c2 *certprotos.VseClause, c *certprotos.VseClause) bool
R1: If measurement is-trusted and key1 speaks-for measurement then key1 is-trusted-for-authentication. R1: If environment is-trusted and key1 speaks-for environment then key1 is-trusted-for-authentication.
func VerifyRule10 ¶
func VerifyRule10(tree *PredicateDominance, c1 *certprotos.VseClause, c2 *certprotos.VseClause, c *certprotos.VseClause) bool
R10: If environment[platform, measurement] environment-platform-is-trusted AND
environment[platform, measurement] environment-measurement-is-trusted then environment[platform, measurement] is-trusted
func VerifyRule11 ¶
func VerifyRule11(tree *PredicateDominance, c1 *certprotos.VseClause, c2 *certprotos.VseClause, c *certprotos.VseClause) bool
R11: if measurement is-trusted
and key speaks-for measurement then key is-trusted-for-key-provision
func VerifyRule2 ¶
func VerifyRule2(tree *PredicateDominance, c1 *certprotos.VseClause, c2 *certprotos.VseClause, c *certprotos.VseClause) bool
R2: If key2 speaks-for key1 and key3 speaks-for key2 then key3 speaks-for key1
func VerifyRule3 ¶
func VerifyRule3(tree *PredicateDominance, c1 *certprotos.VseClause, c2 *certprotos.VseClause, c *certprotos.VseClause) bool
R3: If key1 is-trusted and key1 says X, then X is true
func VerifyRule4 ¶
func VerifyRule4(tree *PredicateDominance, c1 *certprotos.VseClause, c2 *certprotos.VseClause, c *certprotos.VseClause) bool
R4: If key2 speaks-for key1 and key1 is-trusted then key2 is-trusted
func VerifyRule5 ¶
func VerifyRule5(tree *PredicateDominance, c1 *certprotos.VseClause, c2 *certprotos.VseClause, c *certprotos.VseClause) bool
R5: If key1 is-trustedXXX and key1 says key2 is-trustedYYY then key2 is-trustedYYY provided is-trustedXXX dominates is-trustedYYY
func VerifyRule6 ¶
func VerifyRule6(tree *PredicateDominance, c1 *certprotos.VseClause, c2 *certprotos.VseClause, c *certprotos.VseClause) bool
R6: if key1 is-trustedXXX
and key1 says key2 speaks-for measurement then key2 speaks-for measurement provided is-trustedXXX dominates is-trusted-for-attestation OR key1 says key2 speaks-for environment then key2 speaks-for environment provided is-trustedXXX dominates is-trusted-for-attestation OR key1 says env is-environment then is-trustedXXX dominates is-trusted-for-attestation
func VerifyRule7 ¶
func VerifyRule7(tree *PredicateDominance, c1 *certprotos.VseClause, c2 *certprotos.VseClause, c *certprotos.VseClause) bool
R7: If measurement is-trusted and key1 speaks-for measurement then key1 is-trusted-for-attestation OR
If environment is-trusted and key1 speaks-for environment then key1 is-trusted-for-sttestation
func VerifyRule8 ¶
func VerifyRule8(tree *PredicateDominance, c1 *certprotos.VseClause, c2 *certprotos.VseClause, c *certprotos.VseClause) bool
R8: If environment[platform, measurement] is-environment AND platform-template
has-trusted-platform-property then environment[platform, measurement]
func VerifyRule9 ¶
func VerifyRule9(tree *PredicateDominance, c1 *certprotos.VseClause, c2 *certprotos.VseClause, c *certprotos.VseClause) bool
R9: If environment[platform, measurement] is-environment AND measurement is-trusted then
environment[platform, measurement] environment-measurement is-trusted
func VerifySevAttestation ¶
func VerifySevAttestation(serialized []byte, k *certprotos.KeyMessage) []byte
Returns measurement serialized is the serialized sev_attestation_message
func VerifySignedAssertion ¶
func VerifySignedAssertion(scm certprotos.SignedClaimMessage, k *certprotos.KeyMessage, vseClause *certprotos.VseClause) bool
func VerifySignedClaim ¶
func VerifySignedClaim(c *certprotos.SignedClaimMessage, k *certprotos.KeyMessage) bool
func X509ToAsn1 ¶
func X509ToAsn1(cert *x509.Certificate) []byte
Types ¶
type CertKeysSeen ¶
type CertKeysSeen struct {
// contains filtered or unexported fields
}
type CertSeenList ¶
type CertSeenList struct {
// contains filtered or unexported fields
}
type PolicyPool ¶
type PolicyPool struct { Initialized bool // Contains all the policy statements AllPolicy *certprotos.ProvedStatements // Contains platform key policy statements PlatformKeyPolicy *certprotos.ProvedStatements // Contains trusted measurement statements MeasurementPolicy *certprotos.ProvedStatements // Contains platform features statements PlatformFeaturePolicy *certprotos.ProvedStatements }
type PredicateDominance ¶
type PredicateDominance struct { Predicate string FirstChild *PredicateDominance Next *PredicateDominance }
func FindNode ¶
func FindNode(node *PredicateDominance, pred string) *PredicateDominance