attestationreport

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 23, 2022 License: Apache-2.0 Imports: 26 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DecodeSnpReport added in v0.4.0 

func DecodeSnpReport(report []byte) (snpreport, error)

func Generate added in v0.2.0 

func Generate(nonce []byte, metadata [][]byte, measurements []Measurement, s Serializer) ([]byte, error)

Generate generates an attestation report with the provided nonce 'nonce' and manifests and descriptions 'metadata'. The manifests and descriptions must be either raw JWS tokens in the JWS JSON full serialization format or CBOR COSE tokens. Takes a list of 'measurements' implementing the attestation report 'Measurer' interface providing a method for collecting the measurements from a hardware or software interface

func Sign added in v0.2.0 

func Sign(report []byte, signer Signer, s Serializer) (bool, []byte)

Sign signs the attestation report with the specified signer 'signer'

Types

type AppDescription 

type AppDescription struct {
	Type        string              `json:"type" cbor:"0,keyasint,omitempty"`
	Name        string              `json:"name" cbor:"1,keyasint,omitempty"`
	AppManifest string              `json:"appManifest" cbor:"2,keyasint,omitempty"` // Links to App Manifest.Name
	External    []ExternalInterface `json:"externalConnections" cbor:"3,keyasint"`
}

AppDescription represents the attestation report element of type 'App Description'

type AppManifest 

type AppManifest struct {
	Type               string           `json:"type" cbor:"0,keyasint"`
	Name               string           `json:"name" cbor:"1,keyasint"`
	DevCommonName      string           `json:"developerCommonName"  cbor:"2,keyasint"`
	Version            string           `json:"version" cbor:"3,keyasint"`
	Oss                []string         `json:"oss" cbor:"4,keyasint"` // Links to OsManifest.Name
	Description        string           `json:"description" cbor:"5,keyasint"`
	CertificationLevel int              `json:"certificationLevel" cbor:"6,keyasint"`
	Validity           Validity         `json:"validity" cbor:"7,keyasint"`
	ReferenceValues    []ReferenceValue `json:"referenceValues" cbor:"8,keyasint"`
}

AppManifest represents the attestation report element of type 'App Manifest'

type ArPacked added in v0.5.0 

type ArPacked struct {
	Type               string          `json:"type" cbor:"0,keyasint"`
	TpmM               *TpmMeasurement `json:"tpmMeasurement,omitempty" cbor:"1,keyasint,omitempty"`
	SnpM               *SnpMeasurement `json:"snpMeasurement,omitempty" cbor:"2,keyasint,omitempty"`
	SWM                []SwMeasurement `json:"swMeasurements,omitempty" cbor:"3,keyasint,omitempty"`
	RtmManifest        []byte          `json:"rtmManifests" cbor:"4,keyasint"`
	OsManifest         []byte          `json:"osManifest" cbor:"5,keyasint"`
	AppManifests       [][]byte        `json:"appManifests,omitempty" cbor:"6,keyasint,omitempty"`
	CompanyDescription []byte          `json:"companyDescription,omitempty" cbor:"7,keyasint,omitempty"`
	DeviceDescription  []byte          `json:"deviceDescription" cbor:"8,keyasint"`
	Nonce              []byte          `json:"nonce" cbor:"9,keyasint"`
}

ArPacked represents the attestation report in JWS/COSE format with its contents already in signed JWS/COSE format

type ArPlain 

type ArPlain struct {
	Type               string              `json:"type" cbor:"0,keyasint"`
	TpmM               *TpmMeasurement     `json:"tpmMeasurement,omitempty" cbor:"1,keyasint,omitempty"`
	SnpM               *SnpMeasurement     `json:"snpMeasurement,omitempty" cbor:"2,keyasint,omitempty"`
	IasM               *IasMeasurement     `cbor:"10,keyasint,omitempty"`
	SWM                []SwMeasurement     `json:"swMeasurements,omitempty" cbor:"3,keyasint,omitempty"`
	RtmManifest        RtmManifest         `json:"rtmManifest" cbor:"4,keyasint"`
	OsManifest         OsManifest          `json:"osManifest" cbor:"5,keyasint"`
	AppManifests       []AppManifest       `json:"appManifests,omitempty" cbor:"6,keyasint,omitempty"`
	CompanyDescription *CompanyDescription `json:"companyDescription,omitempty" cbor:"7,keyasint,omitempty"`
	DeviceDescription  DeviceDescription   `json:"deviceDescription" cbor:"8,keyasint"`
	Nonce              []byte              `json:"nonce" cbor:"9,keyasint"`
}

ArPlain represents the attestation report with its plain elements

type BooleanMatch added in v0.4.0 

type BooleanMatch struct {
	Success  bool `json:"success"`
	Claimed  bool `json:"claimed"`
	Measured bool `json:"measured"`
}

type CborSerializer added in v0.5.0 

type CborSerializer struct{}

func (CborSerializer) GetPayload added in v0.5.0 

func (s CborSerializer) GetPayload(raw []byte) ([]byte, error)

func (CborSerializer) Marshal added in v0.5.0 

func (s CborSerializer) Marshal(v any) ([]byte, error)

func (CborSerializer) Sign added in v0.5.0 

func (s CborSerializer) Sign(report []byte, signer Signer) (bool, []byte)

func (CborSerializer) Unmarshal added in v0.5.0 

func (s CborSerializer) Unmarshal(data []byte, v any) error

func (CborSerializer) VerifyToken added in v0.5.0 

func (s CborSerializer) VerifyToken(data []byte, roots []*x509.Certificate) (TokenResult, []byte, bool)

type CertChain added in v0.4.0 

type CertChain struct {
	Leaf          []byte   `json:"leaf" cbor:"0,keyasint"`
	Intermediates [][]byte `json:"intermediates" cbor:"1,keyasint"`
	Ca            []byte   `json:"ca" cbor:"2,keyasint"`
}

CertChain is a helper struct for certificate chains, consisting of a leaf certificate, an arbitrary number of intermediate (sub-CA) certificates and a CA certificate

type CertParams 

type CertParams struct {
	Type    string   `json:"type" cbor:"0,keyasint"`
	Subject Name     `json:"subject,omitempty" cbor:"1,keyasint,omitempty"`
	SANs    []string `json:"sans,omitempty" cbor:"2,keyasint,omitempty"`
}

CertParams contains params of an x.509 certificate. The tpm module cannot send an AK CSR to the server, as the AK is a restricted key which does not allow signing of non-TPM-based objects such as CSRs. Therefore, pass the certificate parameters encoded in this structure

type CompDescResult added in v0.2.0 

type CompDescResult struct {
	Name           string            `json:"name"`
	CompCertLevel  int               `json:"compCertLevel"` // Overall certification level for the company operating the device
	Summary        ResultMulti       `json:"resultSummary"`
	SignatureCheck []SignatureResult `json:"signatureValidation"` // Results for validation of the Description Signatures and the used certificates
	ValidityCheck  Result            `json:"validityCheck"`       // Result from checking the validity of the manifest
}

CompDescResult represents the results of the validation of the Company Description and its mapping to the used device certificate

type CompanyDescription 

type CompanyDescription struct {
	Type               string   `json:"type" cbor:"0,keyasint"`
	DN                 string   `json:"dn" cbor:"1,keyasint"`
	CertificationLevel int      `json:"certificationLevel" cbor:"2,keyasint"`
	Description        string   `json:"description" cbor:"3,keyasint"`
	Validity           Validity `json:"validity" cbor:"4,keyasint"`
}

CompanyDescription represents the attestation report element of type 'Company Description'

type DevDescResult added in v0.2.0 

type DevDescResult struct {
	Summary             ResultMulti       `json:"resultSummary"`
	CorrectRtm          Result            `json:"correctRtm"`          // Result for comparison of RTM in the Device Description and the provided RTM Manifest
	CorrectOs           Result            `json:"correctOs"`           // Result for comparison of OS in the Device Description and the provided OS Manifest
	CorrectApps         ResultMulti       `json:"correctApps"`         // Result for comparison of App List in the Device Description and the provided App Manifest
	RtmOsCompatibility  Result            `json:"rtmOsCompatibility"`  // Result for consistency check for mapping from OS Manifest to RTM Manifest
	OsAppsCompatibility ResultMulti       `json:"osAppCompatibility"`  // Result for consistency check for mapping from App Manifests to OS Manifest
	SignatureCheck      []SignatureResult `json:"signatureValidation"` // Results for validation of the Device Description Signature(s) and the used certificates
}

DevDescResult represents the results of the validation of the Device Description in the Attestation Report

type DeviceDescription added in v0.2.0 

type DeviceDescription struct {
	Type            string               `json:"type" cbor:"0,keyasint"`
	Fqdn            string               `json:"fqdn" cbor:"1,keyasint"`
	Description     string               `json:"description" cbor:"2,keyasint"`
	Location        string               `json:"location" cbor:"3,keyasint"`
	RtmManifest     string               `json:"rtmManifest" cbor:"4,keyasint"`
	OsManifest      string               `json:"osManifest" cbor:"5,keyasint"`
	AppDescriptions []AppDescription     `json:"appDescriptions" cbor:"6,keyasint"`
	Internal        []InternalConnection `json:"internalConnections" cbor:"7,keyasint"`
	External        []ExternalInterface  `json:"externalEndpoints" cbor:"8,keyasint"`
}

DeviceDescription represents the attestation report element of type 'Device Description'

type ExternalInterface 

type ExternalInterface struct {
	Type        string `json:"type" cbor:"0,keyasint"`
	AppEndpoint string `json:"appEndpoint" cbor:"1,keyasint"` // Links to AppManifest.Endpoint
	Interface   string `json:"interface" cbor:"2,keyasint"`   // Links to AppDescription.Name
	Port        int    `json:"port" cbor:"3,keyasint"`        // Links to App Manifest.Endpoint
}

ExternalInterface represents the attestation report element of type 'External Interface'

type HashChainElem 

type HashChainElem struct {
	Type   string    `json:"type" cbor:"0,keyasint"`
	Pcr    int32     `json:"pcr" cbor:"1,keyasint"`
	Sha256 []HexByte `json:"sha256" cbor:"2,keyasint"`
}

HashChainElem represents the attestation report element of type 'Hash Chain' embedded in 'TPM Measurement'

type HexByte added in v0.5.0 

type HexByte []byte

Custom type for JSON unmarshaller as byte arrays are encoded as hex strings in JSON but used as byte arrays internally and by CBOR encoding

func (*HexByte) MarshalJSON added in v0.5.0 

func (h *HexByte) MarshalJSON() ([]byte, error)

MarshalJSON marshalls a byte array into a hex string

func (*HexByte) UnmarshalJSON added in v0.5.0 

func (h *HexByte) UnmarshalJSON(data []byte) error

UnmarshalJSON unmarshalls JSON hex strings into byte arrays

type IasMeasurement added in v0.5.0 

type IasMeasurement struct {
	Type   string    `json:"type" cbor:"0,keyasint"`
	Report []byte    `json:"blob" cbor:"1,keyasint"`
	Certs  CertChain `json:"certs" cbor:"2,keyasint"`
}

IasMeasurement represents the attestation report element of type 'IAS Measurement' signed by the device

type IasMeasurementResult added in v0.5.0 

type IasMeasurementResult struct {
	Summary             Result          `json:"resultSummary"`
	FreshnessCheck      Result          `json:"quoteFreshness"`
	ReferenceValueCheck ResultMulti     `json:"referenceValueCheck"`
	IasSignature        SignatureResult `json:"reportSignatureCheck"`
}

IasMeasurementResult represents the results for the verification of ARM PSA Initial Attestation Service Token measurements

type Iat added in v0.5.0 

type Iat struct {
	ProfileDefinition string        `cbor:"-75000,keyasint"`
	ClientId          int           `cbor:"-75001,keyasint"`
	LifeCycle         uint16        `cbor:"-75002,keyasint"`
	ImplementationId  [32]byte      `cbor:"-75003,keyasint"`
	BootSeed          [32]byte      `cbor:"-75004,keyasint"`
	HwVersion         string        `cbor:"-75005,keyasint"`
	SwComponents      []SwComponent `cbor:"-75006,keyasint"`
	NoSwMeasurements  int           `cbor:"-75007,keyasint"`
	AuthChallenge     []byte        `cbor:"-75008,keyasint"`
	InstanceId        [33]byte      `cbor:"-75009,keyasint"`
	Vsi               string        `cbor:"-75010,keyasint,omitempty"`
}

type InternalConnection 

type InternalConnection struct {
	Type         string `json:"type" cbor:"0,keyasint"`
	NameAppA     string `json:"nameAppA" cbor:"1,keyasint"`     // Links to AppDescription.Name
	EndpointAppA string `json:"endpointAppA" cbor:"2,keyasint"` // Links to AppManifest.Endpoint
	NameAppB     string `json:"nameAppB" cbor:"3,keyasint"`     // Links to AppDescription.Name
	EndpointAppB string `json:"endpointAppB" cbor:"4,keyasint"` // Links to AppManifest.Endpoint
}

InternalConnection represents the attestation report element of type 'Internal Connection'

type JsonSerializer added in v0.5.0 

type JsonSerializer struct{}

func (JsonSerializer) GetPayload added in v0.5.0 

func (s JsonSerializer) GetPayload(raw []byte) ([]byte, error)

func (JsonSerializer) Marshal added in v0.5.0 

func (s JsonSerializer) Marshal(v any) ([]byte, error)

func (JsonSerializer) Sign added in v0.5.0 

func (s JsonSerializer) Sign(report []byte, signer Signer) (bool, []byte)

Sign signs the attestation report with the specified signer 'signer'

func (JsonSerializer) Unmarshal added in v0.5.0 

func (s JsonSerializer) Unmarshal(data []byte, v any) error

func (JsonSerializer) VerifyToken added in v0.5.0 

func (s JsonSerializer) VerifyToken(data []byte, roots []*x509.Certificate) (TokenResult, []byte, bool)

VerifyToken verifies signatures and certificate chains for JWS tokens

type ManifestResult added in v0.2.0 

type ManifestResult struct {
	Name           string            `json:"name"`
	Summary        ResultMulti       `json:"resultSummary"`
	SignatureCheck []SignatureResult `json:"signatureValidation"` // Results for validation of the Manifest Signatures and the used certificates
	ValidityCheck  Result            `json:"validityCheck"`       // Result from checking the validity of the manifest
}

ManifestResult represents the results of the validation of a manifest provided in the Attestation Report

type Measurement 

type Measurement interface{}

Measurement is a generic interface for a Measurement, such as a TpmMeasurement

type MeasurementResult added in v0.2.0 

type MeasurementResult struct {
	TpmMeasResult *TpmMeasurementResult `json:"tpm,omitempty"`
	SnpMeasResult *SnpMeasurementResult `json:"snp,omitempty"`
	IasMeasResult *IasMeasurementResult `json:"ias,omitempty"`
	SwMeasResult  []SwMeasurementResult `json:"sw,omitempty"`
}

MeasurementResult represents the results of the comparison of reference values and measurements. The used attributes depend on the technologies used for calculating the measurements

type Measurer 

type Measurer interface {
	Measure(nonce []byte) (Measurement, error)
}

Measurer is an interface implementing the Measure method for each type of measurement Each type of interface that is capable of providing measurements (such as the tpmw module) is expected to implement this method. The attestationreport module will call this method to retrieve the measurements of the platform during attestation report generation.

type Name 

type Name struct {
	CommonName         string        `json:"commonName,omitempty" cbor:"0,keyasint,omitempty"`
	Country            string        `json:"country,omitempty" cbor:"1,keyasint,omitempty"`
	Organization       string        `json:"organization,omitempty" cbor:"2,keyasint,omitempty"`
	OrganizationalUnit string        `json:"organizationalUnit,omitempty" cbor:"3,keyasint,omitempty"`
	Locality           string        `json:"locality,omitempty" cbor:"4,keyasint,omitempty"`
	Province           string        `json:"province,omitempty" cbor:"5,keyasint,omitempty"`
	StreetAddress      string        `json:"streetAddress,omitempty" cbor:"6,keyasint,omitempty"`
	PostalCode         string        `json:"postalCode,omitempty" cbor:"7,keyasint,omitempty"`
	Names              []interface{} `json:"names,omitempty" cbor:"8,keyasint,omitempty"`
}

Name is the PKIX Name for CertParams

type OsManifest 

type OsManifest struct {
	Type               string           `json:"type" cbor:"0,keyasint"`
	Name               string           `json:"name" cbor:"1,keyasint"`
	DevCommonName      string           `json:"developerCommonName" cbor:"2,keyasint"`
	Version            string           `json:"version" cbor:"3,keyasint"`
	Rtms               []string         `json:"rtms" cbor:"4,keyasint"` // Links to Type RtmManifest.Name
	Description        string           `json:"description" cbor:"5,keyasint"`
	CertificationLevel int              `json:"certificationLevel" cbor:"6,keyasint"`
	Validity           Validity         `json:"validity" cbor:"7,keyasint"`
	ReferenceValues    []ReferenceValue `json:"referenceValues" cbor:"8,keyasint"`
}

OsManifest represents the attestation report element of type 'OsManifest'

type PcrResult added in v0.2.0 

type PcrResult struct {
	Pcr        int         `json:"pcr"` // Number for the PCR which was validated
	Validation ResultMulti `json:"validation"`
}

PcrResult represents the results for the recalculation of a specific PCR

type Policies added in v0.4.0 

type Policies interface{}

type PolicyCheck added in v0.4.0 

type PolicyCheck struct {
	Summary      Result       `json:"resultSummary"`
	Abi          VersionCheck `json:"abi"`
	Smt          BooleanMatch `json:"smt"`
	Migration    BooleanMatch `json:"migration"`
	Debug        BooleanMatch `json:"debug"`
	SingleSocket BooleanMatch `json:"singleSocket"`
}

type PolicyValidator added in v0.4.0 

type PolicyValidator interface {
	Validate(result VerificationResult) bool
}

type ReferenceValue added in v0.5.0 

type ReferenceValue struct {
	Type   string      `json:"type" cbor:"0,keyasint"`
	Sha256 HexByte     `json:"sha256,omitempty" cbor:"1,keyasint,omitempty"`
	Sha384 HexByte     `json:"sha384,omitempty" cbor:"2,keyasint,omitempty"`
	Name   string      `json:"name,omitempty" cbor:"3,keyasint,omitempty"`
	Pcr    *int        `json:"pcr,omitempty" cbor:"4,keyasint,omitempty"`
	Snp    *SnpDetails `json:"snp,omitempty" cbor:"5,keyasint,omitempty"`
}

ReferenceValue represents the attestation report element of types 'SNP Reference Value', 'TPM Reference Value' and 'SW Reference Value'

type Result added in v0.2.0 

type Result struct {
	Success bool   `json:"success"`
	Details string `json:"details,omitempty"` // Details on the issue which was detected during validation, remains empty if validation was successful
}

Result is a generic type for storing a boolean result value and details on the validation (used in case of errors)

type ResultMulti added in v0.3.0 

type ResultMulti struct {
	Success bool     `json:"success"`
	Details []string `json:"details,omitempty"` // Details on the issue which was detected during validation, remains empty if validation was successful
}

ResultMulti is a generic type for storing a boolean result value and possibly multiple details on the validation (used in case of errors)

type RtmManifest 

type RtmManifest struct {
	Type               string           `json:"type" cbor:"0,keyasint"`
	Name               string           `json:"name" cbor:"1,keyasint"`
	DevCommonName      string           `json:"developerCommonName" cbor:"2,keyasint"`
	Version            string           `json:"version" cbor:"3,keyasint"`
	Description        string           `json:"description" cbor:"4,keyasint"`
	CertificationLevel int              `json:"certificationLevel" cbor:"5,keyasint"`
	Validity           Validity         `json:"validity" cbor:"6,keyasint"`
	ReferenceValues    []ReferenceValue `json:"referenceValues" cbor:"7,keyasint"`
}

RtmManifest represents the attestation report element of type 'RTM Manifest'

type Serializer added in v0.5.0 

type Serializer interface {
	GetPayload(raw []byte) ([]byte, error)
	Marshal(v any) ([]byte, error)
	Unmarshal(data []byte, v any) error
	Sign(report []byte, signer Signer) (bool, []byte)
	VerifyToken(data []byte, roots []*x509.Certificate) (TokenResult, []byte, bool)
}

Serializer is a generic interface providing methods for data serialization and de-serialization. This enables to generate and verify attestation reports in different formats, such as JSON/JWS or CBOR/COSE

type SignatureResult added in v0.2.0 

type SignatureResult struct {
	Name            string       `json:"commonName"`             // Name of the certificate used for calculating the signature
	Organization    []string     `json:"organization"`           // Name of the organization the signer belongs to
	SubjectKeyId    string       `json:"subjectKeyIdentifier"`   // Hex-encoded certificate Subject Key Identifier
	AuthorityKeyId  string       `json:"authoritykeyidentifier"` // Hex-encoded certificate autorithy key identifier
	Signature       Result       `json:"signatureVerification"`  // Result from checking the signature has been calculated with this certificate
	CertCheck       Result       `json:"certChainValidation"`    // Result from validatint the certification chain back to a shared root of trust
	RoleCheck       *Result      `json:"roleCheck,omitempty"`    // Result for checking the role in the certificate (optional)
	ExtensionsCheck *ResultMulti `json:"extensionsCheck,omitempty"`
}

SignatureResults represents the results for validation of a provided signature and the used certificates

type Signer added in v0.4.0 

type Signer interface {
	Lock()
	Unlock()
	GetSigningKeys() (crypto.PrivateKey, crypto.PublicKey, error)
	GetCertChain() CertChain
}

type Signing added in v0.4.0 

type Signing interface{}

Signer is a generic interface for an entity capable of signing an attestation report, such as a TPM or other hardware interface

type SnpDetails added in v0.4.0 

type SnpDetails struct {
	Version uint32    `json:"version" cbor:"0,keyasint"`
	KeyId   string    `json:"caKeyId" cbor:"1,keyasint"`
	Policy  SnpPolicy `json:"policy" cbor:"2,keyasint"`
	Fw      SnpFw     `json:"fw" cbor:"3,keyasint"`
	Tcb     SnpTcb    `json:"tcb" cbor:"4,keyasint"`
}

type SnpFw added in v0.4.0 

type SnpFw struct {
	Build uint8 `json:"build" cbor:"0,keyasint"`
	Major uint8 `json:"major" cbor:"1,keyasint"`
	Minor uint8 `json:"minor" cbor:"2,keyasint"`
}

type SnpMeasurement added in v0.4.0 

type SnpMeasurement struct {
	Type   string    `json:"type" cbor:"0,keyasint"`
	Report []byte    `json:"blob" cbor:"1,keyasint"`
	Certs  CertChain `json:"certs" cbor:"2,keyasint"`
}

SnpMeasurement represents the attestation report element of type 'SNP Measurement' signed by the device

type SnpMeasurementResult added in v0.4.0 

type SnpMeasurementResult struct {
	Summary             Result          `json:"resultSummary"`
	Freshness           Result          `json:"freshness"`
	Signature           SignatureResult `json:"signature"`
	MeasurementMatch    Result          `json:"measurementMatch"`
	VersionMatch        Result          `json:"reportVersionMatch"`
	FwCheck             VersionCheck    `json:"fwCheck"`
	TcbCheck            TcbCheck        `json:"tcbCheck"`
	PolicyCheck         PolicyCheck     `json:"policyCheck"`
	ReferenceValueCheck ResultMulti     `json:"referenceValueCheck"` // Checks that every SNP Reference Value was part of the measurements
}

SnpMeasurementResult represents the results for the verification of AMD SEV SNP measurements

type SnpPolicy added in v0.4.0 

type SnpPolicy struct {
	Type         string `json:"type" cbor:"0,keyasint"`
	SingleSocket bool   `json:"singleSocket" cbor:"1,keyasint"`
	Debug        bool   `json:"debug" cbor:"2,keyasint"`
	Migration    bool   `json:"migration" cbor:"3,keyasint"`
	Smt          bool   `json:"smt" cbor:"4,keyasint"`
	AbiMajor     uint8  `json:"abiMajor" cbor:"5,keyasint"`
	AbiMinor     uint8  `json:"abiMinor" cbor:"6,keyasint"`
}

type SnpTcb added in v0.4.0 

type SnpTcb struct {
	Bl    uint8 `json:"bl" cbor:"0,keyasint"`
	Tee   uint8 `json:"tee" cbor:"1,keyasint"`
	Snp   uint8 `json:"snp" cbor:"2,keyasint"`
	Ucode uint8 `json:"ucode" cbor:"3,keyasint"`
}

type SwComponent added in v0.5.0 

type SwComponent struct {
	MeasurementType        string `cbor:"1,keyasint"`
	MeasurementValue       []byte `cbor:"2,keyasint"`
	Version                string `cbor:"4,keyasint"`
	SignerId               []byte `cbor:"5,keyasint"`
	MeasurementDescription string `cbor:"6,keyasint"`
}

type SwMeasurement 

type SwMeasurement struct {
	Type   string  `json:"type" cbor:"0,keyasint"`
	Name   string  `json:"name" cbor:"1,keyasint"`
	Sha256 HexByte `json:"sha256" cbor:"2,keyasint"`
}

SwMeasurement represents the attestation report element of type 'Software Measurement'

type SwMeasurementResult added in v0.2.0 

type SwMeasurementResult struct {
	MeasName   string `json:"measurementName"`    // Name associated with the measurement used for validation
	VerName    string `json:"referenceValueName"` // Name of the reference value information used for validation
	Validation Result `json:"validation"`
}

SwMeasurementResult represents the results for the reference values of a software measurement (currently only used for app reference values)

type TcbCheck added in v0.4.0 

type TcbCheck struct {
	Summary Result       `json:"resultSummary"`
	Bl      VersionCheck `json:"bl"`
	Tee     VersionCheck `json:"tee"`
	Snp     VersionCheck `json:"Snp"`
	Ucode   VersionCheck `json:"ucode"`
}

type TokenResult added in v0.5.0 

type TokenResult struct {
	Summary        ResultMulti       `json:"resultSummary"`
	SignatureCheck []SignatureResult `json:"signatureValidation"`
}

TokenResult is a helper struct for the validation of JWS or COSE tokens focussing on the validation of the provided signatures

type TpmMeasurement 

type TpmMeasurement struct {
	Type      string           `json:"type" cbor:"0,keyasint"`
	Message   HexByte          `json:"message" cbor:"1,keyasint"`
	Signature HexByte          `json:"signature" cbor:"2,keyasint"`
	Certs     CertChain        `json:"certs" cbor:"3,keyasint"`
	HashChain []*HashChainElem `json:"hashChain" cbor:"4,keyasint"`
}

TpmMeasurement represents the attestation report element of type 'TPM Measurement'

type TpmMeasurementResult added in v0.2.0 

type TpmMeasurementResult struct {
	Summary             Result          `json:"resultSummary"`
	PcrRecalculation    []PcrResult     `json:"pcrRecalculation"`    // Result for validation whether the measured PCR values match the provided reference values
	AggPcrQuoteMatch    Result          `json:"aggPcrQuoteMatch"`    // Result for comparing the aggregated PCR values with the value in the TPM Quote
	QuoteFreshness      Result          `json:"quoteFreshness"`      // Result for comparison of the expected nonce to the one provided in the TPM Quote
	QuoteSignature      SignatureResult `json:"quoteSignature"`      // Results for validation of the TPM Quote Signature and the used certificates
	ReferenceValueCheck ResultMulti     `json:"referenceValueCheck"` // Checks that every TPM Reference Value was part of the measurements
}

TpmMeasurementResults represents the results of the validation of the provided TPM Quote and its comparison to the reference values in the manifests

type Type added in v0.5.0 

type Type struct {
	Type string `json:"type" cbor:"0,keyasint"`
}

Type is a helper struct for just extracting the 'Type' of metadata

type Validity 

type Validity struct {
	NotBefore string `json:"notBefore" cbor:"0,keyasint"`
	NotAfter  string `json:"notAfter" cbor:"1,keyasint"`
}

Validity is a helper struct for 'Validity'

type VerificationResult 

type VerificationResult struct {
	Type            string            `json:"type"`
	Success         bool              `json:"raSuccessful"`         // Summarizing value illustrating whether any issues were detected during validation
	SwCertLevel     int               `json:"swCertLevel"`          // Overall certification level for the entire software stack (the minimum of all CertificationLevels in the used manifests)
	FreshnessCheck  Result            `json:"freshnessCheck"`       // Result for comparison of the expected nonce to the one provided in the attestation report
	ReportSignature []SignatureResult `json:"reportSignatureCheck"` // Result for validation of the overall report signature
	CompDescResult  *CompDescResult   `json:"companyValidation,omitempty"`
	RtmResult       ManifestResult    `json:"rtmValidation"`
	OsResult        ManifestResult    `json:"osValidation"`
	AppResults      []ManifestResult  `json:"appValidation,omitempty"`
	MeasResult      MeasurementResult `json:"measurementValidation"`
	DevDescResult   DevDescResult     `json:"deviceDescValidation"`
	ProcessingError []string          `json:"processingError,omitempty"`  // used to document any processing errors (dependent from provided Attestation Report) which hindered a complete validation
	InternalError   bool              `json:"internalError,omitempty"`    // used to document if internal errors (independent from provided Attestation Report) occurred which hindered a complete validation
	PlainAttReport  ArPlain           `json:"validatedAttestationReport"` // The unpacked and validated attestation report content for further processing
}

VerificationResult represents the results of all steps taken during the validation of an attestation report

func Verify added in v0.2.0 

func Verify(arRaw string, nonce, casPem []byte, policies []Policies, s Serializer) VerificationResult

Verify verifies an attestation report in full serialized JWS format against the supplied nonce and CA certificate. Verifies the certificate chains of all attestation report elements as well as the measurements against the reference values and the compatibility of software artefacts.

type VersionCheck added in v0.4.0 

type VersionCheck struct {
	Success  bool  `json:"success"`
	Claimed  []int `json:"claimed"`
	Measured []int `json:"measured"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.