Documentation
¶
Index ¶
- Constants
- func EmptyEventdata(evData *EventData) bool
- func ExtKeyUsageToString(usage []x509.ExtKeyUsage) []string
- func GetMediaType(s Serializer) message.MediaType
- func GetVersion() string
- func KeyUsageToString(usage x509.KeyUsage) []string
- type Artifact
- type AttestationReport
- type BooleanMatch
- type CborSerializer
- func (s CborSerializer) GetPayload(raw []byte) ([]byte, error)
- func (s CborSerializer) Marshal(v any) ([]byte, error)
- func (s CborSerializer) Sign(data []byte, signer Driver, sel KeySelection) ([]byte, error)
- func (s CborSerializer) String() string
- func (s CborSerializer) Unmarshal(data []byte, v any) error
- func (s CborSerializer) Verify(data []byte, verifier Verifier) (MetadataResult, []byte, bool)
- type CompatibilityResult
- type CtrData
- type DigestResult
- type Driver
- type DriverConfig
- type EFIDevicePath
- type EFILoadOption
- type ErrorCode
- type EventData
- type GPTHeader
- type GPTPartitionEntry
- type Hash
- type HexByte
- type ImageDescription
- type ImageLoadEvent
- type IntelCollateral
- type JsonSerializer
- func (s JsonSerializer) GetPayload(raw []byte) ([]byte, error)
- func (s JsonSerializer) Marshal(v any) ([]byte, error)
- func (s JsonSerializer) Sign(data []byte, driver Driver, sel KeySelection) ([]byte, error)
- func (s JsonSerializer) String() string
- func (s JsonSerializer) Unmarshal(data []byte, v any) error
- func (s JsonSerializer) Verify(data []byte, verifier Verifier) (MetadataResult, []byte, bool)
- type KeySelection
- type Manifest
- type ManifestDescription
- type MeasureEvent
- type Measurement
- type MeasurementResult
- type MetaInfo
- type Metadata
- type MetadataDigest
- type MetadataResult
- type MetadataSummary
- type PCClientTaggedEvent
- type PkixExtension
- type PolicyCheck
- type Provisioner
- type QeReportResult
- type ReferenceValue
- type Result
- type RtMrHashChainElem
- type SGXAttributes
- type Serializer
- type SgxAttributesCheck
- type SgxPolicy
- type SgxResult
- type SignConfig
- type SignatureDatabase
- type SignatureResult
- type SnpFw
- type SnpGuestPolicy
- type SnpPolicy
- type SnpResult
- type SnpTcb
- type SnpVersion
- type Status
- type SwEvidence
- type TDAttributes
- type TDId
- type TcbCheck
- type TcbInfoResult
- type TcbLevelResult
- type TdAttributesCheck
- type TdxPolicy
- type TdxResult
- type TpmResult
- type UEFICertificate
- type UefiConfigurationTable
- type UefiHandoffTablePointer
- type UefiPlatformFirmwareBlob
- type UefiVariableData
- type Validity
- type VerificationResult
- type Verifier
- type VersionCheck
- type X509CertExtracted
- type X509Name
Constants ¶
View Source
const ( ARTIFACT_TYPE_PCR_SUMMARY = "PCR Summary" ARTIFACT_TYPE_PCR_EVENTLOG = "PCR Eventlog" ARTIFACT_TYPE_SW_EVENTLOG = "SW Eventlog" ARTIFACT_TYPE_TDX_COLLATERAL = "TDX Collateral" ARTIFACT_TYPE_CC_EVENTLOG = "CC Eventlog" )
View Source
const ( UNKNOWN = iota AK IK )
View Source
const ( SHA1_DIGEST_LEN = 20 SHA256_DIGEST_LEN = 32 SHA384_DIGEST_LEN = 48 )
Variables ¶
This section is empty.
Functions ¶
func EmptyEventdata ¶ added in v0.6.0
func ExtKeyUsageToString ¶ added in v0.6.0
func ExtKeyUsageToString(usage []x509.ExtKeyUsage) []string
ExtKeyUsageToString translates the internal representation of allowed extended key usage in an x509 certificate to a string array.
func GetMediaType ¶ added in v0.8.0
func GetMediaType(s Serializer) message.MediaType
GetMediaType returns the media type that corresponds to the serializer
func GetVersion ¶ added in v0.8.0
func GetVersion() string
func KeyUsageToString ¶ added in v0.6.0
KeyUsageToString translates the internal representation of allowed key usage in an x509 certificate to a string array.
Types ¶
type Artifact ¶ added in v0.7.2
type Artifact struct {
Type string `json:"type" cbor:"0,keyasint"`
Index int `json:"index" cbor:"1,keyasint"`
Events []MeasureEvent `json:"events,omitempty" cbor:"3,keyasint,omitempty"`
}
Artifact represents the digests of a measurement. If the type is 'PCR Summary', 'Events' contains the final PCR value of PCR 'Pcr' and 'Index' contains the number of the PCR. If the type is 'PCR Eventlog', 'Events' contains a list of the extends that lead to the final PCR value and 'Index' contains the number of the PCR. The list is retrieved by the prover, e.g., from the TPM binary bios measurements list or the IMA runtime measurements list. If the type is 'SW Eventlog', 'Events' contains a list of digests that have been recorded as SW measurements If the type is 'TDX Collateral', 'Events' contains the TDX collateral, which includes the TDX TCB info, the quoting enclave identity and the certicate revocation lists. It the type is CC Eventlog, 'Events' contains a list of the extends that lead to the final TDX RTMR value and 'Index' contains the number of the RTMR.
type AttestationReport ¶ added in v0.6.0
type AttestationReport struct {
Version string `json:"version" cbor:"0,keyasint"`
Type string `json:"type" cbor:"1,keyasint"`
Measurements []Measurement `json:"measurements,omitempty" cbor:"2,keyasint,omitempty"`
Metadata []MetadataDigest `json:"metadata,omitempty" cbor:"3,keyasint,omitempty"`
}
AttestationReport represents the attestation report in JWS/COSE format with its contents already in signed JWS/COSE format
func (*AttestationReport) CheckVersion ¶ added in v0.8.0
func (report *AttestationReport) CheckVersion() error
type BooleanMatch ¶ added in v0.4.0
type CborSerializer ¶ added in v0.5.0
type CborSerializer struct{}
func (CborSerializer) GetPayload ¶ added in v0.5.0
func (s CborSerializer) GetPayload(raw []byte) ([]byte, error)
func (CborSerializer) Marshal ¶ added in v0.5.0
func (s CborSerializer) Marshal(v any) ([]byte, error)
func (CborSerializer) Sign ¶ added in v0.5.0
func (s CborSerializer) Sign(data []byte, signer Driver, sel KeySelection) ([]byte, error)
func (CborSerializer) String ¶ added in v0.8.0
func (s CborSerializer) String() string
func (CborSerializer) Unmarshal ¶ added in v0.5.0
func (s CborSerializer) Unmarshal(data []byte, v any) error
func (CborSerializer) Verify ¶ added in v0.8.0
func (s CborSerializer) Verify(data []byte, verifier Verifier) (MetadataResult, []byte, bool)
Verify verifies signatures and certificate chains of COSE messages. The verifier interface must either be a list of trusted CA certificates, or a trusted public key, or a VerifierOption, which can be using the system certificates or the embedded self-signed certificate.
type CompatibilityResult ¶ added in v0.8.0
type CompatibilityResult struct {
Summary Result `json:"result" cbor:"0,keyasint"`
DescriptionMatch []Result `json:"descriptionMatch,omitempty" cbor:"1,keyasint,omitempty"`
ManifestMatch []Result `json:"manifestMatch,omitempty" cbor:"2,keyasint,omitempty"`
ManifestCompatibility []Result `json:"manifestCompatibility,omitempty" cbor:"3,keyasint,omitempty"`
}
type CtrData ¶ added in v0.7.0
type CtrData struct {
ConfigSha256 HexByte `json:"configSha256" cbor:"0,keyasint"`
RootfsSha256 HexByte `json:"rootfsSha256" cbor:"1,keyasint"`
OciSpec *oci.Spec `json:"ociSpec,omitempty" cbor:"ociSpec,omitempty"`
}
func GetCtrDetailsFromRefVal ¶ added in v0.8.0
func GetCtrDetailsFromRefVal(r *ReferenceValue, s Serializer) *CtrData
type DigestResult ¶ added in v0.6.0
type DigestResult struct {
Success bool `json:"success" cbor:"0,keyasint"`
Launched bool `json:"launched" cbor:"1,keyasint"`
Type string `json:"type,omitempty" cbor:"2,keyasint,omitempty"`
SubType string `json:"subtype,omitempty" cbor:"3,keyasint,omitempty"`
Index int `json:"index" cbor:"4,keyasint"`
Digest string `json:"digest,omitempty" cbor:"5,keyasint,omitempty"`
Measured string `json:"measured,omitempty" cbor:"6,keyasint,omitempty"`
Description string `json:"description,omitempty" cbor:"7,keyasint,omitempty"`
EventData *EventData `json:"eventData,omitempty" cbor:"8,keyasint,omitempty"`
CtrDetails *CtrData `json:"ctrDetails,omitempty" cbor:"9,keyasint,omitempty"`
}
DigestResult represents a generic result for a digest that was processed during attestation. The Index is the unique identifier for the result: This is the number of the PCR in case of TPM reference values, the MR index according to UEFI Spec 2.10 Section 38.4.1 in case of TDX reference values, and simply a monotonic counter for other reference values.
type Driver ¶ added in v0.6.0
type Driver interface {
Init(c *DriverConfig) error
Measure(nonce []byte) ([]Measurement, error)
Lock() error
Unlock() error
GetKeyHandles(keyType KeySelection) (crypto.PrivateKey, crypto.PublicKey, error)
GetCertChain(keyType KeySelection) ([]*x509.Certificate, error)
Name() string
UpdateCerts() error
UpdateMetadata(map[string][]byte) error
}
Driver is an interface representing a driver for a hardware trust anchor, capable of providing attestation evidence and signing data. This can be e.g. a Trusted Platform Module (TPM), AMD SEV-SNP, or the ARM PSA Initial Attestation Service (IAS). The driver must be capable of performing measurements, i.e. retrieving attestation evidence, such as a TPM Quote or an SNP attestation report, as well as signing data. For measurements, the driver must provide handles for attestation keys. For signing, the driver provides handles for identity keys.
type DriverConfig ¶ added in v0.6.0
type DriverConfig struct {
StoragePath string
ServerAddr string
KeyConfig string
Metadata map[string][]byte
Ima bool
ImaPcr int
ExcludePcrs []int
Serializer Serializer
MeasurementLog bool
Ctr bool
CtrPcr int
CtrLog string
ExtCtrLog bool
CtrDriver string
EstTlsCas []*x509.Certificate
UseSystemRootCas bool
Vmpl int
ProvisionAuth internal.AuthMethod
Provisioner Provisioner
}
DriverConfig contains all configuration values required for the different drivers
type EFIDevicePath ¶ added in v0.9.2
type EFIDevicePath struct {
Type string `json:"type" cbor:"0,keyasint"`
Subtype string `json:"subtype,omitempty" cbor:"1,keyasint,omitempty"`
// - 1.1 (PCI Device Path)
Function uint8 `json:"function,omitempty" cbor:"2,keyasint,omitempty"`
Device uint8 `json:"device,omitempty" cbor:"3,keyasint,omitempty"`
// - 1.2 (PCCART Device Path)
FunctionNumber uint8 `json:"functionnumber,omitempty" cbor:"4,keyasint,omitempty"`
// - 1.3 (Memory Mapped Device Path)
MemoryType uint32 `json:"memorytype,omitempty" cbor:"5,keyasint,omitempty"`
StartAddress uint64 `json:"startaddress,omitempty" cbor:"6,keyasint,omitempty"`
EndAddress uint64 `json:"endaddress,omitempty" cbor:"7,keyasint,omitempty"`
// - 1.4 (Vendor Device Path), 3.a (Vendor-defined Messaging Device Path)
VendorGUID string `json:"vendorguid,omitempty" cbor:"8,keyasint,omitempty"`
VendorDefinedData HexByte `json:"vendordefineddata,omitempty" cbor:"9,keyasint,omitempty"`
// - 2.1 (ACPI Device Path)
HID HexByte `json:"hid,omitempty" cbor:"10,keyasint,omitempty"`
UID HexByte `json:"uid,omitempty" cbor:"11,keyasint,omitempty"`
// - 4.1 (media device path: hard drive)
PartitionNumber uint32 `json:"partitionnumber,omitempty" cbor:"12,keyasint,omitempty"`
PartitionStart uint64 `json:"partitionstart,omitempty" cbor:"13,keyasint,omitempty"`
PartitionSize uint64 `json:"partitionsize,omitempty" cbor:"14,keyasint,omitempty"`
PartitionSignature HexByte `json:"partitionsignature,omitempty" cbor:"15,keyasint,omitempty"`
PartitionFormat byte `json:"partitionformat,omitempty" cbor:"16,keyasint,omitempty"`
SignaturType byte `json:"signaturetype,omitempty" cbor:"17,keyasint,omitempty"`
// - 4.2 (media device path: CD-ROM Media Device Path)
BootEntry uint32 `json:"bootentry,omitempty" cbor:"18,keyasint,omitempty"`
// - 4.4 (media device path: file path media device path)
PathName string `json:"pathname,omitempty" cbor:"19,keyasint,omitempty"`
// - 4.5 (media device path: Media Protocol Device Path)
ProtocolGUID string `json:"protocolguid,omitempty" cbor:"20,keyasint,omitempty"`
// - 4.6 (media device path: PIWG Firmware file)
// Content defined in UEFI PI Specification II-8.3 Firmware File Media Device Path
FirmwareFileName string `json:"firmwareFileName,omitempty" cbor:"21,keyasint,omitempty"`
// - 4.9 (media device path: RAM Disk)
StartingAddress uint64 `json:"startingaddress,omitempty" cbor:"22,keyasint,omitempty"`
EndingAddress uint64 `json:"endingaddress,omitempty" cbor:"23,keyasint,omitempty"`
DiskTypeGUID string `json:"disktypeguid,omitempty" cbor:"24,keyasint,omitempty"`
DiskInstance uint16 `json:"diskinstance,omitempty" cbor:"25,keyasint,omitempty"`
// - 5.1 (BIOS Boot Specification Device Path)
DeviceType uint16 `json:"devicetype,omitempty" cbor:"26,keyasint,omitempty"`
StatusFlag uint16 `json:"statusflag,omitempty" cbor:"27,keyasint,omitempty"`
DescriptionString string `json:"descriptionstring,omitempty" cbor:"28,keyasint,omitempty"`
}
UEFI Specification Release 2.11, 10.2 EFI Device Path Protocol EFI_DEVICE_PATH_PROTOCOL
type EFILoadOption ¶ added in v0.6.0
type EFILoadOption struct {
Attributes uint32 `json:"attributes" cbor:"0,keyasint"`
// - could also get resolved to the different options UEFISpec:73
//-ex filePathListLength uint16
Description string `json:"description" cbor:"1,keyasint"`
FilepathList []EFIDevicePath `json:"filepathlist" cbor:"2,keyasint"`
// optional Data
OptionalData string `json:"optionaldata,omitempty" cbor:"3,keyasint,omitempty"`
}
UEFI Specification Release 2.11, 3.1.3 Load Options EFI_LOAD_OPTION
type ErrorCode ¶ added in v0.6.0
type ErrorCode int
const ( NotSpecified ErrorCode = iota CaFingerprint CRLCheckRoot CRLCheckPCK CRLCheckSigningCert DecodeCertChain UnknownSerialization DownloadRootCRL DownloadPCKCRL EvidenceLength EvidenceType Expired ExtractPubKey Internal InvalidCertLevel JWSNoSignatures JWSSignatureOrder JWSPayload JWSNoKeyOrCert JWSUnknownVerifierType COSENoSignatures COSEUnknownVerifierType MeasurementNoMatch MeasurementTypeNotSupported NotPresent NotYetValid OidLength OidNotPresent OidTag Parse ParseAR ParseX5C ParseCA ParseCAFingerprint ParseCert ParseTcbInfo ParseJSON ParseCBOR ParseMetadata ParseEvidence ParseExtensions ParseQEIdentity ParseTime PolicyEngineNotImplemented RefValTypeNotSupported SetupSystemCA SgxFmpcMismatch SgxPceidMismatch SignatureLength PolicyNotPresent RefValMultiple RefValNotPresent RefValType RefValNoMatch TcbInfoExpired TcbLevelUnsupported TcbLevelRevoked UnsupportedAlgorithm VerifyAR VerifyCertChain VerifyPCKChain VerifyMetadata VerifyPolicies VerifyQEIdentityErr VerifySignature VerifyTCBChain VerifyTcbInfo VerifyMeasurement ExtensionsCheck PcrNotSpecified ImageDescriptionNotPresent UnknownMetadata InvalidVersion NoRootManifest MultipleRootManifests VerifyEvidence VerifyAggregatedSwHash CollateralNotPresent ParseCollateral IllegalTdxMrIndex ParseKey ExtractPayload TdxVerification )
type EventData ¶ added in v0.6.0
type EventData struct {
// For certain Uefi variable information events
Uefivariabledata *UefiVariableData `json:"uefivariabledata,omitempty" cbor:"0,keyasint,omitempty"`
// For the GPT_Event
GPTHeader *GPTHeader `json:"gptheader,omitempty" cbor:"1,keyasint,omitempty"`
// For PCClientTaggedEvent
PCClientTaggedEvent *PCClientTaggedEvent `json:"pcclienttaggedevent,omitempty" cbor:"2,keyasint,omitempty"`
ImageLoadEvent *ImageLoadEvent `json:"imageloadevent,omitempty" cbor:"3,keyasint,omitempty"`
UefiHandoffTablePointer *UefiHandoffTablePointer `json:"uefihandofftablepointer,omitempty" cbor:"4,keyasint,omitempty"`
UefiPlatformFirmwareBlob *UefiPlatformFirmwareBlob `json:"uefiplatformfirmwareblob,omitempty" cbor:"5,keyasint,omitempty"`
// Used e.g. for EFI_IPL event
StringContent string `json:"stringcontent,omitempty" cbor:"6,keyasint,omitempty"`
// Generic data (when no further differentiation is implemented)
RawData HexByte `json:"rawdata,omitempty" cbor:"7,keyasint,omitempty"`
}
type GPTHeader ¶ added in v0.6.0
type GPTHeader struct {
Signature uint64 `json:"signature,omitempty" cbor:"0,keyasint,omitempty"`
Revision uint32 `json:"revision,omitempty" cbor:"1,keyasint,omitempty"`
HeaderSize uint32 `json:"headersize,omitempty" cbor:"2,keyasint,omitempty"`
HeaderCRC32 uint32 `json:"headercrc32,omitempty" cbor:"3,keyasint,omitempty"`
Reserved uint32 `json:"reserved,omitempty" cbor:"4,keyasint,omitempty"`
MyLBA uint64 `json:"mylba,omitempty" cbor:"5,keyasint,omitempty"`
AlternativeLBA uint64 `json:"alternativelba,omitempty" cbor:"6,keyasint,omitempty"`
FirstUsableLBA uint64 `json:"firstusablelba,omitempty" cbor:"7,keyasint,omitempty"`
LastUsableLBA uint64 `json:"lastusablelba,omitempty" cbor:"8,keyasint,omitempty"`
DiskGUID string `json:"diskguid,omitempty" cbor:"9,keyasint,omitempty"`
PartitionEntryLBA uint64 `json:"partitionentrylba,omitempty" cbor:"10,keyasint,omitempty"`
NumberOfPartitionEntries uint32 `json:"numberofpartitionentries,omitempty" cbor:"11,keyasint,omitempty"`
SizeOfPartitionEntry uint32 `json:"sizeofpartitionentry,omitempty" cbor:"12,keyasint,omitempty"`
PartitionEntryArrayCRC32 uint32 `json:"partitionentryarraycrc32,omitempty" cbor:"13,keyasint,omitempty"`
Partitions []GPTPartitionEntry `json:"partitions,omitempty" cbor:"13,keyasint,omitempty"`
}
type GPTPartitionEntry ¶ added in v0.6.0
type GPTPartitionEntry struct {
PartitionTypeGUID string `json:"partitiontypeguid,omitempty" cbor:"0,keyasint,omitempty"`
UniquePartitionGUID string `json:"uniquepartitionguid,omitempty" cbor:"0,keyasint,omitempty"`
StartingLBA uint64 `json:"startinglba,omitempty" cbor:"0,keyasint,omitempty"`
EndingLBA uint64 `json:"endinglba,omitempty" cbor:"0,keyasint,omitempty"`
Attributes uint64 `json:"attributes,omitempty" cbor:"0,keyasint,omitempty"`
PartitionName string `json:"partitionname,omitempty" cbor:"0,keyasint,omitempty"` //PartitionName parsed in [36] UTF16
}
type HexByte ¶ added in v0.5.0
type HexByte []byte
Custom type for JSON unmarshaller as byte arrays are encoded as hex strings in JSON but used as byte arrays internally and by CBOR encoding
func (HexByte) MarshalJSON ¶ added in v0.5.0
MarshalJSON marshalls a byte array into a hex string
func (*HexByte) UnmarshalJSON ¶ added in v0.5.0
UnmarshalJSON unmarshalls JSON hex strings into byte arrays
type ImageDescription ¶ added in v0.9.7
type ImageDescription struct {
Location string `json:"location,omitempty" cbor:"20,keyasint,omitempty"`
Descriptions []ManifestDescription `json:"descriptions,omitempty" cbor:"21,keyasint,omitempty"`
}
type ImageLoadEvent ¶ added in v0.6.0
type ImageLoadEvent struct {
ImageLocationInMemory address `json:"imagelocationinmemory" cbor:"0,keyasint"`
ImageLengthInMemory uint64 `json:"imagelengthinmemory" cbor:"1,keyasint"`
ImageLinkTimeAddress uint64 `json:"imagelinktimeaddress" cbor:"2,keyasint"`
// Omit LengthOfDevicePath uint64 (parsed as part of FilePathList)
UefiDevicePaths []EFIDevicePath `json:"uefidevicepath,omitempty" cbor:"3,keyasint,omitempty"`
}
TCG PC Client Platform Firmware Profile Specification 10.2.3 UEFI_IMAGE_LOAD_EVENT
type IntelCollateral ¶ added in v0.6.0
type JsonSerializer ¶ added in v0.5.0
type JsonSerializer struct{}
func (JsonSerializer) GetPayload ¶ added in v0.5.0
func (s JsonSerializer) GetPayload(raw []byte) ([]byte, error)
func (JsonSerializer) Marshal ¶ added in v0.5.0
func (s JsonSerializer) Marshal(v any) ([]byte, error)
func (JsonSerializer) Sign ¶ added in v0.5.0
func (s JsonSerializer) Sign(data []byte, driver Driver, sel KeySelection) ([]byte, error)
Sign signs data with the specified driver (to enable hardware-based signatures)
func (JsonSerializer) String ¶ added in v0.8.0
func (s JsonSerializer) String() string
func (JsonSerializer) Unmarshal ¶ added in v0.5.0
func (s JsonSerializer) Unmarshal(data []byte, v any) error
func (JsonSerializer) Verify ¶ added in v0.8.0
func (s JsonSerializer) Verify(data []byte, verifier Verifier) (MetadataResult, []byte, bool)
Verify verifies signatures and certificate chains of JWS tokens. The verifier interface must either be a list of trusted CA certificates, or a trusted public key, or a VerifierOption, which can be using the system certificates or the embedded self-signed certificate.
type KeySelection ¶ added in v0.8.0
type KeySelection int
type Manifest ¶ added in v0.8.0
type Manifest struct {
ReferenceValues []ReferenceValue `json:"referenceValues,omitempty" cbor:"10,keyasint,omitempty"`
DevCommonName string `json:"developerCommonName,omitempty" cbor:"11,keyasint,omitempty"`
BaseLayers []string `json:"baseLayers,omitempty" cbor:"12,keyasint,omitempty"`
CertLevel int `json:"certLevel,omitempty" cbor:"13,keyasint,omitempty"`
CaFingerprints []string `json:"caFingerprints,omitempty" cbor:"14,keyasint,omitempty"`
SnpPolicy *SnpPolicy `json:"snpPolicy,omitempty" cbor:"15,keyasint,omitempty"`
TdxPolicy *TdxPolicy `json:"tdxPolicy,omitempty" cbor:"16,keyasint,omitempty"`
SgxPolicy *SgxPolicy `json:"sgxPolicy,omitempty" cbor:"17,keyasint,omitempty"`
Details map[string]interface{} `json:"details,omitempty" cbor:"18,keyasint,omitempty"`
OciSpec *oci.Spec `json:"ociSpec,omitempty" cbor:"ociSpec,omitempty"` // TODO move to app description
}
type ManifestDescription ¶ added in v0.8.0
type ManifestDescription struct {
Type string `json:"type" cbor:"0,keyasint"`
Name string `json:"name" cbor:"1,keyasint"`
Description string `json:"description,omitempty" cbor:"2,keyasint,omitempty"`
Manifest string `json:"manifest,omitempty" cbor:"3,keyasint,omitempty"`
}
ManifestDescription represents the attestation report element of type 'Manifest Description'
type MeasureEvent ¶ added in v0.7.2
type MeasureEvent struct {
Sha256 HexByte `json:"sha256,omitempty" cbor:"0,keyasint,omitempty"`
Sha384 HexByte `json:"sha384,omitempty" cbor:"1,keyasint,omitempty"`
Sha512 HexByte `json:"sha512,omitempty" cbor:"2,keyasint,omitempty"`
EventName string `json:"eventname,omitempty" cbor:"3,keyasint,omitempty"`
EventData *EventData `json:"eventdata,omitempty" cbor:"4,keyasint,omitempty"`
Description string `json:"description,omitempty" cbor:"5,keyasint,omitempty"`
CtrData *CtrData `json:"ctrData,omitempty" cbor:"6,keyasint,omitempty"`
IntelCollateral *IntelCollateral `json:"intelCollateral,omitempty" cbor:"7,keyasint,omitempty"`
}
type Measurement ¶
type Measurement struct {
Type string `json:"type" cbor:"0,keyasint"`
Evidence []byte `json:"evidence,omitempty" cbor:"1,keyasint"`
Certs [][]byte `json:"certs,omitempty" cbor:"3,keyasint"`
Signature []byte `json:"signature,omitempty" cbor:"2,keyasint,omitempty"`
Artifacts []Artifact `json:"artifacts,omitempty" cbor:"4,keyasint,omitempty"`
Claims []byte `json:"claims,omitempty" cbor:"5,keyasint,omitempty"`
}
Measurement represents the attestation report elements of type 'TPM Measurement', 'SNP Measurement', 'TDX Measurement', 'SGX Measurement', 'IAS Measurement', 'SW Measurement', 'Azure TDX Measurement', 'Azure SNP Measurement', or 'Azure vTPM Measurement'
type MeasurementResult ¶ added in v0.2.0
type MeasurementResult struct {
Type string `json:"type" cbor:"0,keyasint"`
Summary Result `json:"summary" cbor:"1,keyasint"`
Freshness Result `json:"freshness" cbor:"2,keyasint"`
Signature SignatureResult `json:"signature" cbor:"3,keyasint"`
Artifacts []DigestResult `json:"artifacts,omitempty" cbor:"4,keyasint,omitempty"`
TpmResult *TpmResult `json:"tpmResult,omitempty" cbor:"5,keyasint,omitempty"`
SnpResult *SnpResult `json:"snpResult,omitempty" cbor:"6,keyasint,omitempty"`
SgxResult *SgxResult `json:"sgxResult,omitempty" cbor:"7,keyasint,omitempty"`
TdxResult *TdxResult `json:"tdxResult,omitempty" cbor:"8,keyasint,omitempty"`
}
type MetaInfo ¶ added in v0.6.0
type MetaInfo struct {
Type string `json:"type" cbor:"0,keyasint"`
Name string `json:"name" cbor:"1,keyasint"`
Version string `json:"version" cbor:"2,keyasint"`
Validity Validity `json:"validity" cbor:"3,keyasint"`
Description string `json:"description,omitempty" cbor:"4,keyasint,omitempty"`
}
MetaInfo is a helper struct for generic info present in every metadata object
type Metadata ¶ added in v0.6.0
type Metadata struct {
MetaInfo
Manifest
ImageDescription
}
Metadata represents attestation report elements of type 'Manifest' 'Image Description', 'Manifest Description' and 'Company Description'
type MetadataDigest ¶ added in v0.8.0
type MetadataDigest struct {
Type string `json:"type" cbor:"0,keyasint"`
Digest HexByte `json:"digest" cbor:"1,keyasint"`
}
MetadataDigest represents attestation report metadata elements
type MetadataResult ¶ added in v0.6.0
type MetadataResult struct {
Metadata
Summary Result `json:"summary" cbor:"40,keyasint"`
ValidityCheck Result `json:"validityCheck,omitempty" cbor:"41,keyasint,omitempty"`
SignatureCheck []SignatureResult `json:"signatureValidation" cbor:"42,keyasint,omitempty"`
}
type MetadataSummary ¶ added in v0.8.0
type MetadataSummary struct {
ImageDescriptionResult MetadataResult `json:"imageDescriptionResult" cbor:"0,keyasint"`
ManifestResults []MetadataResult `json:"manifestResults" cbor:"1,keyasint"`
CompanyDescriptionResult *MetadataResult `json:"companyDescriptionResult,omitempty" cbor:"2,keyasint,omitempty"`
UnknownResults []MetadataResult `json:"unknownResults,omitempty" cbor:"3,keyasint"`
CompatibilityResult CompatibilityResult `json:"compatibilityResult" cbor:"4,keyasint"`
}
type PCClientTaggedEvent ¶ added in v0.6.0
type PCClientTaggedEvent struct {
TaggedEventID string `json:"taggedeventid" cbor:"0,keyasint"`
// Omit TaggedEventDataSize uint32
TaggedEventData string `json:"taggedeventdata" cbor:"0,keyasint"`
}
TCG PC Client Platform Firmware Profile Specification 10.4.2 TCG_PCClientTaggedEvent
type PkixExtension ¶ added in v0.6.0
type PkixExtension struct {
Id string `json:"id" cbor:"0,keyasint"`
Critical bool `json:"critical" cbor:"1,keyasint"`
Value []byte `json:"value" cbor:"2,keyasint"`
}
PkixExtension represents extensions of a x509 certificate.
type PolicyCheck ¶ added in v0.4.0
type PolicyCheck struct {
Summary Result `json:"result" cbor:"0,keyasint"`
Abi VersionCheck `json:"abi" cbor:"1,keyasint"`
Smt BooleanMatch `json:"smt" cbor:"2,keyasint"`
Migration BooleanMatch `json:"migration" cbor:"3,keyasint"`
Debug BooleanMatch `json:"debug" cbor:"4,keyasint"`
SingleSocket BooleanMatch `json:"singleSocket" cbor:"5,keyasint"`
}
type Provisioner ¶ added in v0.9.5
type Provisioner interface {
CaCerts() ([]*x509.Certificate, error)
SimpleEnroll(csr *x509.CertificateRequest) (*x509.Certificate, error)
TpmActivateEnroll(
tpmManufacturer, ekCertUrl string,
tpmMajor, tpmMinor int,
csr *x509.CertificateRequest,
akParams attest.AttestationParameters,
ekPublic, ekCertDer []byte,
) ([]byte, []byte, []byte, error)
TpmCertifyEnroll(
csr *x509.CertificateRequest,
ikParams attest.CertificationParameters,
akPublic []byte,
report []byte,
metadata [][]byte,
) (*x509.Certificate, error)
CcEnroll(csr *x509.CertificateRequest, report []byte, metadata [][]byte) (*x509.Certificate, error)
GetSnpCa(codeName string, akType internal.AkType) ([]*x509.Certificate, error)
GetSnpVcek(codeName string, chipId [64]byte, tcb uint64) (*x509.Certificate, error)
}
type QeReportResult ¶ added in v0.8.3
type QeReportResult struct {
Summary Result `json:"summary" cbor:"0,keyasint"`
MrSigner Result `json:"mrsigner" cbor:"1,keyasint"`
IsvProdId Result `json:"isvProdId" cbor:"2,keyasint"`
MiscSelect Result `json:"miscSelect" cbor:"3,keyasint"`
Attributes Result `json:"attributes" cbor:"4,keyasint"`
TcbLevelStatus string `json:"status" cbor:"5,keyasint"`
TcbLevelDate string `json:"date" cbor:"6,keyasint"`
}
type ReferenceValue ¶ added in v0.5.0
type ReferenceValue struct {
Type string `json:"type" cbor:"0,keyasint"`
SubType string `json:"subtype" cbor:"1,keyasint,omitempty"`
Index int `json:"index" cbor:"2,keyasint"`
Sha256 HexByte `json:"sha256,omitempty" cbor:"3,keyasint,omitempty"`
Sha384 HexByte `json:"sha384,omitempty" cbor:"4,keyasint,omitempty"`
Sha512 HexByte `json:"sha512,omitempty" cbor:"5,keyasint,omitempty"`
Optional bool `json:"optional,omitempty" cbor:"6,keyasint,omitempty"`
Description string `json:"description,omitempty" cbor:"7,keyasint,omitempty"`
EventData *EventData `json:"eventdata,omitempty" cbor:"8,keyasint,omitempty"`
// contains filtered or unexported fields
}
ReferenceValue represents the attestation report element of types 'SNP Reference Value', 'TPM Reference Value', 'TDX Reference Value', 'SGX Reference Value' and 'SW Reference Value'. The Index is the unique identifier for the reference value: This is the number of the PCR in case of TPM reference values, the CC measurement register (MR) index according to UEFI Spec 2.10 Section 38.4.1 in case of TDX reference values: TPM PCR Index | CC MR Index | TDX register 0 | 0 | MRTD 1, 7 | 1 | RTMR0 2~6 | 2 | RTMR1 8~15 | 3 | RTMR2 - | 4 | RTMR3 - | 5 | MRSEAM (not in UEFI spec)
func (*ReferenceValue) GetManifest ¶ added in v0.8.0
func (r *ReferenceValue) GetManifest() (*Metadata, error)
func (*ReferenceValue) SetManifest ¶ added in v0.8.0
func (r *ReferenceValue) SetManifest(m *Metadata)
type Result ¶ added in v0.2.0
type Result struct {
Status Status `json:"status"`
Got string `json:"got,omitempty" cbor:"0,keyasint,omitempty"`
Expected string `json:"expected,omitempty" cbor:"1,keyasint,omitempty"`
ExpectedOneOf []string `json:"expectedOneOf,omitempty" cbor:"2,keyasint,omitempty"`
ExpectedBetween []string `json:"expectedBetween,omitempty" cbor:"3,keyasint,omitempty"`
ErrorCodes []ErrorCode `json:"errorCodes,omitempty" cbor:"4,keyasint,omitempty"`
Details string `json:"details,omitempty" cbor:"5,keyasint,omitempty"`
}
Result is a generic struct do display if a verification of a measured/provided data structure against a reference data structure was successful
type RtMrHashChainElem ¶ added in v0.6.0
type RtMrHashChainElem struct {
Type string `json:"type" cbor:"0,keyasint"`
Name string `json:"name" cbor:"1,keyasint"`
Hashes []HexByte `json:"Hashes" cbor:"2,keyasint"`
Summary bool `json:"summary" cbor:"3,keyasint"` // Indicates if element represents final RMTR value or single artifact
}
RtMrHashChainElem represents the attestation report element of type 'HashChain' embedded in 'TDXDetails'
type SGXAttributes ¶ added in v0.6.0
type SGXAttributes struct {
Initted bool `json:"initted" cbor:"0,keyasint"`
Debug bool `json:"debug" cbor:"1,keyasint"`
Mode64Bit bool `json:"mode64Bit" cbor:"2,keyasint"`
ProvisionKey bool `json:"provisionKey" cbor:"3,keyasint"`
EInitToken bool `json:"eInitToken" cbor:"4,keyasint"`
Kss bool `json:"kss" cbor:"5,keyasint"`
Legacy bool `json:"legacy" cbor:"6,keyasint"`
Avx bool `json:"avx" cbor:"7,keyasint"`
}
SGX attributes according to https://download.01.org/intel-sgx/latest/linux-latest/docs/Intel_SGX_Developer_Reference_Linux_2.22_Open_Source.pdf (page 414)
type Serializer ¶ added in v0.5.0
type Serializer interface {
GetPayload(raw []byte) ([]byte, error)
Marshal(v any) ([]byte, error)
Unmarshal(data []byte, v any) error
Sign(data []byte, driver Driver, sel KeySelection) ([]byte, error)
Verify(data []byte, verifier Verifier) (MetadataResult, []byte, bool)
String() string
}
Serializer is a generic interface providing methods for data serialization and de-serialization. This enables to generate and verify attestation reports in different formats, such as JSON/JWS or CBOR/COSE
func DetectSerialization ¶ added in v0.8.0
func DetectSerialization(payload []byte) (Serializer, error)
type SgxAttributesCheck ¶ added in v0.6.0
type SgxAttributesCheck struct {
Initted BooleanMatch `json:"initted" cbor:"0,keyasint"`
Debug BooleanMatch `json:"debug" cbor:"1,keyasint"`
Mode64Bit BooleanMatch `json:"mode64Bit" cbor:"2,keyasint"`
ProvisionKey BooleanMatch `json:"provisionKey" cbor:"3,keyasint"`
EInitToken BooleanMatch `json:"eInitToken" cbor:"4,keyasint"`
Kss BooleanMatch `json:"kss" cbor:"5,keyasint"`
Legacy BooleanMatch `json:"legacy" cbor:"6,keyasint"`
Avx BooleanMatch `json:"avx" cbor:"7,keyasint"`
}
type SgxPolicy ¶ added in v0.8.3
type SgxPolicy struct {
QuoteVersion uint16 `json:"quoteVersion" cbor:"0,keyasint"`
IsvProdId uint16 `json:"isvProdId" cbor:"3,keyasint"`
MrSigner string `json:"mrSigner" cbor:"4,keyasint"`
IsvSvn uint16 `json:"isvSvn" cbor:"5,keyasint"`
Attributes SGXAttributes `json:"attributes" cbor:"6,keyasint"`
AcceptedTcbStatuses []string `json:"acceptedTcbStatuses,omitempty" cbor:"7,keyasint"`
}
type SgxResult ¶ added in v0.6.0
type SgxResult struct {
VersionMatch Result `json:"quoteVersionMatch" cbor:"0,keyasint"`
TcbInfoCheck TcbInfoResult `json:"tcbInfoCheck" cbor:"1,keyasint"`
QeReportCheck QeReportResult `json:"qeReportCheck" cbor:"2,keyasint"`
SgxAttributesCheck SgxAttributesCheck `json:"sgxAttributesCheck" cbor:"3,keyasint"`
}
type SignConfig ¶ added in v0.8.0
type SignConfig struct {
UseAk bool // Use the AK instead of the IK for signing
}
SignConfig allows to specify options for signing with the specified serializer
type SignatureDatabase ¶ added in v0.6.0
type SignatureDatabase struct {
SignatureTypeGUID string `json:"efisignaturelistguid,omitempty" cbor:"0,keyasint,omitempty"`
SignatureHeader HexByte `json:"signatureheader,omitempty" cbor:"1,keyasint,omitempty"`
//only one of the following per SignatureDataBase
Certificates []UEFICertificate `json:"ueficertificates,omitempty" cbor:"2,keyasint,omitempty"`
Sha256Hash []Hash `json:"sha256hashes,omitempty" cbor:"3,keyasint,omitempty"`
}
type SignatureResult ¶ added in v0.2.0
type SignatureResult struct {
SignCheck Result `json:"signatureVerification" cbor:"0,keyasint"`
CertChainCheck Result `json:"certChainValidation" cbor:"1,keyasint"`
Certs [][]X509CertExtracted `json:"certs,omitempty" cbor:"2,keyasint"`
}
SignatureResult shows the result of the signature check, the certificate chain check and includes all certificates present in the metadata item. If the certificate chain check was successful, Certs is always a valid chain. If not, certs contains the collected certificates present in the metadata item
func (*SignatureResult) PrintErr ¶ added in v0.6.0
func (r *SignatureResult) PrintErr(format string, args ...interface{})
type SnpGuestPolicy ¶ added in v0.8.3
type SnpGuestPolicy struct {
Type string `json:"type" cbor:"0,keyasint"`
SingleSocket bool `json:"singleSocket" cbor:"1,keyasint"`
Debug bool `json:"debug" cbor:"2,keyasint"`
Migration bool `json:"migration" cbor:"3,keyasint"`
Smt bool `json:"smt" cbor:"4,keyasint"`
AbiMajor uint8 `json:"abiMajor" cbor:"5,keyasint"`
AbiMinor uint8 `json:"abiMinor" cbor:"6,keyasint"`
}
type SnpPolicy ¶ added in v0.4.0
type SnpPolicy struct {
ReportMinVersion uint32 `json:"reportMinVersion" cbor:"0,keyasint"`
ReportMaxVersion uint32 `json:"reportMaxVersion" cbor:"1,keyasint"`
GuestPolicy SnpGuestPolicy `json:"policy" cbor:"2,keyasint"`
VersionPolicy []SnpVersion `json:"versions" cbor:"3,keyasint"`
}
type SnpResult ¶ added in v0.6.0
type SnpResult struct {
VersionMatch Result `json:"reportVersionMatch" cbor:"0,keyasint"`
FwCheck VersionCheck `json:"fwCheck" cbor:"1,keyasint"`
TcbCheck TcbCheck `json:"tcbCheck" cbor:"2,keyasint"`
PolicyCheck PolicyCheck `json:"policyCheck" cbor:"3,keyasint"`
ExtensionsCheck []Result `json:"extensionsCheck" cbor:"4,keyasint"`
}
type SnpTcb ¶ added in v0.4.0
type SnpVersion ¶ added in v0.9.5
type SwEvidence ¶ added in v0.8.0
type SwEvidence struct {
Nonce []byte `json:"nonce" cbor:"0,keyasint"`
Sha256 []byte `json:"sha256,omitempty" cbor:"1,keyasint,omitempty"`
}
SwEvidence represents the CMC's own format for software-based container measurement evidences
type TDAttributes ¶ added in v0.6.0
type TDAttributes struct {
Debug bool `json:"debug" cbor:"0,keyasint"`
SeptVEDisable bool `json:"septVEDisable" cbor:"1,keyasint"`
Pks bool `json:"pks" cbor:"2,keyasint"`
Kl bool `json:"kl" cbor:"3,keyasint"`
}
Structure of the security relevant attributes for a TD (Bits 0 - 31 of attributes array in quote) according to https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf (page 40)
type TcbCheck ¶ added in v0.4.0
type TcbCheck struct {
Summary Result `json:"result" cbor:"0,keyasint"`
Fmc VersionCheck `json:"fmc" cbor:"5,keyasint"`
Bl VersionCheck `json:"bl" cbor:"1,keyasint"`
Tee VersionCheck `json:"tee" cbor:"2,keyasint"`
Snp VersionCheck `json:"snp" cbor:"3,keyasint"`
Ucode VersionCheck `json:"ucode" cbor:"4,keyasint"`
}
type TcbInfoResult ¶ added in v0.8.3
type TcbInfoResult struct {
Summary Result `json:"summary" cbor:"0,keyasint"`
Id Result `json:"id" cbor:"1,keyasint"`
Version Result `json:"version" cbor:"2,keyasint"`
TcbLevel TcbLevelResult `json:"tcbLevelResult" cbor:"3,keyasint"`
}
type TcbLevelResult ¶ added in v0.6.0
type TdAttributesCheck ¶ added in v0.6.0
type TdAttributesCheck struct {
Debug BooleanMatch `json:"debug" cbor:"0,keyasint"`
SeptVEDisable BooleanMatch `json:"septVEDisable" cbor:"1,keyasint"`
Pks BooleanMatch `json:"pks" cbor:"2,keyasint"`
Kl BooleanMatch `json:"kl" cbor:"3,keyasint"`
}
type TdxPolicy ¶ added in v0.8.3
type TdxPolicy struct {
QuoteVersion uint16 `json:"quoteVersion" cbor:"0,keyasint"`
TdId TDId `json:"tdId" cbor:"3,keyasint"`
Xfam HexByte `json:"xfam" cbor:"5,keyasint"`
TdAttributes TDAttributes `json:"tdAttributes" cbor:"6,keyasint"`
AcceptedTcbStatuses []string `json:"acceptedTcbStatuses,omitempty" cbor:"7,keyasint"`
}
type TdxResult ¶ added in v0.6.0
type TdxResult struct {
VersionMatch Result `json:"quoteVersionMatch" cbor:"0,keyasint"`
TcbInfoCheck TcbInfoResult `json:"tcbInfoCheck" cbor:"1,keyasint"`
QeReportCheck QeReportResult `json:"qeReportCheck" cbor:"2,keyasint"`
TdAttributesCheck TdAttributesCheck `json:"tdAttributesCheck" cbor:"3,keyasint"`
SeamAttributesCheck Result `json:"seamAttributesCheck" cbor:"4,keyasint"`
XfamCheck Result `json:"xfamCheck" cbor:"5,keyasint"`
MrMatch []DigestResult `json:"mrMatch" cbor:"6,keyasint"`
}
type TpmResult ¶ added in v0.6.0
type TpmResult struct {
PcrMatch []DigestResult `json:"pcrMatch" cbor:"0,keyasint"`
AggPcrQuoteMatch Result `json:"aggPcrQuoteMatch" cbor:"1,keyasint"`
}
type UEFICertificate ¶ added in v0.6.0
type UEFICertificate struct {
SignatureOwnerGUID string `json:"signatureownerguid" cbor:"0,keyasint"`
Certificates X509CertExtracted `json:"certificates" cbor:"1,keyasint"`
}
type UefiConfigurationTable ¶ added in v0.6.0
type UefiConfigurationTable struct {
EFIGuid string `json:"guid" cbor:"0,keyasint"`
VendorTable address `json:"tableaddress" cbor:"1,keyasint"`
}
type UefiHandoffTablePointer ¶ added in v0.6.0
type UefiHandoffTablePointer struct {
// NumberOfTables uint64
TableEntry []UefiConfigurationTable `json:"ueficonfigurationtable" cbor:"0,keyasint"`
}
type UefiPlatformFirmwareBlob ¶ added in v0.6.0
type UefiVariableData ¶ added in v0.6.0
type UefiVariableData struct {
VariableNameGUID string `json:"variablenameguid,omitempty" cbor:"0,keyasint,omitempty"`
UnicodeName string `json:"unicodename,omitempty" cbor:"1,keyasint,omitempty"`
//can be one of the following
Signaturedb []SignatureDatabase `json:"signaturedb,omitempty" cbor:"2,keyasint,omitempty"`
BootOrder []uint16 `json:"bootorder,omitempty" cbor:"3,keyasint,omitempty"`
BootNext uint16 `json:"bootnext,omitempty" cbor:"4,keyasint,omitempty"`
BootCurrent uint16 `json:"bootcurrent,omitempty" cbor:"5,keyasint,omitempty"`
BootOptionSupport uint32 `json:"bootoptionsupport,omitempty" cbor:"6,keyasint,omitempty"`
EFILoadOption *EFILoadOption `json:"efiloadoption,omitempty" cbor:"7,keyasint,omitempty"`
DriverOrder []uint16 `json:"driverorder,omitempty" cbor:"8,keyasint,omitempty"`
//genericData
StringContent string `json:"stringcontent,omitempty" cbor:"9,keyasint,omitempty"`
VariableData HexByte `json:"variabledata,omitempty" cbor:"10,keyasint,omitempty"`
// DevicePath *FilePathList `json:"devicepath,omitempty" cbor:"10,keyasint,omitempty"`
GUIDArray []string `json:"guidarray,omitempty" cbor:"11,keyasint,omitempty"`
}
type Validity ¶
type Validity struct {
NotBefore string `json:"notBefore" cbor:"0,keyasint"`
NotAfter string `json:"notAfter" cbor:"1,keyasint"`
}
Validity is a helper struct for 'Validity'
type VerificationResult ¶
type VerificationResult struct {
Version string `json:"version" cbor:"0,keyasint"`
Type string `json:"type" cbor:"1,keyasint"`
Summary Result `json:"summary" cbor:"2,keyasint"`
Prover string `json:"prover,omitempty" cbor:"4,keyasint,omitempty"`
Created string `json:"created,omitempty" cbor:"5,keyasint,omitempty"`
CertLevel int `json:"certLevel" cbor:"6,keyasint"`
Measurements []MeasurementResult `json:"measurements" cbor:"7,keyasint"`
Metadata MetadataSummary `json:"metadata" cbor:"8,keyasint"`
ReportSignature []SignatureResult `json:"reportSignatureCheck" cbor:"10,keyasint"`
}
VerificationResult represents the results of all steps taken during the validation of an attestation report.
func (*VerificationResult) Fail ¶ added in v0.9.1
func (r *VerificationResult) Fail(code ErrorCode, errs ...error)
func (*VerificationResult) PrintErr ¶ added in v0.6.0
func (r *VerificationResult) PrintErr()
func (*VerificationResult) Warn ¶ added in v0.9.1
func (r *VerificationResult) Warn(code ErrorCode, errs ...error)
type Verifier ¶ added in v0.9.1
type Verifier interface{}
Verifier can either be a list of trusted CA certificates, or a trusted public key, or nil. In this case, the system cert store is used
type VersionCheck ¶ added in v0.4.0
type X509CertExtracted ¶ added in v0.6.0
type X509CertExtracted struct {
Version int `json:"version" cbor:"0,keyasint"`
SerialNumber string `json:"serialNumber" cbor:"1,keyasint"`
Issuer X509Name `json:"issuer" cbor:"2,keyasint"`
Subject X509Name `json:"subject" cbor:"3,keyasint"`
Validity Validity `json:"validity" cbor:"4,keyasint"`
KeyUsage []string `json:"keyUsage" cbor:"5,keyasint"`
SignatureAlgorithm string `json:"signatureAlgorithm" cbor:"6,keyasint"`
PublicKeyAlgorithm string `json:"publicKeyAlgorithm" cbor:"7,keyasint"`
PublicKey string `json:"publicKey" cbor:"8,keyasint"`
// Extensions contains raw X.509 extensions extracted during parsing.
Extensions []PkixExtension `json:"pkixExtensions" cbor:"9,keyasint"`
ExtKeyUsage []string `json:"extKeyUsage,omitempty" cbor:"10,keyasint,omitempty"`
UnknownExtKeyUsage []string `json:"unknownExtKeyUsage,omitempty" cbor:"11,keyasint,omitempty"`
BasicConstraintsValid bool `json:"basicConstraintsValid" cbor:"12,keyasint"`
IsCA bool `json:"isCA,omitempty" cbor:"13,keyasint"`
// MaxPathLen and MaxPathLenZero indicate the presence and
// value of the BasicConstraints' "pathLenConstraint".
//
// A positive non-zero MaxPathLen means that the field was specified,
// -1 means it was unset, and MaxPathLenZero being true means that the field was
// explicitly set to zero. The case of MaxPathLen==0 with MaxPathLenZero==false
// should be treated equivalent to -1 (unset).
MaxPathLen int `json:"maxPathLen,omitempty" cbor:"14,keyasint,omitempty"`
// MaxPathLenZero indicates that BasicConstraintsValid==true
// and MaxPathLen==0 should be interpreted as an actual
// maximum path length of zero. Otherwise, that combination is
// interpreted as MaxPathLen not being set.
MaxPathLenZero bool `json:"maxPathLenZero,omitempty" cbor:"15,keyasint,omitempty"`
SubjectKeyId HexByte `json:"subjectKeyId"`
AuthorityKeyId HexByte `json:"authorityKeyId,omitempty" cbor:"16,keyasint,omitempty"`
// Subject Alternate Name values.
DNSNames []string `json:"dnsNames,omitempty" cbor:"17,keyasint,omitempty"`
EmailAddresses []string `json:"emailAddresses,omitempty" cbor:"18,keyasint,omitempty"`
IPAddresses []string `json:"ipAddresses,omitempty" cbor:"19,keyasint,omitempty"`
URIs []string `json:"uris,omitempty" cbor:"20,keyasint,omitempty"`
}
X509CertExtracted represents a x509 certificate with attributes in a human-readable way and prepared for (un)marshaling JSON objects. It is based on the type Certificate from the crypto/x509 package.
func ExtractX509Infos ¶ added in v0.6.0
func ExtractX509Infos(cert *x509.Certificate) X509CertExtracted
ExtractX509Infos extracts relevant attributes from cert and transform some attribute into a more human-readable form by translating enums to a string representations.
type X509Name ¶ added in v0.6.0
type X509Name struct {
Country []string `json:"country,omitempty" cbor:"0,keyasint,omitempty"`
Organization []string `json:"organization,omitempty" cbor:"1,keyasint,omitempty"`
OrganizationalUnit []string `json:"organizationalUnit,omitempty" cbor:"2,keyasint,omitempty"`
Locality []string `json:"locality,omitempty" cbor:"3,keyasint,omitempty"`
Province []string `json:"province,omitempty" cbor:"4,keyasint,omitempty"`
StreetAddress []string `json:"streetAddress,omitempty" cbor:"5,keyasint,omitempty"`
PostalCode []string `json:"postalCode,omitempty" cbor:"6,keyasint,omitempty"`
SerialNumber string `json:"serialNumber,omitempty" cbor:"7,keyasint,omitempty"`
CommonName string `json:"commonName,omitempty" cbor:"8,keyasint,omitempty"`
}
X509Name represents an X.509 distinguished name. This only includes the common elements of a DN. Note that the structure is not a complete representation of the X.509 structure.
Source Files
Click to show internal directories.
Click to hide internal directories.