README
¶
Intel Project Amber Go TDX Adapter
This is the beta version of Go TDX Adapter for collecting Quote from TDX enabled platform.
This library leverages Intel SGX DCAP for Quote generation: https://github.com/arvind5/SGXDataCenterAttestationPrimitives
Go Requirement
Use go1.19 or newer. Follow https://go.dev/doc/install for installation of Go.
Unit Tests
To run the tests, run cd go-tdx && go test ./... --tags=test
See the example test in go-tdx/crypto_test.go for an example of a test.
Usage
Create a new Go TDX adapter, then use the adapter to collect quote from TDX enabled platform.
import "github.com/arvind5/amber-client/go-tdx"
evLogParser := tdx.NewEventLogParser()
adapter, err := tdx.NewEvidenceAdapter(tdHeldData, evLogParser)
if err != nil {
return err
}
evidence, err := adapter.CollectEvidence(nonce)
if err != nil {
return err
}
To generate a RSA keypair
km := &tdx.KeyMetadata{
KeyLength: 3072,
}
privateKeyPem, publicKeyPem, err := tdx.GenerateKeyPair(km)
if err != nil {
fmt.Printf("Something bad happened: %s\n\n", err)
return err
}
To decrypt an encrypted blob
em := &tdx.EncryptionMetadata{
PrivateKeyLocation: privateKeyPath,
HashAlgorithm: "SHA256",
}
decryptedData, err := tdx.Decrypt(encryptedData, em)
if err != nil {
fmt.Printf("Something bad happened: %s\n\n", err)
return err
}
To collect event log from TD
evLogParser := tdx.NewEventLogParser()
eventLog, err := evLogParser.GetEventLogs()
if err != nil {
return err
}
License
This library is distributed under the BSD-style license found in the LICENSE file.
Documentation
¶
Overview ¶
* Copyright (c) 2022 Intel Corporation * All rights reserved. * SPDX-License-Identifier: BSD-3-Clause
* Copyright (c) 2022 Intel Corporation * All rights reserved. * SPDX-License-Identifier: BSD-3-Clause
* Copyright (c) 2022 Intel Corporation * All rights reserved. * SPDX-License-Identifier: BSD-3-Clause
* Copyright (c) 2022 Intel Corporation * All rights reserved. * SPDX-License-Identifier: BSD-3-Clause
* Copyright (c) 2022 Intel Corporation * All rights reserved. * SPDX-License-Identifier: BSD-3-Clause
* Copyright (c) 2022 Intel Corporation * All rights reserved. * SPDX-License-Identifier: BSD-3-Clause
* Copyright (c) 2022 Intel Corporation * All rights reserved. * SPDX-License-Identifier: BSD-3-Clause
* Copyright (c) 2023 Intel Corporation * All rights reserved. * SPDX-License-Identifier: BSD-3-Clause
Index ¶
- Constants
- func Decrypt(encryptedData []byte, em *EncryptionMetadata) ([]byte, error)
- func GenerateKeyPair(km *KeyMetadata) ([]byte, []byte, error)
- func NewEvidenceAdapter(udata []byte, evLogParser EventLogParser) (client.EvidenceAdapter, error)
- func ZeroizeBigInt(bigInt *big.Int)
- func ZeroizeByteArray(bytes []byte)
- func ZeroizeRSAPrivateKey(privateKey *rsa.PrivateKey)
- type EncryptionMetadata
- type EventLogParser
- type KeyMetadata
- type RtmrData
- type RtmrEvent
- type RtmrEventLog
Constants ¶
const ( CcelFileLength = 56 CcelSignature = "CCEL" AcpiTablePath = "/sys/firmware/acpi/tables/" AcpiTableDataPath = "/sys/firmware/acpi/tables/data/" CcelPath = AcpiTablePath + CcelSignature CcelDataPath = AcpiTableDataPath + CcelSignature )
const ( Uint8Size = 1 Uint16Size = 2 Uint32Size = 4 Uint64Size = 8 ExtDataElementOffset = 92 // Uefi Event Info UefiBaseOffset = 48 UefiSizeOffset = 40 // Event types Event80000001 = 0x80000001 Event80000002 = 0x80000002 Event80000007 = 0x80000007 Event8000000A = 0x8000000A Event8000000B = 0x8000000B Event8000000C = 0x8000000C Event80000010 = 0x80000010 Event800000E0 = 0x800000E0 Event00000007 = 0x00000007 Event00000001 = 0x00000001 Event00000003 = 0x00000003 Event00000005 = 0x00000005 Event0000000A = 0x0000000A Event0000000C = 0x0000000C Event00000012 = 0x00000012 Event00000010 = 0x00000010 Event00000011 = 0x00000011 EV_IPL = 0x0000000D // SHA Types SHA256 = "SHA256" SHA384 = "SHA384" SHA512 = "SHA512" SM3_256 = "SM3_256" // Algorithm Types AlgSHA256 = 0xb AlgSHA384 = 0xc AlgSHA512 = 0xd AlgSM3_256 = 0x12 NullUnicodePoint = "\u0000" )
Variables ¶
This section is empty.
Functions ¶
func Decrypt ¶
func Decrypt(encryptedData []byte, em *EncryptionMetadata) ([]byte, error)
Decrypt is used to decryt the encrypted data based on provided encryption metadata
func GenerateKeyPair ¶
func GenerateKeyPair(km *KeyMetadata) ([]byte, []byte, error)
GenerateKeyPair is used to create the private key based on provided key metadata
func NewEvidenceAdapter ¶
func NewEvidenceAdapter(udata []byte, evLogParser EventLogParser) (client.EvidenceAdapter, error)
NewEvidenceAdapter returns a new TDX Adapter instance
func ZeroizeBigInt ¶
ZeroizeBigInt replaces the big integer's byte array with zeroes. This function will panic if the bigInt parameter is nil.
func ZeroizeByteArray ¶
func ZeroizeByteArray(bytes []byte)
ZeroizeByteArray overwrites a byte array's data with zeros
func ZeroizeRSAPrivateKey ¶
func ZeroizeRSAPrivateKey(privateKey *rsa.PrivateKey)
ZeroizeRSAPrivateKey clears the private key's "D" and "Primes" (big int) values. This function will panic if the privateKey parameter is nil.
Types ¶
type EncryptionMetadata ¶
EncryptionMetadata holds information around encryption mechanism, e.g., hash algorithm and key used for encryption
type EventLogParser ¶
type EventLogParser interface {
GetEventLogs() ([]RtmrEventLog, error)
}
EventLogParser - Public interface for collecting eventlog data
func NewEventLogParser ¶
func NewEventLogParser() EventLogParser
NewEventLogParser returns an instance of EventLogParser
type KeyMetadata ¶
type KeyMetadata struct {
KeyLength int
}
KeyMetadata holds information around key creation, e.g., key length
type RtmrEvent ¶
type RtmrEvent struct {
TypeID string `json:"type_id"`
TypeName string `json:"type_name,omitempty"`
Tags []string `json:"tags,omitempty"`
Measurement string `json:"measurement"`
}
RtmrEvent structure is used to hold RTMR Event Info
type RtmrEventLog ¶
type RtmrEventLog struct {
Rtmr RtmrData `json:"rtmr"`
RtmrEvents []RtmrEvent `json:"rtmr_events"`
}
RtmrEventLog structure is used to hold complete event log info
Source Files