README
¶
Intel® Trust Authority Go TDX Adapter
Go module for collecting TDX Quote from TDX enabled platform.
This library leverages Intel SGX DCAP for Quote generation: https://github.com/intel/SGXDataCenterAttestationPrimitives
Go Requirement
Use go1.19 or newer. Follow https://go.dev/doc/install for installation of Go.
Unit Tests
To run the tests, run cd go-tdx && go test ./... --tags=test
See the example test in go-tdx/crypto_test.go for an example of a test.
Usage
Create a new TDX adapter, then use the adapter to collect quote from TDX enabled platform. Optionally collect the eventlog as well for a TD by passing an eventlog parser in second argument.
import "github.com/jerryrhyu/trustauthority-client/go-tdx"
adapter, err := tdx.NewEvidenceAdapter(tdHeldData, nil)
if err != nil {
return err
}
evidence, err := adapter.CollectEvidence(nonce)
if err != nil {
return err
}
To generate RSA keypair
km := &tdx.KeyMetadata{
KeyLength: 3072,
}
privateKeyPem, publicKeyPem, err := tdx.GenerateKeyPair(km)
if err != nil {
fmt.Printf("Something bad happened: %s\n\n", err)
return err
}
To decrypt an encrypted blob
em := &tdx.EncryptionMetadata{
PrivateKeyLocation: privateKeyPath,
HashAlgorithm: "SHA256",
}
decryptedData, err := tdx.Decrypt(encryptedData, em)
if err != nil {
fmt.Printf("Something bad happened: %s\n\n", err)
return err
}
To collect event log from TD
Note that the TD should have exposed ACPI table for eventlog collection.
evLogParser := tdx.NewEventLogParser()
eventLog, err := evLogParser.GetEventLogs()
if err != nil {
return err
}
License
This source is distributed under the BSD-style license found in the LICENSE file.
Documentation
¶
Overview ¶
* Copyright (c) 2022 Intel Corporation * All rights reserved. * SPDX-License-Identifier: BSD-3-Clause
* Copyright (c) 2022 Intel Corporation * All rights reserved. * SPDX-License-Identifier: BSD-3-Clause
* Copyright (c) 2022 Intel Corporation * All rights reserved. * SPDX-License-Identifier: BSD-3-Clause
* Copyright (c) 2022 Intel Corporation * All rights reserved. * SPDX-License-Identifier: BSD-3-Clause
* Copyright (c) 2022 Intel Corporation * All rights reserved. * SPDX-License-Identifier: BSD-3-Clause
* Copyright (c) 2022 Intel Corporation * All rights reserved. * SPDX-License-Identifier: BSD-3-Clause
* Copyright (c) 2022 Intel Corporation * All rights reserved. * SPDX-License-Identifier: BSD-3-Clause
* Copyright (c) 2023 Intel Corporation * All rights reserved. * SPDX-License-Identifier: BSD-3-Clause
Index ¶
- Constants
- func Decrypt(encryptedData []byte, em *EncryptionMetadata) ([]byte, error)
- func GenerateKeyPair(km *KeyMetadata) ([]byte, []byte, error)
- func NewEvidenceAdapter(udata []byte, evLogParser EventLogParser) (connector.EvidenceAdapter, error)
- func ZeroizeBigInt(bigInt *big.Int)
- func ZeroizeByteArray(bytes []byte)
- func ZeroizeRSAPrivateKey(privateKey *rsa.PrivateKey)
- type EncryptionMetadata
- type EventLogParser
- type KeyMetadata
- type RtmrData
- type RtmrEvent
- type RtmrEventLog
Constants ¶
const ( CcelFileLength = 56 CcelSignature = "CCEL" AcpiTablePath = "/sys/firmware/acpi/tables/" AcpiTableDataPath = "/sys/firmware/acpi/tables/data/" CcelPath = AcpiTablePath + CcelSignature CcelDataPath = AcpiTableDataPath + CcelSignature )
const ( Uint8Size = 1 Uint16Size = 2 Uint32Size = 4 Uint64Size = 8 ExtDataElementOffset = 92 // Uefi Event Info UefiBaseOffset = 48 UefiSizeOffset = 40 // Event types Event80000001 = 0x80000001 Event80000002 = 0x80000002 Event80000007 = 0x80000007 Event8000000A = 0x8000000A Event8000000B = 0x8000000B Event8000000C = 0x8000000C Event80000010 = 0x80000010 Event800000E0 = 0x800000E0 Event00000007 = 0x00000007 Event00000001 = 0x00000001 Event00000003 = 0x00000003 Event00000005 = 0x00000005 Event0000000A = 0x0000000A Event0000000C = 0x0000000C Event00000012 = 0x00000012 Event00000010 = 0x00000010 Event00000011 = 0x00000011 EV_IPL = 0x0000000D // SHA Types SHA256 = "SHA256" SHA384 = "SHA384" SHA512 = "SHA512" SM3_256 = "SM3_256" // Algorithm Types AlgSHA256 = 0xb AlgSHA384 = 0xc AlgSHA512 = 0xd AlgSM3_256 = 0x12 NullUnicodePoint = "\u0000" )
Variables ¶
This section is empty.
Functions ¶
func Decrypt ¶
func Decrypt(encryptedData []byte, em *EncryptionMetadata) ([]byte, error)
Decrypt is used to decryt the encrypted data based on provided encryption metadata
func GenerateKeyPair ¶
func GenerateKeyPair(km *KeyMetadata) ([]byte, []byte, error)
GenerateKeyPair is used to create the private key based on provided key metadata
func NewEvidenceAdapter ¶
func NewEvidenceAdapter(udata []byte, evLogParser EventLogParser) (connector.EvidenceAdapter, error)
NewEvidenceAdapter returns a new TDX Adapter instance
func ZeroizeBigInt ¶
ZeroizeBigInt replaces the big integer's byte array with zeroes. This function will panic if the bigInt parameter is nil.
func ZeroizeByteArray ¶
func ZeroizeByteArray(bytes []byte)
ZeroizeByteArray overwrites a byte array's data with zeros
func ZeroizeRSAPrivateKey ¶
func ZeroizeRSAPrivateKey(privateKey *rsa.PrivateKey)
ZeroizeRSAPrivateKey clears the private key's "D" and "Primes" (big int) values. This function will panic if the privateKey parameter is nil.
Types ¶
type EncryptionMetadata ¶
EncryptionMetadata holds information around encryption mechanism, e.g., hash algorithm and key used for encryption
type EventLogParser ¶
type EventLogParser interface {
GetEventLogs() ([]RtmrEventLog, error)
}
EventLogParser - Public interface for collecting eventlog data
func NewEventLogParser ¶
func NewEventLogParser() EventLogParser
NewEventLogParser returns an instance of EventLogParser
type KeyMetadata ¶
type KeyMetadata struct {
KeyLength int
}
KeyMetadata holds information around key creation, e.g., key length
type RtmrEvent ¶
type RtmrEvent struct {
TypeID string `json:"type_id"`
TypeName string `json:"type_name,omitempty"`
Tags []string `json:"tags,omitempty"`
Measurement string `json:"measurement"`
}
RtmrEvent structure is used to hold RTMR Event Info
type RtmrEventLog ¶
type RtmrEventLog struct {
Rtmr RtmrData `json:"rtmr"`
RtmrEvents []RtmrEvent `json:"rtmr_events"`
}
RtmrEventLog structure is used to hold complete event log info
Source Files