tpm_enacttrust

package
v0.0.0-...-4e66fdd Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 30, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

README

Endorsement Store Interface

Reference Value

{
  "scheme": "TPM_ENACTTRUST",
  "type": "REFERENCE_VALUE",
  "attributes": {
    "enacttrust-tpm.alg-id": 1,
    "enacttrust-tpm.digest": "h0KPxSKAPTEGXnvOPPA/5HUJZjHl4Hu9eg/eYMTPJcc=",
    "enacttrust-tpm.node-id": "ffffffff-ffff-ffff-ffff-ffffffffffff"
  }
}

Trust Anchor

{
  "scheme": "TPM_ENACTTRUST",
  "type": "VERIFICATION_KEY",
  "attributes": {
    "enacttrust-tpm.node-id": "ffffffff-ffff-ffff-ffff-ffffffffffff",
    "enacttrust.ak-pub": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6Vwqe7hy3O8Ypa+BUETLUjBNU3rEXVUyt9XHR7HJWLG7XTKQd9i1kVRXeBPDLFnfYru1/euxRnJM7H9UoFDLdA=="
  }
}

Documentation

Overview

Copyright 2022-2023 Contributors to the Veraison project. SPDX-License-Identifier: Apache-2.0

Copyright 2021-2023 Contributors to the Veraison project. SPDX-License-Identifier: Apache-2.0

Copyright 2021-2024 Contributors to the Veraison project. SPDX-License-Identifier: Apache-2.0

Copyright 2022-2023 Contributors to the Veraison project. SPDX-License-Identifier: Apache-2.0

Copyright 2022-2023 Contributors to the Veraison project. SPDX-License-Identifier: Apache-2.0

Copyright 2023 Contributors to the Veraison project. SPDX-License-Identifier: Apache-2.0

Copyright 2022-2023 Contributors to the Veraison project. SPDX-License-Identifier: Apache-2.0

Copyright 2024 Contributors to the Veraison project. SPDX-License-Identifier: Apache-2.0

Copyright 2021-2023 Contributors to the Veraison project. SPDX-License-Identifier: Apache-2.0

Index

Constants

View Source 
const SchemeName = "TPM_ENACTTRUST"

Variables

View Source 
var (
	EndorsementMediaTypes = []string{
		"application/corim-unsigned+cbor; profile=http://enacttrust.com/veraison/1.0.0",
	}

	EvidenceMediaTypes = []string{
		"application/vnd.enacttrust.tpm-evidence",
	}
)

Functions

This section is empty.

Types

type EndorsementHandler 

type EndorsementHandler struct{}

func (EndorsementHandler) Close 

func (o EndorsementHandler) Close() error

func (EndorsementHandler) Decode 

func (o EndorsementHandler) Decode(data []byte) (*handler.EndorsementHandlerResponse, error)

func (EndorsementHandler) GetAttestationScheme 

func (o EndorsementHandler) GetAttestationScheme() string

func (EndorsementHandler) GetName 

func (o EndorsementHandler) GetName() string

func (EndorsementHandler) GetSupportedMediaTypes 

func (o EndorsementHandler) GetSupportedMediaTypes() []string

func (EndorsementHandler) Init 

func (o EndorsementHandler) Init(params handler.EndorsementHandlerParams) error

type Endorsements 

type Endorsements struct {
	Digest string
}

func (*Endorsements) Populate 

func (e *Endorsements) Populate(strings []string) error

type EvidenceHandler 

type EvidenceHandler struct{}

func (EvidenceHandler) AppraiseEvidence 

func (s EvidenceHandler) AppraiseEvidence(
	ec *proto.EvidenceContext,
	endorsementStrings []string,
) (*ear.AttestationResult, error)

func (EvidenceHandler) ExtractClaims 

func (s EvidenceHandler) ExtractClaims(
	token *proto.AttestationToken,
	trustAnchors []string,
) (map[string]interface{}, error)

func (EvidenceHandler) GetAttestationScheme 

func (s EvidenceHandler) GetAttestationScheme() string

func (EvidenceHandler) GetName 

func (s EvidenceHandler) GetName() string

func (EvidenceHandler) GetSupportedMediaTypes 

func (s EvidenceHandler) GetSupportedMediaTypes() []string

func (EvidenceHandler) ValidateEvidenceIntegrity 

func (s EvidenceHandler) ValidateEvidenceIntegrity(
	token *proto.AttestationToken,
	trustAnchors []string,
	endorsements []string,
) error

type Extractor 

type Extractor struct {
	Profile string
}

func (Extractor) RefValExtractor 

func (o Extractor) RefValExtractor(rv comid.ReferenceValue) ([]*handler.Endorsement, error)

func (*Extractor) SetProfile 

func (o *Extractor) SetProfile(p string)

func (Extractor) TaExtractor 

func (o Extractor) TaExtractor(avk comid.AttestVerifKey) (*handler.Endorsement, error)

type InstanceAttributes 

type InstanceAttributes struct {
	NodeID string
}

func (*InstanceAttributes) FromEnvironment 

func (o *InstanceAttributes) FromEnvironment(e comid.Environment) error

type RefValAttr 

type RefValAttr struct {
	NodeID string `json:"enacttrust-tpm.node-id"`
	Digest string `json:"enacttrust-tpm.digest"`
	AlgId  int    `json:"enacttrust-tpm.alg-id"`
}

type RefValEndorsement 

type RefValEndorsement struct {
	Scheme  string     `json:"scheme"`
	Type    string     `json:"type"`
	SubType string     `json:"sub_type"`
	Attr    RefValAttr `json:"attributes"`
}

type StoreHandler 

type StoreHandler struct {
}

func (StoreHandler) GetAttestationScheme 

func (s StoreHandler) GetAttestationScheme() string

func (StoreHandler) GetName 

func (s StoreHandler) GetName() string

func (StoreHandler) GetRefValueIDs 

func (s StoreHandler) GetRefValueIDs(
	tenantID string,
	trustAnchors []string,
	claims map[string]interface{},
) ([]string, error)

func (StoreHandler) GetSupportedMediaTypes 

func (s StoreHandler) GetSupportedMediaTypes() []string

func (StoreHandler) GetTrustAnchorIDs 

func (s StoreHandler) GetTrustAnchorIDs(token *proto.AttestationToken) ([]string, error)

func (StoreHandler) SynthKeysFromRefValue 

func (s StoreHandler) SynthKeysFromRefValue(
	tenantID string,
	swComp *handler.Endorsement,
) ([]string, error)

func (StoreHandler) SynthKeysFromTrustAnchor 

func (s StoreHandler) SynthKeysFromTrustAnchor(tenantID string, ta *handler.Endorsement) ([]string, error)

type SwCompAttributes 

type SwCompAttributes struct {
	AlgID  uint64
	Digest []byte
}

func (*SwCompAttributes) FromMeasurement 

func (o *SwCompAttributes) FromMeasurement(m comid.Measurement) error

type TaAttr 

type TaAttr struct {
	NodeID string `json:"enacttrust-tpm.node-id"`
	Key    string `json:"enacttrust.ak-pub"`
}

type Token 

type Token struct {
	// NodeId is the identifier of the attesting node.
	NodeId uuid.UUID
	// TPMS_ATTEST decoded from the token
	AttestationData *tpm2.AttestationData
	// Raw token bytes
	Raw []byte
	// TPMT_SIGNATURE decoded from the token
	Signature *tpm2.Signature
}

Token is the container for the decoded EnactTrust token

func (*Token) Decode 

func (t *Token) Decode(data []byte) error

func (Token) VerifySignature 

func (t Token) VerifySignature(key *ecdsa.PublicKey) error

type TrustAnchorEndorsement 

type TrustAnchorEndorsement struct {
	Scheme  string `json:"scheme"`
	Type    string `json:"type"`
	SubType string `json:"sub_type"`
	Attr    TaAttr `json:"attributes"`
}

Source Files

View all Source files

Directories

Path Synopsis
plugin
combined
endorsement-handler
evidence-handler
store-handler
test
cmd/gen-token

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.