Documentation
¶
Index ¶
- Constants
- Variables
- func NewRTMR(digest [48]byte) cctrusted_base.TcgDigest
- type AttestationKeyType
- type OperatorName
- type QeCertDataType
- type QgsMsgGetQuoteReq
- type QgsMsgGetQuoteResp
- type QgsMsgHeader
- type QgsMsgType
- type TDXDeviceSpec
- type TdxEnclaveReportBody
- type TdxQuote
- type TdxQuoteBody
- type TdxQuoteHdr
- type TdxQuoteHeader
- type TdxQuoteQeCert
- type TdxQuoteQeReportCert
- type TdxQuoteReq
- type TdxQuoteSignature
- type TdxQuoteSignatureDefault
- type TdxQuoteSignatureEcdsa256
- type TdxQuoteTeeTcbSvn
- type TdxReport
- type TdxReportReq15
- type TeeType
Constants ¶
View Source
const ( TDX_VERSION_1_0 cctrusted_base.DeviceVersion = "1.0" TDX_VERSION_1_0_DEVICE string = "/dev/tdx-guest" TDX_VERSION_1_5 cctrusted_base.DeviceVersion = "1.5" TDX_VERSION_1_5_DEVICE string = "/dev/tdx_guest" TDX_QUOTE_VERSION_4 = 4 TDX_QUOTE_VERSION_5 = 5 // The length of the reportdata TD_REPORTDATA_LEN = 64 // The length of the tdreport TD_REPORT_LEN = 1024 // The length of the report/quote TDX_QUOTE_LEN = 4 * 4096 // Allowd Operation // Get td report, td report is a structure consisting of some // info from tdx module and td vm. Being signed by the Intel PCS, // it becomes the report for remote attestation. GetTdReport OperatorName = "GetTdReport" // Get td quote GetQuote OperatorName = "GetQuote" GetQuoteReq QgsMsgType = 0 GetQuoteResp QgsMsgType = 1 AttestationKeyType_ECDSA_P256 AttestationKeyType = 2 AttestationKeyType_ECDSA_P384 AttestationKeyType = 3 TEE_SGX TeeType = 0x00000000 TEE_TDX TeeType = 0x00000081 TDX_ATTEST_CONFIG_PATH = "/etc/tdx-attest.conf" )
View Source
const (
RTMRMaxIndex = 3
)
Variables ¶
View Source
var ( TdxDeviceSpecs = map[string]TDXDeviceSpec{ TDX_VERSION_1_0_DEVICE: { Version: TDX_VERSION_1_0, DevicePath: TDX_VERSION_1_0_DEVICE, TdxAttestConfigPath: TDX_ATTEST_CONFIG_PATH, AllowedOperation: map[OperatorName]uintptr{ GetTdReport: uintptr(binary.BigEndian.Uint32([]byte{192, 8, 'T', 1})), GetQuote: uintptr(binary.BigEndian.Uint32([]byte{128, 8, 'T', 2})), }, }, TDX_VERSION_1_5_DEVICE: { Version: TDX_VERSION_1_5, DevicePath: TDX_VERSION_1_5_DEVICE, TdxAttestConfigPath: TDX_ATTEST_CONFIG_PATH, AllowedOperation: map[OperatorName]uintptr{ GetTdReport: uintptr(binary.BigEndian.Uint32([]byte{196, 64, 'T', 1})), GetQuote: uintptr(binary.BigEndian.Uint32([]byte{128, 16, 'T', 4})), }, }, } )
Functions ¶
func NewRTMR ¶
func NewRTMR(digest [48]byte) cctrusted_base.TcgDigest
Types ¶
type AttestationKeyType ¶
type AttestationKeyType uint16
func (AttestationKeyType) String ¶
func (t AttestationKeyType) String() string
type OperatorName ¶
type OperatorName string
type QeCertDataType ¶
type QeCertDataType uint32
const ( PCK_ID_PLAIN QeCertDataType = 1 PCK_ID_RSA_2048_OAEP QeCertDataType = 2 PCK_ID_RSA_3072_OAEP QeCertDataType = 3 PCK_LEAF_CERT_PLAIN QeCertDataType = 4 // Currently not supported PCK_CERT_CHAIN QeCertDataType = 5 QE_REPORT_CERT QeCertDataType = 6 PLATFORM_MANIFEST QeCertDataType = 7 // Currently not supported // QE Vendor ID. Unique identifier of the QE Vendor. // Note: Each vendor that decides to provide a customized Quote data // structure should have unique ID. // e.g. Value: 939A7233F79C4CA9940A0DB3957F0607 (Intel® SGX QE Vendor) QE_VENDOR_INTEL_SGX = "939a7233f79c4ca9940a0db3957f0607" )
func (QeCertDataType) String ¶
func (t QeCertDataType) String() string
type QgsMsgGetQuoteReq ¶
type QgsMsgGetQuoteReq struct {
Header QgsMsgHeader
ReportSize uint32 // cannot be 0
IdListSize uint32 // length of id_list, in byte, can be 0
// ReportIdList stores tdreport and id list.
// TD_REPORT_LEN-fixed-lengthed tdreport in front of array,
// and id list with the length IdListSize is stored in the tail.
ReportIdList []uint8
}
func NewQgsMsgGetQuoteReqVer15 ¶
func NewQgsMsgGetQuoteReqVer15(tdreport [TD_REPORT_LEN]uint8) *QgsMsgGetQuoteReq
func (*QgsMsgGetQuoteReq) Bytes ¶
func (q *QgsMsgGetQuoteReq) Bytes() []byte
type QgsMsgGetQuoteResp ¶
type QgsMsgGetQuoteResp struct {
Header QgsMsgHeader // header.type = GET_QUOTE_RESP
SelectedIdSize uint32 // can be 0 in case only one id is sent in request
QuoteSize uint32 // length of quote_data, in byte
IdQuote [TDX_QUOTE_LEN]uint8 // selected id followed by quote
}
func NewQgsMsgGetQuoteRespFromBytes ¶
func NewQgsMsgGetQuoteRespFromBytes(b []byte) *QgsMsgGetQuoteResp
type QgsMsgHeader ¶
type QgsMsgHeader struct {
MajorVersion uint16 // TDX major version
MinorVersion uint16 // TDX minor version
MsgType QgsMsgType // GET_QUOTE_REQ or GET_QUOTE_RESP
Size uint32 // size of the whole message, include this header, in byte
ErrorCode uint32 // used in response only
}
func NewQgsMsgHeaderFromBytes ¶
func NewQgsMsgHeaderFromBytes(b []byte) *QgsMsgHeader
func NewQgsMsgHeaderVer15 ¶
func NewQgsMsgHeaderVer15() *QgsMsgHeader
func (*QgsMsgHeader) Bytes ¶
func (q *QgsMsgHeader) Bytes() []byte
func (*QgsMsgHeader) LenOfBytes ¶
func (q *QgsMsgHeader) LenOfBytes() uint32
type QgsMsgType ¶
type QgsMsgType uint32
type TDXDeviceSpec ¶
type TDXDeviceSpec struct {
Version cctrusted_base.DeviceVersion
DevicePath string
TdxAttestConfigPath string
AllowedOperation map[OperatorName]uintptr
}
func (*TDXDeviceSpec) ProbeAttestConfig ¶
func (spec *TDXDeviceSpec) ProbeAttestConfig() map[string]string
type TdxEnclaveReportBody ¶
type TdxEnclaveReportBody struct {
CpuSvn [16]byte
Miscselect uint32
Reserved1 [28]byte
Attributes [16]byte
Mrenclave [32]byte
Reserved2 [32]byte
MrSigner [32]byte
Reserved3 [96]byte
IsvProdid uint16
IsvSvn uint16
Reserved4 [60]byte
ReportData [64]byte
// contains filtered or unexported fields
}
func NewTdxEnclaveReportBody ¶
func NewTdxEnclaveReportBody(b []byte) *TdxEnclaveReportBody
func (*TdxEnclaveReportBody) Dump ¶
func (b *TdxEnclaveReportBody) Dump(format cctrusted_base.QuoteDumpFormat, indent string)
type TdxQuote ¶
type TdxQuote struct {
Header *TdxQuoteHeader
Body *TdxQuoteBody
Signature TdxQuoteSignature
}
func NewTdxQuote ¶
func (*TdxQuote) Dump ¶
func (q *TdxQuote) Dump(format cctrusted_base.QuoteDumpFormat, indent string)
type TdxQuoteBody ¶
type TdxQuoteBody struct {
TeeTcbSvn TdxQuoteTeeTcbSvn
MrSeam [48]byte
MrSignerSeam [48]byte
SeamAttributes [8]byte
TdAttributes [8]byte
Xfam [8]byte
MrTd [48]byte
MrConfigId [48]byte
MrOwner [48]byte
MrOwnerConfig [48]byte
Rtmr0 [48]byte
Rtmr1 [48]byte
Rtmr2 [48]byte
Rtmr3 [48]byte
ReportData [64]byte
// contains filtered or unexported fields
}
func NewTdxQuoteBody ¶
func NewTdxQuoteBody(b []byte) *TdxQuoteBody
func (*TdxQuoteBody) Dump ¶
func (b *TdxQuoteBody) Dump(format cctrusted_base.QuoteDumpFormat, indent string)
type TdxQuoteHdr ¶
type TdxQuoteHdr struct {
Version uint64 // Quote version, filled by TD
Status uint64 // Status code of Quote request, filled by VMM
InLen uint32 // Length of TDREPORT, filled by TD
OutLen uint32 // Length of Quote, filled by VMM
DataLenBeBytes [4]uint8 // big-endian 4 bytes indicate the size of data following
Data [TDX_QUOTE_LEN]uint8 // Actual Quote data or TDREPORT on input
}
func NewTdxQuoteHdrFromBytes ¶
func NewTdxQuoteHdrFromBytes(b []byte) *TdxQuoteHdr
func NewTdxQuoteHdrVer15 ¶
func NewTdxQuoteHdrVer15(req *QgsMsgGetQuoteReq) *TdxQuoteHdr
func (*TdxQuoteHdr) LenOfBytes ¶
func (t *TdxQuoteHdr) LenOfBytes() uint32
type TdxQuoteHeader ¶
type TdxQuoteHeader struct {
Version uint16
AKType AttestationKeyType
TeeType TeeType
Reserved1 [2]byte
Reserved2 [2]byte
QeVendor [16]byte
UserData [20]byte
// contains filtered or unexported fields
}
func NewTdxQuoteHeader ¶
func NewTdxQuoteHeader(b []byte) *TdxQuoteHeader
func (*TdxQuoteHeader) Dump ¶
func (h *TdxQuoteHeader) Dump(format cctrusted_base.QuoteDumpFormat, indent string)
type TdxQuoteQeCert ¶
type TdxQuoteQeCert struct {
CertType QeCertDataType
ReportCert *TdxQuoteQeReportCert
CertData []byte
// contains filtered or unexported fields
}
func NewTdxQuoteQeCert ¶
func NewTdxQuoteQeCert(b []byte) *TdxQuoteQeCert
func (*TdxQuoteQeCert) Dump ¶
func (c *TdxQuoteQeCert) Dump(format cctrusted_base.QuoteDumpFormat, indent string)
type TdxQuoteQeReportCert ¶
type TdxQuoteQeReportCert struct {
QeReport TdxEnclaveReportBody
QeReportSig [64]byte
QeAuthData []byte
QeCertData *TdxQuoteQeCert
// contains filtered or unexported fields
}
func NewTdxQuoteQeReportCert ¶
func NewTdxQuoteQeReportCert(b []byte) *TdxQuoteQeReportCert
func (*TdxQuoteQeReportCert) Dump ¶
func (c *TdxQuoteQeReportCert) Dump(format cctrusted_base.QuoteDumpFormat, indent string)
type TdxQuoteReq ¶
type TdxQuoteReq struct {
Buf uint64 // Pass user data that includes TDREPORT as input. Upon successful completion of IOCTL, output is copied back to the same buffer
Len uint64 // Length of the Quote buffer
}
func NewTdxQuoteReqVer15 ¶
func NewTdxQuoteReqVer15(hdr *TdxQuoteHdr) *TdxQuoteReq
type TdxQuoteSignature ¶
type TdxQuoteSignature interface {
Dump(cctrusted_base.QuoteDumpFormat, string)
}
type TdxQuoteSignatureDefault ¶
type TdxQuoteSignatureDefault struct {
}
func NewTdxQuoteSignatureDefault ¶
func NewTdxQuoteSignatureDefault(b []byte) *TdxQuoteSignatureDefault
func (*TdxQuoteSignatureDefault) Dump ¶
func (*TdxQuoteSignatureDefault) Dump(cctrusted_base.QuoteDumpFormat, string)
Dump implements TdxQuoteSignature.
type TdxQuoteSignatureEcdsa256 ¶
type TdxQuoteSignatureEcdsa256 struct {
Sig [64]byte
Ak [64]byte
QeCert TdxQuoteQeCert
// contains filtered or unexported fields
}
func NewTdxQuoteSignatureEcdsa256 ¶
func NewTdxQuoteSignatureEcdsa256(b []byte) *TdxQuoteSignatureEcdsa256
func (*TdxQuoteSignatureEcdsa256) Dump ¶
func (s *TdxQuoteSignatureEcdsa256) Dump(format cctrusted_base.QuoteDumpFormat, indent string)
Dump implements TdxQuoteSignature.
type TdxQuoteTeeTcbSvn ¶
type TdxQuoteTeeTcbSvn struct {
// contains filtered or unexported fields
}
func NewTdxQuoteTeeTcbSvn ¶
func NewTdxQuoteTeeTcbSvn(b []byte) *TdxQuoteTeeTcbSvn
func (*TdxQuoteTeeTcbSvn) Dump ¶
func (s *TdxQuoteTeeTcbSvn) Dump(format cctrusted_base.QuoteDumpFormat, indent string)
type TdxReport ¶
type TdxReport struct {
Quote *TdxQuote
}
func NewTdxReportFromBytes ¶
func (*TdxReport) Dump ¶
func (t *TdxReport) Dump(format cctrusted_base.QuoteDumpFormat)
Dump implements cctrusted_base.Report
func (*TdxReport) IMRGroup ¶
func (t *TdxReport) IMRGroup() cctrusted_base.IMRGroup
IMRGroup implements cctrusted_base.Report.
func (*TdxReport) InitFromBytes ¶
InitFromBytes implements cctrusted_base.Report.
type TdxReportReq15 ¶
type TdxReportReq15 struct {
ReportData [TD_REPORTDATA_LEN]uint8
Tdreport [TD_REPORT_LEN]uint8
}
Source Files
Click to show internal directories.
Click to hide internal directories.