README
¶
关于
csv-attestation 是海光 csv attestation sdk (C语言) 的 Golang 库.
功能
- 用户态生成报告 ioctl_get_attestation
- 内核态生成报告 vmmcall_get_attestation
- 验证报告 verify_attestation
其他
Python 版本实现 (by 阿里云):
Documentation
¶
Index ¶
- Constants
- func IoctlGetAttestationReport(data []byte) (report, nonce []byte, err error)
- func Verify(reportData, nonceData []byte) error
- func VerifyCert(parent, cert Cert) error
- func VerifyCertChain(chipID string, pek *CsvCert) error
- func VerifySessionMac(report *CsvAttestationReport, nonce []byte) error
- type Cert
- type ChipRootCert
- type CsvAttestationReport
- type CsvCert
- type CsvGuestMem
- type EccPubkey
- type EccSignature
- type HskCekCert
- type ParsedReport
Constants ¶
View Source
const ( KEY_USAGE_TYPE_HRK = 0 KEY_USAGE_TYPE_HSK = 0x13 KEY_USAGE_TYPE_INVALID = 0x1000 KEY_USAGE_TYPE_OCA = 0x1001 KEY_USAGE_TYPE_PEK = 0x1002 KEY_USAGE_TYPE_PDH = 0x1003 KEY_USAGE_TYPE_CEK = 0x1004 )
enum _key_usage
View Source
const ( HskCekCertSize = int(unsafe.Sizeof(HskCekCert{})) ChipRootCertSize = int(unsafe.Sizeof(ChipRootCert{})) CsvCertSize = int(unsafe.Sizeof(CsvCert{})) CsvAttestationReportSize = int(unsafe.Sizeof(CsvAttestationReport{})) GUEST_ATTESTATION_DATA_SIZE = 64 GUEST_ATTESTATION_NONCE_SIZE = 16 CHIP_KEY_ID_LEN = 16 SIZE_INT32 = 4 SIZE_24 = 24 SIZE_108 = 108 SIZE_112 = 112 CSV_CERT_RSVD3_SIZE = 624 CSV_CERT_RSVD4_SIZE = 368 CSV_CERT_RSVD5_SIZE = 368 VM_ID_SIZE = 16 VM_VERSION_SIZE = 16 SN_LEN = 64 USER_DATA_SIZE = 64 HASH_BLOCK_LEN = 32 )
Variables ¶
This section is empty.
Functions ¶
func VerifyCert ¶
func VerifyCertChain ¶
func VerifySessionMac ¶
func VerifySessionMac(report *CsvAttestationReport, nonce []byte) error
Types ¶
type Cert ¶
type Cert interface {
// GetEccPubkey returns a pubkey that verify other cert
GetEccPubkey() (*EccPubkey, error)
// GetEccSignature returns the signature to be verified
GetEccSignature() *EccSignature
// GetMessage returns the message to be verified
GetMessage() []byte
}
type ChipRootCert ¶
type ChipRootCert struct {
Version uint32
KeyID [CHIP_KEY_ID_LEN]byte
CertifyingID [CHIP_KEY_ID_LEN]byte
KeyUsage uint32
Reserved1 [SIZE_24 / SIZE_INT32]uint32
Pubkey [PUBKEY_SIZE]byte // it's union of pubkey, ecc_pubkey
Reserved2 [SIZE_108 / SIZE_INT32]uint32
Signature [SIGNATURE_SIZE]byte // it's union of signature, ecc_sig
Reserved3 [SIZE_112 / SIZE_INT32]uint32
}
ChipRootCert is _hygon_root_cert CHIP_ROOT_CERT_t
func LoadHrkCert ¶
func LoadHrkCert() (*ChipRootCert, error)
func (*ChipRootCert) GetEccPubkey ¶
func (cert *ChipRootCert) GetEccPubkey() (*EccPubkey, error)
func (*ChipRootCert) GetEccSignature ¶
func (cert *ChipRootCert) GetEccSignature() *EccSignature
func (*ChipRootCert) GetMessage ¶
func (cert *ChipRootCert) GetMessage() []byte
type CsvAttestationReport ¶
type CsvAttestationReport struct {
UserPubkeyDigest [HASH_BLOCK_LEN]byte
VmID [VM_ID_SIZE]byte
VmVersion [VM_VERSION_SIZE]byte
UserData [USER_DATA_SIZE / 4]uint32
MNonce [GUEST_ATTESTATION_NONCE_SIZE / 4]uint32
Measure [HASH_BLOCK_LEN / 4]uint32
Policy uint32
SigUsage uint32
SigAlgo uint32
ANonce uint32
Sig1 [SIGNATURE_SIZE]byte // it's union of sig1, ecc_sig1
PekCert [CsvCertSize / 4]uint32
SN [SN_LEN / 4]uint32
Reserved2 [32]byte
Mac [HASH_BLOCK_LEN]byte
}
CsvAttestationReport is csv_attestation_report
func (*CsvAttestationReport) GetEccPubkey ¶
func (report *CsvAttestationReport) GetEccPubkey() (*EccPubkey, error)
func (*CsvAttestationReport) GetEccSignature ¶
func (report *CsvAttestationReport) GetEccSignature() *EccSignature
func (*CsvAttestationReport) GetMessage ¶
func (report *CsvAttestationReport) GetMessage() []byte
func (*CsvAttestationReport) ParseReport ¶
func (report *CsvAttestationReport) ParseReport() *ParsedReport
type CsvCert ¶
type CsvCert struct {
Version uint32
ApiMajor uint8
ApiMinor uint8
Reserved1 uint8
Reserved2 uint8
PubkeyUsage uint32
PubkeyAlgo uint32
Pubkey [PUBKEY_SIZE]byte // it's union of pubkey, ecc_pubkey
Reserved3 [CSV_CERT_RSVD3_SIZE / SIZE_INT32]uint32
Sig1Usage uint32
Sig1Algo uint32
Sig1 [SIGNATURE_SIZE]byte // it's union of sig1, ecc_sig1
Reserved4 [CSV_CERT_RSVD4_SIZE / SIZE_INT32]uint32
Sig2Usage uint32
Sig2Algo uint32
Sig2 [SIGNATURE_SIZE]byte // it's union of sig2, ecc_sig2
Reserved5 [CSV_CERT_RSVD5_SIZE / SIZE_INT32]uint32
}
CsvCert is _hygon_csv_cert CSV_CERT_t
func (*CsvCert) GetEccPubkey ¶
func (*CsvCert) GetEccSignature ¶
func (cert *CsvCert) GetEccSignature() *EccSignature
func (*CsvCert) GetEccSignature1 ¶
func (cert *CsvCert) GetEccSignature1() *EccSignature
func (*CsvCert) GetEccSignature2 ¶
func (cert *CsvCert) GetEccSignature2() *EccSignature
func (*CsvCert) GetMessage ¶
type EccSignature ¶
type HskCekCert ¶
type HskCekCert struct {
Hsk ChipRootCert
Cek CsvCert
}
func LoadHskCekCert ¶
func LoadHskCekCert(chipID string) (*HskCekCert, error)
Source Files
Click to show internal directories.
Click to hide internal directories.