forked from lf-edge/eve
-
Notifications
You must be signed in to change notification settings - Fork 0
/
attesttypes.go
232 lines (193 loc) · 6.31 KB
/
attesttypes.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
// Copyright (c) 2020 Zededa, Inc.
// SPDX-License-Identifier: Apache-2.0
package types
import (
"encoding/hex"
"github.com/google/go-cmp/cmp"
"github.com/lf-edge/eve/pkg/pillar/base"
)
//AttestNonce carries nonce published by requester
type AttestNonce struct {
Nonce []byte
Requester string
}
//Key returns nonce content, which is the key as well
func (nonce AttestNonce) Key() string {
return hex.EncodeToString(nonce.Nonce)
}
// LogCreate :
func (nonce AttestNonce) LogCreate(logBase *base.LogObject) {
logObject := base.NewLogObject(logBase, base.AttestNonceLogType, "",
nilUUID, nonce.LogKey())
if logObject == nil {
return
}
logObject.Noticef("Attest nonce create")
}
// LogModify :
func (nonce AttestNonce) LogModify(logBase *base.LogObject, old interface{}) {
logObject := base.EnsureLogObject(logBase, base.AttestNonceLogType, "",
nilUUID, nonce.LogKey())
oldNonce, ok := old.(AttestNonce)
if !ok {
logObject.Clone().Fatalf("LogModify: Old object interface passed is not of AttestNonce type")
}
// XXX remove?
logObject.CloneAndAddField("diff", cmp.Diff(oldNonce, nonce)).
Noticef("Attest nonce modify")
}
// LogDelete :
func (nonce AttestNonce) LogDelete(logBase *base.LogObject) {
logObject := base.EnsureLogObject(logBase, base.AttestNonceLogType, "",
nilUUID, nonce.LogKey())
logObject.Noticef("Attest nonce delete")
base.DeleteLogObject(logBase, nonce.LogKey())
}
// LogKey :
func (nonce AttestNonce) LogKey() string {
return string(base.AttestNonceLogType) + "-" + nonce.Key()
}
//SigAlg denotes the Signature algorithm in use e.g. ECDSA, RSASSA
type SigAlg uint8
//CertType carries the certificate use case e.g. ek, ecdh_exchange etc
type CertType uint8
//CertHashType carries the hash algo used for compute the short hash
type CertHashType uint8
//PCRExtendHashType carries the hash algo used in PCR Extend operation
type PCRExtendHashType uint8
//CertMetaDataType is used for telling which type of MetaData is populated
type CertMetaDataType uint8
//Different values for CertMetaDataType
const (
CertMetaDataTypeNone CertMetaDataType = iota + 0
CertMetaDataTypeTpm2Public
)
//CertMetaData stores a pair of type and value for a MetaData
type CertMetaData struct {
Type CertMetaDataType
Data []byte
}
//Various certificate types published by tpmmgr
const (
SigAlgNone SigAlg = iota + 0
EcdsaSha256
RsaRsassa256
)
//PCR Extend Hash Algorithm used
const (
PCRExtendHashAlgoNone PCRExtendHashType = iota + 0
PCRExtendHashAlgoSha1
PCRExtendHashAlgoSha256
)
//Needs to match api/proto/attest/attest.proto:ZEveCertType
//Various types defined under CertType
const (
CertTypeNone CertType = iota + 0 //Default
CertTypeOnboarding
CertTypeRestrictSigning
CertTypeEk
CertTypeEcdhXchange
)
//PCRValue contains value of single PCR
type PCRValue struct {
Index uint8
Algo PCRExtendHashType
Digest []byte
}
//AttestQuote contains attestation quote
type AttestQuote struct {
Nonce []byte //Nonce provided by the requester
SigType SigAlg //The signature algorithm used
Signature []byte //ASN1 encoded signature
Quote []byte //the quote structure
PCRs []PCRValue //pcr values
}
//Key uniquely identifies an AttestQuote object
func (quote AttestQuote) Key() string {
return hex.EncodeToString(quote.Nonce)
}
// LogCreate :
func (quote AttestQuote) LogCreate(logBase *base.LogObject) {
logObject := base.NewLogObject(logBase, base.AttestQuoteLogType, "",
nilUUID, quote.LogKey())
if logObject == nil {
return
}
logObject.Noticef("Attest quote create")
}
// LogModify :
func (quote AttestQuote) LogModify(logBase *base.LogObject, old interface{}) {
logObject := base.EnsureLogObject(logBase, base.AttestQuoteLogType, "",
nilUUID, quote.LogKey())
oldQuote, ok := old.(AttestQuote)
if !ok {
logObject.Clone().Fatalf("LogModify: Old object interface passed is not of AttestQuote type")
}
// XXX remove?
logObject.CloneAndAddField("diff", cmp.Diff(oldQuote, quote)).
Noticef("Attest quote modify")
}
// LogDelete :
func (quote AttestQuote) LogDelete(logBase *base.LogObject) {
logObject := base.EnsureLogObject(logBase, base.AttestQuoteLogType, "",
nilUUID, quote.LogKey())
logObject.Noticef("Attest quote delete")
base.DeleteLogObject(logBase, quote.LogKey())
}
// LogKey :
func (quote AttestQuote) LogKey() string {
return string(base.AttestQuoteLogType) + "-" + quote.Key()
}
//Needs to match api/proto/attest/attest.proto:ZEveCertHashType
//Various CertHashType fields
const (
CertHashTypeNone = iota + 0
CertHashTypeSha256First16 = 1 // hash with sha256, the 1st 16 bytes of result in 'certHash'
)
// EdgeNodeCert : contains additional device certificates such as
// - attest signing certificate published by tpmmgr
// - ECDH certificate published by tpmmgr
type EdgeNodeCert struct {
HashAlgo CertHashType //hash method used to arrive at certHash
CertID []byte //Hash of the cert, computed using hashAlgo
CertType CertType //type of the certificate
Cert []byte //PEM encoded
IsTpm bool //TPM generated or, not
MetaDataItems []CertMetaData //Meta data items associated with this cert(can be empty)
}
//Key uniquely identifies the certificate
func (cert EdgeNodeCert) Key() string {
return hex.EncodeToString(cert.CertID)
}
// LogCreate :
func (cert EdgeNodeCert) LogCreate(logBase *base.LogObject) {
logObject := base.NewLogObject(logBase, base.EdgeNodeCertLogType, "",
nilUUID, cert.LogKey())
if logObject == nil {
return
}
logObject.Noticef("Edge node cert create")
}
// LogModify :
func (cert EdgeNodeCert) LogModify(logBase *base.LogObject, old interface{}) {
logObject := base.EnsureLogObject(logBase, base.EdgeNodeCertLogType, "",
nilUUID, cert.LogKey())
oldCert, ok := old.(EdgeNodeCert)
if !ok {
logObject.Clone().Fatalf("LogModify: Old object interface passed is not of EdgeNodeCert type")
}
// XXX remove?
logObject.CloneAndAddField("diff", cmp.Diff(oldCert, cert)).
Noticef("Edge node cert modify")
}
// LogDelete :
func (cert EdgeNodeCert) LogDelete(logBase *base.LogObject) {
logObject := base.EnsureLogObject(logBase, base.EdgeNodeCertLogType, "",
nilUUID, cert.LogKey())
logObject.Noticef("Edge node cert delete")
base.DeleteLogObject(logBase, cert.LogKey())
}
// LogKey :
func (cert EdgeNodeCert) LogKey() string {
return string(base.EdgeNodeCertLogType) + "-" + cert.Key()
}