Package trust defines core trust types and values for attestation verification.

DefaultOptions returns a useful default verification option setting.

RawTdxQuote verifies the raw bytes representation of an attestation quote.

RootOfTrustToOptions translates the RootOfTrust message into the Options type needed for driving an attestation verification.

TdxQuote verifies the protobuf representation of an attestation quote's signature based on the quote's SignatureAlgo, provided the certificate chain is valid for formats - QuoteV4.

ErrCertNil error returned when certificate is not provided.

ErrCertPubKeyType error returned when certificate public key is not of type ecdsa.

ErrCollateralNil error returned when collaterals are missing.

ErrCrlEmpty error returned when Certificate Revocation list is empty.

ErrEmptyRootCRLUrl error returned when QE identity issuer's chain root certificate has empty CRL distribution points.

ErrHashVerificationFail error returned when message digest verification failed using quote's.

ErrIntermediateCaCertExpired error returned when Intermediate CA certificate has expired.

ErrIntermediateCertNil error returned when Intermediate CA certificate is empty.

ErrKeyMismatch error returned when trusted public key is different from root CA certificate's public key.

ErrMissingEnclaveIdentityBody error returned when Enclave Identity body is missing.

ErrMissingPckCrl error returned when PCK CRL is missing.

ErrMissingPCKCrlRootCert error returned when root certificate is missing in issuer chain of PCK CRL.

ErrMissingPCKCrlSigningCert error returned when signing certificate is missing in issuer chain of PCK CRL.

ErrMissingQeIdentityRootCert error returned when root certificate is missing in issuer chain of QeIdentity.

ErrMissingQeIdentitySigningCert error returned when signing certificate is missing in issuer chain of QeIdentity.

ErrMissingRootCaCrl error returned when Root CA CRL CRL is missing.

ErrMissingTcbInfoBody error returned when TCB info body is missing.

ErrMissingTcbInfoRootCert error returned when root certificate is missing in issuer chain of tcbInfo.

ErrMissingTcbInfoSigningCert error returned when signing certificate is missing in issuer chain of tcbInfo.

ErrOptionsNil error returned when options parameter is empty.

ErrParentCertNil error returned when parent certificate is not provided.

ErrPckCertCANil error returned when CA is missing in PCK Certificate.

ErrPCKCertChainInvalid error returned when PCK certificate chain has incomplete certificates.

ErrPCKCertChainNil error returned when PCK certificate chain field is empty in quote.

ErrPCKCertNil error returned when PCK leaf certificate is empty.

ErrPCKCrlExpired error returned when PCK CRL is expired.

ErrPCKCrlRootCertExpired error returned when PCK CRL root certificate is expired.

ErrPCKCrlSigningCertExpired error returned when PCK CRL signing certificate is expired.

ErrPckLeafCertExpired error returned when PCK Leaf certificate has expired.

ErrPublicKeySize error returned when public key bytes are of unexpected size.

ErrQeIdentityExpired error returned when QeIdentity response is expired.

ErrQeIdentityNil error returned when QeIdentity response structure is missing.

ErrQeIdentityRootCertExpired error returned when QeIdentity root certificate is expired.

ErrQeIdentitySigningCertExpired error returned when QeIdentity signing certificate is expired.

ErrQeIdentityTcbLevelsMissing error returned when TCBLevels array in QE Identity is of length 0.

ErrRevocationCheckFailed error returned when CheckRevocations parameter is set to true and GetCollateral is set to false.

ErrRootCaCertExpired error returned when Root CA certificate has expired.

ErrRootCaCrlExpired error returned when Root CA CRL is expired.

ErrRootCertNil error returned when Root CA certificate is empty.

ErrSHA56VerificationFail error returned when sha256 verification fails.

ErrTcbInfoExpired error returned when tcbInfo response is expired.

ErrTcbInfoNil error returned when tcbInfo response structure is missing.

ErrTcbInfoRootCertExpired error returned when tcbInfo root certificate is expired.

ErrTcbInfoSigningCertExpired error returned when tcbInfo signing certificate is expired.

ErrTcbInfoTcbLevelsMissing error returned when TCBLevels array in TCB info is of length 0.

ErrTcbStatus error returned when TCB status is out of date.

ErrTrustedCertEmpty error returned when no trusted certificate is provided for verification.

Collateral contains information received from Intel PCS API service.

CRLUnavailableErr represents a problem with fetching the CRL from the network.

Options represents verification options for a TDX attestation quote.

PCKCertificateChain contains certificate chains.