attestedtls

package
v0.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 29, 2025 License: Apache-2.0 Imports: 29 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	Endpoint_Client = 0
	Endpoint_Server = 1
)

Variables

View Source 
var CmcApis = map[CmcApiSelect]CmcApi{}

Functions

func Dial 

func Dial(network string, addr string, config *tls.Config, moreConfigs ...ConnectionOption[CmcConfig]) (*tls.Conn, error)

Wraps tls.Dial Additionally performs remote attestation before returning the established connection.

func GetCert 

func GetCert(moreConfigs ...ConnectionOption[CmcConfig]) (tls.Certificate, error)

Obtains Certificate for the Identity Key (IK) used for the connection from cmcd

func Listen 

func Listen(network, laddr string, config *tls.Config, moreConfigs ...ConnectionOption[CmcConfig]) (net.Listener, error)

Wrapper for tls.Listen Returns custom Listener that will perform additional remote attestation operations right after successful TLS connection establishment

func Read 

func Read(c net.Conn) ([]byte, error)

Receives byte array from provided channel by first receiving length information, then data. Used for transmitting the attestation reports between peers

func Write 

func Write(msg []byte, c net.Conn) error

Writes byte array to provided channel by first sending length information, then data. Used for transmitting the attestation reports between peers

Types

type AtlsHandshakeComplete added in v0.8.0 

type AtlsHandshakeComplete struct {
	Version string `json:"version" cbor:"0,keyasint"`
	Success bool   `json:"success" cbor:"1,keyasint"`
	Error   string `json:"error,omitempty" cbor:"2,keyasint,omitempty"`
}

func (*AtlsHandshakeComplete) CheckVersion added in v0.8.0 

func (complete *AtlsHandshakeComplete) CheckVersion() error

type AtlsHandshakeRequest added in v0.8.0 

type AtlsHandshakeRequest struct {
	Version        string       `json:"version" cbor:"0,keyasint"`
	Attest         AttestSelect `` /* 147-byte string literal not displayed */
	Cached         []string     `json:"cached,omitempty" cbor:"2,keyasint,omitempty"`
	ExtendedReport bool         `json:"extendedReport,omitempty" cbor:"3,keyasint,omitempty"`
}

func (*AtlsHandshakeRequest) CheckVersion added in v0.8.0 

func (req *AtlsHandshakeRequest) CheckVersion() error

type AtlsHandshakeResponse added in v0.8.0 

type AtlsHandshakeResponse struct {
	Version     string            `json:"version" cbor:"0,keyasint"`
	Error       string            `json:"error,omitempty" cbor:"1,keyasint,omitempty"`
	Report      []byte            `json:"report,omitempty" cbor:"2,keyasint,omitempty"`
	Metadata    map[string][]byte `json:"metadata,omitempty" cbor:"3,keyasint,omitempty"`
	CacheMisses []string          `json:"cacheMisses,omitempty" cbor:"4,keyasint,omitempty"`
}

func (*AtlsHandshakeResponse) CheckVersion added in v0.8.0 

func (resp *AtlsHandshakeResponse) CheckVersion() error

type AttestSelect added in v0.6.0 

type AttestSelect uint32
const (
	Attest_Mutual AttestSelect = 0
	Attest_Client AttestSelect = 1
	Attest_Server AttestSelect = 2
	Attest_None   AttestSelect = 3
)

func (AttestSelect) String added in v0.8.0 

func (s AttestSelect) String() string

type CmcApi added in v0.5.0 

type CmcApi interface {
	// contains filtered or unexported methods
}

type CmcApiSelect added in v0.5.0 

type CmcApiSelect uint32
const (
	CmcApi_GRPC   CmcApiSelect = 0
	CmcApi_COAP   CmcApiSelect = 1
	CmcApi_Socket CmcApiSelect = 2
	CmcApi_Lib    CmcApiSelect = 3
)

type CmcConfig added in v0.6.0 

type CmcConfig struct {
	CmcAddr       string
	CmcApi        CmcApi
	ApiSerializer ar.Serializer
	Ca            []byte
	Policies      []byte
	Mtls          bool
	Attest        AttestSelect
	ResultCb      func(result *ar.VerificationResult)
	Cmc           *cmc.Cmc
}

Struct that holds information on cmc address and port to be used by Listener and DialConfig

func NewCmcConfig added in v0.8.0 

func NewCmcConfig(configs ...ConnectionOption[CmcConfig]) (CmcConfig, error)

NewCmcConfig creates a new CMC config based on default and specified values

type CoapApi added in v0.5.0 

type CoapApi struct{}

type ConnectionOption added in v0.4.0 

type ConnectionOption[T any] func(*T)

func WithApiSerializer added in v0.8.0 

func WithApiSerializer(apiSerializer ar.Serializer) ConnectionOption[CmcConfig]

WithApiSerializer specifies the serializer for internal requests

func WithAttest added in v0.6.0 

func WithAttest(attest AttestSelect) ConnectionOption[CmcConfig]

WithAttest specifies whether to perform mutual, dialer only, or listener only attestation

func WithCmc added in v0.6.0 

func WithCmc(cmc *cmc.Cmc) ConnectionOption[CmcConfig]

WithCmc takes a CMC object. This is only required for the Lib API, where the CMC is integrated directly into binary (instead of using the cmcd)

func WithCmcAddr added in v0.5.0 

func WithCmcAddr(address string) ConnectionOption[CmcConfig]

WithCmcAddress sets the address with which to contact the CMC. If not specified, default is "localhost"

func WithCmcApi added in v0.5.0 

func WithCmcApi(api CmcApiSelect) ConnectionOption[CmcConfig]

WithCmcApi specifies the API to be used to connect to the cmcd If not specified, default is grpc

func WithCmcCa added in v0.4.0 

func WithCmcCa(pem []byte) ConnectionOption[CmcConfig]

WithCmcCa specifies the CA the attestation report should be verified against in PEM format

func WithCmcPolicies added in v0.4.0 

func WithCmcPolicies(policies []byte) ConnectionOption[CmcConfig]

WithCmcPolicies specifies optional custom policies the attestation report should be verified against

func WithMtls added in v0.6.0 

func WithMtls(mtls bool) ConnectionOption[CmcConfig]

WithMtls specifies whether to perform mutual TLS with mutual attestation or server-side authentication and attestation only

func WithResultCb added in v0.6.0 

func WithResultCb(cb func(result *ar.VerificationResult)) ConnectionOption[CmcConfig]

WithResultCb is a callback for further processing of attestation results

type Endpoint added in v0.8.0 

type Endpoint uint32

type GrpcApi added in v0.5.0 

type GrpcApi struct{}

type LibApi added in v0.6.0 

type LibApi struct{}

type Listener 

type Listener struct {
	net.Listener // embedded interface
	CmcConfig    // embedded struct
	*tls.Config  // embedded struct
}

Struct to implement Listener interface * holds net.Listener and adds additional functionality to it

func (Listener) Accept 

func (ln Listener) Accept() (net.Conn, error)

Implementation of Accept() in net.Listener iface Calls Accept of the net.Listnener and additionally performs remote attestation after connection establishment before returning the connection

func (Listener) Addr 

func (ln Listener) Addr() net.Addr

Implementation of Addr in net.Listener iface Only calls original Addr(), since no new functionality required

func (Listener) Close 

func (ln Listener) Close() error

Implementation of Close in net.Listener iface Only calls original Close(), since no new functionality required

type PrivateKey 

type PrivateKey struct {
	CmcConfig // embedded struct
	// contains filtered or unexported fields
}

PrivateKey Wrapper Implementing crypto.Signer interface Used to contact cmcd for signing operations

func (PrivateKey) Public 

func (priv PrivateKey) Public() crypto.PublicKey

func (PrivateKey) Sign 

func (priv PrivateKey) Sign(random io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Implementation of Sign() in crypto.Signer iface Contacts cmcd for sign operation and returns received signature

type SocketApi added in v0.6.0 

type SocketApi struct{}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.