attestation

package
v2.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 3, 2023 License: AGPL-3.0 Imports: 1 Imported by: 0

Documentation

Overview

This package deals with the low level attestation and verification logic of Constellation nodes.

General tpm attestation code that is not subjective to a single platform should go into the vtpm package. Since attestation capabilities can differ between platforms, the attestation code should go into a subpackage for that respective platform.

We commonly implement the following two interfaces for a platform:

// Issuer issues an attestation document.
type Issuer interface {
    oid.Getter
    Issue(userData []byte, nonce []byte) (quote []byte, err error)
}

// Validator is able to validate an attestation document.
type Validator interface {
    oid.Getter
    Validate(attDoc []byte, nonce []byte) ([]byte, error)
}

Attestation code for new platforms needs to implement these two interfaces.

Index

Constants

View Source
const (

	// MeasurementSecretContext is the value to use for info
	// when deriving the measurement secret from the master secret.
	MeasurementSecretContext = "measurementSecret"
)

Variables

This section is empty.

Functions

func DeriveClusterID

func DeriveClusterID(secret, salt []byte) ([]byte, error)

DeriveClusterID derives the cluster ID from a salt and secret value.

Types

This section is empty.

Directories

Path Synopsis
snp
Package idkeydigest contains policies and type definitions for checking the ID Key Digest value in SEV-SNP attestation.
Package idkeydigest contains policies and type definitions for checking the ID Key Digest value in SEV-SNP attestation.
TPM2 simulator used for unit tests.
TPM2 simulator used for unit tests.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL