attestation

package
v2.16.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 11, 2024 License: AGPL-3.0 Imports: 3 Imported by: 0

Documentation

Overview

This package deals with the low level attestation and verification logic of Constellation nodes.

General tpm attestation code that is not subjective to a single platform should go into the vtpm package. Since attestation capabilities can differ between platforms, the attestation code should go into a subpackage for that respective platform.

We commonly implement the following two interfaces for a platform:

// Issuer issues an attestation document.
type Issuer interface {
    oid.Getter
    Issue(userData []byte, nonce []byte) (quote []byte, err error)
}

// Validator is able to validate an attestation document.
type Validator interface {
    oid.Getter
    Validate(attDoc []byte, nonce []byte) ([]byte, error)
}

Attestation code for new platforms needs to implement these two interfaces.

Index

Constants

View Source
const (

	// MeasurementSecretContext is the value to use for info
	// when deriving the measurement secret from the master secret.
	MeasurementSecretContext = "measurementSecret"
)

Variables

This section is empty.

Functions

func CompareExtraData added in v2.8.0

func CompareExtraData(quoteData, expectedData []byte) bool

CompareExtraData compares the extra data of a quote with the expected extra data. Returns true if the data from the quote matches the expected data. If the slices are not of equal length, the shorter slice is padded with zeros.

func DeriveClusterID

func DeriveClusterID(secret, salt []byte) ([]byte, error)

DeriveClusterID derives the cluster ID from a salt and secret value.

func MakeExtraData added in v2.8.0

func MakeExtraData(userData []byte, nonce []byte) []byte

MakeExtraData binds userData to a random nonce used in attestation.

Types

type Logger added in v2.8.0

type Logger interface {
	Info(msg string, args ...any)
	Warn(msg string, args ...any)
}

Logger is a logger used to print warnings and infos during attestation validation.

type NOPLogger added in v2.8.0

type NOPLogger struct{}

NOPLogger is a no-op implementation of Logger.

func (NOPLogger) Info added in v2.16.0

func (NOPLogger) Info(string, ...interface{})

Info is a no-op.

func (NOPLogger) Warn added in v2.16.0

func (NOPLogger) Warn(string, ...interface{})

Warn is a no-op.

Directories

Path Synopsis
aws
snp
--------- WARNING! ---------
--------- WARNING! ---------
snp
tdx
package tdx implements attestation for TDX on Azure.
package tdx implements attestation for TDX on Azure.
Package idkeydigest provides type definitions for the `idkeydigest` value of SEV-SNP attestation.
Package idkeydigest provides type definitions for the `idkeydigest` value of SEV-SNP attestation.
Package initialize implements functions to mark a node as initialized in the context of cluster attestation.
Package initialize implements functions to mark a node as initialized in the context of cluster attestation.
TPM2 simulator used for unit tests.
TPM2 simulator used for unit tests.
Package SNP provides types shared by SNP-based attestation implementations.
Package SNP provides types shared by SNP-based attestation implementations.
Package TDX implements attestation for Intel TDX.
Package TDX implements attestation for Intel TDX.
Package variant defines Attestation variants for different CSPs.
Package variant defines Attestation variants for different CSPs.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL