snp

package

v1.0.0 Latest Latest Go to latest Published: Sep 4, 2024 License: AGPL-3.0 Imports: 31 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/edgelesssys/contrast

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func ClaimsToCertExtension(report *sevsnp.Report) ([]pkix.Extension, error)
type CachedHTTPSGetter
- func NewCachedHTTPSGetter(s store, ticker clock.Ticker, log *slog.Logger) *CachedHTTPSGetter
- func (c *CachedHTTPSGetter) Get(url string) ([]byte, error)
type Issuer
- func NewIssuer(log *slog.Logger) *Issuer
- func (i *Issuer) Issue(_ context.Context, ownPublicKey []byte, nonce []byte) (res []byte, err error)
- func (i *Issuer) OID() asn1.ObjectIdentifier
type StaticValidateOptsGenerator
- func (v *StaticValidateOptsGenerator) SNPValidateOpts(_ *sevsnp.Report) (*validate.Options, error)
type THIMGetter
- func NewTHIMGetter(httpClient httpClient) *THIMGetter
- func (t *THIMGetter) GetCertification() (THIMSNPCertification, error)
type THIMSNPCertification
- func (c THIMSNPCertification) Proto() (*sevsnp.CertificateChain, error)
type Validator
- func NewValidator(optsGen validateOptsGenerator, kdsGetter trust.HTTPSGetter, log *slog.Logger) *Validator
- func NewValidatorWithCallbacks(optsGen validateOptsGenerator, kdsGetter trust.HTTPSGetter, log *slog.Logger, ...) *Validator
- func (v *Validator) OID() asn1.ObjectIdentifier
- func (v *Validator) Validate(ctx context.Context, attDocRaw []byte, nonce []byte, peerPublicKey []byte) (err error)

Constants ¶

This section is empty.

Variables ¶

View Source

var NeverGCTicker = testingclock.NewFakeClock(time.Now()).NewTicker(0)

NeverGCTicker is a ticker that never ticks.

Functions ¶

func ClaimsToCertExtension ¶

func ClaimsToCertExtension(report *sevsnp.Report) ([]pkix.Extension, error)

ClaimsToCertExtension constructs certificate extensions from a SNP report.

Types ¶

type CachedHTTPSGetter ¶

type CachedHTTPSGetter struct {
	trust.HTTPSGetter
	// contains filtered or unexported fields
}

CachedHTTPSGetter is a HTTPS client that caches responses in memory.

func NewCachedHTTPSGetter ¶

func NewCachedHTTPSGetter(s store, ticker clock.Ticker, log *slog.Logger) *CachedHTTPSGetter

NewCachedHTTPSGetter returns a new CachedHTTPSGetter.

func (*CachedHTTPSGetter) Get ¶

func (c *CachedHTTPSGetter) Get(url string) ([]byte, error)

Get makes a GET request to the given URL.

type Issuer ¶

type Issuer struct {
	// contains filtered or unexported fields
}

Issuer issues attestation statements.

func NewIssuer ¶

func NewIssuer(log *slog.Logger) *Issuer

NewIssuer returns a new Issuer.

func (*Issuer) Issue ¶

func (i *Issuer) Issue(_ context.Context, ownPublicKey []byte, nonce []byte) (res []byte, err error)

Issue the attestation document.

func (*Issuer) OID ¶

func (i *Issuer) OID() asn1.ObjectIdentifier

OID returns the OID of the issuer.

type StaticValidateOptsGenerator ¶

type StaticValidateOptsGenerator struct {
	Opts *validate.Options
}

StaticValidateOptsGenerator returns validate.Options generator that returns static validation options.

func (*StaticValidateOptsGenerator) SNPValidateOpts ¶

func (v *StaticValidateOptsGenerator) SNPValidateOpts(_ *sevsnp.Report) (*validate.Options, error)

SNPValidateOpts return the SNP validation options.

type THIMGetter ¶

type THIMGetter struct {
	// contains filtered or unexported fields
}

THIMGetter is a getter for the THIM certification.

func NewTHIMGetter ¶

func NewTHIMGetter(httpClient httpClient) *THIMGetter

NewTHIMGetter returns a new THIMGetter.

func (*THIMGetter) GetCertification ¶

func (t *THIMGetter) GetCertification() (THIMSNPCertification, error)

GetCertification returns the THIM certification.

type THIMSNPCertification ¶

type THIMSNPCertification struct {
	VCEKCert         string `json:"vcekCert"`
	TCBM             string `json:"tcbm"`
	CertificateChain string `json:"certificateChain"`
	CacheControl     string `json:"cacheControl,omitempty"`
}

THIMSNPCertification represents a cert chain for SNP. The chain contains: - VCEK certificate - ASK certificate - ARK (root) certificate

Source: https://learn.microsoft.com/en-us/azure/security/fundamentals/trusted-hardware-identity-management#definitions .

func (THIMSNPCertification) Proto ¶

func (c THIMSNPCertification) Proto() (*sevsnp.CertificateChain, error)

Proto returns the certificate chain as a go-sev-guest proto.

type Validator ¶

type Validator struct {
	// contains filtered or unexported fields
}

Validator validates attestation statements.

func NewValidator ¶

func NewValidator(optsGen validateOptsGenerator, kdsGetter trust.HTTPSGetter, log *slog.Logger) *Validator

NewValidator returns a new Validator.

func NewValidatorWithCallbacks ¶

func NewValidatorWithCallbacks(optsGen validateOptsGenerator, kdsGetter trust.HTTPSGetter, log *slog.Logger, attestataionFailures prometheus.Counter, callbacks ...validateCallbacker) *Validator

NewValidatorWithCallbacks returns a new Validator with callbacks.

func (*Validator) OID ¶

func (v *Validator) OID() asn1.ObjectIdentifier

OID returns the OID of the validator.

func (*Validator) Validate ¶

func (v *Validator) Validate(ctx context.Context, attDocRaw []byte, nonce []byte, peerPublicKey []byte) (err error)

Validate a TPM based attestation.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL