manifest

package

v0.8.1 Latest Latest Go to latest Published: Jul 17, 2024 License: AGPL-3.0 Imports: 17 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/edgelesssys/contrast

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func DecryptSeedShare(key *rsa.PrivateKey, seedShare *userapi.SeedShare) ([]byte, error)
func EncryptSeedShares(seed []byte, ownerPubKeys []HexString) ([]*userapi.SeedShare, error)
func ExtractWorkloadOwnerPublicKey(keyData []byte) ([]byte, error)
func NewSeedShareOwnerPrivateKey() ([]byte, error)
func NewWorkloadOwnerKey() ([]byte, error)
func ParseSeedShareOwnerKey(pubKeyHex HexString) (*rsa.PublicKey, error)
func ParseSeedshareOwnerPrivateKey(keyData []byte) (*rsa.PrivateKey, error)
func ParseWorkloadOwnerPrivateKey(keyBytes []byte) (*ecdsa.PrivateKey, error)
type HexString
- func ExtractSeedshareOwnerPublicKey(keyData []byte) (HexString, error)
- func HashWorkloadOwnerKey(pubKey *ecdsa.PublicKey) HexString
- func MarshalSeedShareOwnerKey(pubKey *rsa.PublicKey) HexString
- func NewHexString(b []byte) HexString
- func (h HexString) Bytes() ([]byte, error)
- func (h HexString) String() string
type HexStrings
- func (l *HexStrings) ByteSlices() ([][]byte, error)
type Manifest
- func Default() Manifest
- func DefaultAKS() Manifest
- func (m *Manifest) SNPValidateOpts() (*validate.Options, error)
- func (m *Manifest) Validate() error
type Policy
- func NewPolicyFromAnnotation(annotation []byte) (Policy, error)
- func (p Policy) Bytes() []byte
- func (p Policy) Hash() HexString
type ReferenceValues
- func (r ReferenceValues) Validate() error
type SNPReferenceValues
type SNPTCB
type SVN
- func (s SVN) MarshalJSON() ([]byte, error)
- func (s *SVN) UInt8() uint8
- func (s *SVN) UnmarshalJSON(data []byte) error

Constants ¶

This section is empty.

Variables ¶

View Source

var TrustedMeasurement = "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"

TrustedMeasurement contains the expected launch digest and is injected at build time.

Functions ¶

func DecryptSeedShare ¶ added in v0.8.0

func DecryptSeedShare(key *rsa.PrivateKey, seedShare *userapi.SeedShare) ([]byte, error)

DecryptSeedShare tries to decrypt a SeedShare with the given owner key.

func EncryptSeedShares ¶ added in v0.8.0

func EncryptSeedShares(seed []byte, ownerPubKeys []HexString) ([]*userapi.SeedShare, error)

EncryptSeedShares encrypts a seed for owners identified by their public keys and returns a SeedShare slice suitable for userapi.SetManifestResponse.

func ExtractWorkloadOwnerPublicKey ¶ added in v0.8.0

func ExtractWorkloadOwnerPublicKey(keyData []byte) ([]byte, error)

ExtractWorkloadOwnerPublicKey extracts the public key for a workload owner and returns it as serialized DER.

This function supports PEM-encoded public and private keys.

func NewSeedShareOwnerPrivateKey ¶ added in v0.8.0

func NewSeedShareOwnerPrivateKey() ([]byte, error)

NewSeedShareOwnerPrivateKey creates and PEM-encodes a new seed share private key.

func NewWorkloadOwnerKey ¶ added in v0.8.0

func NewWorkloadOwnerKey() ([]byte, error)

NewWorkloadOwnerKey creates and marshals a private key.

func ParseSeedShareOwnerKey ¶ added in v0.8.0

func ParseSeedShareOwnerKey(pubKeyHex HexString) (*rsa.PublicKey, error)

ParseSeedShareOwnerKey reads a public key embedded in a userapi.SetManifestRequest.

func ParseSeedshareOwnerPrivateKey ¶ added in v0.8.0

func ParseSeedshareOwnerPrivateKey(keyData []byte) (*rsa.PrivateKey, error)

ParseSeedshareOwnerPrivateKey decodes a PEM-encoded seed share private key.

func ParseWorkloadOwnerPrivateKey ¶ added in v0.8.0

func ParseWorkloadOwnerPrivateKey(keyBytes []byte) (*ecdsa.PrivateKey, error)

ParseWorkloadOwnerPrivateKey parses a PEM-encoded private key.

Types ¶

type HexString ¶

type HexString string

HexString is a hex encoded string.

func ExtractSeedshareOwnerPublicKey ¶ added in v0.8.0

func ExtractSeedshareOwnerPublicKey(keyData []byte) (HexString, error)

ExtractSeedshareOwnerPublicKey extracts the public key for a seedshare owner and returns it as serialized DER.

This function supports PEM-encoded public and private keys.

func HashWorkloadOwnerKey ¶ added in v0.8.0

func HashWorkloadOwnerKey(pubKey *ecdsa.PublicKey) HexString

HashWorkloadOwnerKey converts a public key into the format for Manifest.WorkloadOwnerKeyDigests.

func MarshalSeedShareOwnerKey ¶ added in v0.8.0

func MarshalSeedShareOwnerKey(pubKey *rsa.PublicKey) HexString

MarshalSeedShareOwnerKey converts a public key into the format for userapi.SetManifestRequest.

func NewHexString ¶

func NewHexString(b []byte) HexString

NewHexString creates a new HexString from a byte slice.

func (HexString) Bytes ¶

func (h HexString) Bytes() ([]byte, error)

Bytes returns the byte slice representation of the HexString.

func (HexString) String ¶

func (h HexString) String() string

String returns the string representation of the HexString.

type HexStrings ¶

type HexStrings []HexString

HexStrings is a slice of HexString.

func (*HexStrings) ByteSlices ¶

func (l *HexStrings) ByteSlices() ([][]byte, error)

ByteSlices returns the byte slice representation of the HexStrings.

type Manifest ¶

type Manifest struct {
	// policyHash/HOSTDATA -> commonName
	Policies                map[HexString][]string
	ReferenceValues         ReferenceValues
	WorkloadOwnerKeyDigests []HexString
	SeedshareOwnerPubKeys   []HexString
}

Manifest is the Coordinator manifest and contains the reference values of the deployment.

func Default ¶

func Default() Manifest

Default returns a default manifest.

func DefaultAKS ¶ added in v0.8.0

func DefaultAKS() Manifest

DefaultAKS returns a default manifest with AKS reference values.

func (*Manifest) SNPValidateOpts ¶ added in v0.8.0

func (m *Manifest) SNPValidateOpts() (*validate.Options, error)

SNPValidateOpts returns validate options populated with the manifest's SNP reference values and trusted measurement.

func (*Manifest) Validate ¶ added in v0.8.0

func (m *Manifest) Validate() error

Validate checks the validity of all fields in the manifest.

type Policy ¶

type Policy []byte

Policy is a CocCo execution policy.

func NewPolicyFromAnnotation ¶

func NewPolicyFromAnnotation(annotation []byte) (Policy, error)

NewPolicyFromAnnotation parses a base64 encoded policy from an annotation.

func (Policy) Bytes ¶

func (p Policy) Bytes() []byte

Bytes returns the policy as byte slice.

func (Policy) Hash ¶

func (p Policy) Hash() HexString

Hash returns the hash of the policy.

type ReferenceValues ¶

type ReferenceValues struct {
	SNP SNPReferenceValues
	// TrustedMeasurement is the hash of the trusted launch digest.
	TrustedMeasurement HexString
}

ReferenceValues contains the workload independent reference values.

func (ReferenceValues) Validate ¶ added in v0.8.0

func (r ReferenceValues) Validate() error

Validate checks the validity of all fields in the reference values.

type SNPReferenceValues ¶

type SNPReferenceValues struct {
	MinimumTCB SNPTCB
}

SNPReferenceValues contains reference values for the SNP report.

type SNPTCB ¶

type SNPTCB struct {
	BootloaderVersion *SVN
	TEEVersion        *SVN
	SNPVersion        *SVN
	MicrocodeVersion  *SVN
}

SNPTCB represents a set of SNP TCB values.

type SVN ¶

type SVN uint8

SVN is a SNP secure version number.

func (SVN) MarshalJSON ¶

func (s SVN) MarshalJSON() ([]byte, error)

MarshalJSON marshals the SVN to JSON.

func (*SVN) UInt8 ¶

func (s *SVN) UInt8() uint8

UInt8 returns the uint8 value of the SVN.

func (*SVN) UnmarshalJSON ¶

func (s *SVN) UnmarshalJSON(data []byte) error

UnmarshalJSON unmarshals the SVN from a JSON.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL