manifest

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 7, 2024 License: AGPL-3.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var EmbeddedReferenceValuesJSON []byte

EmbeddedReferenceValuesJSON contains the embedded reference values in JSON format.

Functions

func DecryptSeedShare added in v0.8.0 

func DecryptSeedShare(key *rsa.PrivateKey, seedShare *userapi.SeedShare) ([]byte, error)

DecryptSeedShare tries to decrypt a SeedShare with the given owner key.

func EncryptSeedShares added in v0.8.0 

func EncryptSeedShares(seed []byte, ownerPubKeys []HexString) ([]*userapi.SeedShare, error)

EncryptSeedShares encrypts a seed for owners identified by their public keys and returns a SeedShare slice suitable for userapi.SetManifestResponse.

func ExtractWorkloadOwnerPublicKey added in v0.8.0 

func ExtractWorkloadOwnerPublicKey(keyData []byte) ([]byte, error)

ExtractWorkloadOwnerPublicKey extracts the public key for a workload owner and returns it as serialized DER.

This function supports PEM-encoded public and private keys.

func NewSeedShareOwnerPrivateKey added in v0.8.0 

func NewSeedShareOwnerPrivateKey() ([]byte, error)

NewSeedShareOwnerPrivateKey creates and PEM-encodes a new seed share private key.

func NewWorkloadOwnerKey added in v0.8.0 

func NewWorkloadOwnerKey() ([]byte, error)

NewWorkloadOwnerKey creates and marshals a private key.

func ParseSeedShareOwnerKey added in v0.8.0 

func ParseSeedShareOwnerKey(pubKeyHex HexString) (*rsa.PublicKey, error)

ParseSeedShareOwnerKey reads a public key embedded in a userapi.SetManifestRequest.

func ParseSeedshareOwnerPrivateKey added in v0.8.0 

func ParseSeedshareOwnerPrivateKey(keyData []byte) (*rsa.PrivateKey, error)

ParseSeedshareOwnerPrivateKey decodes a PEM-encoded seed share private key.

func ParseWorkloadOwnerPrivateKey added in v0.8.0 

func ParseWorkloadOwnerPrivateKey(keyBytes []byte) (*ecdsa.PrivateKey, error)

ParseWorkloadOwnerPrivateKey parses a PEM-encoded private key.

func RuntimeHandler added in v0.9.0 

func RuntimeHandler(platform platforms.Platform) (string, error)

RuntimeHandler returns the name of the runtime handler for the given platform.

Types

type AKSReferenceValues added in v0.9.0 

type AKSReferenceValues struct {
	SNP                SNPReferenceValues
	TrustedMeasurement HexString
}

AKSReferenceValues contains reference values for AKS.

func (AKSReferenceValues) Validate added in v0.9.0 

func (r AKSReferenceValues) Validate() error

Validate checks the validity of all fields in the AKS reference values.

type BareMetalTDXReferenceValues added in v0.9.0 

type BareMetalTDXReferenceValues struct {
	TrustedMeasurement HexString
}

BareMetalTDXReferenceValues contains reference values for BareMetalTDX.

func (BareMetalTDXReferenceValues) Validate added in v0.9.0 

func (r BareMetalTDXReferenceValues) Validate() error

Validate checks the validity of all fields in the bare metal TDX reference values.

type EmbeddedReferenceValues added in v0.9.0 

type EmbeddedReferenceValues map[string]ReferenceValues

EmbeddedReferenceValues is a map of runtime handler names to reference values, as embedded in the binary.

func GetEmbeddedReferenceValues added in v0.9.0 

func GetEmbeddedReferenceValues() EmbeddedReferenceValues

GetEmbeddedReferenceValues returns the reference values embedded in the binary.

func (*EmbeddedReferenceValues) ForPlatform added in v0.9.0 

func (e *EmbeddedReferenceValues) ForPlatform(platform platforms.Platform) (*ReferenceValues, error)

ForPlatform returns the reference values for the given platform.

type HexString 

type HexString string

HexString is a hex encoded string.

func ExtractSeedshareOwnerPublicKey added in v0.8.0 

func ExtractSeedshareOwnerPublicKey(keyData []byte) (HexString, error)

ExtractSeedshareOwnerPublicKey extracts the public key for a seedshare owner and returns it as serialized DER.

This function supports PEM-encoded public and private keys.

func HashWorkloadOwnerKey added in v0.8.0 

func HashWorkloadOwnerKey(pubKey *ecdsa.PublicKey) HexString

HashWorkloadOwnerKey converts a public key into the format for Manifest.WorkloadOwnerKeyDigests.

func MarshalSeedShareOwnerKey added in v0.8.0 

func MarshalSeedShareOwnerKey(pubKey *rsa.PublicKey) HexString

MarshalSeedShareOwnerKey converts a public key into the format for userapi.SetManifestRequest.

func NewHexString 

func NewHexString(b []byte) HexString

NewHexString creates a new HexString from a byte slice.

func (HexString) Bytes 

func (h HexString) Bytes() ([]byte, error)

Bytes returns the byte slice representation of the HexString.

func (HexString) String 

func (h HexString) String() string

String returns the string representation of the HexString.

type HexStrings 

type HexStrings []HexString

HexStrings is a slice of HexString.

func (*HexStrings) ByteSlices 

func (l *HexStrings) ByteSlices() ([][]byte, error)

ByteSlices returns the byte slice representation of the HexStrings.

type Manifest 

type Manifest struct {
	// policyHash/HOSTDATA -> commonName
	Policies                map[HexString]PolicyEntry
	ReferenceValues         ReferenceValues
	WorkloadOwnerKeyDigests []HexString
	SeedshareOwnerPubKeys   []HexString
}

Manifest is the Coordinator manifest and contains the reference values of the deployment.

func Default 

func Default(platform platforms.Platform) (*Manifest, error)

Default returns a default manifest with reference values for the given platform.

func (*Manifest) AKSValidateOpts added in v0.9.0 

func (m *Manifest) AKSValidateOpts() (*validate.Options, error)

AKSValidateOpts returns validate options populated with the manifest's AKS reference values and trusted measurement.

func (*Manifest) Validate added in v0.8.0 

func (m *Manifest) Validate() error

Validate checks the validity of all fields in the manifest.

type Policy 

type Policy []byte

Policy is a CocCo execution policy.

func NewPolicyFromAnnotation 

func NewPolicyFromAnnotation(annotation []byte) (Policy, error)

NewPolicyFromAnnotation parses a base64 encoded policy from an annotation.

func (Policy) Bytes 

func (p Policy) Bytes() []byte

Bytes returns the policy as byte slice.

func (Policy) Hash 

func (p Policy) Hash() HexString

Hash returns the hash of the policy.

type PolicyEntry added in v0.9.0 

type PolicyEntry struct {
	SANs             []string
	WorkloadSecretID string `json:",omitempty"`
}

PolicyEntry is a policy entry in the manifest. It contains further information the user wants to associate with the policy.

type ReferenceValues 

type ReferenceValues struct {
	// AKS holds the reference values for AKS.
	AKS *AKSReferenceValues `json:"aks,omitempty"`
	// BareMetalTDX holds the reference values for TDX on bare metal.
	BareMetalTDX *BareMetalTDXReferenceValues `json:"bareMetalTDX,omitempty"`
}

ReferenceValues contains the workload-independent reference values for each platform.

func (ReferenceValues) Validate added in v0.8.0 

func (r ReferenceValues) Validate() error

Validate checks the validity of all fields in the reference values.

type SNPReferenceValues 

type SNPReferenceValues struct {
	MinimumTCB SNPTCB
}

SNPReferenceValues contains reference values for the SNP report.

type SNPTCB 

type SNPTCB struct {
	BootloaderVersion *SVN
	TEEVersion        *SVN
	SNPVersion        *SVN
	MicrocodeVersion  *SVN
}

SNPTCB represents a set of SNP TCB values.

type SVN 

type SVN uint8

SVN is a SNP secure version number.

func (SVN) MarshalJSON 

func (s SVN) MarshalJSON() ([]byte, error)

MarshalJSON marshals the SVN to JSON.

func (*SVN) UInt8 

func (s *SVN) UInt8() uint8

UInt8 returns the uint8 value of the SVN.

func (*SVN) UnmarshalJSON 

func (s *SVN) UnmarshalJSON(data []byte) error

UnmarshalJSON unmarshals the SVN from a JSON.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.