attestation

package
v1.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 14, 2023 License: MPL-2.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CreateAttestationCertificate 

func CreateAttestationCertificate(getRemoteReport func([]byte) ([]byte, error), template, parent *x509.Certificate, pub, priv interface{}) ([]byte, error)

CreateAttestationCertificate creates an X.509 certificate with an embedded report from getRemoteReport.

func CreateAttestationClientTLSConfig 

func CreateAttestationClientTLSConfig(verifyRemoteReport func([]byte) (Report, error), opts Options, verifyReport func(Report) error) *tls.Config

CreateAttestationClientTLSConfig creates a tls.Config object that verifies a certificate with embedded report.

func CreateAttestationServerTLSConfig 

func CreateAttestationServerTLSConfig(getRemoteReport func([]byte) ([]byte, error)) (*tls.Config, error)

CreateAttestationServerTLSConfig creates a tls.Config object with a self-signed certificate and an embedded report.

func CreateAzureAttestationToken added in v0.2.2 

func CreateAzureAttestationToken(report, data []byte, baseurl string) (string, error)

CreateAzureAttestationToken creates a Microsoft Azure Attestation Token by sending a report to an Attestation Provider, who is reachable under baseurl. A JSON Web Token in compact serialization is returned.

func ParseHTTPS added in v0.2.2 

func ParseHTTPS(URL string) (*url.URL, error)

ParseHTTPS parses an URL and ensures its scheme is HTTPS.

Types

type Options added in v1.4.0 

type Options struct {
	IgnoreErr error
}

Options are attestation options.

type Report added in v0.2.2 

type Report struct {
	Data            []byte           // The report data that has been included in the report.
	SecurityVersion uint             // Security version of the enclave. For SGX enclaves, this is the ISVSVN value.
	Debug           bool             // If true, the report is for a debug enclave.
	UniqueID        []byte           // The unique ID for the enclave. For SGX enclaves, this is the MRENCLAVE value.
	SignerID        []byte           // The signer ID for the enclave. For SGX enclaves, this is the MRSIGNER value.
	ProductID       []byte           // The Product ID for the enclave. For SGX enclaves, this is the ISVPRODID value.
	TCBStatus       tcbstatus.Status // The status of the enclave's TCB level.
}

Report is a parsed enclave report.

func ParseClaims added in v0.4.0 

func ParseClaims(claims uintptr, claimsLength uintptr) (Report, error)

func VerifyAzureAttestationToken added in v0.2.2 

func VerifyAzureAttestationToken(rawToken string, baseURL *url.URL) (Report, error)

VerifyAzureAttestationToken takes a Microsoft Azure Attestation Token in JSON Web Token compact serialization format and verifies the tokens public claims and signature. The Attestation providers keys are loaded from baseURL over an TLS connection. The validation is based on the trust in this TLS channel. Note, that the token's issuer (iss) has to equal the baseURL's string representation.

Attention: the calling function needs to ensure the scheme of baseURL is HTTPS, e.g. by calling the ParseHTTPS function of this package.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.