attestation

package

v1.6.1 Latest Latest Go to latest Published: Dec 14, 2024 License: MPL-2.0 Imports: 3 Imported by: 18

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/edgelesssys/ego

Links

Open Source Insights

Documentation ¶

Overview ¶

Package attestation provides attestation data structures.

Index ¶

Variables
type Report
- func VerifyAzureAttestationToken(token string, providerURL string) (Report, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrEmptyReport is returned by VerifyRemoteReport if reportBytes is empty.
	ErrEmptyReport = errors.New("empty report")

	// ErrTCBLevelInvalid is returned if VerifyRemoteReport succeeded, but the TCB is not considered up-to-date. Check the report's TCBStatus.
	ErrTCBLevelInvalid = errors.New("OE_TCB_LEVEL_INVALID")
)

Functions ¶

This section is empty.

Types ¶

type Report ¶

type Report struct {
	Data             []byte           // The report data that has been included in the report.
	SecurityVersion  uint             // Security version of the enclave. For SGX enclaves, this is the ISVSVN value.
	Debug            bool             // If true, the report is for a debug enclave.
	UniqueID         []byte           // The unique ID for the enclave. For SGX enclaves, this is the MRENCLAVE value.
	SignerID         []byte           // The signer ID for the enclave. For SGX enclaves, this is the MRSIGNER value.
	ProductID        []byte           // The Product ID for the enclave. For SGX enclaves, this is the ISVPRODID value.
	TCBStatus        tcbstatus.Status // The status of the enclave's TCB level.
	TCBAdvisories    []string         // IDs of Intel security advisories that provide insight into the reasons when the TCB status is not UpToDate.
	TCBAdvisoriesErr error            // Error that occurred while getting the advisory array (if any).
}

Report is a parsed enclave report.

func VerifyAzureAttestationToken ¶ added in v0.2.2

func VerifyAzureAttestationToken(token string, providerURL string) (Report, error)

VerifyAzureAttestationToken takes a Microsoft Azure Attestation token in JSON Web Token compact serialization format and verifies the token's public claims and signature. The attestation provider's keys are loaded from providerURL over TLS. The validation is based on the trust in this TLS channel. Note that the token's issuer (iss) has to be equal to the providerURL, and providerURL must use the HTTPS scheme.

The caller must verify the returned report's content.

This function relies on the root CA certificates of the host to verify the TLS connection. Thus, it is currently usable by non-enclaved clients only. A future version of EGo will allow to add root certificates to an enclave.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
tcbstatus

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL