maa

package

v0.0.0-...-05f8770 Latest Latest Go to latest Published: May 13, 2024 License: MIT Imports: 25 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/edgelesssys/go-azguestattestation

Links

Open Source Insights

Documentation ¶

Index ¶

func Attest(ctx context.Context, nonce []byte, maaURL string, httpClient HttpClient) (string, error)
func DecryptToken(token string, tpmHandle io.ReadWriter) (string, error)
func GetEncryptedToken(ctx context.Context, params Parameters, nonce []byte, maaURL string, ...) (string, error)
func GetKeySet(ctx context.Context, maaURL string, httpClient HttpClient) ([]byte, error)
func ValidateToken(token string, keySet []byte) (map[string]interface{}, error)
type Attestation
type HttpClient
type Parameters
- func NewParameters(ctx context.Context, nonce []byte, httpClient HttpClient, ...) (Parameters, error)
type Quote

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Attest ¶

func Attest(ctx context.Context, nonce []byte, maaURL string, httpClient HttpClient) (string, error)

Attest requests a JWT token from MAA for the current machine.

This function combines NewParameters, GetEncryptedToken, and DecryptToken.

func DecryptToken ¶

func DecryptToken(token string, tpmHandle io.ReadWriter) (string, error)

DecryptToken decrypts a token received from MAA.

This function uses the TPM for decryption and thus it must be called on the same machine that created the attestation parameters via NewParameters. The PCR state must still be the same.

Optionally pass an opened TPM. If tpmHandle is nil, the default TPM will be opened.

func GetEncryptedToken ¶

func GetEncryptedToken(ctx context.Context, params Parameters, nonce []byte, maaURL string, httpClient HttpClient) (string, error)

GetEncryptedToken requests a token from MAA, which will be encrypted.

func GetKeySet ¶

func GetKeySet(ctx context.Context, maaURL string, httpClient HttpClient) ([]byte, error)

GetKeySet gets the key set required to validate an MAA token.

func ValidateToken ¶

func ValidateToken(token string, keySet []byte) (map[string]interface{}, error)

ValidateToken validates an MAA token and returns the claims.

Types ¶

type Attestation ¶

type Attestation = attest.Attestation

type HttpClient ¶

type HttpClient interface {
	Do(*http.Request) (*http.Response, error)
}

type Parameters ¶

type Parameters struct {
	SNPReport         []byte
	RuntimeData       []byte
	VcekCert          []byte
	VcekChain         []byte
	Attestation       *Attestation
	EncKey            []byte
	EncKeyCertInfo    []byte
	EncKeyCertInfoSig []byte
}

func NewParameters ¶

func NewParameters(ctx context.Context, nonce []byte, httpClient HttpClient, tpmHandle io.ReadWriter) (Parameters, error)

NewParameters collects all data that the MAA requires from the issuer's system.

Optionally pass an opened TPM. If tpmHandle is nil, the default TPM will be opened.

type Quote ¶

type Quote = ptpm.Quote

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL