Documentation
¶
Overview ¶
Package core provides the core functionality for the Coordinator object including state transition, APIs for marbles and clients, handling of manifests and the sealing functionalities.
Index ¶
- Constants
- type AESGCMSealer
- type ClientCore
- type Core
- func (c *Core) Activate(ctx context.Context, req *rpc.ActivationReq) (*rpc.ActivationResp, error)
- func (c *Core) GetCertQuote(ctx context.Context) (string, []byte, error)
- func (c *Core) GetManifestSignature(ctx context.Context) []byte
- func (c *Core) GetStatus(ctx context.Context) (status string, err error)
- func (c *Core) GetTLSCertificate() (*tls.Certificate, error)
- func (c *Core) GetTLSConfig() (*tls.Config, error)
- func (c *Core) SetManifest(ctx context.Context, rawManifest []byte) ([]byte, error)
- type Manifest
- type Marble
- type MockSealer
- type Sealer
Constants ¶
const CoordinatorName string = "Marblerun Coordinator"
CoordinatorName is the name of the Coordinator. It is used as CN of the root certificate.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AESGCMSealer ¶
type AESGCMSealer struct {
// contains filtered or unexported fields
}
AESGCMSealer implements the Sealer interface using AES-GCM for confidentiallity and authentication
func NewAESGCMSealer ¶
func NewAESGCMSealer(sealDir string, sealKey []byte) *AESGCMSealer
NewAESGCMSealer creates and initializes a new AESGCMSealer object
func (*AESGCMSealer) Seal ¶
func (s *AESGCMSealer) Seal(data []byte) ([]byte, error)
Seal encrypts and stores information to the fs
func (*AESGCMSealer) Unseal ¶
func (s *AESGCMSealer) Unseal() ([]byte, error)
Unseal reads and decrypts stored information from the fs
type ClientCore ¶
type ClientCore interface {
SetManifest(ctx context.Context, rawManifest []byte) (recoveryDataBytes []byte, err error)
GetCertQuote(ctx context.Context) (cert string, certQuote []byte, err error)
GetManifestSignature(ctx context.Context) (manifestSignature []byte)
GetStatus(ctx context.Context) (status string, err error)
}
ClientCore provides the core functionality for the client. It can be used by e.g. a http server
type Core ¶
type Core struct {
// contains filtered or unexported fields
}
Core implements the core logic of the Coordinator
func NewCore ¶
func NewCore(dnsNames []string, qv quote.Validator, qi quote.Issuer, sealer Sealer, zapLogger *zap.Logger) (*Core, error)
NewCore creates and initializes a new Core object
func NewCoreWithMocks ¶
func NewCoreWithMocks() *Core
NewCoreWithMocks creates a new core object with quote and seal mocks for testing.
func (*Core) Activate ¶
func (c *Core) Activate(ctx context.Context, req *rpc.ActivationReq) (*rpc.ActivationResp, error)
Activate implements the MarbleAPI function to authenticate a marble (implements the MarbleServer interface)
Verifies the marble's integritiy and subsequently provides the marble with a certificate for authentication and application-specific parameters as defined in the Coordinator's manifest.
req needs to contain a MarbleType present in the Coordinator's manifest and a CSR with the Subject and DNSNames set with desired values.
Returns a signed certificate-key-pair and the application's parameters if the authentication was successful. Returns an error if the authenitcation failed.
func (*Core) GetCertQuote ¶
GetCertQuote gets the Coordinators certificate and corresponding quote (containing the cert)
Returns the a remote attestation quote of its own certificate alongside this certificate that allows to verify the Coordinator's integrity and authentication for use of the ClientAPI.
func (*Core) GetManifestSignature ¶
GetManifestSignature returns the hash of the manifest
Returns a SHA256 hash of the active manifest.
func (*Core) GetStatus ¶
GetStatus is not implemented. It will return status information about the state of the mesh in the future.
func (*Core) GetTLSCertificate ¶
func (c *Core) GetTLSCertificate() (*tls.Certificate, error)
GetTLSCertificate creates a TLS certificate for the Coordinators self-signed x509 certificate
func (*Core) GetTLSConfig ¶
GetTLSConfig gets the core's TLS configuration
type Manifest ¶
type Manifest struct {
// Packages contains the allowed enclaves and their properties.
Packages map[string]quote.PackageProperties
// Infrastructures contains the allowed infrastructure providers and their properties.
Infrastructures map[string]quote.InfrastructureProperties
// Marbles contains the allowed services with their corresponding enclave and configuration parameters.
Marbles map[string]Marble
// Clients contains TLS certificates for authenticating clients that use the ClientAPI.
Clients map[string][]byte
// Recovery holds a RSA public key to encrypt the state encryption key, which gets returned over the Client API when setting a manifest.
RecoveryKey string
}
Manifest defines the rules of a mesh.
type Marble ¶
type Marble struct {
// Package references one of the allowed enclaves in the manifest.
Package string
// MaxActivations allows to limit the number of marbles of a kind.
MaxActivations uint
// Parameters contains lists for files, environment variables and commandline arguments that should be passed to the application.
// Placeholder variables are supported for specific assets of the marble's activation process.
Parameters *rpc.Parameters
}
Marble describes a service in the mesh that should be handled and verified by the Coordinator
type MockSealer ¶
type MockSealer struct {
// contains filtered or unexported fields
}
MockSealer is a mockup sealer
func (*MockSealer) Seal ¶
func (s *MockSealer) Seal(data []byte) ([]byte, error)
Seal implements the Sealer interface
func (*MockSealer) Unseal ¶
func (s *MockSealer) Unseal() ([]byte, error)
Unseal implements the Sealer interface
Source Files