v2

package
v1.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 10, 2024 License: MPL-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CertQuoteResponse 

type CertQuoteResponse struct {
	// A PEM-encoded certificate chain containing the Coordinator's Root CA and Intermediate CA,
	// which can be used for trust establishment between a client and the Coordinator.
	Cert string `json:"cert"`
	// Base64-encoded quote which can be used for Remote Attestation.
	Quote []byte `json:"quote"`
}

CertQuoteResponse wraps the certificate chain and quote for the client to use for remote attestation.

type ClientAPIServer 

type ClientAPIServer struct {
	// contains filtered or unexported fields
}

ClientAPIServer serves the Coordinator's v2 REST API.

func NewServer 

func NewServer(api handler.ClientAPI) *ClientAPIServer

NewServer creates a new ClientAPIServer.

func (*ClientAPIServer) ManifestGet 

func (s *ClientAPIServer) ManifestGet(w http.ResponseWriter, r *http.Request)

ManifestGet retrieves the effective manifest of the Coordinator. Along the manifest, this endpoint also returns the manifest fingerprint (the hex encoded SHA-256 hash of the manifest), as well as an ASN.1 encoded ECDSA signature of the manifest signed by the root ECDSA key.

func (*ClientAPIServer) ManifestPost 

func (s *ClientAPIServer) ManifestPost(w http.ResponseWriter, r *http.Request)

ManifestPost sets the manifest of the Coordinator. If the manifest contains recovery data, the Coordinator will return the encrypted secrets to be used for recovery.

func (*ClientAPIServer) QuoteGet 

func (s *ClientAPIServer) QuoteGet(w http.ResponseWriter, r *http.Request)

QuoteGet retrieves a remote attestation quote and certificates. By default, the Coordinator will return a pre-generated quote over the root certificate of the TLS connection. If a nonce is supplied as a query parameter, a new quote will be generated over sha256(root_cert || nonce).

func (*ClientAPIServer) RecoverPost 

func (s *ClientAPIServer) RecoverPost(w http.ResponseWriter, r *http.Request)

RecoverPost performs recovery of the Coordinator enclave when unsealing of the existing state fails. This API endpoint is only available when the coordinator is in recovery mode.

func (*ClientAPIServer) SecretsGet 

func (s *ClientAPIServer) SecretsGet(w http.ResponseWriter, r *http.Request)

SecretsGet retrieves secrets from the Coordinator. The secrets are requested via the query string in the form of ?s=<secretOne>&s=<secretTwo>&s=... and returned as a map of secret names to their respective values. The requesting user must be authorized to access the secrets.

func (*ClientAPIServer) SecretsPost 

func (s *ClientAPIServer) SecretsPost(w http.ResponseWriter, r *http.Request)

SecretsPost sets secrets in the Coordinator. The requesting user must be authorized to set the secrets.

func (*ClientAPIServer) SignQuotePost 

func (s *ClientAPIServer) SignQuotePost(w http.ResponseWriter, r *http.Request)

SignQuotePost receives an SGX quote and returns a signature for it. The Coordinator will verify the quote and sign it together with the TCB status of the quote using the root ECDSA key.

func (*ClientAPIServer) StatusGet 

func (s *ClientAPIServer) StatusGet(w http.ResponseWriter, r *http.Request)

StatusGet retrieves the current status of the Coordinator.

func (*ClientAPIServer) UpdateGet 

func (s *ClientAPIServer) UpdateGet(w http.ResponseWriter, r *http.Request)

UpdateGet retrieves the update log of the Coordinator.

func (*ClientAPIServer) UpdatePost 

func (s *ClientAPIServer) UpdatePost(w http.ResponseWriter, r *http.Request)

UpdatePost applies an update to the Coordinator's manifest.

type ManifestGetResponse 

type ManifestGetResponse struct {
	// ManifestSignatureRootECDSA is an ASN.1 encoded ECDSA signature using the Coordinator's root ECDSA key
	// over the sha256 hash of the manifest
	ManifestSignatureRootECDSA []byte `json:"manifestSignatureRootECDSA"`
	// ManifestFingerprint is SHA-256 hash of the currently set manifest.
	// It does not change when a package update has been applied.
	ManifestFingerprint string `json:"manifestFingerprint"`
	// Manifest is the currently set manifest of the Coordinator.
	// It does not change when a package update has been applied.
	Manifest []byte `json:"manifest"`
}

ManifestGetResponse contains the manifest signature, a SHA-256 hash of the manifest, and the manifest itself.

type ManifestSetRequest 

type ManifestSetRequest struct {
	// Manifest is the new manifest to set.
	Manifest []byte `json:"manifest"`
}

ManifestSetRequest is the request structure for setting the manifest.

type ManifestSetResponse 

type ManifestSetResponse struct {
	// RecoverySecrets is a map containing the encrypted secrets to be used for recovering the Coordinator.
	// The map keys match the names of the supplied RecoveryKeys in the manifest.
	RecoverySecrets map[string][]byte
}

ManifestSetResponse contains the response to setting the manifest.

type QuoteSignRequest 

type QuoteSignRequest struct {
	// SGXQuote is the raw SGX quote data.
	SGXQuote []byte `json:"sgxQuote"`
}

QuoteSignRequest contains an SGX Quote to be verified and signed by the Coordinator.

type QuoteSignResponse 

type QuoteSignResponse struct {
	// TCBStatus is the TCB status of the SGX Quote.
	TCBStatus string `json:"tcbStatus"`
	// VerificationSignature is a signature over sha256(base64(SGXQuote)|TCBStatus) signed by the root ECDSA key.
	VerificationSignature []byte `json:"verificationSignature"`
}

QuoteSignResponse contains the SGX Quote signature created by the Coordinator using its root ECDSA key, as well as the TCB status of the Quote.

type RecoveryRequest 

type RecoveryRequest struct {
	// RecoverySecret is the decrypted secret (or secret share) to recover the Coordinator.
	RecoverySecret []byte `json:"recoverySecret"`
}

RecoveryRequest is the request structure for the recovery process.

type RecoveryResponse 

type RecoveryResponse struct {
	// Remaining is the number of remaining secret shares to finish the recovery process.
	Remaining int `json:"remaining"`
	// Message is a human readable message about the recovery process.
	Message string `json:"message"`
}

RecoveryResponse contains the response for the recovery process.

type SecretsGetResponse 

type SecretsGetResponse struct {
	// Secrets is a map containing the requested secrets.
	Secrets map[string]manifest.Secret `json:"secrets"`
}

SecretsGetResponse is the response when retrieving secrets from the Coordinator.

type SecretsSetRequest 

type SecretsSetRequest struct {
	// Secrets is a map containing the secrets to set.
	Secrets map[string]manifest.UserSecret `json:"secrets"`
}

SecretsSetRequest is the request structure for setting secrets in the Coordinator. The requesting user must be authorized to set the secrets.

type StatusResponse 

type StatusResponse struct {
	// Code that matches the internal code of the Coordinator's current state.
	// One of:
	//  1: Recovery mode
	//  2: Ready to accept manifest
	//  3: Coordinator is running and ready to accept Marbles
	Code int `json:"code"`
	// Message is a human readable message of what the Coordinator expects the user to do in its current state.
	// example: Coordinator is ready to accept a manifest.
	Message string `json:"message"`
}

StatusResponse is the response to a status request.

type UpdateApplyRequest 

type UpdateApplyRequest struct {
	// Manifest is the new manifest to apply.
	Manifest []byte `json:"manifest"`
}

UpdateApplyRequest is the request structure for applying an update.

type UpdateLogResponse 

type UpdateLogResponse struct {
	// UpdateLog is a list of strings where each string is a log entry of the Coordinator's update log.
	UpdateLog []string `json:"updateLog"`
}

UpdateLogResponse is the response to an update log request.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.