attestation

package
v1.0.0-rc2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 9, 2021 License: Apache-2.0, MIT Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source 
const DefaultIASUrl = "https://api.trustedservices.intel.com/sgx/dev/attestation/v4/report"

Variables

This section is empty.

Functions

This section is empty.

Types

type ConvertFunction 

type ConvertFunction func(attestationBytes []byte) (evidenceBytes []byte, err error)

type Converter 

type Converter struct {
	Type      string
	Converter ConvertFunction
}

func NewEpidLinkableConverter 

func NewEpidLinkableConverter() *Converter

NewEpidLinkableConverter creates a new attestation converter for Intel SGX EPID (linkable) attestation

func NewEpidUnlinkableConverter 

func NewEpidUnlinkableConverter() *Converter

NewEpidUnlinkableConverter creates a new attestation converter for Intel SGX EPID (unlinkable) attestation

func NewSimulationConverter 

func NewSimulationConverter() *Converter

NewSimulationConverter creates a new attestation converter for Intel SGX simulation mode

type ConverterDispatcher 

type ConverterDispatcher struct {
	// contains filtered or unexported fields
}

func NewConverterDispatcher 

func NewConverterDispatcher() *ConverterDispatcher

func (*ConverterDispatcher) Convert 

func (d *ConverterDispatcher) Convert(attestation *attestation) (*evidence, error)

Convert performs the attestation to evidence conversion with help of the registered Converter. If there is no matching Converter registered for the input attestation, an error is returned; If the invoked ConverterFunction fails, an error is returned; Otherwise an evidence struct is returned.

func (*ConverterDispatcher) Register 

func (d *ConverterDispatcher) Register(converter ...*Converter) error

Register adds new converters to the ConverterDispatcher

type CredentialConverter 

type CredentialConverter struct {
	// contains filtered or unexported fields
}

func NewCredentialConverter 

func NewCredentialConverter() *CredentialConverter

func (*CredentialConverter) ConvertCredentials 

func (c *CredentialConverter) ConvertCredentials(credentialsOnlyAttestation string) (credentialsWithEvidence string, err error)

ConvertCredentials perform attestation evidence conversion (transformation) for a given credentials message (encoded as base64 string)

type HTTPClient 

type HTTPClient interface {
	Do(req *http.Request) (*http.Response, error)
}

type IASClient 

type IASClient struct {
	// contains filtered or unexported fields
}

func NewIASClient 

func NewIASClient(apiKey string, opts ...IASClientOption) *IASClient

NewIASClient returns a new IASClient instance using DefaultIASUrl as IAS endpoint This method requires an API Key as input in order to authenticate with the IAS. Optionally, IASClientOption can be provided to change the behavior of the IASClient.

func (*IASClient) RequestAttestationReport 

func (i *IASClient) RequestAttestationReport(quoteBase64 string) (reportJson string, err error)

RequestAttestationReport submits a quote (provided as base64 encoded string) to the Intel Attestation Service (IAS) in order to verify it and generate an attestation report. The report returned by the attestation service is packaged as a IASReport and serialized as json string.

type IASClientOption 

type IASClientOption func(*IASClient)

func WithHttpClient 

func WithHttpClient(client HTTPClient) IASClientOption

WithHttpClient option allows to use a custom http client. Mainly used for testing

func WithUrl 

func WithUrl(url string) IASClientOption

WithUrl option allows to override the default IAS endpoint (DefaultIASUrl)

type IASReport 

type IASReport struct {
	Signature    string `json:"iasSignature"`
	Certificates string `json:"iasCertificates"`
	Body         string `json:"iasReport"`
}

type IASRequest 

type IASRequest struct {
	Quote    string `json:"isvEnclaveQuote"`
	Manifest string `json:"pseManifest,omitempty"`
	Nonce    string `json:"nonce,omitempty"`
}

type IASResponseBody 

type IASResponseBody struct {
	Id                    string   `json:"id"`
	Timestamp             string   `json:"timestamp"`
	Version               int      `json:"version"`
	IsvEnclaveQuoteStatus string   `json:"ISVEnclaveQuoteStatus"`
	IsvEnclaveQuoteBody   string   `json:"ISVEnclaveQuoteBody"`
	RevocationReason      string   `json:"revocationReason"`
	PseManifestStatus     string   `json:"pseManifestStatus"`
	PseManifestHash       string   `json:"pseManifestHash"`
	PlatformInfoBlob      string   `json:"platformInfoBlob"`
	Nonce                 string   `json:"nonce"`
	EpidPseudonym         string   `json:"epidPseudonym"`
	AdvisoryURL           string   `json:"advisoryURL"`
	AdvisoryIDs           []string `json:"advisoryIDs"`
}

type IntelAttestationService 

type IntelAttestationService interface {
	RequestAttestationReport(quoteBase64 string) (reportJson string, err error)
}

Source Files

View all Source files

Directories

Path Synopsis
Code generated by counterfeiter.
 Code generated by counterfeiter.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.