verifier

package

v0.0.0-...-ff647d5 Latest Latest Go to latest Published: Nov 5, 2024 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/keylime/attestation-operator

Links

Open Source Insights

Documentation ¶

Index ¶

type AddAgentRequest
type AddRuntimePolicyRequest
type Agent
type AgentState
- func (as AgentState) Description() string
- func (as AgentState) String() string
type Client
- func New(ctx context.Context, logger logr.Logger, httpClient *http.Client, ...) (Client, string, error)
type RuntimePolicy

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AddAgentRequest ¶

type AddAgentRequest struct {
	V                       []byte
	CloudAgentIP            string
	CloudAgentPort          uint16
	TPMPolicy               *attestationv1alpha1.TPMPolicy
	VTPMPolicy              *attestationv1alpha1.TPMPolicy
	RuntimePolicyName       string
	RuntimePolicy           []byte
	RuntimePolicySig        []byte
	RuntimePolicyKey        []byte
	MBRefState              map[string]any
	IMASignVerificationKeys []any
	MetaData                map[string]any
	RevocationKey           crypto.PrivateKey
	AcceptTPMHashAlgs       []attestationv1alpha1.TPMHashAlg
	AcceptTPMEncryptionAlgs []attestationv1alpha1.TPMEncryptionAlg
	AcceptTPMSigningAlgs    []attestationv1alpha1.TPMSigningAlg
	AK                      []byte
	MTLSCert                *x509.Certificate
	SupportedVersion        string
}

type AddRuntimePolicyRequest ¶

type AddRuntimePolicyRequest struct {
	TPMPolicy        *attestationv1alpha1.TPMPolicy
	RuntimePolicy    []byte
	RuntimePolicySig []byte
	RuntimePolicyKey []byte
}

type Agent ¶

type Agent struct {
	OperationalState          AgentState
	V                         []byte
	IP                        string
	Port                      uint16
	TPMPolicy                 *attestationv1alpha1.TPMPolicy
	VTPMPolicy                *attestationv1alpha1.TPMPolicy
	MetaData                  map[string]any
	HasMBRefState             bool
	HasRuntimePolicy          bool
	AcceptTPMHashAlgs         []attestationv1alpha1.TPMHashAlg
	AcceptTPMEncryptionAlgs   []attestationv1alpha1.TPMEncryptionAlg
	AcceptTPMSigningAlgs      []attestationv1alpha1.TPMSigningAlg
	HashAlg                   attestationv1alpha1.TPMHashAlg
	EncryptionAlg             attestationv1alpha1.TPMEncryptionAlg
	SigningAlg                attestationv1alpha1.TPMSigningAlg
	VerifierID                string
	VerifierIP                string
	VerifierPort              uint16
	SeverityLevel             uint16
	LastEventID               string
	AttestationCount          uint
	LastReceivedQuote         *time.Time
	LastSuccessfulAttestation *time.Time
}

{
  "code": 200,
  "status": "Success",
  "results": {
    "operational_state": 7,
    "v": "yyNnlWwFRz1ZUzSe2YEpz9A5urtv6oywgttTF7VbBP4=",
    "ip": "127.0.0.1",
    "port": 9002,
    "tpm_policy": "{\"22\": [\"0000000000000000000000000000000000000001\", \"0000000000000000000000000000000000000000000000000000000000000001\", \"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001\", \"ffffffffffffffffffffffffffffffffffffffff\", \"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\", \"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\"], \"15\": [\"0000000000000000000000000000000000000000\", \"0000000000000000000000000000000000000000000000000000000000000000\", \"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\"], \"mask\": \"0x408000\"}",
    "vtpm_policy": "{\"23\": [\"ffffffffffffffffffffffffffffffffffffffff\", \"0000000000000000000000000000000000000000\"], \"15\": [\"0000000000000000000000000000000000000000\"], \"mask\": \"0x808000\"}",
    "meta_data": "{}",
    "has_mb_refstate": 0,
    "has_runtime_policy": 0,
    "accept_tpm_hash_algs": [
      "sha512",
      "sha384",
      "sha256",
      "sha1"
    ],
    "accept_tpm_encryption_algs": [
      "ecc",
      "rsa"
    ],
    "accept_tpm_signing_algs": [
      "ecschnorr",
      "rsassa"
    ],
    "hash_alg": "sha256",
    "enc_alg": "rsa",
    "sign_alg": "rsassa",
    "verifier_id": "default",
    "verifier_ip": "127.0.0.1",
    "verifier_port": 8881,
    "severity_level": 6,
    "last_event_id": "qoute_validation.quote_validation",
    "attestation_count": 240,
    "last_received_quote": 1676644582,
    "last_successful_attestation": 1676644462
  }
}

type AgentState ¶

type AgentState uint16

AgentState represents all known agent states according to: https://github.com/keylime/keylime/blob/master/keylime/common/states.py

const (
	Registered AgentState = iota
	Start
	Saved
	GetQuote
	GetQuoteRetry
	ProvideV
	ProvideVRetry
	Failed
	Terminated
	InvalidQuote
	TenantFailed
)

func (AgentState) Description ¶

func (as AgentState) Description() string

func (AgentState) String ¶

func (as AgentState) String() string

type Client ¶

type Client interface {
	GetAgent(ctx context.Context, uuid string) (*Agent, error)
	AddAgent(ctx context.Context, uuid string, agentRequest *AddAgentRequest) error
	DeleteAgent(ctx context.Context, uuid string) error
	StopAgent(ctx context.Context, uuid string) error
	ReactivateAgent(ctx context.Context, uuid string) error
	AddRuntimePolicy(ctx context.Context, name string, runtimePolicyRequest *AddRuntimePolicyRequest) error
	GetRuntimePolicy(ctx context.Context, name string) (*RuntimePolicy, error)
	DeleteRuntimePolicy(ctx context.Context, name string) error
}

func New ¶

func New(ctx context.Context, logger logr.Logger, httpClient *http.Client, verifierURL string) (Client, string, error)

type RuntimePolicy ¶

type RuntimePolicy struct {
	Name          string
	TPMPolicy     *attestationv1alpha1.TPMPolicy
	RuntimePolicy []byte
}

Source Files ¶

View all Source files

verifier_client.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL