api

Documentation

Overview

Package api defines the IAS interfaces.

Index

• func RegisterService(server *grpc.Server, service Endpoint)
• type Endpoint
  • func NewEndpointClient(c *grpc.ClientConn) Endpoint
• type Evidence
• type SPIDInfo

Functions

func RegisterService

func RegisterService(server *grpc.Server, service Endpoint)

RegisterService registers a new IAS service with the given gRPC server.

Types

type Endpoint

type Endpoint interface {
	// VerifyEvidence takes the provided quote, (optional) PSE manifest, and
	// (optional) nonce, and returns the corresponding AVR, signature, and
	// certificate chain respectively.
	VerifyEvidence(ctx context.Context, evidence *Evidence) (*ias.AVRBundle, error)

	// GetSPID returns the SPID and associated info used by the endpoint.
	GetSPIDInfo(ctx context.Context) (*SPIDInfo, error)

	// GetSigRL returns the Signature Revocation List for a given EPID group.
	GetSigRL(ctx context.Context, epidGID uint32) ([]byte, error)

	// Cleanup performs post-termination service cleanup.
	Cleanup()
}

Endpoint is an attestation validation endpoint, likely remote.

func NewEndpointClient

func NewEndpointClient(c *grpc.ClientConn) Endpoint

NewEndpointClient creates a new gRPC IAS endpoint client service.

type Evidence

type Evidence struct {
	RuntimeID                  common.Namespace `json:"runtime_id"`
	Quote                      []byte           `json:"quote"`
	PSEManifest                []byte           `json:"pse_manifest"`
	Nonce                      string           `json:"nonce"`
	EarlyTCBUpdate             bool             `json:"early_tcb_update,omitempty"`
	MinTCBEvaluationDataNumber uint32           `json:"min_tcb_evaluation_data_number,omitempty"`
}

Evidence is attestation evidence.

type SPIDInfo

type SPIDInfo struct {
	SPID               ias.SPID          `json:"spid"`
	QuoteSignatureType ias.SignatureType `json:"quote_signature_type"`
}

SPIDInfo contains information about the SPID associated with the client certificate.