Documentation ¶
Overview ¶
Package sshpop implements ssh proof of possession based node attestation.
Index ¶
Constants ¶
View Source
const (
// PluginName is used for identifying this plugin type for protobuf blobs.
PluginName = "sshpop"
)
Variables ¶
View Source
var ( // DefaultAgentPathTemplate is the default text/template. DefaultAgentPathTemplate = template.Must(template.New("agent-path").Parse("{{ .PluginName}}/{{ .Fingerprint }}")) )
Functions ¶
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client is a factory for generating client handshake objects.
func (*Client) NewHandshake ¶
func (c *Client) NewHandshake() *ClientHandshake
type ClientConfig ¶
type ClientConfig struct { HostKeyPath string `hcl:"host_key_path"` HostCertPath string `hcl:"host_cert_path"` }
ClientConfig configures the client.
type ClientHandshake ¶
type ClientHandshake struct {
// contains filtered or unexported fields
}
ClientHandshake is a single-use object for an agent to do node attestation.
The handshake comprises a state machine that is not goroutine safe.
func (*ClientHandshake) AttestationData ¶
func (c *ClientHandshake) AttestationData() ([]byte, error)
func (*ClientHandshake) RespondToChallenge ¶
func (c *ClientHandshake) RespondToChallenge(req []byte) ([]byte, error)
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server is a factory for generating server handshake objects.
func (*Server) NewHandshake ¶
func (s *Server) NewHandshake() *ServerHandshake
type ServerConfig ¶
type ServerConfig struct { CertAuthorities []string `hcl:"cert_authorities"` CertAuthoritiesPath string `hcl:"cert_authorities_path"` // CanonicalDomain specifies the domain suffix for validating the hostname against // the certificate's valid principals. See CanonicalDomains in ssh_config(5). CanonicalDomain string `hcl:"canonical_domain"` AgentPathTemplate string `hcl:"agent_path_template"` }
ServerConfig configures the server.
type ServerHandshake ¶
type ServerHandshake struct {
// contains filtered or unexported fields
}
ServerHandshake is a single-use object for a server to do node attestation.
The handshake comprises a state machine that is not goroutine safe.
func (*ServerHandshake) AgentID ¶
func (s *ServerHandshake) AgentID() (string, error)
func (*ServerHandshake) IssueChallenge ¶
func (s *ServerHandshake) IssueChallenge() ([]byte, error)
func (*ServerHandshake) VerifyAttestationData ¶
func (s *ServerHandshake) VerifyAttestationData(data []byte) error
func (*ServerHandshake) VerifyChallengeResponse ¶
func (s *ServerHandshake) VerifyChallengeResponse(res []byte) error
Click to show internal directories.
Click to hide internal directories.