Documentation ¶
Overview ¶
Package sshpop implements ssh proof of possession based node attestation.
Index ¶
Constants ¶
View Source
const (
// PluginName is used for identifying this plugin type for protobuf blobs.
PluginName = "sshpop"
)
Variables ¶
View Source
var ( // DefaultAgentPathTemplate is the default text/template. DefaultAgentPathTemplate = agentpathtemplate.MustParse("/{{ .PluginName}}/{{ .Fingerprint }}") )
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client is a factory for generating client handshake objects.
func (*Client) NewHandshake ¶
func (c *Client) NewHandshake() *ClientHandshake
type ClientConfig ¶
type ClientConfig struct { HostKeyPath string `hcl:"host_key_path"` HostCertPath string `hcl:"host_cert_path"` // contains filtered or unexported fields }
ClientConfig configures the client.
func BuildClientConfig ¶ added in v1.11.0
func BuildClientConfig(coreConfig catalog.CoreConfig, hclText string, status *pluginconf.Status) *ClientConfig
func (*ClientConfig) NewClient ¶ added in v1.11.0
func (cc *ClientConfig) NewClient() *Client
type ClientConfigRequest ¶ added in v1.11.0
type ClientConfigRequest struct {
// contains filtered or unexported fields
}
func (*ClientConfigRequest) GetCoreConfiguration ¶ added in v1.11.0
func (ccr *ClientConfigRequest) GetCoreConfiguration() *configv1.CoreConfiguration
func (*ClientConfigRequest) GetHclConfiguration ¶ added in v1.11.0
func (ccr *ClientConfigRequest) GetHclConfiguration() string
type ClientHandshake ¶
type ClientHandshake struct {
// contains filtered or unexported fields
}
ClientHandshake is a single-use object for an agent to do node attestation.
The handshake comprises a state machine that is not goroutine safe.
func (*ClientHandshake) AttestationData ¶
func (c *ClientHandshake) AttestationData() ([]byte, error)
func (*ClientHandshake) RespondToChallenge ¶
func (c *ClientHandshake) RespondToChallenge(req []byte) ([]byte, error)
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server is a factory for generating server handshake objects.
func (*Server) NewHandshake ¶
func (s *Server) NewHandshake() *ServerHandshake
type ServerConfig ¶
type ServerConfig struct { CertAuthorities []string `hcl:"cert_authorities"` CertAuthoritiesPath string `hcl:"cert_authorities_path"` // CanonicalDomain specifies the domain suffix for validating the hostname against // the certificate's valid principals. See CanonicalDomains in ssh_config(5). CanonicalDomain string `hcl:"canonical_domain"` AgentPathTemplate string `hcl:"agent_path_template"` // contains filtered or unexported fields }
ServerConfig configures the server.
func BuildServerConfig ¶ added in v1.11.0
func BuildServerConfig(coreConfig catalog.CoreConfig, hclText string, status *pluginconf.Status) *ServerConfig
func (*ServerConfig) NewServer ¶ added in v1.11.0
func (sc *ServerConfig) NewServer() *Server
type ServerConfigRequest ¶ added in v1.11.0
type ServerConfigRequest struct {
// contains filtered or unexported fields
}
func (*ServerConfigRequest) GetCoreConfiguration ¶ added in v1.11.0
func (scr *ServerConfigRequest) GetCoreConfiguration() *configv1.CoreConfiguration
func (*ServerConfigRequest) GetHclConfiguration ¶ added in v1.11.0
func (scr *ServerConfigRequest) GetHclConfiguration() string
type ServerHandshake ¶
type ServerHandshake struct {
// contains filtered or unexported fields
}
ServerHandshake is a single-use object for a server to do node attestation.
The handshake comprises a state machine that is not goroutine safe.
func (*ServerHandshake) IssueChallenge ¶
func (s *ServerHandshake) IssueChallenge() ([]byte, error)
func (*ServerHandshake) VerifyAttestationData ¶
func (s *ServerHandshake) VerifyAttestationData(data []byte) error
func (*ServerHandshake) VerifyChallengeResponse ¶
func (s *ServerHandshake) VerifyChallengeResponse(res []byte) error
Click to show internal directories.
Click to hide internal directories.