sshpop

package
v1.5.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 11, 2023 License: Apache-2.0 Imports: 16 Imported by: 2

Documentation

Overview

Package sshpop implements ssh proof of possession based node attestation.

Index

Constants

View Source
const (
	// PluginName is used for identifying this plugin type for protobuf blobs.
	PluginName = "sshpop"
)

Variables

View Source
var (
	// DefaultAgentPathTemplate is the default text/template.
	DefaultAgentPathTemplate = agentpathtemplate.MustParse("/{{ .PluginName}}/{{ .Fingerprint }}")
)

Functions

This section is empty.

Types

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client is a factory for generating client handshake objects.

func NewClient

func NewClient(configString string) (*Client, error)

func (*Client) NewHandshake

func (c *Client) NewHandshake() *ClientHandshake

type ClientConfig

type ClientConfig struct {
	HostKeyPath  string `hcl:"host_key_path"`
	HostCertPath string `hcl:"host_cert_path"`
}

ClientConfig configures the client.

type ClientHandshake

type ClientHandshake struct {
	// contains filtered or unexported fields
}

ClientHandshake is a single-use object for an agent to do node attestation.

The handshake comprises a state machine that is not goroutine safe.

func (*ClientHandshake) AttestationData

func (c *ClientHandshake) AttestationData() ([]byte, error)

func (*ClientHandshake) RespondToChallenge

func (c *ClientHandshake) RespondToChallenge(req []byte) ([]byte, error)

type Server

type Server struct {
	// contains filtered or unexported fields
}

Server is a factory for generating server handshake objects.

func NewServer

func NewServer(trustDomain, configString string) (*Server, error)

func (*Server) NewHandshake

func (s *Server) NewHandshake() *ServerHandshake

type ServerConfig

type ServerConfig struct {
	CertAuthorities     []string `hcl:"cert_authorities"`
	CertAuthoritiesPath string   `hcl:"cert_authorities_path"`
	// CanonicalDomain specifies the domain suffix for validating the hostname against
	// the certificate's valid principals. See CanonicalDomains in ssh_config(5).
	CanonicalDomain   string `hcl:"canonical_domain"`
	AgentPathTemplate string `hcl:"agent_path_template"`
}

ServerConfig configures the server.

type ServerHandshake

type ServerHandshake struct {
	// contains filtered or unexported fields
}

ServerHandshake is a single-use object for a server to do node attestation.

The handshake comprises a state machine that is not goroutine safe.

func (*ServerHandshake) AgentID

func (s *ServerHandshake) AgentID() (spiffeid.ID, error)

func (*ServerHandshake) IssueChallenge

func (s *ServerHandshake) IssueChallenge() ([]byte, error)

func (*ServerHandshake) VerifyAttestationData

func (s *ServerHandshake) VerifyAttestationData(data []byte) error

func (*ServerHandshake) VerifyChallengeResponse

func (s *ServerHandshake) VerifyChallengeResponse(res []byte) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL