verify

package
v0.90.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 4, 2026 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Overview

Package verify provides end-to-end verification of transactions executed in AWS Nitro enclaves.

The verification process validates:

  • AWS Nitro attestation document authenticity
  • ECDSA signature correctness
  • QoS manifest integrity via hash comparison
  • PCR (Platform Configuration Register) values

Verification Flow

Call Verify with an attestation document and transaction details: 

result, err := verifyService.Verify(ctx, &verify.VerifyRequest{
	UnsignedPayload: "base64-payload",
	QosManifestHex:  "expected-manifest-hash",
})
if err != nil {
	log.Fatal(err)
}
if !result.Valid {
	log.Printf("Verification failed: %s", result.Message)
}

Detailed Results

VerifyResult includes detailed information about each step:

  • Attestation verification status and PCR values
  • Signature verification with public key extraction
  • Manifest decoding and hash comparison
  • Comprehensive error messages explaining failures

Customization

Use VerifyRequest fields to customize verification:

  • QosManifestHex: Compare manifest hash (optional)
  • PivotBinaryHashHex: Verify binary hash (optional)
  • SaveManifestPath: Save manifest to file (optional)

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type APIClient 

type APIClient interface {
	CreateSignablePayload(ctx context.Context, req *api.CreateSignablePayloadRequest) (*api.SignablePayloadResponse, error)
}

APIClient interface for making API calls

type AppAttestation 

type AppAttestation struct {
	Message   string `json:"message"`
	PublicKey string `json:"publicKey"`
	Scheme    string `json:"scheme"`
	Signature string `json:"signature"`
}

AppAttestation represents the parsed app attestation structure

type AttestationVerifier 

type AttestationVerifier interface {
	Validate(attestationDocument []byte) (*nitroverifier.ValidationResult, error)
}

AttestationVerifier interface for verifying attestations

type Formatter 

type Formatter struct{}

Formatter formats verification and manifest data for display

func NewFormatter 

func NewFormatter() *Formatter

NewFormatter creates a new formatter

func (*Formatter) FormatApprovals 

func (f *Formatter) FormatApprovals(approvals []manifest.Approval) []map[string]interface{}

FormatApprovals formats Approval array for output

func (*Formatter) FormatManifest 

func (f *Formatter) FormatManifest(m *manifest.Manifest) string

FormatManifest formats manifest details for display

func (*Formatter) FormatManifestEnvelopeJSON 

func (f *Formatter) FormatManifestEnvelopeJSON(env *manifest.ManifestEnvelope) map[string]interface{}

FormatManifestEnvelopeJSON formats manifest envelope for JSON output

func (*Formatter) FormatManifestJSON 

func (f *Formatter) FormatManifestJSON(m *manifest.Manifest) map[string]interface{}

FormatManifestJSON formats manifest for JSON output

func (*Formatter) FormatMembers 

func (f *Formatter) FormatMembers(members []manifest.QuorumMember) []map[string]string

FormatMembers formats QuorumMember array for output

func (*Formatter) FormatPCRValidationResults 

func (f *Formatter) FormatPCRValidationResults(results []PCRValidationResult, indent string) string

FormatPCRValidationResults formats PCR validation results for display

func (*Formatter) FormatPCRValues 

func (f *Formatter) FormatPCRValues(pcrs map[uint][]byte, title string, indent string) string

FormatPCRValues formats PCR values with descriptive labels and proper formatting

func (*Formatter) FormatPatchMembers 

func (f *Formatter) FormatPatchMembers(members []manifest.MemberPubKey) []map[string]string

FormatPatchMembers formats MemberPubKey array for output

func (*Formatter) FormatVerificationResult 

func (f *Formatter) FormatVerificationResult(result *VerifyResult) map[string]interface{}

FormatVerificationResult formats a verification result for display

type ManifestSerializationResult 

type ManifestSerializationResult struct {
	RawManifestHash          string
	ReserializedManifestHash string
	EnvelopeHash             string
	UserDataHash             string
	RawManifestB64           string // Base64-encoded manifest for debugging
	EnvelopeB64              string // Base64-encoded envelope for debugging
	Matches                  bool
	ReserializationNeeded    bool
	Error                    string
}

ManifestSerializationResult tracks manifest hash verification

type PCRValidationResult 

type PCRValidationResult struct {
	Index    uint   `json:"index"`
	Expected string `json:"expected"`
	Actual   string `json:"actual"`
	Valid    bool   `json:"valid"`
}

PCRValidationResult represents the result of validating a single PCR

type ParseResult 

type ParseResult struct {
	SignablePayload                  string            `json:"signablePayload"`
	TurnkeySerializedSignablePayload string            `json:"turnkeySerializedSignablePayload"`
	Attestations                     map[string]string `json:"attestations"`
	QosManifestB64                   string            `json:"qosManifestB64,omitempty"`
	QosManifestEnvelopeB64           string            `json:"qosManifestEnvelopeB64,omitempty"`
}

ParseResult represents the result of parsing transaction

type Service 

type Service struct {
	// contains filtered or unexported fields
}

Service handles verification logic

func NewService 

func NewService(apiClient APIClient, attestationVerifier AttestationVerifier) *Service

NewService creates a new verification service

func (*Service) Verify 

func (s *Service) Verify(ctx context.Context, req *VerifyRequest) (*VerifyResult, error)

Verify performs end-to-end verification of a transaction in AWS Nitro enclave

type VerifyRequest 

type VerifyRequest struct {
	UnsignedPayload    string
	QosManifestHex     string
	PivotBinaryHashHex string
	SaveManifestPath   string
	Chain              string
}

VerifyRequest represents the parameters for verification

type VerifyResult 

type VerifyResult struct {
	Valid                   bool                        `json:"valid"`
	AttestationValid        bool                        `json:"attestationValid"`
	SignatureValid          bool                        `json:"signatureValid"`
	ModuleID                string                      `json:"moduleId"`
	PublicKeyHex            string                      `json:"publicKey"`
	SignablePayload         string                      `json:"signablePayload"`
	InputPayloadDigest      string                      `json:"inputPayloadDigest,omitempty"`
	MetadataDigest          string                      `json:"metadataDigest,omitempty"`
	MessageHex              string                      `json:"message"`
	SignatureHex            string                      `json:"signature"`
	QosManifestHash         string                      `json:"qosManifest,omitempty"`
	PivotBinaryHash         string                      `json:"pivotBinaryHash,omitempty"`
	PCR4                    string                      `json:"pcr4,omitempty"`
	UserData                []byte                      `json:"-"`
	PCRs                    map[uint][]byte             `json:"-"`
	PCRValidationResults    []PCRValidationResult       `json:"-"`
	PublicKey               *ecdsa.PublicKey            `json:"-"`
	Manifest                *manifest.Manifest          `json:"-"`
	AttestationDocument     interface{}                 `json:"-"`
	ManifestReserialization ManifestSerializationResult `json:"-"`
}

VerifyResult represents the result of verification

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.