attestation

package
v0.1.10 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 24, 2024 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DockerReferenceType           = "vnd.docker.reference.type"
	AttestationManifestType       = "attestation-manifest"
	InTotoPredicateType           = "in-toto.io/predicate-type"
	DockerReferenceDigest         = "vnd.docker.reference.digest"
	DockerDsseExtKind             = "application/vnd.docker.attestation-verification.v1+json"
	RekorTlExtKind                = "Rekor"
	OCIDescriptorDSSEMediaType    = ociv1.MediaTypeDescriptor + "+dsse"
	InTotoReferenceLifecycleStage = "vnd.docker.lifecycle-stage"
	LifecycleStageExperimental    = "experimental"
)
View Source 
const (
	VSAPredicateType = "https://slsa.dev/verification_summary/v1"
)

Variables

This section is empty.

Functions

func DSSEMediaType added in v0.1.3 

func DSSEMediaType(predicateType string) (string, error)

func ToVSAResourceURI added in v0.1.3 

func ToVSAResourceURI(sub intoto.Subject) (string, error)

func UpdateIndexImage added in v0.1.8 

func UpdateIndexImage(
	idx v1.ImageIndex,
	manifest *AttestationManifest,
	options ...func(*AttestationManifestImageOptions) error) (v1.ImageIndex, error)

func UpdateIndexImages added in v0.1.8 

func UpdateIndexImages(idx v1.ImageIndex, manifest []*AttestationManifest, options ...func(*AttestationManifestImageOptions) error) (v1.ImageIndex, error)

func ValidPayloadType 

func ValidPayloadType(payloadType string) bool

func VerifyDSSE 

func VerifyDSSE(ctx context.Context, env *Envelope, opts *VerifyOptions) ([]byte, error)

func WithReplacedLayers added in v0.1.8 

func WithReplacedLayers(replaceLayers bool) func(*AttestationManifestImageOptions) error

func WithoutSubject added in v0.1.8 

func WithoutSubject(skipSubject bool) func(*AttestationManifestImageOptions) error

Types

type AttestationLayer added in v0.1.3 

type AttestationLayer struct {
	Statement   *intoto.Statement
	Layer       v1.Layer
	Annotations map[string]string
}

func GetAttestationsFromImage added in v0.1.3 

func GetAttestationsFromImage(image v1.Image) ([]*AttestationLayer, error)

GetAttestationsFromImage extracts all attestation layers from an image

type AttestationManifest added in v0.1.3 

type AttestationManifest struct {
	OriginalDescriptor *v1.Descriptor
	OriginalLayers     []*AttestationLayer

	// accumulated during signing
	SignedLayers []*AttestationLayer
	// details of subect image
	SubjectName       string
	SubjectDescriptor *v1.Descriptor
}

func GetAttestationManifestsFromIndex added in v0.1.3 

func GetAttestationManifestsFromIndex(index v1.ImageIndex) ([]*AttestationManifest, error)

GetAttestationManifestsFromIndex extracts all attestation manifests from an index

func (*AttestationManifest) AddAttestation added in v0.1.7 

func (manifest *AttestationManifest) AddAttestation(ctx context.Context, signer dsse.SignerVerifier, statement *intoto.Statement, opts *SigningOptions) error

func (*AttestationManifest) BuildAttestationImage added in v0.1.8 

func (manifest *AttestationManifest) BuildAttestationImage(options ...func(*AttestationManifestImageOptions) error) (v1.Image, error)

build an image with signed attestations, optionally replacing existing layers with signed layers

func (*AttestationManifest) BuildReferringArtifacts added in v0.1.8 

func (manifest *AttestationManifest) BuildReferringArtifacts() ([]v1.Image, error)

build an image per attestation (layer) suitable for use as Referrers

type AttestationManifestImageOptions added in v0.1.8 

type AttestationManifestImageOptions struct {
	// contains filtered or unexported fields
}

type DockerDsseExtension 

type DockerDsseExtension struct {
	Tl DockerTlExtension `json:"tl"`
}

type DockerTlExtension 

type DockerTlExtension struct {
	Kind string `json:"kind"`
	Data any    `json:"data"`
}

type EmptyConfigImage added in v0.1.8 

type EmptyConfigImage struct {
	v1.Image
}

func (*EmptyConfigImage) Manifest added in v0.1.8 

func (i *EmptyConfigImage) Manifest() (*v1.Manifest, error)

func (*EmptyConfigImage) RawConfigFile added in v0.1.8 

func (i *EmptyConfigImage) RawConfigFile() ([]byte, error)

func (*EmptyConfigImage) RawManifest added in v0.1.8 

func (i *EmptyConfigImage) RawManifest() ([]byte, error)

type Envelope 

type Envelope struct {
	PayloadType string      `json:"payloadType"`
	Payload     string      `json:"payload"`
	Signatures  []Signature `json:"signatures"`
}

the following types are needed until https://github.com/secure-systems-lab/dsse/pull/61 is merged

func SignDSSE 

func SignDSSE(ctx context.Context, payload []byte, signer dsse.SignerVerifier, opts *SigningOptions) (*Envelope, error)

SignDSSE signs a payload with a given signer and uploads the signature to the transparency log

func SignInTotoStatement added in v0.1.7 

func SignInTotoStatement(ctx context.Context, statement *intoto.Statement, signer dsse.SignerVerifier, opts *SigningOptions) (*Envelope, error)

type Extension 

type Extension struct {
	Kind string              `json:"kind"`
	Ext  DockerDsseExtension `json:"ext"`
}

type KeyMetadata 

type KeyMetadata struct {
	ID            string     `json:"id"`
	PEM           string     `json:"key"`
	From          time.Time  `json:"from"`
	To            *time.Time `json:"to"`
	Status        string     `json:"status"`
	SigningFormat string     `json:"signing-format"`
	Distrust      bool       `json:"distrust,omitempty"`
}

type Keys 

type Keys []KeyMetadata

type KeysMap 

type KeysMap map[string]KeyMetadata

type Signature 

type Signature struct {
	KeyID     string    `json:"keyid"`
	Sig       string    `json:"sig"`
	Extension Extension `json:"extension,omitempty"`
}

type SigningOptions added in v0.1.5 

type SigningOptions struct {
	// don't log to the configured transparency log
	SkipTL bool
}

type VSAInputAttestation added in v0.1.3 

type VSAInputAttestation struct {
	Digest    map[string]string `json:"digest"`
	MediaType string            `json:"mediaType"`
}

type VSAPolicy added in v0.1.3 

type VSAPolicy struct {
	URI string `json:"uri"`
}

type VSAPredicate added in v0.1.3 

type VSAPredicate struct {
	Verifier           VSAVerifier           `json:"verifier"`
	TimeVerified       string                `json:"timeVerified"`
	ResourceUri        string                `json:"resourceUri"`
	Policy             VSAPolicy             `json:"policy"`
	InputAttestations  []VSAInputAttestation `json:"inputAttestations"`
	VerificationResult string                `json:"verificationResult"`
	VerifiedLevels     []string              `json:"verifiedLevels"`
}

type VSAVerifier added in v0.1.3 

type VSAVerifier struct {
	ID string `json:"id"`
}

type VerifyOptions added in v0.1.5 

type VerifyOptions struct {
	Keys   []KeyMetadata `json:"keys"`
	SkipTL bool          `json:"skip_tl"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.