Documentation
¶
Index ¶
- func CreateAttestationCertificate(hashPublicKey func(pub any) ([]byte, error), ...) ([]byte, error)
- func CreateAttestationClientTLSConfig(verifyRemoteReport func([]byte) (Report, error), opts Options, ...) *tls.Config
- func CreateAttestationServerTLSConfig(hashPublicKey func(pub any) ([]byte, error), ...) (*tls.Config, error)
- func CreateAzureAttestationToken(report, data []byte, baseurl string) (string, error)
- func HashPublicKey(pub any) ([]byte, error)
- func HashPublicKeyOE(pub any) ([]byte, error)
- func ParseHTTPS(URL string) (*url.URL, error)
- type Options
- type Report
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CreateAttestationCertificate ¶
func CreateAttestationCertificate(hashPublicKey func(pub any) ([]byte, error), getRemoteReport func([]byte) ([]byte, error), template, parent *x509.Certificate, pub, priv any) ([]byte, error)
CreateAttestationCertificate creates an X.509 certificate with an embedded report from getRemoteReport.
func CreateAttestationClientTLSConfig ¶
func CreateAttestationClientTLSConfig(verifyRemoteReport func([]byte) (Report, error), opts Options, verifyReport func(Report) error) *tls.Config
CreateAttestationClientTLSConfig creates a tls.Config object that verifies a certificate with embedded report.
func CreateAttestationServerTLSConfig ¶
func CreateAttestationServerTLSConfig(hashPublicKey func(pub any) ([]byte, error), getRemoteReport func([]byte) ([]byte, error)) (*tls.Config, error)
CreateAttestationServerTLSConfig creates a tls.Config object with a self-signed certificate and an embedded report.
func CreateAzureAttestationToken ¶ added in v0.2.2
CreateAzureAttestationToken creates a Microsoft Azure Attestation Token by sending a report to an Attestation Provider, who is reachable under baseurl. A JSON Web Token in compact serialization is returned.
func HashPublicKey ¶ added in v1.7.1
func HashPublicKeyOE ¶ added in v1.7.1
Types ¶
type Options ¶ added in v1.4.0
type Options struct {
IgnoreErr error
}
Options are attestation options.
type Report ¶ added in v0.2.2
type Report struct {
Data []byte // The report data that has been included in the report.
SecurityVersion uint // Security version of the enclave. For SGX enclaves, this is the ISVSVN value.
Debug bool // If true, the report is for a debug enclave.
UniqueID []byte // The unique ID for the enclave. For SGX enclaves, this is the MRENCLAVE value.
SignerID []byte // The signer ID for the enclave. For SGX enclaves, this is the MRSIGNER value.
ProductID []byte // The Product ID for the enclave. For SGX enclaves, this is the ISVPRODID value.
TCBStatus tcbstatus.Status // The status of the enclave's TCB level.
TCBAdvisories []string // IDs of Intel security advisories that provide insight into the reasons when the TCB status is not UpToDate.
TCBAdvisoriesErr error // Error that occurred while getting the advisory array (if any).
}
Report is a parsed enclave report.
func ParseClaims ¶ added in v0.4.0
func VerifyAzureAttestationToken ¶ added in v0.2.2
VerifyAzureAttestationToken takes a Microsoft Azure Attestation Token in JSON Web Token compact serialization format and verifies the tokens public claims and signature. The Attestation providers keys are loaded from baseURL over an TLS connection. The validation is based on the trust in this TLS channel. Note, that the token's issuer (iss) has to equal the baseURL's string representation.
Attention: the calling function needs to ensure the scheme of baseURL is HTTPS, e.g. by calling the ParseHTTPS function of this package.
Source Files