Documentation
¶
Overview ¶
Package nitrofake provides an Attestor that produces structurally valid COSE Sign1 attestation documents. These documents pass the local Nitro attestation validator's full validation chain (CBOR parsing, cert chain, ECDSA signature, UserData, PCRs) without requiring real Nitro hardware.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Attestor ¶
type Attestor struct {
// contains filtered or unexported fields
}
Attestor produces structurally valid COSE Sign1 attestation documents that pass the local Nitro validator with a custom CA root.
func NewAttestor ¶
NewAttestor generates a self-signed P-384 root CA, a leaf cert signed by that root, and deterministic 48-byte fake PCR values.
func (*Attestor) CARoots ¶
CARoots returns an x509.CertPool containing the fake root CA certificate.
func (*Attestor) CARootsPEM ¶
CARootsPEM returns the root CA certificate in PEM format.
func (*Attestor) CreateAttestation ¶
CreateAttestation builds a COSE Sign1 document encoding a Nitro-like attestation with the given userData. Optional nonce and public_key fields can be set via opts.
func (*Attestor) LeafPublicKeyDER ¶
LeafPublicKeyDER returns the SPKI (DER) encoding of the leaf certificate public key, matching the format of nitro.Document.LeafPublicKey.
func (*Attestor) TrustedPCRsJSON ¶
TrustedPCRsJSON returns the PCR values as a JSON object matching the format expected by the attestation validator.
type Option ¶
type Option func(*attestationDocument)
Option customizes the optional fields of a fake attestation document.
func WithPublicKey ¶
WithPublicKey sets the attestation public_key field, modeling an enclave that publishes a long-lived identity key.