attestedtls

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 23, 2022 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Overview

Copyright (c) 2021 Fraunhofer AISEC Fraunhofer-Gesellschaft zur Foerderung der angewandten Forschung e.V.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Dial 

func Dial(network string, addr string, config *tls.Config, moreConfigs ...ConnectionOption[cmcConfig]) (*tls.Conn, error)

Wraps tls.Dial Additionally performs remote attestation before returning the established connection.

func GetCert 

func GetCert(moreConfigs ...ConnectionOption[cmcConfig]) (tls.Certificate, error)

Obtains Certificate for the used TLS key from cmcd

func Listen 

func Listen(network, laddr string, config *tls.Config, moreConfigs ...ConnectionOption[cmcConfig]) (net.Listener, error)

Wrapper for tls.Listen Returns custom Listener that will perform additional remote attestation operations right after successful TLS connection establishment

func Read 

func Read(c net.Conn) ([]byte, error)

Receives byte array from provided channel by first receiving length information, then data Used for transmitting the attestation reports between peers

func Write 

func Write(msg []byte, c net.Conn) error

Writes byte array to provided channel by first sending length information, then data Used for transmitting the attestation reports between peers

Types

type AttestedError added in v0.5.0 

type AttestedError struct {
	// contains filtered or unexported fields
}

Struct that holds verification result additional to the error

func NewAttestedError added in v0.5.0 

func NewAttestedError(r ar.VerificationResult, err error) AttestedError

NewAttestedError creates an AttestedError using the provided error and attestation report

func (AttestedError) Error added in v0.5.0 

func (err AttestedError) Error() string

Error returns the error message as a string. This implements the Error interface

func (AttestedError) GetVerificationResult added in v0.5.0 

func (err AttestedError) GetVerificationResult() ar.VerificationResult

GetVerificationResult returns the verification result stored in the AttestedError

func (AttestedError) Unwrap added in v0.5.0 

func (err AttestedError) Unwrap() error

Unwrap returns the unwrapped error

type CmcApi added in v0.5.0 

type CmcApi interface {
	// contains filtered or unexported methods
}

type CmcApiSelect added in v0.5.0 

type CmcApiSelect uint32
const (
	CmcApi_GRPC CmcApiSelect = 0
	CmcApi_COAP CmcApiSelect = 1
)

type CoapApi added in v0.5.0 

type CoapApi struct{}

type ConnectionOption added in v0.4.0 

type ConnectionOption[T any] func(*T)

func WithCmcAddr added in v0.5.0 

func WithCmcAddr(address string) ConnectionOption[cmcConfig]

WithCmcAddress sets the address with which to contact the CMC. If not specified, default is "localhost"

func WithCmcApi added in v0.5.0 

func WithCmcApi(api CmcApiSelect) ConnectionOption[cmcConfig]

WithCmcApi specifies the API to be used to connect to the cmcd If not specified, default is grpc

func WithCmcCa added in v0.4.0 

func WithCmcCa(pem []byte) ConnectionOption[cmcConfig]

WithCmcCa specifies the CA the attestation report should be verified against in PEM format

func WithCmcPolicies added in v0.4.0 

func WithCmcPolicies(policies []byte) ConnectionOption[cmcConfig]

WithCmcPolicies specifies optional custom policies the attestation report should be verified against

type GrpcApi added in v0.5.0 

type GrpcApi struct{}

type Listener 

type Listener struct {
	net.Listener // embedded interface

	*tls.Config // embedded struct
	// contains filtered or unexported fields
}

Struct to implement Listener interface * holds net.Listener and adds additional functionality to it

func (Listener) Accept 

func (ln Listener) Accept() (net.Conn, error)

Implementation of Accept() in net.Listener iface Calls Accept of the net.Listnener and additionally performs remote attestation after connection establishment before returning the connection

func (Listener) Addr 

func (ln Listener) Addr() net.Addr

Implementation of Addr in net.Listener iface Only calls original Addr(), since no new functionality required

func (Listener) Close 

func (ln Listener) Close() error

Implementation of Close in net.Listener iface Only calls original Close(), since no new functionality required

type PrivateKey 

type PrivateKey struct {
	// contains filtered or unexported fields
}

PrivateKey Wrapper Implementing crypto.Signer interface Used to contact cmcd for signing operations

func (PrivateKey) Public 

func (priv PrivateKey) Public() crypto.PublicKey

func (PrivateKey) Sign 

func (priv PrivateKey) Sign(random io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Implementation of Sign() in crypto.Signer iface Contacts cmcd for sign operation and returns received signature

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.