README
¶
Nitro Enclaves SDK for Go
A pure Go library for utilizing AWS KMS's support for Nitro Enclaves, similar to the AWS Nitro Enclaves SDK for C.
This has been forked to remove potential supply chain attacks.
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AttestationOptions ¶
type AttestationOptions struct {
// Nonce is an optional cryptographic nonce which may be signed as part of the attestation
// for use by applications in preventing replay attacks.
Nonce []byte
// UserData is an optional opaque blob which will be signed as part of the attestation
// for application-defined purposes.
UserData []byte
// NoPublicKey will prevent the defaul public key from being included in the attestation.
NoPublicKey bool
// PublicKey is an optional public key which will be included in the attestation. Valid types
// are *rsa.PublicKey, *ecdsa.PublicKey, and ed25519.PublicKey.
PublicKey any
}
type EnclaveHandle ¶
type EnclaveHandle struct {
// contains filtered or unexported fields
}
EnclaveHandle represents a handle to a Nitro Enclave, including the local Nitro Security Module, and an in-memory 2048 bit RSA key pair, the public key from which can be automatically included in requested attestation documents.
func GetOrInitializeHandle ¶
func GetOrInitializeHandle() (*EnclaveHandle, error)
GetOrInitializeHandle returns a reference to the default global enclave handle, initializing that handle in the process if it has not been already. If an error occurs during initialization of the global handle (including if the error occurred during a previous initialization attempt), the error will be returned.
func MustGlobalHandle ¶
func MustGlobalHandle() *EnclaveHandle
MustGlobalHandle returns a reference to the default enclave handle. If no handle has been initialized, one will be initialized on-demand. If an error occurs during initialization, panic.
func (*EnclaveHandle) Attest ¶
func (enclave *EnclaveHandle) Attest(args AttestationOptions) ([]byte, error)
Attest generates and returns an attestation document from the enclave's Nitro Security Module. See AttestationOptions for more details on available options.
func (*EnclaveHandle) DecryptKMSEnvelopedKey ¶
func (enclave *EnclaveHandle) DecryptKMSEnvelopedKey(content []byte) ([]byte, error)
DecryptKMSEnvelopedKey decrypts a KMS 'CiphertextForRecipient' response field, using the enclave's private key.
func (*EnclaveHandle) PublicKey ¶
func (enclave *EnclaveHandle) PublicKey() *rsa.PublicKey
PublicKey reutrns a reference to the Handle's public key.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
crypto
|
|
|
Package nsm implements the Nitro Security Module interface.
|
Package nsm implements the Nitro Security Module interface. |
|
ioc
Package ioc generates the proper ioctl command numbers.
|
Package ioc generates the proper ioctl command numbers. |
|
request
Package request contains constructs commonly used in the NSM request payload.
|
Package request contains constructs commonly used in the NSM request payload. |
|
response
Package response contains commonly used constructs for NSM responses.
|
Package response contains commonly used constructs for NSM responses. |