Documentation

Overview

    Package enclave provides functionality for Go enclaves like remote attestation and sealing.

    Index

    Constants

    This section is empty.

    Variables

    This section is empty.

    Functions

    func CreateAttestationCertificate

    func CreateAttestationCertificate(template, parent *x509.Certificate, pub, priv interface{}) ([]byte, error)

      CreateAttestationCertificate creates an X.509 certificate with an embedded report from the underlying enclave.

      func CreateAttestationServerTLSConfig

      func CreateAttestationServerTLSConfig() (*tls.Config, error)

        CreateAttestationServerTLSConfig creates a tls.Config object with a self-signed certificate and an embedded report.

        func GetProductSealKey

        func GetProductSealKey() (key, keyInfo []byte, err error)

          GetProductSealKey gets a key derived from the signer and product id of the enclave.

          keyInfo can be used to retrieve the same key later, on a newer security version.

          func GetRemoteReport

          func GetRemoteReport(reportData []byte) ([]byte, error)

            GetRemoteReport gets a report signed by the enclave platform for use in remote attestation.

            The report shall contain the data given by the reportData parameter.

            func GetSealKey

            func GetSealKey(keyInfo []byte) ([]byte, error)

              GetSealKey gets a key from the enclave platform using existing key information.

              func GetUniqueSealKey

              func GetUniqueSealKey() (key, keyInfo []byte, err error)

                GetUniqueSealKey gets a key derived from a measurement of the enclave.

                keyInfo can be used to retrieve the same key later, on a newer security version.

                func VerifyRemoteReport

                func VerifyRemoteReport(reportBytes []byte) (attestation.Report, error)

                  VerifyRemoteReport verifies the integrity of the remote report and its signature.

                  This function verifies that the report signature is valid. It verifies that the signing authority is rooted to a trusted authority such as the enclave platform manufacturer.

                  Returns the parsed report if the signature is valid. Returns an error if the signature is invalid.

                  Types

                  This section is empty.

                  Source Files