enclave

Documentation

Overview

Package enclave provides functionality for Go enclaves like remote attestation and sealing.

Index

• func GetProductSealKey() (key, keyInfo []byte, err error)
• func GetRemoteReport(reportData []byte) ([]byte, error)
• func GetSealKey(keyInfo []byte) ([]byte, error)
• func GetUniqueSealKey() (key, keyInfo []byte, err error)
• func VerifyRemoteReport(reportBytes []byte) (attestation.Report, error)

Functions

func GetProductSealKey

func GetProductSealKey() (key, keyInfo []byte, err error)

GetProductSealKey gets a key derived from the signer and product id of the enclave.

keyInfo can be used to retrieve the same key later, on a newer security version.

func GetRemoteReport

func GetRemoteReport(reportData []byte) ([]byte, error)

GetRemoteReport gets a report signed by the enclave platform for use in remote attestation.

The report shall contain the data given by the reportData parameter.

func GetSealKey

func GetSealKey(keyInfo []byte) ([]byte, error)

GetSealKey gets a key from the enclave platform using existing key information.

func GetUniqueSealKey

func GetUniqueSealKey() (key, keyInfo []byte, err error)

GetUniqueSealKey gets a key derived from a measurement of the enclave.

keyInfo can be used to retrieve the same key later, on a newer security version.

func VerifyRemoteReport

func VerifyRemoteReport(reportBytes []byte) (attestation.Report, error)

VerifyRemoteReport verifies the integrity of the remote report and its signature.

This function verifies that the report signature is valid. It verifies that the signing authority is rooted to a trusted authority such as the enclave platform manufacturer.

Returns the parsed report if the signature is valid. Returns an error if the signature is invalid.