Documentation ¶
Overview ¶
Package enclave provides functionality for Go enclaves like remote attestation and sealing.
Index ¶
- func CreateAttestationCertificate(template, parent *x509.Certificate, pub, priv interface{}) ([]byte, error)
- func CreateAttestationServerTLSConfig() (*tls.Config, error)
- func CreateAzureAttestationToken(data []byte, url string) (string, error)
- func GetProductSealKey() (key, keyInfo []byte, err error)
- func GetRemoteReport(reportData []byte) ([]byte, error)
- func GetSealKey(keyInfo []byte) ([]byte, error)
- func GetUniqueSealKey() (key, keyInfo []byte, err error)
- func VerifyRemoteReport(reportBytes []byte) (attestation.Report, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CreateAttestationCertificate ¶ added in v0.1.1
func CreateAttestationCertificate(template, parent *x509.Certificate, pub, priv interface{}) ([]byte, error)
CreateAttestationCertificate creates an X.509 certificate with an embedded report from the underlying enclave.
func CreateAttestationServerTLSConfig ¶ added in v0.1.1
CreateAttestationServerTLSConfig creates a tls.Config object with a self-signed certificate and an embedded report.
func CreateAzureAttestationToken ¶ added in v0.2.2
CreateAzureAttestationToken creates a Microsoft Azure Attestation Token by creating an remote report and sending the report to an Attestation Provider, who is reachable under baseurl. The Attestation Provider will verify the remote Report. A JSON Web Token in compact serialization is returned.
func GetProductSealKey ¶
GetProductSealKey gets a key derived from the signer and product id of the enclave.
keyInfo can be used to retrieve the same key later, on a newer security version.
func GetRemoteReport ¶
GetRemoteReport gets a report signed by the enclave platform for use in remote attestation.
The report shall contain the data given by the reportData parameter.
func GetSealKey ¶
GetSealKey gets a key from the enclave platform using existing key information.
func GetUniqueSealKey ¶
GetUniqueSealKey gets a key derived from a measurement of the enclave.
keyInfo can be used to retrieve the same key later, on a newer security version.
func VerifyRemoteReport ¶
func VerifyRemoteReport(reportBytes []byte) (attestation.Report, error)
VerifyRemoteReport verifies the integrity of the remote report and its signature.
This function verifies that the report signature is valid. It verifies that the signing authority is rooted to a trusted authority such as the enclave platform manufacturer.
Returns the parsed report if the signature is valid. Returns an error if the signature is invalid.
Types ¶
This section is empty.