Documentation ¶
Overview ¶
Package attestation provides attestation data structures.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrEmptyReport = errors.New("empty report")
ErrEmptyReport is returned by VerifyRemoteReport if reportBytes is empty.
Functions ¶
This section is empty.
Types ¶
type Report ¶
type Report struct { Data []byte // The report data that has been included in the report. SecurityVersion uint // Security version of the enclave. For SGX enclaves, this is the ISVSVN value. Debug bool // If true, the report is for a debug enclave. UniqueID []byte // The unique ID for the enclave. For SGX enclaves, this is the MRENCLAVE value. SignerID []byte // The signer ID for the enclave. For SGX enclaves, this is the MRSIGNER value. ProductID []byte // The Product ID for the enclave. For SGX enclaves, this is the ISVPRODID value. }
Report is a parsed enclave report.
func VerifyAzureAttestationToken ¶ added in v0.2.2
VerifyAzureAttestationToken takes a Microsoft Azure Attestation token in JSON Web Token compact serialization format and verifies the token's public claims and signature. The attestation provider's keys are loaded from providerURL over TLS. The validation is based on the trust in this TLS channel. Note that the token's issuer (iss) has to be equal to the providerURL, and providerURL must use the HTTPS scheme.
The caller must verify the returned report's content.
This function relies on the root CA certificates of the host to verify the TLS connection. Thus, it is currently usable by non-enclaved clients only. A future version of EGo will allow to add root certificates to an enclave.