eclient

package

v0.5.1 Latest Latest Go to latest Published: Jun 16, 2022 License: MPL-2.0 Imports: 6 Imported by: 9

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/edgelesssys/ego

Links

Open Source Insights

Documentation ¶

Overview ¶

Package eclient provides functionality for Go programs that interact with enclave programs.

Use this package for programs that don't run in an enclave themselves but interact with enclaved programs. Those non-enclaved programs are often called third parties or relying parties.

This package requires libcrypto. On Ubuntu install it with:

sudo apt install libssl-dev

This package requires the following environment variables to be set during build:

CGO_CFLAGS=-I/opt/ego/include
CGO_LDFLAGS=-L/opt/ego/lib

Or if using the EGo snap:

CGO_CFLAGS=-I/snap/ego-dev/current/opt/ego/include
CGO_LDFLAGS=-L/snap/ego-dev/current/opt/ego/lib

Index ¶

func CreateAttestationClientTLSConfig(verifyReport func(attestation.Report) error) *tls.Config
func VerifyRemoteReport(reportBytes []byte) (attestation.Report, error)

Examples ¶

CreateAttestationClientTLSConfig

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CreateAttestationClientTLSConfig ¶

func CreateAttestationClientTLSConfig(verifyReport func(attestation.Report) error) *tls.Config

CreateAttestationClientTLSConfig creates a tls.Config object that verifies a certificate with embedded report.

verifyReport is called after the certificate has been verified against the report data. The caller must verify either the UniqueID or the tuple (SignerID, ProductID, SecurityVersion, Debug) in the callback.

Example ¶

// the uniqueID is derived from the binary of the enclaved program
// and can be obtained using `ego uniqueid`
var uniqueID []byte

verifyReport := func(report attestation.Report) error {
	if !bytes.Equal(report.UniqueID, uniqueID) {
		return errors.New("invalid UniqueID")
	}
	return nil
}

tlsConfig := CreateAttestationClientTLSConfig(verifyReport)
client := http.Client{Transport: &http.Transport{TLSClientConfig: tlsConfig}}

// example.com must use a TLS certificate with an embedded report
// EGo's enclave package provides functionality for such server
_, _ = client.Get("https://example.com")

Output:

func VerifyRemoteReport ¶

func VerifyRemoteReport(reportBytes []byte) (attestation.Report, error)

VerifyRemoteReport verifies the integrity of the remote report and its signature.

This function verifies that the report signature is valid. It verifies that the signing authority is rooted to a trusted authority such as the enclave platform manufacturer.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL