Documentation
¶
Index ¶
- Variables
- func VerifyJSON(sigstoreTrustedRootJSON []byte, enclave, repo string) (string, error)
- type GroundTruth
- type Response
- type SecureClient
- func (s *SecureClient) Enclave() string
- func (s *SecureClient) Get(url string, headers map[string]string) (*Response, error)
- func (s *SecureClient) GroundTruth() *GroundTruth
- func (s *SecureClient) GroundTruthJSON() (string, error)
- func (s *SecureClient) HTTPClient() (*http.Client, error)
- func (s *SecureClient) Post(url string, headers map[string]string, body []byte) (*Response, error)
- func (s *SecureClient) Repo() string
- func (s *SecureClient) Verify() (*GroundTruth, error)
- type TLSBoundRoundTripper
Constants ¶
This section is empty.
Variables ¶
Functions ¶
Types ¶
type GroundTruth ¶ added in v0.0.17
type GroundTruth struct {
TLSPublicKey string `json:"tls_public_key,omitempty"`
HPKEPublicKey string `json:"hpke_public_key,omitempty"`
Digest string `json:"digest"`
CodeMeasurement *attestation.Measurement `json:"code_measurement"`
EnclaveMeasurement *attestation.Measurement `json:"enclave_measurement"`
HardwareMeasurement *attestation.HardwareMeasurement `json:"hardware_measurement,omitempty"`
CodeFingerprint string `json:"code_fingerprint"`
EnclaveFingerprint string `json:"enclave_fingerprint"`
}
GroundTruth represents the "known good" verified of the enclave
type SecureClient ¶
type SecureClient struct {
// contains filtered or unexported fields
}
func NewDefaultClient ¶ added in v0.10.0
func NewDefaultClient() (*SecureClient, error)
NewDefaultSecureClient creates a new secure client with fallback mechanism. It tries to fetch routers from the router service, attempts to verify each one, and falls back to inference.tinfoil.sh if all routers fail.
func NewPinnedSecureClient ¶ added in v0.1.18
func NewPinnedSecureClient(enclave string, codeMeasurement *attestation.Measurement, hardwareMeasurements []*attestation.HardwareMeasurement) *SecureClient
NewPinnedSecureClient creates a new secure client with a given enclave and fixed measurements
func NewSecureClient ¶
func NewSecureClient(enclave, repo string) *SecureClient
NewSecureClient creates a new secure client with a given repo and enclave
func (*SecureClient) Enclave ¶ added in v0.1.16
func (s *SecureClient) Enclave() string
Enclave returns the enclave URL
func (*SecureClient) GroundTruth ¶ added in v0.0.17
func (s *SecureClient) GroundTruth() *GroundTruth
GroundTruth returns the last verified enclave state
func (*SecureClient) GroundTruthJSON ¶ added in v0.1.17
func (s *SecureClient) GroundTruthJSON() (string, error)
GroundTruthJSON returns the ground truth as a JSON string
func (*SecureClient) HTTPClient ¶
func (s *SecureClient) HTTPClient() (*http.Client, error)
HTTPClient returns an HTTP client that only accepts TLS connections to the verified enclave
func (*SecureClient) Repo ¶ added in v0.1.16
func (s *SecureClient) Repo() string
Repo returns the repository URL
func (*SecureClient) Verify ¶
func (s *SecureClient) Verify() (*GroundTruth, error)
Verify fetches the latest verification information from GitHub and Sigstore and stores the ground truth results in the client