Documentation
¶
Index ¶
- Constants
- Variables
- func CertPubkeyFP(cert *x509.Certificate) (string, error)
- func ConnectionCertFP(c tls.ConnectionState) (string, error)
- func Fingerprint(m *Measurement, hw *HardwareMeasurement, targetType PredicateType) (string, error)
- func KeyFP(publicKey *ecdsa.PublicKey) string
- func TLSPublicKey(host string, insecure bool) (string, error)
- type Document
- type HardwareMeasurement
- type Measurement
- type PredicateType
- type Provider
- type Verification
Constants ¶
const RTMR3_ZERO = "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
Variables ¶
var ( ErrFormatMismatch = errors.New("attestation format mismatch") ErrMeasurementMismatch = errors.New("measurement mismatch") ErrRtmr1Mismatch = errors.New("RTMR1 mismatch") ErrRtmr2Mismatch = errors.New("RTMR2 mismatch") ErrRtmr3Mismatch = errors.New("RTMR3 mismatch") ErrFewRegisters = errors.New("fewer registers than expected") ErrMultiPlatformMismatch = errors.New("multi-platform measurement mismatch") ErrMultiPlatformSevSnpMismatch = errors.New("multi-platform SEV-SNP measurement mismatch") )
Functions ¶
func CertPubkeyFP ¶ added in v0.1.0
func CertPubkeyFP(cert *x509.Certificate) (string, error)
CertPubkeyFP returns the fingerprint of the public key of a given certificate
func ConnectionCertFP ¶ added in v0.1.0
func ConnectionCertFP(c tls.ConnectionState) (string, error)
ConnectionCertFP gets the KeyFP of the public key of a TLS connection state
func Fingerprint ¶ added in v0.10.2
func Fingerprint(m *Measurement, hw *HardwareMeasurement, targetType PredicateType) (string, error)
Fingerprint computes a SHA-256 hash of the measurement type and registers. Not used for direct comparison.
Types ¶
type Document ¶
type Document struct {
Format PredicateType `json:"format"`
Body string `json:"body"`
}
Document represents an attestation document
func NewDocument ¶ added in v0.1.6
func NewDocument(format PredicateType, body []byte) (*Document, error)
NewDocument creates a new attestation document from a given format and body
func (*Document) Verify ¶
func (d *Document) Verify() (*Verification, error)
Verify checks the attestation document against its trust root and returns the inner measurements
type HardwareMeasurement ¶ added in v0.1.14
HardwareMeasurement represents the measurement values for a single platform from the hardware measurement repo
func VerifyHardware ¶ added in v0.1.14
func VerifyHardware(measurements []*HardwareMeasurement, enclaveMeasurement *Measurement) (*HardwareMeasurement, error)
VerifyHardware compares an enclave measurement against the set of valid hardware measurements
type Measurement ¶
type Measurement struct {
Type PredicateType `json:"type"`
Registers []string `json:"registers"`
}
func (*Measurement) Equals ¶
func (m *Measurement) Equals(other *Measurement) error
func (*Measurement) EqualsDisplay ¶ added in v0.10.2
func (m *Measurement) EqualsDisplay(other *Measurement) (string, error)
func (*Measurement) String ¶ added in v0.10.2
func (m *Measurement) String() string
type PredicateType ¶
type PredicateType string
const ( // CC guest v2 types include the TLS key fingerprint and optionally HPKE public key SevGuestV2 PredicateType = "https://tinfoil.sh/predicate/sev-snp-guest/v2" TdxGuestV2 PredicateType = "https://tinfoil.sh/predicate/tdx-guest/v2" SnpTdxMultiPlatformV1 PredicateType = "https://tinfoil.sh/predicate/snp-tdx-multiplatform/v1" HardwareMeasurementsV1 PredicateType = "https://tinfoil.sh/predicate/hardware-measurements/v1" )
type Verification ¶ added in v0.0.17
type Verification struct {
Measurement *Measurement `json:"measurement"`
TLSPublicKeyFP string `json:"tls_public_key,omitempty"`
HPKEPublicKey string `json:"hpke_public_key,omitempty"`
}
func VerifyAttestationJSON ¶
func VerifyAttestationJSON(j []byte) (*Verification, error)
VerifyAttestationJSON verifies an attestation document in JSON format and returns the inner measurements