attestation

package
v0.2.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 19, 2025 License: AGPL-3.0 Imports: 29 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrFormatMismatch              = errors.New("attestation format mismatch")
	ErrMeasurementMismatch         = errors.New("measurement mismatch")
	ErrRtmr1Mismatch               = errors.New("RTMR1 mismatch")
	ErrRtmr2Mismatch               = errors.New("RTMR2 mismatch")
	ErrFewRegisters                = errors.New("fewer registers than expected")
	ErrMultiPlatformMismatch       = errors.New("multi-platform measurement mismatch")
	ErrMultiPlatformSevSnpMismatch = errors.New("multi-platform SEV-SNP measurement mismatch")
)

Functions

func CertPubkeyFP added in v0.1.0

func CertPubkeyFP(cert *x509.Certificate) (string, error)

CertPubkeyFP returns the fingerprint of the public key of a given certificate

func ConnectionCertFP added in v0.1.0

func ConnectionCertFP(c tls.ConnectionState) (string, error)

ConnectionCertFP gets the KeyFP of the public key of a TLS connection state

func KeyFP added in v0.1.0

func KeyFP(publicKey *ecdsa.PublicKey) string

KeyFP returns the fingerprint of a given ECDSA public key

func TLSPublicKey added in v0.2.0

func TLSPublicKey(host string) (string, error)

TLSPublicKey returns the TLS public key of a given host

Types

type Document

type Document struct {
	Format PredicateType `json:"format"`
	Body   string        `json:"body"`
}

Document represents an attestation document

func Fetch

func Fetch(host string) (*Document, error)

Fetch retrieves the attestation document from a given enclave hostname

func FromFile added in v0.1.18

func FromFile(path string) (*Document, error)

FromFile reads an attestation document from a file

func NewDocument added in v0.1.6

func NewDocument(format PredicateType, body []byte) (*Document, error)

NewDocument creates a new attestation document from a given format and body

func (*Document) Hash added in v0.1.0

func (d *Document) Hash() string

Hash returns the SHA-256 hash of the attestation document

func (*Document) Verify

func (d *Document) Verify() (*Verification, error)

Verify checks the attestation document against its trust root and returns the inner measurements

type HardwareMeasurement added in v0.1.14

type HardwareMeasurement struct {
	ID    string // platform@digest
	MRTD  string
	RTMR0 string
}

HardwareMeasurement represents the measurement values for a single platform from the hardware measurement repo

func VerifyHardware added in v0.1.14

func VerifyHardware(measurements []*HardwareMeasurement, enclaveMeasurement *Measurement) (*HardwareMeasurement, error)

VerifyHardware compares an enclave measurement against the set of valid hardware measurements

type Measurement

type Measurement struct {
	Type      PredicateType `json:"type"`
	Registers []string      `json:"registers"`
}

func (*Measurement) Equals

func (m *Measurement) Equals(other *Measurement) error

type PredicateType

type PredicateType string
const (
	// CC guest v1 types include only the TLS key fingerprint in the body
	SevGuestV1 PredicateType = "https://tinfoil.sh/predicate/sev-snp-guest/v1"
	TdxGuestV1 PredicateType = "https://tinfoil.sh/predicate/tdx-guest/v1"

	// CC guest v2 types include a JSON strucutre containing the TLS key fingerprint and optionally HPKE public key
	SevGuestV2 PredicateType = "https://tinfoil.sh/predicate/sev-snp-guest/v2"
	TdxGuestV2 PredicateType = "https://tinfoil.sh/predicate/tdx-guest/v2"

	SnpTdxMultiPlatformV1  PredicateType = "https://tinfoil.sh/predicate/snp-tdx-multiplatform/v1"
	HardwareMeasurementsV1 PredicateType = "https://tinfoil.sh/predicate/hardware-measurements/v1"
)

type Provider

type Provider interface {
	RequestAttestation(userData []byte) (*Document, error)
}

Provider represents a universal interface to request attestation documents

type Verification added in v0.0.17

type Verification struct {
	Measurement    *Measurement `json:"measurement"`
	TLSPublicKeyFP string       `json:"tls_public_key,omitempty"`
	HPKEPublicKey  string       `json:"hpke_public_key,omitempty"`
}

func VerifyAttestationJSON

func VerifyAttestationJSON(j []byte) (*Verification, error)

VerifyAttestationJSON verifies an attestation document in JSON format and returns the inner measurements

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL