Documentation
¶
Index ¶
- Constants
- Variables
- func PublicKeyFromPem(bytes []byte) (interface{}, error)
- type EnclaveQuote
- type IASAttestationReport
- type IASReportBody
- type IASRequestBody
- type IntelAttestationService
- type MockIAS
- type MockVerifier
- func (v *MockVerifier) CheckEnclavePkHash(pkBytes []byte, report IASAttestationReport) (bool, error)
- func (v *MockVerifier) CheckMrEnclave(mrEnclaveBase64 string, report IASAttestationReport) (bool, error)
- func (v *MockVerifier) VerifyAttestationReport(verificationPubKey interface{}, report IASAttestationReport) (bool, error)
- type Verifier
- type VerifierImpl
- func (v *VerifierImpl) CheckEnclavePkHash(pkBytes []byte, report IASAttestationReport) (bool, error)
- func (v *VerifierImpl) CheckMrEnclave(mrEnclaveHexString string, report IASAttestationReport) (bool, error)
- func (v *VerifierImpl) VerifyAttestationReport(verificationPubKey interface{}, report IASAttestationReport) (bool, error)
Constants ¶
View Source
const IntelPubPEM = `` /* 451-byte string literal not displayed */
intel verification key
Variables ¶
View Source
var MOCK_API_KEY = [16]byte{0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
add you mock api-kay
View Source
var MOCK_SPID = [16]byte{0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
add you mock spid
Functions ¶
func PublicKeyFromPem ¶
Types ¶
type EnclaveQuote ¶
type EnclaveQuote struct {
Version uint16
SignType uint16
EPIDGroupID [4]byte
QeSVN [2]byte
PceSVN [2]byte
XeID uint32
Basename [32]byte
// ReportBody ReportBodyT
CPUSVN [16]byte
MiscSelect [4]byte
Reserved1 [28]byte
Attributes [16]byte
MrEnclave [32]byte
Reserved2 [32]byte
MrSigner [32]byte
Reserved3 [96]byte
ISVProdID [2]byte
ISVSVN [2]byte
Reserved4 [60]byte
ReportData [64]byte
}
EnclaveQuote is a struct for a quote object. This object is produced by SGX
func QuoteFromAttestationReport ¶
func QuoteFromAttestationReport(report IASAttestationReport) (EnclaveQuote, error)
func QuoteFromBase64 ¶
func QuoteFromBase64(quoteBase64 string) (EnclaveQuote, error)
QuoteFromBase64 parses a byte string to EnclaveQuote
func QuoteFromBytes ¶
func QuoteFromBytes(quoteAsBytes []byte) (EnclaveQuote, error)
QuoteFromBytes parses a byte string to EnclaveQuote
type IASAttestationReport ¶
type IASAttestationReport struct {
EnclavePk []byte `json:"EnclavePk"`
IASReportSignature string `json:"IASReport-Signature"`
IASReportSigningCertificate string `json:"IASReport-Signing-Certificate"`
IASReportBody []byte `json:"IASResponseBody"`
}
IASAttestationReport received from IAS (Intel attestation service) TODO renamte to AttestationReport
type IASReportBody ¶
type IASReportBody struct {
ID string `json:"id"`
IsvEnclaveQuoteStatus string `json:"isvEnclaveQuoteStatus"`
IsvEnclaveQuoteBody string `json:"isvEnclaveQuoteBody"`
PlatformInfoBlob string `json:"platformInfoBlob,omitempty"`
RevocationReason string `json:"revocationReason,omitempty"`
PseManifestStatus string `json:"pseManifestStatus,omitempty"`
PseManifestHash string `json:"pseManifestHash,omitempty"`
Nonce string `json:"nonce,omitempty"`
EpidPseudonym string `json:"epidPseudonym,omitempty"`
Timestamp string `json:"timestamp"`
}
IASReportBody received from IAS (Intel attestation service)
type IASRequestBody ¶
type IASRequestBody struct {
Quote string `json:"isvEnclaveQuote"`
}
IASRequestBody sent to IAS (Intel attestation service)
type IntelAttestationService ¶
type IntelAttestationService interface {
RequestAttestationReport(apiKey string, quoteAsBytes []byte) (IASAttestationReport, error)
GetIntelVerificationKey() (interface{}, error)
}
IntelAttestationService sent to IAS (Intel attestation service)
func NewIAS ¶
func NewIAS() IntelAttestationService
NewIAS is a great help to build an IntelAttestationService object
func NewIASWithMock ¶
func NewIASWithMock(mockURL string, mockClient *http.Client) IntelAttestationService
type MockIAS ¶
type MockIAS struct {
}
func (*MockIAS) GetIntelVerificationKey ¶
func (*MockIAS) RequestAttestationReport ¶
func (ias *MockIAS) RequestAttestationReport(apiKey string, quoteAsBytes []byte) (IASAttestationReport, error)
type MockVerifier ¶
type MockVerifier struct {
}
func (*MockVerifier) CheckEnclavePkHash ¶
func (v *MockVerifier) CheckEnclavePkHash(pkBytes []byte, report IASAttestationReport) (bool, error)
func (*MockVerifier) CheckMrEnclave ¶
func (v *MockVerifier) CheckMrEnclave(mrEnclaveBase64 string, report IASAttestationReport) (bool, error)
func (*MockVerifier) VerifyAttestationReport ¶
func (v *MockVerifier) VerifyAttestationReport(verificationPubKey interface{}, report IASAttestationReport) (bool, error)
type Verifier ¶
type Verifier interface {
VerifyAttestationReport(verificationPubKey interface{}, report IASAttestationReport) (bool, error)
CheckMrEnclave(mrEnclaveHexString string, report IASAttestationReport) (bool, error)
CheckEnclavePkHash(pkBytes []byte, report IASAttestationReport) (bool, error)
}
Verifier interface
type VerifierImpl ¶
type VerifierImpl struct {
}
VerifierImpl implements Verifier interface!
func (*VerifierImpl) CheckEnclavePkHash ¶
func (v *VerifierImpl) CheckEnclavePkHash(pkBytes []byte, report IASAttestationReport) (bool, error)
CheckEnclavePkHash returns true if hash of enclave pk in quote matches the expected value.
func (*VerifierImpl) CheckMrEnclave ¶
func (v *VerifierImpl) CheckMrEnclave(mrEnclaveHexString string, report IASAttestationReport) (bool, error)
CheckMrEnclave returns true if mrenclave in attestation report matches the expected value. Expected value input as base64.
func (*VerifierImpl) VerifyAttestationReport ¶
func (v *VerifierImpl) VerifyAttestationReport(verificationPubKey interface{}, report IASAttestationReport) (bool, error)
VerifyAttestationReport verifies IASAttestationReport signature using provided verification key
Source Files
Click to show internal directories.
Click to hide internal directories.