Documentation ¶
Index ¶
- Variables
- func DeriveKey(key *bip32.Key, hash [32]byte) *bip32.Key
- func GenerateEciesPrivateKey() *ecies.PrivateKey
- func GenerateRandomBytes(count int) []byte
- func GetKeyFromKeyGrantor(keyGrantorUrl string, clientData []byte) (*bip32.Key, error)
- func GetRandomExtPrivKey() *bip32.Key
- func GetSelfReportAndCheck() attestation.Report
- func HttpPost(url string, jsonReq []byte) ([]byte, error)
- func IsValidPrivateKey(key []byte) bool
- func RecoverKeyFromFile(fname string) (extPrivKey *bip32.Key, fileExists bool)
- func SealKeyToFile(fname string, extPrivKey *bip32.Key)
- func VerifyJWT(token string, report attestation.Report) (err error)
- func VerifyPeerReport(report, selfReport attestation.Report) error
- type GetKeyParams
- type RandReader
- type SimpleClient
Constants ¶
This section is empty.
Variables ¶
var ( ErrInDebugMode = errors.New("Cannot work in debug mode") ErrTCBStatus = errors.New("TCB is not up-to-date") ErrUniqueIDMismatch = errors.New("UniqueID Mismatch") ErrSignerIDMismatch = errors.New("SignerID Mismatch") ErrProductIDMismatch = errors.New("ProductID Mismatch") ErrReportDataMismatch = errors.New("ReportData Mismatch") AttestationProviderURLs = []string{ "https://sharedeus2.eus2.attest.azure.net", "https://sharedcus.cus.attest.azure.net", "https://shareduks.uks.attest.azure.net", "https://sharedeus.eus.attest.azure.net", "https://sharedcae.cae.attest.azure.net", } )
Functions ¶
func DeriveKey ¶
func DeriveKey(key *bip32.Key, hash [32]byte) *bip32.Key
Derive from the root key using a 9-depth path. Each level consumes 31 bits. NewChildKey may return non-nil error because validatePrivateKey may fail with a very low possibility. So we must add retry logic at each depth by repeatly increasing 'm'. The bits 8~10/11~13/14~16/17~19/20~22/23~25/26~29/30~32 of lastAdd will be used for record the retry count of depth 0/1/2/3/4/5/6/7. At depth=8, lastAdd will be added to 'm' as extra entropy.
func GenerateEciesPrivateKey ¶
func GenerateEciesPrivateKey() *ecies.PrivateKey
Generate a new eceis.PrivateKey from random data
func GenerateRandomBytes ¶
Use Intel CPU's true random number generator to get random data
func GetKeyFromKeyGrantor ¶
A downstream peer gets the main xprv key from the upstream peer with empty clientDatazero An enclave gets its derived key from the upstream peer with non-empty clientData
func GetRandomExtPrivKey ¶
func GetRandomExtPrivKey() *bip32.Key
Use Intel CPU's true random number generator to get an extended private key NewMasterKey may fail if random private key < secp256k1.S256().N (very unlikely), so we need to retry
func GetSelfReportAndCheck ¶
func GetSelfReportAndCheck() attestation.Report
Get SelfReport and check it against RemoteReport of the same enclave
func IsValidPrivateKey ¶
Return true if it's a valid secp256k1 private key
func RecoverKeyFromFile ¶
Read encrypted key from file and decrypt it
func SealKeyToFile ¶
func SealKeyToFile(fname string, extPrivKey *bip32.Key)
Encrypt the extended private key with a key derived from a measurement of the enclave, and then save the encrypted key to file
func VerifyJWT ¶
func VerifyJWT(token string, report attestation.Report) (err error)
Verify JWT and ensures it's from the same enclave that generates 'report'
func VerifyPeerReport ¶
func VerifyPeerReport(report, selfReport attestation.Report) error
Verify report against selfReport to ensure they are from the same enclave.
Types ¶
type GetKeyParams ¶
type RandReader ¶
type RandReader struct { }
type SimpleClient ¶
type SimpleClient struct { ExtPrivKey *bip32.Key ExtPubKey *bip32.Key PrivKey *secp256k1.PrivateKey PubKeyBz []byte }
func (*SimpleClient) CreateAndStartHttpsServer ¶
func (sc *SimpleClient) CreateAndStartHttpsServer(serverName, listenURL string, handlers map[string]func(w http.ResponseWriter, r *http.Request))