Documentation ¶
Overview ¶
Copyright (c) 2021 Fraunhofer AISEC Fraunhofer-Gesellschaft zur Foerderung der angewandten Forschung e.V.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Index ¶
- func Dial(network string, addr string, config *tls.Config, ...) (*tls.Conn, error)
- func GetCert(moreConfigs ...ConnectionOption[cmcConfig]) (tls.Certificate, error)
- func Listen(network, laddr string, config *tls.Config, ...) (net.Listener, error)
- func Read(c net.Conn) ([]byte, error)
- func Write(msg []byte, c net.Conn) error
- type AttestedError
- type CmcApi
- type CmcApiSelect
- type CoapApi
- type ConnectionOption
- type GrpcApi
- type Listener
- type PrivateKey
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Dial ¶
func Dial(network string, addr string, config *tls.Config, moreConfigs ...ConnectionOption[cmcConfig]) (*tls.Conn, error)
Wraps tls.Dial Additionally performs remote attestation before returning the established connection.
func GetCert ¶
func GetCert(moreConfigs ...ConnectionOption[cmcConfig]) (tls.Certificate, error)
Obtains Certificate for the used TLS key from cmcd
func Listen ¶
func Listen(network, laddr string, config *tls.Config, moreConfigs ...ConnectionOption[cmcConfig]) (net.Listener, error)
Wrapper for tls.Listen Returns custom Listener that will perform additional remote attestation operations right after successful TLS connection establishment
Types ¶
type AttestedError ¶ added in v0.5.0
type AttestedError struct {
// contains filtered or unexported fields
}
Struct that holds verification result additional to the error
func NewAttestedError ¶ added in v0.5.0
func NewAttestedError(r ar.VerificationResult, err error) AttestedError
NewAttestedError creates an AttestedError using the provided error and attestation report
func (AttestedError) Error ¶ added in v0.5.0
func (err AttestedError) Error() string
Error returns the error message as a string. This implements the Error interface
func (AttestedError) GetVerificationResult ¶ added in v0.5.0
func (err AttestedError) GetVerificationResult() ar.VerificationResult
GetVerificationResult returns the verification result stored in the AttestedError
func (AttestedError) Unwrap ¶ added in v0.5.0
func (err AttestedError) Unwrap() error
Unwrap returns the unwrapped error
type CmcApiSelect ¶ added in v0.5.0
type CmcApiSelect uint32
const ( CmcApi_GRPC CmcApiSelect = 0 CmcApi_COAP CmcApiSelect = 1 )
type ConnectionOption ¶ added in v0.4.0
type ConnectionOption[T any] func(*T)
func WithCmcAddr ¶ added in v0.5.0
func WithCmcAddr(address string) ConnectionOption[cmcConfig]
WithCmcAddress sets the address with which to contact the CMC. If not specified, default is "localhost"
func WithCmcApi ¶ added in v0.5.0
func WithCmcApi(api CmcApiSelect) ConnectionOption[cmcConfig]
WithCmcApi specifies the API to be used to connect to the cmcd If not specified, default is grpc
func WithCmcCa ¶ added in v0.4.0
func WithCmcCa(pem []byte) ConnectionOption[cmcConfig]
WithCmcCa specifies the CA the attestation report should be verified against in PEM format
func WithCmcPolicies ¶ added in v0.4.0
func WithCmcPolicies(policies []byte) ConnectionOption[cmcConfig]
WithCmcPolicies specifies optional custom policies the attestation report should be verified against
type Listener ¶
type Listener struct { net.Listener // embedded interface *tls.Config // embedded struct // contains filtered or unexported fields }
Struct to implement Listener interface * holds net.Listener and adds additional functionality to it
func (Listener) Accept ¶
Implementation of Accept() in net.Listener iface Calls Accept of the net.Listnener and additionally performs remote attestation after connection establishment before returning the connection
type PrivateKey ¶
type PrivateKey struct {
// contains filtered or unexported fields
}
PrivateKey Wrapper Implementing crypto.Signer interface Used to contact cmcd for signing operations
func (PrivateKey) Public ¶
func (priv PrivateKey) Public() crypto.PublicKey
func (PrivateKey) Sign ¶
func (priv PrivateKey) Sign(random io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)
Implementation of Sign() in crypto.Signer iface Contacts cmcd for sign operation and returns received signature