util

package

v0.4.4 Latest Latest Go to latest Published: Mar 29, 2024 License: Apache-2.0, BSD-3-Clause Imports: 20 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/google/go-tpm-tools

Links

Open Source Insights

Documentation ¶

Overview ¶

Package util provides helper funtions to prepare materials for talking to attestation verifiers.

Index ¶

Constants
func FetchAttestation(tpm io.ReadWriteCloser, akFetcher TpmKeyFetcher, nonce []byte) (*attestpb.Attestation, error)
func GetRegion(client *metadata.Client) (string, error)
func NewRESTClient(ctx context.Context, asAddr string, ProjectID string, Region string) (verifier.Client, error)
func PrincipalFetcher(audience string, mdsClient *metadata.Client) ([][]byte, error)
type Instance
type MetadataServer
- func NewMetadataServer(data Instance) (*MetadataServer, error)
- func (s *MetadataServer) Stop()
type MockAttestationServer
- func NewMockAttestationServer() (*MockAttestationServer, error)
- func (s *MockAttestationServer) Stop()
type MockOauth2Server
- func NewMockOauth2Server() (*MockOauth2Server, error)
- func (s *MockOauth2Server) Stop()
type TpmKeyFetcher

Constants ¶

View Source

const FakeChallengeUUID = "947b4f7b-e6d4-4cfe-971c-39ffe00268ba"

FakeChallengeUUID is the challenge for fake attestation server

View Source

const FakeTpmNonce = "R29vZ0F0dGVzdFYxeGtJUGlRejFPOFRfTzg4QTRjdjRpQQ=="

FakeTpmNonce is the tpm nonce for fake attestation server

Variables ¶

This section is empty.

Functions ¶

func FetchAttestation ¶

func FetchAttestation(tpm io.ReadWriteCloser, akFetcher TpmKeyFetcher, nonce []byte) (*attestpb.Attestation, error)

FetchAttestation gathers the materials required for remote attestation from TPM

func GetRegion ¶

func GetRegion(client *metadata.Client) (string, error)

GetRegion retrieves region information from GCE metadata server

func NewRESTClient ¶

func NewRESTClient(ctx context.Context, asAddr string, ProjectID string, Region string) (verifier.Client, error)

NewRESTClient returns a REST verifier.Client that points to the given address. It defaults to the Attestation Verifier instance at https://confidentialcomputing.googleapis.com.

func PrincipalFetcher ¶

func PrincipalFetcher(audience string, mdsClient *metadata.Client) ([][]byte, error)

PrincipalFetcher fetch ID token with specific audience from Metadata server. See https://cloud.google.com/functions/docs/securing/authenticating#functions-bearer-token-example-go.

Types ¶

type Instance ¶

type Instance struct {
	ProjectID     string
	ProjectNumber string
	InstanceID    string
	InstanceName  string
	Zone          string
}

Instance struct for supported fake values for metadata server.

type MetadataServer ¶

type MetadataServer struct {
	// contains filtered or unexported fields
}

MetadataServer provides fake implementation for the GCE metadata server.

func NewMetadataServer ¶

func NewMetadataServer(data Instance) (*MetadataServer, error)

NewMetadataServer starts and hooks up a Server, serving env. data is the mock Instance data the metadata server will respond with.

func (*MetadataServer) Stop ¶

func (s *MetadataServer) Stop()

Stop shuts down the server and restores original metadataHostEnv env var.

type MockAttestationServer ¶

type MockAttestationServer struct {
	Server *httptest.Server
}

MockAttestationServer provides fake implementation for the GCE attestation server.

func NewMockAttestationServer ¶

func NewMockAttestationServer() (*MockAttestationServer, error)

NewMockAttestationServer creates a mock verifier

func (*MockAttestationServer) Stop ¶

func (s *MockAttestationServer) Stop()

Stop shuts down the server.

type MockOauth2Server ¶

type MockOauth2Server struct {
	Server       *httptest.Server
	OriginalCred string
}

MockOauth2Server is a struct for mocking Oauth2Server

func NewMockOauth2Server ¶

func NewMockOauth2Server() (*MockOauth2Server, error)

NewMockOauth2Server creates a mock Oauth2 server for testing purpose

func (*MockOauth2Server) Stop ¶

func (s *MockOauth2Server) Stop()

Stop cleans up the fake credential, reset the original one, and shuts down the server.

type TpmKeyFetcher ¶

type TpmKeyFetcher func(rw io.ReadWriter) (*client.Key, error)

TpmKeyFetcher abstracts the fetching of various types of Attestation Key from TPM

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL