Documentation
¶
Index ¶
- Constants
- Variables
- func CertPubkeyFP(cert *x509.Certificate) (string, error)
- func ConnectionCertFP(c tls.ConnectionState) (string, error)
- func Fingerprint(m *Measurement, hw *HardwareMeasurement, targetType PredicateType) (string, error)
- func KeyFP(publicKey *ecdsa.PublicKey) string
- func TLSPublicKey(host string, insecure bool) (string, error)
- type Bundle
- type CertVerificationResult
- type Document
- type HardwareMeasurement
- type Measurement
- type PredicateType
- type Provider
- type Verification
Constants ¶
const MinimumTcbEvaluationDataNumber = 18
MinimumTcbEvaluationDataNumber is the minimum TCB evaluation data number required for embedded collateral. This ensures outdated collateral cannot be accidentally embedded. The build will fail if collateral is older than this value. See Intel's TCB Recovery best practices.
const RTMR3_ZERO = "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
Variables ¶
var ( ErrFormatMismatch = errors.New("attestation format mismatch") ErrMeasurementMismatch = errors.New("measurement mismatch") ErrRtmr1Mismatch = errors.New("RTMR1 mismatch") ErrRtmr2Mismatch = errors.New("RTMR2 mismatch") ErrRtmr3Mismatch = errors.New("RTMR3 mismatch") ErrFewRegisters = errors.New("fewer registers than expected") ErrMultiPlatformMismatch = errors.New("multi-platform measurement mismatch") ErrMultiPlatformSevSnpMismatch = errors.New("multi-platform SEV-SNP measurement mismatch") )
var IntelQeVendorID = []byte{
0x93, 0x9a, 0x72, 0x33, 0xf7, 0x9c, 0x4c, 0xa9,
0x94, 0x0a, 0x0d, 0xb3, 0x95, 0x7f, 0x06, 0x07,
}
IntelQeVendorID is Intel's QE Vendor ID (939a7233-f79c-4ca9-940a-0db3957f0607)
Functions ¶
func CertPubkeyFP ¶
func CertPubkeyFP(cert *x509.Certificate) (string, error)
CertPubkeyFP returns the fingerprint of the public key of a given certificate
func ConnectionCertFP ¶
func ConnectionCertFP(c tls.ConnectionState) (string, error)
ConnectionCertFP gets the KeyFP of the public key of a TLS connection state
func Fingerprint ¶
func Fingerprint(m *Measurement, hw *HardwareMeasurement, targetType PredicateType) (string, error)
Fingerprint computes a SHA-256 hash of the measurement type and registers. Not used for direct comparison.
Types ¶
type Bundle ¶
type Bundle struct {
Domain string `json:"domain"`
EnclaveAttestationReport *Document `json:"enclaveAttestationReport"`
Digest string `json:"digest"`
SigstoreBundle json.RawMessage `json:"sigstoreBundle"`
VCEK string `json:"vcek"`
EnclaveCert string `json:"enclaveCert"`
}
Bundle represents a complete attestation bundle for single-request verification
func FetchBundle ¶
FetchBundle retrieves a complete attestation bundle from the default endpoint
func FetchBundleFrom ¶
FetchBundleFrom retrieves a complete attestation bundle from a custom base URL
type CertVerificationResult ¶
type CertVerificationResult struct {
HPKEPublicKey string
AttestationHash string
DNSNames []string
}
CertVerificationResult contains the extracted values from certificate verification
func VerifyCertificate ¶
func VerifyCertificate(certPEM string, expectedDomain string, attestationDoc *Document, expectedHPKEKey string) (*CertVerificationResult, error)
VerifyCertificate verifies an enclave TLS certificate against expected values. It checks that: 1. Certificate is valid for the expected domain 2. Certificate SANs contain the correct HPKE key 3. Certificate SANs contain the correct attestation hash
type Document ¶
type Document struct {
Format PredicateType `json:"format"`
Body string `json:"body"`
}
Document represents an attestation document
func NewDocument ¶
func NewDocument(format PredicateType, body []byte) (*Document, error)
NewDocument creates a new attestation document from a given format and body
func (*Document) Verify ¶
func (d *Document) Verify() (*Verification, error)
Verify checks the attestation document against its trust root and returns the inner measurements
func (*Document) VerifyWithVCEK ¶
func (d *Document) VerifyWithVCEK(vcekDER []byte) (*Verification, error)
VerifyWithVCEK checks the attestation document using an optional pre-provided VCEK certificate
type HardwareMeasurement ¶
HardwareMeasurement represents the measurement values for a single platform from the hardware measurement repo
func VerifyHardware ¶
func VerifyHardware(measurements []*HardwareMeasurement, enclaveMeasurement *Measurement) (*HardwareMeasurement, error)
VerifyHardware compares an enclave measurement against the set of valid hardware measurements
type Measurement ¶
type Measurement struct {
Type PredicateType `json:"type"`
Registers []string `json:"registers"`
}
func (*Measurement) Equals ¶
func (m *Measurement) Equals(other *Measurement) error
func (*Measurement) EqualsDisplay ¶
func (m *Measurement) EqualsDisplay(other *Measurement) (string, error)
func (*Measurement) String ¶
func (m *Measurement) String() string
type PredicateType ¶
type PredicateType string
const ( // CC guest v2 types include the TLS key fingerprint and optionally HPKE public key SevGuestV2 PredicateType = "https://tinfoil.sh/predicate/sev-snp-guest/v2" TdxGuestV2 PredicateType = "https://tinfoil.sh/predicate/tdx-guest/v2" SnpTdxMultiPlatformV1 PredicateType = "https://tinfoil.sh/predicate/snp-tdx-multiplatform/v1" HardwareMeasurementsV1 PredicateType = "https://tinfoil.sh/predicate/hardware-measurements/v1" )
type Verification ¶
type Verification struct {
Measurement *Measurement `json:"measurement"`
TLSPublicKeyFP string `json:"tls_public_key,omitempty"`
HPKEPublicKey string `json:"hpke_public_key,omitempty"`
}
func VerifyAttestationJSON ¶
func VerifyAttestationJSON(j []byte) (*Verification, error)
VerifyAttestationJSON verifies an attestation document in JSON format and returns the inner measurements
Source Files