Documentation
¶
Index ¶
- Constants
- Variables
- func CreateCert(moreConfigs ...ConnectionOption[CmcConfig]) (string, error)
- func Dial(network string, addr string, config *tls.Config, ...) (*tls.Conn, error)
- func GetCert(moreConfigs ...ConnectionOption[CmcConfig]) (tls.Certificate, error)
- func Listen(network, laddr string, config *tls.Config, ...) (net.Listener, error)
- func Read(c net.Conn) ([]byte, error)
- func Write(msg []byte, c net.Conn) error
- type AtlsHandshakeComplete
- type AtlsHandshakeRequest
- type AtlsHandshakeResponse
- type AttestSelect
- type CmcApi
- type CmcConfig
- type CoapApi
- type ConnectionOption
- func WithAttest(attest AttestSelect) ConnectionOption[CmcConfig]
- func WithCmcAddr(address string) ConnectionOption[CmcConfig]
- func WithCmcApi(api string) ConnectionOption[CmcConfig]
- func WithCmcPolicies(policies []byte) ConnectionOption[CmcConfig]
- func WithKeyConfig(keyConf api.TLSKeyConfig) ConnectionOption[CmcConfig]
- func WithKeyId(id string) ConnectionOption[CmcConfig]
- func WithLibApiCmcConfig(config *cmc.Config) ConnectionOption[CmcConfig]
- func WithMtls(mtls bool) ConnectionOption[CmcConfig]
- func WithResultCb(cb func(result *ar.AttestationResult)) ConnectionOption[CmcConfig]
- func WithSerializer(serializer ar.Serializer) ConnectionOption[CmcConfig]
- type Endpoint
- type GrpcApi
- type LibApi
- type Listener
- type PrivateKey
- type SocketApi
Constants ¶
const ( Endpoint_Client = 0 Endpoint_Server = 1 )
Variables ¶
var CmcApis = map[string]CmcApi{}
Functions ¶
func CreateCert ¶ added in v0.9.8
func CreateCert(moreConfigs ...ConnectionOption[CmcConfig]) (string, error)
func Dial ¶
func Dial(network string, addr string, config *tls.Config, moreConfigs ...ConnectionOption[CmcConfig]) (*tls.Conn, error)
Wraps tls.Dial Additionally performs remote attestation before returning the established connection.
func GetCert ¶
func GetCert(moreConfigs ...ConnectionOption[CmcConfig]) (tls.Certificate, error)
Obtains Certificate for the Identity Key (IK) used for the connection from cmcd
func Listen ¶
func Listen(network, laddr string, config *tls.Config, moreConfigs ...ConnectionOption[CmcConfig]) (net.Listener, error)
Wrapper for tls.Listen Returns custom Listener that will perform additional remote attestation operations right after successful TLS connection establishment
Types ¶
type AtlsHandshakeComplete ¶ added in v0.8.0
type AtlsHandshakeComplete struct {
Version string `json:"version" cbor:"0,keyasint"`
Success bool `json:"success" cbor:"1,keyasint"`
Error string `json:"error,omitempty" cbor:"2,keyasint,omitempty"`
}
func (*AtlsHandshakeComplete) CheckVersion ¶ added in v0.8.0
func (complete *AtlsHandshakeComplete) CheckVersion() error
type AtlsHandshakeRequest ¶ added in v0.8.0
type AtlsHandshakeRequest struct {
Version string `json:"version" cbor:"0,keyasint"`
Attest AttestSelect `` /* 147-byte string literal not displayed */
Cached []string `json:"cached,omitempty" cbor:"2,keyasint,omitempty"`
ExtendedReport bool `json:"extendedReport,omitempty" cbor:"3,keyasint,omitempty"`
}
func (*AtlsHandshakeRequest) CheckVersion ¶ added in v0.8.0
func (req *AtlsHandshakeRequest) CheckVersion() error
type AtlsHandshakeResponse ¶ added in v0.8.0
type AtlsHandshakeResponse struct {
Version string `json:"version" cbor:"0,keyasint"`
Error string `json:"error,omitempty" cbor:"1,keyasint,omitempty"`
Report []byte `json:"report,omitempty" cbor:"2,keyasint,omitempty"`
}
func (*AtlsHandshakeResponse) CheckVersion ¶ added in v0.8.0
func (resp *AtlsHandshakeResponse) CheckVersion() error
type AttestSelect ¶ added in v0.6.0
type AttestSelect uint32
const ( Attest_Mutual AttestSelect = 0 Attest_Client AttestSelect = 1 Attest_Server AttestSelect = 2 Attest_None AttestSelect = 3 )
func (AttestSelect) String ¶ added in v0.8.0
func (s AttestSelect) String() string
type CmcConfig ¶ added in v0.6.0
type CmcConfig struct {
CmcAddr string
CmcApi CmcApi
Serializer ar.Serializer
IdentityCas []*x509.Certificate
Policies []byte
Mtls bool
Attest AttestSelect
KeyId string
KeyConfig api.TLSKeyConfig
ResultCb func(result *ar.AttestationResult)
LibApiConfig *cmc.Config
}
CmcConfig holds the relevant parameters to interact with the cmcd
func NewCmcConfig ¶ added in v0.8.0
func NewCmcConfig(opts ...ConnectionOption[CmcConfig]) (*CmcConfig, error)
NewCmcConfig creates a new CMC config based on default and specified values
type ConnectionOption ¶ added in v0.4.0
func WithAttest ¶ added in v0.6.0
func WithAttest(attest AttestSelect) ConnectionOption[CmcConfig]
WithAttest specifies whether to perform mutual, dialer only, or listener only attestation
func WithCmcAddr ¶ added in v0.5.0
func WithCmcAddr(address string) ConnectionOption[CmcConfig]
WithCmcAddress sets the address with which to contact the CMC. If not specified, default is "localhost"
func WithCmcApi ¶ added in v0.5.0
func WithCmcApi(api string) ConnectionOption[CmcConfig]
WithCmcApi specifies the API to be used to connect to the cmcd If not specified, default is grpc
func WithCmcPolicies ¶ added in v0.4.0
func WithCmcPolicies(policies []byte) ConnectionOption[CmcConfig]
WithCmcPolicies specifies optional custom policies the attestation report should be verified against
func WithKeyConfig ¶ added in v0.9.8
func WithKeyConfig(keyConf api.TLSKeyConfig) ConnectionOption[CmcConfig]
func WithKeyId ¶ added in v0.9.8
func WithKeyId(id string) ConnectionOption[CmcConfig]
WithKeyId sets the key UUID to identify the key that should be used for establishing attested TLS connectins
func WithLibApiCmcConfig ¶ added in v0.9.7
func WithLibApiCmcConfig(config *cmc.Config) ConnectionOption[CmcConfig]
WithLibApiCmc takes a CMC object. This is only required for the Lib API, where the CMC is integrated directly into binary (instead of using the cmcd)
func WithMtls ¶ added in v0.6.0
func WithMtls(mtls bool) ConnectionOption[CmcConfig]
WithMtls specifies whether to perform mutual TLS with mutual attestation or server-side authentication and attestation only
func WithResultCb ¶ added in v0.6.0
func WithResultCb(cb func(result *ar.AttestationResult)) ConnectionOption[CmcConfig]
WithResultCb is a callback for further processing of attestation results
func WithSerializer ¶ added in v0.9.8
func WithSerializer(serializer ar.Serializer) ConnectionOption[CmcConfig]
WithSerializer specifies the serializer for requests and attestation reports
type Listener ¶
type Listener struct {
net.Listener // embedded interface
*CmcConfig // embedded struct
*tls.Config // embedded struct
}
Struct to implement Listener interface * holds net.Listener and adds additional functionality to it
func (Listener) Accept ¶
Implementation of Accept() in net.Listener iface Calls Accept of the net.Listnener and additionally performs remote attestation after connection establishment before returning the connection
type PrivateKey ¶
type PrivateKey struct {
*CmcConfig // embedded struct
// contains filtered or unexported fields
}
PrivateKey Wrapper implementing crypto.Signer interface Used to contact cmcd for signing operations
func (PrivateKey) Public ¶
func (priv PrivateKey) Public() crypto.PublicKey
func (PrivateKey) Sign ¶
func (priv PrivateKey) Sign(random io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)
Implementation of Sign() in crypto.Signer iface Contacts cmcd for sign operation and returns received signature
Source Files