nitriding

package module
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 5, 2022 License: MPL-2.0 Imports: 38 Imported by: 0

README

Nitriding

GoDoc

This package helps with building networked Go applications on top of AWS Nitro Enclaves. The package provides the following features:

  1. Initialize the enclave's entropy pool.

  2. Obtain an HTTPS certificate for clients to connect to the enclave; either self-signed, or via Let's Encrypt.

  3. Expose an endpoint for remote attestation.

  4. Start a proxy that transparently translates between IP and VSOCK.

Use the following "hello world" example to get started:

package main

import (
	"fmt"
	"log"
	"net/http"

	"github.com/brave-experiments/nitriding"
)

func helloWorldHandler(w http.ResponseWriter, r *http.Request) {
	fmt.Fprintln(w, "hello world")
}

func main() {
	enclave := nitriding.NewEnclave(
		&nitriding.Config{
			FQDN:    "example.com",
			Port:    8080,
			UseACME: false,
			Debug:   false,
		},
	)
	enclave.AddRoute(http.MethodGet, "/hello-world", helloWorldHandler)
	if err := enclave.Start(); err != nil {
		log.Fatalf("Enclave terminated: %v", err)
	}
}

Documentation

Overview

Package nitriding implements a lightweight framework to build networked Go applications that run in AWS Nitro Enclaves.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RequestKeys added in v1.1.0 

func RequestKeys(addr string, keyMaterial any) error

RequestKeys asks a remote enclave to share its key material with us, which is then written to the provided variable.

This is only necessary if you intend to scale enclaves horizontally. If you will only ever run a single enclave, ignore this function.

Types

type Config 

type Config struct {
	SOCKSProxy string
	FQDN       string
	Port       int
	UseACME    bool
	Debug      bool
	FdCur      uint64
	FdMax      uint64
	AppURL     string
}

Config represents the configuration of our enclave service.

type Enclave 

type Enclave struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

Enclave represents a service running inside an AWS Nitro Enclave.

func NewEnclave 

func NewEnclave(cfg *Config) *Enclave

NewEnclave creates and returns a new enclave with the given config.

func (*Enclave) AddRoute 

func (e *Enclave) AddRoute(method, pattern string, handlerFn http.HandlerFunc)

AddRoute adds an HTTP handler for the given HTTP method and pattern.

func (*Enclave) KeyMaterial added in v1.1.0 

func (e *Enclave) KeyMaterial() (any, error)

KeyMaterial returns the key material or, if none was registered, an error.

func (*Enclave) SetKeyMaterial added in v1.1.0 

func (e *Enclave) SetKeyMaterial(keyMaterial any)

SetKeyMaterial registers the enclave's key material (e.g., secret encryption keys) as being ready to be synchronized to other, identical enclaves. Note that the key material's underlying data structure must be marshallable to JSON.

This is only necessary if you intend to scale enclaves horizontally. If you will only ever run a single enclave, ignore this function.

func (*Enclave) Start 

func (e *Enclave) Start() error

Start starts the Nitro Enclave. If it bootstraps correctly, this function won't return because it starts an HTTPS server. If something goes wrong, the function returns an error.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.