verifier

package

v0.4.4 Latest Latest Go to latest Published: Mar 29, 2024 License: Apache-2.0, BSD-3-Clause Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/google/go-tpm-tools

Links

Open Source Insights

Documentation ¶

Overview ¶

Package verifier contains clients for various attestation verifiers. It is meant for launcher use and testing; the API is not stable.

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Challenge ¶

type Challenge struct {
	Name   string
	Nonce  []byte
	ConnID string
}

Challenge is the response for CreateChallenge. It is used in the get challenge part of a remote attestation protocol. The challenge will be verified as part of VerifyAttestation.

type Client ¶

type Client interface {
	CreateChallenge(ctx context.Context) (*Challenge, error)
	VerifyAttestation(ctx context.Context, request VerifyAttestationRequest) (*VerifyAttestationResponse, error)
}

Client is a common interface to various attestation verifiers.

type TokenOptions ¶

type TokenOptions struct {
	CustomAudience string
	CustomNonce    []string
	TokenType      string
}

TokenOptions contains fields that will be passed to the Attestation Service TokenOptions field. These fields are used to customize several claims in the token from the Attestation service.

type VerifyAttestationRequest ¶

type VerifyAttestationRequest struct {
	Challenge                *Challenge
	GcpCredentials           [][]byte
	Attestation              *attestpb.Attestation
	ContainerImageSignatures []oci.Signature
	TokenOptions             TokenOptions
}

VerifyAttestationRequest is passed in on VerifyAttestation. It contains the Challenge from CreateChallenge, optional GcpCredentials linked to the attestation, the Attestation generated from the TPM, and optional container image signatures associated with the workload.

type VerifyAttestationResponse ¶

type VerifyAttestationResponse struct {
	ClaimsToken []byte
	PartialErrs []*status.Status
}

VerifyAttestationResponse is the response from a successful VerifyAttestation call.

Source Files ¶

View all Source files

client.go

Directories ¶

Path	Synopsis
fake Package fake is a fake implementation of the Client interface for testing.	Package fake is a fake implementation of the Client interface for testing.
oci Package oci contains functionalities to interact with OCI image signatures.	Package oci contains functionalities to interact with OCI image signatures.
cosign Package cosign contains functionalities to interact with signatures generated by cosign.	Package cosign contains functionalities to interact with signatures generated by cosign.
rest Package rest contains the code to use the REST-based Google API	Package rest contains the code to use the REST-based Google API

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL