Documentation ¶
Overview ¶
Package verifier contains clients for various attestation verifiers. It is meant for launcher use and testing; the API is not stable.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Challenge ¶
Challenge is the response for CreateChallenge. It is used in the get challenge part of a remote attestation protocol. The challenge will be verified as part of VerifyAttestation.
type Client ¶
type Client interface { CreateChallenge(ctx context.Context) (*Challenge, error) VerifyAttestation(ctx context.Context, request VerifyAttestationRequest) (*VerifyAttestationResponse, error) }
Client is a common interface to various attestation verifiers.
type TokenOptions ¶
TokenOptions contains fields that will be passed to the Attestation Service TokenOptions field. These fields are used to customize several claims in the token from the Attestation service.
type VerifyAttestationRequest ¶
type VerifyAttestationRequest struct { Challenge *Challenge GcpCredentials [][]byte Attestation *attestpb.Attestation ContainerImageSignatures []oci.Signature TokenOptions TokenOptions }
VerifyAttestationRequest is passed in on VerifyAttestation. It contains the Challenge from CreateChallenge, optional GcpCredentials linked to the attestation, the Attestation generated from the TPM, and optional container image signatures associated with the workload.
type VerifyAttestationResponse ¶
VerifyAttestationResponse is the response from a successful VerifyAttestation call.
Directories ¶
Path | Synopsis |
---|---|
Package fake is a fake implementation of the Client interface for testing.
|
Package fake is a fake implementation of the Client interface for testing. |
Package oci contains functionalities to interact with OCI image signatures.
|
Package oci contains functionalities to interact with OCI image signatures. |
cosign
Package cosign contains functionalities to interact with signatures generated by cosign.
|
Package cosign contains functionalities to interact with signatures generated by cosign. |
Package rest contains the code to use the REST-based Google API
|
Package rest contains the code to use the REST-based Google API |