verifier

package module

v0.0.0-...-011bdd5 Latest Latest Go to latest Published: Aug 14, 2025 License: Apache-2.0, BSD-2-Clause Imports: 4 Imported by: 2

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/google/go-tpm-tools

Links

Open Source Insights

Documentation ¶

Overview ¶

Package verifier contains clients for various attestation verifiers. It is meant for launcher use and testing; the API is not stable.

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Challenge ¶

type Challenge struct {
	// Used as audience for GCP credential tokens.
	Name string
	// Used to generate attestation.
	Nonce     []byte
	ConnID    string
	Val       []byte
	Iat       []byte
	Signature []byte
}

Challenge is the response for CreateChallenge. It is used in the get challenge part of a remote attestation protocol. The challenge will be verified as part of VerifyAttestation.

type Client ¶

type Client interface {
	CreateChallenge(ctx context.Context) (*Challenge, error)
	VerifyAttestation(ctx context.Context, request VerifyAttestationRequest) (*VerifyAttestationResponse, error)
}

Client is a common interface to various attestation verifiers.

type ContainerSignature ¶

type ContainerSignature struct {
	Payload   []byte
	Signature []byte
}

type TDCCELAttestation ¶

type TDCCELAttestation struct {
	CcelAcpiTable     []byte
	CcelData          []byte
	CanonicalEventLog []byte
	TdQuote           []byte
	// still needs following two for GCE info
	AkCert            []byte
	IntermediateCerts [][]byte
}

type VerifyAttestationRequest ¶

type VerifyAttestationRequest struct {
	Challenge      *Challenge
	GcpCredentials [][]byte
	// Attestation is for TPM attestation
	Attestation              *attestpb.Attestation
	ContainerImageSignatures []*ContainerSignature
	TokenOptions             *models.TokenOptions
	// TDCCELAttestation is for TDX CCEL RTMR attestation
	TDCCELAttestation *TDCCELAttestation
}

VerifyAttestationRequest is passed in on VerifyAttestation. It contains the Challenge from CreateChallenge, optional GcpCredentials linked to the attestation, the Attestation generated from the TPM, and optional container image signatures associated with the workload.

type VerifyAttestationResponse ¶

type VerifyAttestationResponse struct {
	ClaimsToken []byte
	PartialErrs []*status.Status
}

VerifyAttestationResponse is the response from a successful VerifyAttestation call.

Source Files ¶

View all Source files

client.go

Directories ¶

Path	Synopsis
fake Package fake is a fake implementation of the Client interface for testing.	Package fake is a fake implementation of the Client interface for testing.
ita
models Package models contains models needed in client and server	Package models contains models needed in client and server
oci Package oci contains functionalities to interact with OCI image signatures.	Package oci contains functionalities to interact with OCI image signatures.
cosign Package cosign contains functionalities to interact with signatures generated by cosign.	Package cosign contains functionalities to interact with signatures generated by cosign.
rest Package rest contains the code to use the REST-based Google API	Package rest contains the code to use the REST-based Google API
util Package util provides helper funtions to prepare materials for talking to attestation verifiers.	Package util provides helper funtions to prepare materials for talking to attestation verifiers.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL