mirror of
https://github.com/ultravioletrs/cocos.git
synced 2026-06-23 04:10:25 +00:00
Danko Miladinovic
80bf813c48
CI / lint (push) Has been cancelled
CI / test (agent) (push) Has been cancelled
CI / test (cli) (push) Has been cancelled
CI / test (cmd) (push) Has been cancelled
CI / test (internal) (push) Has been cancelled
CI / test (manager, true) (push) Has been cancelled
CI / test (pkg) (push) Has been cancelled
CI / upload-coverage (push) Has been cancelled
* initial post-handshake aTLS implementation * add header * rebased * remove grpc.go and http.go * fix authenticator issues * add freshness nonce --------- Co-authored-by: ultraviolet <cocosai@worker-52.local.pragmatic-it.com> Co-authored-by: ultraviolet <cocosai@k8s-master.local.pragmatic-it.com>
84 lines
2.3 KiB
Go
84 lines
2.3 KiB
Go
// Copyright (c) Ultraviolet
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package atls
|
|
|
|
import (
|
|
"context"
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"net"
|
|
|
|
"github.com/ultravioletrs/cocos/pkg/atls/ea"
|
|
eaattestation "github.com/ultravioletrs/cocos/pkg/atls/eaattestation"
|
|
internaltransport "github.com/ultravioletrs/cocos/pkg/atls/internal_transport"
|
|
)
|
|
|
|
type Conn = internaltransport.Conn
|
|
|
|
type Listener = internaltransport.Listener
|
|
|
|
type ClientConfig = internaltransport.ClientConfig
|
|
|
|
type ServerConfig = internaltransport.ServerConfig
|
|
|
|
type AuthenticatorRequest = ea.AuthenticatorRequest
|
|
|
|
func Dial(network, address string, cfg *ClientConfig) (*Conn, error) {
|
|
return internaltransport.Dial(network, address, cfg)
|
|
}
|
|
|
|
func DialContext(ctx context.Context, network, address string, cfg *ClientConfig) (*Conn, error) {
|
|
return internaltransport.DialContext(ctx, network, address, cfg)
|
|
}
|
|
|
|
func DialWithDialer(dialer *net.Dialer, network, address string, cfg *ClientConfig) (*Conn, error) {
|
|
return internaltransport.DialWithDialer(dialer, network, address, cfg)
|
|
}
|
|
|
|
func Client(tlsConn *tls.Conn, cfg *ClientConfig) (*Conn, error) {
|
|
return internaltransport.Client(tlsConn, cfg)
|
|
}
|
|
|
|
func Server(tlsConn *tls.Conn, cfg *ServerConfig) (*Conn, error) {
|
|
return internaltransport.Server(tlsConn, cfg)
|
|
}
|
|
|
|
func Listen(network, address string, cfg *ServerConfig) (*Listener, error) {
|
|
return internaltransport.Listen(network, address, cfg)
|
|
}
|
|
|
|
func NewRequest(context []byte) (*ea.AuthenticatorRequest, error) {
|
|
sigExt, err := ea.SignatureAlgorithmsExtension([]uint16{uint16(tls.ECDSAWithP256AndSHA256)})
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &ea.AuthenticatorRequest{
|
|
Type: ea.HandshakeTypeClientCertificateRequest,
|
|
Context: context,
|
|
Extensions: []ea.Extension{
|
|
sigExt,
|
|
ea.CMWAttestationOfferExtension(),
|
|
},
|
|
}, nil
|
|
}
|
|
|
|
func NewRandomRequest(contextLen int) (*ea.AuthenticatorRequest, error) {
|
|
context, err := ea.NewRandomContext(contextLen)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return NewRequest(context)
|
|
}
|
|
|
|
func VerifyOptionsFromTLSConfig(cfg *tls.Config) *x509.VerifyOptions {
|
|
if cfg == nil || cfg.InsecureSkipVerify || cfg.RootCAs == nil {
|
|
return nil
|
|
}
|
|
return &x509.VerifyOptions{Roots: cfg.RootCAs}
|
|
}
|
|
|
|
func VerificationPolicyFromEvidenceVerifier(v eaattestation.EvidenceVerifier) eaattestation.VerificationPolicy {
|
|
return eaattestation.VerificationPolicy{EvidenceVerifier: v}
|
|
}
|