-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Simon Ott <[email protected]>
- Loading branch information
Showing
4 changed files
with
287 additions
and
118 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,107 @@ | ||
# Integration | ||
|
||
To integrate attestation into own projects, run the *cmcd* on your system and replace the | ||
go standard library `crypto/tls` or `net/http` package with the `cmc/attestedtls` or | ||
`cmc/attestedhttp` package respectively. The API was kept as close as possible to the | ||
original API, so that only some additional config options must be provided and many | ||
data types, such as `net.Conn` (https://pkg.go.dev/net#Conn) can still be used. | ||
|
||
In the following examples, error handling was omitted for simplicity. For the configurations, | ||
see [configuration](./configuration.md) or look at the *testtool* code. | ||
|
||
## Attested TLS | ||
|
||
### Client | ||
|
||
```go | ||
// Import the attested TLS package | ||
import atls "github.com/Fraunhofer-AISEC/cmc/attestedtls" | ||
|
||
// Create CMC configuration (see configuration documentation) | ||
conf := &CmcConfig{ | ||
// ... | ||
} | ||
|
||
// Establish attested TLS client connection | ||
conn, _ := atls.Dial("tcp", "localhost:4443", tlsConf, atls.WithCmcConfig(conf)) | ||
defer conn.Close() | ||
|
||
// Send data over the attested TLS connection | ||
_, _ = conn.Write([]byte("Hello, World")) | ||
``` | ||
|
||
### Server | ||
|
||
```go | ||
// Import the attested TLS package | ||
import atls "github.com/Fraunhofer-AISEC/cmc/attestedtls" | ||
|
||
// Create server TLS configuration | ||
tlsConf := &tls.Config{ | ||
Certificates: []tls.Certificate{cert}, | ||
ClientAuth: clientAuth, | ||
ClientCAs: roots, | ||
} | ||
|
||
// Create CMC configuration (see configuration documentation) | ||
conf := &CmcConfig{ | ||
// ... | ||
} | ||
|
||
// Create an attested TLS listener | ||
ln, _ := atls.Listen("tcp", "localhost:4443", tlsConf, atls.WithCmcConfig(conf)) | ||
defer ln.Close() | ||
|
||
for { | ||
// Accept connection and perform remote attestation | ||
conn, _ := ln.Accept() | ||
|
||
// Handle established connections | ||
go handle(conn) | ||
} | ||
``` | ||
|
||
## Attested HTTP | ||
|
||
### Client | ||
|
||
```go | ||
// Import the attested HTTPS package | ||
import ahttp "github.com/Fraunhofer-AISEC/cmc/attestedhttp" | ||
|
||
// Create attested HTTPS transport | ||
transport := &ahttp.Transport{ | ||
IdleConnTimeout: 60 * time.Second, | ||
TLSClientConfig: tlsConfig, | ||
// Additional CMC configuration (see configuration documentation) | ||
} | ||
|
||
// Create attested HTTP client | ||
client := &ahttp.Client{Transport: transport} | ||
|
||
// Perform attested HTTPS GET request | ||
resp, _ := client.Do("https://localhost:80/hello") | ||
``` | ||
|
||
### Server | ||
|
||
```go | ||
// Import the attested HTTPS package | ||
import ahttp "github.com/Fraunhofer-AISEC/cmc/attestedhttp" | ||
|
||
// Create attested HTTP server | ||
server := &ahttp.Server{ | ||
Server: &http.Server{ | ||
Addr: addr, | ||
TLSConfig: tlsConfig, | ||
}, | ||
// Additional CMC configuration (see configuration documentation) | ||
} | ||
|
||
// Use the golang net/http module functions to configure the server as usual | ||
http.HandleFunc("/hello", handleRequest) | ||
|
||
// Call the attested ListenAndServe method from the attested HTTP server | ||
// to run the server | ||
_ = server.ListenAndServe() | ||
``` |
Oops, something went wrong.