NVSwitch Evidence Verification#

Components used to perform switch evidence verification and produce attestation results (claims) for a relying party.

Functions#

nvat_rc_t nvat_switch_local_verifier_create(nvat_switch_local_verifier_t *out_verifier, nvat_rim_store_t rim_store, nvat_ocsp_client_t ocsp_client, nvat_detached_eat_options_t detached_eat_options)

Create a local verifier to appraise evidence in the current process.

nvat_switch_verifier_t nvat_switch_local_verifier_upcast(nvat_switch_local_verifier_t verifier)

nvat_rc_t nvat_switch_nras_verifier_create(nvat_switch_nras_verifier_t *out_verifier, const char *base_url, const nvat_http_options_t http_options)

Create a remote verifier that uses NVIDIA Remote Attestation Service to appraise evidence.

nvat_switch_verifier_t nvat_switch_nras_verifier_upcast(nvat_switch_nras_verifier_t verifier)

void nvat_switch_verifier_free(nvat_switch_verifier_t *switch_verifier)

nvat_rc_t nvat_verify_switch_evidence(const nvat_switch_verifier_t verifier, const nvat_switch_evidence_t *switch_evidence_array, size_t num_evidences, const nvat_evidence_policy_t policy, nvat_str_t *out_detached_eat, nvat_claims_collection_t *out_claims)

Verify switch evidence against a given evidence policy.

Typedefs#

nvat_switch_local_verifier_t

nvat_switch_nras_verifier_t

nvat_switch_verifier_t

Evaluates switch evidence to produce attestation results (claims) indicating the validity of submitted evidence.

Functions#

nvat_rc_t nvat_switch_local_verifier_create(
nvat_switch_local_verifier_t *out_verifier,
nvat_rim_store_t rim_store,
nvat_ocsp_client_t ocsp_client,
nvat_detached_eat_options_t detached_eat_options,
)#

Create a local verifier to appraise evidence in the current process.

Local verification outside of these use cases is not recommended as the verification process can be compromised by malicious actors with elevated privileges on the host.

Parameters:

  • rim_store – See nvat_rim_store_st for more information.

  • ocsp_client – See nvat_ocsp_client_st for more information.

  • detached_eat_options – If NULL, will use default detached EAT options. See nvat_detached_eat_options_st for more information. Verify evidence in the current process. The local verifier should be used either in:

    • a TEE connected to the attester

    • a remote attestation service running in a secure cloud environment

nvat_switch_verifier_t nvat_switch_local_verifier_upcast(
nvat_switch_local_verifier_t verifier,
)#
nvat_rc_t nvat_switch_nras_verifier_create(
nvat_switch_nras_verifier_t *out_verifier,
const char *base_url,
const nvat_http_options_t http_options,
)#

Create a remote verifier that uses NVIDIA Remote Attestation Service to appraise evidence.

Parameters:

  • base_url – If NULL, will use the default NRAS production base URL

  • http_options – If NULL, will use default HTTP options

nvat_switch_verifier_t nvat_switch_nras_verifier_upcast(
nvat_switch_nras_verifier_t verifier,
)#
void nvat_switch_verifier_free(
nvat_switch_verifier_t *switch_verifier,
)#
nvat_rc_t nvat_verify_switch_evidence(
const nvat_switch_verifier_t verifier,
const nvat_switch_evidence_t *switch_evidence_array,
size_t num_evidences,
const nvat_evidence_policy_t policy,
nvat_str_t *out_detached_eat,
nvat_claims_collection_t *out_claims,
)#

Verify switch evidence against a given evidence policy.

Parameters:

  • verifier – - The switch verifier to use.

  • switch_evidence_array – The switch evidences to verify.

  • num_evidences – The number of evidences in the collection.

  • policy – The evidence policy to apply.

  • out_detached_eat – Pointer to store the detached EAT, which is a NULL terminated JSON string. Pass NULL to not generate the detached EAT.

  • out_claims – Pointer to store the resulting claims.

Returns:

  • NVAT_RC_OK if the evidence is verified successfully

  • NVAT_RC_OVERALL_RESULT_FALSE if the x-nvidia-overall-result claim is false in the detached EAT This error can only be returned in out_detached_eat is not NULL (otherwise detached EAT is not generated)

  • Other error codes

Typedefs#

typedef struct nvat_switch_local_verifier_st *nvat_switch_local_verifier_t#
typedef struct nvat_switch_nras_verifier_st *nvat_switch_nras_verifier_t#
typedef struct nvat_switch_verifier_st *nvat_switch_verifier_t#

Evaluates switch evidence to produce attestation results (claims) indicating the validity of submitted evidence.