NVSwitch Evidence Verification#
Components used to perform switch evidence verification and produce attestation results (claims) for a relying party.
Functions#
- nvat_rc_t nvat_switch_local_verifier_create(nvat_switch_local_verifier_t *out_verifier, nvat_rim_store_t rim_store, nvat_ocsp_client_t ocsp_client, nvat_detached_eat_options_t detached_eat_options)
- Create a local verifier to appraise evidence in the current process. 
- nvat_switch_verifier_t nvat_switch_local_verifier_upcast(nvat_switch_local_verifier_t verifier)
- nvat_rc_t nvat_switch_nras_verifier_create(nvat_switch_nras_verifier_t *out_verifier, const char *base_url, const nvat_http_options_t http_options)
- Create a remote verifier that uses NVIDIA Remote Attestation Service to appraise evidence. 
- nvat_switch_verifier_t nvat_switch_nras_verifier_upcast(nvat_switch_nras_verifier_t verifier)
- void nvat_switch_verifier_free(nvat_switch_verifier_t *switch_verifier)
- nvat_rc_t nvat_verify_switch_evidence(const nvat_switch_verifier_t verifier, const nvat_switch_evidence_t *switch_evidence_array, size_t num_evidences, const nvat_evidence_policy_t policy, nvat_str_t *out_detached_eat, nvat_claims_collection_t *out_claims)
- Verify switch evidence against a given evidence policy. 
Typedefs#
- nvat_switch_local_verifier_t
- nvat_switch_nras_verifier_t
- nvat_switch_verifier_t
- Evaluates switch evidence to produce attestation results (claims) indicating the validity of submitted evidence. 
Functions#
- nvat_rc_t nvat_switch_local_verifier_create(
- nvat_switch_local_verifier_t *out_verifier,
- nvat_rim_store_t rim_store,
- nvat_ocsp_client_t ocsp_client,
- nvat_detached_eat_options_t detached_eat_options,
- Create a local verifier to appraise evidence in the current process. - Local verification outside of these use cases is not recommended as the verification process can be compromised by malicious actors with elevated privileges on the host. - Parameters:
- rim_store – See nvat_rim_store_st for more information. 
- ocsp_client – See nvat_ocsp_client_st for more information. 
- detached_eat_options – If - NULL, will use default detached EAT options. See nvat_detached_eat_options_st for more information. Verify evidence in the current process. The local verifier should be used either in:- a TEE connected to the attester 
- a remote attestation service running in a secure cloud environment 
 
 
 
- nvat_switch_verifier_t nvat_switch_local_verifier_upcast(
- nvat_switch_local_verifier_t verifier,
- nvat_rc_t nvat_switch_nras_verifier_create(
- nvat_switch_nras_verifier_t *out_verifier,
- const char *base_url,
- const nvat_http_options_t http_options,
- Create a remote verifier that uses NVIDIA Remote Attestation Service to appraise evidence. - Parameters:
- base_url – If - NULL, will use the default NRAS production base URL
- http_options – If - NULL, will use default HTTP options
 
 
- nvat_switch_verifier_t nvat_switch_nras_verifier_upcast(
- nvat_switch_nras_verifier_t verifier,
- void nvat_switch_verifier_free(
- nvat_switch_verifier_t *switch_verifier,
- nvat_rc_t nvat_verify_switch_evidence(
- const nvat_switch_verifier_t verifier,
- const nvat_switch_evidence_t *switch_evidence_array,
- size_t num_evidences,
- const nvat_evidence_policy_t policy,
- nvat_str_t *out_detached_eat,
- nvat_claims_collection_t *out_claims,
- Verify switch evidence against a given evidence policy. - Parameters:
- verifier – - The switch verifier to use. 
- switch_evidence_array – The switch evidences to verify. 
- num_evidences – The number of evidences in the collection. 
- policy – The evidence policy to apply. 
- out_detached_eat – Pointer to store the detached EAT, which is a NULL terminated JSON string. Pass NULL to not generate the detached EAT. 
- out_claims – Pointer to store the resulting claims. 
 
- Returns:
- NVAT_RC_OK if the evidence is verified successfully 
- NVAT_RC_OVERALL_RESULT_FALSE if the - x-nvidia-overall-resultclaim is false in the detached EAT This error can only be returned in out_detached_eat is not NULL (otherwise detached EAT is not generated)
- Other error codes 
 
 
Typedefs#
- 
typedef struct nvat_switch_local_verifier_st *nvat_switch_local_verifier_t#
- 
typedef struct nvat_switch_nras_verifier_st *nvat_switch_nras_verifier_t#
- 
typedef struct nvat_switch_verifier_st *nvat_switch_verifier_t#
- Evaluates switch evidence to produce attestation results (claims) indicating the validity of submitted evidence.