GO-2025-3455: Contrast's unauthenticated recovery allows Coordinator impersonation in github.com/edgelesssys/contrast

snp

package

v1.1.1 Latest Latest Go to latest Published: Nov 13, 2024 License: AGPL-3.0 Imports: 26 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/edgelesssys/contrast

Links

Open Source Insights

Documentation ¶

Index ¶

type Issuer
- func NewIssuer(log *slog.Logger) *Issuer
- func (i *Issuer) Issue(_ context.Context, ownPublicKey []byte, nonce []byte) (res []byte, err error)
- func (i *Issuer) OID() asn1.ObjectIdentifier
type THIMGetter
- func NewTHIMGetter(httpClient httpClient) *THIMGetter
- func (t *THIMGetter) GetCertification() (THIMSNPCertification, error)
type THIMSNPCertification
- func (c THIMSNPCertification) Proto() (*sevsnp.CertificateChain, error)
type Validator
- func NewValidator(VerifyOpts *verify.Options, ValidateOpts *validate.Options, log *slog.Logger) *Validator
- func NewValidatorWithReportSetter(VerifyOpts *verify.Options, ValidateOpts *validate.Options, log *slog.Logger, ...) *Validator
- func (v *Validator) OID() asn1.ObjectIdentifier
- func (v *Validator) Validate(attDocRaw []byte, nonce []byte, peerPublicKey []byte) (err error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Issuer ¶

type Issuer struct {
	// contains filtered or unexported fields
}

Issuer issues attestation statements.

func NewIssuer ¶

func NewIssuer(log *slog.Logger) *Issuer

NewIssuer returns a new Issuer.

func (*Issuer) Issue ¶

func (i *Issuer) Issue(_ context.Context, ownPublicKey []byte, nonce []byte) (res []byte, err error)

Issue the attestation document.

func (*Issuer) OID ¶

func (i *Issuer) OID() asn1.ObjectIdentifier

OID returns the OID of the issuer.

type THIMGetter ¶

type THIMGetter struct {
	// contains filtered or unexported fields
}

THIMGetter is a getter for the THIM certification.

func NewTHIMGetter ¶

func NewTHIMGetter(httpClient httpClient) *THIMGetter

NewTHIMGetter returns a new THIMGetter.

func (*THIMGetter) GetCertification ¶

func (t *THIMGetter) GetCertification() (THIMSNPCertification, error)

GetCertification returns the THIM certification.

type THIMSNPCertification ¶

type THIMSNPCertification struct {
	VCEKCert         string `json:"vcekCert"`
	TCBM             string `json:"tcbm"`
	CertificateChain string `json:"certificateChain"`
	CacheControl     string `json:"cacheControl,omitempty"`
}

THIMSNPCertification represents a cert chain for SNP. The chain contains: - VCEK certificate - ASK certificate - ARK (root) certificate

Source: https://learn.microsoft.com/en-us/azure/security/fundamentals/trusted-hardware-identity-management#definitions .

func (THIMSNPCertification) Proto ¶

func (c THIMSNPCertification) Proto() (*sevsnp.CertificateChain, error)

Proto returns the certificate chain as a go-sev-guest proto.

type Validator ¶

type Validator struct {
	// contains filtered or unexported fields
}

Validator validates attestation statements.

func NewValidator ¶

func NewValidator(VerifyOpts *verify.Options, ValidateOpts *validate.Options, log *slog.Logger) *Validator

NewValidator returns a new Validator.

func NewValidatorWithReportSetter ¶ added in v1.1.0

func NewValidatorWithReportSetter(VerifyOpts *verify.Options, ValidateOpts *validate.Options,
	log *slog.Logger, reportSetter attestation.ReportSetter,
) *Validator

NewValidatorWithReportSetter returns a new Validator with a report setter.

func (*Validator) OID ¶

func (v *Validator) OID() asn1.ObjectIdentifier

OID returns the OID of the validator.

func (*Validator) Validate ¶

func (v *Validator) Validate(attDocRaw []byte, nonce []byte, peerPublicKey []byte) (err error)

Validate a TPM based attestation.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL