GO-2024-2583: Encryption bypass in github.com/edgelesssys/marblerun

core

package

v0.5.0 Latest Latest Go to latest Published: Sep 7, 2021 License: MPL-2.0 Imports: 41 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/edgelesssys/marblerun

Links

Open Source Insights

Documentation ¶

Overview ¶

Package core provides the core functionality for the Coordinator object including state transition, APIs for marbles and clients, handling of manifests and the sealing functionalities.

Index ¶

type BaseVec
type ClientCore
type Core
- func NewCore(dnsNames []string, qv quote.Validator, qi quote.Issuer, sealer seal.Sealer, ...) (*Core, error)
- func NewCoreWithMocks() *Core
type CounterVec
type NullBaseVec
type NullCollector
- func (NullCollector) Collect(chan<- prometheus.Metric)
- func (NullCollector) Describe(chan<- *prometheus.Desc)
type NullCounter
- func (NullCounter) Add(float64)
- func (NullCounter) Inc()
type NullCounterVec
type NullMetric
- func (NullMetric) Desc() *prometheus.Desc
- func (NullMetric) Write(*dto.Metric) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type BaseVec ¶ added in v0.4.0

type BaseVec interface {
	prometheus.Collector

	Delete(labels prometheus.Labels) bool
	DeleteLabelValues(lvs ...string) bool
	Reset()
}

type ClientCore ¶

type ClientCore interface {
	SetManifest(ctx context.Context, rawManifest []byte) (recoverySecretMap map[string][]byte, err error)
	GetCertQuote(ctx context.Context) (cert string, certQuote []byte, err error)
	GetManifestSignature(ctx context.Context) (manifestSignature []byte, manifest []byte)
	GetSecrets(ctx context.Context, requestedSecrets []string, requestUser *user.User) (map[string]manifest.Secret, error)
	GetStatus(ctx context.Context) (statusCode int, status string, err error)
	GetUpdateLog(ctx context.Context) (updateLog string, err error)
	Recover(ctx context.Context, encryptionKey []byte) (int, error)
	VerifyUser(ctx context.Context, clientCerts []*x509.Certificate) (*user.User, error)
	UpdateManifest(ctx context.Context, rawUpdateManifest []byte, updater *user.User) error
	WriteSecrets(ctx context.Context, rawSecretManifest []byte, updater *user.User) error
}

ClientCore provides the core functionality for the client. It can be used by e.g. a http server

type Core ¶

type Core struct {
	rpc.UnimplementedMarbleServer
	// contains filtered or unexported fields
}

Core implements the core logic of the Coordinator

func NewCore ¶

func NewCore(dnsNames []string, qv quote.Validator, qi quote.Issuer, sealer seal.Sealer, recovery recovery.Recovery, zapLogger *zap.Logger, promFactory *promauto.Factory) (*Core, error)

NewCore creates and initializes a new Core object

func NewCoreWithMocks ¶

func NewCoreWithMocks() *Core

NewCoreWithMocks creates a new core object with quote and seal mocks for testing.

func (*Core) Activate ¶

func (c *Core) Activate(ctx context.Context, req *rpc.ActivationReq) (*rpc.ActivationResp, error)

Activate implements the MarbleAPI function to authenticate a marble (implements the MarbleServer interface)

Verifies the marble's integrity and subsequently provides the marble with a certificate for authentication and application-specific parameters as defined in the Coordinator's manifest.

req needs to contain a MarbleType present in the Coordinator's manifest and a CSR with the Subject and DNSNames set with desired values.

Returns a signed certificate-key-pair and the application's parameters if the authentication was successful. Returns an error if the authentication failed.

func (*Core) GetCertQuote ¶

func (c *Core) GetCertQuote(ctx context.Context) (string, []byte, error)

GetCertQuote gets the Coordinators certificate and corresponding quote (containing the cert)

Returns the a remote attestation quote of its own certificate alongside this certificate that allows to verify the Coordinator's integrity and authentication for use of the ClientAPI.

func (*Core) GetManifestSignature ¶

func (c *Core) GetManifestSignature(ctx context.Context) ([]byte, []byte)

GetManifestSignature returns the hash of the manifest

Returns a SHA256 hash of the active manifest.

func (*Core) GetSecrets ¶ added in v0.4.0

func (c *Core) GetSecrets(ctx context.Context, requestedSecrets []string, client *user.User) (map[string]manifest.Secret, error)

GetSecrets allows a user to read out secrets from the core

func (*Core) GetStatus ¶

func (c *Core) GetStatus(ctx context.Context) (statusCode int, status string, err error)

GetStatus returns status information about the state of the mesh.

func (*Core) GetTLSConfig ¶

func (c *Core) GetTLSConfig() (*tls.Config, error)

GetTLSConfig gets the core's TLS configuration

func (*Core) GetTLSMarbleRootCertificate ¶ added in v0.4.0

func (c *Core) GetTLSMarbleRootCertificate(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error)

GetTLSMarbleRootCertificate creates a TLS certificate for the Coordinator's x509 marbleRoot certificate

func (*Core) GetTLSRootCertificate ¶ added in v0.3.0

func (c *Core) GetTLSRootCertificate(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error)

GetTLSRootCertificate creates a TLS certificate for the Coordinators self-signed x509 certificate

func (*Core) GetUpdateLog ¶ added in v0.4.0

func (c *Core) GetUpdateLog(ctx context.Context) (string, error)

GetUpdateLog returns the update history of the coordinator

func (*Core) Recover ¶ added in v0.1.1

func (c *Core) Recover(ctx context.Context, secret []byte) (int, error)

Recover sets an encryption key (ideally decrypted from the recovery data) and tries to unseal and load a saved state again.

func (*Core) SetManifest ¶

func (c *Core) SetManifest(ctx context.Context, rawManifest []byte) (map[string][]byte, error)

SetManifest sets the manifest, once and for all

rawManifest is the manifest of type Manifest in JSON format.

func (*Core) UpdateManifest ¶ added in v0.3.0

func (c *Core) UpdateManifest(ctx context.Context, rawUpdateManifest []byte, updater *user.User) error

UpdateManifest allows to update certain package parameters, supplied via a JSON manifest

func (*Core) VerifyUser ¶ added in v0.4.0

func (c *Core) VerifyUser(ctx context.Context, clientCerts []*x509.Certificate) (*user.User, error)

VerifyUser checks if a given client certificate matches the admin certificates specified in the manifest

func (*Core) WriteSecrets ¶ added in v0.4.0

func (c *Core) WriteSecrets(ctx context.Context, rawSecretManifest []byte, updater *user.User) error

WriteSecrets allows a user to set certain user-defined secrets

type CounterVec ¶ added in v0.4.0

type CounterVec interface {
	BaseVec

	GetMetricWith(labels prometheus.Labels) (prometheus.Counter, error)
	GetMetricWithLabelValues(lvs ...string) (prometheus.Counter, error)
	With(labels prometheus.Labels) prometheus.Counter
	WithLabelValues(lvs ...string) prometheus.Counter
}

type NullBaseVec ¶ added in v0.4.0

type NullBaseVec struct {
	NullCollector
}

func (NullBaseVec) Delete ¶ added in v0.4.0

func (NullBaseVec) Delete(labels prometheus.Labels) bool

func (NullBaseVec) DeleteLabelValues ¶ added in v0.4.0

func (NullBaseVec) DeleteLabelValues(lvs ...string) bool

func (NullBaseVec) Reset ¶ added in v0.4.0

func (NullBaseVec) Reset()

type NullCollector ¶ added in v0.4.0

type NullCollector struct{}

func (NullCollector) Collect ¶ added in v0.4.0

func (NullCollector) Collect(chan<- prometheus.Metric)

func (NullCollector) Describe ¶ added in v0.4.0

func (NullCollector) Describe(chan<- *prometheus.Desc)

type NullCounter ¶ added in v0.4.0

type NullCounter struct {
	NullMetric
	NullCollector
}

func (NullCounter) Add ¶ added in v0.4.0

func (NullCounter) Add(float64)

func (NullCounter) Inc ¶ added in v0.4.0

func (NullCounter) Inc()

type NullCounterVec ¶ added in v0.4.0

type NullCounterVec struct {
	NullBaseVec
}

func (NullCounterVec) GetMetricWith ¶ added in v0.4.0

func (NullCounterVec) GetMetricWith(labels prometheus.Labels) (prometheus.Counter, error)

func (NullCounterVec) GetMetricWithLabelValues ¶ added in v0.4.0

func (NullCounterVec) GetMetricWithLabelValues(lvs ...string) (prometheus.Counter, error)

func (NullCounterVec) With ¶ added in v0.4.0

func (NullCounterVec) With(labels prometheus.Labels) prometheus.Counter

func (NullCounterVec) WithLabelValues ¶ added in v0.4.0

func (NullCounterVec) WithLabelValues(lvs ...string) prometheus.Counter

type NullMetric ¶ added in v0.4.0

type NullMetric struct{}

func (NullMetric) Desc ¶ added in v0.4.0

func (NullMetric) Desc() *prometheus.Desc

func (NullMetric) Write ¶ added in v0.4.0

func (NullMetric) Write(*dto.Metric) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL