Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-08-02 20:16:15 -04:00
Code Issues Projects Releases Packages Wiki Activity

attestation: print ordered measurement verification warnings and errors (#2237)

Browse source 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße 2023-08-16 10:45:54 +02:00 committed by GitHub
parent 78fa921746
commit 103817a4a5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 184 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

15
internal/attestation/tdx/validator.go
View file

@ -7,9 +7,9 @@ SPDX-License-Identifier: AGPL-3.0-only
package tdx
import (
"bytes"
"context"
"encoding/json"
"errors"
"fmt"
"github.com/edgelesssys/constellation/v2/internal/attestation"
@ -81,13 +81,12 @@ func (v *Validator) Validate(ctx context.Context, attDocRaw []byte, nonce []byte
}
// Verify the quote against the expected measurements.
for idx, ex := range v.expected {
if !bytes.Equal(ex.Expected, tdMeasure[idx]) {
if !ex.ValidationOpt {
return nil, fmt.Errorf("untrusted TD measurement value at index %d", idx)
}
v.log.Warnf("Encountered untrusted TD measurement value at index %d", idx)
}
warnings, errs := v.expected.Compare(tdMeasure)
for _, warning := range warnings {
v.log.Warnf(warning)
}
if len(errs) > 0 {
return nil, fmt.Errorf("measurement validation failed:\n%w", errors.Join(errs...))
}
return attDoc.UserData, nil