Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-07-24 07:50:40 -04:00
Code Issues Projects Releases Packages Wiki Activity

attestation: print ordered measurement verification warnings and errors (#2237)

Browse source 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße 2023-08-16 10:45:54 +02:00 committed by GitHub
parent 78fa921746
commit 103817a4a5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 184 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

23
internal/attestation/vtpm/attestation.go
View file

@ -7,10 +7,10 @@ SPDX-License-Identifier: AGPL-3.0-only
package vtpm
import (
"bytes"
"context"
"crypto"
"encoding/json"
"errors"
"fmt"
"io"
@ -219,21 +219,12 @@ func (v *Validator) Validate(ctx context.Context, attDocRaw []byte, nonce []byte
if err != nil {
return nil, err
}
for idx, pcr := range v.expected {
if !bytes.Equal(pcr.Expected[:], attDoc.Attestation.Quotes[quoteIdx].Pcrs.Pcrs[idx]) {
if pcr.ValidationOpt == measurements.Enforce {
return nil, fmt.Errorf(
"untrusted PCR value %x at index %d",
attDoc.Attestation.Quotes[quoteIdx].Pcrs.Pcrs[idx],
idx,
)
}
v.log.Warnf(
"Encountered untrusted PCR value %x at index %d",
attDoc.Attestation.Quotes[quoteIdx].Pcrs.Pcrs[idx],
idx,
)
}
warnings, errs := v.expected.Compare(attDoc.Attestation.Quotes[quoteIdx].Pcrs.Pcrs)
for _, warning := range warnings {
v.log.Warnf(warning)
}
if len(errs) > 0 {
return nil, fmt.Errorf("measurement validation failed:\n%w", errors.Join(errs...))
}
v.log.Infof("Successfully validated attestation document")