Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-12-15 16:09:39 -05:00
Code Issues Projects Releases Packages Wiki Activity

AB#2316 Configurable enforced PCRs (#361)

Browse source 
* Add warnings for non enforced, untrusted PCRs

* Fix global state in Config PCR map

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße 2022-08-12 15:59:45 +02:00 committed by GitHub
parent 9478303f80
commit ba4471a228
30 changed files with 350 additions and 323 deletions
Download patch file Download diff file Expand all files Collapse all files

5
internal/atls/atls.go
View file

@ -17,6 +17,7 @@ import (
"math/big"
"time"
"github.com/edgelesssys/constellation/internal/attestation/vtpm"
"github.com/edgelesssys/constellation/internal/crypto"
"github.com/edgelesssys/constellation/internal/oid"
)
@ -71,6 +72,7 @@ type Issuer interface {
type Validator interface {
oid.Getter
Validate(attDoc []byte, nonce []byte) ([]byte, error)
AddLogger(log vtpm.WarnLogger)
}
// getATLSConfigForClientFunc returns a config setup function that is called once for every client connecting to the server.
@ -365,6 +367,9 @@ func NewFakeValidators(oid oid.Getter) []Validator {
return []Validator{NewFakeValidator(oid)}
}
// AddLogger is a nop for FakeValidator.
func (v FakeValidator) AddLogger(log vtpm.WarnLogger) {}
// Validate unmarshals the attestation document and verifies the nonce.
func (v FakeValidator) Validate(attDoc []byte, nonce []byte) ([]byte, error) {
var doc FakeAttestationDoc