mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-18 20:34:35 -05:00
23bf4aa665
* AB#2379: Validate version in SNP report * Check that TCB version in VCEK matches COMMITTED_TCB * Check that LAUNCH, CURRENT and REPORTED TCB are at least at the same security level as we are currently. * Rename variables in snpReport struct * Use default values in validator_test.go Signed-off-by: Otto Bittner <cobittner@posteo.net>
76 lines
1.3 KiB
Go
76 lines
1.3 KiB
Go
/*
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
|
|
package snp
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
)
|
|
|
|
type signatureError struct {
|
|
innerError error
|
|
}
|
|
|
|
func (e *signatureError) Unwrap() error {
|
|
return e.innerError
|
|
}
|
|
|
|
func (e *signatureError) Error() string {
|
|
return fmt.Sprintf("signature validation failed: %v", e.innerError)
|
|
}
|
|
|
|
type askError struct {
|
|
innerError error
|
|
}
|
|
|
|
func (e *askError) Unwrap() error {
|
|
return e.innerError
|
|
}
|
|
|
|
func (e *askError) Error() string {
|
|
return fmt.Sprintf("validating ASK: %v", e.innerError)
|
|
}
|
|
|
|
type vcekError struct {
|
|
innerError error
|
|
}
|
|
|
|
func (e *vcekError) Unwrap() error {
|
|
return e.innerError
|
|
}
|
|
|
|
func (e *vcekError) Error() string {
|
|
return fmt.Sprintf("validating VCEK: %v", e.innerError)
|
|
}
|
|
|
|
type idKeyError struct {
|
|
expectedValue []byte
|
|
}
|
|
|
|
func (e *idKeyError) Unwrap() error {
|
|
return nil
|
|
}
|
|
|
|
func (e *idKeyError) Error() string {
|
|
return fmt.Sprintf("configured idkeydigest does not match reported idkeydigest: %x", e.expectedValue)
|
|
}
|
|
|
|
type versionError struct {
|
|
expectedType string
|
|
excpectedVersion tcbVersion
|
|
}
|
|
|
|
func (e *versionError) Unwrap() error {
|
|
return nil
|
|
}
|
|
|
|
func (e *versionError) Error() string {
|
|
return fmt.Sprintf("invalid %s version: %x", e.expectedType, e.excpectedVersion)
|
|
}
|
|
|
|
var errDebugEnabled = errors.New("SNP report indicates debugging, expected no debugging")
|