Affected by GO-2023-2378 and 1 other vulnerabilities

GO-2023-2378: Go package github.com/edgelesssys/marblerun CLI commands susceptible to MITM attacks

GO-2025-3450: MarbleRun unauthenticated recovery allows Coordinator impersonation in github.com/edgelesssys/marblerun

seal

package

v1.0.0 Latest Latest Go to latest Published: Jan 31, 2023 License: MPL-2.0 Imports: 7 Imported by: 3

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/edgelesssys/marblerun

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type AESGCMSealer
- func NewAESGCMSealer(sealDir string) *AESGCMSealer
type MockSealer
type NoEnclaveSealer
- func NewNoEnclaveSealer(sealDir string) *NoEnclaveSealer
type Sealer

Constants ¶

View Source

const SealedDataFname string = "sealed_data"

SealedDataFname contains the file name in which the state is sealed on disk in seal_dir.

View Source

const SealedKeyFname string = "sealed_key"

SealedKeyFname contains the file name in which the key is sealed with the seal key on disk in seal_dir.

Variables ¶

View Source

var ErrEncryptionKey = errors.New("cannot unseal encryption key")

ErrEncryptionKey occurs if unsealing the encryption key failed.

Functions ¶

This section is empty.

Types ¶

type AESGCMSealer ¶

type AESGCMSealer struct {
	// contains filtered or unexported fields
}

AESGCMSealer implements the Sealer interface using AES-GCM for confidentiallity and authentication.

func NewAESGCMSealer ¶

func NewAESGCMSealer(sealDir string) *AESGCMSealer

NewAESGCMSealer creates and initializes a new AESGCMSealer object.

func (*AESGCMSealer) Seal ¶

func (s *AESGCMSealer) Seal(unencryptedData []byte, toBeEncrypted []byte) error

Seal encrypts and stores information to the fs.

func (*AESGCMSealer) SetEncryptionKey ¶

func (s *AESGCMSealer) SetEncryptionKey(encryptionKey []byte) error

SetEncryptionKey sets or restores an encryption key.

func (*AESGCMSealer) Unseal ¶

func (s *AESGCMSealer) Unseal() ([]byte, []byte, error)

Unseal reads and decrypts stored information from the fs.

type MockSealer ¶

type MockSealer struct {

	// mock unseal error
	UnsealError error
	// contains filtered or unexported fields
}

MockSealer is a mockup sealer.

func (*MockSealer) Seal ¶

func (s *MockSealer) Seal(unencryptedData []byte, toBeEncrypted []byte) error

Seal implements the Sealer interface.

func (*MockSealer) SetEncryptionKey ¶

func (s *MockSealer) SetEncryptionKey(key []byte) error

SetEncryptionKey implements the Sealer interface.

func (*MockSealer) Unseal ¶

func (s *MockSealer) Unseal() ([]byte, []byte, error)

Unseal implements the Sealer interface.

type NoEnclaveSealer ¶

type NoEnclaveSealer struct {
	// contains filtered or unexported fields
}

NoEnclaveSealer is a sealed for a -noenclave instance and does perform encryption with a fixed key.

func NewNoEnclaveSealer ¶

func NewNoEnclaveSealer(sealDir string) *NoEnclaveSealer

NewNoEnclaveSealer creates and initializes a new NoEnclaveSealer object.

func (*NoEnclaveSealer) Seal ¶

func (s *NoEnclaveSealer) Seal(unencryptedData []byte, toBeEncrypted []byte) error

Seal writes the given data encrypted and the used key as plaintext to the disk.

func (*NoEnclaveSealer) SetEncryptionKey ¶

func (s *NoEnclaveSealer) SetEncryptionKey(key []byte) error

SetEncryptionKey implements the Sealer interface.

func (*NoEnclaveSealer) Unseal ¶

func (s *NoEnclaveSealer) Unseal() ([]byte, []byte, error)

Unseal reads the plaintext state from disk.

type Sealer ¶

type Sealer interface {
	Seal(unencryptedData []byte, toBeEncrypted []byte) error
	Unseal() (unencryptedData []byte, decryptedData []byte, err error)
	SetEncryptionKey(key []byte) error
}

Sealer is an interface for the Core object to seal information to the filesystem for persistence.

Source Files ¶

View all Source files

seal.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL