Affected by GO-2023-2378 and 1 other vulnerabilities

GO-2023-2378: Go package github.com/edgelesssys/marblerun CLI commands susceptible to MITM attacks

GO-2025-3450: MarbleRun unauthenticated recovery allows Coordinator impersonation in github.com/edgelesssys/marblerun

clientapi

package

v1.1.0 Latest Latest Go to latest Published: Mar 27, 2023 License: MPL-2.0 Imports: 22 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/edgelesssys/marblerun

Links

Open Source Insights

Documentation ¶

Overview ¶

package clientapi implements methods for users to interact with the Coordinator.

Index ¶

type ClientAPI
- func New(store store.Store, recovery recovery.Recovery, core core, log *zap.Logger) (*ClientAPI, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ClientAPI ¶

type ClientAPI struct {
	// contains filtered or unexported fields
}

ClientAPI implements the client API.

func New ¶

func New(store store.Store, recovery recovery.Recovery, core core, log *zap.Logger,
) (*ClientAPI, error)

New returns an initialized instance of the ClientAPI.

func (*ClientAPI) GetCertQuote ¶

func (a *ClientAPI) GetCertQuote() (cert string, certQuote []byte, err error)

GetCertQuote gets the Coordinators certificate and corresponding quote (containing the cert).

Returns the remote attestation quote of its own certificate alongside this certificate, which allows to verify the Coordinator's integrity and authentication for use of the ClientAPI.

func (*ClientAPI) GetManifestSignature ¶

func (a *ClientAPI) GetManifestSignature() (manifestSignatureRootECDSA, manifestSignature, manifest []byte)

GetManifestSignature returns the hash of the manifest.

Returns ECDSA signature, SHA256 hash and byte encoded representation of the active manifest.

func (*ClientAPI) GetSecrets ¶

func (a *ClientAPI) GetSecrets(requestedSecrets []string, client *user.User) (map[string]manifest.Secret, error)

GetSecrets allows a user to retrieve secrets from the Coordinator.

func (*ClientAPI) GetStatus ¶

func (a *ClientAPI) GetStatus() (state.State, string, error)

GetStatus returns status information about the state of the Coordinator.

func (*ClientAPI) GetUpdateLog ¶

func (a *ClientAPI) GetUpdateLog() (string, error)

GetUpdateLog returns the update history of the Coordinator.

func (*ClientAPI) Recover ¶

func (a *ClientAPI) Recover(encryptionKey []byte) (keysLeft int, err error)

Recover sets an encryption key (ideally decrypted from the recovery data) and tries to unseal and load a saved state of the Coordinator.

func (*ClientAPI) SetManifest ¶

func (a *ClientAPI) SetManifest(rawManifest []byte) (recoverySecretMap map[string][]byte, err error)

SetManifest sets the manifest of the Coordinator.

rawManifest is the manifest of type Manifest in JSON format. recoverySecretMap is a map of recovery secrets that can be used to recover the Coordinator.

func (*ClientAPI) UpdateManifest ¶

func (a *ClientAPI) UpdateManifest(rawUpdateManifest []byte, updater *user.User) (err error)

UpdateManifest allows to update certain package parameters of the original manifest, supplied via a JSON manifest.

func (*ClientAPI) VerifyUser ¶

func (a *ClientAPI) VerifyUser(clientCerts []*x509.Certificate) (*user.User, error)

VerifyUser checks if a given client certificate matches the admin certificates specified in the manifest.

func (*ClientAPI) WriteSecrets ¶

func (a *ClientAPI) WriteSecrets(rawSecretManifest []byte, updater *user.User) (err error)

WriteSecrets allows a user to set certain user-defined secrets for the Coordinator.

Source Files ¶

View all Source files

clientapi.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL