atlas-rs 0.2.0

attested TLS (aTLS) core library for verifying TEE attestations over TLS connections
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

//! Error types for aTLS verification.

use thiserror::Error;

/// Errors that can occur during aTLS verification.
#[derive(Debug, Error)]
pub enum AtlsVerificationError {
    /// I/O error during communication.
    #[error("I/O error: {0}")]
    Io(String),

    /// Quote verification failed.
    #[error("quote verification failed: {0}")]
    Quote(String),

    /// Bootchain measurement mismatch.
    #[error("bootchain mismatch: {field} expected {expected}, got {actual}")]
    BootchainMismatch {
        field: String,
        expected: String,
        actual: String,
    },

    /// RTMR measurement mismatch.
    #[error("RTMR{index} mismatch: expected {expected}, got {actual}")]
    RtmrMismatch {
        index: u8,
        expected: String,
        actual: String,
    },

    /// Certificate not found in event log.
    #[error("certificate not in event log")]
    CertificateNotInEventLog,

    /// Event log parsing failed.
    #[error("failed to parse event log: {0}")]
    EventLogParse(String),

    /// TEE type mismatch.
    #[error("TEE type mismatch: {0}")]
    TeeTypeMismatch(String),

    /// App compose hash mismatch.
    #[error("app compose hash mismatch: expected {expected}, got {actual}")]
    AppComposeHashMismatch { expected: String, actual: String },

    /// OS image hash mismatch.
    #[error("OS image hash mismatch: expected {expected}, got {actual:?}")]
    OsImageHashMismatch {
        expected: String,
        actual: Option<String>,
    },

    /// TCB status not in allowed list.
    #[error("TCB status {status} not allowed (allowed: {allowed:?})")]
    TcbStatusNotAllowed { status: String, allowed: Vec<String> },

    /// Report data mismatch - potential replay attack.
    #[error("report data mismatch: expected {expected}, got {actual}. Possible replay/relay attack.")]
    ReportDataMismatch { expected: String, actual: String },

    /// Configuration error.
    #[error("configuration error: {0}")]
    Configuration(String),

    /// TLS handshake failed.
    #[error("TLS handshake failed: {0}")]
    TlsHandshake(String),

    /// Invalid server name.
    #[error("invalid server name: {0}")]
    InvalidServerName(String),

    /// Missing server certificate after TLS handshake.
    #[error("missing server certificate")]
    MissingCertificate,

    /// Other errors.
    #[error("{0}")]
    Other(#[from] anyhow::Error),
}