constellation/internal/attestation/tdx/issuer.go

68 lines
1.4 KiB
Go
Raw Normal View History

/*
Copyright (c) Edgeless Systems GmbH
SPDX-License-Identifier: AGPL-3.0-only
*/
package tdx
import (
"context"
"encoding/json"
"fmt"
"github.com/edgelesssys/constellation/v2/internal/attestation"
"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
"github.com/edgelesssys/go-tdx-qpl/tdx"
)
// Issuer is the TDX attestation issuer.
type Issuer struct {
variant.QEMUTDX
open OpenFunc
log attestation.Logger
}
// NewIssuer initializes a new TDX Issuer.
func NewIssuer(log attestation.Logger) *Issuer {
if log == nil {
log = attestation.NOPLogger{}
}
return &Issuer{
open: Open,
log: log,
}
}
// Issue issues a TDX attestation document.
func (i *Issuer) Issue(_ context.Context, userData []byte, nonce []byte) (attDoc []byte, err error) {
2024-02-08 09:20:01 -05:00
i.log.Info("Issuing attestation statement")
defer func() {
if err != nil {
2024-02-08 09:20:01 -05:00
i.log.Warn(fmt.Sprintf("Failed to issue attestation document: %s", err))
}
}()
handle, err := i.open()
if err != nil {
return nil, fmt.Errorf("opening TDX device: %w", err)
}
defer handle.Close()
quote, err := tdx.GenerateQuote(handle, attestation.MakeExtraData(userData, nonce))
if err != nil {
return nil, fmt.Errorf("generating quote: %w", err)
}
rawAttDoc, err := json.Marshal(tdxAttestationDocument{
RawQuote: quote,
UserData: userData,
})
if err != nil {
return nil, fmt.Errorf("marshaling attestation document: %w", err)
}
return rawAttDoc, nil
}