Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-09-29 20:28:47 -04:00
Code Issues Projects Releases Packages Wiki Activity

attestation: add MachineState to ValidateCVM

Browse source
This commit is contained in:
Thomas Tendyck 2023-03-06 09:15:52 +01:00 committed by Thomas Tendyck
parent 3471d73c6c
commit 2535073df8
10 changed files with 16 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

3
internal/attestation/azure/snp/validator.go
View file

@ -24,6 +24,7 @@ import (
"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
internalCrypto "github.com/edgelesssys/constellation/v2/internal/crypto"
"github.com/edgelesssys/constellation/v2/internal/oid"
"github.com/google/go-tpm-tools/proto/attest"
"github.com/google/go-tpm/tpm2"
)
@ -55,7 +56,7 @@ func NewValidator(pcrs measurements.M, idKeyDigests idkeydigest.IDKeyDigests, en
}
// validateCVM is a stub, since SEV-SNP attestation is already verified in trustedKeyFromSNP().
func validateCVM(attestation vtpm.AttestationDocument) error {
func validateCVM(vtpm.AttestationDocument, *attest.MachineState) error {
return nil
}

23
internal/attestation/azure/snp/validator_test.go
View file

@ -307,28 +307,7 @@ func int32ToByte(val uint32) []byte {
}
func TestValidateAzureCVM(t *testing.T) {
testCases := map[string]struct {
attDoc vtpm.AttestationDocument
wantErr bool
}{
"success": {
attDoc: vtpm.AttestationDocument{},
wantErr: false,
},
}
for name, tc := range testCases {
t.Run(name, func(t *testing.T) {
assert := assert.New(t)
err := validateCVM(tc.attDoc)
if tc.wantErr {
assert.Error(err)
} else {
assert.NoError(err)
}
})
}
assert.NoError(t, validateCVM(vtpm.AttestationDocument{}, nil))
}
func TestNewSNPReportFromBytes(t *testing.T) {

3
internal/attestation/azure/trustedlaunch/validator.go
View file

@ -18,6 +18,7 @@ import (
"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
certutil "github.com/edgelesssys/constellation/v2/internal/crypto"
"github.com/edgelesssys/constellation/v2/internal/oid"
"github.com/google/go-tpm-tools/proto/attest"
"github.com/google/go-tpm/tpm2"
)
@ -97,7 +98,7 @@ func (v *Validator) verifyAttestationKey(akPub, instanceInfo []byte) (crypto.Pub
}
// validateVM returns nil.
func validateVM(attestation vtpm.AttestationDocument) error {
func validateVM(vtpm.AttestationDocument, *attest.MachineState) error {
return nil
}