From 3467df6b69bba875f604273be646f6e0cdb79817 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= Date: Wed, 1 Jun 2022 15:08:42 +0200 Subject: [PATCH] Move attestation, atls and oid packages to internal directory MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- activation/cmd/main.go | 2 +- activation/validator/validator.go | 8 +- activation/validator/validator_test.go | 2 +- cli/internal/cloudcmd/validators.go | 10 +-- cli/internal/cloudcmd/validators_test.go | 10 +-- cli/internal/cmd/init.go | 2 +- cli/internal/cmd/protoclient.go | 2 +- cli/internal/cmd/protoclient_test.go | 2 +- cli/internal/cmd/recoveryclient.go | 2 +- cli/internal/cmd/recoveryclient_test.go | 2 +- cli/internal/cmd/statuswaiter.go | 2 +- cli/internal/cmd/statuswaiter_test.go | 2 +- cli/internal/proto/client.go | 2 +- cli/internal/proto/recover.go | 2 +- coordinator/cmd/coordinator/main.go | 10 +-- coordinator/cmd/coordinator/run.go | 4 +- coordinator/coordinator_test.go | 4 +- coordinator/core/attest.go | 2 +- coordinator/core/cluster_test.go | 2 +- coordinator/core/core.go | 2 +- coordinator/core/core_test.go | 4 +- coordinator/core/legacy_test.go | 4 +- coordinator/core/reinitialize_test.go | 2 +- coordinator/core/state.go | 2 +- coordinator/core/state_test.go | 2 +- coordinator/pubapi/coord_test.go | 6 +- coordinator/pubapi/node_test.go | 2 +- coordinator/util/grpcutil/dialer.go | 2 +- coordinator/util/grpcutil/dialer_test.go | 2 +- hack/go.mod | 2 +- hack/go.sum | 10 +-- hack/pcr-reader/main.go | 10 +-- hack/pcr-reader/main_test.go | 4 +- internal/atls/README.md | 86 +++++++++++++++++++ {coordinator => internal}/atls/atls.go | 2 +- {coordinator => internal}/atls/atls_test.go | 0 .../attestation/aws/issuer.go | 2 +- .../attestation/aws/validator.go | 2 +- .../attestation/azure/azure_test.go | 2 +- .../attestation/azure/issuer.go | 4 +- .../attestation/azure/issuer_test.go | 4 +- .../attestation/azure/validator.go | 4 +- .../attestation/azure/validator_test.go | 4 +- .../attestation/gcp/README.md | 0 .../attestation/gcp/gcp_test.go | 2 +- .../attestation/gcp/issuer.go | 4 +- .../attestation/gcp/issuer_test.go | 0 .../attestation/gcp/validator.go | 4 +- .../attestation/gcp/validator_test.go | 2 +- .../attestation/qemu/issuer.go | 4 +- .../attestation/qemu/validator.go | 4 +- .../attestation/simulator/simulator.go | 0 .../simulator/simulator_disabled.go | 0 .../attestation/vtpm/attestation.go | 0 .../attestation/vtpm/attestation_test.go | 2 +- .../attestation/vtpm/initialize.go | 0 .../attestation/vtpm/initialize_test.go | 2 +- .../attestation/vtpm/vtpm.go | 0 .../attestation/vtpm/vtpm_test.go | 0 internal/config/measurements.go | 2 +- {coordinator => internal}/oid/oid.go | 0 internal/statuswaiter/statuswaiter.go | 2 +- internal/statuswaiter/statuswaiter_test.go | 2 +- state/cmd/main.go | 8 +- state/keyservice/keyservice.go | 2 +- state/keyservice/keyservice_test.go | 2 +- state/setup/setup.go | 2 +- state/setup/setup_test.go | 2 +- state/test/integration_test.go | 2 +- test/coordinator_integration_test.go | 2 +- 70 files changed, 183 insertions(+), 103 deletions(-) create mode 100644 internal/atls/README.md rename {coordinator => internal}/atls/atls.go (99%) rename {coordinator => internal}/atls/atls_test.go (100%) rename {coordinator => internal}/attestation/aws/issuer.go (71%) rename {coordinator => internal}/attestation/aws/validator.go (76%) rename {coordinator => internal}/attestation/azure/azure_test.go (95%) rename {coordinator => internal}/attestation/azure/issuer.go (83%) rename {coordinator => internal}/attestation/azure/issuer_test.go (81%) rename {coordinator => internal}/attestation/azure/validator.go (90%) rename {coordinator => internal}/attestation/azure/validator_test.go (90%) rename {coordinator => internal}/attestation/gcp/README.md (100%) rename {coordinator => internal}/attestation/gcp/gcp_test.go (95%) rename {coordinator => internal}/attestation/gcp/issuer.go (93%) rename {coordinator => internal}/attestation/gcp/issuer_test.go (100%) rename {coordinator => internal}/attestation/gcp/validator.go (96%) rename {coordinator => internal}/attestation/gcp/validator_test.go (98%) rename {coordinator => internal}/attestation/qemu/issuer.go (76%) rename {coordinator => internal}/attestation/qemu/validator.go (85%) rename {coordinator => internal}/attestation/simulator/simulator.go (100%) rename {coordinator => internal}/attestation/simulator/simulator_disabled.go (100%) rename {coordinator => internal}/attestation/vtpm/attestation.go (100%) rename {coordinator => internal}/attestation/vtpm/attestation_test.go (99%) rename {coordinator => internal}/attestation/vtpm/initialize.go (100%) rename {coordinator => internal}/attestation/vtpm/initialize_test.go (97%) rename {coordinator => internal}/attestation/vtpm/vtpm.go (100%) rename {coordinator => internal}/attestation/vtpm/vtpm_test.go (100%) rename {coordinator => internal}/oid/oid.go (100%) diff --git a/activation/cmd/main.go b/activation/cmd/main.go index 4649fb8f6..c369641a1 100644 --- a/activation/cmd/main.go +++ b/activation/cmd/main.go @@ -8,7 +8,7 @@ import ( "github.com/edgelesssys/constellation/activation/server" "github.com/edgelesssys/constellation/activation/validator" "github.com/edgelesssys/constellation/activation/watcher" - "github.com/edgelesssys/constellation/coordinator/atls" + "github.com/edgelesssys/constellation/internal/atls" "github.com/edgelesssys/constellation/internal/constants" "github.com/edgelesssys/constellation/internal/file" "github.com/spf13/afero" diff --git a/activation/validator/validator.go b/activation/validator/validator.go index e39c31f43..6223e6e9b 100644 --- a/activation/validator/validator.go +++ b/activation/validator/validator.go @@ -5,10 +5,10 @@ import ( "fmt" "sync" - "github.com/edgelesssys/constellation/coordinator/atls" - "github.com/edgelesssys/constellation/coordinator/attestation/azure" - "github.com/edgelesssys/constellation/coordinator/attestation/gcp" - "github.com/edgelesssys/constellation/coordinator/attestation/qemu" + "github.com/edgelesssys/constellation/internal/atls" + "github.com/edgelesssys/constellation/internal/attestation/azure" + "github.com/edgelesssys/constellation/internal/attestation/gcp" + "github.com/edgelesssys/constellation/internal/attestation/qemu" "github.com/edgelesssys/constellation/internal/cloud/cloudprovider" "github.com/edgelesssys/constellation/internal/constants" "github.com/edgelesssys/constellation/internal/file" diff --git a/activation/validator/validator_test.go b/activation/validator/validator_test.go index 5f4e26c63..3cc04b290 100644 --- a/activation/validator/validator_test.go +++ b/activation/validator/validator_test.go @@ -12,7 +12,7 @@ import ( "sync" "testing" - "github.com/edgelesssys/constellation/coordinator/atls" + "github.com/edgelesssys/constellation/internal/atls" "github.com/edgelesssys/constellation/internal/constants" "github.com/edgelesssys/constellation/internal/file" "github.com/spf13/afero" diff --git a/cli/internal/cloudcmd/validators.go b/cli/internal/cloudcmd/validators.go index 4d0b4144a..5509d62c5 100644 --- a/cli/internal/cloudcmd/validators.go +++ b/cli/internal/cloudcmd/validators.go @@ -7,11 +7,11 @@ import ( "fmt" "strings" - "github.com/edgelesssys/constellation/coordinator/atls" - "github.com/edgelesssys/constellation/coordinator/attestation/azure" - "github.com/edgelesssys/constellation/coordinator/attestation/gcp" - "github.com/edgelesssys/constellation/coordinator/attestation/qemu" - "github.com/edgelesssys/constellation/coordinator/attestation/vtpm" + "github.com/edgelesssys/constellation/internal/atls" + "github.com/edgelesssys/constellation/internal/attestation/azure" + "github.com/edgelesssys/constellation/internal/attestation/gcp" + "github.com/edgelesssys/constellation/internal/attestation/qemu" + "github.com/edgelesssys/constellation/internal/attestation/vtpm" "github.com/edgelesssys/constellation/internal/cloud/cloudprovider" "github.com/edgelesssys/constellation/internal/config" ) diff --git a/cli/internal/cloudcmd/validators_test.go b/cli/internal/cloudcmd/validators_test.go index 912349856..59027c3c2 100644 --- a/cli/internal/cloudcmd/validators_test.go +++ b/cli/internal/cloudcmd/validators_test.go @@ -5,11 +5,11 @@ import ( "encoding/base64" "testing" - "github.com/edgelesssys/constellation/coordinator/atls" - "github.com/edgelesssys/constellation/coordinator/attestation/azure" - "github.com/edgelesssys/constellation/coordinator/attestation/gcp" - "github.com/edgelesssys/constellation/coordinator/attestation/qemu" - "github.com/edgelesssys/constellation/coordinator/attestation/vtpm" + "github.com/edgelesssys/constellation/internal/atls" + "github.com/edgelesssys/constellation/internal/attestation/azure" + "github.com/edgelesssys/constellation/internal/attestation/gcp" + "github.com/edgelesssys/constellation/internal/attestation/qemu" + "github.com/edgelesssys/constellation/internal/attestation/vtpm" "github.com/edgelesssys/constellation/internal/cloud/cloudprovider" "github.com/edgelesssys/constellation/internal/config" "github.com/stretchr/testify/assert" diff --git a/cli/internal/cmd/init.go b/cli/internal/cmd/init.go index 2b0ed532a..9f68ef8e2 100644 --- a/cli/internal/cmd/init.go +++ b/cli/internal/cmd/init.go @@ -16,10 +16,10 @@ import ( "github.com/edgelesssys/constellation/cli/internal/gcp" "github.com/edgelesssys/constellation/cli/internal/proto" "github.com/edgelesssys/constellation/cli/internal/vpn" - "github.com/edgelesssys/constellation/coordinator/atls" "github.com/edgelesssys/constellation/coordinator/pubapi/pubproto" coordinatorstate "github.com/edgelesssys/constellation/coordinator/state" "github.com/edgelesssys/constellation/coordinator/util" + "github.com/edgelesssys/constellation/internal/atls" "github.com/edgelesssys/constellation/internal/cloud/cloudprovider" "github.com/edgelesssys/constellation/internal/cloud/cloudtypes" "github.com/edgelesssys/constellation/internal/config" diff --git a/cli/internal/cmd/protoclient.go b/cli/internal/cmd/protoclient.go index dd01369fb..d653957cb 100644 --- a/cli/internal/cmd/protoclient.go +++ b/cli/internal/cmd/protoclient.go @@ -4,9 +4,9 @@ import ( "context" "github.com/edgelesssys/constellation/cli/internal/proto" - "github.com/edgelesssys/constellation/coordinator/atls" "github.com/edgelesssys/constellation/coordinator/pubapi/pubproto" "github.com/edgelesssys/constellation/coordinator/state" + "github.com/edgelesssys/constellation/internal/atls" ) type protoClient interface { diff --git a/cli/internal/cmd/protoclient_test.go b/cli/internal/cmd/protoclient_test.go index d04ed68e7..d3233718f 100644 --- a/cli/internal/cmd/protoclient_test.go +++ b/cli/internal/cmd/protoclient_test.go @@ -7,9 +7,9 @@ import ( "io" "github.com/edgelesssys/constellation/cli/internal/proto" - "github.com/edgelesssys/constellation/coordinator/atls" "github.com/edgelesssys/constellation/coordinator/pubapi/pubproto" "github.com/edgelesssys/constellation/coordinator/state" + "github.com/edgelesssys/constellation/internal/atls" ) type stubProtoClient struct { diff --git a/cli/internal/cmd/recoveryclient.go b/cli/internal/cmd/recoveryclient.go index a27eee4b0..9301fb7c5 100644 --- a/cli/internal/cmd/recoveryclient.go +++ b/cli/internal/cmd/recoveryclient.go @@ -4,7 +4,7 @@ import ( "context" "io" - "github.com/edgelesssys/constellation/coordinator/atls" + "github.com/edgelesssys/constellation/internal/atls" ) type recoveryClient interface { diff --git a/cli/internal/cmd/recoveryclient_test.go b/cli/internal/cmd/recoveryclient_test.go index 3e4b49e87..a6d04c02c 100644 --- a/cli/internal/cmd/recoveryclient_test.go +++ b/cli/internal/cmd/recoveryclient_test.go @@ -3,7 +3,7 @@ package cmd import ( "context" - "github.com/edgelesssys/constellation/coordinator/atls" + "github.com/edgelesssys/constellation/internal/atls" ) type stubRecoveryClient struct { diff --git a/cli/internal/cmd/statuswaiter.go b/cli/internal/cmd/statuswaiter.go index 457c03c56..26e81df9a 100644 --- a/cli/internal/cmd/statuswaiter.go +++ b/cli/internal/cmd/statuswaiter.go @@ -3,8 +3,8 @@ package cmd import ( "context" - "github.com/edgelesssys/constellation/coordinator/atls" "github.com/edgelesssys/constellation/coordinator/state" + "github.com/edgelesssys/constellation/internal/atls" ) type statusWaiter interface { diff --git a/cli/internal/cmd/statuswaiter_test.go b/cli/internal/cmd/statuswaiter_test.go index dbcd78ef5..88c4c7c0b 100644 --- a/cli/internal/cmd/statuswaiter_test.go +++ b/cli/internal/cmd/statuswaiter_test.go @@ -4,8 +4,8 @@ import ( "context" "errors" - "github.com/edgelesssys/constellation/coordinator/atls" "github.com/edgelesssys/constellation/coordinator/state" + "github.com/edgelesssys/constellation/internal/atls" ) type stubStatusWaiter struct { diff --git a/cli/internal/proto/client.go b/cli/internal/proto/client.go index af7cf3a3d..4833c50dd 100644 --- a/cli/internal/proto/client.go +++ b/cli/internal/proto/client.go @@ -5,9 +5,9 @@ import ( "errors" "io" - "github.com/edgelesssys/constellation/coordinator/atls" "github.com/edgelesssys/constellation/coordinator/pubapi/pubproto" "github.com/edgelesssys/constellation/coordinator/state" + "github.com/edgelesssys/constellation/internal/atls" kms "github.com/edgelesssys/constellation/kms/server/setup" "golang.zx2c4.com/wireguard/wgctrl/wgtypes" "google.golang.org/grpc" diff --git a/cli/internal/proto/recover.go b/cli/internal/proto/recover.go index 00843bef6..a4dece4bc 100644 --- a/cli/internal/proto/recover.go +++ b/cli/internal/proto/recover.go @@ -4,7 +4,7 @@ import ( "context" "errors" - "github.com/edgelesssys/constellation/coordinator/atls" + "github.com/edgelesssys/constellation/internal/atls" "github.com/edgelesssys/constellation/state/keyservice/keyproto" "google.golang.org/grpc" "google.golang.org/grpc/credentials" diff --git a/coordinator/cmd/coordinator/main.go b/coordinator/cmd/coordinator/main.go index 77c7a4a9c..c278cf2b0 100644 --- a/coordinator/cmd/coordinator/main.go +++ b/coordinator/cmd/coordinator/main.go @@ -9,11 +9,6 @@ import ( "os" "strings" - "github.com/edgelesssys/constellation/coordinator/attestation/azure" - "github.com/edgelesssys/constellation/coordinator/attestation/gcp" - "github.com/edgelesssys/constellation/coordinator/attestation/qemu" - "github.com/edgelesssys/constellation/coordinator/attestation/simulator" - "github.com/edgelesssys/constellation/coordinator/attestation/vtpm" azurecloud "github.com/edgelesssys/constellation/coordinator/cloudprovider/azure" gcpcloud "github.com/edgelesssys/constellation/coordinator/cloudprovider/gcp" qemucloud "github.com/edgelesssys/constellation/coordinator/cloudprovider/qemu" @@ -27,6 +22,11 @@ import ( "github.com/edgelesssys/constellation/coordinator/util" "github.com/edgelesssys/constellation/coordinator/util/grpcutil" "github.com/edgelesssys/constellation/coordinator/wireguard" + "github.com/edgelesssys/constellation/internal/attestation/azure" + "github.com/edgelesssys/constellation/internal/attestation/gcp" + "github.com/edgelesssys/constellation/internal/attestation/qemu" + "github.com/edgelesssys/constellation/internal/attestation/simulator" + "github.com/edgelesssys/constellation/internal/attestation/vtpm" "github.com/edgelesssys/constellation/internal/file" grpc_zap "github.com/grpc-ecosystem/go-grpc-middleware/logging/zap" "github.com/spf13/afero" diff --git a/coordinator/cmd/coordinator/run.go b/coordinator/cmd/coordinator/run.go index d59a5d361..fc554b868 100644 --- a/coordinator/cmd/coordinator/run.go +++ b/coordinator/cmd/coordinator/run.go @@ -7,8 +7,6 @@ import ( "net" "sync" - "github.com/edgelesssys/constellation/coordinator/atls" - "github.com/edgelesssys/constellation/coordinator/attestation/vtpm" "github.com/edgelesssys/constellation/coordinator/core" "github.com/edgelesssys/constellation/coordinator/logging" "github.com/edgelesssys/constellation/coordinator/pubapi" @@ -17,6 +15,8 @@ import ( "github.com/edgelesssys/constellation/coordinator/util/grpcutil" "github.com/edgelesssys/constellation/coordinator/vpnapi" "github.com/edgelesssys/constellation/coordinator/vpnapi/vpnproto" + "github.com/edgelesssys/constellation/internal/atls" + "github.com/edgelesssys/constellation/internal/attestation/vtpm" "github.com/edgelesssys/constellation/internal/deploy/user" "github.com/edgelesssys/constellation/internal/file" grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware" diff --git a/coordinator/coordinator_test.go b/coordinator/coordinator_test.go index d30afaa03..ff0f165b9 100644 --- a/coordinator/coordinator_test.go +++ b/coordinator/coordinator_test.go @@ -8,8 +8,6 @@ import ( "sync" "testing" - "github.com/edgelesssys/constellation/coordinator/atls" - "github.com/edgelesssys/constellation/coordinator/attestation/simulator" "github.com/edgelesssys/constellation/coordinator/core" "github.com/edgelesssys/constellation/coordinator/logging" "github.com/edgelesssys/constellation/coordinator/peer" @@ -21,6 +19,8 @@ import ( "github.com/edgelesssys/constellation/coordinator/util/testdialer" "github.com/edgelesssys/constellation/coordinator/vpnapi" "github.com/edgelesssys/constellation/coordinator/vpnapi/vpnproto" + "github.com/edgelesssys/constellation/internal/atls" + "github.com/edgelesssys/constellation/internal/attestation/simulator" "github.com/edgelesssys/constellation/internal/deploy/user" "github.com/edgelesssys/constellation/internal/file" kms "github.com/edgelesssys/constellation/kms/server/setup" diff --git a/coordinator/core/attest.go b/coordinator/core/attest.go index 753478fa3..1c48bbc64 100644 --- a/coordinator/core/attest.go +++ b/coordinator/core/attest.go @@ -5,7 +5,7 @@ import ( "encoding/json" "fmt" - "github.com/edgelesssys/constellation/coordinator/oid" + "github.com/edgelesssys/constellation/internal/oid" ) // QuoteValidator validates quotes. diff --git a/coordinator/core/cluster_test.go b/coordinator/core/cluster_test.go index f216feac0..e3c950d9c 100644 --- a/coordinator/core/cluster_test.go +++ b/coordinator/core/cluster_test.go @@ -6,8 +6,8 @@ import ( "testing" "time" - "github.com/edgelesssys/constellation/coordinator/attestation/simulator" "github.com/edgelesssys/constellation/coordinator/role" + "github.com/edgelesssys/constellation/internal/attestation/simulator" "github.com/edgelesssys/constellation/internal/deploy/user" "github.com/edgelesssys/constellation/internal/file" "github.com/spf13/afero" diff --git a/coordinator/core/core.go b/coordinator/core/core.go index 6c8d3c8d0..a42152a6f 100644 --- a/coordinator/core/core.go +++ b/coordinator/core/core.go @@ -8,7 +8,6 @@ import ( "sync" "time" - "github.com/edgelesssys/constellation/coordinator/attestation/vtpm" "github.com/edgelesssys/constellation/coordinator/config" "github.com/edgelesssys/constellation/coordinator/nodestate" "github.com/edgelesssys/constellation/coordinator/role" @@ -16,6 +15,7 @@ import ( "github.com/edgelesssys/constellation/coordinator/store" "github.com/edgelesssys/constellation/coordinator/storewrapper" "github.com/edgelesssys/constellation/coordinator/util" + "github.com/edgelesssys/constellation/internal/attestation/vtpm" "github.com/edgelesssys/constellation/internal/deploy/user" "github.com/edgelesssys/constellation/internal/file" "github.com/edgelesssys/constellation/kms/kms" diff --git a/coordinator/core/core_test.go b/coordinator/core/core_test.go index b8755c71e..b4693b276 100644 --- a/coordinator/core/core_test.go +++ b/coordinator/core/core_test.go @@ -6,8 +6,6 @@ import ( "net" "testing" - "github.com/edgelesssys/constellation/coordinator/attestation/simulator" - "github.com/edgelesssys/constellation/coordinator/attestation/vtpm" "github.com/edgelesssys/constellation/coordinator/nodestate" "github.com/edgelesssys/constellation/coordinator/peer" "github.com/edgelesssys/constellation/coordinator/role" @@ -15,6 +13,8 @@ import ( "github.com/edgelesssys/constellation/coordinator/store" "github.com/edgelesssys/constellation/coordinator/util/grpcutil" "github.com/edgelesssys/constellation/coordinator/util/testdialer" + "github.com/edgelesssys/constellation/internal/attestation/simulator" + "github.com/edgelesssys/constellation/internal/attestation/vtpm" "github.com/edgelesssys/constellation/internal/deploy/user" "github.com/edgelesssys/constellation/internal/file" kms "github.com/edgelesssys/constellation/kms/server/setup" diff --git a/coordinator/core/legacy_test.go b/coordinator/core/legacy_test.go index 716d3cb83..3d6f374ff 100644 --- a/coordinator/core/legacy_test.go +++ b/coordinator/core/legacy_test.go @@ -9,8 +9,6 @@ import ( "sync" "testing" - "github.com/edgelesssys/constellation/coordinator/atls" - "github.com/edgelesssys/constellation/coordinator/attestation/simulator" "github.com/edgelesssys/constellation/coordinator/logging" "github.com/edgelesssys/constellation/coordinator/pubapi" "github.com/edgelesssys/constellation/coordinator/pubapi/pubproto" @@ -18,6 +16,8 @@ import ( "github.com/edgelesssys/constellation/coordinator/util/grpcutil" "github.com/edgelesssys/constellation/coordinator/vpnapi" "github.com/edgelesssys/constellation/coordinator/vpnapi/vpnproto" + "github.com/edgelesssys/constellation/internal/atls" + "github.com/edgelesssys/constellation/internal/attestation/simulator" "github.com/edgelesssys/constellation/internal/deploy/user" "github.com/edgelesssys/constellation/internal/file" kms "github.com/edgelesssys/constellation/kms/server/setup" diff --git a/coordinator/core/reinitialize_test.go b/coordinator/core/reinitialize_test.go index 6ef53a39d..e438d8dce 100644 --- a/coordinator/core/reinitialize_test.go +++ b/coordinator/core/reinitialize_test.go @@ -5,13 +5,13 @@ import ( "errors" "testing" - "github.com/edgelesssys/constellation/coordinator/atls" "github.com/edgelesssys/constellation/coordinator/cloudprovider/cloudtypes" "github.com/edgelesssys/constellation/coordinator/peer" "github.com/edgelesssys/constellation/coordinator/pubapi/pubproto" "github.com/edgelesssys/constellation/coordinator/role" "github.com/edgelesssys/constellation/coordinator/util/grpcutil" "github.com/edgelesssys/constellation/coordinator/util/testdialer" + "github.com/edgelesssys/constellation/internal/atls" "github.com/edgelesssys/constellation/internal/deploy/user" "github.com/edgelesssys/constellation/internal/file" kms "github.com/edgelesssys/constellation/kms/server/setup" diff --git a/coordinator/core/state.go b/coordinator/core/state.go index 5b160c7af..28d1cde8b 100644 --- a/coordinator/core/state.go +++ b/coordinator/core/state.go @@ -1,8 +1,8 @@ package core import ( - "github.com/edgelesssys/constellation/coordinator/attestation/vtpm" "github.com/edgelesssys/constellation/coordinator/state" + "github.com/edgelesssys/constellation/internal/attestation/vtpm" ) // GetState returns the current state. diff --git a/coordinator/core/state_test.go b/coordinator/core/state_test.go index cc1259f84..a791190d1 100644 --- a/coordinator/core/state_test.go +++ b/coordinator/core/state_test.go @@ -5,8 +5,8 @@ import ( "io" "testing" - "github.com/edgelesssys/constellation/coordinator/attestation/simulator" "github.com/edgelesssys/constellation/coordinator/state" + "github.com/edgelesssys/constellation/internal/attestation/simulator" "github.com/edgelesssys/constellation/internal/deploy/user" "github.com/edgelesssys/constellation/internal/file" "github.com/spf13/afero" diff --git a/coordinator/pubapi/coord_test.go b/coordinator/pubapi/coord_test.go index 19e691235..1c91b3473 100644 --- a/coordinator/pubapi/coord_test.go +++ b/coordinator/pubapi/coord_test.go @@ -10,19 +10,19 @@ import ( "sync" "testing" - "github.com/edgelesssys/constellation/coordinator/atls" - "github.com/edgelesssys/constellation/coordinator/attestation/vtpm" "github.com/edgelesssys/constellation/coordinator/core" "github.com/edgelesssys/constellation/coordinator/logging" - "github.com/edgelesssys/constellation/coordinator/oid" "github.com/edgelesssys/constellation/coordinator/peer" "github.com/edgelesssys/constellation/coordinator/pubapi/pubproto" "github.com/edgelesssys/constellation/coordinator/role" "github.com/edgelesssys/constellation/coordinator/state" "github.com/edgelesssys/constellation/coordinator/util/grpcutil" "github.com/edgelesssys/constellation/coordinator/util/testdialer" + "github.com/edgelesssys/constellation/internal/atls" + "github.com/edgelesssys/constellation/internal/attestation/vtpm" "github.com/edgelesssys/constellation/internal/deploy/ssh" "github.com/edgelesssys/constellation/internal/deploy/user" + "github.com/edgelesssys/constellation/internal/oid" kms "github.com/edgelesssys/constellation/kms/server/setup" "github.com/edgelesssys/constellation/state/keyservice/keyproto" "github.com/spf13/afero" diff --git a/coordinator/pubapi/node_test.go b/coordinator/pubapi/node_test.go index a857ee4f8..c7499e8e6 100644 --- a/coordinator/pubapi/node_test.go +++ b/coordinator/pubapi/node_test.go @@ -8,7 +8,6 @@ import ( "net" "testing" - "github.com/edgelesssys/constellation/coordinator/atls" "github.com/edgelesssys/constellation/coordinator/core" "github.com/edgelesssys/constellation/coordinator/logging" "github.com/edgelesssys/constellation/coordinator/peer" @@ -18,6 +17,7 @@ import ( "github.com/edgelesssys/constellation/coordinator/util/grpcutil" "github.com/edgelesssys/constellation/coordinator/util/testdialer" "github.com/edgelesssys/constellation/coordinator/vpnapi/vpnproto" + "github.com/edgelesssys/constellation/internal/atls" "github.com/edgelesssys/constellation/internal/deploy/ssh" "github.com/edgelesssys/constellation/internal/deploy/user" "github.com/spf13/afero" diff --git a/coordinator/util/grpcutil/dialer.go b/coordinator/util/grpcutil/dialer.go index 60bafbbbc..feb4db625 100644 --- a/coordinator/util/grpcutil/dialer.go +++ b/coordinator/util/grpcutil/dialer.go @@ -4,7 +4,7 @@ import ( "context" "net" - "github.com/edgelesssys/constellation/coordinator/atls" + "github.com/edgelesssys/constellation/internal/atls" "google.golang.org/grpc" "google.golang.org/grpc/credentials" "google.golang.org/grpc/credentials/insecure" diff --git a/coordinator/util/grpcutil/dialer_test.go b/coordinator/util/grpcutil/dialer_test.go index 052ae083f..772ca7768 100644 --- a/coordinator/util/grpcutil/dialer_test.go +++ b/coordinator/util/grpcutil/dialer_test.go @@ -4,9 +4,9 @@ import ( "context" "testing" - "github.com/edgelesssys/constellation/coordinator/atls" "github.com/edgelesssys/constellation/coordinator/core" "github.com/edgelesssys/constellation/coordinator/util/testdialer" + "github.com/edgelesssys/constellation/internal/atls" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "google.golang.org/grpc" diff --git a/hack/go.mod b/hack/go.mod index 7dc8df4c9..9520a5b62 100644 --- a/hack/go.mod +++ b/hack/go.mod @@ -138,7 +138,7 @@ require ( golang.org/x/net v0.0.0-20220225172249-27dd8689420f // indirect golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a // indirect golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect - golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5 // indirect + golang.org/x/sys v0.0.0-20220412211240-33da011f77ad // indirect golang.org/x/text v0.3.7 // indirect golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect golang.zx2c4.com/wireguard v0.0.0-20220202223031-3b95c81cc178 // indirect diff --git a/hack/go.sum b/hack/go.sum index baf2e6d78..0b522ea6b 100644 --- a/hack/go.sum +++ b/hack/go.sum @@ -394,7 +394,6 @@ github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/me github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/godbus/dbus/v5 v5.0.6 h1:mkgN1ofwASrYnJ5W6U/BxG15eXXXjirgZc7CLqkcaro= github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= @@ -521,7 +520,6 @@ github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/rpmpack v0.0.0-20191226140753-aa36bfddb3a0/go.mod h1:RaTPr0KUf2K7fnZYLNDrr8rxAamWs3iNywJLtQ2AzBg= -github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= github.com/google/tink/go v1.6.1 h1:t7JHqO8Ath2w2ig5vjwQYJzhGEZymedQc90lQXUBa4I= github.com/google/tink/go v1.6.1/go.mod h1:IGW53kTgag+st5yPhKKwJ6u2l+SSp5/v9XF7spovjlY= @@ -610,7 +608,6 @@ github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63 github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/icholy/replace v0.5.0 h1:Nx80zYQVlowdba+3Y6dvHDnmxaGtBrDlf2wYn9GyIXQ= github.com/imdario/mergo v0.3.4/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= @@ -1286,8 +1283,9 @@ golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220207234003-57398862261d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5 h1:y/woIyUBFbpQGKS0u1aHF/40WUDnek3fPOyD08H5Vng= golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220412211240-33da011f77ad h1:ntjMns5wyP/fN65tdBD4g8J5w8n015+iIIs9rtjXkY0= +golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1648,12 +1646,9 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.24.0 h1:J0hann2hfxWr1hinZIDefw7Q96wmCBx6SSB8IY0MdDg= k8s.io/apimachinery v0.24.0 h1:ydFCyC/DjCvFCHK5OPMKBlxayQytB8pxy8YQInd5UyQ= -k8s.io/apiserver v0.24.0 h1:GR7kGsjOMfilRvlG3Stxv/3uz/ryvJ/aZXc5pqdsNV0= -k8s.io/client-go v0.24.0 h1:lbE4aB1gTHvYFSwm6eD3OF14NhFDKCejlnsGYlSJe5U= k8s.io/cluster-bootstrap v0.24.0 h1:MTs2x3Vfcl/PWvB5bfX7gzTFRyi4ZSbNSQgGJTCb6Sw= k8s.io/component-base v0.24.0 h1:h5jieHZQoHrY/lHG+HyrSbJeyfuitheBvqvKwKHVC0g= k8s.io/klog/v2 v2.60.1 h1:VW25q3bZx9uE3vvdL6M8ezOX79vA2Aq1nEWLqNQclHc= -k8s.io/kubelet v0.24.0 h1:fH+D6mSr4DGIeHp/O2+mCEJhkVq3Gpgv9BVOHI+GrWY= k8s.io/kubernetes v1.24.0 h1:9qRjlCuMjooyFTXLxduMBT+MZSdROWa3idI1AXZirVs= k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 h1:HNSDgDCrr/6Ly3WEGKZftiE7IY19Vz2GdbOCyI4qqhc= pack.ag/amqp v0.11.2/go.mod h1:4/cbmt4EJXSKlG6LCfWHoqmN0uFdy5i/+YFz+fTfhV4= @@ -1664,5 +1659,4 @@ sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 h1:kDi4JBNAsJWfz1aEXhO8Jg87J sigs.k8s.io/structured-merge-diff/v4 v4.2.1 h1:bKCqE9GvQ5tiVHn5rfn1r+yao3aLQEaLzkkmAkf+A6Y= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= diff --git a/hack/pcr-reader/main.go b/hack/pcr-reader/main.go index bb23c760f..615205cb4 100644 --- a/hack/pcr-reader/main.go +++ b/hack/pcr-reader/main.go @@ -14,13 +14,13 @@ import ( "os" "time" - "github.com/edgelesssys/constellation/coordinator/atls" - "github.com/edgelesssys/constellation/coordinator/attestation/azure" - "github.com/edgelesssys/constellation/coordinator/attestation/gcp" - "github.com/edgelesssys/constellation/coordinator/attestation/vtpm" - "github.com/edgelesssys/constellation/coordinator/oid" "github.com/edgelesssys/constellation/coordinator/pubapi/pubproto" "github.com/edgelesssys/constellation/coordinator/state" + "github.com/edgelesssys/constellation/internal/atls" + "github.com/edgelesssys/constellation/internal/attestation/azure" + "github.com/edgelesssys/constellation/internal/attestation/gcp" + "github.com/edgelesssys/constellation/internal/attestation/vtpm" + "github.com/edgelesssys/constellation/internal/oid" "github.com/edgelesssys/constellation/internal/statuswaiter" "github.com/spf13/afero" "google.golang.org/grpc" diff --git a/hack/pcr-reader/main_test.go b/hack/pcr-reader/main_test.go index 0d409ec1d..c11ed00e3 100644 --- a/hack/pcr-reader/main_test.go +++ b/hack/pcr-reader/main_test.go @@ -13,8 +13,8 @@ import ( "math/big" "testing" - "github.com/edgelesssys/constellation/coordinator/attestation/vtpm" - "github.com/edgelesssys/constellation/coordinator/oid" + "github.com/edgelesssys/constellation/internal/attestation/vtpm" + "github.com/edgelesssys/constellation/internal/oid" "github.com/google/go-tpm-tools/proto/attest" "github.com/google/go-tpm-tools/proto/tpm" "github.com/spf13/afero" diff --git a/internal/atls/README.md b/internal/atls/README.md new file mode 100644 index 000000000..d14f098aa --- /dev/null +++ b/internal/atls/README.md @@ -0,0 +1,86 @@ +# Attested TLS (aTLS) + +In a confidential computing (CC) environment, attested TLS (aTLS) can be used to establish secure connections between two parties utilizing the remote attestation features of the CC components. + +aTLs modifies the TLS handshake by embedding an attestation statement into the TLS certificate. +Instead of relying on a Certificate Authority, aTLS uses this attestation statement to establish trust in the certificate. + +The protocol can be used by clients to verify a server certificate, by a server to verify a client certificate, or for mutual verification (mutual aTLS). + +## Client side verification + +1. The client sends a ClientHello message, setting ServerName to a random nonce. + +2. The server generates an attestation statement using the clients nonce and its CC capabilities. + * The attestation is embedded in the server certificate using x509 certificate extensions with an object identifier (OID) to identify the CC attestation type. See [OID](../oid/oid.go) for implementation details. + +3. The client verifies the attestation statement. + +4. If successful the client can trust the server to be running the expected configuration, and finish the TLS handshake. + +```mermaid +sequenceDiagram + participant Client + participant Server + Client->>Server: ClientHello(nonce) + Server->>Client: ServerCertificate(AttestationStatement), ServerHelloDone + Note over Client: Verify Attestation + Client->>Server: ClientKeyExchange + Client->>Server: ChangeCipherSpec, Finished + Server->>Client: +``` + +## Server side verification + +1. The client sends a ClientHello message + +2. The server sends back a certificate with a random nonce. The nonce is embedded using x509 certificate extensions with the OID `1.3.9900.0.1`. + +3. The client does not verify the servers certificate, but uses the embedded nonce to generate an attestation based on its CC capabilities. + * The attestation is embedded in the client certificate using x509 certificate extensions with an OID to identify the CC attestation type. + +4. The server verifies the client's attestation statement. + +5. If successful the server can trust the client to be running the expected configuration, and finish the TLS handshake. + +```mermaid +sequenceDiagram + participant Client + participant Server + Client->>Server: ClientHello + Server->>Client: ServerCertificate(nonce), ServerHelloDone + Client->>Server: ClientKeyExchange, ClientCertificate(AttestationStatement) + Client->>Server: ChangeCipherSpec, Finished + Note over Server: Verify Attestation + Server->>Client: ChangeCipherSpec, Finished +``` + +## Mutual aTLS + +1. The client sends a ClientHello message, setting ServerName to a random nonce. + +2. The server generates an attestation statement using the clients nonce and its CC capabilities. + * The attestation is embedded in the server certificate using x509 certificate extensions with an OID to identify the attestation type. + * A nonce is embedded using x509 certificate extensions with the OID `1.3.9900.0.1`. + +3. The client verifies the attestation statement. + +4. The client uses the nonce embedded in the server's certificate to generate an attestation based on its CC capabilities. + * The attestation is embedded in the client certificate using x509 certificate extensions with an OID to identify the CC attestation type. + +5. The server verifies the client's attestation statement. + +6. If all verifications were successful, mutual trust in each others configuration is established, and the TLS handshake can be finished. + +```mermaid +sequenceDiagram + participant Client + participant Server + Client->>Server: ClientHello(nonce) + Server->>Client: ServerCertificate(AttestationStatement, nonce), ServerHelloDone + Note over Client: Verify Attestation + Client->>Server: ClientKeyExchange, ClientCertificate(AttestationStatement) + Client->>Server: ChangeCipherSpec, Finished + Note over Server: Verify Attestation + Server->>Client: ChangeCipherSpec, Finished +``` diff --git a/coordinator/atls/atls.go b/internal/atls/atls.go similarity index 99% rename from coordinator/atls/atls.go rename to internal/atls/atls.go index 16ef9303f..84a347704 100644 --- a/coordinator/atls/atls.go +++ b/internal/atls/atls.go @@ -14,8 +14,8 @@ import ( "time" "github.com/edgelesssys/constellation/coordinator/config" - "github.com/edgelesssys/constellation/coordinator/oid" "github.com/edgelesssys/constellation/coordinator/util" + "github.com/edgelesssys/constellation/internal/oid" ) // CreateAttestationServerTLSConfig creates a tls.Config object with a self-signed certificate and an embedded attestation document. diff --git a/coordinator/atls/atls_test.go b/internal/atls/atls_test.go similarity index 100% rename from coordinator/atls/atls_test.go rename to internal/atls/atls_test.go diff --git a/coordinator/attestation/aws/issuer.go b/internal/attestation/aws/issuer.go similarity index 71% rename from coordinator/attestation/aws/issuer.go rename to internal/attestation/aws/issuer.go index f536dbc6d..63ec04ec5 100644 --- a/coordinator/attestation/aws/issuer.go +++ b/internal/attestation/aws/issuer.go @@ -1,6 +1,6 @@ package aws -import "github.com/edgelesssys/constellation/coordinator/oid" +import "github.com/edgelesssys/constellation/internal/oid" type Issuer struct { oid.AWS diff --git a/coordinator/attestation/aws/validator.go b/internal/attestation/aws/validator.go similarity index 76% rename from coordinator/attestation/aws/validator.go rename to internal/attestation/aws/validator.go index 6ad4e3307..e901f30c9 100644 --- a/coordinator/attestation/aws/validator.go +++ b/internal/attestation/aws/validator.go @@ -1,7 +1,7 @@ package aws import ( - "github.com/edgelesssys/constellation/coordinator/oid" + "github.com/edgelesssys/constellation/internal/oid" ) type Validator struct { diff --git a/coordinator/attestation/azure/azure_test.go b/internal/attestation/azure/azure_test.go similarity index 95% rename from coordinator/attestation/azure/azure_test.go rename to internal/attestation/azure/azure_test.go index 8475bd5c0..df46b93da 100644 --- a/coordinator/attestation/azure/azure_test.go +++ b/internal/attestation/azure/azure_test.go @@ -7,7 +7,7 @@ import ( "encoding/json" "testing" - "github.com/edgelesssys/constellation/coordinator/attestation/vtpm" + "github.com/edgelesssys/constellation/internal/attestation/vtpm" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/coordinator/attestation/azure/issuer.go b/internal/attestation/azure/issuer.go similarity index 83% rename from coordinator/attestation/azure/issuer.go rename to internal/attestation/azure/issuer.go index b94079f6b..172b6aadb 100644 --- a/coordinator/attestation/azure/issuer.go +++ b/internal/attestation/azure/issuer.go @@ -3,8 +3,8 @@ package azure import ( "io" - "github.com/edgelesssys/constellation/coordinator/attestation/vtpm" - "github.com/edgelesssys/constellation/coordinator/oid" + "github.com/edgelesssys/constellation/internal/attestation/vtpm" + "github.com/edgelesssys/constellation/internal/oid" tpmclient "github.com/google/go-tpm-tools/client" ) diff --git a/coordinator/attestation/azure/issuer_test.go b/internal/attestation/azure/issuer_test.go similarity index 81% rename from coordinator/attestation/azure/issuer_test.go rename to internal/attestation/azure/issuer_test.go index e7ca5bdf3..e90922b12 100644 --- a/coordinator/attestation/azure/issuer_test.go +++ b/internal/attestation/azure/issuer_test.go @@ -3,8 +3,8 @@ package azure import ( "testing" - "github.com/edgelesssys/constellation/coordinator/attestation/simulator" - "github.com/edgelesssys/constellation/coordinator/attestation/vtpm" + "github.com/edgelesssys/constellation/internal/attestation/simulator" + "github.com/edgelesssys/constellation/internal/attestation/vtpm" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/coordinator/attestation/azure/validator.go b/internal/attestation/azure/validator.go similarity index 90% rename from coordinator/attestation/azure/validator.go rename to internal/attestation/azure/validator.go index edfcfa5db..8d6737b49 100644 --- a/coordinator/attestation/azure/validator.go +++ b/internal/attestation/azure/validator.go @@ -3,8 +3,8 @@ package azure import ( "crypto" - "github.com/edgelesssys/constellation/coordinator/attestation/vtpm" - "github.com/edgelesssys/constellation/coordinator/oid" + "github.com/edgelesssys/constellation/internal/attestation/vtpm" + "github.com/edgelesssys/constellation/internal/oid" "github.com/google/go-tpm/tpm2" ) diff --git a/coordinator/attestation/azure/validator_test.go b/internal/attestation/azure/validator_test.go similarity index 90% rename from coordinator/attestation/azure/validator_test.go rename to internal/attestation/azure/validator_test.go index 133e7c7c6..32cad901e 100644 --- a/coordinator/attestation/azure/validator_test.go +++ b/internal/attestation/azure/validator_test.go @@ -3,8 +3,8 @@ package azure import ( "testing" - "github.com/edgelesssys/constellation/coordinator/attestation/simulator" - "github.com/edgelesssys/constellation/coordinator/attestation/vtpm" + "github.com/edgelesssys/constellation/internal/attestation/simulator" + "github.com/edgelesssys/constellation/internal/attestation/vtpm" "github.com/google/go-tpm-tools/client" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/coordinator/attestation/gcp/README.md b/internal/attestation/gcp/README.md similarity index 100% rename from coordinator/attestation/gcp/README.md rename to internal/attestation/gcp/README.md diff --git a/coordinator/attestation/gcp/gcp_test.go b/internal/attestation/gcp/gcp_test.go similarity index 95% rename from coordinator/attestation/gcp/gcp_test.go rename to internal/attestation/gcp/gcp_test.go index c5d9616c2..967b6d9e1 100644 --- a/coordinator/attestation/gcp/gcp_test.go +++ b/internal/attestation/gcp/gcp_test.go @@ -7,7 +7,7 @@ import ( "encoding/json" "testing" - "github.com/edgelesssys/constellation/coordinator/attestation/vtpm" + "github.com/edgelesssys/constellation/internal/attestation/vtpm" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/coordinator/attestation/gcp/issuer.go b/internal/attestation/gcp/issuer.go similarity index 93% rename from coordinator/attestation/gcp/issuer.go rename to internal/attestation/gcp/issuer.go index 229c49ea1..0a80ef06d 100644 --- a/coordinator/attestation/gcp/issuer.go +++ b/internal/attestation/gcp/issuer.go @@ -6,8 +6,8 @@ import ( "io" "cloud.google.com/go/compute/metadata" - "github.com/edgelesssys/constellation/coordinator/attestation/vtpm" - "github.com/edgelesssys/constellation/coordinator/oid" + "github.com/edgelesssys/constellation/internal/attestation/vtpm" + "github.com/edgelesssys/constellation/internal/oid" tpmclient "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/proto/attest" ) diff --git a/coordinator/attestation/gcp/issuer_test.go b/internal/attestation/gcp/issuer_test.go similarity index 100% rename from coordinator/attestation/gcp/issuer_test.go rename to internal/attestation/gcp/issuer_test.go diff --git a/coordinator/attestation/gcp/validator.go b/internal/attestation/gcp/validator.go similarity index 96% rename from coordinator/attestation/gcp/validator.go rename to internal/attestation/gcp/validator.go index 908f685ec..4c7ce6123 100644 --- a/coordinator/attestation/gcp/validator.go +++ b/internal/attestation/gcp/validator.go @@ -12,8 +12,8 @@ import ( "time" compute "cloud.google.com/go/compute/apiv1" - "github.com/edgelesssys/constellation/coordinator/attestation/vtpm" - "github.com/edgelesssys/constellation/coordinator/oid" + "github.com/edgelesssys/constellation/internal/attestation/vtpm" + "github.com/edgelesssys/constellation/internal/oid" "github.com/google/go-tpm-tools/proto/attest" "github.com/google/go-tpm-tools/server" "github.com/googleapis/gax-go/v2" diff --git a/coordinator/attestation/gcp/validator_test.go b/internal/attestation/gcp/validator_test.go similarity index 98% rename from coordinator/attestation/gcp/validator_test.go rename to internal/attestation/gcp/validator_test.go index ddcce3e5a..a7c7c9c59 100644 --- a/coordinator/attestation/gcp/validator_test.go +++ b/internal/attestation/gcp/validator_test.go @@ -7,7 +7,7 @@ import ( "errors" "testing" - "github.com/edgelesssys/constellation/coordinator/attestation/vtpm" + "github.com/edgelesssys/constellation/internal/attestation/vtpm" "github.com/google/go-tpm-tools/proto/attest" "github.com/googleapis/gax-go/v2" "github.com/stretchr/testify/assert" diff --git a/coordinator/attestation/qemu/issuer.go b/internal/attestation/qemu/issuer.go similarity index 76% rename from coordinator/attestation/qemu/issuer.go rename to internal/attestation/qemu/issuer.go index c3942c201..426d1cc1c 100644 --- a/coordinator/attestation/qemu/issuer.go +++ b/internal/attestation/qemu/issuer.go @@ -3,8 +3,8 @@ package qemu import ( "io" - "github.com/edgelesssys/constellation/coordinator/attestation/vtpm" - "github.com/edgelesssys/constellation/coordinator/oid" + "github.com/edgelesssys/constellation/internal/attestation/vtpm" + "github.com/edgelesssys/constellation/internal/oid" tpmclient "github.com/google/go-tpm-tools/client" ) diff --git a/coordinator/attestation/qemu/validator.go b/internal/attestation/qemu/validator.go similarity index 85% rename from coordinator/attestation/qemu/validator.go rename to internal/attestation/qemu/validator.go index f4845771a..2797eed40 100644 --- a/coordinator/attestation/qemu/validator.go +++ b/internal/attestation/qemu/validator.go @@ -3,8 +3,8 @@ package qemu import ( "crypto" - "github.com/edgelesssys/constellation/coordinator/attestation/vtpm" - "github.com/edgelesssys/constellation/coordinator/oid" + "github.com/edgelesssys/constellation/internal/attestation/vtpm" + "github.com/edgelesssys/constellation/internal/oid" "github.com/google/go-tpm/tpm2" ) diff --git a/coordinator/attestation/simulator/simulator.go b/internal/attestation/simulator/simulator.go similarity index 100% rename from coordinator/attestation/simulator/simulator.go rename to internal/attestation/simulator/simulator.go diff --git a/coordinator/attestation/simulator/simulator_disabled.go b/internal/attestation/simulator/simulator_disabled.go similarity index 100% rename from coordinator/attestation/simulator/simulator_disabled.go rename to internal/attestation/simulator/simulator_disabled.go diff --git a/coordinator/attestation/vtpm/attestation.go b/internal/attestation/vtpm/attestation.go similarity index 100% rename from coordinator/attestation/vtpm/attestation.go rename to internal/attestation/vtpm/attestation.go diff --git a/coordinator/attestation/vtpm/attestation_test.go b/internal/attestation/vtpm/attestation_test.go similarity index 99% rename from coordinator/attestation/vtpm/attestation_test.go rename to internal/attestation/vtpm/attestation_test.go index fe7115f72..6c094f570 100644 --- a/coordinator/attestation/vtpm/attestation_test.go +++ b/internal/attestation/vtpm/attestation_test.go @@ -7,7 +7,7 @@ import ( "io" "testing" - tpmsim "github.com/edgelesssys/constellation/coordinator/attestation/simulator" + tpmsim "github.com/edgelesssys/constellation/internal/attestation/simulator" tpmclient "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/proto/attest" "github.com/google/go-tpm-tools/proto/tpm" diff --git a/coordinator/attestation/vtpm/initialize.go b/internal/attestation/vtpm/initialize.go similarity index 100% rename from coordinator/attestation/vtpm/initialize.go rename to internal/attestation/vtpm/initialize.go diff --git a/coordinator/attestation/vtpm/initialize_test.go b/internal/attestation/vtpm/initialize_test.go similarity index 97% rename from coordinator/attestation/vtpm/initialize_test.go rename to internal/attestation/vtpm/initialize_test.go index 3fcfe82b3..9b8b4adaf 100644 --- a/coordinator/attestation/vtpm/initialize_test.go +++ b/internal/attestation/vtpm/initialize_test.go @@ -5,7 +5,7 @@ import ( "io" "testing" - "github.com/edgelesssys/constellation/coordinator/attestation/simulator" + "github.com/edgelesssys/constellation/internal/attestation/simulator" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm/tpm2" "github.com/stretchr/testify/assert" diff --git a/coordinator/attestation/vtpm/vtpm.go b/internal/attestation/vtpm/vtpm.go similarity index 100% rename from coordinator/attestation/vtpm/vtpm.go rename to internal/attestation/vtpm/vtpm.go diff --git a/coordinator/attestation/vtpm/vtpm_test.go b/internal/attestation/vtpm/vtpm_test.go similarity index 100% rename from coordinator/attestation/vtpm/vtpm_test.go rename to internal/attestation/vtpm/vtpm_test.go diff --git a/internal/config/measurements.go b/internal/config/measurements.go index e1c8a99eb..6470a32d2 100644 --- a/internal/config/measurements.go +++ b/internal/config/measurements.go @@ -3,7 +3,7 @@ package config import ( "encoding/base64" - "github.com/edgelesssys/constellation/coordinator/attestation/vtpm" + "github.com/edgelesssys/constellation/internal/attestation/vtpm" ) type Measurements map[uint32][]byte diff --git a/coordinator/oid/oid.go b/internal/oid/oid.go similarity index 100% rename from coordinator/oid/oid.go rename to internal/oid/oid.go diff --git a/internal/statuswaiter/statuswaiter.go b/internal/statuswaiter/statuswaiter.go index 4136fde67..ffb0a2374 100644 --- a/internal/statuswaiter/statuswaiter.go +++ b/internal/statuswaiter/statuswaiter.go @@ -6,9 +6,9 @@ import ( "io" "time" - "github.com/edgelesssys/constellation/coordinator/atls" "github.com/edgelesssys/constellation/coordinator/pubapi/pubproto" "github.com/edgelesssys/constellation/coordinator/state" + "github.com/edgelesssys/constellation/internal/atls" "google.golang.org/grpc" grpccodes "google.golang.org/grpc/codes" "google.golang.org/grpc/credentials" diff --git a/internal/statuswaiter/statuswaiter_test.go b/internal/statuswaiter/statuswaiter_test.go index 6ff8762ed..87cd74b11 100644 --- a/internal/statuswaiter/statuswaiter_test.go +++ b/internal/statuswaiter/statuswaiter_test.go @@ -6,10 +6,10 @@ import ( "testing" "time" - "github.com/edgelesssys/constellation/coordinator/atls" "github.com/edgelesssys/constellation/coordinator/core" "github.com/edgelesssys/constellation/coordinator/pubapi/pubproto" "github.com/edgelesssys/constellation/coordinator/state" + "github.com/edgelesssys/constellation/internal/atls" "github.com/stretchr/testify/assert" "google.golang.org/grpc" ) diff --git a/state/cmd/main.go b/state/cmd/main.go index 0357e68b5..326878758 100644 --- a/state/cmd/main.go +++ b/state/cmd/main.go @@ -10,13 +10,13 @@ import ( "strings" "time" - "github.com/edgelesssys/constellation/coordinator/attestation/azure" - "github.com/edgelesssys/constellation/coordinator/attestation/gcp" - "github.com/edgelesssys/constellation/coordinator/attestation/qemu" - "github.com/edgelesssys/constellation/coordinator/attestation/vtpm" azurecloud "github.com/edgelesssys/constellation/coordinator/cloudprovider/azure" gcpcloud "github.com/edgelesssys/constellation/coordinator/cloudprovider/gcp" "github.com/edgelesssys/constellation/coordinator/core" + "github.com/edgelesssys/constellation/internal/attestation/azure" + "github.com/edgelesssys/constellation/internal/attestation/gcp" + "github.com/edgelesssys/constellation/internal/attestation/qemu" + "github.com/edgelesssys/constellation/internal/attestation/vtpm" "github.com/edgelesssys/constellation/state/keyservice" "github.com/edgelesssys/constellation/state/mapper" "github.com/edgelesssys/constellation/state/setup" diff --git a/state/keyservice/keyservice.go b/state/keyservice/keyservice.go index 0ab8cc18d..a59d3abc4 100644 --- a/state/keyservice/keyservice.go +++ b/state/keyservice/keyservice.go @@ -9,10 +9,10 @@ import ( "sync" "time" - "github.com/edgelesssys/constellation/coordinator/atls" "github.com/edgelesssys/constellation/coordinator/config" "github.com/edgelesssys/constellation/coordinator/core" "github.com/edgelesssys/constellation/coordinator/pubapi/pubproto" + "github.com/edgelesssys/constellation/internal/atls" "github.com/edgelesssys/constellation/state/keyservice/keyproto" "google.golang.org/grpc" "google.golang.org/grpc/codes" diff --git a/state/keyservice/keyservice_test.go b/state/keyservice/keyservice_test.go index f3b1cc8e5..ddd206a6e 100644 --- a/state/keyservice/keyservice_test.go +++ b/state/keyservice/keyservice_test.go @@ -7,11 +7,11 @@ import ( "testing" "time" - "github.com/edgelesssys/constellation/coordinator/atls" "github.com/edgelesssys/constellation/coordinator/cloudprovider/cloudtypes" "github.com/edgelesssys/constellation/coordinator/core" "github.com/edgelesssys/constellation/coordinator/pubapi/pubproto" "github.com/edgelesssys/constellation/coordinator/role" + "github.com/edgelesssys/constellation/internal/atls" "github.com/edgelesssys/constellation/state/keyservice/keyproto" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/state/setup/setup.go b/state/setup/setup.go index 76cc02468..373be1d00 100644 --- a/state/setup/setup.go +++ b/state/setup/setup.go @@ -9,9 +9,9 @@ import ( "path/filepath" "syscall" - "github.com/edgelesssys/constellation/coordinator/attestation/vtpm" "github.com/edgelesssys/constellation/coordinator/config" "github.com/edgelesssys/constellation/coordinator/nodestate" + "github.com/edgelesssys/constellation/internal/attestation/vtpm" "github.com/edgelesssys/constellation/internal/file" "github.com/spf13/afero" ) diff --git a/state/setup/setup_test.go b/state/setup/setup_test.go index 9bebd0bf3..5501c6eb7 100644 --- a/state/setup/setup_test.go +++ b/state/setup/setup_test.go @@ -7,9 +7,9 @@ import ( "path/filepath" "testing" - "github.com/edgelesssys/constellation/coordinator/attestation/vtpm" "github.com/edgelesssys/constellation/coordinator/config" "github.com/edgelesssys/constellation/coordinator/nodestate" + "github.com/edgelesssys/constellation/internal/attestation/vtpm" "github.com/edgelesssys/constellation/internal/file" "github.com/spf13/afero" "github.com/stretchr/testify/assert" diff --git a/state/test/integration_test.go b/state/test/integration_test.go index b6cc08059..ff232ac2f 100644 --- a/state/test/integration_test.go +++ b/state/test/integration_test.go @@ -11,8 +11,8 @@ import ( "testing" "time" - "github.com/edgelesssys/constellation/coordinator/atls" "github.com/edgelesssys/constellation/coordinator/core" + "github.com/edgelesssys/constellation/internal/atls" "github.com/edgelesssys/constellation/state/keyservice" "github.com/edgelesssys/constellation/state/keyservice/keyproto" "github.com/edgelesssys/constellation/state/mapper" diff --git a/test/coordinator_integration_test.go b/test/coordinator_integration_test.go index 7a3d6d444..323095784 100644 --- a/test/coordinator_integration_test.go +++ b/test/coordinator_integration_test.go @@ -21,12 +21,12 @@ import ( "github.com/docker/docker/client" "github.com/docker/docker/pkg/archive" "github.com/docker/go-connections/nat" - "github.com/edgelesssys/constellation/coordinator/atls" "github.com/edgelesssys/constellation/coordinator/core" "github.com/edgelesssys/constellation/coordinator/pubapi/pubproto" "github.com/edgelesssys/constellation/coordinator/role" "github.com/edgelesssys/constellation/coordinator/store" "github.com/edgelesssys/constellation/coordinator/storewrapper" + "github.com/edgelesssys/constellation/internal/atls" kms "github.com/edgelesssys/constellation/kms/server/setup" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require"