Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-07-31 19:18:40 -04:00
Code Issues Projects Releases Packages Wiki Activity

Add qemu vTPM issuer and validator

Browse source 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße 2022-04-21 16:27:34 +02:00 committed by Daniel Weiße
parent f5aafd8178
commit 956ced6e3d
5 changed files with 71 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

36
coordinator/attestation/qemu/validator.go Normal file
View file

@ -0,0 +1,36 @@
package qemu
import (
"crypto"
"github.com/edgelesssys/constellation/coordinator/attestation/vtpm"
"github.com/edgelesssys/constellation/coordinator/oid"
"github.com/google/go-tpm/tpm2"
)
// Validator for QEMU VM attestation.
type Validator struct {
oid.QEMU
*vtpm.Validator
}
// NewValidator initializes a new qemu validator with the provided PCR values.
func NewValidator(pcrs map[uint32][]byte) *Validator {
return &Validator{
Validator: vtpm.NewValidator(
pcrs,
unconditionalTrust,
func(attestation vtpm.AttestationDocument) error { return nil },
vtpm.VerifyPKCS1v15,
),
}
}
// unconditionalTrust returns the given public key as the trusted attestation key.
func unconditionalTrust(akPub, instanceInfo []byte) (crypto.PublicKey, error) {
pubArea, err := tpm2.DecodePublic(akPub)
if err != nil {
return nil, err
}
return pubArea.Key()
}