diff --git a/bootstrapper/cmd/bootstrapper/BUILD.bazel b/bootstrapper/cmd/bootstrapper/BUILD.bazel index 798176136..4ac60a92a 100644 --- a/bootstrapper/cmd/bootstrapper/BUILD.bazel +++ b/bootstrapper/cmd/bootstrapper/BUILD.bazel @@ -38,8 +38,8 @@ go_library( "//internal/grpc/dialer", "//internal/kubernetes/kubectl", "//internal/logger", - "//internal/oid", "//internal/role", + "//internal/variant", "//internal/versions/components", "@com_github_spf13_afero//:afero", "@io_k8s_kubernetes//cmd/kubeadm/app/apis/kubeadm/v1beta3", diff --git a/bootstrapper/cmd/bootstrapper/main.go b/bootstrapper/cmd/bootstrapper/main.go index 6f40d0ef7..b71ca05a1 100644 --- a/bootstrapper/cmd/bootstrapper/main.go +++ b/bootstrapper/cmd/bootstrapper/main.go @@ -32,7 +32,7 @@ import ( "github.com/edgelesssys/constellation/v2/internal/file" "github.com/edgelesssys/constellation/v2/internal/kubernetes/kubectl" "github.com/edgelesssys/constellation/v2/internal/logger" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" "github.com/spf13/afero" "go.uber.org/zap" ) @@ -71,7 +71,7 @@ func main() { log.With(zap.Error(err)).Fatalf("Helm client could not be initialized") } - attestVariant, err := oid.FromString(os.Getenv(constants.AttestationVariant)) + attestVariant, err := variant.FromString(os.Getenv(constants.AttestationVariant)) if err != nil { log.With(zap.Error(err)).Fatalf("Failed to parse attestation variant") } diff --git a/bootstrapper/internal/initserver/BUILD.bazel b/bootstrapper/internal/initserver/BUILD.bazel index 874d7df74..5ce63288f 100644 --- a/bootstrapper/internal/initserver/BUILD.bazel +++ b/bootstrapper/internal/initserver/BUILD.bazel @@ -44,7 +44,7 @@ go_test( "//internal/kms/setup", "//internal/kms/uri", "//internal/logger", - "//internal/oid", + "//internal/variant", "//internal/versions/components", "@com_github_spf13_afero//:afero", "@com_github_stretchr_testify//assert", diff --git a/bootstrapper/internal/initserver/initserver_test.go b/bootstrapper/internal/initserver/initserver_test.go index 535e458f8..45ce7cfd9 100644 --- a/bootstrapper/internal/initserver/initserver_test.go +++ b/bootstrapper/internal/initserver/initserver_test.go @@ -22,7 +22,7 @@ import ( kmssetup "github.com/edgelesssys/constellation/v2/internal/kms/setup" "github.com/edgelesssys/constellation/v2/internal/kms/uri" "github.com/edgelesssys/constellation/v2/internal/logger" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" "github.com/edgelesssys/constellation/v2/internal/versions/components" "github.com/spf13/afero" "github.com/stretchr/testify/assert" @@ -62,7 +62,7 @@ func TestNew(t *testing.T) { t.Run(name, func(t *testing.T) { assert := assert.New(t) - server, err := New(context.TODO(), newFakeLock(), &stubClusterInitializer{}, atls.NewFakeIssuer(oid.Dummy{}), fh, &tc.metadata, logger.NewTest(t)) + server, err := New(context.TODO(), newFakeLock(), &stubClusterInitializer{}, atls.NewFakeIssuer(variant.Dummy{}), fh, &tc.metadata, logger.NewTest(t)) if tc.wantErr { assert.Error(err) return diff --git a/cli/internal/cloudcmd/BUILD.bazel b/cli/internal/cloudcmd/BUILD.bazel index 5708506c9..43355bab4 100644 --- a/cli/internal/cloudcmd/BUILD.bazel +++ b/cli/internal/cloudcmd/BUILD.bazel @@ -33,7 +33,7 @@ go_library( "//internal/constants", "//internal/kubernetes", "//internal/kubernetes/kubectl", - "//internal/oid", + "//internal/variant", "//internal/versions", "//internal/versions/components", "//internal/versionsapi", @@ -83,7 +83,7 @@ go_test( "//internal/config", "//internal/constants", "//internal/logger", - "//internal/oid", + "//internal/variant", "//internal/versions", "//internal/versions/components", "//operators/constellation-node-operator/api/v1alpha1", diff --git a/cli/internal/cloudcmd/validators.go b/cli/internal/cloudcmd/validators.go index b30ef9338..9494f21a8 100644 --- a/cli/internal/cloudcmd/validators.go +++ b/cli/internal/cloudcmd/validators.go @@ -18,13 +18,13 @@ import ( "github.com/edgelesssys/constellation/v2/internal/attestation/idkeydigest" "github.com/edgelesssys/constellation/v2/internal/attestation/measurements" "github.com/edgelesssys/constellation/v2/internal/config" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" "github.com/spf13/cobra" ) // Validator validates Platform Configuration Registers (PCRs). type Validator struct { - attestationVariant oid.Getter + attestationVariant variant.Variant pcrs measurements.M idKeyConfig idkeydigest.Config validator atls.Validator @@ -34,17 +34,17 @@ type Validator struct { // NewValidator creates a new Validator. func NewValidator(conf *config.Config, maaURL string, log debugLog) (*Validator, error) { v := Validator{log: log} - variant, err := oid.FromString(conf.AttestationVariant) + attestVariant, err := variant.FromString(conf.AttestationVariant) if err != nil { return nil, fmt.Errorf("parsing attestation variant: %w", err) } - v.attestationVariant = variant // valid variant + v.attestationVariant = attestVariant // valid variant if err := v.setPCRs(conf); err != nil { return nil, err } - if v.attestationVariant.OID().Equal(oid.AzureSEVSNP{}.OID()) { + if v.attestationVariant.Equal(variant.AzureSEVSNP{}) { v.idKeyConfig = idkeydigest.Config{ IDKeyDigests: conf.Provider.Azure.IDKeyDigest, EnforcementPolicy: conf.IDKeyDigestPolicy(), @@ -96,32 +96,11 @@ func (v *Validator) updatePCR(pcrIndex uint32, encoded string) error { } func (v *Validator) setPCRs(config *config.Config) error { - switch v.attestationVariant { - case oid.AWSNitroTPM{}: - awsPCRs := config.Provider.AWS.Measurements - if len(awsPCRs) == 0 { - return errors.New("no expected measurement provided") - } - v.pcrs = awsPCRs - case oid.AzureSEVSNP{}, oid.AzureTrustedLaunch{}: - azurePCRs := config.Provider.Azure.Measurements - if len(azurePCRs) == 0 { - return errors.New("no expected measurement provided") - } - v.pcrs = azurePCRs - case oid.GCPSEVES{}: - gcpPCRs := config.Provider.GCP.Measurements - if len(gcpPCRs) == 0 { - return errors.New("no expected measurement provided") - } - v.pcrs = gcpPCRs - case oid.QEMUVTPM{}: - qemuPCRs := config.Provider.QEMU.Measurements - if len(qemuPCRs) == 0 { - return errors.New("no expected measurement provided") - } - v.pcrs = qemuPCRs + measurements := config.GetMeasurements() + if len(measurements) == 0 { + return errors.New("no measurements found in config") } + v.pcrs = measurements return nil } diff --git a/cli/internal/cloudcmd/validators_test.go b/cli/internal/cloudcmd/validators_test.go index 5e8b4185c..09c63b693 100644 --- a/cli/internal/cloudcmd/validators_test.go +++ b/cli/internal/cloudcmd/validators_test.go @@ -21,7 +21,7 @@ import ( "github.com/edgelesssys/constellation/v2/internal/attestation/qemu" "github.com/edgelesssys/constellation/v2/internal/config" "github.com/edgelesssys/constellation/v2/internal/logger" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" "github.com/spf13/cobra" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -43,7 +43,7 @@ func TestNewValidator(t *testing.T) { }{ "gcp": { config: &config.Config{ - AttestationVariant: oid.GCPSEVES{}.String(), + AttestationVariant: variant.GCPSEVES{}.String(), Provider: config.ProviderConfig{ GCP: &config.GCPConfig{ Measurements: testPCRs, @@ -53,7 +53,7 @@ func TestNewValidator(t *testing.T) { }, "azure cvm": { config: &config.Config{ - AttestationVariant: oid.AzureSEVSNP{}.String(), + AttestationVariant: variant.AzureSEVSNP{}.String(), Provider: config.ProviderConfig{ Azure: &config.AzureConfig{ Measurements: testPCRs, @@ -63,7 +63,7 @@ func TestNewValidator(t *testing.T) { }, "azure trusted launch": { config: &config.Config{ - AttestationVariant: oid.AzureTrustedLaunch{}.String(), + AttestationVariant: variant.AzureTrustedLaunch{}.String(), Provider: config.ProviderConfig{ Azure: &config.AzureConfig{ Measurements: testPCRs, @@ -73,7 +73,7 @@ func TestNewValidator(t *testing.T) { }, "qemu": { config: &config.Config{ - AttestationVariant: oid.QEMUVTPM{}.String(), + AttestationVariant: variant.QEMUVTPM{}.String(), Provider: config.ProviderConfig{ QEMU: &config.QEMUConfig{ Measurements: testPCRs, @@ -83,7 +83,7 @@ func TestNewValidator(t *testing.T) { }, "no pcrs provided": { config: &config.Config{ - AttestationVariant: oid.AzureSEVSNP{}.String(), + AttestationVariant: variant.AzureSEVSNP{}.String(), Provider: config.ProviderConfig{ Azure: &config.AzureConfig{ Measurements: measurements.M{}, @@ -105,7 +105,7 @@ func TestNewValidator(t *testing.T) { }, "set idkeydigest": { config: &config.Config{ - AttestationVariant: oid.AzureSEVSNP{}.String(), + AttestationVariant: variant.AzureSEVSNP{}.String(), Provider: config.ProviderConfig{ Azure: &config.AzureConfig{ Measurements: testPCRs, @@ -128,7 +128,7 @@ func TestNewValidator(t *testing.T) { } else { assert.NoError(err) assert.Equal(tc.config.GetMeasurements(), validators.pcrs) - variant, err := oid.FromString(tc.config.AttestationVariant) + variant, err := variant.FromString(tc.config.AttestationVariant) require.NoError(t, err) assert.Equal(variant, validators.attestationVariant) } @@ -156,17 +156,17 @@ func TestValidatorV(t *testing.T) { } testCases := map[string]struct { - variant oid.Getter + variant variant.Variant pcrs measurements.M wantVs atls.Validator }{ "gcp": { - variant: oid.GCPSEVES{}, + variant: variant.GCPSEVES{}, pcrs: newTestPCRs(), wantVs: gcp.NewValidator(newTestPCRs(), nil), }, "azure cvm": { - variant: oid.AzureSEVSNP{}, + variant: variant.AzureSEVSNP{}, pcrs: newTestPCRs(), wantVs: snp.NewValidator( newTestPCRs(), @@ -175,12 +175,12 @@ func TestValidatorV(t *testing.T) { ), }, "azure trusted launch": { - variant: oid.AzureTrustedLaunch{}, + variant: variant.AzureTrustedLaunch{}, pcrs: newTestPCRs(), wantVs: trustedlaunch.NewValidator(newTestPCRs(), nil), }, "qemu": { - variant: oid.QEMUVTPM{}, + variant: variant.QEMUVTPM{}, pcrs: newTestPCRs(), wantVs: qemu.NewValidator(newTestPCRs(), nil), }, @@ -235,50 +235,50 @@ func TestValidatorUpdateInitPCRs(t *testing.T) { } testCases := map[string]struct { - variant oid.Getter + variant variant.Variant pcrs measurements.M ownerID string clusterID string wantErr bool }{ "gcp update owner ID": { - variant: oid.GCPSEVES{}, + variant: variant.GCPSEVES{}, pcrs: newTestPCRs(), ownerID: one64, }, "gcp update cluster ID": { - variant: oid.GCPSEVES{}, + variant: variant.GCPSEVES{}, pcrs: newTestPCRs(), clusterID: one64, }, "gcp update both": { - variant: oid.GCPSEVES{}, + variant: variant.GCPSEVES{}, pcrs: newTestPCRs(), ownerID: one64, clusterID: one64, }, "azure update owner ID": { - variant: oid.AzureSEVSNP{}, + variant: variant.AzureSEVSNP{}, pcrs: newTestPCRs(), ownerID: one64, }, "azure update cluster ID": { - variant: oid.AzureSEVSNP{}, + variant: variant.AzureSEVSNP{}, pcrs: newTestPCRs(), clusterID: one64, }, "azure update both": { - variant: oid.AzureSEVSNP{}, + variant: variant.AzureSEVSNP{}, pcrs: newTestPCRs(), ownerID: one64, clusterID: one64, }, "owner ID and cluster ID empty": { - variant: oid.GCPSEVES{}, + variant: variant.GCPSEVES{}, pcrs: newTestPCRs(), }, "invalid encoding": { - variant: oid.GCPSEVES{}, + variant: variant.GCPSEVES{}, pcrs: newTestPCRs(), ownerID: "invalid", wantErr: true, @@ -421,7 +421,7 @@ func TestUpdatePCR(t *testing.T) { } validators := &Validator{ - attestationVariant: oid.GCPSEVES{}, + attestationVariant: variant.GCPSEVES{}, pcrs: pcrs, } err := validators.updatePCR(tc.pcrIndex, tc.encoded) diff --git a/cli/internal/cmd/BUILD.bazel b/cli/internal/cmd/BUILD.bazel index c1a4822a6..b2717126a 100644 --- a/cli/internal/cmd/BUILD.bazel +++ b/cli/internal/cmd/BUILD.bazel @@ -61,9 +61,9 @@ go_library( "//internal/kubernetes/kubectl", "//internal/license", "//internal/logger", - "//internal/oid", "//internal/retry", "//internal/sigstore", + "//internal/variant", "//internal/versions", "//internal/versionsapi", "//internal/versionsapi/fetcher", @@ -127,7 +127,7 @@ go_test( "//internal/kms/uri", "//internal/license", "//internal/logger", - "//internal/oid", + "//internal/variant", "//internal/versions", "//internal/versionsapi", "//verify/verifyproto", diff --git a/cli/internal/cmd/configgenerate.go b/cli/internal/cmd/configgenerate.go index 02ff6a1f4..d4128a441 100644 --- a/cli/internal/cmd/configgenerate.go +++ b/cli/internal/cmd/configgenerate.go @@ -15,7 +15,7 @@ import ( "github.com/edgelesssys/constellation/v2/internal/config" "github.com/edgelesssys/constellation/v2/internal/constants" "github.com/edgelesssys/constellation/v2/internal/file" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" "github.com/edgelesssys/constellation/v2/internal/versions" "github.com/siderolabs/talos/pkg/machinery/config/encoder" "github.com/spf13/afero" @@ -109,13 +109,13 @@ func createConfig(provider cloudprovider.Provider) *config.Config { // TODO(AB#2976): Replace hardcoded values with user input switch provider { case cloudprovider.AWS: - conf.AttestationVariant = oid.AWSNitroTPM{}.String() + conf.AttestationVariant = variant.AWSNitroTPM{}.String() case cloudprovider.Azure: - conf.AttestationVariant = oid.AzureSEVSNP{}.String() + conf.AttestationVariant = variant.AzureSEVSNP{}.String() case cloudprovider.GCP: - conf.AttestationVariant = oid.GCPSEVES{}.String() + conf.AttestationVariant = variant.GCPSEVES{}.String() case cloudprovider.QEMU: - conf.AttestationVariant = oid.QEMUVTPM{}.String() + conf.AttestationVariant = variant.QEMUVTPM{}.String() } return conf diff --git a/cli/internal/cmd/configgenerate_test.go b/cli/internal/cmd/configgenerate_test.go index 5706caaf0..291c93a73 100644 --- a/cli/internal/cmd/configgenerate_test.go +++ b/cli/internal/cmd/configgenerate_test.go @@ -15,7 +15,7 @@ import ( "github.com/edgelesssys/constellation/v2/internal/constants" "github.com/edgelesssys/constellation/v2/internal/file" "github.com/edgelesssys/constellation/v2/internal/logger" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" "github.com/edgelesssys/constellation/v2/internal/versions" "github.com/spf13/afero" "github.com/stretchr/testify/assert" @@ -94,7 +94,7 @@ func TestConfigGenerateDefaultGCPSpecific(t *testing.T) { require.NoError(cg.configGenerate(cmd, fileHandler, cloudprovider.GCP)) // TODO(AB#2976): Remove this once attestation variants are dynamically created - wantConf.AttestationVariant = oid.GCPSEVES{}.String() + wantConf.AttestationVariant = variant.GCPSEVES{}.String() var readConfig config.Config err := fileHandler.ReadYAML(constants.ConfigFilename, &readConfig) diff --git a/cli/internal/cmd/init_test.go b/cli/internal/cmd/init_test.go index 86a44f040..d7c63967c 100644 --- a/cli/internal/cmd/init_test.go +++ b/cli/internal/cmd/init_test.go @@ -33,7 +33,7 @@ import ( "github.com/edgelesssys/constellation/v2/internal/kms/uri" "github.com/edgelesssys/constellation/v2/internal/license" "github.com/edgelesssys/constellation/v2/internal/logger" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" "github.com/edgelesssys/constellation/v2/internal/versions" "github.com/spf13/afero" "github.com/stretchr/testify/assert" @@ -399,14 +399,14 @@ func TestAttestation(t *testing.T) { netDialer := testdialer.NewBufconnDialer() newDialer := func(v *cloudcmd.Validator) *dialer.Dialer { validator := &testValidator{ - Getter: oid.QEMUVTPM{}, + Getter: variant.QEMUVTPM{}, pcrs: v.PCRS(), } return dialer.New(nil, validator, netDialer) } issuer := &testIssuer{ - Getter: oid.QEMUVTPM{}, + Getter: variant.QEMUVTPM{}, pcrs: map[uint32][]byte{ 0: bytes.Repeat([]byte{0xFF}, 32), 1: bytes.Repeat([]byte{0xFF}, 32), @@ -436,7 +436,7 @@ func TestAttestation(t *testing.T) { cfg := config.Default() cfg.Image = "image" - cfg.AttestationVariant = oid.QEMUVTPM{}.String() + cfg.AttestationVariant = variant.QEMUVTPM{}.String() cfg.RemoveProviderExcept(cloudprovider.QEMU) cfg.Provider.QEMU.Measurements[0] = measurements.WithAllBytes(0x00, measurements.Enforce) cfg.Provider.QEMU.Measurements[1] = measurements.WithAllBytes(0x11, measurements.Enforce) @@ -460,7 +460,7 @@ func TestAttestation(t *testing.T) { } type testValidator struct { - oid.Getter + variant.Getter pcrs measurements.M } @@ -482,7 +482,7 @@ func (v *testValidator) Validate(_ context.Context, attDoc []byte, _ []byte) ([] } type testIssuer struct { - oid.Getter + variant.Getter pcrs map[uint32][]byte } @@ -530,7 +530,7 @@ func defaultConfigWithExpectedMeasurements(t *testing.T, conf *config.Config, cs switch csp { case cloudprovider.Azure: - conf.AttestationVariant = oid.AzureSEVSNP{}.String() + conf.AttestationVariant = variant.AzureSEVSNP{}.String() conf.Provider.Azure.SubscriptionID = "01234567-0123-0123-0123-0123456789ab" conf.Provider.Azure.TenantID = "01234567-0123-0123-0123-0123456789ab" conf.Provider.Azure.Location = "test-location" @@ -542,7 +542,7 @@ func defaultConfigWithExpectedMeasurements(t *testing.T, conf *config.Config, cs conf.Provider.Azure.Measurements[9] = measurements.WithAllBytes(0x11, measurements.Enforce) conf.Provider.Azure.Measurements[12] = measurements.WithAllBytes(0xcc, measurements.Enforce) case cloudprovider.GCP: - conf.AttestationVariant = oid.GCPSEVES{}.String() + conf.AttestationVariant = variant.GCPSEVES{}.String() conf.Provider.GCP.Region = "test-region" conf.Provider.GCP.Project = "test-project" conf.Provider.GCP.Zone = "test-zone" @@ -551,7 +551,7 @@ func defaultConfigWithExpectedMeasurements(t *testing.T, conf *config.Config, cs conf.Provider.GCP.Measurements[9] = measurements.WithAllBytes(0x11, measurements.Enforce) conf.Provider.GCP.Measurements[12] = measurements.WithAllBytes(0xcc, measurements.Enforce) case cloudprovider.QEMU: - conf.AttestationVariant = oid.QEMUVTPM{}.String() + conf.AttestationVariant = variant.QEMUVTPM{}.String() conf.Provider.QEMU.Measurements[4] = measurements.WithAllBytes(0x44, measurements.Enforce) conf.Provider.QEMU.Measurements[9] = measurements.WithAllBytes(0x11, measurements.Enforce) conf.Provider.QEMU.Measurements[12] = measurements.WithAllBytes(0xcc, measurements.Enforce) diff --git a/cli/internal/cmd/verify_test.go b/cli/internal/cmd/verify_test.go index bfd266f50..72189658b 100644 --- a/cli/internal/cmd/verify_test.go +++ b/cli/internal/cmd/verify_test.go @@ -25,7 +25,7 @@ import ( "github.com/edgelesssys/constellation/v2/internal/grpc/dialer" "github.com/edgelesssys/constellation/v2/internal/grpc/testdialer" "github.com/edgelesssys/constellation/v2/internal/logger" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" "github.com/edgelesssys/constellation/v2/verify/verifyproto" "github.com/spf13/afero" "github.com/stretchr/testify/assert" @@ -247,7 +247,7 @@ func TestVerifyClient(t *testing.T) { Nonce: tc.nonce, } - err = verifier.Verify(context.Background(), addr, request, atls.NewFakeValidator(oid.Dummy{})) + err = verifier.Verify(context.Background(), addr, request, atls.NewFakeValidator(variant.Dummy{})) if tc.wantErr { assert.Error(err) diff --git a/cli/internal/helm/BUILD.bazel b/cli/internal/helm/BUILD.bazel index 2056d4b9e..5d3d9bf63 100644 --- a/cli/internal/helm/BUILD.bazel +++ b/cli/internal/helm/BUILD.bazel @@ -362,7 +362,7 @@ go_test( "//internal/deploy/helm", "//internal/file", "//internal/logger", - "//internal/oid", + "//internal/variant", "@com_github_pkg_errors//:errors", "@com_github_spf13_afero//:afero", "@com_github_stretchr_testify//assert", diff --git a/cli/internal/helm/loader_test.go b/cli/internal/helm/loader_test.go index 3dd6feaf3..2ee096384 100644 --- a/cli/internal/helm/loader_test.go +++ b/cli/internal/helm/loader_test.go @@ -23,7 +23,7 @@ import ( "github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider" "github.com/edgelesssys/constellation/v2/internal/config" "github.com/edgelesssys/constellation/v2/internal/deploy/helm" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" "github.com/pkg/errors" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -62,7 +62,7 @@ func TestConstellationServices(t *testing.T) { }{ "AWS": { config: &config.Config{ - AttestationVariant: oid.AWSNitroTPM{}.String(), + AttestationVariant: variant.AWSNitroTPM{}.String(), Provider: config.ProviderConfig{AWS: &config.AWSConfig{}}, }, valuesModifier: prepareAWSValues, @@ -70,7 +70,7 @@ func TestConstellationServices(t *testing.T) { }, "Azure": { config: &config.Config{ - AttestationVariant: oid.AzureSEVSNP{}.String(), + AttestationVariant: variant.AzureSEVSNP{}.String(), Provider: config.ProviderConfig{Azure: &config.AzureConfig{ DeployCSIDriver: toPtr(true), EnforceIDKeyDigest: idkeydigest.StrictChecking, @@ -87,7 +87,7 @@ func TestConstellationServices(t *testing.T) { }, "GCP": { config: &config.Config{ - AttestationVariant: oid.GCPSEVES{}.String(), + AttestationVariant: variant.GCPSEVES{}.String(), Provider: config.ProviderConfig{GCP: &config.GCPConfig{ DeployCSIDriver: toPtr(true), }}, @@ -97,7 +97,7 @@ func TestConstellationServices(t *testing.T) { }, "OpenStack": { config: &config.Config{ - AttestationVariant: oid.Dummy{}.String(), + AttestationVariant: variant.Dummy{}.String(), Provider: config.ProviderConfig{OpenStack: &config.OpenStackConfig{}}, }, valuesModifier: prepareOpenStackValues, @@ -105,7 +105,7 @@ func TestConstellationServices(t *testing.T) { }, "QEMU": { config: &config.Config{ - AttestationVariant: oid.QEMUVTPM{}.String(), + AttestationVariant: variant.QEMUVTPM{}.String(), Provider: config.ProviderConfig{QEMU: &config.QEMUConfig{}}, }, valuesModifier: prepareQEMUValues, diff --git a/disk-mapper/cmd/BUILD.bazel b/disk-mapper/cmd/BUILD.bazel index 0022857ff..437609ea6 100644 --- a/disk-mapper/cmd/BUILD.bazel +++ b/disk-mapper/cmd/BUILD.bazel @@ -24,8 +24,8 @@ go_library( "//internal/grpc/dialer", "//internal/kms/setup", "//internal/logger", - "//internal/oid", "//internal/role", + "//internal/variant", "@com_github_spf13_afero//:afero", "@org_uber_go_zap//:zap", ], diff --git a/disk-mapper/cmd/main.go b/disk-mapper/cmd/main.go index f02bbee04..023cee66d 100644 --- a/disk-mapper/cmd/main.go +++ b/disk-mapper/cmd/main.go @@ -30,8 +30,8 @@ import ( "github.com/edgelesssys/constellation/v2/internal/grpc/dialer" kmssetup "github.com/edgelesssys/constellation/v2/internal/kms/setup" "github.com/edgelesssys/constellation/v2/internal/logger" - "github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/role" + "github.com/edgelesssys/constellation/v2/internal/variant" "github.com/spf13/afero" "go.uber.org/zap" ) @@ -54,7 +54,7 @@ func main() { Infof("Starting disk-mapper") // set up quote issuer for aTLS connections - attestVariant, err := oid.FromString(os.Getenv(constants.AttestationVariant)) + attestVariant, err := variant.FromString(os.Getenv(constants.AttestationVariant)) if err != nil { log.With(zap.Error(err)).Fatalf("Failed to parse attestation variant") } diff --git a/disk-mapper/internal/recoveryserver/BUILD.bazel b/disk-mapper/internal/recoveryserver/BUILD.bazel index 18396d9ba..efd4a5b3c 100644 --- a/disk-mapper/internal/recoveryserver/BUILD.bazel +++ b/disk-mapper/internal/recoveryserver/BUILD.bazel @@ -32,7 +32,7 @@ go_test( "//internal/grpc/testdialer", "//internal/kms/kms", "//internal/logger", - "//internal/oid", + "//internal/variant", "@com_github_stretchr_testify//assert", "@com_github_stretchr_testify//require", "@org_uber_go_goleak//:goleak", diff --git a/disk-mapper/internal/recoveryserver/recoveryserver_test.go b/disk-mapper/internal/recoveryserver/recoveryserver_test.go index 2b0783362..386770080 100644 --- a/disk-mapper/internal/recoveryserver/recoveryserver_test.go +++ b/disk-mapper/internal/recoveryserver/recoveryserver_test.go @@ -19,7 +19,7 @@ import ( "github.com/edgelesssys/constellation/v2/internal/grpc/testdialer" "github.com/edgelesssys/constellation/v2/internal/kms/kms" "github.com/edgelesssys/constellation/v2/internal/logger" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "go.uber.org/goleak" @@ -36,7 +36,7 @@ func TestServe(t *testing.T) { assert := assert.New(t) log := logger.NewTest(t) uuid := "uuid" - server := New(atls.NewFakeIssuer(oid.Dummy{}), newStubKMS(nil, nil), log) + server := New(atls.NewFakeIssuer(variant.Dummy{}), newStubKMS(nil, nil), log) dialer := testdialer.NewBufconnDialer() listener := dialer.GetListener("192.0.2.1:1234") ctx, cancel := context.WithCancel(context.Background()) @@ -53,7 +53,7 @@ func TestServe(t *testing.T) { cancel() wg.Wait() - server = New(atls.NewFakeIssuer(oid.Dummy{}), newStubKMS(nil, nil), log) + server = New(atls.NewFakeIssuer(variant.Dummy{}), newStubKMS(nil, nil), log) dialer = testdialer.NewBufconnDialer() listener = dialer.GetListener("192.0.2.1:1234") @@ -105,7 +105,7 @@ func TestRecover(t *testing.T) { ctx := context.Background() serverUUID := "uuid" - server := New(atls.NewFakeIssuer(oid.Dummy{}), tc.factory, logger.NewTest(t)) + server := New(atls.NewFakeIssuer(variant.Dummy{}), tc.factory, logger.NewTest(t)) netDialer := testdialer.NewBufconnDialer() listener := netDialer.GetListener("192.0.2.1:1234") diff --git a/internal/atls/BUILD.bazel b/internal/atls/BUILD.bazel index 07ef31c14..d345dab71 100644 --- a/internal/atls/BUILD.bazel +++ b/internal/atls/BUILD.bazel @@ -8,7 +8,7 @@ go_library( visibility = ["//:__subpackages__"], deps = [ "//internal/crypto", - "//internal/oid", + "//internal/variant", ], ) @@ -17,7 +17,7 @@ go_test( srcs = ["atls_test.go"], embed = [":atls"], deps = [ - "//internal/oid", + "//internal/variant", "@com_github_stretchr_testify//assert", "@com_github_stretchr_testify//require", "@org_uber_go_goleak//:goleak", diff --git a/internal/atls/atls.go b/internal/atls/atls.go index b52a2417f..12521c705 100644 --- a/internal/atls/atls.go +++ b/internal/atls/atls.go @@ -26,7 +26,7 @@ import ( "time" "github.com/edgelesssys/constellation/v2/internal/crypto" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" ) const attestationTimeout = 30 * time.Second @@ -75,13 +75,13 @@ func CreateAttestationClientTLSConfig(issuer Issuer, validators []Validator) (*t // Issuer issues an attestation document. type Issuer interface { - oid.Getter + variant.Getter Issue(ctx context.Context, userData []byte, nonce []byte) (quote []byte, err error) } // Validator is able to validate an attestation document. type Validator interface { - oid.Getter + variant.Getter Validate(ctx context.Context, attDoc []byte, nonce []byte) ([]byte, error) } @@ -351,11 +351,11 @@ func (c *serverConnection) getCertificate(chi *tls.ClientHelloInfo) (*tls.Certif // FakeIssuer fakes an issuer and can be used for tests. type FakeIssuer struct { - oid.Getter + variant.Getter } // NewFakeIssuer creates a new FakeIssuer with the given OID. -func NewFakeIssuer(oid oid.Getter) *FakeIssuer { +func NewFakeIssuer(oid variant.Getter) *FakeIssuer { return &FakeIssuer{oid} } @@ -366,17 +366,17 @@ func (FakeIssuer) Issue(_ context.Context, userData []byte, nonce []byte) ([]byt // FakeValidator fakes a validator and can be used for tests. type FakeValidator struct { - oid.Getter + variant.Getter err error // used for package internal testing only } // NewFakeValidator creates a new FakeValidator with the given OID. -func NewFakeValidator(oid oid.Getter) *FakeValidator { +func NewFakeValidator(oid variant.Getter) *FakeValidator { return &FakeValidator{oid, nil} } // NewFakeValidators returns a slice with a single FakeValidator. -func NewFakeValidators(oid oid.Getter) []Validator { +func NewFakeValidators(oid variant.Getter) []Validator { return []Validator{NewFakeValidator(oid)} } diff --git a/internal/atls/atls_test.go b/internal/atls/atls_test.go index ec25fbd6b..7f78f2745 100644 --- a/internal/atls/atls_test.go +++ b/internal/atls/atls_test.go @@ -15,7 +15,7 @@ import ( "net/http/httptest" "testing" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "go.uber.org/goleak" @@ -193,7 +193,7 @@ func TestClientConnectionConcurrency(t *testing.T) { var urls []string for i := 0; i < serverCount; i++ { - serverCfg, err := CreateAttestationServerTLSConfig(NewFakeIssuer(oid.Dummy{}), NewFakeValidators(oid.Dummy{})) + serverCfg, err := CreateAttestationServerTLSConfig(NewFakeIssuer(variant.Dummy{}), NewFakeValidators(variant.Dummy{})) require.NoError(err) server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -211,7 +211,7 @@ func TestClientConnectionConcurrency(t *testing.T) { // Create client. // - clientConfig, err := CreateAttestationClientTLSConfig(NewFakeIssuer(oid.Dummy{}), NewFakeValidators(oid.Dummy{})) + clientConfig, err := CreateAttestationClientTLSConfig(NewFakeIssuer(variant.Dummy{}), NewFakeValidators(variant.Dummy{})) require.NoError(err) client := http.Client{Transport: &http.Transport{TLSClientConfig: clientConfig}} @@ -266,7 +266,7 @@ func TestServerConnectionConcurrency(t *testing.T) { var urls []string - serverCfg, err := CreateAttestationServerTLSConfig(NewFakeIssuer(oid.Dummy{}), NewFakeValidators(oid.Dummy{})) + serverCfg, err := CreateAttestationServerTLSConfig(NewFakeIssuer(variant.Dummy{}), NewFakeValidators(variant.Dummy{})) require.NoError(err) for i := 0; i < serverCount; i++ { @@ -285,7 +285,7 @@ func TestServerConnectionConcurrency(t *testing.T) { // Create client. // - clientConfig, err := CreateAttestationClientTLSConfig(NewFakeIssuer(oid.Dummy{}), NewFakeValidators(oid.Dummy{})) + clientConfig, err := CreateAttestationClientTLSConfig(NewFakeIssuer(variant.Dummy{}), NewFakeValidators(variant.Dummy{})) require.NoError(err) client := http.Client{Transport: &http.Transport{TLSClientConfig: clientConfig}} diff --git a/internal/attestation/aws/BUILD.bazel b/internal/attestation/aws/BUILD.bazel index 6018b7cee..952844cfd 100644 --- a/internal/attestation/aws/BUILD.bazel +++ b/internal/attestation/aws/BUILD.bazel @@ -13,7 +13,7 @@ go_library( deps = [ "//internal/attestation/measurements", "//internal/attestation/vtpm", - "//internal/oid", + "//internal/variant", "@com_github_aws_aws_sdk_go_v2_config//:config", "@com_github_aws_aws_sdk_go_v2_feature_ec2_imds//:imds", "@com_github_aws_aws_sdk_go_v2_service_ec2//:ec2", diff --git a/internal/attestation/aws/issuer.go b/internal/attestation/aws/issuer.go index eecb0f2da..4a4ff3fe6 100644 --- a/internal/attestation/aws/issuer.go +++ b/internal/attestation/aws/issuer.go @@ -15,7 +15,7 @@ import ( "github.com/aws/aws-sdk-go-v2/feature/ec2/imds" "github.com/edgelesssys/constellation/v2/internal/attestation/vtpm" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" "github.com/google/go-tpm-tools/client" tpmclient "github.com/google/go-tpm-tools/client" @@ -23,7 +23,7 @@ import ( // Issuer for AWS TPM attestation. type Issuer struct { - oid.AWSNitroTPM + variant.AWSNitroTPM *vtpm.Issuer } diff --git a/internal/attestation/aws/validator.go b/internal/attestation/aws/validator.go index e4b56d2b9..f7cd8d033 100644 --- a/internal/attestation/aws/validator.go +++ b/internal/attestation/aws/validator.go @@ -17,14 +17,14 @@ import ( "github.com/aws/aws-sdk-go-v2/service/ec2" "github.com/edgelesssys/constellation/v2/internal/attestation/measurements" "github.com/edgelesssys/constellation/v2/internal/attestation/vtpm" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" "github.com/google/go-tpm-tools/proto/attest" "github.com/google/go-tpm/tpm2" ) // Validator for AWS TPM attestation. type Validator struct { - oid.AWSNitroTPM + variant.AWSNitroTPM *vtpm.Validator getDescribeClient func(context.Context, string) (awsMetadataAPI, error) } diff --git a/internal/attestation/azure/snp/BUILD.bazel b/internal/attestation/azure/snp/BUILD.bazel index 203f07f6d..894629603 100644 --- a/internal/attestation/azure/snp/BUILD.bazel +++ b/internal/attestation/azure/snp/BUILD.bazel @@ -19,7 +19,7 @@ go_library( "//internal/attestation/vtpm", "//internal/cloud/azure", "//internal/crypto", - "//internal/oid", + "//internal/variant", "@com_github_edgelesssys_go_azguestattestation//maa", "@com_github_google_go_tpm//tpm2", "@com_github_google_go_tpm_tools//client", diff --git a/internal/attestation/azure/snp/issuer.go b/internal/attestation/azure/snp/issuer.go index 3cfecaa08..93586190e 100644 --- a/internal/attestation/azure/snp/issuer.go +++ b/internal/attestation/azure/snp/issuer.go @@ -13,7 +13,7 @@ import ( "io" "github.com/edgelesssys/constellation/v2/internal/attestation/vtpm" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" "github.com/edgelesssys/go-azguestattestation/maa" tpmclient "github.com/google/go-tpm-tools/client" ) @@ -22,7 +22,7 @@ const tpmAkIdx = 0x81000003 // Issuer for Azure TPM attestation. type Issuer struct { - oid.AzureSEVSNP + variant.AzureSEVSNP *vtpm.Issuer imds imdsAPI diff --git a/internal/attestation/azure/snp/validator.go b/internal/attestation/azure/snp/validator.go index 060823fc2..e5417c2e7 100644 --- a/internal/attestation/azure/snp/validator.go +++ b/internal/attestation/azure/snp/validator.go @@ -24,7 +24,7 @@ import ( "github.com/edgelesssys/constellation/v2/internal/attestation/measurements" "github.com/edgelesssys/constellation/v2/internal/attestation/vtpm" internalCrypto "github.com/edgelesssys/constellation/v2/internal/crypto" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" "github.com/google/go-tpm-tools/proto/attest" "github.com/google/go-tpm/tpm2" ) @@ -40,7 +40,7 @@ const ( // Validator for Azure confidential VM attestation. type Validator struct { - oid.AzureSEVSNP + variant.AzureSEVSNP *vtpm.Validator hclValidator hclAkValidator maa maaValidator diff --git a/internal/attestation/azure/trustedlaunch/BUILD.bazel b/internal/attestation/azure/trustedlaunch/BUILD.bazel index 84dc04a5c..c3e429f8b 100644 --- a/internal/attestation/azure/trustedlaunch/BUILD.bazel +++ b/internal/attestation/azure/trustedlaunch/BUILD.bazel @@ -14,7 +14,7 @@ go_library( "//internal/attestation/measurements", "//internal/attestation/vtpm", "//internal/crypto", - "//internal/oid", + "//internal/variant", "@com_github_google_go_tpm//tpm2", "@com_github_google_go_tpm_tools//client", "@com_github_google_go_tpm_tools//proto/attest", diff --git a/internal/attestation/azure/trustedlaunch/issuer.go b/internal/attestation/azure/trustedlaunch/issuer.go index c976dd862..830426ccf 100644 --- a/internal/attestation/azure/trustedlaunch/issuer.go +++ b/internal/attestation/azure/trustedlaunch/issuer.go @@ -16,7 +16,7 @@ import ( "net/http" "github.com/edgelesssys/constellation/v2/internal/attestation/vtpm" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" tpmclient "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm/tpm2" ) @@ -28,7 +28,7 @@ const ( // Issuer for Azure trusted launch TPM attestation. type Issuer struct { - oid.AzureTrustedLaunch + variant.AzureTrustedLaunch *vtpm.Issuer hClient httpClient } diff --git a/internal/attestation/azure/trustedlaunch/validator.go b/internal/attestation/azure/trustedlaunch/validator.go index 19153377f..01e077d57 100644 --- a/internal/attestation/azure/trustedlaunch/validator.go +++ b/internal/attestation/azure/trustedlaunch/validator.go @@ -18,7 +18,7 @@ import ( "github.com/edgelesssys/constellation/v2/internal/attestation/measurements" "github.com/edgelesssys/constellation/v2/internal/attestation/vtpm" certutil "github.com/edgelesssys/constellation/v2/internal/crypto" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" "github.com/google/go-tpm-tools/proto/attest" "github.com/google/go-tpm/tpm2" ) @@ -29,7 +29,7 @@ var ameRoot = mustParseX509("-----BEGIN CERTIFICATE-----\nMIIFVjCCAz6gAwIBAgIQJd // Validator for Azure trusted launch VM attestation. type Validator struct { - oid.AzureTrustedLaunch + variant.AzureTrustedLaunch *vtpm.Validator roots *x509.CertPool } diff --git a/internal/attestation/choose/BUILD.bazel b/internal/attestation/choose/BUILD.bazel index c99301d0b..9f983f6d1 100644 --- a/internal/attestation/choose/BUILD.bazel +++ b/internal/attestation/choose/BUILD.bazel @@ -16,7 +16,7 @@ go_library( "//internal/attestation/measurements", "//internal/attestation/qemu", "//internal/attestation/vtpm", - "//internal/oid", + "//internal/variant", ], ) @@ -26,7 +26,7 @@ go_test( embed = [":choose"], deps = [ "//internal/attestation/idkeydigest", - "//internal/oid", + "//internal/variant", "@com_github_stretchr_testify//assert", "@com_github_stretchr_testify//require", ], diff --git a/internal/attestation/choose/choose.go b/internal/attestation/choose/choose.go index db7ec099e..4d5e305a2 100644 --- a/internal/attestation/choose/choose.go +++ b/internal/attestation/choose/choose.go @@ -18,47 +18,47 @@ import ( "github.com/edgelesssys/constellation/v2/internal/attestation/measurements" "github.com/edgelesssys/constellation/v2/internal/attestation/qemu" "github.com/edgelesssys/constellation/v2/internal/attestation/vtpm" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" ) // Issuer returns the issuer for the given variant. -func Issuer(variant oid.Getter, log vtpm.AttestationLogger) (atls.Issuer, error) { - switch variant { - case oid.AWSNitroTPM{}: +func Issuer(attestationVariant variant.Variant, log vtpm.AttestationLogger) (atls.Issuer, error) { + switch attestationVariant { + case variant.AWSNitroTPM{}: return aws.NewIssuer(log), nil - case oid.AzureTrustedLaunch{}: + case variant.AzureTrustedLaunch{}: return trustedlaunch.NewIssuer(log), nil - case oid.AzureSEVSNP{}: + case variant.AzureSEVSNP{}: return snp.NewIssuer(log), nil - case oid.GCPSEVES{}: + case variant.GCPSEVES{}: return gcp.NewIssuer(log), nil - case oid.QEMUVTPM{}: + case variant.QEMUVTPM{}: return qemu.NewIssuer(log), nil - case oid.Dummy{}: - return atls.NewFakeIssuer(oid.Dummy{}), nil + case variant.Dummy{}: + return atls.NewFakeIssuer(variant.Dummy{}), nil default: - return nil, fmt.Errorf("unknown attestation variant: %s", variant) + return nil, fmt.Errorf("unknown attestation variant: %s", attestationVariant) } } // Validator returns the validator for the given variant. func Validator( - variant oid.Getter, measurements measurements.M, idKeyCfg idkeydigest.Config, log vtpm.AttestationLogger, + attestationVariant variant.Variant, measurements measurements.M, idKeyCfg idkeydigest.Config, log vtpm.AttestationLogger, ) (atls.Validator, error) { - switch variant { - case oid.AWSNitroTPM{}: + switch attestationVariant { + case variant.AWSNitroTPM{}: return aws.NewValidator(measurements, log), nil - case oid.AzureTrustedLaunch{}: + case variant.AzureTrustedLaunch{}: return trustedlaunch.NewValidator(measurements, log), nil - case oid.AzureSEVSNP{}: + case variant.AzureSEVSNP{}: return snp.NewValidator(measurements, idKeyCfg, log), nil - case oid.GCPSEVES{}: + case variant.GCPSEVES{}: return gcp.NewValidator(measurements, log), nil - case oid.QEMUVTPM{}: + case variant.QEMUVTPM{}: return qemu.NewValidator(measurements, log), nil - case oid.Dummy{}: - return atls.NewFakeValidator(oid.Dummy{}), nil + case variant.Dummy{}: + return atls.NewFakeValidator(variant.Dummy{}), nil default: - return nil, fmt.Errorf("unknown attestation variant: %s", variant) + return nil, fmt.Errorf("unknown attestation variant: %s", attestationVariant) } } diff --git a/internal/attestation/choose/choose_test.go b/internal/attestation/choose/choose_test.go index 346a8394a..127d1fad3 100644 --- a/internal/attestation/choose/choose_test.go +++ b/internal/attestation/choose/choose_test.go @@ -11,33 +11,33 @@ import ( "testing" "github.com/edgelesssys/constellation/v2/internal/attestation/idkeydigest" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) func TestIssuer(t *testing.T) { testCases := map[string]struct { - variant oid.Getter + variant variant.Variant wantErr bool }{ "aws-nitro-tpm": { - variant: oid.AWSNitroTPM{}, + variant: variant.AWSNitroTPM{}, }, "azure-sev-snp": { - variant: oid.AzureSEVSNP{}, + variant: variant.AzureSEVSNP{}, }, "azure-trusted-launch": { - variant: oid.AzureTrustedLaunch{}, + variant: variant.AzureTrustedLaunch{}, }, "gcp-sev-es": { - variant: oid.GCPSEVES{}, + variant: variant.GCPSEVES{}, }, "qemu-vtpm": { - variant: oid.QEMUVTPM{}, + variant: variant.QEMUVTPM{}, }, "dummy": { - variant: oid.Dummy{}, + variant: variant.Dummy{}, }, "unknown": { variant: unknownVariant{}, @@ -64,26 +64,26 @@ func TestIssuer(t *testing.T) { func TestValidator(t *testing.T) { testCases := map[string]struct { - variant oid.Getter + variant variant.Variant wantErr bool }{ "aws-nitro-tpm": { - variant: oid.AWSNitroTPM{}, + variant: variant.AWSNitroTPM{}, }, "azure-sev-snp": { - variant: oid.AzureSEVSNP{}, + variant: variant.AzureSEVSNP{}, }, "azure-trusted-launch": { - variant: oid.AzureTrustedLaunch{}, + variant: variant.AzureTrustedLaunch{}, }, "gcp-sev-es": { - variant: oid.GCPSEVES{}, + variant: variant.GCPSEVES{}, }, "qemu-vtpm": { - variant: oid.QEMUVTPM{}, + variant: variant.QEMUVTPM{}, }, "dummy": { - variant: oid.Dummy{}, + variant: variant.Dummy{}, }, "unknown": { variant: unknownVariant{}, @@ -113,3 +113,11 @@ type unknownVariant struct{} func (unknownVariant) OID() asn1.ObjectIdentifier { return asn1.ObjectIdentifier{1, 3, 9900, 9999, 9999} } + +func (unknownVariant) String() string { + return "unknown" +} + +func (unknownVariant) Equal(other variant.Getter) bool { + return other.OID().Equal(unknownVariant{}.OID()) +} diff --git a/internal/attestation/gcp/BUILD.bazel b/internal/attestation/gcp/BUILD.bazel index 3dab41bab..976e10a2e 100644 --- a/internal/attestation/gcp/BUILD.bazel +++ b/internal/attestation/gcp/BUILD.bazel @@ -13,7 +13,7 @@ go_library( deps = [ "//internal/attestation/measurements", "//internal/attestation/vtpm", - "//internal/oid", + "//internal/variant", "@com_github_google_go_tpm_tools//client", "@com_github_google_go_tpm_tools//proto/attest", "@com_github_googleapis_gax_go_v2//:gax-go", diff --git a/internal/attestation/gcp/issuer.go b/internal/attestation/gcp/issuer.go index bf88d39be..ccd17ac18 100644 --- a/internal/attestation/gcp/issuer.go +++ b/internal/attestation/gcp/issuer.go @@ -14,14 +14,14 @@ import ( "cloud.google.com/go/compute/metadata" "github.com/edgelesssys/constellation/v2/internal/attestation/vtpm" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" tpmclient "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/proto/attest" ) // Issuer for GCP confidential VM attestation. type Issuer struct { - oid.GCPSEVES + variant.GCPSEVES *vtpm.Issuer } diff --git a/internal/attestation/gcp/validator.go b/internal/attestation/gcp/validator.go index 473d52522..bcf9280a6 100644 --- a/internal/attestation/gcp/validator.go +++ b/internal/attestation/gcp/validator.go @@ -18,7 +18,7 @@ import ( "cloud.google.com/go/compute/apiv1/computepb" "github.com/edgelesssys/constellation/v2/internal/attestation/measurements" "github.com/edgelesssys/constellation/v2/internal/attestation/vtpm" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" "github.com/google/go-tpm-tools/proto/attest" "github.com/googleapis/gax-go/v2" "google.golang.org/api/option" @@ -28,7 +28,7 @@ const minimumGceVersion = 1 // Validator for GCP confidential VM attestation. type Validator struct { - oid.GCPSEVES + variant.GCPSEVES *vtpm.Validator restClient func(context.Context, ...option.ClientOption) (gcpRestClient, error) diff --git a/internal/attestation/qemu/BUILD.bazel b/internal/attestation/qemu/BUILD.bazel index 5c60840f3..712512f74 100644 --- a/internal/attestation/qemu/BUILD.bazel +++ b/internal/attestation/qemu/BUILD.bazel @@ -12,7 +12,7 @@ go_library( deps = [ "//internal/attestation/measurements", "//internal/attestation/vtpm", - "//internal/oid", + "//internal/variant", "@com_github_google_go_tpm//tpm2", "@com_github_google_go_tpm_tools//client", "@com_github_google_go_tpm_tools//proto/attest", diff --git a/internal/attestation/qemu/issuer.go b/internal/attestation/qemu/issuer.go index 3177d67d6..073f29153 100644 --- a/internal/attestation/qemu/issuer.go +++ b/internal/attestation/qemu/issuer.go @@ -11,13 +11,13 @@ import ( "io" "github.com/edgelesssys/constellation/v2/internal/attestation/vtpm" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" tpmclient "github.com/google/go-tpm-tools/client" ) // Issuer for qemu TPM attestation. type Issuer struct { - oid.QEMUVTPM + variant.QEMUVTPM *vtpm.Issuer } diff --git a/internal/attestation/qemu/validator.go b/internal/attestation/qemu/validator.go index 04c288036..c5446ac96 100644 --- a/internal/attestation/qemu/validator.go +++ b/internal/attestation/qemu/validator.go @@ -12,14 +12,14 @@ import ( "github.com/edgelesssys/constellation/v2/internal/attestation/measurements" "github.com/edgelesssys/constellation/v2/internal/attestation/vtpm" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" "github.com/google/go-tpm-tools/proto/attest" "github.com/google/go-tpm/tpm2" ) // Validator for QEMU VM attestation. type Validator struct { - oid.QEMUVTPM + variant.QEMUVTPM *vtpm.Validator } diff --git a/internal/config/BUILD.bazel b/internal/config/BUILD.bazel index 006b23cf2..04829cca3 100644 --- a/internal/config/BUILD.bazel +++ b/internal/config/BUILD.bazel @@ -22,7 +22,7 @@ go_library( "//internal/config/instancetypes", "//internal/constants", "//internal/file", - "//internal/oid", + "//internal/variant", "//internal/versions", "//internal/versionsapi", "@com_github_go_playground_locales//en", @@ -49,7 +49,7 @@ go_test( "//internal/config/instancetypes", "//internal/constants", "//internal/file", - "//internal/oid", + "//internal/variant", "@com_github_go_playground_locales//en", "@com_github_go_playground_universal_translator//:universal-translator", "@com_github_go_playground_validator_v10//:validator", diff --git a/internal/config/config_test.go b/internal/config/config_test.go index d7ee053de..e929736ae 100644 --- a/internal/config/config_test.go +++ b/internal/config/config_test.go @@ -16,7 +16,7 @@ import ( "github.com/edgelesssys/constellation/v2/internal/config/instancetypes" "github.com/edgelesssys/constellation/v2/internal/constants" "github.com/edgelesssys/constellation/v2/internal/file" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" "github.com/go-playground/locales/en" ut "github.com/go-playground/universal-translator" "github.com/go-playground/validator/v10" @@ -123,7 +123,7 @@ func TestNewWithDefaultOptions(t *testing.T) { c := Default() c.RemoveProviderExcept(cloudprovider.Azure) c.Image = "v" + constants.VersionInfo() - c.AttestationVariant = oid.AzureSEVSNP{}.String() + c.AttestationVariant = variant.AzureSEVSNP{}.String() c.Provider.Azure.SubscriptionID = "f4278079-288c-4766-a98c-ab9d5dba01a5" c.Provider.Azure.TenantID = "d4ff9d63-6d6d-4042-8f6a-21e804add5aa" c.Provider.Azure.Location = "westus" @@ -143,7 +143,7 @@ func TestNewWithDefaultOptions(t *testing.T) { c := Default() c.RemoveProviderExcept(cloudprovider.Azure) c.Image = "v" + constants.VersionInfo() - c.AttestationVariant = oid.AzureSEVSNP{}.String() + c.AttestationVariant = variant.AzureSEVSNP{}.String() c.Provider.Azure.SubscriptionID = "f4278079-288c-4766-a98c-ab9d5dba01a5" c.Provider.Azure.TenantID = "d4ff9d63-6d6d-4042-8f6a-21e804add5aa" c.Provider.Azure.Location = "westus" @@ -235,7 +235,7 @@ func TestValidate(t *testing.T) { cnf: func() *Config { cnf := Default() cnf.Image = "v" + constants.VersionInfo() - cnf.AttestationVariant = oid.AzureSEVSNP{}.String() + cnf.AttestationVariant = variant.AzureSEVSNP{}.String() az := cnf.Provider.Azure az.SubscriptionID = "01234567-0123-0123-0123-0123456789ab" az.TenantID = "01234567-0123-0123-0123-0123456789ab" @@ -265,7 +265,7 @@ func TestValidate(t *testing.T) { cnf: func() *Config { cnf := Default() cnf.Image = "v" + constants.VersionInfo() - cnf.AttestationVariant = oid.GCPSEVES{}.String() + cnf.AttestationVariant = variant.GCPSEVES{}.String() gcp := cnf.Provider.GCP gcp.Region = "test-region" gcp.Project = "test-project" diff --git a/internal/config/validation.go b/internal/config/validation.go index f7bbdc195..cba076459 100644 --- a/internal/config/validation.go +++ b/internal/config/validation.go @@ -20,7 +20,7 @@ import ( "github.com/edgelesssys/constellation/v2/internal/compatibility" "github.com/edgelesssys/constellation/v2/internal/config/instancetypes" "github.com/edgelesssys/constellation/v2/internal/constants" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" "github.com/edgelesssys/constellation/v2/internal/versions" "github.com/edgelesssys/constellation/v2/internal/versionsapi" ut "github.com/go-playground/universal-translator" @@ -482,23 +482,23 @@ func (c *Config) validAttestVariant(_ validator.FieldLevel) bool { // TODO: v2.8: remove variant fallback and make variant a required field c.addMissingVariant() - variant, err := oid.FromString(c.AttestationVariant) + attestationVariant, err := variant.FromString(c.AttestationVariant) if err != nil { return false } // make sure the variant is valid for the chosen CSP - switch variant { - case oid.AWSNitroTPM{}: + switch attestationVariant { + case variant.AWSNitroTPM{}: return c.Provider.AWS != nil - case oid.AzureSEVSNP{}, oid.AzureTrustedLaunch{}: + case variant.AzureSEVSNP{}, variant.AzureTrustedLaunch{}: return c.Provider.Azure != nil // TODO(malt3): remove this case once we have a vTPM for OpenStack - case oid.Dummy{}: + case variant.Dummy{}: return c.Provider.OpenStack != nil - case oid.GCPSEVES{}: + case variant.GCPSEVES{}: return c.Provider.GCP != nil - case oid.QEMUVTPM{}: + case variant.QEMUVTPM{}: return c.Provider.QEMU != nil default: return false @@ -513,12 +513,12 @@ func (c *Config) addMissingVariant() { switch c.GetProvider() { case cloudprovider.AWS: - c.AttestationVariant = oid.AWSNitroTPM{}.String() + c.AttestationVariant = variant.AWSNitroTPM{}.String() case cloudprovider.Azure: - c.AttestationVariant = oid.AzureSEVSNP{}.String() + c.AttestationVariant = variant.AzureSEVSNP{}.String() case cloudprovider.GCP: - c.AttestationVariant = oid.GCPSEVES{}.String() + c.AttestationVariant = variant.GCPSEVES{}.String() case cloudprovider.QEMU: - c.AttestationVariant = oid.QEMUVTPM{}.String() + c.AttestationVariant = variant.QEMUVTPM{}.String() } } diff --git a/internal/grpc/dialer/BUILD.bazel b/internal/grpc/dialer/BUILD.bazel index eaec8e279..8b7443353 100644 --- a/internal/grpc/dialer/BUILD.bazel +++ b/internal/grpc/dialer/BUILD.bazel @@ -22,7 +22,7 @@ go_test( "//internal/atls", "//internal/grpc/atlscredentials", "//internal/grpc/testdialer", - "//internal/oid", + "//internal/variant", "@com_github_stretchr_testify//assert", "@com_github_stretchr_testify//require", "@org_golang_google_grpc//:go_default_library", diff --git a/internal/grpc/dialer/dialer_test.go b/internal/grpc/dialer/dialer_test.go index aeef36dc4..12bfa2efd 100644 --- a/internal/grpc/dialer/dialer_test.go +++ b/internal/grpc/dialer/dialer_test.go @@ -13,7 +13,7 @@ import ( "github.com/edgelesssys/constellation/v2/internal/atls" "github.com/edgelesssys/constellation/v2/internal/grpc/atlscredentials" "github.com/edgelesssys/constellation/v2/internal/grpc/testdialer" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "go.uber.org/goleak" @@ -75,8 +75,8 @@ func TestDial(t *testing.T) { require := require.New(t) netDialer := testdialer.NewBufconnDialer() - dialer := New(nil, atls.NewFakeValidator(oid.Dummy{}), netDialer) - server := newServer(oid.Dummy{}, tc.tls) + dialer := New(nil, atls.NewFakeValidator(variant.Dummy{}), netDialer) + server := newServer(variant.Dummy{}, tc.tls) api := &testAPI{} grpc_testing.RegisterTestServiceServer(server, api) go server.Serve(netDialer.GetListener("192.0.2.1:1234")) @@ -97,7 +97,7 @@ func TestDial(t *testing.T) { } } -func newServer(oid oid.Getter, tls bool) *grpc.Server { +func newServer(oid variant.Getter, tls bool) *grpc.Server { if tls { creds := atlscredentials.New(atls.NewFakeIssuer(oid), nil) return grpc.NewServer(grpc.Creds(creds)) diff --git a/internal/oid/BUILD.bazel b/internal/variant/BUILD.bazel similarity index 55% rename from internal/oid/BUILD.bazel rename to internal/variant/BUILD.bazel index f763cba14..a0f9418ef 100644 --- a/internal/oid/BUILD.bazel +++ b/internal/variant/BUILD.bazel @@ -6,3 +6,10 @@ go_library( importpath = "github.com/edgelesssys/constellation/v2/internal/oid", visibility = ["//:__subpackages__"], ) + +go_library( + name = "variant", + srcs = ["variant.go"], + importpath = "github.com/edgelesssys/constellation/v2/internal/variant", + visibility = ["//:__subpackages__"], +) diff --git a/internal/oid/oid.go b/internal/variant/variant.go similarity index 66% rename from internal/oid/oid.go rename to internal/variant/variant.go index 8ad94bb0a..0a6f785f9 100644 --- a/internal/oid/oid.go +++ b/internal/variant/variant.go @@ -5,7 +5,11 @@ SPDX-License-Identifier: AGPL-3.0-only */ /* -Package oid defines OIDs for different CSPs. Currently this is used in attested TLS to distinguish the attestation documents. +Package variant defines Attestation variants for different CSPs. + +Each variant defines an OID, a string representation, and a function to compare it to other OIDs. + +The OID is used in attested TLS to distinguish the attestation documents. OIDs beginning with 1.3.9900 are reserved and can be used without registration. * The 1.3.9900.1 branch is reserved for placeholder values and testing. @@ -20,21 +24,41 @@ OIDs beginning with 1.3.9900 are reserved and can be used without registration. Deprecated OIDs should never be reused for different purposes. Instead, new OIDs should be added in the appropriate branch at the next available index. + +String representation should be lowercase and contain only letters, numbers, and hyphens. +They should be prefixed with the branch name, e.g. all variants in the 1.3.9900.2 (AWS) branch should start with "aws-". +Each variant should have a unique string representation. */ -package oid +package variant import ( "encoding/asn1" "fmt" ) +const ( + dummy = "dummy" + awsNitroTPM = "aws-nitro-tpm" + gcpSEVES = "gcp-sev-es" + azureSEVSNP = "azure-sev-snp" + azureTrustedLaunch = "azure-trustedlaunch" + qemuVTPM = "qemu-vtpm" +) + // Getter returns an ASN.1 Object Identifier. type Getter interface { OID() asn1.ObjectIdentifier } +// Variant describes an attestation variant. +type Variant interface { + Getter + String() string + Equal(other Getter) bool +} + // FromString returns the OID for the given string. -func FromString(oid string) (Getter, error) { +func FromString(oid string) (Variant, error) { switch oid { case dummy: return Dummy{}, nil @@ -65,6 +89,11 @@ func (Dummy) String() string { return dummy } +// Equal returns true if the other variant is also a Dummy. +func (Dummy) Equal(other Getter) bool { + return other.OID().Equal(Dummy{}.OID()) +} + // AWSNitroTPM holds the AWS nitro TPM OID. type AWSNitroTPM struct{} @@ -78,6 +107,11 @@ func (AWSNitroTPM) String() string { return awsNitroTPM } +// Equal returns true if the other variant is also AWSNitroTPM. +func (AWSNitroTPM) Equal(other Getter) bool { + return other.OID().Equal(AWSNitroTPM{}.OID()) +} + // GCPSEVES holds the GCP SEV-ES OID. type GCPSEVES struct{} @@ -91,6 +125,11 @@ func (GCPSEVES) String() string { return gcpSEVES } +// Equal returns true if the other variant is also GCPSEVES. +func (GCPSEVES) Equal(other Getter) bool { + return other.OID().Equal(GCPSEVES{}.OID()) +} + // AzureSEVSNP holds the OID for Azure SNP CVMs. type AzureSEVSNP struct{} @@ -104,6 +143,11 @@ func (AzureSEVSNP) String() string { return azureSEVSNP } +// Equal returns true if the other variant is also AzureSEVSNP. +func (AzureSEVSNP) Equal(other Getter) bool { + return other.OID().Equal(AzureSEVSNP{}.OID()) +} + // AzureTrustedLaunch holds the OID for Azure TrustedLaunch VMs. type AzureTrustedLaunch struct{} @@ -117,6 +161,11 @@ func (AzureTrustedLaunch) String() string { return azureTrustedLaunch } +// Equal returns true if the other variant is also AzureTrustedLaunch. +func (AzureTrustedLaunch) Equal(other Getter) bool { + return other.OID().Equal(AzureTrustedLaunch{}.OID()) +} + // QEMUVTPM holds the QEMUVTPM OID. type QEMUVTPM struct{} @@ -130,11 +179,7 @@ func (QEMUVTPM) String() string { return qemuVTPM } -const ( - dummy = "dummy" - awsNitroTPM = "aws-nitro-tpm" - gcpSEVES = "gcp-sev-es" - azureSEVSNP = "azure-sev-snp" - azureTrustedLaunch = "azure-trustedlaunch" - qemuVTPM = "qemu-vtpm" -) +// Equal returns true if the other variant is also QEMUVTPM. +func (QEMUVTPM) Equal(other Getter) bool { + return other.OID().Equal(QEMUVTPM{}.OID()) +} diff --git a/internal/watcher/BUILD.bazel b/internal/watcher/BUILD.bazel index 0597f37b4..268c584b1 100644 --- a/internal/watcher/BUILD.bazel +++ b/internal/watcher/BUILD.bazel @@ -17,7 +17,7 @@ go_library( "//internal/constants", "//internal/file", "//internal/logger", - "//internal/oid", + "//internal/variant", "@com_github_fsnotify_fsnotify//:fsnotify", "@com_github_spf13_afero//:afero", "@org_uber_go_zap//:zap", @@ -39,7 +39,7 @@ go_test( "//internal/constants", "//internal/file", "//internal/logger", - "//internal/oid", + "//internal/variant", "@com_github_fsnotify_fsnotify//:fsnotify", "@com_github_spf13_afero//:afero", "@com_github_stretchr_testify//assert", diff --git a/internal/watcher/validator.go b/internal/watcher/validator.go index 5113f47f7..10dca8b6d 100644 --- a/internal/watcher/validator.go +++ b/internal/watcher/validator.go @@ -22,7 +22,7 @@ import ( "github.com/edgelesssys/constellation/v2/internal/constants" "github.com/edgelesssys/constellation/v2/internal/file" "github.com/edgelesssys/constellation/v2/internal/logger" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" "github.com/spf13/afero" ) @@ -31,12 +31,12 @@ type Updatable struct { log *logger.Logger mux sync.Mutex fileHandler file.Handler - variant oid.Getter + variant variant.Variant atls.Validator } // NewValidator initializes a new updatable validator. -func NewValidator(log *logger.Logger, variant oid.Getter, fileHandler file.Handler) (*Updatable, error) { +func NewValidator(log *logger.Logger, variant variant.Variant, fileHandler file.Handler) (*Updatable, error) { u := &Updatable{ log: log, fileHandler: fileHandler, @@ -78,7 +78,7 @@ func (u *Updatable) Update() error { // Read ID Key config var idKeyCfg idkeydigest.Config - if u.variant.OID().Equal(oid.AzureSEVSNP{}.OID()) { + if u.variant.Equal(variant.AzureSEVSNP{}) { u.log.Infof("Updating SEV-SNP ID Key config") err := u.fileHandler.ReadJSON(filepath.Join(constants.ServiceBasePath, constants.IDKeyConfigFilename), &idKeyCfg) diff --git a/internal/watcher/validator_test.go b/internal/watcher/validator_test.go index 4264cd6d2..777645bad 100644 --- a/internal/watcher/validator_test.go +++ b/internal/watcher/validator_test.go @@ -24,7 +24,7 @@ import ( "github.com/edgelesssys/constellation/v2/internal/constants" "github.com/edgelesssys/constellation/v2/internal/file" "github.com/edgelesssys/constellation/v2/internal/logger" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" "github.com/spf13/afero" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -40,24 +40,24 @@ func TestMain(m *testing.M) { func TestNewUpdateableValidator(t *testing.T) { testCases := map[string]struct { - variant oid.Getter + variant variant.Variant writeFile bool wantErr bool }{ "azure": { - variant: oid.AzureSEVSNP{}, + variant: variant.AzureSEVSNP{}, writeFile: true, }, "gcp": { - variant: oid.GCPSEVES{}, + variant: variant.GCPSEVES{}, writeFile: true, }, "qemu": { - variant: oid.QEMUVTPM{}, + variant: variant.QEMUVTPM{}, writeFile: true, }, "no file": { - variant: oid.AzureSEVSNP{}, + variant: variant.AzureSEVSNP{}, writeFile: false, wantErr: true, }, @@ -112,7 +112,7 @@ func TestUpdate(t *testing.T) { // create server validator := &Updatable{ log: logger.NewTest(t), - variant: oid.Dummy{}, + variant: variant.Dummy{}, fileHandler: handler, } @@ -146,7 +146,7 @@ func TestUpdate(t *testing.T) { defer server.Close() // test connection to server - clientOID := oid.Dummy{} + clientOID := variant.Dummy{} resp, err := testConnection(require, server.URL, clientOID) require.NoError(err) defer resp.Body.Close() @@ -155,7 +155,7 @@ func TestUpdate(t *testing.T) { assert.EqualValues("hello", body) // update the server's validator - validator.variant = oid.QEMUVTPM{} + validator.variant = variant.QEMUVTPM{} require.NoError(validator.Update()) // client connection should fail now, since the server's validator expects a different OID from the client @@ -198,7 +198,7 @@ func TestOIDConcurrency(t *testing.T) { // create server validator := &Updatable{ log: logger.NewTest(t), - variant: oid.Dummy{}, + variant: variant.Dummy{}, fileHandler: handler, } @@ -228,7 +228,7 @@ func TestUpdateConcurrency(t *testing.T) { validator := &Updatable{ log: logger.NewTest(t), fileHandler: handler, - variant: oid.Dummy{}, + variant: variant.Dummy{}, } require.NoError(handler.WriteJSON( filepath.Join(constants.ServiceBasePath, constants.MeasurementsFilename), @@ -256,7 +256,7 @@ func TestUpdateConcurrency(t *testing.T) { wg.Wait() } -func testConnection(require *require.Assertions, url string, oid oid.Getter) (*http.Response, error) { +func testConnection(require *require.Assertions, url string, oid variant.Getter) (*http.Response, error) { clientConfig, err := atls.CreateAttestationClientTLSConfig(fakeIssuer{oid}, nil) require.NoError(err) client := http.Client{Transport: &http.Transport{TLSClientConfig: clientConfig}} @@ -267,7 +267,7 @@ func testConnection(require *require.Assertions, url string, oid oid.Getter) (*h } type fakeIssuer struct { - oid.Getter + variant.Getter } func (fakeIssuer) Issue(_ context.Context, userData []byte, nonce []byte) ([]byte, error) { @@ -280,6 +280,14 @@ func (o fakeOID) OID() asn1.ObjectIdentifier { return asn1.ObjectIdentifier(o) } +func (o fakeOID) String() string { + return o.OID().String() +} + +func (o fakeOID) Equal(other variant.Getter) bool { + return o.OID().Equal(other.OID()) +} + type fakeDoc struct { UserData []byte Nonce []byte diff --git a/joinservice/cmd/BUILD.bazel b/joinservice/cmd/BUILD.bazel index 6ade12f17..b1ae0dcfd 100644 --- a/joinservice/cmd/BUILD.bazel +++ b/joinservice/cmd/BUILD.bazel @@ -18,7 +18,7 @@ go_library( "//internal/file", "//internal/grpc/atlscredentials", "//internal/logger", - "//internal/oid", + "//internal/variant", "//internal/watcher", "//joinservice/internal/kms", "//joinservice/internal/kubeadm", diff --git a/joinservice/cmd/main.go b/joinservice/cmd/main.go index 58c62e102..f32ddb2ce 100644 --- a/joinservice/cmd/main.go +++ b/joinservice/cmd/main.go @@ -27,7 +27,7 @@ import ( "github.com/edgelesssys/constellation/v2/internal/file" "github.com/edgelesssys/constellation/v2/internal/grpc/atlscredentials" "github.com/edgelesssys/constellation/v2/internal/logger" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" "github.com/edgelesssys/constellation/v2/internal/watcher" "github.com/edgelesssys/constellation/v2/joinservice/internal/kms" "github.com/edgelesssys/constellation/v2/joinservice/internal/kubeadm" @@ -56,7 +56,7 @@ func main() { handler := file.NewHandler(afero.NewOsFs()) - variant, err := oid.FromString(*attestationVariant) + variant, err := variant.FromString(*attestationVariant) if err != nil { log.With(zap.Error(err)).Fatalf("Failed to parse attestation variant") } diff --git a/measurement-reader/cmd/BUILD.bazel b/measurement-reader/cmd/BUILD.bazel index ae341d987..a744151b1 100644 --- a/measurement-reader/cmd/BUILD.bazel +++ b/measurement-reader/cmd/BUILD.bazel @@ -9,7 +9,7 @@ go_library( deps = [ "//internal/constants", "//internal/logger", - "//internal/oid", + "//internal/variant", "//measurement-reader/internal/sorted", "//measurement-reader/internal/tpm", "@org_uber_go_zap//:zap", diff --git a/measurement-reader/cmd/main.go b/measurement-reader/cmd/main.go index 83754dfb5..4cf6b3356 100644 --- a/measurement-reader/cmd/main.go +++ b/measurement-reader/cmd/main.go @@ -12,7 +12,7 @@ import ( "github.com/edgelesssys/constellation/v2/internal/constants" "github.com/edgelesssys/constellation/v2/internal/logger" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" "github.com/edgelesssys/constellation/v2/measurement-reader/internal/sorted" "github.com/edgelesssys/constellation/v2/measurement-reader/internal/tpm" "go.uber.org/zap" @@ -21,21 +21,21 @@ import ( func main() { log := logger.New(logger.JSONLog, zapcore.InfoLevel) - variant := os.Getenv(constants.AttestationVariant) - attestationVariant, err := oid.FromString(variant) + variantString := os.Getenv(constants.AttestationVariant) + attestationVariant, err := variant.FromString(variantString) if err != nil { log.With(zap.Error(err)).Fatalf("Failed to parse attestation variant") } var m []sorted.Measurement switch attestationVariant { - case oid.AWSNitroTPM{}, oid.AzureSEVSNP{}, oid.AzureTrustedLaunch{}, oid.GCPSEVES{}, oid.QEMUVTPM{}: + case variant.AWSNitroTPM{}, variant.AzureSEVSNP{}, variant.AzureTrustedLaunch{}, variant.GCPSEVES{}, variant.QEMUVTPM{}: m, err = tpm.Measurements() if err != nil { log.With(zap.Error(err)).Fatalf("Failed to read TPM measurements") } default: - log.With(zap.String("attestationVariant", variant)).Fatalf("Unsupported attestation variant") + log.With(zap.String("attestationVariant", variantString)).Fatalf("Unsupported attestation variant") } fmt.Println("Measurements:") diff --git a/verify/cmd/BUILD.bazel b/verify/cmd/BUILD.bazel index 6727739f6..d6228a7e8 100644 --- a/verify/cmd/BUILD.bazel +++ b/verify/cmd/BUILD.bazel @@ -9,7 +9,7 @@ go_library( "//internal/attestation/choose", "//internal/constants", "//internal/logger", - "//internal/oid", + "//internal/variant", "//verify/server", "@org_uber_go_zap//:zap", ], diff --git a/verify/cmd/main.go b/verify/cmd/main.go index 6c57795db..54055a16d 100644 --- a/verify/cmd/main.go +++ b/verify/cmd/main.go @@ -14,7 +14,7 @@ import ( "github.com/edgelesssys/constellation/v2/internal/attestation/choose" "github.com/edgelesssys/constellation/v2/internal/constants" "github.com/edgelesssys/constellation/v2/internal/logger" - "github.com/edgelesssys/constellation/v2/internal/oid" + "github.com/edgelesssys/constellation/v2/internal/variant" "github.com/edgelesssys/constellation/v2/verify/server" "go.uber.org/zap" ) @@ -29,7 +29,7 @@ func main() { log.With(zap.String("version", constants.VersionInfo()), zap.String("attestationVariant", *attestationVariant)). Infof("Constellation Verification Service") - variant, err := oid.FromString(*attestationVariant) + variant, err := variant.FromString(*attestationVariant) if err != nil { log.With(zap.Error(err)).Fatalf("Failed to parse attestation variant") }