internal: refactor oid package to variant package (#1538)

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße 2023-03-29 09:30:13 +02:00 committed by GitHub
parent db5660e3d6
commit 99b12e4035
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
55 changed files with 287 additions and 240 deletions

View File

@ -38,8 +38,8 @@ go_library(
"//internal/grpc/dialer", "//internal/grpc/dialer",
"//internal/kubernetes/kubectl", "//internal/kubernetes/kubectl",
"//internal/logger", "//internal/logger",
"//internal/oid",
"//internal/role", "//internal/role",
"//internal/variant",
"//internal/versions/components", "//internal/versions/components",
"@com_github_spf13_afero//:afero", "@com_github_spf13_afero//:afero",
"@io_k8s_kubernetes//cmd/kubeadm/app/apis/kubeadm/v1beta3", "@io_k8s_kubernetes//cmd/kubeadm/app/apis/kubeadm/v1beta3",

View File

@ -32,7 +32,7 @@ import (
"github.com/edgelesssys/constellation/v2/internal/file" "github.com/edgelesssys/constellation/v2/internal/file"
"github.com/edgelesssys/constellation/v2/internal/kubernetes/kubectl" "github.com/edgelesssys/constellation/v2/internal/kubernetes/kubectl"
"github.com/edgelesssys/constellation/v2/internal/logger" "github.com/edgelesssys/constellation/v2/internal/logger"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/spf13/afero" "github.com/spf13/afero"
"go.uber.org/zap" "go.uber.org/zap"
) )
@ -71,7 +71,7 @@ func main() {
log.With(zap.Error(err)).Fatalf("Helm client could not be initialized") log.With(zap.Error(err)).Fatalf("Helm client could not be initialized")
} }
attestVariant, err := oid.FromString(os.Getenv(constants.AttestationVariant)) attestVariant, err := variant.FromString(os.Getenv(constants.AttestationVariant))
if err != nil { if err != nil {
log.With(zap.Error(err)).Fatalf("Failed to parse attestation variant") log.With(zap.Error(err)).Fatalf("Failed to parse attestation variant")
} }

View File

@ -44,7 +44,7 @@ go_test(
"//internal/kms/setup", "//internal/kms/setup",
"//internal/kms/uri", "//internal/kms/uri",
"//internal/logger", "//internal/logger",
"//internal/oid", "//internal/variant",
"//internal/versions/components", "//internal/versions/components",
"@com_github_spf13_afero//:afero", "@com_github_spf13_afero//:afero",
"@com_github_stretchr_testify//assert", "@com_github_stretchr_testify//assert",

View File

@ -22,7 +22,7 @@ import (
kmssetup "github.com/edgelesssys/constellation/v2/internal/kms/setup" kmssetup "github.com/edgelesssys/constellation/v2/internal/kms/setup"
"github.com/edgelesssys/constellation/v2/internal/kms/uri" "github.com/edgelesssys/constellation/v2/internal/kms/uri"
"github.com/edgelesssys/constellation/v2/internal/logger" "github.com/edgelesssys/constellation/v2/internal/logger"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/edgelesssys/constellation/v2/internal/versions/components" "github.com/edgelesssys/constellation/v2/internal/versions/components"
"github.com/spf13/afero" "github.com/spf13/afero"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
@ -62,7 +62,7 @@ func TestNew(t *testing.T) {
t.Run(name, func(t *testing.T) { t.Run(name, func(t *testing.T) {
assert := assert.New(t) assert := assert.New(t)
server, err := New(context.TODO(), newFakeLock(), &stubClusterInitializer{}, atls.NewFakeIssuer(oid.Dummy{}), fh, &tc.metadata, logger.NewTest(t)) server, err := New(context.TODO(), newFakeLock(), &stubClusterInitializer{}, atls.NewFakeIssuer(variant.Dummy{}), fh, &tc.metadata, logger.NewTest(t))
if tc.wantErr { if tc.wantErr {
assert.Error(err) assert.Error(err)
return return

View File

@ -33,7 +33,7 @@ go_library(
"//internal/constants", "//internal/constants",
"//internal/kubernetes", "//internal/kubernetes",
"//internal/kubernetes/kubectl", "//internal/kubernetes/kubectl",
"//internal/oid", "//internal/variant",
"//internal/versions", "//internal/versions",
"//internal/versions/components", "//internal/versions/components",
"//internal/versionsapi", "//internal/versionsapi",
@ -83,7 +83,7 @@ go_test(
"//internal/config", "//internal/config",
"//internal/constants", "//internal/constants",
"//internal/logger", "//internal/logger",
"//internal/oid", "//internal/variant",
"//internal/versions", "//internal/versions",
"//internal/versions/components", "//internal/versions/components",
"//operators/constellation-node-operator/api/v1alpha1", "//operators/constellation-node-operator/api/v1alpha1",

View File

@ -18,13 +18,13 @@ import (
"github.com/edgelesssys/constellation/v2/internal/attestation/idkeydigest" "github.com/edgelesssys/constellation/v2/internal/attestation/idkeydigest"
"github.com/edgelesssys/constellation/v2/internal/attestation/measurements" "github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
"github.com/edgelesssys/constellation/v2/internal/config" "github.com/edgelesssys/constellation/v2/internal/config"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/spf13/cobra" "github.com/spf13/cobra"
) )
// Validator validates Platform Configuration Registers (PCRs). // Validator validates Platform Configuration Registers (PCRs).
type Validator struct { type Validator struct {
attestationVariant oid.Getter attestationVariant variant.Variant
pcrs measurements.M pcrs measurements.M
idKeyConfig idkeydigest.Config idKeyConfig idkeydigest.Config
validator atls.Validator validator atls.Validator
@ -34,17 +34,17 @@ type Validator struct {
// NewValidator creates a new Validator. // NewValidator creates a new Validator.
func NewValidator(conf *config.Config, maaURL string, log debugLog) (*Validator, error) { func NewValidator(conf *config.Config, maaURL string, log debugLog) (*Validator, error) {
v := Validator{log: log} v := Validator{log: log}
variant, err := oid.FromString(conf.AttestationVariant) attestVariant, err := variant.FromString(conf.AttestationVariant)
if err != nil { if err != nil {
return nil, fmt.Errorf("parsing attestation variant: %w", err) return nil, fmt.Errorf("parsing attestation variant: %w", err)
} }
v.attestationVariant = variant // valid variant v.attestationVariant = attestVariant // valid variant
if err := v.setPCRs(conf); err != nil { if err := v.setPCRs(conf); err != nil {
return nil, err return nil, err
} }
if v.attestationVariant.OID().Equal(oid.AzureSEVSNP{}.OID()) { if v.attestationVariant.Equal(variant.AzureSEVSNP{}) {
v.idKeyConfig = idkeydigest.Config{ v.idKeyConfig = idkeydigest.Config{
IDKeyDigests: conf.Provider.Azure.IDKeyDigest, IDKeyDigests: conf.Provider.Azure.IDKeyDigest,
EnforcementPolicy: conf.IDKeyDigestPolicy(), EnforcementPolicy: conf.IDKeyDigestPolicy(),
@ -96,32 +96,11 @@ func (v *Validator) updatePCR(pcrIndex uint32, encoded string) error {
} }
func (v *Validator) setPCRs(config *config.Config) error { func (v *Validator) setPCRs(config *config.Config) error {
switch v.attestationVariant { measurements := config.GetMeasurements()
case oid.AWSNitroTPM{}: if len(measurements) == 0 {
awsPCRs := config.Provider.AWS.Measurements return errors.New("no measurements found in config")
if len(awsPCRs) == 0 {
return errors.New("no expected measurement provided")
}
v.pcrs = awsPCRs
case oid.AzureSEVSNP{}, oid.AzureTrustedLaunch{}:
azurePCRs := config.Provider.Azure.Measurements
if len(azurePCRs) == 0 {
return errors.New("no expected measurement provided")
}
v.pcrs = azurePCRs
case oid.GCPSEVES{}:
gcpPCRs := config.Provider.GCP.Measurements
if len(gcpPCRs) == 0 {
return errors.New("no expected measurement provided")
}
v.pcrs = gcpPCRs
case oid.QEMUVTPM{}:
qemuPCRs := config.Provider.QEMU.Measurements
if len(qemuPCRs) == 0 {
return errors.New("no expected measurement provided")
}
v.pcrs = qemuPCRs
} }
v.pcrs = measurements
return nil return nil
} }

View File

@ -21,7 +21,7 @@ import (
"github.com/edgelesssys/constellation/v2/internal/attestation/qemu" "github.com/edgelesssys/constellation/v2/internal/attestation/qemu"
"github.com/edgelesssys/constellation/v2/internal/config" "github.com/edgelesssys/constellation/v2/internal/config"
"github.com/edgelesssys/constellation/v2/internal/logger" "github.com/edgelesssys/constellation/v2/internal/logger"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/spf13/cobra" "github.com/spf13/cobra"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
@ -43,7 +43,7 @@ func TestNewValidator(t *testing.T) {
}{ }{
"gcp": { "gcp": {
config: &config.Config{ config: &config.Config{
AttestationVariant: oid.GCPSEVES{}.String(), AttestationVariant: variant.GCPSEVES{}.String(),
Provider: config.ProviderConfig{ Provider: config.ProviderConfig{
GCP: &config.GCPConfig{ GCP: &config.GCPConfig{
Measurements: testPCRs, Measurements: testPCRs,
@ -53,7 +53,7 @@ func TestNewValidator(t *testing.T) {
}, },
"azure cvm": { "azure cvm": {
config: &config.Config{ config: &config.Config{
AttestationVariant: oid.AzureSEVSNP{}.String(), AttestationVariant: variant.AzureSEVSNP{}.String(),
Provider: config.ProviderConfig{ Provider: config.ProviderConfig{
Azure: &config.AzureConfig{ Azure: &config.AzureConfig{
Measurements: testPCRs, Measurements: testPCRs,
@ -63,7 +63,7 @@ func TestNewValidator(t *testing.T) {
}, },
"azure trusted launch": { "azure trusted launch": {
config: &config.Config{ config: &config.Config{
AttestationVariant: oid.AzureTrustedLaunch{}.String(), AttestationVariant: variant.AzureTrustedLaunch{}.String(),
Provider: config.ProviderConfig{ Provider: config.ProviderConfig{
Azure: &config.AzureConfig{ Azure: &config.AzureConfig{
Measurements: testPCRs, Measurements: testPCRs,
@ -73,7 +73,7 @@ func TestNewValidator(t *testing.T) {
}, },
"qemu": { "qemu": {
config: &config.Config{ config: &config.Config{
AttestationVariant: oid.QEMUVTPM{}.String(), AttestationVariant: variant.QEMUVTPM{}.String(),
Provider: config.ProviderConfig{ Provider: config.ProviderConfig{
QEMU: &config.QEMUConfig{ QEMU: &config.QEMUConfig{
Measurements: testPCRs, Measurements: testPCRs,
@ -83,7 +83,7 @@ func TestNewValidator(t *testing.T) {
}, },
"no pcrs provided": { "no pcrs provided": {
config: &config.Config{ config: &config.Config{
AttestationVariant: oid.AzureSEVSNP{}.String(), AttestationVariant: variant.AzureSEVSNP{}.String(),
Provider: config.ProviderConfig{ Provider: config.ProviderConfig{
Azure: &config.AzureConfig{ Azure: &config.AzureConfig{
Measurements: measurements.M{}, Measurements: measurements.M{},
@ -105,7 +105,7 @@ func TestNewValidator(t *testing.T) {
}, },
"set idkeydigest": { "set idkeydigest": {
config: &config.Config{ config: &config.Config{
AttestationVariant: oid.AzureSEVSNP{}.String(), AttestationVariant: variant.AzureSEVSNP{}.String(),
Provider: config.ProviderConfig{ Provider: config.ProviderConfig{
Azure: &config.AzureConfig{ Azure: &config.AzureConfig{
Measurements: testPCRs, Measurements: testPCRs,
@ -128,7 +128,7 @@ func TestNewValidator(t *testing.T) {
} else { } else {
assert.NoError(err) assert.NoError(err)
assert.Equal(tc.config.GetMeasurements(), validators.pcrs) assert.Equal(tc.config.GetMeasurements(), validators.pcrs)
variant, err := oid.FromString(tc.config.AttestationVariant) variant, err := variant.FromString(tc.config.AttestationVariant)
require.NoError(t, err) require.NoError(t, err)
assert.Equal(variant, validators.attestationVariant) assert.Equal(variant, validators.attestationVariant)
} }
@ -156,17 +156,17 @@ func TestValidatorV(t *testing.T) {
} }
testCases := map[string]struct { testCases := map[string]struct {
variant oid.Getter variant variant.Variant
pcrs measurements.M pcrs measurements.M
wantVs atls.Validator wantVs atls.Validator
}{ }{
"gcp": { "gcp": {
variant: oid.GCPSEVES{}, variant: variant.GCPSEVES{},
pcrs: newTestPCRs(), pcrs: newTestPCRs(),
wantVs: gcp.NewValidator(newTestPCRs(), nil), wantVs: gcp.NewValidator(newTestPCRs(), nil),
}, },
"azure cvm": { "azure cvm": {
variant: oid.AzureSEVSNP{}, variant: variant.AzureSEVSNP{},
pcrs: newTestPCRs(), pcrs: newTestPCRs(),
wantVs: snp.NewValidator( wantVs: snp.NewValidator(
newTestPCRs(), newTestPCRs(),
@ -175,12 +175,12 @@ func TestValidatorV(t *testing.T) {
), ),
}, },
"azure trusted launch": { "azure trusted launch": {
variant: oid.AzureTrustedLaunch{}, variant: variant.AzureTrustedLaunch{},
pcrs: newTestPCRs(), pcrs: newTestPCRs(),
wantVs: trustedlaunch.NewValidator(newTestPCRs(), nil), wantVs: trustedlaunch.NewValidator(newTestPCRs(), nil),
}, },
"qemu": { "qemu": {
variant: oid.QEMUVTPM{}, variant: variant.QEMUVTPM{},
pcrs: newTestPCRs(), pcrs: newTestPCRs(),
wantVs: qemu.NewValidator(newTestPCRs(), nil), wantVs: qemu.NewValidator(newTestPCRs(), nil),
}, },
@ -235,50 +235,50 @@ func TestValidatorUpdateInitPCRs(t *testing.T) {
} }
testCases := map[string]struct { testCases := map[string]struct {
variant oid.Getter variant variant.Variant
pcrs measurements.M pcrs measurements.M
ownerID string ownerID string
clusterID string clusterID string
wantErr bool wantErr bool
}{ }{
"gcp update owner ID": { "gcp update owner ID": {
variant: oid.GCPSEVES{}, variant: variant.GCPSEVES{},
pcrs: newTestPCRs(), pcrs: newTestPCRs(),
ownerID: one64, ownerID: one64,
}, },
"gcp update cluster ID": { "gcp update cluster ID": {
variant: oid.GCPSEVES{}, variant: variant.GCPSEVES{},
pcrs: newTestPCRs(), pcrs: newTestPCRs(),
clusterID: one64, clusterID: one64,
}, },
"gcp update both": { "gcp update both": {
variant: oid.GCPSEVES{}, variant: variant.GCPSEVES{},
pcrs: newTestPCRs(), pcrs: newTestPCRs(),
ownerID: one64, ownerID: one64,
clusterID: one64, clusterID: one64,
}, },
"azure update owner ID": { "azure update owner ID": {
variant: oid.AzureSEVSNP{}, variant: variant.AzureSEVSNP{},
pcrs: newTestPCRs(), pcrs: newTestPCRs(),
ownerID: one64, ownerID: one64,
}, },
"azure update cluster ID": { "azure update cluster ID": {
variant: oid.AzureSEVSNP{}, variant: variant.AzureSEVSNP{},
pcrs: newTestPCRs(), pcrs: newTestPCRs(),
clusterID: one64, clusterID: one64,
}, },
"azure update both": { "azure update both": {
variant: oid.AzureSEVSNP{}, variant: variant.AzureSEVSNP{},
pcrs: newTestPCRs(), pcrs: newTestPCRs(),
ownerID: one64, ownerID: one64,
clusterID: one64, clusterID: one64,
}, },
"owner ID and cluster ID empty": { "owner ID and cluster ID empty": {
variant: oid.GCPSEVES{}, variant: variant.GCPSEVES{},
pcrs: newTestPCRs(), pcrs: newTestPCRs(),
}, },
"invalid encoding": { "invalid encoding": {
variant: oid.GCPSEVES{}, variant: variant.GCPSEVES{},
pcrs: newTestPCRs(), pcrs: newTestPCRs(),
ownerID: "invalid", ownerID: "invalid",
wantErr: true, wantErr: true,
@ -421,7 +421,7 @@ func TestUpdatePCR(t *testing.T) {
} }
validators := &Validator{ validators := &Validator{
attestationVariant: oid.GCPSEVES{}, attestationVariant: variant.GCPSEVES{},
pcrs: pcrs, pcrs: pcrs,
} }
err := validators.updatePCR(tc.pcrIndex, tc.encoded) err := validators.updatePCR(tc.pcrIndex, tc.encoded)

View File

@ -61,9 +61,9 @@ go_library(
"//internal/kubernetes/kubectl", "//internal/kubernetes/kubectl",
"//internal/license", "//internal/license",
"//internal/logger", "//internal/logger",
"//internal/oid",
"//internal/retry", "//internal/retry",
"//internal/sigstore", "//internal/sigstore",
"//internal/variant",
"//internal/versions", "//internal/versions",
"//internal/versionsapi", "//internal/versionsapi",
"//internal/versionsapi/fetcher", "//internal/versionsapi/fetcher",
@ -127,7 +127,7 @@ go_test(
"//internal/kms/uri", "//internal/kms/uri",
"//internal/license", "//internal/license",
"//internal/logger", "//internal/logger",
"//internal/oid", "//internal/variant",
"//internal/versions", "//internal/versions",
"//internal/versionsapi", "//internal/versionsapi",
"//verify/verifyproto", "//verify/verifyproto",

View File

@ -15,7 +15,7 @@ import (
"github.com/edgelesssys/constellation/v2/internal/config" "github.com/edgelesssys/constellation/v2/internal/config"
"github.com/edgelesssys/constellation/v2/internal/constants" "github.com/edgelesssys/constellation/v2/internal/constants"
"github.com/edgelesssys/constellation/v2/internal/file" "github.com/edgelesssys/constellation/v2/internal/file"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/edgelesssys/constellation/v2/internal/versions" "github.com/edgelesssys/constellation/v2/internal/versions"
"github.com/siderolabs/talos/pkg/machinery/config/encoder" "github.com/siderolabs/talos/pkg/machinery/config/encoder"
"github.com/spf13/afero" "github.com/spf13/afero"
@ -109,13 +109,13 @@ func createConfig(provider cloudprovider.Provider) *config.Config {
// TODO(AB#2976): Replace hardcoded values with user input // TODO(AB#2976): Replace hardcoded values with user input
switch provider { switch provider {
case cloudprovider.AWS: case cloudprovider.AWS:
conf.AttestationVariant = oid.AWSNitroTPM{}.String() conf.AttestationVariant = variant.AWSNitroTPM{}.String()
case cloudprovider.Azure: case cloudprovider.Azure:
conf.AttestationVariant = oid.AzureSEVSNP{}.String() conf.AttestationVariant = variant.AzureSEVSNP{}.String()
case cloudprovider.GCP: case cloudprovider.GCP:
conf.AttestationVariant = oid.GCPSEVES{}.String() conf.AttestationVariant = variant.GCPSEVES{}.String()
case cloudprovider.QEMU: case cloudprovider.QEMU:
conf.AttestationVariant = oid.QEMUVTPM{}.String() conf.AttestationVariant = variant.QEMUVTPM{}.String()
} }
return conf return conf

View File

@ -15,7 +15,7 @@ import (
"github.com/edgelesssys/constellation/v2/internal/constants" "github.com/edgelesssys/constellation/v2/internal/constants"
"github.com/edgelesssys/constellation/v2/internal/file" "github.com/edgelesssys/constellation/v2/internal/file"
"github.com/edgelesssys/constellation/v2/internal/logger" "github.com/edgelesssys/constellation/v2/internal/logger"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/edgelesssys/constellation/v2/internal/versions" "github.com/edgelesssys/constellation/v2/internal/versions"
"github.com/spf13/afero" "github.com/spf13/afero"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
@ -94,7 +94,7 @@ func TestConfigGenerateDefaultGCPSpecific(t *testing.T) {
require.NoError(cg.configGenerate(cmd, fileHandler, cloudprovider.GCP)) require.NoError(cg.configGenerate(cmd, fileHandler, cloudprovider.GCP))
// TODO(AB#2976): Remove this once attestation variants are dynamically created // TODO(AB#2976): Remove this once attestation variants are dynamically created
wantConf.AttestationVariant = oid.GCPSEVES{}.String() wantConf.AttestationVariant = variant.GCPSEVES{}.String()
var readConfig config.Config var readConfig config.Config
err := fileHandler.ReadYAML(constants.ConfigFilename, &readConfig) err := fileHandler.ReadYAML(constants.ConfigFilename, &readConfig)

View File

@ -33,7 +33,7 @@ import (
"github.com/edgelesssys/constellation/v2/internal/kms/uri" "github.com/edgelesssys/constellation/v2/internal/kms/uri"
"github.com/edgelesssys/constellation/v2/internal/license" "github.com/edgelesssys/constellation/v2/internal/license"
"github.com/edgelesssys/constellation/v2/internal/logger" "github.com/edgelesssys/constellation/v2/internal/logger"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/edgelesssys/constellation/v2/internal/versions" "github.com/edgelesssys/constellation/v2/internal/versions"
"github.com/spf13/afero" "github.com/spf13/afero"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
@ -399,14 +399,14 @@ func TestAttestation(t *testing.T) {
netDialer := testdialer.NewBufconnDialer() netDialer := testdialer.NewBufconnDialer()
newDialer := func(v *cloudcmd.Validator) *dialer.Dialer { newDialer := func(v *cloudcmd.Validator) *dialer.Dialer {
validator := &testValidator{ validator := &testValidator{
Getter: oid.QEMUVTPM{}, Getter: variant.QEMUVTPM{},
pcrs: v.PCRS(), pcrs: v.PCRS(),
} }
return dialer.New(nil, validator, netDialer) return dialer.New(nil, validator, netDialer)
} }
issuer := &testIssuer{ issuer := &testIssuer{
Getter: oid.QEMUVTPM{}, Getter: variant.QEMUVTPM{},
pcrs: map[uint32][]byte{ pcrs: map[uint32][]byte{
0: bytes.Repeat([]byte{0xFF}, 32), 0: bytes.Repeat([]byte{0xFF}, 32),
1: bytes.Repeat([]byte{0xFF}, 32), 1: bytes.Repeat([]byte{0xFF}, 32),
@ -436,7 +436,7 @@ func TestAttestation(t *testing.T) {
cfg := config.Default() cfg := config.Default()
cfg.Image = "image" cfg.Image = "image"
cfg.AttestationVariant = oid.QEMUVTPM{}.String() cfg.AttestationVariant = variant.QEMUVTPM{}.String()
cfg.RemoveProviderExcept(cloudprovider.QEMU) cfg.RemoveProviderExcept(cloudprovider.QEMU)
cfg.Provider.QEMU.Measurements[0] = measurements.WithAllBytes(0x00, measurements.Enforce) cfg.Provider.QEMU.Measurements[0] = measurements.WithAllBytes(0x00, measurements.Enforce)
cfg.Provider.QEMU.Measurements[1] = measurements.WithAllBytes(0x11, measurements.Enforce) cfg.Provider.QEMU.Measurements[1] = measurements.WithAllBytes(0x11, measurements.Enforce)
@ -460,7 +460,7 @@ func TestAttestation(t *testing.T) {
} }
type testValidator struct { type testValidator struct {
oid.Getter variant.Getter
pcrs measurements.M pcrs measurements.M
} }
@ -482,7 +482,7 @@ func (v *testValidator) Validate(_ context.Context, attDoc []byte, _ []byte) ([]
} }
type testIssuer struct { type testIssuer struct {
oid.Getter variant.Getter
pcrs map[uint32][]byte pcrs map[uint32][]byte
} }
@ -530,7 +530,7 @@ func defaultConfigWithExpectedMeasurements(t *testing.T, conf *config.Config, cs
switch csp { switch csp {
case cloudprovider.Azure: case cloudprovider.Azure:
conf.AttestationVariant = oid.AzureSEVSNP{}.String() conf.AttestationVariant = variant.AzureSEVSNP{}.String()
conf.Provider.Azure.SubscriptionID = "01234567-0123-0123-0123-0123456789ab" conf.Provider.Azure.SubscriptionID = "01234567-0123-0123-0123-0123456789ab"
conf.Provider.Azure.TenantID = "01234567-0123-0123-0123-0123456789ab" conf.Provider.Azure.TenantID = "01234567-0123-0123-0123-0123456789ab"
conf.Provider.Azure.Location = "test-location" conf.Provider.Azure.Location = "test-location"
@ -542,7 +542,7 @@ func defaultConfigWithExpectedMeasurements(t *testing.T, conf *config.Config, cs
conf.Provider.Azure.Measurements[9] = measurements.WithAllBytes(0x11, measurements.Enforce) conf.Provider.Azure.Measurements[9] = measurements.WithAllBytes(0x11, measurements.Enforce)
conf.Provider.Azure.Measurements[12] = measurements.WithAllBytes(0xcc, measurements.Enforce) conf.Provider.Azure.Measurements[12] = measurements.WithAllBytes(0xcc, measurements.Enforce)
case cloudprovider.GCP: case cloudprovider.GCP:
conf.AttestationVariant = oid.GCPSEVES{}.String() conf.AttestationVariant = variant.GCPSEVES{}.String()
conf.Provider.GCP.Region = "test-region" conf.Provider.GCP.Region = "test-region"
conf.Provider.GCP.Project = "test-project" conf.Provider.GCP.Project = "test-project"
conf.Provider.GCP.Zone = "test-zone" conf.Provider.GCP.Zone = "test-zone"
@ -551,7 +551,7 @@ func defaultConfigWithExpectedMeasurements(t *testing.T, conf *config.Config, cs
conf.Provider.GCP.Measurements[9] = measurements.WithAllBytes(0x11, measurements.Enforce) conf.Provider.GCP.Measurements[9] = measurements.WithAllBytes(0x11, measurements.Enforce)
conf.Provider.GCP.Measurements[12] = measurements.WithAllBytes(0xcc, measurements.Enforce) conf.Provider.GCP.Measurements[12] = measurements.WithAllBytes(0xcc, measurements.Enforce)
case cloudprovider.QEMU: case cloudprovider.QEMU:
conf.AttestationVariant = oid.QEMUVTPM{}.String() conf.AttestationVariant = variant.QEMUVTPM{}.String()
conf.Provider.QEMU.Measurements[4] = measurements.WithAllBytes(0x44, measurements.Enforce) conf.Provider.QEMU.Measurements[4] = measurements.WithAllBytes(0x44, measurements.Enforce)
conf.Provider.QEMU.Measurements[9] = measurements.WithAllBytes(0x11, measurements.Enforce) conf.Provider.QEMU.Measurements[9] = measurements.WithAllBytes(0x11, measurements.Enforce)
conf.Provider.QEMU.Measurements[12] = measurements.WithAllBytes(0xcc, measurements.Enforce) conf.Provider.QEMU.Measurements[12] = measurements.WithAllBytes(0xcc, measurements.Enforce)

View File

@ -25,7 +25,7 @@ import (
"github.com/edgelesssys/constellation/v2/internal/grpc/dialer" "github.com/edgelesssys/constellation/v2/internal/grpc/dialer"
"github.com/edgelesssys/constellation/v2/internal/grpc/testdialer" "github.com/edgelesssys/constellation/v2/internal/grpc/testdialer"
"github.com/edgelesssys/constellation/v2/internal/logger" "github.com/edgelesssys/constellation/v2/internal/logger"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/edgelesssys/constellation/v2/verify/verifyproto" "github.com/edgelesssys/constellation/v2/verify/verifyproto"
"github.com/spf13/afero" "github.com/spf13/afero"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
@ -247,7 +247,7 @@ func TestVerifyClient(t *testing.T) {
Nonce: tc.nonce, Nonce: tc.nonce,
} }
err = verifier.Verify(context.Background(), addr, request, atls.NewFakeValidator(oid.Dummy{})) err = verifier.Verify(context.Background(), addr, request, atls.NewFakeValidator(variant.Dummy{}))
if tc.wantErr { if tc.wantErr {
assert.Error(err) assert.Error(err)

View File

@ -362,7 +362,7 @@ go_test(
"//internal/deploy/helm", "//internal/deploy/helm",
"//internal/file", "//internal/file",
"//internal/logger", "//internal/logger",
"//internal/oid", "//internal/variant",
"@com_github_pkg_errors//:errors", "@com_github_pkg_errors//:errors",
"@com_github_spf13_afero//:afero", "@com_github_spf13_afero//:afero",
"@com_github_stretchr_testify//assert", "@com_github_stretchr_testify//assert",

View File

@ -23,7 +23,7 @@ import (
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider" "github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
"github.com/edgelesssys/constellation/v2/internal/config" "github.com/edgelesssys/constellation/v2/internal/config"
"github.com/edgelesssys/constellation/v2/internal/deploy/helm" "github.com/edgelesssys/constellation/v2/internal/deploy/helm"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/pkg/errors" "github.com/pkg/errors"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
@ -62,7 +62,7 @@ func TestConstellationServices(t *testing.T) {
}{ }{
"AWS": { "AWS": {
config: &config.Config{ config: &config.Config{
AttestationVariant: oid.AWSNitroTPM{}.String(), AttestationVariant: variant.AWSNitroTPM{}.String(),
Provider: config.ProviderConfig{AWS: &config.AWSConfig{}}, Provider: config.ProviderConfig{AWS: &config.AWSConfig{}},
}, },
valuesModifier: prepareAWSValues, valuesModifier: prepareAWSValues,
@ -70,7 +70,7 @@ func TestConstellationServices(t *testing.T) {
}, },
"Azure": { "Azure": {
config: &config.Config{ config: &config.Config{
AttestationVariant: oid.AzureSEVSNP{}.String(), AttestationVariant: variant.AzureSEVSNP{}.String(),
Provider: config.ProviderConfig{Azure: &config.AzureConfig{ Provider: config.ProviderConfig{Azure: &config.AzureConfig{
DeployCSIDriver: toPtr(true), DeployCSIDriver: toPtr(true),
EnforceIDKeyDigest: idkeydigest.StrictChecking, EnforceIDKeyDigest: idkeydigest.StrictChecking,
@ -87,7 +87,7 @@ func TestConstellationServices(t *testing.T) {
}, },
"GCP": { "GCP": {
config: &config.Config{ config: &config.Config{
AttestationVariant: oid.GCPSEVES{}.String(), AttestationVariant: variant.GCPSEVES{}.String(),
Provider: config.ProviderConfig{GCP: &config.GCPConfig{ Provider: config.ProviderConfig{GCP: &config.GCPConfig{
DeployCSIDriver: toPtr(true), DeployCSIDriver: toPtr(true),
}}, }},
@ -97,7 +97,7 @@ func TestConstellationServices(t *testing.T) {
}, },
"OpenStack": { "OpenStack": {
config: &config.Config{ config: &config.Config{
AttestationVariant: oid.Dummy{}.String(), AttestationVariant: variant.Dummy{}.String(),
Provider: config.ProviderConfig{OpenStack: &config.OpenStackConfig{}}, Provider: config.ProviderConfig{OpenStack: &config.OpenStackConfig{}},
}, },
valuesModifier: prepareOpenStackValues, valuesModifier: prepareOpenStackValues,
@ -105,7 +105,7 @@ func TestConstellationServices(t *testing.T) {
}, },
"QEMU": { "QEMU": {
config: &config.Config{ config: &config.Config{
AttestationVariant: oid.QEMUVTPM{}.String(), AttestationVariant: variant.QEMUVTPM{}.String(),
Provider: config.ProviderConfig{QEMU: &config.QEMUConfig{}}, Provider: config.ProviderConfig{QEMU: &config.QEMUConfig{}},
}, },
valuesModifier: prepareQEMUValues, valuesModifier: prepareQEMUValues,

View File

@ -24,8 +24,8 @@ go_library(
"//internal/grpc/dialer", "//internal/grpc/dialer",
"//internal/kms/setup", "//internal/kms/setup",
"//internal/logger", "//internal/logger",
"//internal/oid",
"//internal/role", "//internal/role",
"//internal/variant",
"@com_github_spf13_afero//:afero", "@com_github_spf13_afero//:afero",
"@org_uber_go_zap//:zap", "@org_uber_go_zap//:zap",
], ],

View File

@ -30,8 +30,8 @@ import (
"github.com/edgelesssys/constellation/v2/internal/grpc/dialer" "github.com/edgelesssys/constellation/v2/internal/grpc/dialer"
kmssetup "github.com/edgelesssys/constellation/v2/internal/kms/setup" kmssetup "github.com/edgelesssys/constellation/v2/internal/kms/setup"
"github.com/edgelesssys/constellation/v2/internal/logger" "github.com/edgelesssys/constellation/v2/internal/logger"
"github.com/edgelesssys/constellation/v2/internal/oid"
"github.com/edgelesssys/constellation/v2/internal/role" "github.com/edgelesssys/constellation/v2/internal/role"
"github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/spf13/afero" "github.com/spf13/afero"
"go.uber.org/zap" "go.uber.org/zap"
) )
@ -54,7 +54,7 @@ func main() {
Infof("Starting disk-mapper") Infof("Starting disk-mapper")
// set up quote issuer for aTLS connections // set up quote issuer for aTLS connections
attestVariant, err := oid.FromString(os.Getenv(constants.AttestationVariant)) attestVariant, err := variant.FromString(os.Getenv(constants.AttestationVariant))
if err != nil { if err != nil {
log.With(zap.Error(err)).Fatalf("Failed to parse attestation variant") log.With(zap.Error(err)).Fatalf("Failed to parse attestation variant")
} }

View File

@ -32,7 +32,7 @@ go_test(
"//internal/grpc/testdialer", "//internal/grpc/testdialer",
"//internal/kms/kms", "//internal/kms/kms",
"//internal/logger", "//internal/logger",
"//internal/oid", "//internal/variant",
"@com_github_stretchr_testify//assert", "@com_github_stretchr_testify//assert",
"@com_github_stretchr_testify//require", "@com_github_stretchr_testify//require",
"@org_uber_go_goleak//:goleak", "@org_uber_go_goleak//:goleak",

View File

@ -19,7 +19,7 @@ import (
"github.com/edgelesssys/constellation/v2/internal/grpc/testdialer" "github.com/edgelesssys/constellation/v2/internal/grpc/testdialer"
"github.com/edgelesssys/constellation/v2/internal/kms/kms" "github.com/edgelesssys/constellation/v2/internal/kms/kms"
"github.com/edgelesssys/constellation/v2/internal/logger" "github.com/edgelesssys/constellation/v2/internal/logger"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"go.uber.org/goleak" "go.uber.org/goleak"
@ -36,7 +36,7 @@ func TestServe(t *testing.T) {
assert := assert.New(t) assert := assert.New(t)
log := logger.NewTest(t) log := logger.NewTest(t)
uuid := "uuid" uuid := "uuid"
server := New(atls.NewFakeIssuer(oid.Dummy{}), newStubKMS(nil, nil), log) server := New(atls.NewFakeIssuer(variant.Dummy{}), newStubKMS(nil, nil), log)
dialer := testdialer.NewBufconnDialer() dialer := testdialer.NewBufconnDialer()
listener := dialer.GetListener("192.0.2.1:1234") listener := dialer.GetListener("192.0.2.1:1234")
ctx, cancel := context.WithCancel(context.Background()) ctx, cancel := context.WithCancel(context.Background())
@ -53,7 +53,7 @@ func TestServe(t *testing.T) {
cancel() cancel()
wg.Wait() wg.Wait()
server = New(atls.NewFakeIssuer(oid.Dummy{}), newStubKMS(nil, nil), log) server = New(atls.NewFakeIssuer(variant.Dummy{}), newStubKMS(nil, nil), log)
dialer = testdialer.NewBufconnDialer() dialer = testdialer.NewBufconnDialer()
listener = dialer.GetListener("192.0.2.1:1234") listener = dialer.GetListener("192.0.2.1:1234")
@ -105,7 +105,7 @@ func TestRecover(t *testing.T) {
ctx := context.Background() ctx := context.Background()
serverUUID := "uuid" serverUUID := "uuid"
server := New(atls.NewFakeIssuer(oid.Dummy{}), tc.factory, logger.NewTest(t)) server := New(atls.NewFakeIssuer(variant.Dummy{}), tc.factory, logger.NewTest(t))
netDialer := testdialer.NewBufconnDialer() netDialer := testdialer.NewBufconnDialer()
listener := netDialer.GetListener("192.0.2.1:1234") listener := netDialer.GetListener("192.0.2.1:1234")

View File

@ -8,7 +8,7 @@ go_library(
visibility = ["//:__subpackages__"], visibility = ["//:__subpackages__"],
deps = [ deps = [
"//internal/crypto", "//internal/crypto",
"//internal/oid", "//internal/variant",
], ],
) )
@ -17,7 +17,7 @@ go_test(
srcs = ["atls_test.go"], srcs = ["atls_test.go"],
embed = [":atls"], embed = [":atls"],
deps = [ deps = [
"//internal/oid", "//internal/variant",
"@com_github_stretchr_testify//assert", "@com_github_stretchr_testify//assert",
"@com_github_stretchr_testify//require", "@com_github_stretchr_testify//require",
"@org_uber_go_goleak//:goleak", "@org_uber_go_goleak//:goleak",

View File

@ -26,7 +26,7 @@ import (
"time" "time"
"github.com/edgelesssys/constellation/v2/internal/crypto" "github.com/edgelesssys/constellation/v2/internal/crypto"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
) )
const attestationTimeout = 30 * time.Second const attestationTimeout = 30 * time.Second
@ -75,13 +75,13 @@ func CreateAttestationClientTLSConfig(issuer Issuer, validators []Validator) (*t
// Issuer issues an attestation document. // Issuer issues an attestation document.
type Issuer interface { type Issuer interface {
oid.Getter variant.Getter
Issue(ctx context.Context, userData []byte, nonce []byte) (quote []byte, err error) Issue(ctx context.Context, userData []byte, nonce []byte) (quote []byte, err error)
} }
// Validator is able to validate an attestation document. // Validator is able to validate an attestation document.
type Validator interface { type Validator interface {
oid.Getter variant.Getter
Validate(ctx context.Context, attDoc []byte, nonce []byte) ([]byte, error) Validate(ctx context.Context, attDoc []byte, nonce []byte) ([]byte, error)
} }
@ -351,11 +351,11 @@ func (c *serverConnection) getCertificate(chi *tls.ClientHelloInfo) (*tls.Certif
// FakeIssuer fakes an issuer and can be used for tests. // FakeIssuer fakes an issuer and can be used for tests.
type FakeIssuer struct { type FakeIssuer struct {
oid.Getter variant.Getter
} }
// NewFakeIssuer creates a new FakeIssuer with the given OID. // NewFakeIssuer creates a new FakeIssuer with the given OID.
func NewFakeIssuer(oid oid.Getter) *FakeIssuer { func NewFakeIssuer(oid variant.Getter) *FakeIssuer {
return &FakeIssuer{oid} return &FakeIssuer{oid}
} }
@ -366,17 +366,17 @@ func (FakeIssuer) Issue(_ context.Context, userData []byte, nonce []byte) ([]byt
// FakeValidator fakes a validator and can be used for tests. // FakeValidator fakes a validator and can be used for tests.
type FakeValidator struct { type FakeValidator struct {
oid.Getter variant.Getter
err error // used for package internal testing only err error // used for package internal testing only
} }
// NewFakeValidator creates a new FakeValidator with the given OID. // NewFakeValidator creates a new FakeValidator with the given OID.
func NewFakeValidator(oid oid.Getter) *FakeValidator { func NewFakeValidator(oid variant.Getter) *FakeValidator {
return &FakeValidator{oid, nil} return &FakeValidator{oid, nil}
} }
// NewFakeValidators returns a slice with a single FakeValidator. // NewFakeValidators returns a slice with a single FakeValidator.
func NewFakeValidators(oid oid.Getter) []Validator { func NewFakeValidators(oid variant.Getter) []Validator {
return []Validator{NewFakeValidator(oid)} return []Validator{NewFakeValidator(oid)}
} }

View File

@ -15,7 +15,7 @@ import (
"net/http/httptest" "net/http/httptest"
"testing" "testing"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"go.uber.org/goleak" "go.uber.org/goleak"
@ -193,7 +193,7 @@ func TestClientConnectionConcurrency(t *testing.T) {
var urls []string var urls []string
for i := 0; i < serverCount; i++ { for i := 0; i < serverCount; i++ {
serverCfg, err := CreateAttestationServerTLSConfig(NewFakeIssuer(oid.Dummy{}), NewFakeValidators(oid.Dummy{})) serverCfg, err := CreateAttestationServerTLSConfig(NewFakeIssuer(variant.Dummy{}), NewFakeValidators(variant.Dummy{}))
require.NoError(err) require.NoError(err)
server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@ -211,7 +211,7 @@ func TestClientConnectionConcurrency(t *testing.T) {
// Create client. // Create client.
// //
clientConfig, err := CreateAttestationClientTLSConfig(NewFakeIssuer(oid.Dummy{}), NewFakeValidators(oid.Dummy{})) clientConfig, err := CreateAttestationClientTLSConfig(NewFakeIssuer(variant.Dummy{}), NewFakeValidators(variant.Dummy{}))
require.NoError(err) require.NoError(err)
client := http.Client{Transport: &http.Transport{TLSClientConfig: clientConfig}} client := http.Client{Transport: &http.Transport{TLSClientConfig: clientConfig}}
@ -266,7 +266,7 @@ func TestServerConnectionConcurrency(t *testing.T) {
var urls []string var urls []string
serverCfg, err := CreateAttestationServerTLSConfig(NewFakeIssuer(oid.Dummy{}), NewFakeValidators(oid.Dummy{})) serverCfg, err := CreateAttestationServerTLSConfig(NewFakeIssuer(variant.Dummy{}), NewFakeValidators(variant.Dummy{}))
require.NoError(err) require.NoError(err)
for i := 0; i < serverCount; i++ { for i := 0; i < serverCount; i++ {
@ -285,7 +285,7 @@ func TestServerConnectionConcurrency(t *testing.T) {
// Create client. // Create client.
// //
clientConfig, err := CreateAttestationClientTLSConfig(NewFakeIssuer(oid.Dummy{}), NewFakeValidators(oid.Dummy{})) clientConfig, err := CreateAttestationClientTLSConfig(NewFakeIssuer(variant.Dummy{}), NewFakeValidators(variant.Dummy{}))
require.NoError(err) require.NoError(err)
client := http.Client{Transport: &http.Transport{TLSClientConfig: clientConfig}} client := http.Client{Transport: &http.Transport{TLSClientConfig: clientConfig}}

View File

@ -13,7 +13,7 @@ go_library(
deps = [ deps = [
"//internal/attestation/measurements", "//internal/attestation/measurements",
"//internal/attestation/vtpm", "//internal/attestation/vtpm",
"//internal/oid", "//internal/variant",
"@com_github_aws_aws_sdk_go_v2_config//:config", "@com_github_aws_aws_sdk_go_v2_config//:config",
"@com_github_aws_aws_sdk_go_v2_feature_ec2_imds//:imds", "@com_github_aws_aws_sdk_go_v2_feature_ec2_imds//:imds",
"@com_github_aws_aws_sdk_go_v2_service_ec2//:ec2", "@com_github_aws_aws_sdk_go_v2_service_ec2//:ec2",

View File

@ -15,7 +15,7 @@ import (
"github.com/aws/aws-sdk-go-v2/feature/ec2/imds" "github.com/aws/aws-sdk-go-v2/feature/ec2/imds"
"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm" "github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/client"
tpmclient "github.com/google/go-tpm-tools/client" tpmclient "github.com/google/go-tpm-tools/client"
@ -23,7 +23,7 @@ import (
// Issuer for AWS TPM attestation. // Issuer for AWS TPM attestation.
type Issuer struct { type Issuer struct {
oid.AWSNitroTPM variant.AWSNitroTPM
*vtpm.Issuer *vtpm.Issuer
} }

View File

@ -17,14 +17,14 @@ import (
"github.com/aws/aws-sdk-go-v2/service/ec2" "github.com/aws/aws-sdk-go-v2/service/ec2"
"github.com/edgelesssys/constellation/v2/internal/attestation/measurements" "github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm" "github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/google/go-tpm-tools/proto/attest" "github.com/google/go-tpm-tools/proto/attest"
"github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpm2"
) )
// Validator for AWS TPM attestation. // Validator for AWS TPM attestation.
type Validator struct { type Validator struct {
oid.AWSNitroTPM variant.AWSNitroTPM
*vtpm.Validator *vtpm.Validator
getDescribeClient func(context.Context, string) (awsMetadataAPI, error) getDescribeClient func(context.Context, string) (awsMetadataAPI, error)
} }

View File

@ -19,7 +19,7 @@ go_library(
"//internal/attestation/vtpm", "//internal/attestation/vtpm",
"//internal/cloud/azure", "//internal/cloud/azure",
"//internal/crypto", "//internal/crypto",
"//internal/oid", "//internal/variant",
"@com_github_edgelesssys_go_azguestattestation//maa", "@com_github_edgelesssys_go_azguestattestation//maa",
"@com_github_google_go_tpm//tpm2", "@com_github_google_go_tpm//tpm2",
"@com_github_google_go_tpm_tools//client", "@com_github_google_go_tpm_tools//client",

View File

@ -13,7 +13,7 @@ import (
"io" "io"
"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm" "github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/edgelesssys/go-azguestattestation/maa" "github.com/edgelesssys/go-azguestattestation/maa"
tpmclient "github.com/google/go-tpm-tools/client" tpmclient "github.com/google/go-tpm-tools/client"
) )
@ -22,7 +22,7 @@ const tpmAkIdx = 0x81000003
// Issuer for Azure TPM attestation. // Issuer for Azure TPM attestation.
type Issuer struct { type Issuer struct {
oid.AzureSEVSNP variant.AzureSEVSNP
*vtpm.Issuer *vtpm.Issuer
imds imdsAPI imds imdsAPI

View File

@ -24,7 +24,7 @@ import (
"github.com/edgelesssys/constellation/v2/internal/attestation/measurements" "github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm" "github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
internalCrypto "github.com/edgelesssys/constellation/v2/internal/crypto" internalCrypto "github.com/edgelesssys/constellation/v2/internal/crypto"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/google/go-tpm-tools/proto/attest" "github.com/google/go-tpm-tools/proto/attest"
"github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpm2"
) )
@ -40,7 +40,7 @@ const (
// Validator for Azure confidential VM attestation. // Validator for Azure confidential VM attestation.
type Validator struct { type Validator struct {
oid.AzureSEVSNP variant.AzureSEVSNP
*vtpm.Validator *vtpm.Validator
hclValidator hclAkValidator hclValidator hclAkValidator
maa maaValidator maa maaValidator

View File

@ -14,7 +14,7 @@ go_library(
"//internal/attestation/measurements", "//internal/attestation/measurements",
"//internal/attestation/vtpm", "//internal/attestation/vtpm",
"//internal/crypto", "//internal/crypto",
"//internal/oid", "//internal/variant",
"@com_github_google_go_tpm//tpm2", "@com_github_google_go_tpm//tpm2",
"@com_github_google_go_tpm_tools//client", "@com_github_google_go_tpm_tools//client",
"@com_github_google_go_tpm_tools//proto/attest", "@com_github_google_go_tpm_tools//proto/attest",

View File

@ -16,7 +16,7 @@ import (
"net/http" "net/http"
"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm" "github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
tpmclient "github.com/google/go-tpm-tools/client" tpmclient "github.com/google/go-tpm-tools/client"
"github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpm2"
) )
@ -28,7 +28,7 @@ const (
// Issuer for Azure trusted launch TPM attestation. // Issuer for Azure trusted launch TPM attestation.
type Issuer struct { type Issuer struct {
oid.AzureTrustedLaunch variant.AzureTrustedLaunch
*vtpm.Issuer *vtpm.Issuer
hClient httpClient hClient httpClient
} }

View File

@ -18,7 +18,7 @@ import (
"github.com/edgelesssys/constellation/v2/internal/attestation/measurements" "github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm" "github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
certutil "github.com/edgelesssys/constellation/v2/internal/crypto" certutil "github.com/edgelesssys/constellation/v2/internal/crypto"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/google/go-tpm-tools/proto/attest" "github.com/google/go-tpm-tools/proto/attest"
"github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpm2"
) )
@ -29,7 +29,7 @@ var ameRoot = mustParseX509("-----BEGIN CERTIFICATE-----\nMIIFVjCCAz6gAwIBAgIQJd
// Validator for Azure trusted launch VM attestation. // Validator for Azure trusted launch VM attestation.
type Validator struct { type Validator struct {
oid.AzureTrustedLaunch variant.AzureTrustedLaunch
*vtpm.Validator *vtpm.Validator
roots *x509.CertPool roots *x509.CertPool
} }

View File

@ -16,7 +16,7 @@ go_library(
"//internal/attestation/measurements", "//internal/attestation/measurements",
"//internal/attestation/qemu", "//internal/attestation/qemu",
"//internal/attestation/vtpm", "//internal/attestation/vtpm",
"//internal/oid", "//internal/variant",
], ],
) )
@ -26,7 +26,7 @@ go_test(
embed = [":choose"], embed = [":choose"],
deps = [ deps = [
"//internal/attestation/idkeydigest", "//internal/attestation/idkeydigest",
"//internal/oid", "//internal/variant",
"@com_github_stretchr_testify//assert", "@com_github_stretchr_testify//assert",
"@com_github_stretchr_testify//require", "@com_github_stretchr_testify//require",
], ],

View File

@ -18,47 +18,47 @@ import (
"github.com/edgelesssys/constellation/v2/internal/attestation/measurements" "github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
"github.com/edgelesssys/constellation/v2/internal/attestation/qemu" "github.com/edgelesssys/constellation/v2/internal/attestation/qemu"
"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm" "github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
) )
// Issuer returns the issuer for the given variant. // Issuer returns the issuer for the given variant.
func Issuer(variant oid.Getter, log vtpm.AttestationLogger) (atls.Issuer, error) { func Issuer(attestationVariant variant.Variant, log vtpm.AttestationLogger) (atls.Issuer, error) {
switch variant { switch attestationVariant {
case oid.AWSNitroTPM{}: case variant.AWSNitroTPM{}:
return aws.NewIssuer(log), nil return aws.NewIssuer(log), nil
case oid.AzureTrustedLaunch{}: case variant.AzureTrustedLaunch{}:
return trustedlaunch.NewIssuer(log), nil return trustedlaunch.NewIssuer(log), nil
case oid.AzureSEVSNP{}: case variant.AzureSEVSNP{}:
return snp.NewIssuer(log), nil return snp.NewIssuer(log), nil
case oid.GCPSEVES{}: case variant.GCPSEVES{}:
return gcp.NewIssuer(log), nil return gcp.NewIssuer(log), nil
case oid.QEMUVTPM{}: case variant.QEMUVTPM{}:
return qemu.NewIssuer(log), nil return qemu.NewIssuer(log), nil
case oid.Dummy{}: case variant.Dummy{}:
return atls.NewFakeIssuer(oid.Dummy{}), nil return atls.NewFakeIssuer(variant.Dummy{}), nil
default: default:
return nil, fmt.Errorf("unknown attestation variant: %s", variant) return nil, fmt.Errorf("unknown attestation variant: %s", attestationVariant)
} }
} }
// Validator returns the validator for the given variant. // Validator returns the validator for the given variant.
func Validator( func Validator(
variant oid.Getter, measurements measurements.M, idKeyCfg idkeydigest.Config, log vtpm.AttestationLogger, attestationVariant variant.Variant, measurements measurements.M, idKeyCfg idkeydigest.Config, log vtpm.AttestationLogger,
) (atls.Validator, error) { ) (atls.Validator, error) {
switch variant { switch attestationVariant {
case oid.AWSNitroTPM{}: case variant.AWSNitroTPM{}:
return aws.NewValidator(measurements, log), nil return aws.NewValidator(measurements, log), nil
case oid.AzureTrustedLaunch{}: case variant.AzureTrustedLaunch{}:
return trustedlaunch.NewValidator(measurements, log), nil return trustedlaunch.NewValidator(measurements, log), nil
case oid.AzureSEVSNP{}: case variant.AzureSEVSNP{}:
return snp.NewValidator(measurements, idKeyCfg, log), nil return snp.NewValidator(measurements, idKeyCfg, log), nil
case oid.GCPSEVES{}: case variant.GCPSEVES{}:
return gcp.NewValidator(measurements, log), nil return gcp.NewValidator(measurements, log), nil
case oid.QEMUVTPM{}: case variant.QEMUVTPM{}:
return qemu.NewValidator(measurements, log), nil return qemu.NewValidator(measurements, log), nil
case oid.Dummy{}: case variant.Dummy{}:
return atls.NewFakeValidator(oid.Dummy{}), nil return atls.NewFakeValidator(variant.Dummy{}), nil
default: default:
return nil, fmt.Errorf("unknown attestation variant: %s", variant) return nil, fmt.Errorf("unknown attestation variant: %s", attestationVariant)
} }
} }

View File

@ -11,33 +11,33 @@ import (
"testing" "testing"
"github.com/edgelesssys/constellation/v2/internal/attestation/idkeydigest" "github.com/edgelesssys/constellation/v2/internal/attestation/idkeydigest"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )
func TestIssuer(t *testing.T) { func TestIssuer(t *testing.T) {
testCases := map[string]struct { testCases := map[string]struct {
variant oid.Getter variant variant.Variant
wantErr bool wantErr bool
}{ }{
"aws-nitro-tpm": { "aws-nitro-tpm": {
variant: oid.AWSNitroTPM{}, variant: variant.AWSNitroTPM{},
}, },
"azure-sev-snp": { "azure-sev-snp": {
variant: oid.AzureSEVSNP{}, variant: variant.AzureSEVSNP{},
}, },
"azure-trusted-launch": { "azure-trusted-launch": {
variant: oid.AzureTrustedLaunch{}, variant: variant.AzureTrustedLaunch{},
}, },
"gcp-sev-es": { "gcp-sev-es": {
variant: oid.GCPSEVES{}, variant: variant.GCPSEVES{},
}, },
"qemu-vtpm": { "qemu-vtpm": {
variant: oid.QEMUVTPM{}, variant: variant.QEMUVTPM{},
}, },
"dummy": { "dummy": {
variant: oid.Dummy{}, variant: variant.Dummy{},
}, },
"unknown": { "unknown": {
variant: unknownVariant{}, variant: unknownVariant{},
@ -64,26 +64,26 @@ func TestIssuer(t *testing.T) {
func TestValidator(t *testing.T) { func TestValidator(t *testing.T) {
testCases := map[string]struct { testCases := map[string]struct {
variant oid.Getter variant variant.Variant
wantErr bool wantErr bool
}{ }{
"aws-nitro-tpm": { "aws-nitro-tpm": {
variant: oid.AWSNitroTPM{}, variant: variant.AWSNitroTPM{},
}, },
"azure-sev-snp": { "azure-sev-snp": {
variant: oid.AzureSEVSNP{}, variant: variant.AzureSEVSNP{},
}, },
"azure-trusted-launch": { "azure-trusted-launch": {
variant: oid.AzureTrustedLaunch{}, variant: variant.AzureTrustedLaunch{},
}, },
"gcp-sev-es": { "gcp-sev-es": {
variant: oid.GCPSEVES{}, variant: variant.GCPSEVES{},
}, },
"qemu-vtpm": { "qemu-vtpm": {
variant: oid.QEMUVTPM{}, variant: variant.QEMUVTPM{},
}, },
"dummy": { "dummy": {
variant: oid.Dummy{}, variant: variant.Dummy{},
}, },
"unknown": { "unknown": {
variant: unknownVariant{}, variant: unknownVariant{},
@ -113,3 +113,11 @@ type unknownVariant struct{}
func (unknownVariant) OID() asn1.ObjectIdentifier { func (unknownVariant) OID() asn1.ObjectIdentifier {
return asn1.ObjectIdentifier{1, 3, 9900, 9999, 9999} return asn1.ObjectIdentifier{1, 3, 9900, 9999, 9999}
} }
func (unknownVariant) String() string {
return "unknown"
}
func (unknownVariant) Equal(other variant.Getter) bool {
return other.OID().Equal(unknownVariant{}.OID())
}

View File

@ -13,7 +13,7 @@ go_library(
deps = [ deps = [
"//internal/attestation/measurements", "//internal/attestation/measurements",
"//internal/attestation/vtpm", "//internal/attestation/vtpm",
"//internal/oid", "//internal/variant",
"@com_github_google_go_tpm_tools//client", "@com_github_google_go_tpm_tools//client",
"@com_github_google_go_tpm_tools//proto/attest", "@com_github_google_go_tpm_tools//proto/attest",
"@com_github_googleapis_gax_go_v2//:gax-go", "@com_github_googleapis_gax_go_v2//:gax-go",

View File

@ -14,14 +14,14 @@ import (
"cloud.google.com/go/compute/metadata" "cloud.google.com/go/compute/metadata"
"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm" "github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
tpmclient "github.com/google/go-tpm-tools/client" tpmclient "github.com/google/go-tpm-tools/client"
"github.com/google/go-tpm-tools/proto/attest" "github.com/google/go-tpm-tools/proto/attest"
) )
// Issuer for GCP confidential VM attestation. // Issuer for GCP confidential VM attestation.
type Issuer struct { type Issuer struct {
oid.GCPSEVES variant.GCPSEVES
*vtpm.Issuer *vtpm.Issuer
} }

View File

@ -18,7 +18,7 @@ import (
"cloud.google.com/go/compute/apiv1/computepb" "cloud.google.com/go/compute/apiv1/computepb"
"github.com/edgelesssys/constellation/v2/internal/attestation/measurements" "github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm" "github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/google/go-tpm-tools/proto/attest" "github.com/google/go-tpm-tools/proto/attest"
"github.com/googleapis/gax-go/v2" "github.com/googleapis/gax-go/v2"
"google.golang.org/api/option" "google.golang.org/api/option"
@ -28,7 +28,7 @@ const minimumGceVersion = 1
// Validator for GCP confidential VM attestation. // Validator for GCP confidential VM attestation.
type Validator struct { type Validator struct {
oid.GCPSEVES variant.GCPSEVES
*vtpm.Validator *vtpm.Validator
restClient func(context.Context, ...option.ClientOption) (gcpRestClient, error) restClient func(context.Context, ...option.ClientOption) (gcpRestClient, error)

View File

@ -12,7 +12,7 @@ go_library(
deps = [ deps = [
"//internal/attestation/measurements", "//internal/attestation/measurements",
"//internal/attestation/vtpm", "//internal/attestation/vtpm",
"//internal/oid", "//internal/variant",
"@com_github_google_go_tpm//tpm2", "@com_github_google_go_tpm//tpm2",
"@com_github_google_go_tpm_tools//client", "@com_github_google_go_tpm_tools//client",
"@com_github_google_go_tpm_tools//proto/attest", "@com_github_google_go_tpm_tools//proto/attest",

View File

@ -11,13 +11,13 @@ import (
"io" "io"
"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm" "github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
tpmclient "github.com/google/go-tpm-tools/client" tpmclient "github.com/google/go-tpm-tools/client"
) )
// Issuer for qemu TPM attestation. // Issuer for qemu TPM attestation.
type Issuer struct { type Issuer struct {
oid.QEMUVTPM variant.QEMUVTPM
*vtpm.Issuer *vtpm.Issuer
} }

View File

@ -12,14 +12,14 @@ import (
"github.com/edgelesssys/constellation/v2/internal/attestation/measurements" "github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm" "github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/google/go-tpm-tools/proto/attest" "github.com/google/go-tpm-tools/proto/attest"
"github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpm2"
) )
// Validator for QEMU VM attestation. // Validator for QEMU VM attestation.
type Validator struct { type Validator struct {
oid.QEMUVTPM variant.QEMUVTPM
*vtpm.Validator *vtpm.Validator
} }

View File

@ -22,7 +22,7 @@ go_library(
"//internal/config/instancetypes", "//internal/config/instancetypes",
"//internal/constants", "//internal/constants",
"//internal/file", "//internal/file",
"//internal/oid", "//internal/variant",
"//internal/versions", "//internal/versions",
"//internal/versionsapi", "//internal/versionsapi",
"@com_github_go_playground_locales//en", "@com_github_go_playground_locales//en",
@ -49,7 +49,7 @@ go_test(
"//internal/config/instancetypes", "//internal/config/instancetypes",
"//internal/constants", "//internal/constants",
"//internal/file", "//internal/file",
"//internal/oid", "//internal/variant",
"@com_github_go_playground_locales//en", "@com_github_go_playground_locales//en",
"@com_github_go_playground_universal_translator//:universal-translator", "@com_github_go_playground_universal_translator//:universal-translator",
"@com_github_go_playground_validator_v10//:validator", "@com_github_go_playground_validator_v10//:validator",

View File

@ -16,7 +16,7 @@ import (
"github.com/edgelesssys/constellation/v2/internal/config/instancetypes" "github.com/edgelesssys/constellation/v2/internal/config/instancetypes"
"github.com/edgelesssys/constellation/v2/internal/constants" "github.com/edgelesssys/constellation/v2/internal/constants"
"github.com/edgelesssys/constellation/v2/internal/file" "github.com/edgelesssys/constellation/v2/internal/file"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/go-playground/locales/en" "github.com/go-playground/locales/en"
ut "github.com/go-playground/universal-translator" ut "github.com/go-playground/universal-translator"
"github.com/go-playground/validator/v10" "github.com/go-playground/validator/v10"
@ -123,7 +123,7 @@ func TestNewWithDefaultOptions(t *testing.T) {
c := Default() c := Default()
c.RemoveProviderExcept(cloudprovider.Azure) c.RemoveProviderExcept(cloudprovider.Azure)
c.Image = "v" + constants.VersionInfo() c.Image = "v" + constants.VersionInfo()
c.AttestationVariant = oid.AzureSEVSNP{}.String() c.AttestationVariant = variant.AzureSEVSNP{}.String()
c.Provider.Azure.SubscriptionID = "f4278079-288c-4766-a98c-ab9d5dba01a5" c.Provider.Azure.SubscriptionID = "f4278079-288c-4766-a98c-ab9d5dba01a5"
c.Provider.Azure.TenantID = "d4ff9d63-6d6d-4042-8f6a-21e804add5aa" c.Provider.Azure.TenantID = "d4ff9d63-6d6d-4042-8f6a-21e804add5aa"
c.Provider.Azure.Location = "westus" c.Provider.Azure.Location = "westus"
@ -143,7 +143,7 @@ func TestNewWithDefaultOptions(t *testing.T) {
c := Default() c := Default()
c.RemoveProviderExcept(cloudprovider.Azure) c.RemoveProviderExcept(cloudprovider.Azure)
c.Image = "v" + constants.VersionInfo() c.Image = "v" + constants.VersionInfo()
c.AttestationVariant = oid.AzureSEVSNP{}.String() c.AttestationVariant = variant.AzureSEVSNP{}.String()
c.Provider.Azure.SubscriptionID = "f4278079-288c-4766-a98c-ab9d5dba01a5" c.Provider.Azure.SubscriptionID = "f4278079-288c-4766-a98c-ab9d5dba01a5"
c.Provider.Azure.TenantID = "d4ff9d63-6d6d-4042-8f6a-21e804add5aa" c.Provider.Azure.TenantID = "d4ff9d63-6d6d-4042-8f6a-21e804add5aa"
c.Provider.Azure.Location = "westus" c.Provider.Azure.Location = "westus"
@ -235,7 +235,7 @@ func TestValidate(t *testing.T) {
cnf: func() *Config { cnf: func() *Config {
cnf := Default() cnf := Default()
cnf.Image = "v" + constants.VersionInfo() cnf.Image = "v" + constants.VersionInfo()
cnf.AttestationVariant = oid.AzureSEVSNP{}.String() cnf.AttestationVariant = variant.AzureSEVSNP{}.String()
az := cnf.Provider.Azure az := cnf.Provider.Azure
az.SubscriptionID = "01234567-0123-0123-0123-0123456789ab" az.SubscriptionID = "01234567-0123-0123-0123-0123456789ab"
az.TenantID = "01234567-0123-0123-0123-0123456789ab" az.TenantID = "01234567-0123-0123-0123-0123456789ab"
@ -265,7 +265,7 @@ func TestValidate(t *testing.T) {
cnf: func() *Config { cnf: func() *Config {
cnf := Default() cnf := Default()
cnf.Image = "v" + constants.VersionInfo() cnf.Image = "v" + constants.VersionInfo()
cnf.AttestationVariant = oid.GCPSEVES{}.String() cnf.AttestationVariant = variant.GCPSEVES{}.String()
gcp := cnf.Provider.GCP gcp := cnf.Provider.GCP
gcp.Region = "test-region" gcp.Region = "test-region"
gcp.Project = "test-project" gcp.Project = "test-project"

View File

@ -20,7 +20,7 @@ import (
"github.com/edgelesssys/constellation/v2/internal/compatibility" "github.com/edgelesssys/constellation/v2/internal/compatibility"
"github.com/edgelesssys/constellation/v2/internal/config/instancetypes" "github.com/edgelesssys/constellation/v2/internal/config/instancetypes"
"github.com/edgelesssys/constellation/v2/internal/constants" "github.com/edgelesssys/constellation/v2/internal/constants"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/edgelesssys/constellation/v2/internal/versions" "github.com/edgelesssys/constellation/v2/internal/versions"
"github.com/edgelesssys/constellation/v2/internal/versionsapi" "github.com/edgelesssys/constellation/v2/internal/versionsapi"
ut "github.com/go-playground/universal-translator" ut "github.com/go-playground/universal-translator"
@ -482,23 +482,23 @@ func (c *Config) validAttestVariant(_ validator.FieldLevel) bool {
// TODO: v2.8: remove variant fallback and make variant a required field // TODO: v2.8: remove variant fallback and make variant a required field
c.addMissingVariant() c.addMissingVariant()
variant, err := oid.FromString(c.AttestationVariant) attestationVariant, err := variant.FromString(c.AttestationVariant)
if err != nil { if err != nil {
return false return false
} }
// make sure the variant is valid for the chosen CSP // make sure the variant is valid for the chosen CSP
switch variant { switch attestationVariant {
case oid.AWSNitroTPM{}: case variant.AWSNitroTPM{}:
return c.Provider.AWS != nil return c.Provider.AWS != nil
case oid.AzureSEVSNP{}, oid.AzureTrustedLaunch{}: case variant.AzureSEVSNP{}, variant.AzureTrustedLaunch{}:
return c.Provider.Azure != nil return c.Provider.Azure != nil
// TODO(malt3): remove this case once we have a vTPM for OpenStack // TODO(malt3): remove this case once we have a vTPM for OpenStack
case oid.Dummy{}: case variant.Dummy{}:
return c.Provider.OpenStack != nil return c.Provider.OpenStack != nil
case oid.GCPSEVES{}: case variant.GCPSEVES{}:
return c.Provider.GCP != nil return c.Provider.GCP != nil
case oid.QEMUVTPM{}: case variant.QEMUVTPM{}:
return c.Provider.QEMU != nil return c.Provider.QEMU != nil
default: default:
return false return false
@ -513,12 +513,12 @@ func (c *Config) addMissingVariant() {
switch c.GetProvider() { switch c.GetProvider() {
case cloudprovider.AWS: case cloudprovider.AWS:
c.AttestationVariant = oid.AWSNitroTPM{}.String() c.AttestationVariant = variant.AWSNitroTPM{}.String()
case cloudprovider.Azure: case cloudprovider.Azure:
c.AttestationVariant = oid.AzureSEVSNP{}.String() c.AttestationVariant = variant.AzureSEVSNP{}.String()
case cloudprovider.GCP: case cloudprovider.GCP:
c.AttestationVariant = oid.GCPSEVES{}.String() c.AttestationVariant = variant.GCPSEVES{}.String()
case cloudprovider.QEMU: case cloudprovider.QEMU:
c.AttestationVariant = oid.QEMUVTPM{}.String() c.AttestationVariant = variant.QEMUVTPM{}.String()
} }
} }

View File

@ -22,7 +22,7 @@ go_test(
"//internal/atls", "//internal/atls",
"//internal/grpc/atlscredentials", "//internal/grpc/atlscredentials",
"//internal/grpc/testdialer", "//internal/grpc/testdialer",
"//internal/oid", "//internal/variant",
"@com_github_stretchr_testify//assert", "@com_github_stretchr_testify//assert",
"@com_github_stretchr_testify//require", "@com_github_stretchr_testify//require",
"@org_golang_google_grpc//:go_default_library", "@org_golang_google_grpc//:go_default_library",

View File

@ -13,7 +13,7 @@ import (
"github.com/edgelesssys/constellation/v2/internal/atls" "github.com/edgelesssys/constellation/v2/internal/atls"
"github.com/edgelesssys/constellation/v2/internal/grpc/atlscredentials" "github.com/edgelesssys/constellation/v2/internal/grpc/atlscredentials"
"github.com/edgelesssys/constellation/v2/internal/grpc/testdialer" "github.com/edgelesssys/constellation/v2/internal/grpc/testdialer"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"go.uber.org/goleak" "go.uber.org/goleak"
@ -75,8 +75,8 @@ func TestDial(t *testing.T) {
require := require.New(t) require := require.New(t)
netDialer := testdialer.NewBufconnDialer() netDialer := testdialer.NewBufconnDialer()
dialer := New(nil, atls.NewFakeValidator(oid.Dummy{}), netDialer) dialer := New(nil, atls.NewFakeValidator(variant.Dummy{}), netDialer)
server := newServer(oid.Dummy{}, tc.tls) server := newServer(variant.Dummy{}, tc.tls)
api := &testAPI{} api := &testAPI{}
grpc_testing.RegisterTestServiceServer(server, api) grpc_testing.RegisterTestServiceServer(server, api)
go server.Serve(netDialer.GetListener("192.0.2.1:1234")) go server.Serve(netDialer.GetListener("192.0.2.1:1234"))
@ -97,7 +97,7 @@ func TestDial(t *testing.T) {
} }
} }
func newServer(oid oid.Getter, tls bool) *grpc.Server { func newServer(oid variant.Getter, tls bool) *grpc.Server {
if tls { if tls {
creds := atlscredentials.New(atls.NewFakeIssuer(oid), nil) creds := atlscredentials.New(atls.NewFakeIssuer(oid), nil)
return grpc.NewServer(grpc.Creds(creds)) return grpc.NewServer(grpc.Creds(creds))

View File

@ -6,3 +6,10 @@ go_library(
importpath = "github.com/edgelesssys/constellation/v2/internal/oid", importpath = "github.com/edgelesssys/constellation/v2/internal/oid",
visibility = ["//:__subpackages__"], visibility = ["//:__subpackages__"],
) )
go_library(
name = "variant",
srcs = ["variant.go"],
importpath = "github.com/edgelesssys/constellation/v2/internal/variant",
visibility = ["//:__subpackages__"],
)

View File

@ -5,7 +5,11 @@ SPDX-License-Identifier: AGPL-3.0-only
*/ */
/* /*
Package oid defines OIDs for different CSPs. Currently this is used in attested TLS to distinguish the attestation documents. Package variant defines Attestation variants for different CSPs.
Each variant defines an OID, a string representation, and a function to compare it to other OIDs.
The OID is used in attested TLS to distinguish the attestation documents.
OIDs beginning with 1.3.9900 are reserved and can be used without registration. OIDs beginning with 1.3.9900 are reserved and can be used without registration.
* The 1.3.9900.1 branch is reserved for placeholder values and testing. * The 1.3.9900.1 branch is reserved for placeholder values and testing.
@ -20,21 +24,41 @@ OIDs beginning with 1.3.9900 are reserved and can be used without registration.
Deprecated OIDs should never be reused for different purposes. Deprecated OIDs should never be reused for different purposes.
Instead, new OIDs should be added in the appropriate branch at the next available index. Instead, new OIDs should be added in the appropriate branch at the next available index.
String representation should be lowercase and contain only letters, numbers, and hyphens.
They should be prefixed with the branch name, e.g. all variants in the 1.3.9900.2 (AWS) branch should start with "aws-".
Each variant should have a unique string representation.
*/ */
package oid package variant
import ( import (
"encoding/asn1" "encoding/asn1"
"fmt" "fmt"
) )
const (
dummy = "dummy"
awsNitroTPM = "aws-nitro-tpm"
gcpSEVES = "gcp-sev-es"
azureSEVSNP = "azure-sev-snp"
azureTrustedLaunch = "azure-trustedlaunch"
qemuVTPM = "qemu-vtpm"
)
// Getter returns an ASN.1 Object Identifier. // Getter returns an ASN.1 Object Identifier.
type Getter interface { type Getter interface {
OID() asn1.ObjectIdentifier OID() asn1.ObjectIdentifier
} }
// Variant describes an attestation variant.
type Variant interface {
Getter
String() string
Equal(other Getter) bool
}
// FromString returns the OID for the given string. // FromString returns the OID for the given string.
func FromString(oid string) (Getter, error) { func FromString(oid string) (Variant, error) {
switch oid { switch oid {
case dummy: case dummy:
return Dummy{}, nil return Dummy{}, nil
@ -65,6 +89,11 @@ func (Dummy) String() string {
return dummy return dummy
} }
// Equal returns true if the other variant is also a Dummy.
func (Dummy) Equal(other Getter) bool {
return other.OID().Equal(Dummy{}.OID())
}
// AWSNitroTPM holds the AWS nitro TPM OID. // AWSNitroTPM holds the AWS nitro TPM OID.
type AWSNitroTPM struct{} type AWSNitroTPM struct{}
@ -78,6 +107,11 @@ func (AWSNitroTPM) String() string {
return awsNitroTPM return awsNitroTPM
} }
// Equal returns true if the other variant is also AWSNitroTPM.
func (AWSNitroTPM) Equal(other Getter) bool {
return other.OID().Equal(AWSNitroTPM{}.OID())
}
// GCPSEVES holds the GCP SEV-ES OID. // GCPSEVES holds the GCP SEV-ES OID.
type GCPSEVES struct{} type GCPSEVES struct{}
@ -91,6 +125,11 @@ func (GCPSEVES) String() string {
return gcpSEVES return gcpSEVES
} }
// Equal returns true if the other variant is also GCPSEVES.
func (GCPSEVES) Equal(other Getter) bool {
return other.OID().Equal(GCPSEVES{}.OID())
}
// AzureSEVSNP holds the OID for Azure SNP CVMs. // AzureSEVSNP holds the OID for Azure SNP CVMs.
type AzureSEVSNP struct{} type AzureSEVSNP struct{}
@ -104,6 +143,11 @@ func (AzureSEVSNP) String() string {
return azureSEVSNP return azureSEVSNP
} }
// Equal returns true if the other variant is also AzureSEVSNP.
func (AzureSEVSNP) Equal(other Getter) bool {
return other.OID().Equal(AzureSEVSNP{}.OID())
}
// AzureTrustedLaunch holds the OID for Azure TrustedLaunch VMs. // AzureTrustedLaunch holds the OID for Azure TrustedLaunch VMs.
type AzureTrustedLaunch struct{} type AzureTrustedLaunch struct{}
@ -117,6 +161,11 @@ func (AzureTrustedLaunch) String() string {
return azureTrustedLaunch return azureTrustedLaunch
} }
// Equal returns true if the other variant is also AzureTrustedLaunch.
func (AzureTrustedLaunch) Equal(other Getter) bool {
return other.OID().Equal(AzureTrustedLaunch{}.OID())
}
// QEMUVTPM holds the QEMUVTPM OID. // QEMUVTPM holds the QEMUVTPM OID.
type QEMUVTPM struct{} type QEMUVTPM struct{}
@ -130,11 +179,7 @@ func (QEMUVTPM) String() string {
return qemuVTPM return qemuVTPM
} }
const ( // Equal returns true if the other variant is also QEMUVTPM.
dummy = "dummy" func (QEMUVTPM) Equal(other Getter) bool {
awsNitroTPM = "aws-nitro-tpm" return other.OID().Equal(QEMUVTPM{}.OID())
gcpSEVES = "gcp-sev-es" }
azureSEVSNP = "azure-sev-snp"
azureTrustedLaunch = "azure-trustedlaunch"
qemuVTPM = "qemu-vtpm"
)

View File

@ -17,7 +17,7 @@ go_library(
"//internal/constants", "//internal/constants",
"//internal/file", "//internal/file",
"//internal/logger", "//internal/logger",
"//internal/oid", "//internal/variant",
"@com_github_fsnotify_fsnotify//:fsnotify", "@com_github_fsnotify_fsnotify//:fsnotify",
"@com_github_spf13_afero//:afero", "@com_github_spf13_afero//:afero",
"@org_uber_go_zap//:zap", "@org_uber_go_zap//:zap",
@ -39,7 +39,7 @@ go_test(
"//internal/constants", "//internal/constants",
"//internal/file", "//internal/file",
"//internal/logger", "//internal/logger",
"//internal/oid", "//internal/variant",
"@com_github_fsnotify_fsnotify//:fsnotify", "@com_github_fsnotify_fsnotify//:fsnotify",
"@com_github_spf13_afero//:afero", "@com_github_spf13_afero//:afero",
"@com_github_stretchr_testify//assert", "@com_github_stretchr_testify//assert",

View File

@ -22,7 +22,7 @@ import (
"github.com/edgelesssys/constellation/v2/internal/constants" "github.com/edgelesssys/constellation/v2/internal/constants"
"github.com/edgelesssys/constellation/v2/internal/file" "github.com/edgelesssys/constellation/v2/internal/file"
"github.com/edgelesssys/constellation/v2/internal/logger" "github.com/edgelesssys/constellation/v2/internal/logger"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/spf13/afero" "github.com/spf13/afero"
) )
@ -31,12 +31,12 @@ type Updatable struct {
log *logger.Logger log *logger.Logger
mux sync.Mutex mux sync.Mutex
fileHandler file.Handler fileHandler file.Handler
variant oid.Getter variant variant.Variant
atls.Validator atls.Validator
} }
// NewValidator initializes a new updatable validator. // NewValidator initializes a new updatable validator.
func NewValidator(log *logger.Logger, variant oid.Getter, fileHandler file.Handler) (*Updatable, error) { func NewValidator(log *logger.Logger, variant variant.Variant, fileHandler file.Handler) (*Updatable, error) {
u := &Updatable{ u := &Updatable{
log: log, log: log,
fileHandler: fileHandler, fileHandler: fileHandler,
@ -78,7 +78,7 @@ func (u *Updatable) Update() error {
// Read ID Key config // Read ID Key config
var idKeyCfg idkeydigest.Config var idKeyCfg idkeydigest.Config
if u.variant.OID().Equal(oid.AzureSEVSNP{}.OID()) { if u.variant.Equal(variant.AzureSEVSNP{}) {
u.log.Infof("Updating SEV-SNP ID Key config") u.log.Infof("Updating SEV-SNP ID Key config")
err := u.fileHandler.ReadJSON(filepath.Join(constants.ServiceBasePath, constants.IDKeyConfigFilename), &idKeyCfg) err := u.fileHandler.ReadJSON(filepath.Join(constants.ServiceBasePath, constants.IDKeyConfigFilename), &idKeyCfg)

View File

@ -24,7 +24,7 @@ import (
"github.com/edgelesssys/constellation/v2/internal/constants" "github.com/edgelesssys/constellation/v2/internal/constants"
"github.com/edgelesssys/constellation/v2/internal/file" "github.com/edgelesssys/constellation/v2/internal/file"
"github.com/edgelesssys/constellation/v2/internal/logger" "github.com/edgelesssys/constellation/v2/internal/logger"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/spf13/afero" "github.com/spf13/afero"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
@ -40,24 +40,24 @@ func TestMain(m *testing.M) {
func TestNewUpdateableValidator(t *testing.T) { func TestNewUpdateableValidator(t *testing.T) {
testCases := map[string]struct { testCases := map[string]struct {
variant oid.Getter variant variant.Variant
writeFile bool writeFile bool
wantErr bool wantErr bool
}{ }{
"azure": { "azure": {
variant: oid.AzureSEVSNP{}, variant: variant.AzureSEVSNP{},
writeFile: true, writeFile: true,
}, },
"gcp": { "gcp": {
variant: oid.GCPSEVES{}, variant: variant.GCPSEVES{},
writeFile: true, writeFile: true,
}, },
"qemu": { "qemu": {
variant: oid.QEMUVTPM{}, variant: variant.QEMUVTPM{},
writeFile: true, writeFile: true,
}, },
"no file": { "no file": {
variant: oid.AzureSEVSNP{}, variant: variant.AzureSEVSNP{},
writeFile: false, writeFile: false,
wantErr: true, wantErr: true,
}, },
@ -112,7 +112,7 @@ func TestUpdate(t *testing.T) {
// create server // create server
validator := &Updatable{ validator := &Updatable{
log: logger.NewTest(t), log: logger.NewTest(t),
variant: oid.Dummy{}, variant: variant.Dummy{},
fileHandler: handler, fileHandler: handler,
} }
@ -146,7 +146,7 @@ func TestUpdate(t *testing.T) {
defer server.Close() defer server.Close()
// test connection to server // test connection to server
clientOID := oid.Dummy{} clientOID := variant.Dummy{}
resp, err := testConnection(require, server.URL, clientOID) resp, err := testConnection(require, server.URL, clientOID)
require.NoError(err) require.NoError(err)
defer resp.Body.Close() defer resp.Body.Close()
@ -155,7 +155,7 @@ func TestUpdate(t *testing.T) {
assert.EqualValues("hello", body) assert.EqualValues("hello", body)
// update the server's validator // update the server's validator
validator.variant = oid.QEMUVTPM{} validator.variant = variant.QEMUVTPM{}
require.NoError(validator.Update()) require.NoError(validator.Update())
// client connection should fail now, since the server's validator expects a different OID from the client // client connection should fail now, since the server's validator expects a different OID from the client
@ -198,7 +198,7 @@ func TestOIDConcurrency(t *testing.T) {
// create server // create server
validator := &Updatable{ validator := &Updatable{
log: logger.NewTest(t), log: logger.NewTest(t),
variant: oid.Dummy{}, variant: variant.Dummy{},
fileHandler: handler, fileHandler: handler,
} }
@ -228,7 +228,7 @@ func TestUpdateConcurrency(t *testing.T) {
validator := &Updatable{ validator := &Updatable{
log: logger.NewTest(t), log: logger.NewTest(t),
fileHandler: handler, fileHandler: handler,
variant: oid.Dummy{}, variant: variant.Dummy{},
} }
require.NoError(handler.WriteJSON( require.NoError(handler.WriteJSON(
filepath.Join(constants.ServiceBasePath, constants.MeasurementsFilename), filepath.Join(constants.ServiceBasePath, constants.MeasurementsFilename),
@ -256,7 +256,7 @@ func TestUpdateConcurrency(t *testing.T) {
wg.Wait() wg.Wait()
} }
func testConnection(require *require.Assertions, url string, oid oid.Getter) (*http.Response, error) { func testConnection(require *require.Assertions, url string, oid variant.Getter) (*http.Response, error) {
clientConfig, err := atls.CreateAttestationClientTLSConfig(fakeIssuer{oid}, nil) clientConfig, err := atls.CreateAttestationClientTLSConfig(fakeIssuer{oid}, nil)
require.NoError(err) require.NoError(err)
client := http.Client{Transport: &http.Transport{TLSClientConfig: clientConfig}} client := http.Client{Transport: &http.Transport{TLSClientConfig: clientConfig}}
@ -267,7 +267,7 @@ func testConnection(require *require.Assertions, url string, oid oid.Getter) (*h
} }
type fakeIssuer struct { type fakeIssuer struct {
oid.Getter variant.Getter
} }
func (fakeIssuer) Issue(_ context.Context, userData []byte, nonce []byte) ([]byte, error) { func (fakeIssuer) Issue(_ context.Context, userData []byte, nonce []byte) ([]byte, error) {
@ -280,6 +280,14 @@ func (o fakeOID) OID() asn1.ObjectIdentifier {
return asn1.ObjectIdentifier(o) return asn1.ObjectIdentifier(o)
} }
func (o fakeOID) String() string {
return o.OID().String()
}
func (o fakeOID) Equal(other variant.Getter) bool {
return o.OID().Equal(other.OID())
}
type fakeDoc struct { type fakeDoc struct {
UserData []byte UserData []byte
Nonce []byte Nonce []byte

View File

@ -18,7 +18,7 @@ go_library(
"//internal/file", "//internal/file",
"//internal/grpc/atlscredentials", "//internal/grpc/atlscredentials",
"//internal/logger", "//internal/logger",
"//internal/oid", "//internal/variant",
"//internal/watcher", "//internal/watcher",
"//joinservice/internal/kms", "//joinservice/internal/kms",
"//joinservice/internal/kubeadm", "//joinservice/internal/kubeadm",

View File

@ -27,7 +27,7 @@ import (
"github.com/edgelesssys/constellation/v2/internal/file" "github.com/edgelesssys/constellation/v2/internal/file"
"github.com/edgelesssys/constellation/v2/internal/grpc/atlscredentials" "github.com/edgelesssys/constellation/v2/internal/grpc/atlscredentials"
"github.com/edgelesssys/constellation/v2/internal/logger" "github.com/edgelesssys/constellation/v2/internal/logger"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/edgelesssys/constellation/v2/internal/watcher" "github.com/edgelesssys/constellation/v2/internal/watcher"
"github.com/edgelesssys/constellation/v2/joinservice/internal/kms" "github.com/edgelesssys/constellation/v2/joinservice/internal/kms"
"github.com/edgelesssys/constellation/v2/joinservice/internal/kubeadm" "github.com/edgelesssys/constellation/v2/joinservice/internal/kubeadm"
@ -56,7 +56,7 @@ func main() {
handler := file.NewHandler(afero.NewOsFs()) handler := file.NewHandler(afero.NewOsFs())
variant, err := oid.FromString(*attestationVariant) variant, err := variant.FromString(*attestationVariant)
if err != nil { if err != nil {
log.With(zap.Error(err)).Fatalf("Failed to parse attestation variant") log.With(zap.Error(err)).Fatalf("Failed to parse attestation variant")
} }

View File

@ -9,7 +9,7 @@ go_library(
deps = [ deps = [
"//internal/constants", "//internal/constants",
"//internal/logger", "//internal/logger",
"//internal/oid", "//internal/variant",
"//measurement-reader/internal/sorted", "//measurement-reader/internal/sorted",
"//measurement-reader/internal/tpm", "//measurement-reader/internal/tpm",
"@org_uber_go_zap//:zap", "@org_uber_go_zap//:zap",

View File

@ -12,7 +12,7 @@ import (
"github.com/edgelesssys/constellation/v2/internal/constants" "github.com/edgelesssys/constellation/v2/internal/constants"
"github.com/edgelesssys/constellation/v2/internal/logger" "github.com/edgelesssys/constellation/v2/internal/logger"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/edgelesssys/constellation/v2/measurement-reader/internal/sorted" "github.com/edgelesssys/constellation/v2/measurement-reader/internal/sorted"
"github.com/edgelesssys/constellation/v2/measurement-reader/internal/tpm" "github.com/edgelesssys/constellation/v2/measurement-reader/internal/tpm"
"go.uber.org/zap" "go.uber.org/zap"
@ -21,21 +21,21 @@ import (
func main() { func main() {
log := logger.New(logger.JSONLog, zapcore.InfoLevel) log := logger.New(logger.JSONLog, zapcore.InfoLevel)
variant := os.Getenv(constants.AttestationVariant) variantString := os.Getenv(constants.AttestationVariant)
attestationVariant, err := oid.FromString(variant) attestationVariant, err := variant.FromString(variantString)
if err != nil { if err != nil {
log.With(zap.Error(err)).Fatalf("Failed to parse attestation variant") log.With(zap.Error(err)).Fatalf("Failed to parse attestation variant")
} }
var m []sorted.Measurement var m []sorted.Measurement
switch attestationVariant { switch attestationVariant {
case oid.AWSNitroTPM{}, oid.AzureSEVSNP{}, oid.AzureTrustedLaunch{}, oid.GCPSEVES{}, oid.QEMUVTPM{}: case variant.AWSNitroTPM{}, variant.AzureSEVSNP{}, variant.AzureTrustedLaunch{}, variant.GCPSEVES{}, variant.QEMUVTPM{}:
m, err = tpm.Measurements() m, err = tpm.Measurements()
if err != nil { if err != nil {
log.With(zap.Error(err)).Fatalf("Failed to read TPM measurements") log.With(zap.Error(err)).Fatalf("Failed to read TPM measurements")
} }
default: default:
log.With(zap.String("attestationVariant", variant)).Fatalf("Unsupported attestation variant") log.With(zap.String("attestationVariant", variantString)).Fatalf("Unsupported attestation variant")
} }
fmt.Println("Measurements:") fmt.Println("Measurements:")

View File

@ -9,7 +9,7 @@ go_library(
"//internal/attestation/choose", "//internal/attestation/choose",
"//internal/constants", "//internal/constants",
"//internal/logger", "//internal/logger",
"//internal/oid", "//internal/variant",
"//verify/server", "//verify/server",
"@org_uber_go_zap//:zap", "@org_uber_go_zap//:zap",
], ],

View File

@ -14,7 +14,7 @@ import (
"github.com/edgelesssys/constellation/v2/internal/attestation/choose" "github.com/edgelesssys/constellation/v2/internal/attestation/choose"
"github.com/edgelesssys/constellation/v2/internal/constants" "github.com/edgelesssys/constellation/v2/internal/constants"
"github.com/edgelesssys/constellation/v2/internal/logger" "github.com/edgelesssys/constellation/v2/internal/logger"
"github.com/edgelesssys/constellation/v2/internal/oid" "github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/edgelesssys/constellation/v2/verify/server" "github.com/edgelesssys/constellation/v2/verify/server"
"go.uber.org/zap" "go.uber.org/zap"
) )
@ -29,7 +29,7 @@ func main() {
log.With(zap.String("version", constants.VersionInfo()), zap.String("attestationVariant", *attestationVariant)). log.With(zap.String("version", constants.VersionInfo()), zap.String("attestationVariant", *attestationVariant)).
Infof("Constellation Verification Service") Infof("Constellation Verification Service")
variant, err := oid.FromString(*attestationVariant) variant, err := variant.FromString(*attestationVariant)
if err != nil { if err != nil {
log.With(zap.Error(err)).Fatalf("Failed to parse attestation variant") log.With(zap.Error(err)).Fatalf("Failed to parse attestation variant")
} }