mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-25 15:39:37 -05:00
oid: add alternative string representations for attestation variants (#1322)
This commit is contained in:
parent
a5d4970753
commit
ab0b881cbf
@ -400,14 +400,14 @@ func TestAttestation(t *testing.T) {
|
|||||||
netDialer := testdialer.NewBufconnDialer()
|
netDialer := testdialer.NewBufconnDialer()
|
||||||
newDialer := func(v *cloudcmd.Validator) *dialer.Dialer {
|
newDialer := func(v *cloudcmd.Validator) *dialer.Dialer {
|
||||||
validator := &testValidator{
|
validator := &testValidator{
|
||||||
Getter: oid.QEMU{},
|
Getter: oid.QEMUVTPM{},
|
||||||
pcrs: v.PCRS(),
|
pcrs: v.PCRS(),
|
||||||
}
|
}
|
||||||
return dialer.New(nil, validator, netDialer)
|
return dialer.New(nil, validator, netDialer)
|
||||||
}
|
}
|
||||||
|
|
||||||
issuer := &testIssuer{
|
issuer := &testIssuer{
|
||||||
Getter: oid.QEMU{},
|
Getter: oid.QEMUVTPM{},
|
||||||
pcrs: map[uint32][]byte{
|
pcrs: map[uint32][]byte{
|
||||||
0: bytes.Repeat([]byte{0xFF}, 32),
|
0: bytes.Repeat([]byte{0xFF}, 32),
|
||||||
1: bytes.Repeat([]byte{0xFF}, 32),
|
1: bytes.Repeat([]byte{0xFF}, 32),
|
||||||
|
@ -23,7 +23,7 @@ import (
|
|||||||
|
|
||||||
// Issuer for AWS TPM attestation.
|
// Issuer for AWS TPM attestation.
|
||||||
type Issuer struct {
|
type Issuer struct {
|
||||||
oid.AWS
|
oid.AWSNitroTPM
|
||||||
*vtpm.Issuer
|
*vtpm.Issuer
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -23,7 +23,7 @@ import (
|
|||||||
|
|
||||||
// Validator for AWS TPM attestation.
|
// Validator for AWS TPM attestation.
|
||||||
type Validator struct {
|
type Validator struct {
|
||||||
oid.AWS
|
oid.AWSNitroTPM
|
||||||
*vtpm.Validator
|
*vtpm.Validator
|
||||||
getDescribeClient func(context.Context, string) (awsMetadataAPI, error)
|
getDescribeClient func(context.Context, string) (awsMetadataAPI, error)
|
||||||
}
|
}
|
||||||
|
@ -51,7 +51,7 @@ func GetIDKeyDigest(open vtpm.TPMOpenFunc) ([]byte, error) {
|
|||||||
|
|
||||||
// Issuer for Azure TPM attestation.
|
// Issuer for Azure TPM attestation.
|
||||||
type Issuer struct {
|
type Issuer struct {
|
||||||
oid.AzureSNP
|
oid.AzureSEVSNP
|
||||||
*vtpm.Issuer
|
*vtpm.Issuer
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -38,7 +38,7 @@ const (
|
|||||||
|
|
||||||
// Validator for Azure confidential VM attestation.
|
// Validator for Azure confidential VM attestation.
|
||||||
type Validator struct {
|
type Validator struct {
|
||||||
oid.AzureSNP
|
oid.AzureSEVSNP
|
||||||
*vtpm.Validator
|
*vtpm.Validator
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -20,7 +20,7 @@ import (
|
|||||||
|
|
||||||
// Issuer for GCP confidential VM attestation.
|
// Issuer for GCP confidential VM attestation.
|
||||||
type Issuer struct {
|
type Issuer struct {
|
||||||
oid.GCP
|
oid.GCPSEVES
|
||||||
*vtpm.Issuer
|
*vtpm.Issuer
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -30,7 +30,7 @@ import (
|
|||||||
|
|
||||||
// Validator for GCP confidential VM attestation.
|
// Validator for GCP confidential VM attestation.
|
||||||
type Validator struct {
|
type Validator struct {
|
||||||
oid.GCP
|
oid.GCPSEVES
|
||||||
*vtpm.Validator
|
*vtpm.Validator
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -16,7 +16,7 @@ import (
|
|||||||
|
|
||||||
// Issuer for qemu TPM attestation.
|
// Issuer for qemu TPM attestation.
|
||||||
type Issuer struct {
|
type Issuer struct {
|
||||||
oid.QEMU
|
oid.QEMUVTPM
|
||||||
*vtpm.Issuer
|
*vtpm.Issuer
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -17,7 +17,7 @@ import (
|
|||||||
|
|
||||||
// Validator for QEMU VM attestation.
|
// Validator for QEMU VM attestation.
|
||||||
type Validator struct {
|
type Validator struct {
|
||||||
oid.QEMU
|
oid.QEMUVTPM
|
||||||
*vtpm.Validator
|
*vtpm.Validator
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -25,6 +25,7 @@ package oid
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/asn1"
|
"encoding/asn1"
|
||||||
|
"errors"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Getter returns an ASN.1 Object Identifier.
|
// Getter returns an ASN.1 Object Identifier.
|
||||||
@ -32,6 +33,25 @@ type Getter interface {
|
|||||||
OID() asn1.ObjectIdentifier
|
OID() asn1.ObjectIdentifier
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// FromString returns the OID for the given string.
|
||||||
|
func FromString(oid string) (Getter, error) {
|
||||||
|
switch oid {
|
||||||
|
case dummy:
|
||||||
|
return Dummy{}, nil
|
||||||
|
case awsNitroTPM:
|
||||||
|
return AWSNitroTPM{}, nil
|
||||||
|
case gcpSEVES:
|
||||||
|
return GCPSEVES{}, nil
|
||||||
|
case azureSEVSNP:
|
||||||
|
return AzureSEVSNP{}, nil
|
||||||
|
case azureTrustedLaunch:
|
||||||
|
return AzureTrustedLaunch{}, nil
|
||||||
|
case qemuVTPM:
|
||||||
|
return QEMUVTPM{}, nil
|
||||||
|
}
|
||||||
|
return nil, errors.New("unknown OID")
|
||||||
|
}
|
||||||
|
|
||||||
// Dummy OID for testing.
|
// Dummy OID for testing.
|
||||||
type Dummy struct{}
|
type Dummy struct{}
|
||||||
|
|
||||||
@ -40,30 +60,50 @@ func (Dummy) OID() asn1.ObjectIdentifier {
|
|||||||
return asn1.ObjectIdentifier{1, 3, 9900, 1, 1}
|
return asn1.ObjectIdentifier{1, 3, 9900, 1, 1}
|
||||||
}
|
}
|
||||||
|
|
||||||
// AWS holds the AWS OID.
|
// String returns the string representation of the OID.
|
||||||
type AWS struct{}
|
func (Dummy) String() string {
|
||||||
|
return dummy
|
||||||
|
}
|
||||||
|
|
||||||
|
// AWSNitroTPM holds the AWS nitro TPM OID.
|
||||||
|
type AWSNitroTPM struct{}
|
||||||
|
|
||||||
// OID returns the struct's object identifier.
|
// OID returns the struct's object identifier.
|
||||||
func (AWS) OID() asn1.ObjectIdentifier {
|
func (AWSNitroTPM) OID() asn1.ObjectIdentifier {
|
||||||
return asn1.ObjectIdentifier{1, 3, 9900, 2, 1}
|
return asn1.ObjectIdentifier{1, 3, 9900, 2, 1}
|
||||||
}
|
}
|
||||||
|
|
||||||
// GCP holds the GCP OID.
|
// String returns the string representation of the OID.
|
||||||
type GCP struct{}
|
func (AWSNitroTPM) String() string {
|
||||||
|
return awsNitroTPM
|
||||||
|
}
|
||||||
|
|
||||||
|
// GCPSEVES holds the GCP SEV-ES OID.
|
||||||
|
type GCPSEVES struct{}
|
||||||
|
|
||||||
// OID returns the struct's object identifier.
|
// OID returns the struct's object identifier.
|
||||||
func (GCP) OID() asn1.ObjectIdentifier {
|
func (GCPSEVES) OID() asn1.ObjectIdentifier {
|
||||||
return asn1.ObjectIdentifier{1, 3, 9900, 3, 1}
|
return asn1.ObjectIdentifier{1, 3, 9900, 3, 1}
|
||||||
}
|
}
|
||||||
|
|
||||||
// AzureSNP holds the OID for Azure SNP CVMs.
|
// String returns the string representation of the OID.
|
||||||
type AzureSNP struct{}
|
func (GCPSEVES) String() string {
|
||||||
|
return gcpSEVES
|
||||||
|
}
|
||||||
|
|
||||||
|
// AzureSEVSNP holds the OID for Azure SNP CVMs.
|
||||||
|
type AzureSEVSNP struct{}
|
||||||
|
|
||||||
// OID returns the struct's object identifier.
|
// OID returns the struct's object identifier.
|
||||||
func (AzureSNP) OID() asn1.ObjectIdentifier {
|
func (AzureSEVSNP) OID() asn1.ObjectIdentifier {
|
||||||
return asn1.ObjectIdentifier{1, 3, 9900, 4, 1}
|
return asn1.ObjectIdentifier{1, 3, 9900, 4, 1}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// String returns the string representation of the OID.
|
||||||
|
func (AzureSEVSNP) String() string {
|
||||||
|
return azureSEVSNP
|
||||||
|
}
|
||||||
|
|
||||||
// AzureTrustedLaunch holds the OID for Azure TrustedLaunch VMs.
|
// AzureTrustedLaunch holds the OID for Azure TrustedLaunch VMs.
|
||||||
type AzureTrustedLaunch struct{}
|
type AzureTrustedLaunch struct{}
|
||||||
|
|
||||||
@ -72,10 +112,29 @@ func (AzureTrustedLaunch) OID() asn1.ObjectIdentifier {
|
|||||||
return asn1.ObjectIdentifier{1, 3, 9900, 4, 2}
|
return asn1.ObjectIdentifier{1, 3, 9900, 4, 2}
|
||||||
}
|
}
|
||||||
|
|
||||||
// QEMU holds the QEMU OID.
|
// String returns the string representation of the OID.
|
||||||
type QEMU struct{}
|
func (AzureTrustedLaunch) String() string {
|
||||||
|
return azureTrustedLaunch
|
||||||
|
}
|
||||||
|
|
||||||
|
// QEMUVTPM holds the QEMUVTPM OID.
|
||||||
|
type QEMUVTPM struct{}
|
||||||
|
|
||||||
// OID returns the struct's object identifier.
|
// OID returns the struct's object identifier.
|
||||||
func (QEMU) OID() asn1.ObjectIdentifier {
|
func (QEMUVTPM) OID() asn1.ObjectIdentifier {
|
||||||
return asn1.ObjectIdentifier{1, 3, 9900, 5, 1}
|
return asn1.ObjectIdentifier{1, 3, 9900, 5, 1}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// String returns the string representation of the OID.
|
||||||
|
func (QEMUVTPM) String() string {
|
||||||
|
return qemuVTPM
|
||||||
|
}
|
||||||
|
|
||||||
|
const (
|
||||||
|
dummy = "dummy"
|
||||||
|
awsNitroTPM = "aws-nitro-tpm"
|
||||||
|
gcpSEVES = "gcp-sev-es"
|
||||||
|
azureSEVSNP = "azure-sev-snp"
|
||||||
|
azureTrustedLaunch = "azure-trustedlaunch"
|
||||||
|
qemuVTPM = "qemu-vtpm"
|
||||||
|
)
|
||||||
|
Loading…
Reference in New Issue
Block a user