Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-02-02 02:24:56 -05:00
Code Issues Packages Projects Releases Wiki Activity

verify: use helper function for format writing

Browse Source 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
This commit is contained in:
Paul Meyer 2023-07-25 15:02:59 +02:00
parent 8e7f4cd046
commit c8b1765e1d
1 changed files with 32 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
cli/internal/cmd/verify.go
View File

@ -309,14 +309,14 @@ func (f *attestationDocFormatterImpl) parseCerts(b *strings.Builder, certTypeNam
return fmt.Errorf("parse %s: %w", certTypeName, err) return fmt.Errorf("parse %s: %w", certTypeName, err)
} }
b.WriteString(fmt.Sprintf("\t%s (%d):\n", certTypeName, i)) writeIndentfln(b, 1, "%s (%d):", certTypeName, i)
b.WriteString(fmt.Sprintf("\t\tSerial Number: %s\n", cert.SerialNumber)) writeIndentfln(b, 2, "Serial Number: %s", cert.SerialNumber)
b.WriteString(fmt.Sprintf("\t\tSubject: %s\n", cert.Subject)) writeIndentfln(b, 2, "Subject: %s", cert.Subject)
b.WriteString(fmt.Sprintf("\t\tIssuer: %s\n", cert.Issuer)) writeIndentfln(b, 2, "Issuer: %s", cert.Issuer)
b.WriteString(fmt.Sprintf("\t\tNot Before: %s\n", cert.NotBefore)) writeIndentfln(b, 2, "Not Before: %s", cert.NotBefore)
b.WriteString(fmt.Sprintf("\t\tNot After: %s\n", cert.NotAfter)) writeIndentfln(b, 2, "Not After: %s", cert.NotAfter)
b.WriteString(fmt.Sprintf("\t\tSignature Algorithm: %s\n", cert.SignatureAlgorithm)) writeIndentfln(b, 2, "Signature Algorithm: %s", cert.SignatureAlgorithm)
b.WriteString(fmt.Sprintf("\t\tPublic Key Algorithm: %s\n", cert.PublicKeyAlgorithm)) writeIndentfln(b, 2, "Public Key Algorithm: %s", cert.PublicKeyAlgorithm)
if certTypeName == "VCEK certificate" { if certTypeName == "VCEK certificate" {
// Extensions documented in Table 8 and Table 9 of // Extensions documented in Table 8 and Table 9 of
@ -326,18 +326,18 @@ func (f *attestationDocFormatterImpl) parseCerts(b *strings.Builder, certTypeNam
return fmt.Errorf("parsing VCEK certificate extensions: %w", err) return fmt.Errorf("parsing VCEK certificate extensions: %w", err)
} }
b.WriteString(fmt.Sprintf("\t\tStruct version: %d\n", vcekExts.StructVersion)) writeIndentfln(b, 2, "Struct version: %d", vcekExts.StructVersion)
b.WriteString(fmt.Sprintf("\t\tProduct name: %s\n", vcekExts.ProductName)) writeIndentfln(b, 2, "Product name: %s", vcekExts.ProductName)
tcb := kds.DecomposeTCBVersion(vcekExts.TCBVersion) tcb := kds.DecomposeTCBVersion(vcekExts.TCBVersion)
b.WriteString(fmt.Sprintf("\t\tSecure Processor bootloader SVN: %d\n", tcb.BlSpl)) writeIndentfln(b, 2, "Secure Processor bootloader SVN: %d", tcb.BlSpl)
b.WriteString(fmt.Sprintf("\t\tSecure Processor operating system SVN: %d\n", tcb.TeeSpl)) writeIndentfln(b, 2, "Secure Processor operating system SVN: %d", tcb.TeeSpl)
b.WriteString(fmt.Sprintf("\t\tSVN 4 (reserved): %d\n", tcb.Spl4)) writeIndentfln(b, 2, "SVN 4 (reserved): %d", tcb.Spl4)
b.WriteString(fmt.Sprintf("\t\tSVN 5 (reserved): %d\n", tcb.Spl5)) writeIndentfln(b, 2, "SVN 5 (reserved): %d", tcb.Spl5)
b.WriteString(fmt.Sprintf("\t\tSVN 6 (reserved): %d\n", tcb.Spl6)) writeIndentfln(b, 2, "SVN 6 (reserved): %d", tcb.Spl6)
b.WriteString(fmt.Sprintf("\t\tSVN 7 (reserved): %d\n", tcb.Spl7)) writeIndentfln(b, 2, "SVN 7 (reserved): %d", tcb.Spl7)
b.WriteString(fmt.Sprintf("\t\tSEV-SNP firmware SVN: %d\n", tcb.SnpSpl)) writeIndentfln(b, 2, "SEV-SNP firmware SVN: %d", tcb.SnpSpl)
b.WriteString(fmt.Sprintf("\t\tMicrocode SVN: %d\n", tcb.UcodeSpl)) writeIndentfln(b, 2, "Microcode SVN: %d", tcb.UcodeSpl)
b.WriteString(fmt.Sprintf("\t\tHardware ID: %#x\n", vcekExts.HWID)) writeIndentfln(b, 2, "Hardware ID: %#x", vcekExts.HWID)
} }
i++ i++
@ -348,16 +348,16 @@ func (f *attestationDocFormatterImpl) parseCerts(b *strings.Builder, certTypeNam
// parseQuotes parses the base64-encoded quotes and writes their details to the output builder. // parseQuotes parses the base64-encoded quotes and writes their details to the output builder.
func (f *attestationDocFormatterImpl) parseQuotes(b *strings.Builder, quotes []quote, expectedPCRs measurements.M) error { func (f *attestationDocFormatterImpl) parseQuotes(b *strings.Builder, quotes []quote, expectedPCRs measurements.M) error {
b.WriteString("\tQuote:\n") writeIndentfln(b, 1, "Quote:")
for pcrNum, expectedPCR := range expectedPCRs { for pcrNum, expectedPCR := range expectedPCRs {
encPCR := quotes[1].Pcrs.Pcrs[fmt.Sprintf("%d", pcrNum)] encPCR := quotes[1].Pcrs.Pcrs[fmt.Sprintf("%d", pcrNum)]
actualPCR, err := base64.StdEncoding.DecodeString(encPCR) actualPCR, err := base64.StdEncoding.DecodeString(encPCR)
if err != nil { if err != nil {
return fmt.Errorf("decode PCR %d: %w", pcrNum, err) return fmt.Errorf("decode PCR %d: %w", pcrNum, err)
} }
b.WriteString(fmt.Sprintf("\t\tPCR %d (Strict: %t):\n", pcrNum, !expectedPCR.ValidationOpt)) writeIndentfln(b, 2, "PCR %d (Strict: %t):", pcrNum, !expectedPCR.ValidationOpt)
b.WriteString(fmt.Sprintf("\t\t\tExpected:\t%x\n", expectedPCR.Expected)) writeIndentfln(b, 3, "Expected:\t%x", expectedPCR.Expected)
b.WriteString(fmt.Sprintf("\t\t\tActual:\t\t%x\n", actualPCR)) writeIndentfln(b, 3, "Actual:\t\t%x", actualPCR)
} }
return nil return nil
} }
@ -436,3 +436,12 @@ type verifyClient interface {
type grpcInsecureDialer interface { type grpcInsecureDialer interface {
DialInsecure(ctx context.Context, endpoint string) (conn *grpc.ClientConn, err error) DialInsecure(ctx context.Context, endpoint string) (conn *grpc.ClientConn, err error)
} }
// writeIndentfln writes a formatted string to the builder with the given indentation level
// and a newline at the end.
func writeIndentfln(b *strings.Builder, indentLvl int, format string, args ...any) {
for i := 0; i < indentLvl; i++ {
b.WriteByte('\t')
}
b.WriteString(fmt.Sprintf(format+"\n", args...))
}