Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-08-19 03:57:55 -04:00
Code Issues Projects Releases Packages Wiki Activity

attestation: tdx issuer/validator (#1265)

Browse source 
* Add TDX validator

* Add TDX issuer

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße 2023-03-08 14:13:57 +01:00 committed by Malte Poll
parent d104af6e51
commit dd2da25ebe
53 changed files with 808 additions and 229 deletions
Download patch file Download diff file Expand all files Collapse all files

43
internal/attestation/attestation.go
View file

@ -29,6 +29,9 @@ Attestation code for new platforms needs to implement these two interfaces.
package attestation
import (
"bytes"
"crypto/sha256"
"github.com/edgelesssys/constellation/v2/internal/crypto"
)
@ -40,7 +43,47 @@ const (
MeasurementSecretContext = "measurementSecret"
)
// Logger is a logger used to print warnings and infos during attestation validation.
type Logger interface {
Infof(format string, args ...any)
Warnf(format string, args ...any)
}
// NOPLogger is a no-op implementation of [Logger].
type NOPLogger struct{}
// Infof is a no-op.
func (NOPLogger) Infof(string, ...interface{}) {}
// Warnf is a no-op.
func (NOPLogger) Warnf(string, ...interface{}) {}
// DeriveClusterID derives the cluster ID from a salt and secret value.
func DeriveClusterID(secret, salt []byte) ([]byte, error) {
return crypto.DeriveKey(secret, salt, []byte(crypto.DEKPrefix+clusterIDContext), crypto.DerivedKeyLengthDefault)
}
// MakeExtraData binds userData to a random nonce used in attestation.
func MakeExtraData(userData []byte, nonce []byte) []byte {
data := append([]byte{}, userData...)
data = append(data, nonce...)
digest := sha256.Sum256(data)
return digest[:]
}
// CompareExtraData compares the extra data of a quote with the expected extra data.
// Returns true if the data from the quote matches the expected data.
// If the slices are not of equal length, the shorter slice is padded with zeros.
func CompareExtraData(quoteData, expectedData []byte) bool {
if len(quoteData) != len(expectedData) {
// If the lengths are not equal, pad the shorter slice with zeros.
diff := len(quoteData) - len(expectedData)
if diff < 0 {
diff = -diff
quoteData = append(quoteData, bytes.Repeat([]byte{0x00}, diff)...)
} else {
expectedData = append(expectedData, bytes.Repeat([]byte{0x00}, diff)...)
}
}
return bytes.Equal(quoteData, expectedData)
}