Refactor enforced/expected PCRs (#553)

* Merge enforced and expected measurements * Update measurement generation to new format * Write expected measurements hex encoded by default * Allow hex or base64 encoded expected measurements * Allow hex or base64 encoded clusterID * Allow security upgrades to warnOnly flag * Upload signed measurements in JSON format * Fetch measurements either from JSON or YAML * Use yaml.v3 instead of yaml.v2 * Error on invalid enforced selection * Add placeholder measurements to config * Update e2e test to new measurement format Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2025-05-02 06:16:08 -04:00 · 2022-11-24 10:57:58 +01:00 · 2022-11-24 10:57:58 +01:00 · f8001efbc0
commit f8001efbc0
parent 8ce954e012
46 changed files with 1180 additions and 801 deletions
--- a/internal/config/validation.go
+++ b/internal/config/validation.go
@ -7,9 +7,11 @@ SPDX-License-Identifier: AGPL-3.0-only
 package config

 import (
+	"bytes"
 	"fmt"
 	"strings"

+	"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
 	"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
 	"github.com/edgelesssys/constellation/v2/internal/config/instancetypes"
 	"github.com/edgelesssys/constellation/v2/internal/versions"
@ -223,3 +225,35 @@ func (c *Config) translateAzureInstanceTypeError(ut ut.Translator, fe validator.

 	return t
 }
+
+func validateNoPlaceholder(fl validator.FieldLevel) bool {
+	return len(getPlaceholderEntries(fl.Field().Interface().(Measurements))) == 0
+}
+
+func registerContainsPlaceholderError(ut ut.Translator) error {
+	return ut.Add("no_placeholders", "{0} placeholder values (repeated 1234...)", true)
+}
+
+func translateContainsPlaceholderError(ut ut.Translator, fe validator.FieldError) string {
+	placeholders := getPlaceholderEntries(fe.Value().(Measurements))
+	msg := fmt.Sprintf("Measurements %v contain", placeholders)
+	if len(placeholders) == 1 {
+		msg = fmt.Sprintf("Measurement %v contains", placeholders)
+	}
+
+	t, _ := ut.T("no_placeholders", msg)
+	return t
+}
+
+func getPlaceholderEntries(m Measurements) []uint32 {
+	var placeholders []uint32
+	placeholder := measurements.PlaceHolderMeasurement()
+
+	for idx, measurement := range m {
+		if bytes.Equal(measurement.Expected[:], placeholder.Expected[:]) {
+			placeholders = append(placeholders, idx)
+		}
+	}
+
+	return placeholders
+}