Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity
1c1b29637f
constellation/internal/attestation/azure/trustedlaunch/validator.go
Otto Bittner 405db3286e AB#2386: TrustedLaunch support for azure attestation 
* There are now two attestation packages on azure.
The issuer on the server side is created base on successfully
querying the idkeydigest from the TPM. Fallback on err: Trusted Launch.
* The bootstrapper's issuer choice is validated by the CLI's validator,
which is created based on the local config.
* Add "azureCVM" field to new "internal-config" cm.
This field is populated by the bootstrapper.
* Group attestation OIDs by CSP (#42)
* Bootstrapper now uses IssuerWrapper type to pass
the issuer (and some context info) to the initserver.
* Introduce VMType package akin to cloudprovider. Used by
IssuerWrapper.
* Extend unittests.
* Remove CSP specific attestation integration tests

Co-authored-by: <dw@edgeless.systems>
Signed-off-by: Otto Bittner <cobittner@posteo.net>
2022-09-05 12:03:48 +02:00

50 lines
1.1 KiB
Go
Raw Blame History

/*
Copyright (c) Edgeless Systems GmbH
SPDX-License-Identifier: AGPL-3.0-only
*/
package trustedlaunch
import (
"crypto"
"github.com/edgelesssys/constellation/internal/attestation/vtpm"
"github.com/edgelesssys/constellation/internal/oid"
"github.com/google/go-tpm/tpm2"
)
// Validator for Azure trusted launch VM attestation.
type Validator struct {
oid.AzureTrustedLaunch
*vtpm.Validator
}
// NewValidator initializes a new Azure validator with the provided PCR values.
func NewValidator(pcrs map[uint32][]byte, enforcedPCRs []uint32, log vtpm.WarnLogger) *Validator {
return &Validator{
Validator: vtpm.NewValidator(
pcrs,
enforcedPCRs,
trustedKey,
validateVM,
vtpm.VerifyPKCS1v15,
log,
),
}
}
// trustedKey returns the key encoded in the given TPMT_PUBLIC message.
func trustedKey(akPub, instanceInfo []byte) (crypto.PublicKey, error) {
pubArea, err := tpm2.DecodePublic(akPub)
if err != nil {
return nil, err
}
return pubArea.Key()
}
// validateVM returns nil.
func validateVM(attestation vtpm.AttestationDocument) error {
return nil
}
Reference in New Issue View Git Blame Copy Permalink