mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-04 20:30:59 -05:00
8f21972aec
* variant: move into internal/attestation * attesation: move aws attesation into subfolder nitrotpm * config: add aws-sev-snp variant * cli: add tf option to enable AWS SNP For now the implementations in aws/nitrotpm and aws/snp are identical. They both contain the aws/nitrotpm impl. A separate commit will add the actual attestation logic.
95 lines
2.5 KiB
Go
95 lines
2.5 KiB
Go
/*
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
|
|
package tdx
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation"
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
|
|
"github.com/edgelesssys/constellation/v2/internal/config"
|
|
"github.com/edgelesssys/go-tdx-qpl/verification"
|
|
"github.com/edgelesssys/go-tdx-qpl/verification/types"
|
|
)
|
|
|
|
type tdxVerifier interface {
|
|
Verify(ctx context.Context, quote []byte) (types.SGXQuote4, error)
|
|
}
|
|
|
|
// Validator is the TDX attestation validator.
|
|
type Validator struct {
|
|
variant.QEMUTDX
|
|
|
|
tdx tdxVerifier
|
|
expected measurements.M
|
|
|
|
log attestation.Logger
|
|
}
|
|
|
|
// NewValidator initializes a new TDX Validator.
|
|
func NewValidator(cfg *config.QEMUTDX, log attestation.Logger) *Validator {
|
|
if log == nil {
|
|
log = attestation.NOPLogger{}
|
|
}
|
|
|
|
return &Validator{
|
|
tdx: verification.New(),
|
|
expected: cfg.Measurements,
|
|
log: log,
|
|
}
|
|
}
|
|
|
|
// Validate validates the given attestation document using TDX attestation.
|
|
func (v *Validator) Validate(ctx context.Context, attDocRaw []byte, nonce []byte) (userData []byte, err error) {
|
|
v.log.Infof("Validating attestation document")
|
|
defer func() {
|
|
if err != nil {
|
|
v.log.Warnf("Failed to validate attestation document: %s", err)
|
|
}
|
|
}()
|
|
|
|
var attDoc tdxAttestationDocument
|
|
if err := json.Unmarshal(attDocRaw, &attDoc); err != nil {
|
|
return nil, fmt.Errorf("unmarshaling attestation document: %w", err)
|
|
}
|
|
|
|
// Verify the quote.
|
|
quote, err := v.tdx.Verify(ctx, attDoc.RawQuote)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("verifying TDX quote: %w", err)
|
|
}
|
|
|
|
// Report data
|
|
extraData := attestation.MakeExtraData(attDoc.UserData, nonce)
|
|
if !attestation.CompareExtraData(quote.Body.ReportData[:], extraData) {
|
|
return nil, fmt.Errorf("report data in TDX quote does not match provided nonce")
|
|
}
|
|
|
|
// Convert RTMRs and MRTD to map.
|
|
tdMeasure := make(map[uint32][]byte, 5)
|
|
tdMeasure[0] = quote.Body.MRTD[:]
|
|
for idx := 0; idx < len(quote.Body.RTMR); idx++ {
|
|
tdMeasure[uint32(idx+1)] = quote.Body.RTMR[idx][:]
|
|
}
|
|
|
|
// Verify the quote against the expected measurements.
|
|
for idx, ex := range v.expected {
|
|
if !bytes.Equal(ex.Expected, tdMeasure[idx]) {
|
|
if !ex.ValidationOpt {
|
|
return nil, fmt.Errorf("untrusted TD measurement value at index %d", idx)
|
|
}
|
|
v.log.Warnf("Encountered untrusted TD measurement value at index %d", idx)
|
|
}
|
|
}
|
|
|
|
return attDoc.UserData, nil
|
|
}
|