mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-07 05:38:03 -05:00
9a1f52e94e
So far the masterSecret was sent to the initial bootstrapper on init/recovery. With this commit this information is encoded in the kmsURI that is sent during init. For recover, the communication with the recoveryserver is changed. Before a streaming gRPC call was used to exchanges UUID for measurementSecret and state disk key. Now a standard gRPC is made that includes the same kmsURI & storageURI that are sent during init.
34 lines
847 B
Go
34 lines
847 B
Go
/*
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
|
|
package attestation
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/edgelesssys/constellation/v2/internal/crypto/testvector"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestDeriveClusterID(t *testing.T) {
|
|
require := require.New(t)
|
|
assert := assert.New(t)
|
|
|
|
testvector := testvector.HKDFClusterID
|
|
clusterID, err := DeriveClusterID(testvector.Secret, testvector.Salt)
|
|
require.NoError(err)
|
|
assert.Equal(testvector.Output, clusterID)
|
|
|
|
clusterIDdiff, err := DeriveClusterID(testvector.Secret, []byte("different-salt"))
|
|
require.NoError(err)
|
|
assert.NotEqual(clusterID, clusterIDdiff)
|
|
|
|
clusterIDdiff, err = DeriveClusterID([]byte("different-secret"), testvector.Salt)
|
|
require.NoError(err)
|
|
assert.NotEqual(clusterID, clusterIDdiff)
|
|
}
|