mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-08-13 01:05:31 -04:00
3b9f7530fb
find -name '*.go' -exec sed -i 's/SPDX-License-Identifier: AGPL-3.0-only/SPDX-License-Identifier: BUSL-1.1/' {} +
38 lines
958 B
Go
38 lines
958 B
Go
/*
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
SPDX-License-Identifier: BUSL-1.1
|
|
*/
|
|
|
|
// The AMDKDS package implements interaction with the AMD KDS (Key Distribution Service).
|
|
package amdkds
|
|
|
|
import (
|
|
"crypto/x509"
|
|
"fmt"
|
|
|
|
"github.com/google/go-sev-guest/abi"
|
|
"github.com/google/go-sev-guest/verify/trust"
|
|
)
|
|
|
|
// KDSClient is a client for interacting with the AMD KDS.
|
|
type KDSClient struct {
|
|
getter trust.HTTPSGetter
|
|
}
|
|
|
|
// NewKDSClient creates a new KDS Client.
|
|
func NewKDSClient(getter trust.HTTPSGetter) *KDSClient {
|
|
return &KDSClient{
|
|
getter: getter,
|
|
}
|
|
}
|
|
|
|
// CertChain queries the AMD KDS for the certificate chain for given signing type (VCEK / VLEK).
|
|
func (c *KDSClient) CertChain(signingType abi.ReportSigner) (ask, ark *x509.Certificate, err error) {
|
|
askark, err := trust.GetProductChain("Milan", signingType, c.getter)
|
|
if err != nil {
|
|
return nil, nil, fmt.Errorf("retrieving certificate chain: %w", err)
|
|
}
|
|
|
|
return askark.Ask, askark.Ark, nil
|
|
}
|