mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-11-04 04:39:31 -05:00
49 lines
1.1 KiB
Go
49 lines
1.1 KiB
Go
/*
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
|
|
package trustedlaunch
|
|
|
|
import (
|
|
"crypto"
|
|
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
|
|
"github.com/edgelesssys/constellation/v2/internal/oid"
|
|
"github.com/google/go-tpm/tpm2"
|
|
)
|
|
|
|
// Validator for Azure trusted launch VM attestation.
|
|
type Validator struct {
|
|
oid.AzureTrustedLaunch
|
|
*vtpm.Validator
|
|
}
|
|
|
|
// NewValidator initializes a new Azure validator with the provided PCR values.
|
|
func NewValidator(pcrs map[uint32][]byte, enforcedPCRs []uint32, log vtpm.WarnLogger) *Validator {
|
|
return &Validator{
|
|
Validator: vtpm.NewValidator(
|
|
pcrs,
|
|
enforcedPCRs,
|
|
trustedKey,
|
|
validateVM,
|
|
vtpm.VerifyPKCS1v15,
|
|
log,
|
|
),
|
|
}
|
|
}
|
|
|
|
// trustedKey returns the key encoded in the given TPMT_PUBLIC message.
|
|
func trustedKey(akPub, instanceInfo []byte) (crypto.PublicKey, error) {
|
|
pubArea, err := tpm2.DecodePublic(akPub)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return pubArea.Key()
|
|
}
|
|
|
|
// validateVM returns nil.
|
|
func validateVM(attestation vtpm.AttestationDocument) error {
|
|
return nil
|
|
}
|