mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-14 10:24:24 -05:00
124 lines
3.5 KiB
Go
124 lines
3.5 KiB
Go
/*
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
|
|
package snp
|
|
|
|
import (
|
|
"context"
|
|
"crypto/sha512"
|
|
"crypto/x509"
|
|
"encoding/json"
|
|
"encoding/pem"
|
|
"fmt"
|
|
"io"
|
|
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation"
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation/snp"
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
|
|
|
|
"github.com/google/go-sev-guest/abi"
|
|
sevclient "github.com/google/go-sev-guest/client"
|
|
"github.com/google/go-tpm-tools/client"
|
|
tpmclient "github.com/google/go-tpm-tools/client"
|
|
)
|
|
|
|
// Issuer for AWS SNP attestation.
|
|
type Issuer struct {
|
|
variant.AWSSEVSNP
|
|
*vtpm.Issuer
|
|
}
|
|
|
|
// NewIssuer creates a SEV-SNP based issuer for AWS.
|
|
func NewIssuer(log attestation.Logger) *Issuer {
|
|
return &Issuer{
|
|
Issuer: vtpm.NewIssuer(
|
|
vtpm.OpenVTPM,
|
|
getAttestationKey,
|
|
getInstanceInfo,
|
|
log,
|
|
),
|
|
}
|
|
}
|
|
|
|
// getAttestationKey returns a new attestation key.
|
|
func getAttestationKey(tpm io.ReadWriter) (*tpmclient.Key, error) {
|
|
tpmAk, err := client.AttestationKeyRSA(tpm)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("creating RSA Endorsement key: %w", err)
|
|
}
|
|
|
|
return tpmAk, nil
|
|
}
|
|
|
|
// getInstanceInfo generates an extended SNP report, i.e. the report and any loaded certificates.
|
|
// Report generation is triggered by sending ioctl syscalls to the SNP guest device, the AMD PSP generates the report.
|
|
// The returned bytes will be written into the attestation document.
|
|
func getInstanceInfo(_ context.Context, tpm io.ReadWriteCloser, _ []byte) ([]byte, error) {
|
|
tpmAk, err := client.AttestationKeyRSA(tpm)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("creating RSA Endorsement key: %w", err)
|
|
}
|
|
|
|
encoded, err := x509.MarshalPKIXPublicKey(tpmAk.PublicKey())
|
|
if err != nil {
|
|
return nil, fmt.Errorf("marshalling public key: %w", err)
|
|
}
|
|
|
|
akDigest := sha512.Sum512(encoded)
|
|
|
|
device, err := sevclient.OpenDevice()
|
|
if err != nil {
|
|
return nil, fmt.Errorf("opening sev device: %w", err)
|
|
}
|
|
defer device.Close()
|
|
|
|
report, certs, err := sevclient.GetRawExtendedReportAtVmpl(device, akDigest, 0)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("getting extended report: %w", err)
|
|
}
|
|
|
|
vlek, err := pemEncodedVLEK(certs)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("parsing vlek: %w", err)
|
|
}
|
|
|
|
raw, err := json.Marshal(snp.InstanceInfo{AttestationReport: report, ReportSigner: vlek})
|
|
if err != nil {
|
|
return nil, fmt.Errorf("marshalling instance info: %w", err)
|
|
}
|
|
|
|
return raw, nil
|
|
}
|
|
|
|
// pemEncodedVLEK takes a marshalled SNP certificate table and returns the PEM-encoded VLEK certificate.
|
|
// AMD documentation on certificate tables can be found in section 4.1.8.1, revision 2.03 "SEV-ES Guest-Hypervisor Communication Block Standardization".
|
|
// https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf
|
|
func pemEncodedVLEK(certs []byte) ([]byte, error) {
|
|
certTable := abi.CertTable{}
|
|
if err := certTable.Unmarshal(certs); err != nil {
|
|
return nil, fmt.Errorf("unmarshalling SNP certificate table: %w", err)
|
|
}
|
|
|
|
vlekRaw, err := certTable.GetByGUIDString(abi.VlekGUID)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("getting VLEK certificate: %w", err)
|
|
}
|
|
|
|
// An optional check for certificate well-formedness. vlekRaw == cert.Raw.
|
|
cert, err := x509.ParseCertificate(vlekRaw)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("parsing certificate: %w", err)
|
|
}
|
|
|
|
certPEM := pem.EncodeToMemory(&pem.Block{
|
|
Type: "CERTIFICATE",
|
|
Bytes: cert.Raw,
|
|
})
|
|
|
|
return certPEM, nil
|
|
}
|