mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-01 02:46:16 -05:00
8f21972aec
* variant: move into internal/attestation * attesation: move aws attesation into subfolder nitrotpm * config: add aws-sev-snp variant * cli: add tf option to enable AWS SNP For now the implementations in aws/nitrotpm and aws/snp are identical. They both contain the aws/nitrotpm impl. A separate commit will add the actual attestation logic.
68 lines
1.4 KiB
Go
68 lines
1.4 KiB
Go
/*
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
|
|
package tdx
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation"
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
|
|
"github.com/edgelesssys/go-tdx-qpl/tdx"
|
|
)
|
|
|
|
// Issuer is the TDX attestation issuer.
|
|
type Issuer struct {
|
|
variant.QEMUTDX
|
|
|
|
open OpenFunc
|
|
log attestation.Logger
|
|
}
|
|
|
|
// NewIssuer initializes a new TDX Issuer.
|
|
func NewIssuer(log attestation.Logger) *Issuer {
|
|
if log == nil {
|
|
log = attestation.NOPLogger{}
|
|
}
|
|
return &Issuer{
|
|
open: Open,
|
|
log: log,
|
|
}
|
|
}
|
|
|
|
// Issue issues a TDX attestation document.
|
|
func (i *Issuer) Issue(_ context.Context, userData []byte, nonce []byte) (attDoc []byte, err error) {
|
|
i.log.Infof("Issuing attestation statement")
|
|
defer func() {
|
|
if err != nil {
|
|
i.log.Warnf("Failed to issue attestation document: %s", err)
|
|
}
|
|
}()
|
|
|
|
handle, err := i.open()
|
|
if err != nil {
|
|
return nil, fmt.Errorf("opening TDX device: %w", err)
|
|
}
|
|
defer handle.Close()
|
|
|
|
quote, err := tdx.GenerateQuote(handle, attestation.MakeExtraData(userData, nonce))
|
|
if err != nil {
|
|
return nil, fmt.Errorf("generating quote: %w", err)
|
|
}
|
|
|
|
rawAttDoc, err := json.Marshal(tdxAttestationDocument{
|
|
RawQuote: quote,
|
|
UserData: userData,
|
|
})
|
|
if err != nil {
|
|
return nil, fmt.Errorf("marshaling attestation document: %w", err)
|
|
}
|
|
|
|
return rawAttDoc, nil
|
|
}
|