diff --git a/coordinator/main.go b/coordinator/main.go index 799b95bc75..802b82c189 100644 --- a/coordinator/main.go +++ b/coordinator/main.go @@ -16,6 +16,7 @@ import ( "github.com/edgelesssys/contrast/coordinator/history" "github.com/edgelesssys/contrast/coordinator/internal/authority" "github.com/edgelesssys/contrast/internal/atls" + "github.com/edgelesssys/contrast/internal/atls/issuer" "github.com/edgelesssys/contrast/internal/grpc/atlscredentials" "github.com/edgelesssys/contrast/internal/logger" "github.com/edgelesssys/contrast/internal/meshapi" @@ -154,7 +155,7 @@ func newServerMetrics(reg *prometheus.Registry) *grpcprometheus.ServerMetrics { } func newGRPCServer(serverMetrics *grpcprometheus.ServerMetrics, log *slog.Logger) (*grpc.Server, error) { - issuer, err := atls.PlatformIssuer(log) + issuer, err := issuer.PlatformIssuer(log) if err != nil { return nil, fmt.Errorf("creating issuer: %w", err) } diff --git a/initializer/main.go b/initializer/main.go index 0c782c32ff..59882e4ea3 100644 --- a/initializer/main.go +++ b/initializer/main.go @@ -18,6 +18,7 @@ import ( "time" "github.com/edgelesssys/contrast/internal/atls" + "github.com/edgelesssys/contrast/internal/atls/issuer" "github.com/edgelesssys/contrast/internal/grpc/dialer" "github.com/edgelesssys/contrast/internal/logger" "github.com/edgelesssys/contrast/internal/meshapi" @@ -55,7 +56,7 @@ func run() (retErr error) { return fmt.Errorf("generating key: %w", err) } - issuer, err := atls.PlatformIssuer(log) + issuer, err := issuer.PlatformIssuer(log) if err != nil { return fmt.Errorf("creating issuer: %w", err) } diff --git a/internal/atls/issuer.go b/internal/atls/issuer/issuer.go similarity index 58% rename from internal/atls/issuer.go rename to internal/atls/issuer/issuer.go index 09ac4a192d..3fec2573e9 100644 --- a/internal/atls/issuer.go +++ b/internal/atls/issuer/issuer.go @@ -1,14 +1,16 @@ // Copyright 2024 Edgeless Systems GmbH // SPDX-License-Identifier: AGPL-3.0-only -package atls +package issuer import ( + "context" + "encoding/asn1" "fmt" "log/slog" - "github.com/edgelesssys/contrast/internal/attestation/snp" - "github.com/edgelesssys/contrast/internal/attestation/tdx" + snpissuer "github.com/edgelesssys/contrast/internal/attestation/snp/issuer" + tdxissuer "github.com/edgelesssys/contrast/internal/attestation/tdx/issuer" "github.com/edgelesssys/contrast/internal/logger" "github.com/klauspost/cpuid/v2" ) @@ -18,14 +20,25 @@ func PlatformIssuer(log *slog.Logger) (Issuer, error) { cpuid.Detect() switch { case cpuid.CPU.Supports(cpuid.SEV_SNP): - return snp.NewIssuer( + return snpissuer.New( logger.NewWithAttrs(logger.NewNamed(log, "issuer"), map[string]string{"tee-type": "snp"}), ), nil case cpuid.CPU.Supports(cpuid.TDX_GUEST): - return tdx.NewIssuer( + return tdxissuer.New( logger.NewWithAttrs(logger.NewNamed(log, "issuer"), map[string]string{"tee-type": "tdx"}), ), nil default: return nil, fmt.Errorf("unsupported platform: %T", cpuid.CPU) } } + +// Issuer issues an attestation document. +type Issuer interface { + Getter + Issue(ctx context.Context, userData []byte, nonce []byte) (quote []byte, err error) +} + +// Getter returns an ASN.1 Object Identifier. +type Getter interface { + OID() asn1.ObjectIdentifier +} diff --git a/internal/attestation/snp/issuer.go b/internal/attestation/snp/issuer/issuer.go similarity index 96% rename from internal/attestation/snp/issuer.go rename to internal/attestation/snp/issuer/issuer.go index 8eaf2e331a..7d5bdc4336 100644 --- a/internal/attestation/snp/issuer.go +++ b/internal/attestation/snp/issuer/issuer.go @@ -1,7 +1,8 @@ // Copyright 2024 Edgeless Systems GmbH // SPDX-License-Identifier: AGPL-3.0-only -package snp +// package issuer provides functions to create an aTLS issuer. +package issuer import ( "context" @@ -27,8 +28,8 @@ type Issuer struct { logger *slog.Logger } -// NewIssuer returns a new Issuer. -func NewIssuer(log *slog.Logger) *Issuer { +// New returns a new Issuer. +func New(log *slog.Logger) *Issuer { return &Issuer{ thimGetter: NewTHIMGetter(http.DefaultClient), logger: log, diff --git a/internal/attestation/snp/thim.go b/internal/attestation/snp/issuer/thim.go similarity index 99% rename from internal/attestation/snp/thim.go rename to internal/attestation/snp/issuer/thim.go index 88abf7446f..94b4ca8b91 100644 --- a/internal/attestation/snp/thim.go +++ b/internal/attestation/snp/issuer/thim.go @@ -1,7 +1,7 @@ // Copyright 2024 Edgeless Systems GmbH // SPDX-License-Identifier: AGPL-3.0-only -package snp +package issuer import ( "encoding/json" diff --git a/internal/attestation/tdx/issuer.go b/internal/attestation/tdx/issuer/issuer.go similarity index 95% rename from internal/attestation/tdx/issuer.go rename to internal/attestation/tdx/issuer/issuer.go index 100d381d92..c493113cfe 100644 --- a/internal/attestation/tdx/issuer.go +++ b/internal/attestation/tdx/issuer/issuer.go @@ -1,7 +1,7 @@ // Copyright 2024 Edgeless Systems GmbH // SPDX-License-Identifier: AGPL-3.0-only -package tdx +package issuer import ( "context" @@ -23,8 +23,8 @@ type Issuer struct { logger *slog.Logger } -// NewIssuer returns a new Issuer. -func NewIssuer(log *slog.Logger) *Issuer { +// New returns a new Issuer. +func New(log *slog.Logger) *Issuer { return &Issuer{ logger: log, }