diff --git a/internal/attestation/snp/validator.go b/internal/attestation/snp/validator.go index 4a5dcbb800..237957ed5d 100644 --- a/internal/attestation/snp/validator.go +++ b/internal/attestation/snp/validator.go @@ -13,10 +13,10 @@ import ( "github.com/edgelesssys/contrast/internal/attestation" "github.com/edgelesssys/contrast/internal/attestation/reportdata" "github.com/edgelesssys/contrast/internal/oid" - "github.com/google/go-sev-guest/abi" "github.com/google/go-sev-guest/proto/sevsnp" "github.com/google/go-sev-guest/validate" "github.com/google/go-sev-guest/verify" + "google.golang.org/protobuf/encoding/protojson" "google.golang.org/protobuf/proto" ) @@ -57,6 +57,13 @@ func (v *Validator) OID() asn1.ObjectIdentifier { // Validate a TPM based attestation. func (v *Validator) Validate(attDocRaw []byte, nonce []byte, peerPublicKey []byte) (err error) { v.logger.Info("Validate called", "nonce", hex.EncodeToString(nonce)) + defer func() { + if err != nil { + v.logger.Error("Validation failed", "error", err) + } else { + v.logger.Info("Validation successful") + } + }() // Parse the attestation document. @@ -68,11 +75,8 @@ func (v *Validator) Validate(attDocRaw []byte, nonce []byte, peerPublicKey []byt if attestationData.Report == nil { return fmt.Errorf("attestation missing report") } - reportRaw, err := abi.ReportToAbiBytes(attestationData.Report) - if err != nil { - return fmt.Errorf("converting report to abi format: %w", err) - } - v.logger.Info("Report decoded", "reportRaw", hex.EncodeToString(reportRaw)) + report := protojson.MarshalOptions{Multiline: false}.Format(attestationData.Report) + v.logger.Info("Report decoded", "report", report) // Report signature verification. @@ -88,14 +92,11 @@ func (v *Validator) Validate(attDocRaw []byte, nonce []byte, peerPublicKey []byt if err := validate.SnpAttestation(attestationData, v.validateOpts); err != nil { return fmt.Errorf("validating report claims: %w", err) } - v.logger.Info("Successfully validated report data") if v.reportSetter != nil { report := snpReport{report: attestationData.Report} v.reportSetter.SetReport(report) } - - v.logger.Info("Validate finished successfully") return nil } diff --git a/internal/attestation/tdx/validator.go b/internal/attestation/tdx/validator.go index 91b65da316..619c30bf2d 100644 --- a/internal/attestation/tdx/validator.go +++ b/internal/attestation/tdx/validator.go @@ -15,10 +15,10 @@ import ( "github.com/edgelesssys/contrast/internal/attestation" "github.com/edgelesssys/contrast/internal/attestation/reportdata" "github.com/edgelesssys/contrast/internal/oid" - "github.com/google/go-tdx-guest/abi" "github.com/google/go-tdx-guest/proto/tdx" "github.com/google/go-tdx-guest/validate" "github.com/google/go-tdx-guest/verify" + "google.golang.org/protobuf/encoding/protojson" "google.golang.org/protobuf/proto" ) @@ -79,6 +79,13 @@ func (v *Validator) Validate(attDocRaw []byte, nonce []byte, peerPublicKey []byt // TODO(freax13): Validate the memory integrity mode (logical vs cryptographic) in the provisioning certificate. v.logger.Info("Validate called", "nonce", hex.EncodeToString(nonce)) + defer func() { + if err != nil { + v.logger.Error("Validation failed", "error", err) + } else { + v.logger.Info("Validation successful") + } + }() // Parse the attestation document. @@ -87,11 +94,8 @@ func (v *Validator) Validate(attDocRaw []byte, nonce []byte, peerPublicKey []byt return fmt.Errorf("unmarshaling attestation: %w", err) } - quoteRaw, err := abi.QuoteToAbiBytes(quote) - if err != nil { - return fmt.Errorf("converting quote to abi format: %w", err) - } - v.logger.Info("Quote decoded", "quoteRaw", hex.EncodeToString(quoteRaw)) + quoteJSON := protojson.MarshalOptions{Multiline: false}.Format(quote) + v.logger.Info("Quote decoded", "quote", quoteJSON) // Build the verification options. @@ -126,14 +130,11 @@ func (v *Validator) Validate(attDocRaw []byte, nonce []byte, peerPublicKey []byt if err := validate.TdxQuote(quote, validateOpts); err != nil { return fmt.Errorf("validating report data: %w", err) } - v.logger.Info("Successfully validated report data") if v.reportSetter != nil { report := tdxReport{quote: quote} v.reportSetter.SetReport(report) } - - v.logger.Info("Validate finished successfully") return nil }