feat: add manifest parser

tinfoilanalytics · Jan 10, 2025 · 8851c0e · 8851c0e
1 parent 82d4f61
commit 8851c0e
Show file tree

Hide file tree

Showing 28 changed files with 8,402 additions and 2 deletions.
diff --git a/go.mod b/go.mod
@@ -6,12 +6,14 @@ require (
 	github.com/blocky/nitrite v0.0.1
 	github.com/sigstore/protobuf-specs v0.3.2
 	github.com/sigstore/sigstore-go v0.6.2
+	github.com/stretchr/testify v1.9.0
 )
 
 require (
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect
 	github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
@@ -50,6 +52,7 @@ require (
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
 	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/sassoftware/relic v7.2.1+incompatible // indirect

diff --git a/pkg/models/manifest.go b/pkg/models/manifest.go
@@ -0,0 +1,57 @@
+package models
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"github.com/blocky/nitrite"
+)
+
+type Attestation struct {
+	Measurements []string
+}
+
+type Manifest struct {
+	Version     string `json:"version"`
+	Attestation struct {
+		Format string `json:"format"`
+		Body   string `json:"body"`
+	} `json:"attestation"`
+}
+
+func ParseManifest(j string) (*Manifest, error) {
+	var m Manifest
+	if err := json.Unmarshal([]byte(j), &m); err != nil {
+		return nil, err
+	}
+	return &m, nil
+}
+
+func parseAWSNitroAttestation(attestationDoc string) (*Attestation, error) {
+	attDocBytes, err := base64.StdEncoding.DecodeString(attestationDoc)
+	if err != nil {
+		return nil, err
+	}
+	attestedResult, err := nitrite.Verify(attDocBytes, nitrite.VerifyOptions{})
+	if err != nil {
+		return nil, err
+	}
+
+	pcrs := MeasurementFromDoc(attestedResult.Document)
+	return &Attestation{
+		Measurements: []string{
+			pcrs.PCR0,
+			pcrs.PCR1,
+			pcrs.PCR2,
+		},
+	}, nil
+}
+
+func (m *Manifest) GetAttestation() (*Attestation, error) {
+	switch m.Attestation.Format {
+	case "awsnitro":
+		return parseAWSNitroAttestation(m.Attestation.Body)
+	default:
+		return nil, errors.New("unsupported attestation format")
+	}
+}
diff --git a/vendor/github.com/davecgh/go-spew/LICENSE b/vendor/github.com/davecgh/go-spew/LICENSE
diff --git a/vendor/github.com/davecgh/go-spew/spew/bypass.go b/vendor/github.com/davecgh/go-spew/spew/bypass.go
diff --git a/vendor/github.com/davecgh/go-spew/spew/bypasssafe.go b/vendor/github.com/davecgh/go-spew/spew/bypasssafe.go