mirror of
https://github.com/gravitational/teleport
synced 2024-10-22 02:03:24 +00:00
TPM support in Device Trust protobufs (#24518)
* Add protos for TPM enrollment ceremony * Add modifications to Device object for TPM support * Add new fields to the resource type * Add "Der" prefix to tpm_attestation_key field for consistency * Add test for conversion code * Fix incorrect field number for proto message * Allow empty string in resource for unspecified Co-authored-by: Alan Parra <alan.parra@goteleport.com> * Rename DeviceAttestationType * Clarify ActivateCredential process * Finish renaming to DeviceAttestationType * Use unspecified --------- Co-authored-by: Alan Parra <alan.parra@goteleport.com>
This commit is contained in:
parent
4b31ba88ab
commit
c769ad3252
|
@ -35,6 +35,62 @@ const (
|
|||
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
|
||||
)
|
||||
|
||||
// AttestationType indicates the degree to which the device credential has
|
||||
// been attested.
|
||||
type DeviceAttestationType int32
|
||||
|
||||
const (
|
||||
// Bare public key which has only verified with proof of ownership.
|
||||
// Used on macOS.
|
||||
DeviceAttestationType_DEVICE_ATTESTATION_TYPE_UNSPECIFIED DeviceAttestationType = 0
|
||||
// Credential was verified through a TPM EK->AK->App key chain on enrollment.
|
||||
DeviceAttestationType_DEVICE_ATTESTATION_TYPE_TPM DeviceAttestationType = 1
|
||||
// Credential was verified through a TPM EK->AK->App key chain on enrollment
|
||||
// and an EKCert was present and signed by a configured approved CA.
|
||||
DeviceAttestationType_DEVICE_ATTESTATION_TYPE_TPM_EKCERT DeviceAttestationType = 2
|
||||
)
|
||||
|
||||
// Enum value maps for DeviceAttestationType.
|
||||
var (
|
||||
DeviceAttestationType_name = map[int32]string{
|
||||
0: "DEVICE_ATTESTATION_TYPE_UNSPECIFIED",
|
||||
1: "DEVICE_ATTESTATION_TYPE_TPM",
|
||||
2: "DEVICE_ATTESTATION_TYPE_TPM_EKCERT",
|
||||
}
|
||||
DeviceAttestationType_value = map[string]int32{
|
||||
"DEVICE_ATTESTATION_TYPE_UNSPECIFIED": 0,
|
||||
"DEVICE_ATTESTATION_TYPE_TPM": 1,
|
||||
"DEVICE_ATTESTATION_TYPE_TPM_EKCERT": 2,
|
||||
}
|
||||
)
|
||||
|
||||
func (x DeviceAttestationType) Enum() *DeviceAttestationType {
|
||||
p := new(DeviceAttestationType)
|
||||
*p = x
|
||||
return p
|
||||
}
|
||||
|
||||
func (x DeviceAttestationType) String() string {
|
||||
return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
|
||||
}
|
||||
|
||||
func (DeviceAttestationType) Descriptor() protoreflect.EnumDescriptor {
|
||||
return file_teleport_devicetrust_v1_device_proto_enumTypes[0].Descriptor()
|
||||
}
|
||||
|
||||
func (DeviceAttestationType) Type() protoreflect.EnumType {
|
||||
return &file_teleport_devicetrust_v1_device_proto_enumTypes[0]
|
||||
}
|
||||
|
||||
func (x DeviceAttestationType) Number() protoreflect.EnumNumber {
|
||||
return protoreflect.EnumNumber(x)
|
||||
}
|
||||
|
||||
// Deprecated: Use DeviceAttestationType.Descriptor instead.
|
||||
func (DeviceAttestationType) EnumDescriptor() ([]byte, []int) {
|
||||
return file_teleport_devicetrust_v1_device_proto_rawDescGZIP(), []int{0}
|
||||
}
|
||||
|
||||
// DeviceEnrollStatus represents the enrollment status of a device.
|
||||
type DeviceEnrollStatus int32
|
||||
|
||||
|
@ -71,11 +127,11 @@ func (x DeviceEnrollStatus) String() string {
|
|||
}
|
||||
|
||||
func (DeviceEnrollStatus) Descriptor() protoreflect.EnumDescriptor {
|
||||
return file_teleport_devicetrust_v1_device_proto_enumTypes[0].Descriptor()
|
||||
return file_teleport_devicetrust_v1_device_proto_enumTypes[1].Descriptor()
|
||||
}
|
||||
|
||||
func (DeviceEnrollStatus) Type() protoreflect.EnumType {
|
||||
return &file_teleport_devicetrust_v1_device_proto_enumTypes[0]
|
||||
return &file_teleport_devicetrust_v1_device_proto_enumTypes[1]
|
||||
}
|
||||
|
||||
func (x DeviceEnrollStatus) Number() protoreflect.EnumNumber {
|
||||
|
@ -84,7 +140,7 @@ func (x DeviceEnrollStatus) Number() protoreflect.EnumNumber {
|
|||
|
||||
// Deprecated: Use DeviceEnrollStatus.Descriptor instead.
|
||||
func (DeviceEnrollStatus) EnumDescriptor() ([]byte, []int) {
|
||||
return file_teleport_devicetrust_v1_device_proto_rawDescGZIP(), []int{0}
|
||||
return file_teleport_devicetrust_v1_device_proto_rawDescGZIP(), []int{1}
|
||||
}
|
||||
|
||||
// Device represents a registered device.
|
||||
|
@ -268,7 +324,19 @@ type DeviceCredential struct {
|
|||
// Unique identifier of the credential, defined client-side.
|
||||
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
|
||||
// Device public key marshaled as a PKIX, ASN.1 DER.
|
||||
// For TPMs, this is the public application key.
|
||||
PublicKeyDer []byte `protobuf:"bytes,2,opt,name=public_key_der,json=publicKeyDer,proto3" json:"public_key_der,omitempty"`
|
||||
// The degree to which the device credential is attested.
|
||||
DeviceAttestationType DeviceAttestationType `protobuf:"varint,3,opt,name=device_attestation_type,json=deviceAttestationType,proto3,enum=teleport.devicetrust.v1.DeviceAttestationType" json:"device_attestation_type,omitempty"`
|
||||
// If the device is a TPM device, stores the serial number from the TPM
|
||||
// endorsement certificate.
|
||||
// The certificate is not stored for security reasons, but the serial can be
|
||||
// used to retrieve information about a specific unit from the manufacturer
|
||||
// at a later date.
|
||||
TpmSerial string `protobuf:"bytes,4,opt,name=tpm_serial,json=tpmSerial,proto3" json:"tpm_serial,omitempty"`
|
||||
// If the device is a TPM device, stores the public AK in PKIX, ASN.1 DER
|
||||
// form.
|
||||
TpmAttestationKeyDer []byte `protobuf:"bytes,5,opt,name=tpm_attestation_key_der,json=tpmAttestationKeyDer,proto3" json:"tpm_attestation_key_der,omitempty"`
|
||||
}
|
||||
|
||||
func (x *DeviceCredential) Reset() {
|
||||
|
@ -317,6 +385,27 @@ func (x *DeviceCredential) GetPublicKeyDer() []byte {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (x *DeviceCredential) GetDeviceAttestationType() DeviceAttestationType {
|
||||
if x != nil {
|
||||
return x.DeviceAttestationType
|
||||
}
|
||||
return DeviceAttestationType_DEVICE_ATTESTATION_TYPE_UNSPECIFIED
|
||||
}
|
||||
|
||||
func (x *DeviceCredential) GetTpmSerial() string {
|
||||
if x != nil {
|
||||
return x.TpmSerial
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
func (x *DeviceCredential) GetTpmAttestationKeyDer() []byte {
|
||||
if x != nil {
|
||||
return x.TpmAttestationKeyDer
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
var File_teleport_devicetrust_v1_device_proto protoreflect.FileDescriptor
|
||||
|
||||
var file_teleport_devicetrust_v1_device_proto_rawDesc = []byte{
|
||||
|
@ -385,26 +474,47 @@ var file_teleport_devicetrust_v1_device_proto_rawDesc = []byte{
|
|||
0x6c, 0x65, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70,
|
||||
0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e,
|
||||
0x76, 0x31, 0x2e, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65,
|
||||
0x52, 0x07, 0x70, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x22, 0x48, 0x0a, 0x10, 0x44, 0x65, 0x76,
|
||||
0x69, 0x63, 0x65, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x12, 0x0e, 0x0a,
|
||||
0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x24, 0x0a,
|
||||
0x0e, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x64, 0x65, 0x72, 0x18,
|
||||
0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0c, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79,
|
||||
0x44, 0x65, 0x72, 0x2a, 0x84, 0x01, 0x0a, 0x12, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e,
|
||||
0x72, 0x6f, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x24, 0x0a, 0x20, 0x44, 0x45,
|
||||
0x56, 0x49, 0x43, 0x45, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x53, 0x54, 0x41, 0x54,
|
||||
0x55, 0x53, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00,
|
||||
0x12, 0x25, 0x0a, 0x21, 0x44, 0x45, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c,
|
||||
0x4c, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x4e, 0x4f, 0x54, 0x5f, 0x45, 0x4e, 0x52,
|
||||
0x4f, 0x4c, 0x4c, 0x45, 0x44, 0x10, 0x01, 0x12, 0x21, 0x0a, 0x1d, 0x44, 0x45, 0x56, 0x49, 0x43,
|
||||
0x45, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f,
|
||||
0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x45, 0x44, 0x10, 0x02, 0x42, 0x5a, 0x5a, 0x58, 0x67, 0x69,
|
||||
0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x72, 0x61, 0x76, 0x69, 0x74, 0x61,
|
||||
0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f,
|
||||
0x61, 0x70, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f,
|
||||
0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65,
|
||||
0x74, 0x72, 0x75, 0x73, 0x74, 0x2f, 0x76, 0x31, 0x3b, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74,
|
||||
0x72, 0x75, 0x73, 0x74, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
|
||||
0x52, 0x07, 0x70, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x22, 0x86, 0x02, 0x0a, 0x10, 0x44, 0x65,
|
||||
0x76, 0x69, 0x63, 0x65, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x12, 0x0e,
|
||||
0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x24,
|
||||
0x0a, 0x0e, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x64, 0x65, 0x72,
|
||||
0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0c, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65,
|
||||
0x79, 0x44, 0x65, 0x72, 0x12, 0x66, 0x0a, 0x17, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x61,
|
||||
0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18,
|
||||
0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2e, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74,
|
||||
0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e,
|
||||
0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f,
|
||||
0x6e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x15, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x41, 0x74, 0x74,
|
||||
0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1d, 0x0a, 0x0a,
|
||||
0x74, 0x70, 0x6d, 0x5f, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09,
|
||||
0x52, 0x09, 0x74, 0x70, 0x6d, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x35, 0x0a, 0x17, 0x74,
|
||||
0x70, 0x6d, 0x5f, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6b,
|
||||
0x65, 0x79, 0x5f, 0x64, 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x14, 0x74, 0x70,
|
||||
0x6d, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x44,
|
||||
0x65, 0x72, 0x2a, 0x89, 0x01, 0x0a, 0x15, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x41, 0x74, 0x74,
|
||||
0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x79, 0x70, 0x65, 0x12, 0x27, 0x0a, 0x23,
|
||||
0x44, 0x45, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x41, 0x54, 0x54, 0x45, 0x53, 0x54, 0x41, 0x54, 0x49,
|
||||
0x4f, 0x4e, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46,
|
||||
0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1f, 0x0a, 0x1b, 0x44, 0x45, 0x56, 0x49, 0x43, 0x45, 0x5f,
|
||||
0x41, 0x54, 0x54, 0x45, 0x53, 0x54, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x54, 0x59, 0x50, 0x45,
|
||||
0x5f, 0x54, 0x50, 0x4d, 0x10, 0x01, 0x12, 0x26, 0x0a, 0x22, 0x44, 0x45, 0x56, 0x49, 0x43, 0x45,
|
||||
0x5f, 0x41, 0x54, 0x54, 0x45, 0x53, 0x54, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x54, 0x59, 0x50,
|
||||
0x45, 0x5f, 0x54, 0x50, 0x4d, 0x5f, 0x45, 0x4b, 0x43, 0x45, 0x52, 0x54, 0x10, 0x02, 0x2a, 0x84,
|
||||
0x01, 0x0a, 0x12, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x53,
|
||||
0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x24, 0x0a, 0x20, 0x44, 0x45, 0x56, 0x49, 0x43, 0x45, 0x5f,
|
||||
0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e,
|
||||
0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x25, 0x0a, 0x21, 0x44,
|
||||
0x45, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x53, 0x54, 0x41,
|
||||
0x54, 0x55, 0x53, 0x5f, 0x4e, 0x4f, 0x54, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x45, 0x44,
|
||||
0x10, 0x01, 0x12, 0x21, 0x0a, 0x1d, 0x44, 0x45, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x45, 0x4e, 0x52,
|
||||
0x4f, 0x4c, 0x4c, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c,
|
||||
0x4c, 0x45, 0x44, 0x10, 0x02, 0x42, 0x5a, 0x5a, 0x58, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e,
|
||||
0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x72, 0x61, 0x76, 0x69, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61,
|
||||
0x6c, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x67,
|
||||
0x65, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x2f, 0x74, 0x65, 0x6c, 0x65,
|
||||
0x70, 0x6f, 0x72, 0x74, 0x2f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74,
|
||||
0x2f, 0x76, 0x31, 0x3b, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x76,
|
||||
0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
|
||||
}
|
||||
|
||||
var (
|
||||
|
@ -419,34 +529,36 @@ func file_teleport_devicetrust_v1_device_proto_rawDescGZIP() []byte {
|
|||
return file_teleport_devicetrust_v1_device_proto_rawDescData
|
||||
}
|
||||
|
||||
var file_teleport_devicetrust_v1_device_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
|
||||
var file_teleport_devicetrust_v1_device_proto_enumTypes = make([]protoimpl.EnumInfo, 2)
|
||||
var file_teleport_devicetrust_v1_device_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
|
||||
var file_teleport_devicetrust_v1_device_proto_goTypes = []interface{}{
|
||||
(DeviceEnrollStatus)(0), // 0: teleport.devicetrust.v1.DeviceEnrollStatus
|
||||
(*Device)(nil), // 1: teleport.devicetrust.v1.Device
|
||||
(*DeviceCredential)(nil), // 2: teleport.devicetrust.v1.DeviceCredential
|
||||
(OSType)(0), // 3: teleport.devicetrust.v1.OSType
|
||||
(*timestamppb.Timestamp)(nil), // 4: google.protobuf.Timestamp
|
||||
(*DeviceEnrollToken)(nil), // 5: teleport.devicetrust.v1.DeviceEnrollToken
|
||||
(*DeviceCollectedData)(nil), // 6: teleport.devicetrust.v1.DeviceCollectedData
|
||||
(*DeviceSource)(nil), // 7: teleport.devicetrust.v1.DeviceSource
|
||||
(*DeviceProfile)(nil), // 8: teleport.devicetrust.v1.DeviceProfile
|
||||
(DeviceAttestationType)(0), // 0: teleport.devicetrust.v1.DeviceAttestationType
|
||||
(DeviceEnrollStatus)(0), // 1: teleport.devicetrust.v1.DeviceEnrollStatus
|
||||
(*Device)(nil), // 2: teleport.devicetrust.v1.Device
|
||||
(*DeviceCredential)(nil), // 3: teleport.devicetrust.v1.DeviceCredential
|
||||
(OSType)(0), // 4: teleport.devicetrust.v1.OSType
|
||||
(*timestamppb.Timestamp)(nil), // 5: google.protobuf.Timestamp
|
||||
(*DeviceEnrollToken)(nil), // 6: teleport.devicetrust.v1.DeviceEnrollToken
|
||||
(*DeviceCollectedData)(nil), // 7: teleport.devicetrust.v1.DeviceCollectedData
|
||||
(*DeviceSource)(nil), // 8: teleport.devicetrust.v1.DeviceSource
|
||||
(*DeviceProfile)(nil), // 9: teleport.devicetrust.v1.DeviceProfile
|
||||
}
|
||||
var file_teleport_devicetrust_v1_device_proto_depIdxs = []int32{
|
||||
3, // 0: teleport.devicetrust.v1.Device.os_type:type_name -> teleport.devicetrust.v1.OSType
|
||||
4, // 1: teleport.devicetrust.v1.Device.create_time:type_name -> google.protobuf.Timestamp
|
||||
4, // 2: teleport.devicetrust.v1.Device.update_time:type_name -> google.protobuf.Timestamp
|
||||
5, // 3: teleport.devicetrust.v1.Device.enroll_token:type_name -> teleport.devicetrust.v1.DeviceEnrollToken
|
||||
0, // 4: teleport.devicetrust.v1.Device.enroll_status:type_name -> teleport.devicetrust.v1.DeviceEnrollStatus
|
||||
2, // 5: teleport.devicetrust.v1.Device.credential:type_name -> teleport.devicetrust.v1.DeviceCredential
|
||||
6, // 6: teleport.devicetrust.v1.Device.collected_data:type_name -> teleport.devicetrust.v1.DeviceCollectedData
|
||||
7, // 7: teleport.devicetrust.v1.Device.source:type_name -> teleport.devicetrust.v1.DeviceSource
|
||||
8, // 8: teleport.devicetrust.v1.Device.profile:type_name -> teleport.devicetrust.v1.DeviceProfile
|
||||
9, // [9:9] is the sub-list for method output_type
|
||||
9, // [9:9] is the sub-list for method input_type
|
||||
9, // [9:9] is the sub-list for extension type_name
|
||||
9, // [9:9] is the sub-list for extension extendee
|
||||
0, // [0:9] is the sub-list for field type_name
|
||||
4, // 0: teleport.devicetrust.v1.Device.os_type:type_name -> teleport.devicetrust.v1.OSType
|
||||
5, // 1: teleport.devicetrust.v1.Device.create_time:type_name -> google.protobuf.Timestamp
|
||||
5, // 2: teleport.devicetrust.v1.Device.update_time:type_name -> google.protobuf.Timestamp
|
||||
6, // 3: teleport.devicetrust.v1.Device.enroll_token:type_name -> teleport.devicetrust.v1.DeviceEnrollToken
|
||||
1, // 4: teleport.devicetrust.v1.Device.enroll_status:type_name -> teleport.devicetrust.v1.DeviceEnrollStatus
|
||||
3, // 5: teleport.devicetrust.v1.Device.credential:type_name -> teleport.devicetrust.v1.DeviceCredential
|
||||
7, // 6: teleport.devicetrust.v1.Device.collected_data:type_name -> teleport.devicetrust.v1.DeviceCollectedData
|
||||
8, // 7: teleport.devicetrust.v1.Device.source:type_name -> teleport.devicetrust.v1.DeviceSource
|
||||
9, // 8: teleport.devicetrust.v1.Device.profile:type_name -> teleport.devicetrust.v1.DeviceProfile
|
||||
0, // 9: teleport.devicetrust.v1.DeviceCredential.device_attestation_type:type_name -> teleport.devicetrust.v1.DeviceAttestationType
|
||||
10, // [10:10] is the sub-list for method output_type
|
||||
10, // [10:10] is the sub-list for method input_type
|
||||
10, // [10:10] is the sub-list for extension type_name
|
||||
10, // [10:10] is the sub-list for extension extendee
|
||||
0, // [0:10] is the sub-list for field type_name
|
||||
}
|
||||
|
||||
func init() { file_teleport_devicetrust_v1_device_proto_init() }
|
||||
|
@ -490,7 +602,7 @@ func file_teleport_devicetrust_v1_device_proto_init() {
|
|||
File: protoimpl.DescBuilder{
|
||||
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
|
||||
RawDescriptor: file_teleport_devicetrust_v1_device_proto_rawDesc,
|
||||
NumEnums: 1,
|
||||
NumEnums: 2,
|
||||
NumMessages: 2,
|
||||
NumExtensions: 0,
|
||||
NumServices: 0,
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -105,6 +105,18 @@ type DeviceTrustServiceClient interface {
|
|||
// An enrolled device is allowed, via AuthenticateDevice, to acquire
|
||||
// certificates containing device extensions, thus gaining access to
|
||||
// device-aware actions.
|
||||
//
|
||||
// macOS enrollment flow:
|
||||
// -> EnrollDeviceInit (client)
|
||||
// <- MacOSEnrollChallenge (server)
|
||||
// -> MacOSEnrollChallengeResponse
|
||||
// <- EnrollDeviceSuccess
|
||||
//
|
||||
// TPM enrollment flow:
|
||||
// -> EnrollDeviceInit (client)
|
||||
// <- TPMEnrollChallenge (server)
|
||||
// -> TPMEnrollChallengeResponse
|
||||
// <- EnrollDeviceSuccess
|
||||
EnrollDevice(ctx context.Context, opts ...grpc.CallOption) (DeviceTrustService_EnrollDeviceClient, error)
|
||||
// AuthenticateDevice performs the device authentication ceremony.
|
||||
//
|
||||
|
@ -362,6 +374,18 @@ type DeviceTrustServiceServer interface {
|
|||
// An enrolled device is allowed, via AuthenticateDevice, to acquire
|
||||
// certificates containing device extensions, thus gaining access to
|
||||
// device-aware actions.
|
||||
//
|
||||
// macOS enrollment flow:
|
||||
// -> EnrollDeviceInit (client)
|
||||
// <- MacOSEnrollChallenge (server)
|
||||
// -> MacOSEnrollChallengeResponse
|
||||
// <- EnrollDeviceSuccess
|
||||
//
|
||||
// TPM enrollment flow:
|
||||
// -> EnrollDeviceInit (client)
|
||||
// <- TPMEnrollChallenge (server)
|
||||
// -> TPMEnrollChallengeResponse
|
||||
// <- EnrollDeviceSuccess
|
||||
EnrollDevice(DeviceTrustService_EnrollDeviceServer) error
|
||||
// AuthenticateDevice performs the device authentication ceremony.
|
||||
//
|
||||
|
|
|
@ -93,7 +93,32 @@ message DeviceCredential {
|
|||
// Unique identifier of the credential, defined client-side.
|
||||
string id = 1;
|
||||
// Device public key marshaled as a PKIX, ASN.1 DER.
|
||||
// For TPMs, this is the public application key.
|
||||
bytes public_key_der = 2;
|
||||
// The degree to which the device credential is attested.
|
||||
DeviceAttestationType device_attestation_type = 3;
|
||||
// If the device is a TPM device, stores the serial number from the TPM
|
||||
// endorsement certificate.
|
||||
// The certificate is not stored for security reasons, but the serial can be
|
||||
// used to retrieve information about a specific unit from the manufacturer
|
||||
// at a later date.
|
||||
string tpm_serial = 4;
|
||||
// If the device is a TPM device, stores the public AK in PKIX, ASN.1 DER
|
||||
// form.
|
||||
bytes tpm_attestation_key_der = 5;
|
||||
}
|
||||
|
||||
// AttestationType indicates the degree to which the device credential has
|
||||
// been attested.
|
||||
enum DeviceAttestationType {
|
||||
// Bare public key which has only verified with proof of ownership.
|
||||
// Used on macOS.
|
||||
DEVICE_ATTESTATION_TYPE_UNSPECIFIED = 0;
|
||||
// Credential was verified through a TPM EK->AK->App key chain on enrollment.
|
||||
DEVICE_ATTESTATION_TYPE_TPM = 1;
|
||||
// Credential was verified through a TPM EK->AK->App key chain on enrollment
|
||||
// and an EKCert was present and signed by a configured approved CA.
|
||||
DEVICE_ATTESTATION_TYPE_TPM_EKCERT = 2;
|
||||
}
|
||||
|
||||
// DeviceEnrollStatus represents the enrollment status of a device.
|
||||
|
|
|
@ -111,6 +111,18 @@ service DeviceTrustService {
|
|||
// An enrolled device is allowed, via AuthenticateDevice, to acquire
|
||||
// certificates containing device extensions, thus gaining access to
|
||||
// device-aware actions.
|
||||
//
|
||||
// macOS enrollment flow:
|
||||
// -> EnrollDeviceInit (client)
|
||||
// <- MacOSEnrollChallenge (server)
|
||||
// -> MacOSEnrollChallengeResponse
|
||||
// <- EnrollDeviceSuccess
|
||||
//
|
||||
// TPM enrollment flow:
|
||||
// -> EnrollDeviceInit (client)
|
||||
// <- TPMEnrollChallenge (server)
|
||||
// -> TPMEnrollChallengeResponse
|
||||
// <- EnrollDeviceSuccess
|
||||
rpc EnrollDevice(stream EnrollDeviceRequest) returns (stream EnrollDeviceResponse);
|
||||
|
||||
// AuthenticateDevice performs the device authentication ceremony.
|
||||
|
@ -284,18 +296,11 @@ message CreateDeviceEnrollTokenRequest {
|
|||
}
|
||||
|
||||
// Request for EnrollDevice.
|
||||
//
|
||||
// macOS enrollment flow:
|
||||
// -> EnrollDeviceInit (client)
|
||||
// <- MacOSEnrollChallenge (server)
|
||||
// -> MacOSEnrollChallengeResponse
|
||||
// <- EnrollDeviceSuccess
|
||||
//
|
||||
// Only macOS enrollments are supported at the moment.
|
||||
message EnrollDeviceRequest {
|
||||
oneof payload {
|
||||
EnrollDeviceInit init = 1;
|
||||
MacOSEnrollChallengeResponse macos_challenge_response = 2;
|
||||
TPMEnrollChallengeResponse tpm_challenge_response = 3;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -304,6 +309,7 @@ message EnrollDeviceResponse {
|
|||
oneof payload {
|
||||
EnrollDeviceSuccess success = 1;
|
||||
MacOSEnrollChallenge macos_challenge = 2;
|
||||
TPMEnrollChallenge tpm_challenge = 3;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -323,6 +329,9 @@ message EnrollDeviceInit {
|
|||
|
||||
// Payload for macOS-specific data.
|
||||
MacOSEnrollPayload macos = 4;
|
||||
|
||||
// Payload for TPM-specific data. Used for Windows/Linux.
|
||||
TPMEnrollPayload tpm = 5;
|
||||
}
|
||||
|
||||
// EnrollDeviceSuccess marks a successful device enrollment ceremony.
|
||||
|
@ -349,6 +358,91 @@ message MacOSEnrollChallengeResponse {
|
|||
bytes signature = 2;
|
||||
}
|
||||
|
||||
// The payload containing TPM specific information required on device
|
||||
// enrollment.
|
||||
message TPMEnrollPayload {
|
||||
oneof ek {
|
||||
// The device's endorsement certificate in X509, ASN.1 DER form. This
|
||||
// certificate contains the public key of the endorsement key. This is
|
||||
// preferred to ek_key.
|
||||
bytes ek_cert = 1;
|
||||
// The device's public endorsement key in PKIX, ASN.1 DER form. This is
|
||||
// used when a TPM does not contain any endorsement certificates.
|
||||
bytes ek_key = 2;
|
||||
}
|
||||
// The attestation key and the parameters necessary to remotely verify it as
|
||||
// related to the endorsement key.
|
||||
TPMAttestationParameters attestation_parameters = 3;
|
||||
// The application key and the parameters necessary to remotely certify it as
|
||||
// related to the attestation key.
|
||||
TPMCertificationParameters application_certification_parameters = 4;
|
||||
}
|
||||
|
||||
// The attestation key and the parameters necessary to remotely verify it as
|
||||
// related to the endorsement key.
|
||||
// See https://pkg.go.dev/github.com/google/go-attestation/attest#AttestationParameters.
|
||||
// This message excludes the `UseTCSDActivationFormat` field from the link above
|
||||
// as it is TMP 1.x specific and always false.
|
||||
message TPMAttestationParameters {
|
||||
// The encoded TPMT_PUBLIC structure containing the attestation public key
|
||||
// and signing parameters.
|
||||
bytes public = 1;
|
||||
// The properties of the attestation key, encoded as a TPMS_CREATION_DATA
|
||||
// structure.
|
||||
bytes create_data = 2;
|
||||
// An assertion as to the details of the key, encoded as a TPMS_ATTEST
|
||||
// structure.
|
||||
bytes create_attestation = 3;
|
||||
// A signature of create_attestation, encoded as a TPMT_SIGNATURE structure.
|
||||
bytes create_signature = 4;
|
||||
}
|
||||
|
||||
// The application key and the parameters necessary to remotely certify it as
|
||||
// related to the attestation key.
|
||||
// See https://pkg.go.dev/github.com/google/go-attestation/attest#CertificationParameters
|
||||
message TPMCertificationParameters {
|
||||
// The encoded TPMT_PUBLIC structure containing the application public key
|
||||
// and signing parameters.
|
||||
bytes public = 1;
|
||||
// The properties of the application key, encoded as a TPMS_CREATION_DATA
|
||||
// structure.
|
||||
bytes create_data = 2;
|
||||
// An assertion as to the details of the key, encoded as a TPMS_ATTEST
|
||||
// structure.
|
||||
bytes create_attestation = 3;
|
||||
// A signature of create_attestation, encoded as a TPMT_SIGNATURE structure.
|
||||
bytes create_signature = 4;
|
||||
}
|
||||
|
||||
// The enrollment challenge sent to the client by the server in order to
|
||||
// validate it has possession of the EK and AK.
|
||||
//
|
||||
// These values are used by the TPM2.0 `ActivateCredential` command to produce
|
||||
// the solution which proves possession.
|
||||
//
|
||||
// For a more in-depth description see:
|
||||
// - https://trustedcomputinggroup.org/wp-content/uploads/TCG_TPM2_r1p59_Part3_Commands_code_pub.pdf (Heading 12.5.1 "TPM2_ActivateCredential" "General Description")
|
||||
// - https://github.com/google/go-attestation/blob/v0.4.3/attest/activation.go#L199
|
||||
// - https://github.com/google/go-tpm/blob/v0.3.3/tpm2/credactivation/credential_activation.go#L61
|
||||
message TPMEnrollChallenge {
|
||||
// The `credential_blob` parameter to be used with the `ActivateCredential`
|
||||
// command. This is used with the decrypted value of `secret` in a
|
||||
// cryptographic process to decrypt the solution.
|
||||
bytes credential_blob = 1;
|
||||
// The `secret` parameter to be used with `ActivateCredential`. This is a
|
||||
// seed which can be decrypted with the EK. The decrypted seed is then used
|
||||
// when decrypting `credential_blob`.
|
||||
bytes secret = 2;
|
||||
}
|
||||
|
||||
// The enrollment challenge response containing the solution returned by
|
||||
// calling the TPM2.0 `ActivateCredential` command on the client with the
|
||||
// parameters provided in `TPMEnrollChallenge`.
|
||||
message TPMEnrollChallengeResponse {
|
||||
// The proof of possession of both the EK and AK.
|
||||
bytes solution = 1;
|
||||
}
|
||||
|
||||
// Request for AuthenticateDevice.
|
||||
//
|
||||
// Authentication ceremony flow:
|
||||
|
|
|
@ -66,6 +66,9 @@ message DeviceSpec {
|
|||
message DeviceCredential {
|
||||
string id = 1 [(gogoproto.jsontag) = "id"];
|
||||
bytes public_key_der = 2 [(gogoproto.jsontag) = "public_key_der"];
|
||||
string device_attestation_type = 3 [(gogoproto.jsontag) = "device_attestation_type"];
|
||||
string tpm_serial = 4 [(gogoproto.jsontag) = "tpm_serial"];
|
||||
bytes tpm_attestation_key_der = 5 [(gogoproto.jsontag) = "tpm_attestation_key_der"];
|
||||
}
|
||||
|
||||
// DeviceCollectedData is the resource representation of
|
||||
|
|
|
@ -36,6 +36,7 @@ func (d *DeviceV1) CheckAndSetDefaults() error {
|
|||
// - Kind = device
|
||||
// - Metadata.Name = UUID
|
||||
// - Spec.EnrollStatus = unspecified
|
||||
// - Spec.Credential.AttestationType = unspecified
|
||||
if d.Kind == "" {
|
||||
d.Kind = KindDevice
|
||||
} else if d.Kind != KindDevice { // sanity check
|
||||
|
@ -47,6 +48,9 @@ func (d *DeviceV1) CheckAndSetDefaults() error {
|
|||
if d.Spec.EnrollStatus == "" {
|
||||
d.Spec.EnrollStatus = ResourceEnrollStatusToString(devicepb.DeviceEnrollStatus_DEVICE_ENROLL_STATUS_UNSPECIFIED)
|
||||
}
|
||||
if d.Spec.Credential != nil && d.Spec.Credential.DeviceAttestationType == "" {
|
||||
d.Spec.Credential.DeviceAttestationType = ResourceDeviceAttestationTypeToString(devicepb.DeviceAttestationType_DEVICE_ATTESTATION_TYPE_UNSPECIFIED)
|
||||
}
|
||||
|
||||
// Validate Header/Metadata.
|
||||
if err := d.ResourceHeader.CheckAndSetDefaults(); err != nil {
|
||||
|
@ -68,6 +72,11 @@ func (d *DeviceV1) CheckAndSetDefaults() error {
|
|||
if _, err := ResourceEnrollStatusFromString(d.Spec.EnrollStatus); err != nil {
|
||||
return trace.Wrap(err)
|
||||
}
|
||||
if d.Spec.Credential != nil {
|
||||
if _, err := ResourceDeviceAttestationTypeFromString(d.Spec.Credential.DeviceAttestationType); err != nil {
|
||||
return trace.Wrap(err)
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
@ -106,9 +115,18 @@ func DeviceFromResource(res *DeviceV1) (*devicepb.Device, error) {
|
|||
|
||||
var cred *devicepb.DeviceCredential
|
||||
if res.Spec.Credential != nil {
|
||||
attestationType, err := ResourceDeviceAttestationTypeFromString(
|
||||
res.Spec.Credential.DeviceAttestationType,
|
||||
)
|
||||
if err != nil {
|
||||
return nil, trace.Wrap(err)
|
||||
}
|
||||
cred = &devicepb.DeviceCredential{
|
||||
Id: res.Spec.Credential.Id,
|
||||
PublicKeyDer: res.Spec.Credential.PublicKeyDer,
|
||||
Id: res.Spec.Credential.Id,
|
||||
PublicKeyDer: res.Spec.Credential.PublicKeyDer,
|
||||
DeviceAttestationType: attestationType,
|
||||
TpmSerial: res.Spec.Credential.TpmSerial,
|
||||
TpmAttestationKeyDer: res.Spec.Credential.TpmAttestationKeyDer,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -160,6 +178,11 @@ func DeviceToResource(dev *devicepb.Device) *DeviceV1 {
|
|||
cred = &DeviceCredential{
|
||||
Id: dev.Credential.Id,
|
||||
PublicKeyDer: dev.Credential.PublicKeyDer,
|
||||
DeviceAttestationType: ResourceDeviceAttestationTypeToString(
|
||||
dev.Credential.DeviceAttestationType,
|
||||
),
|
||||
TpmSerial: dev.Credential.TpmSerial,
|
||||
TpmAttestationKeyDer: dev.Credential.TpmAttestationKeyDer,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -257,3 +280,33 @@ func ResourceEnrollStatusFromString(enrollStatus string) (devicepb.DeviceEnrollS
|
|||
return devicepb.DeviceEnrollStatus_DEVICE_ENROLL_STATUS_UNSPECIFIED, trace.BadParameter("unknown enroll status %q", enrollStatus)
|
||||
}
|
||||
}
|
||||
|
||||
func ResourceDeviceAttestationTypeToString(
|
||||
attestationType devicepb.DeviceAttestationType,
|
||||
) string {
|
||||
switch attestationType {
|
||||
case devicepb.DeviceAttestationType_DEVICE_ATTESTATION_TYPE_UNSPECIFIED:
|
||||
return "unspecified"
|
||||
case devicepb.DeviceAttestationType_DEVICE_ATTESTATION_TYPE_TPM:
|
||||
return "tpm"
|
||||
case devicepb.DeviceAttestationType_DEVICE_ATTESTATION_TYPE_TPM_EKCERT:
|
||||
return "tpm_ekcert"
|
||||
default:
|
||||
return attestationType.String()
|
||||
}
|
||||
}
|
||||
|
||||
func ResourceDeviceAttestationTypeFromString(
|
||||
attestationType string,
|
||||
) (devicepb.DeviceAttestationType, error) {
|
||||
switch attestationType {
|
||||
case "unspecified", "":
|
||||
return devicepb.DeviceAttestationType_DEVICE_ATTESTATION_TYPE_UNSPECIFIED, nil
|
||||
case "tpm":
|
||||
return devicepb.DeviceAttestationType_DEVICE_ATTESTATION_TYPE_TPM, nil
|
||||
case "tpm_ekcert":
|
||||
return devicepb.DeviceAttestationType_DEVICE_ATTESTATION_TYPE_TPM_EKCERT, nil
|
||||
default:
|
||||
return devicepb.DeviceAttestationType_DEVICE_ATTESTATION_TYPE_UNSPECIFIED, trace.BadParameter("unknown attestation type %q", attestationType)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -128,11 +128,14 @@ var xxx_messageInfo_DeviceSpec proto.InternalMessageInfo
|
|||
// DeviceCredential is the resource representation of
|
||||
// teleport.devicetrust.v1.DeviceCredential.
|
||||
type DeviceCredential struct {
|
||||
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id"`
|
||||
PublicKeyDer []byte `protobuf:"bytes,2,opt,name=public_key_der,json=publicKeyDer,proto3" json:"public_key_der"`
|
||||
XXX_NoUnkeyedLiteral struct{} `json:"-"`
|
||||
XXX_unrecognized []byte `json:"-"`
|
||||
XXX_sizecache int32 `json:"-"`
|
||||
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id"`
|
||||
PublicKeyDer []byte `protobuf:"bytes,2,opt,name=public_key_der,json=publicKeyDer,proto3" json:"public_key_der"`
|
||||
DeviceAttestationType string `protobuf:"bytes,3,opt,name=device_attestation_type,json=deviceAttestationType,proto3" json:"device_attestation_type"`
|
||||
TpmSerial string `protobuf:"bytes,4,opt,name=tpm_serial,json=tpmSerial,proto3" json:"tpm_serial"`
|
||||
TpmAttestationKeyDer []byte `protobuf:"bytes,5,opt,name=tpm_attestation_key_der,json=tpmAttestationKeyDer,proto3" json:"tpm_attestation_key_der"`
|
||||
XXX_NoUnkeyedLiteral struct{} `json:"-"`
|
||||
XXX_unrecognized []byte `json:"-"`
|
||||
XXX_sizecache int32 `json:"-"`
|
||||
}
|
||||
|
||||
func (m *DeviceCredential) Reset() { *m = DeviceCredential{} }
|
||||
|
@ -225,46 +228,51 @@ func init() {
|
|||
}
|
||||
|
||||
var fileDescriptor_aceaef1b58496e7d = []byte{
|
||||
// 615 bytes of a gzipped FileDescriptorProto
|
||||
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x54, 0xd1, 0x6e, 0xd3, 0x30,
|
||||
0x14, 0x5d, 0xda, 0xad, 0x5b, 0xdd, 0x76, 0x62, 0xde, 0x60, 0xd1, 0x40, 0xf5, 0xa8, 0x78, 0x40,
|
||||
0x80, 0x1a, 0x01, 0x12, 0x42, 0x42, 0x48, 0x28, 0xec, 0x01, 0x09, 0x09, 0x41, 0x36, 0xf1, 0xc0,
|
||||
0x4b, 0xe4, 0x3a, 0x97, 0x60, 0x91, 0xd6, 0x91, 0xe3, 0x4c, 0xf4, 0x2f, 0xf8, 0x08, 0x3e, 0x66,
|
||||
0x8f, 0xfb, 0x02, 0x03, 0x7b, 0xf4, 0x03, 0xdf, 0x80, 0x62, 0xb7, 0x5b, 0x32, 0x0d, 0xb1, 0x97,
|
||||
0x28, 0xf7, 0xdc, 0x73, 0x8e, 0x6f, 0xee, 0xbd, 0x31, 0x1a, 0x29, 0xc8, 0x20, 0x17, 0x52, 0x05,
|
||||
0x19, 0xa4, 0x94, 0xcd, 0x03, 0x35, 0xcf, 0xa1, 0x08, 0x12, 0x38, 0xe6, 0x0c, 0xc6, 0xb9, 0x14,
|
||||
0x4a, 0xe0, 0x35, 0x8b, 0xed, 0xed, 0xa4, 0x22, 0x15, 0x16, 0x09, 0xaa, 0x37, 0x97, 0xdc, 0x23,
|
||||
0xa9, 0x10, 0x69, 0x06, 0x81, 0x8d, 0x26, 0xe5, 0xe7, 0x40, 0xf1, 0x29, 0x14, 0x8a, 0x4e, 0xf3,
|
||||
0x05, 0xe1, 0xee, 0xd5, 0x27, 0xd8, 0xa7, 0xa3, 0x8c, 0xbe, 0xa1, 0x8d, 0x03, 0x7b, 0xe0, 0xc7,
|
||||
0xc7, 0xf8, 0x05, 0xea, 0xbc, 0x01, 0x9a, 0x80, 0xf4, 0xbd, 0x7d, 0xef, 0x7e, 0xef, 0xc9, 0xcd,
|
||||
0xb1, 0x63, 0x46, 0x50, 0x88, 0x52, 0x32, 0x70, 0xc9, 0xb0, 0x7f, 0xa2, 0xc9, 0xca, 0xa9, 0x26,
|
||||
0x9e, 0xd1, 0x64, 0x25, 0x5a, 0x48, 0x70, 0x80, 0x56, 0x8b, 0x1c, 0x98, 0xbf, 0x66, 0xa5, 0x5b,
|
||||
0x0b, 0xa9, 0xf3, 0x3e, 0xcc, 0x81, 0x85, 0x1b, 0x46, 0x13, 0x4b, 0x89, 0xec, 0x73, 0xf4, 0xa7,
|
||||
0x8d, 0xd0, 0x45, 0x1a, 0xdf, 0x43, 0xeb, 0xa2, 0x88, 0x2b, 0x95, 0x3d, 0xbd, 0x1b, 0xf6, 0x8c,
|
||||
0x26, 0x4b, 0x28, 0xea, 0x88, 0xe2, 0x68, 0x9e, 0x03, 0x7e, 0x80, 0xba, 0xb4, 0x28, 0x40, 0xc5,
|
||||
0x8a, 0xa6, 0x7e, 0xcb, 0xf2, 0x06, 0x46, 0x93, 0x0b, 0x30, 0xda, 0xb0, 0xaf, 0x47, 0x34, 0xc5,
|
||||
0xef, 0x51, 0x8f, 0x49, 0xa0, 0x0a, 0xe2, 0xaa, 0x2f, 0x7e, 0xdb, 0x16, 0xb6, 0x37, 0x76, 0x4d,
|
||||
0x1b, 0x2f, 0x9b, 0x36, 0x3e, 0x5a, 0x36, 0x2d, 0xdc, 0x36, 0x9a, 0xd4, 0x25, 0xdf, 0x7f, 0x12,
|
||||
0x2f, 0x42, 0x0e, 0xa8, 0x58, 0x95, 0x63, 0x99, 0x27, 0xe7, 0x8e, 0xab, 0xd7, 0x73, 0xac, 0x49,
|
||||
0x9c, 0xa3, 0x03, 0xac, 0xe3, 0x33, 0x34, 0x80, 0x99, 0x14, 0x59, 0x16, 0x17, 0x8a, 0xaa, 0xb2,
|
||||
0xb0, 0xed, 0xeb, 0x86, 0x5b, 0x46, 0x93, 0x66, 0x22, 0xea, 0xbb, 0xf0, 0xd0, 0x46, 0xf8, 0x03,
|
||||
0xaa, 0xea, 0x4a, 0x60, 0xa6, 0x38, 0xcd, 0xfc, 0x8e, 0x2d, 0x64, 0xb7, 0xd1, 0xf3, 0xd7, 0xe7,
|
||||
0xe9, 0xd0, 0x37, 0x9a, 0xec, 0x5c, 0xd0, 0x1f, 0x89, 0x29, 0x57, 0x30, 0xcd, 0xd5, 0x3c, 0xaa,
|
||||
0x99, 0xe0, 0x18, 0x6d, 0x32, 0x91, 0x65, 0xc0, 0x14, 0x24, 0x71, 0x42, 0x15, 0xf5, 0xd7, 0xf7,
|
||||
0xdb, 0xf6, 0xfb, 0x1a, 0xb6, 0x4b, 0xca, 0x01, 0x55, 0x34, 0xbc, 0x63, 0x34, 0xf1, 0x9b, 0xaa,
|
||||
0x9a, 0xfb, 0x80, 0xd5, 0xc9, 0xa3, 0x04, 0xdd, 0xb8, 0x5c, 0x1a, 0xbe, 0x85, 0x5a, 0x3c, 0x59,
|
||||
0x0c, 0xbc, 0x63, 0x34, 0x69, 0xf1, 0x24, 0x6a, 0xf1, 0x04, 0x3f, 0x47, 0x9b, 0x79, 0x39, 0xc9,
|
||||
0x38, 0x8b, 0xbf, 0xc2, 0x3c, 0xae, 0x56, 0xb2, 0x1a, 0x76, 0x3f, 0xc4, 0x46, 0x93, 0x4b, 0x99,
|
||||
0xa8, 0xef, 0xe2, 0xb7, 0x30, 0x3f, 0x00, 0x39, 0xfa, 0xd1, 0x42, 0xdb, 0x57, 0x94, 0x8a, 0x0f,
|
||||
0x51, 0x7f, 0x51, 0x8e, 0x1b, 0x9e, 0xf7, 0xdf, 0xe1, 0xed, 0x18, 0x4d, 0x1a, 0x1a, 0x3b, 0xbd,
|
||||
0xde, 0x02, 0x59, 0x2e, 0x84, 0x04, 0x26, 0x64, 0xe2, 0x3c, 0x5b, 0xd7, 0x5b, 0x88, 0x9a, 0xc4,
|
||||
0x2d, 0x84, 0x03, 0xac, 0x63, 0xed, 0x37, 0x68, 0xff, 0xfb, 0x37, 0x78, 0x85, 0x06, 0x05, 0x48,
|
||||
0x4e, 0xb3, 0x78, 0x56, 0x4e, 0x27, 0x20, 0xed, 0x2a, 0x76, 0xc3, 0xdb, 0x46, 0x93, 0xdd, 0x46,
|
||||
0xa2, 0x36, 0x8d, 0xbe, 0x4b, 0xbc, 0xb3, 0x78, 0xf8, 0xf2, 0xe4, 0xf7, 0x70, 0xe5, 0xe4, 0x6c,
|
||||
0xe8, 0x9d, 0x9e, 0x0d, 0xbd, 0x5f, 0x67, 0x43, 0xef, 0xd3, 0xc3, 0x94, 0xab, 0x2f, 0xe5, 0x64,
|
||||
0xcc, 0xc4, 0x34, 0x48, 0x25, 0x3d, 0xe6, 0x8a, 0x2a, 0x2e, 0x66, 0x34, 0x0b, 0xce, 0x6f, 0x11,
|
||||
0x9a, 0x73, 0x77, 0x79, 0x4c, 0x3a, 0xf6, 0xdb, 0x9e, 0xfe, 0x0d, 0x00, 0x00, 0xff, 0xff, 0x8b,
|
||||
0x1a, 0x20, 0x63, 0xc4, 0x04, 0x00, 0x00,
|
||||
// 692 bytes of a gzipped FileDescriptorProto
|
||||
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x54, 0xcd, 0x6e, 0xd3, 0x4a,
|
||||
0x14, 0xae, 0x93, 0x36, 0x6d, 0x26, 0x49, 0x75, 0xeb, 0xa6, 0xb7, 0x56, 0xef, 0x55, 0xa6, 0x37,
|
||||
0xba, 0x0b, 0xc4, 0x4f, 0x2c, 0x40, 0x42, 0x48, 0x08, 0x09, 0x4c, 0x17, 0x48, 0x48, 0x08, 0x26,
|
||||
0x15, 0x0b, 0x36, 0xd6, 0xc4, 0x3e, 0x18, 0x0b, 0x3b, 0x33, 0xb2, 0x27, 0x15, 0x79, 0x0b, 0x1e,
|
||||
0x82, 0xc7, 0xe0, 0x01, 0xba, 0xec, 0x13, 0x0c, 0xd0, 0xa5, 0x17, 0x3c, 0x03, 0xf2, 0x19, 0xa7,
|
||||
0x71, 0xaa, 0x56, 0x74, 0x63, 0xcd, 0x7c, 0xe7, 0x3b, 0xdf, 0x9c, 0xf3, 0xcd, 0x19, 0x93, 0xa1,
|
||||
0x82, 0x04, 0xa4, 0xc8, 0x94, 0x9b, 0x40, 0xc4, 0x83, 0xb9, 0xab, 0xe6, 0x12, 0x72, 0x37, 0x84,
|
||||
0x93, 0x38, 0x80, 0x91, 0xcc, 0x84, 0x12, 0xf6, 0x06, 0x62, 0x07, 0xfd, 0x48, 0x44, 0x02, 0x11,
|
||||
0xb7, 0x5c, 0x99, 0xe0, 0x01, 0x8d, 0x84, 0x88, 0x12, 0x70, 0x71, 0x37, 0x99, 0x7d, 0x70, 0x55,
|
||||
0x9c, 0x42, 0xae, 0x78, 0x2a, 0x2b, 0xc2, 0x7f, 0x57, 0x9f, 0x80, 0x5f, 0x43, 0x19, 0x7e, 0x26,
|
||||
0x5b, 0x47, 0x78, 0xe0, 0xbb, 0xfb, 0xf6, 0x13, 0xd2, 0x7a, 0x09, 0x3c, 0x84, 0xcc, 0xb1, 0x0e,
|
||||
0xad, 0x5b, 0x9d, 0x07, 0x7b, 0x23, 0xc3, 0x64, 0x90, 0x8b, 0x59, 0x16, 0x80, 0x09, 0x7a, 0xdd,
|
||||
0x53, 0x4d, 0xd7, 0xce, 0x34, 0xb5, 0x0a, 0x4d, 0xd7, 0x58, 0x95, 0x62, 0xbb, 0x64, 0x3d, 0x97,
|
||||
0x10, 0x38, 0x1b, 0x98, 0xba, 0x53, 0xa5, 0x1a, 0xed, 0xb1, 0x84, 0xc0, 0xdb, 0x2a, 0x34, 0x45,
|
||||
0x0a, 0xc3, 0xef, 0xf0, 0x57, 0x93, 0x90, 0x65, 0xd8, 0xfe, 0x9f, 0x6c, 0x8a, 0xdc, 0x2f, 0xb3,
|
||||
0xf0, 0xf4, 0xb6, 0xd7, 0x29, 0x34, 0x5d, 0x40, 0xac, 0x25, 0xf2, 0xe3, 0xb9, 0x04, 0xfb, 0x36,
|
||||
0x69, 0xf3, 0x3c, 0x07, 0xe5, 0x2b, 0x1e, 0x39, 0x0d, 0xe4, 0xf5, 0x0a, 0x4d, 0x97, 0x20, 0xdb,
|
||||
0xc2, 0xe5, 0x31, 0x8f, 0xec, 0x37, 0xa4, 0x13, 0x64, 0xc0, 0x15, 0xf8, 0xa5, 0x2f, 0x4e, 0x13,
|
||||
0x0b, 0x3b, 0x18, 0x19, 0xd3, 0x46, 0x0b, 0xd3, 0x46, 0xc7, 0x0b, 0xd3, 0xbc, 0xdd, 0x42, 0xd3,
|
||||
0x7a, 0xca, 0x97, 0xef, 0xd4, 0x62, 0xc4, 0x00, 0x25, 0xab, 0x54, 0x9c, 0xc9, 0xf0, 0x42, 0x71,
|
||||
0xfd, 0x66, 0x8a, 0xb5, 0x14, 0xa3, 0x68, 0x00, 0x54, 0x7c, 0x44, 0x7a, 0x30, 0xcd, 0x44, 0x92,
|
||||
0xf8, 0xb9, 0xe2, 0x6a, 0x96, 0xa3, 0x7d, 0x6d, 0x6f, 0xa7, 0xd0, 0x74, 0x35, 0xc0, 0xba, 0x66,
|
||||
0x3b, 0xc6, 0x9d, 0xfd, 0x96, 0x94, 0x75, 0x85, 0x30, 0x55, 0x31, 0x4f, 0x9c, 0x16, 0x16, 0xb2,
|
||||
0xbf, 0xe2, 0xf9, 0x8b, 0x8b, 0xb0, 0xe7, 0x14, 0x9a, 0xf6, 0x97, 0xf4, 0xbb, 0x22, 0x8d, 0x15,
|
||||
0xa4, 0x52, 0xcd, 0x59, 0x4d, 0xc4, 0xf6, 0xc9, 0x76, 0x20, 0x92, 0x04, 0x02, 0x05, 0xa1, 0x1f,
|
||||
0x72, 0xc5, 0x9d, 0xcd, 0xc3, 0x26, 0xf6, 0xb7, 0x22, 0xbb, 0xa0, 0x1c, 0x71, 0xc5, 0xbd, 0x7f,
|
||||
0x0b, 0x4d, 0x9d, 0xd5, 0xac, 0x9a, 0x7a, 0x2f, 0xa8, 0x93, 0x87, 0xdf, 0x1a, 0xe4, 0xaf, 0xcb,
|
||||
0xb5, 0xd9, 0x7f, 0x93, 0x46, 0x1c, 0x56, 0x37, 0xde, 0x2a, 0x34, 0x6d, 0xc4, 0x21, 0x6b, 0xc4,
|
||||
0xa1, 0xfd, 0x98, 0x6c, 0xcb, 0xd9, 0x24, 0x89, 0x03, 0xff, 0x13, 0xcc, 0xfd, 0x72, 0x26, 0xcb,
|
||||
0xdb, 0xee, 0x7a, 0x76, 0xa1, 0xe9, 0xa5, 0x08, 0xeb, 0x9a, 0xfd, 0x2b, 0x98, 0x1f, 0x41, 0x66,
|
||||
0x8f, 0xc9, 0xbe, 0x79, 0x42, 0x3e, 0x57, 0xaa, 0xbc, 0x07, 0x15, 0x8b, 0xa9, 0x19, 0xac, 0x26,
|
||||
0x1e, 0xf3, 0x4f, 0xa1, 0xe9, 0x75, 0x14, 0xb6, 0x67, 0x02, 0xcf, 0x97, 0x38, 0xce, 0xdd, 0x3d,
|
||||
0x42, 0x94, 0x4c, 0xfd, 0x1c, 0xb2, 0xd2, 0xef, 0x75, 0xd4, 0xd9, 0x2e, 0x34, 0xad, 0xa1, 0xac,
|
||||
0xad, 0x64, 0x3a, 0xc6, 0xa5, 0xcd, 0xc8, 0x7e, 0x19, 0xa8, 0xab, 0x2f, 0xda, 0xd8, 0xc0, 0x36,
|
||||
0xb0, 0x86, 0x6b, 0x28, 0xac, 0xaf, 0x64, 0x5a, 0x2b, 0xc0, 0xf4, 0x35, 0xfc, 0xda, 0x20, 0xbb,
|
||||
0x57, 0xdc, 0x81, 0x3d, 0x26, 0xdd, 0xca, 0x67, 0x33, 0x95, 0xd6, 0x1f, 0xa7, 0xb2, 0x5f, 0x68,
|
||||
0xba, 0x92, 0x83, 0x63, 0xd9, 0xa9, 0x90, 0xc5, 0xa4, 0x67, 0x10, 0x88, 0x2c, 0x34, 0x9a, 0x8d,
|
||||
0x9b, 0x4d, 0x7a, 0x2d, 0xc5, 0x4c, 0xba, 0x01, 0x50, 0xb1, 0xf6, 0xbe, 0x9b, 0xd7, 0xbf, 0xef,
|
||||
0x67, 0xa4, 0x67, 0xdc, 0xf4, 0xa7, 0xb3, 0x74, 0x02, 0x59, 0x65, 0x35, 0xda, 0xb5, 0x12, 0xa8,
|
||||
0x8d, 0x59, 0xd7, 0x04, 0x5e, 0x23, 0xee, 0x3d, 0x3d, 0xfd, 0x39, 0x58, 0x3b, 0x3d, 0x1f, 0x58,
|
||||
0x67, 0xe7, 0x03, 0xeb, 0xc7, 0xf9, 0xc0, 0x7a, 0x7f, 0x27, 0x8a, 0xd5, 0xc7, 0xd9, 0x64, 0x14,
|
||||
0x88, 0xd4, 0x8d, 0x32, 0x7e, 0x12, 0x1b, 0x5b, 0x79, 0xe2, 0x5e, 0xfc, 0x1e, 0xb9, 0x8c, 0xcd,
|
||||
0x5f, 0x71, 0xd2, 0xc2, 0xde, 0x1e, 0xfe, 0x0e, 0x00, 0x00, 0xff, 0xff, 0x70, 0xb5, 0x84, 0xbb,
|
||||
0x9d, 0x05, 0x00, 0x00,
|
||||
}
|
||||
|
||||
func (m *DeviceV1) Marshal() (dAtA []byte, err error) {
|
||||
|
@ -434,6 +442,27 @@ func (m *DeviceCredential) MarshalToSizedBuffer(dAtA []byte) (int, error) {
|
|||
i -= len(m.XXX_unrecognized)
|
||||
copy(dAtA[i:], m.XXX_unrecognized)
|
||||
}
|
||||
if len(m.TpmAttestationKeyDer) > 0 {
|
||||
i -= len(m.TpmAttestationKeyDer)
|
||||
copy(dAtA[i:], m.TpmAttestationKeyDer)
|
||||
i = encodeVarintDevice(dAtA, i, uint64(len(m.TpmAttestationKeyDer)))
|
||||
i--
|
||||
dAtA[i] = 0x2a
|
||||
}
|
||||
if len(m.TpmSerial) > 0 {
|
||||
i -= len(m.TpmSerial)
|
||||
copy(dAtA[i:], m.TpmSerial)
|
||||
i = encodeVarintDevice(dAtA, i, uint64(len(m.TpmSerial)))
|
||||
i--
|
||||
dAtA[i] = 0x22
|
||||
}
|
||||
if len(m.DeviceAttestationType) > 0 {
|
||||
i -= len(m.DeviceAttestationType)
|
||||
copy(dAtA[i:], m.DeviceAttestationType)
|
||||
i = encodeVarintDevice(dAtA, i, uint64(len(m.DeviceAttestationType)))
|
||||
i--
|
||||
dAtA[i] = 0x1a
|
||||
}
|
||||
if len(m.PublicKeyDer) > 0 {
|
||||
i -= len(m.PublicKeyDer)
|
||||
copy(dAtA[i:], m.PublicKeyDer)
|
||||
|
@ -597,6 +626,18 @@ func (m *DeviceCredential) Size() (n int) {
|
|||
if l > 0 {
|
||||
n += 1 + l + sovDevice(uint64(l))
|
||||
}
|
||||
l = len(m.DeviceAttestationType)
|
||||
if l > 0 {
|
||||
n += 1 + l + sovDevice(uint64(l))
|
||||
}
|
||||
l = len(m.TpmSerial)
|
||||
if l > 0 {
|
||||
n += 1 + l + sovDevice(uint64(l))
|
||||
}
|
||||
l = len(m.TpmAttestationKeyDer)
|
||||
if l > 0 {
|
||||
n += 1 + l + sovDevice(uint64(l))
|
||||
}
|
||||
if m.XXX_unrecognized != nil {
|
||||
n += len(m.XXX_unrecognized)
|
||||
}
|
||||
|
@ -1141,6 +1182,104 @@ func (m *DeviceCredential) Unmarshal(dAtA []byte) error {
|
|||
m.PublicKeyDer = []byte{}
|
||||
}
|
||||
iNdEx = postIndex
|
||||
case 3:
|
||||
if wireType != 2 {
|
||||
return fmt.Errorf("proto: wrong wireType = %d for field DeviceAttestationType", wireType)
|
||||
}
|
||||
var stringLen uint64
|
||||
for shift := uint(0); ; shift += 7 {
|
||||
if shift >= 64 {
|
||||
return ErrIntOverflowDevice
|
||||
}
|
||||
if iNdEx >= l {
|
||||
return io.ErrUnexpectedEOF
|
||||
}
|
||||
b := dAtA[iNdEx]
|
||||
iNdEx++
|
||||
stringLen |= uint64(b&0x7F) << shift
|
||||
if b < 0x80 {
|
||||
break
|
||||
}
|
||||
}
|
||||
intStringLen := int(stringLen)
|
||||
if intStringLen < 0 {
|
||||
return ErrInvalidLengthDevice
|
||||
}
|
||||
postIndex := iNdEx + intStringLen
|
||||
if postIndex < 0 {
|
||||
return ErrInvalidLengthDevice
|
||||
}
|
||||
if postIndex > l {
|
||||
return io.ErrUnexpectedEOF
|
||||
}
|
||||
m.DeviceAttestationType = string(dAtA[iNdEx:postIndex])
|
||||
iNdEx = postIndex
|
||||
case 4:
|
||||
if wireType != 2 {
|
||||
return fmt.Errorf("proto: wrong wireType = %d for field TpmSerial", wireType)
|
||||
}
|
||||
var stringLen uint64
|
||||
for shift := uint(0); ; shift += 7 {
|
||||
if shift >= 64 {
|
||||
return ErrIntOverflowDevice
|
||||
}
|
||||
if iNdEx >= l {
|
||||
return io.ErrUnexpectedEOF
|
||||
}
|
||||
b := dAtA[iNdEx]
|
||||
iNdEx++
|
||||
stringLen |= uint64(b&0x7F) << shift
|
||||
if b < 0x80 {
|
||||
break
|
||||
}
|
||||
}
|
||||
intStringLen := int(stringLen)
|
||||
if intStringLen < 0 {
|
||||
return ErrInvalidLengthDevice
|
||||
}
|
||||
postIndex := iNdEx + intStringLen
|
||||
if postIndex < 0 {
|
||||
return ErrInvalidLengthDevice
|
||||
}
|
||||
if postIndex > l {
|
||||
return io.ErrUnexpectedEOF
|
||||
}
|
||||
m.TpmSerial = string(dAtA[iNdEx:postIndex])
|
||||
iNdEx = postIndex
|
||||
case 5:
|
||||
if wireType != 2 {
|
||||
return fmt.Errorf("proto: wrong wireType = %d for field TpmAttestationKeyDer", wireType)
|
||||
}
|
||||
var byteLen int
|
||||
for shift := uint(0); ; shift += 7 {
|
||||
if shift >= 64 {
|
||||
return ErrIntOverflowDevice
|
||||
}
|
||||
if iNdEx >= l {
|
||||
return io.ErrUnexpectedEOF
|
||||
}
|
||||
b := dAtA[iNdEx]
|
||||
iNdEx++
|
||||
byteLen |= int(b&0x7F) << shift
|
||||
if b < 0x80 {
|
||||
break
|
||||
}
|
||||
}
|
||||
if byteLen < 0 {
|
||||
return ErrInvalidLengthDevice
|
||||
}
|
||||
postIndex := iNdEx + byteLen
|
||||
if postIndex < 0 {
|
||||
return ErrInvalidLengthDevice
|
||||
}
|
||||
if postIndex > l {
|
||||
return io.ErrUnexpectedEOF
|
||||
}
|
||||
m.TpmAttestationKeyDer = append(m.TpmAttestationKeyDer[:0], dAtA[iNdEx:postIndex]...)
|
||||
if m.TpmAttestationKeyDer == nil {
|
||||
m.TpmAttestationKeyDer = []byte{}
|
||||
}
|
||||
iNdEx = postIndex
|
||||
default:
|
||||
iNdEx = preIndex
|
||||
skippy, err := skipDevice(dAtA[iNdEx:])
|
||||
|
|
|
@ -115,8 +115,11 @@ func TestDeviceConversions_toAndFrom(t *testing.T) {
|
|||
UpdateTime: timestamppb.New(t2),
|
||||
EnrollStatus: devicepb.DeviceEnrollStatus_DEVICE_ENROLL_STATUS_ENROLLED,
|
||||
Credential: &devicepb.DeviceCredential{
|
||||
Id: "557762f0-4cd4-4b75-aaee-575c57237c0b",
|
||||
PublicKeyDer: []byte("insert public key here"),
|
||||
Id: "557762f0-4cd4-4b75-aaee-575c57237c0b",
|
||||
PublicKeyDer: []byte("insert public key here"),
|
||||
DeviceAttestationType: devicepb.DeviceAttestationType_DEVICE_ATTESTATION_TYPE_UNSPECIFIED,
|
||||
TpmSerial: "1234-5678",
|
||||
TpmAttestationKeyDer: []byte("insert public key here"),
|
||||
},
|
||||
CollectedData: []*devicepb.DeviceCollectedData{
|
||||
{
|
||||
|
@ -148,3 +151,36 @@ func TestDeviceConversions_toAndFrom(t *testing.T) {
|
|||
t.Errorf("DeviceFromResource mismatch (-want +got)\n%s", diff)
|
||||
}
|
||||
}
|
||||
|
||||
func TestResourceAttestationType_toAndFrom(t *testing.T) {
|
||||
t.Parallel()
|
||||
tests := []struct {
|
||||
attestationType string
|
||||
errorContains string
|
||||
}{
|
||||
{
|
||||
attestationType: "unspecified",
|
||||
},
|
||||
{
|
||||
attestationType: "tpm",
|
||||
},
|
||||
{
|
||||
attestationType: "tpm_ekcert",
|
||||
},
|
||||
{
|
||||
attestationType: "quantum_entanglement",
|
||||
errorContains: "unknown attestation type",
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.attestationType, func(t *testing.T) {
|
||||
asEnum, err := ResourceDeviceAttestationTypeFromString(tt.attestationType)
|
||||
if tt.errorContains != "" {
|
||||
require.ErrorContains(t, err, tt.errorContains)
|
||||
return
|
||||
}
|
||||
got := ResourceDeviceAttestationTypeToString(asEnum)
|
||||
require.Equal(t, tt.attestationType, got)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue