constellation/internal/attestation/snp/testdata/certchain.pem

75 lines
4.5 KiB
Plaintext
Raw Normal View History

attestation: use `go-sev-guest` library (#2269) * wip: switch to attestation * add extra comments Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * MAA checks Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use provided functions to parse report / cert chain Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * replace `CommitedTCB` check with `LaunchTCB` check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove debug check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove `LaunchTCB` == `CommitedTCB` check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * custom IdKeyDigests check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * basic test of report parsing from instance info Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * retrieve VCEK from AMD KDS Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove VCEK from `azureInstanceInfo` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use `go-sev-guest` TCB version type Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix validation parsing test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix error message * fix comment Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove certificate chain from `instanceInfo` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add test for idkeydigest check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update buildfiles Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * wip: update tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update buildfiles Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] debug prints Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * wip: fix tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * wip: fix tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix tests, do some clean-up Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add test case for fetching error Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * correct `hack` dependency Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix id key check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] comment out wip unit tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add missing newline Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * switch to released version of `go-sev-guest` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add constructor test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add VMPL check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add test assertions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update buildfiles Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * switch to pseudoversion Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use fork with windows fix Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix linter checks Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use data from THIM Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update embeds Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * verify against ARK in config Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * invalid ASK Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: 3u13r <lc@edgeless.systems> * Update internal/attestation/azure/snp/validator.go Co-authored-by: 3u13r <lc@edgeless.systems> * nits Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove unnecessary checks Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * refactoring Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * use upstream library with pseudoversion Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> * simplify control flow Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix return error Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix VCEK test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * revert unintentional changes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use new upstream release Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix removed AuthorKeyEn field Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix verification report printing Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> Co-authored-by: 3u13r <lc@edgeless.systems> Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-09-21 08:08:00 -04:00
-----BEGIN CERTIFICATE-----
MIIGiTCCBDigAwIBAgIDAQABMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC
BQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS
BgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg
Q2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp
Y2VzMRIwEAYDVQQDDAlBUkstTWlsYW4wHhcNMjAxMDIyMTgyNDIwWhcNNDUxMDIy
MTgyNDIwWjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS
BgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j
ZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJU0VWLU1pbGFuMIICIjANBgkqhkiG
9w0BAQEFAAOCAg8AMIICCgKCAgEAnU2drrNTfbhNQIllf+W2y+ROCbSzId1aKZft
2T9zjZQOzjGccl17i1mIKWl7NTcB0VYXt3JxZSzOZjsjLNVAEN2MGj9TiedL+Qew
KZX0JmQEuYjm+WKksLtxgdLp9E7EZNwNDqV1r0qRP5tB8OWkyQbIdLeu4aCz7j/S
l1FkBytev9sbFGzt7cwnjzi9m7noqsk+uRVBp3+In35QPdcj8YflEmnHBNvuUDJh
LCJMW8KOjP6++Phbs3iCitJcANEtW4qTNFoKW3CHlbcSCjTM8KsNbUx3A8ek5EVL
jZWH1pt9E3TfpR6XyfQKnY6kl5aEIPwdW3eFYaqCFPrIo9pQT6WuDSP4JCYJbZne
KKIbZjzXkJt3NQG32EukYImBb9SCkm9+fS5LZFg9ojzubMX3+NkBoSXI7OPvnHMx
jup9mw5se6QUV7GqpCA2TNypolmuQ+cAaxV7JqHE8dl9pWf+Y3arb+9iiFCwFt4l
AlJw5D0CTRTC1Y5YWFDBCrA/vGnmTnqG8C+jjUAS7cjjR8q4OPhyDmJRPnaC/ZG5
uP0K0z6GoO/3uen9wqshCuHegLTpOeHEJRKrQFr4PVIwVOB0+ebO5FgoyOw43nyF
D5UKBDxEB4BKo/0uAiKHLRvvgLbORbU8KARIs1EoqEjmF8UtrmQWV2hUjwzqwvHF
ei8rPxMCAwEAAaOBozCBoDAdBgNVHQ4EFgQUO8ZuGCrD/T1iZEib47dHLLT8v/gw
HwYDVR0jBBgwFoAUhawa0UP3yKxV1MUdQUir1XhK1FMwEgYDVR0TAQH/BAgwBgEB
/wIBADAOBgNVHQ8BAf8EBAMCAQQwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cHM6Ly9r
ZHNpbnRmLmFtZC5jb20vdmNlay92MS9NaWxhbi9jcmwwRgYJKoZIhvcNAQEKMDmg
DzANBglghkgBZQMEAgIFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgIFAKID
AgEwowMCAQEDggIBAIgeUQScAf3lDYqgWU1VtlDbmIN8S2dC5kmQzsZ/HtAjQnLE
PI1jh3gJbLxL6gf3K8jxctzOWnkYcbdfMOOr28KT35IaAR20rekKRFptTHhe+DFr
3AFzZLDD7cWK29/GpPitPJDKCvI7A4Ug06rk7J0zBe1fz/qe4i2/F12rvfwCGYhc
RxPy7QF3q8fR6GCJdB1UQ5SlwCjFxD4uezURztIlIAjMkt7DFvKRh+2zK+5plVGG
FsjDJtMz2ud9y0pvOE4j3dH5IW9jGxaSGStqNrabnnpF236ETr1/a43b8FFKL5QN
mt8Vr9xnXRpznqCRvqjr+kVrb6dlfuTlliXeQTMlBoRWFJORL8AcBJxGZ4K2mXft
l1jU5TLeh5KXL9NW7a/qAOIUs2FiOhqrtzAhJRg9Ij8QkQ9Pk+cKGzw6El3T3kFr
Eg6zkxmvMuabZOsdKfRkWfhH2ZKcTlDfmH1H0zq0Q2bG3uvaVdiCtFY1LlWyB38J
S2fNsR/Py6t5brEJCFNvzaDky6KeC4ion/cVgUai7zzS3bGQWzKDKU35SqNU2WkP
I8xCZ00WtIiKKFnXWUQxvlKmmgZBIYPe01zD0N8atFxmWiSnfJl690B9rJpNR/fI
ajxCW3Seiws6r1Zm+tCuVbMiNtpS9ThjNX4uve5thyfE2DgoxRFvY1CsoF5M
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIGYzCCBBKgAwIBAgIDAQAAMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC
BQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS
BgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg
Q2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp
Y2VzMRIwEAYDVQQDDAlBUkstTWlsYW4wHhcNMjAxMDIyMTcyMzA1WhcNNDUxMDIy
MTcyMzA1WjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS
BgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j
ZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJQVJLLU1pbGFuMIICIjANBgkqhkiG
9w0BAQEFAAOCAg8AMIICCgKCAgEA0Ld52RJOdeiJlqK2JdsVmD7FktuotWwX1fNg
W41XY9Xz1HEhSUmhLz9Cu9DHRlvgJSNxbeYYsnJfvyjx1MfU0V5tkKiU1EesNFta
1kTA0szNisdYc9isqk7mXT5+KfGRbfc4V/9zRIcE8jlHN61S1ju8X93+6dxDUrG2
SzxqJ4BhqyYmUDruPXJSX4vUc01P7j98MpqOS95rORdGHeI52Naz5m2B+O+vjsC0
60d37jY9LFeuOP4Meri8qgfi2S5kKqg/aF6aPtuAZQVR7u3KFYXP59XmJgtcog05
gmI0T/OitLhuzVvpZcLph0odh/1IPXqx3+MnjD97A7fXpqGd/y8KxX7jksTEzAOg
bKAeam3lm+3yKIcTYMlsRMXPcjNbIvmsBykD//xSniusuHBkgnlENEWx1UcbQQrs
+gVDkuVPhsnzIRNgYvM48Y+7LGiJYnrmE8xcrexekBxrva2V9TJQqnN3Q53kt5vi
Qi3+gCfmkwC0F0tirIZbLkXPrPwzZ0M9eNxhIySb2npJfgnqz55I0u33wh4r0ZNQ
eTGfw03MBUtyuzGesGkcw+loqMaq1qR4tjGbPYxCvpCq7+OgpCCoMNit2uLo9M18
fHz10lOMT8nWAUvRZFzteXCm+7PHdYPlmQwUw3LvenJ/ILXoQPHfbkH0CyPfhl1j
WhJFZasCAwEAAaN+MHwwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSFrBrRQ/fI
rFXUxR1BSKvVeErUUzAPBgNVHRMBAf8EBTADAQH/MDoGA1UdHwQzMDEwL6AtoCuG
KWh0dHBzOi8va2RzaW50Zi5hbWQuY29tL3ZjZWsvdjEvTWlsYW4vY3JsMEYGCSqG
SIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZI
AWUDBAICBQCiAwIBMKMDAgEBA4ICAQC6m0kDp6zv4Ojfgy+zleehsx6ol0ocgVel
ETobpx+EuCsqVFRPK1jZ1sp/lyd9+0fQ0r66n7kagRk4Ca39g66WGTJMeJdqYriw
STjjDCKVPSesWXYPVAyDhmP5n2v+BYipZWhpvqpaiO+EGK5IBP+578QeW/sSokrK
dHaLAxG2LhZxj9aF73fqC7OAJZ5aPonw4RE299FVarh1Tx2eT3wSgkDgutCTB1Yq
zT5DuwvAe+co2CIVIzMDamYuSFjPN0BCgojl7V+bTou7dMsqIu/TW/rPCX9/EUcp
KGKqPQ3P+N9r1hjEFY1plBg93t53OOo49GNI+V1zvXPLI6xIFVsh+mto2RtgEX/e
pmMKTNN6psW88qg7c1hTWtN6MbRuQ0vm+O+/2tKBF2h8THb94OvvHHoFDpbCELlq
HnIYhxy0YKXGyaW1NjfULxrrmxVW4wcn5E8GddmvNa6yYm8scJagEi13mhGu4Jqh
3QU3sf8iUSUr09xQDwHtOQUVIqx4maBZPBtSMf+qUDtjXSSq8lfWcd8bLr9mdsUn
JZJ0+tuPMKmBnSH860llKk+VpVQsgqbzDIvOLvD6W1Umq25boxCYJ+TuBoa4s+HH
CViAvgT9kf/rBq1d+ivj6skkHxuzcxbk1xv6ZGxrteJxVH7KlX7YRdZ6eARKwLe4
AFZEAwoKCQ==
-----END CERTIFICATE-----