deps: remove obsolete Go replace to upgrade go-sev-guest (#3107)

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

bazel/toolchains/go_module_deps.bzl

@@ -2197,9 +2197,8 @@ def go_dependencies():
         build_file_generation = "on",
         build_file_proto_mode = "disable_global",
         importpath = "github.com/google/go-sev-guest",
-        replace = "github.com/google/go-sev-guest",
+        sum = "h1:gnww4U8fHV5DCPz4gykr1s8SEX1fFNcxCBy+vvXN24k=",
-        sum = "h1:6o4Z/vQqNUH+cEagfx1Ez5ElK70iZulEXZwmLnRo44I=",
+        version = "v0.11.1",
-        version = "v0.0.0-20230928233922-2dcbba0a4b9d",
     )
     go_repository(
         name = "com_github_google_go_tdx_guest",

go.mod

@@ -34,7 +34,6 @@ replace (
 )
 
 replace (
-	github.com/google/go-sev-guest => github.com/google/go-sev-guest v0.0.0-20230928233922-2dcbba0a4b9d
 	github.com/martinjungblut/go-cryptsetup => github.com/daniel-weisse/go-cryptsetup v0.0.0-20230705150314-d8c07bd1723c
 	github.com/tink-crypto/tink-go/v2 v2.0.0 => github.com/derpsteb/tink-go/v2 v2.0.0-20231002051717-a808e454eed6
 )

go.sum

@@ -418,8 +418,8 @@ github.com/google/go-configfs-tsm v0.2.2 h1:YnJ9rXIOj5BYD7/0DNnzs8AOp7UcvjfTvt21
 github.com/google/go-configfs-tsm v0.2.2/go.mod h1:EL1GTDFMb5PZQWDviGfZV9n87WeGTR/JUg13RfwkgRo=
 github.com/google/go-containerregistry v0.19.0 h1:uIsMRBV7m/HDkDxE/nXMnv1q+lOOSPlQ/ywc5JbB8Ic=
 github.com/google/go-containerregistry v0.19.0/go.mod h1:u0qB2l7mvtWVR5kNcbFIhFY1hLbf8eeGapA+vbFDCtQ=
-github.com/google/go-sev-guest v0.0.0-20230928233922-2dcbba0a4b9d h1:6o4Z/vQqNUH+cEagfx1Ez5ElK70iZulEXZwmLnRo44I=
+github.com/google/go-sev-guest v0.11.1 h1:gnww4U8fHV5DCPz4gykr1s8SEX1fFNcxCBy+vvXN24k=
-github.com/google/go-sev-guest v0.0.0-20230928233922-2dcbba0a4b9d/go.mod h1:hc1R4R6f8+NcJwITs0L90fYWTsBpd1Ix+Gur15sqHDs=
+github.com/google/go-sev-guest v0.11.1/go.mod h1:qBOfb+JmgsUI3aUyzQoGC13Kpp9zwLeWvuyXmA9q77w=
 github.com/google/go-tdx-guest v0.3.1 h1:gl0KvjdsD4RrJzyLefDOvFOUH3NAJri/3qvaL5m83Iw=
 github.com/google/go-tdx-guest v0.3.1/go.mod h1:/rc3d7rnPykOPuY8U9saMyEps0PZDThLk/RygXm04nE=
 github.com/google/go-tpm v0.9.1-0.20240510201744-5c2f0887e003 h1:gfGQAIxsEEAuYuFvjCGpDnTwisMJOz+rUfJMkk4yTmc=

internal/attestation/aws/snp/BUILD.bazel

@@ -18,7 +18,6 @@ go_library(
         "//internal/attestation/vtpm",
         "//internal/config",
         "@com_github_google_go_sev_guest//abi",
-        "@com_github_google_go_sev_guest//client",
         "@com_github_google_go_sev_guest//kds",
         "@com_github_google_go_sev_guest//proto/sevsnp",
         "@com_github_google_go_sev_guest//validate",

internal/attestation/aws/snp/issuer.go

@@ -21,7 +21,6 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
 
 	"github.com/google/go-sev-guest/abi"
-	sevclient "github.com/google/go-sev-guest/client"
 	"github.com/google/go-tpm-tools/client"
 	tpmclient "github.com/google/go-tpm-tools/client"
 )
@@ -70,13 +69,7 @@ func getInstanceInfo(_ context.Context, tpm io.ReadWriteCloser, _ []byte) ([]byt
 
 	akDigest := sha512.Sum512(encoded)
 
-	device, err := sevclient.OpenDevice()
+	report, certs, err := snp.GetExtendedReport(akDigest)
-	if err != nil {
-		return nil, fmt.Errorf("opening sev device: %w", err)
-	}
-	defer device.Close()
-
-	report, certs, err := sevclient.GetRawExtendedReportAtVmpl(device, akDigest, 0)
 	if err != nil {
 		return nil, fmt.Errorf("getting extended report: %w", err)
 	}

internal/attestation/azure/snp/validator_test.go

@@ -368,7 +368,7 @@ func TestTrustedKeyFromSNP(t *testing.T) {
 			),
 			wantErr: true,
 			assertion: func(assert *assert.Assertions, err error) {
-				assert.ErrorContains(err, "could not interpret VCEK DER bytes: x509: malformed certificate")
+				assert.ErrorContains(err, "x509: malformed certificate")
 			},
 		},
 		"invalid certchain fall back to embedded": {

internal/attestation/gcp/snp/BUILD.bazel

@@ -17,7 +17,6 @@ go_library(
         "//internal/attestation/vtpm",
         "//internal/config",
         "@com_github_google_go_sev_guest//abi",
-        "@com_github_google_go_sev_guest//client",
         "@com_github_google_go_sev_guest//kds",
         "@com_github_google_go_sev_guest//proto/sevsnp",
         "@com_github_google_go_sev_guest//validate",

internal/attestation/gcp/snp/issuer.go

@@ -21,7 +21,6 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
 
 	"github.com/google/go-sev-guest/abi"
-	sevclient "github.com/google/go-sev-guest/client"
 	"github.com/google/go-tpm-tools/client"
 	tpmclient "github.com/google/go-tpm-tools/client"
 	"github.com/google/go-tpm-tools/proto/attest"
@@ -65,13 +64,7 @@ func getInstanceInfo(_ context.Context, _ io.ReadWriteCloser, extraData []byte)
 	var extraData64 [64]byte
 	copy(extraData64[:], extraData)
 
-	device, err := sevclient.OpenDevice()
+	report, certs, err := snp.GetExtendedReport(extraData64)
-	if err != nil {
-		return nil, fmt.Errorf("opening sev device: %w", err)
-	}
-	defer device.Close()
-
-	report, certs, err := sevclient.GetRawExtendedReportAtVmpl(device, extraData64, 0)
 	if err != nil {
 		return nil, fmt.Errorf("getting extended report: %w", err)
 	}

internal/attestation/snp/BUILD.bazel

@@ -9,6 +9,7 @@ go_library(
     deps = [
         "//internal/attestation",
         "@com_github_google_go_sev_guest//abi",
+        "@com_github_google_go_sev_guest//client",
         "@com_github_google_go_sev_guest//kds",
         "@com_github_google_go_sev_guest//proto/sevsnp",
         "@com_github_google_go_sev_guest//verify/trust",

internal/attestation/snp/snp.go

@@ -17,6 +17,7 @@ import (
 
 	"github.com/edgelesssys/constellation/v2/internal/attestation"
 	"github.com/google/go-sev-guest/abi"
+	"github.com/google/go-sev-guest/client"
 	"github.com/google/go-sev-guest/kds"
 	spb "github.com/google/go-sev-guest/proto/sevsnp"
 	"github.com/google/go-sev-guest/verify/trust"
@@ -32,6 +33,26 @@ func Product() *spb.SevProduct {
 	return &spb.SevProduct{Name: spb.SevProduct_SEV_PRODUCT_MILAN, Stepping: 0} // Milan-B0
 }
 
+// GetExtendedReport retrieves the extended SNP report from the CVM.
+func GetExtendedReport(reportData [64]byte) (report, certChain []byte, err error) {
+	qp, err := client.GetLeveledQuoteProvider()
+	if err != nil {
+		return nil, nil, fmt.Errorf("getting quote provider: %w", err)
+	}
+	quote, err := qp.GetRawQuoteAtLevel(reportData, 0)
+	if err != nil {
+		return nil, nil, fmt.Errorf("getting extended report: %w", err)
+	}
+
+	// Parse the report and certificate chain from the quote.
+	report = quote
+	if len(quote) > abi.ReportSize {
+		report = quote[:abi.ReportSize]
+		certChain = quote[abi.ReportSize:]
+	}
+	return report, certChain, nil
+}
+
 // InstanceInfo contains the necessary information to establish trust in a SNP CVM.
 type InstanceInfo struct {
 	// ReportSigner is the PEM-encoded certificate used to validate the attestation report's signature.
@@ -110,7 +131,7 @@ func (a *InstanceInfo) AttestationWithCerts(getter trust.HTTPSGetter,
 		return nil, fmt.Errorf("converting report to proto: %w", err)
 	}
 
-	productName := kds.ProductString(Product())
+	productName := kds.ProductLine(Product())
 
 	att := &spb.Attestation{
 		Report:           report,

internal/verify/verify.go

@@ -131,7 +131,7 @@ func getCertChain(cfg config.AttestationCfg) ([]byte, error) {
 	}
 
 	if awsCfg.AMDSigningKey.Equal(config.Certificate{}) {
-		certs, err := trust.GetProductChain(kds.ProductString(snp.Product()), abi.VlekReportSigner, trust.DefaultHTTPSGetter())
+		certs, err := trust.GetProductChain(kds.ProductLine(snp.Product()), abi.VlekReportSigner, trust.DefaultHTTPSGetter())
 		if err != nil {
 			return nil, fmt.Errorf("getting product certificate chain: %w", err)
 		}