Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-08-06 14:04:17 -04:00
Code Issues Projects Releases Packages Wiki Activity

attestation: add option for MAA fallback to verify azure's snp-sev id key digest (#1257)

Browse source 
* Convert enforceIDKeyDigest setting to enum

* Use MAA fallback in Azure SNP attestation

* Only create MAA provider if MAA fallback is enabled

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
This commit is contained in:
Daniel Weiße 2023-03-21 12:46:49 +01:00 committed by GitHub
parent 9a9688583d
commit 5a0234b3f2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
66 changed files with 1073 additions and 542 deletions
Download patch file Download diff file Expand all files Collapse all files

14
internal/attestation/azure/trustedlaunch/trustedlaunch_test.go
View file

@ -8,6 +8,7 @@ package trustedlaunch
import (
"bytes"
"context"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
@ -19,9 +20,11 @@ import (
"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
"github.com/edgelesssys/constellation/v2/internal/attestation/simulator"
"github.com/edgelesssys/constellation/v2/internal/attestation/vtpm"
"github.com/edgelesssys/constellation/v2/internal/crypto"
"github.com/edgelesssys/constellation/v2/internal/logger"
tpmclient "github.com/google/go-tpm-tools/client"
"github.com/google/go-tpm-tools/proto/attest"
"github.com/google/go-tpm/tpm2"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
@ -183,13 +186,20 @@ func TestGetAttestationCert(t *testing.T) {
issuer := NewIssuer(logger.NewTest(t))
issuer.hClient = newTestClient(tc.crlServer)
certs, err := issuer.getAttestationCert(tpm)
certs, err := issuer.getAttestationCert(context.Background(), tpm, nil)
if tc.wantIssueErr {
assert.Error(err)
return
}
require.NoError(err)
attDoc := vtpm.AttestationDocument{
InstanceInfo: certs,
Attestation: &attest.Attestation{
AkPub: akPub,
},
}
validator := NewValidator(measurements.M{}, nil)
cert, err := x509.ParseCertificate(rootCert.Raw)
require.NoError(err)
@ -197,7 +207,7 @@ func TestGetAttestationCert(t *testing.T) {
roots.AddCert(cert)
validator.roots = roots
key, err := validator.verifyAttestationKey(akPub, certs)
key, err := validator.verifyAttestationKey(context.Background(), attDoc, nil)
if tc.wantValidateErr {
assert.Error(err)
return