Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-05-03 14:54:53 -04:00
Code Issues Projects Releases Packages Wiki Activity

cli: add verify support for TDX

Browse source
This commit is contained in:
Nils Hanke 2023-03-22 14:56:51 +01:00 committed by Malte Poll
parent e80474ff7f
commit e130188ecd
2 changed files with 124 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

69
cli/internal/cloudcmd/validators_test.go
View file

@ -8,6 +8,7 @@ package cloudcmd
import (
"crypto/sha256"
"crypto/sha512"
"encoding/base64"
"testing"
@ -155,3 +156,71 @@ func TestValidatorUpdateInitPCRs(t *testing.T) {
})
}
}
func TestValidatorUpdateInitMeasurementsTDX(t *testing.T) {
zero := measurements.WithAllBytes(0x00, true, measurements.TDXMeasurementLength)
one := measurements.WithAllBytes(0x11, true, measurements.TDXMeasurementLength)
one64 := base64.StdEncoding.EncodeToString(one.Expected[:])
oneHash := sha512.Sum384(one.Expected[:])
tdxZeroUpdatedOne := sha512.Sum384(append(zero.Expected[:], oneHash[:]...))
newTestTDXMeasurements := func() measurements.M {
return measurements.M{
0: measurements.WithAllBytes(0x00, true, measurements.TDXMeasurementLength),
1: measurements.WithAllBytes(0x00, true, measurements.TDXMeasurementLength),
2: measurements.WithAllBytes(0x00, true, measurements.TDXMeasurementLength),
3: measurements.WithAllBytes(0x00, true, measurements.TDXMeasurementLength),
4: measurements.WithAllBytes(0x00, true, measurements.TDXMeasurementLength),
}
}
testCases := map[string]struct {
measurements measurements.M
clusterID string
wantErr bool
}{
"QEMUT TDX update update cluster ID": {
measurements: newTestTDXMeasurements(),
clusterID: one64,
},
"cluster ID empty": {
measurements: newTestTDXMeasurements(),
},
"invalid encoding": {
measurements: newTestTDXMeasurements(),
clusterID: "invalid",
wantErr: true,
},
}
for name, tc := range testCases {
t.Run(name, func(t *testing.T) {
assert := assert.New(t)
cfg := &config.QEMUTDX{Measurements: tc.measurements}
err := UpdateInitMeasurements(cfg, "", tc.clusterID)
if tc.wantErr {
assert.Error(err)
return
}
assert.NoError(err)
for i := 0; i < len(tc.measurements); i++ {
switch {
case i == measurements.TDXIndexClusterID && tc.clusterID == "":
// should be deleted
_, ok := cfg.Measurements[uint32(i)]
assert.False(ok)
case i == measurements.TDXIndexClusterID:
pcr, ok := cfg.Measurements[uint32(i)]
assert.True(ok)
assert.Equal(tdxZeroUpdatedOne[:], pcr.Expected)
default:
assert.Equal(zero, cfg.Measurements[uint32(i)])
}
}
})
}
}