Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-08-02 03:56:07 -04:00
Code Issues Projects Releases Packages Wiki Activity

verify: use fixed user data

Browse source
This commit is contained in:
Thomas Tendyck 2023-01-17 15:28:07 +01:00 committed by Thomas Tendyck
parent 85f33b2140
commit f0f109a1ea
8 changed files with 47 additions and 134 deletions
Download patch file Download diff file Expand all files Collapse all files

12
cli/internal/cmd/verify.go
View file

@ -97,18 +97,12 @@ func (v *verifyCmd) verify(cmd *cobra.Command, fileHandler file.Handler, verifyC
return err
}
v.log.Debugf("Generated random nonce: %x", nonce)
userData, err := crypto.GenerateRandomBytes(32)
if err != nil {
return err
}
v.log.Debugf("Generated random user data: %x", userData)
if err := verifyClient.Verify(
cmd.Context(),
flags.endpoint,
&verifyproto.GetAttestationRequest{
Nonce: nonce,
UserData: userData,
Nonce: nonce,
},
validators.V(cmd),
); err != nil {
@ -231,8 +225,8 @@ func (v *constellationVerifier) Verify(
return fmt.Errorf("validating attestation: %w", err)
}
if !bytes.Equal(signedData, req.UserData) {
return errors.New("signed data in attestation does not match provided user data")
if !bytes.Equal(signedData, []byte(constants.ConstellationVerifyServiceUserData)) {
return errors.New("signed data in attestation does not match expected user data")
}
return nil
}

24
cli/internal/cmd/verify_test.go
View file

@ -181,25 +181,22 @@ func TestVerify(t *testing.T) {
func TestVerifyClient(t *testing.T) {
testCases := map[string]struct {
attestationDoc atls.FakeAttestationDoc
userData []byte
nonce []byte
attestationErr error
wantErr bool
}{
"success": {
attestationDoc: atls.FakeAttestationDoc{
UserData: []byte("user data"),
UserData: []byte(constants.ConstellationVerifyServiceUserData),
Nonce: []byte("nonce"),
},
userData: []byte("user data"),
nonce: []byte("nonce"),
nonce: []byte("nonce"),
},
"attestation error": {
attestationDoc: atls.FakeAttestationDoc{
UserData: []byte("user data"),
UserData: []byte(constants.ConstellationVerifyServiceUserData),
Nonce: []byte("nonce"),
},
userData: []byte("user data"),
nonce: []byte("nonce"),
attestationErr: errors.New("error"),
wantErr: true,
@ -209,18 +206,16 @@ func TestVerifyClient(t *testing.T) {
UserData: []byte("wrong user data"),
Nonce: []byte("nonce"),
},
userData: []byte("user data"),
nonce: []byte("nonce"),
wantErr: true,
nonce: []byte("nonce"),
wantErr: true,
},
"nonce does not match": {
attestationDoc: atls.FakeAttestationDoc{
UserData: []byte("user data"),
UserData: []byte(constants.ConstellationVerifyServiceUserData),
Nonce: []byte("wrong nonce"),
},
userData: []byte("user data"),
nonce: []byte("nonce"),
wantErr: true,
nonce: []byte("nonce"),
wantErr: true,
},
}
@ -248,8 +243,7 @@ func TestVerifyClient(t *testing.T) {
verifier := &constellationVerifier{dialer: dialer, log: logger.NewTest(t)}
request := &verifyproto.GetAttestationRequest{
UserData: tc.userData,
Nonce: tc.nonce,
Nonce: tc.nonce,
}
err = verifier.Verify(context.Background(), addr, request, atls.NewFakeValidator(oid.Dummy{}))