Skip to content

Commit

Permalink
attestationreport/snp: fixes
Browse files Browse the repository at this point in the history
Signed-off-by: Simon Ott <[email protected]>
  • Loading branch information
smo4201 committed Dec 7, 2023
1 parent edbee82 commit 080b648
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion attestationreport/snp.go
Original file line number Diff line number Diff line change
Expand Up @@ -445,6 +445,11 @@ func verifySnpSignature(
return result, false
}
// Verify that the reference value fingerprint matches the certificate fingerprint
if fingerprint == "" {
msg := "Reference value SNP CA fingerprint not present"
result.CertChainCheck.setFalse(&msg)
return result, false
}
refFingerprint, err := hex.DecodeString(fingerprint)
if err != nil {
msg := fmt.Sprintf("Failed to decode CA fingerprint %v: %v", fingerprint, err)
Expand All @@ -453,7 +458,7 @@ func verifySnpSignature(
}
caFingerprint := sha256.Sum256(ca.Raw)
if !bytes.Equal(refFingerprint, caFingerprint[:]) {
msg := fmt.Sprintf("CA fingerprint %v does not match measurement CA fingerprint %v",
msg := fmt.Sprintf("Reference Values CA fingerprint '%v' does not match trusted CA fingerprint '%v'",
fingerprint, hex.EncodeToString(caFingerprint[:]))
result.CertChainCheck.setFalse(&msg)
return result, false
Expand Down

0 comments on commit 080b648

Please sign in to comment.