From 080b64841f1b2b110cc54a8f127d0aecb65191dd Mon Sep 17 00:00:00 2001 From: Simon Ott Date: Thu, 7 Dec 2023 09:58:25 +0000 Subject: [PATCH] attestationreport/snp: fixes Signed-off-by: Simon Ott --- attestationreport/snp.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/attestationreport/snp.go b/attestationreport/snp.go index a339f1e8..b95d2114 100644 --- a/attestationreport/snp.go +++ b/attestationreport/snp.go @@ -445,6 +445,11 @@ func verifySnpSignature( return result, false } // Verify that the reference value fingerprint matches the certificate fingerprint + if fingerprint == "" { + msg := "Reference value SNP CA fingerprint not present" + result.CertChainCheck.setFalse(&msg) + return result, false + } refFingerprint, err := hex.DecodeString(fingerprint) if err != nil { msg := fmt.Sprintf("Failed to decode CA fingerprint %v: %v", fingerprint, err) @@ -453,7 +458,7 @@ func verifySnpSignature( } caFingerprint := sha256.Sum256(ca.Raw) if !bytes.Equal(refFingerprint, caFingerprint[:]) { - msg := fmt.Sprintf("CA fingerprint %v does not match measurement CA fingerprint %v", + msg := fmt.Sprintf("Reference Values CA fingerprint '%v' does not match trusted CA fingerprint '%v'", fingerprint, hex.EncodeToString(caFingerprint[:])) result.CertChainCheck.setFalse(&msg) return result, false