verifier-az-cvm-vtpm: Fix tests to updated library

This commit updates the test fixtures, way to load quote and way to mess
with quote for negative tests.

Signed-off-by: Suraj Deshmukh <[email protected]>

attestation-service/verifier/src/az_snp_vtpm/mod.rs

@@ -133,10 +133,10 @@ fn verify_snp_report(
 #[cfg(test)]
 mod tests {
     use super::*;
+    use az_snp_vtpm::vtpm::VerifyError;
 
-    const REPORT: &[u8; 2048] = include_bytes!("../../test_data/az-snp-vtpm/hcl-report.bin");
-    const SIGNATURE: &[u8; 256] = include_bytes!("../../test_data/az-snp-vtpm/tpm-quote.sig");
-    const MESSAGE: &[u8; 122] = include_bytes!("../../test_data/az-snp-vtpm/tpm-quote.msg");
+    const REPORT: &[u8; 2600] = include_bytes!("../../test_data/az-snp-vtpm/hcl-report.bin");
+    const QUOTE: &[u8; 1362] = include_bytes!("../../test_data/az-snp-vtpm/quote.bin");
     const REPORT_DATA: &[u8] = "challenge".as_bytes();
 
     #[test]
@@ -152,12 +152,17 @@ mod tests {
     fn test_verify_snp_report_failure() {
         let mut wrong_report = REPORT.clone();
         // messing with snp report
-        wrong_report[0x00b0] = 0;
+        wrong_report[0x01a6] = 0;
         let hcl_report = HclReport::new(wrong_report.to_vec()).unwrap();
         let snp_report = hcl_report.try_into().unwrap();
         let vcek = Vcek::from_pem(include_str!("../../test_data/az-snp-vtpm/vcek.pem")).unwrap();
         let vendor_certs = load_milan_cert_chain().as_ref().unwrap();
-        verify_snp_report(&snp_report, &vcek, vendor_certs).unwrap_err();
+        assert_eq!(
+            verify_snp_report(&snp_report, &vcek, vendor_certs)
+                .unwrap_err()
+                .to_string(),
+            "SNP version mismatch",
+        );
     }
 
     #[test]
@@ -175,59 +180,62 @@ mod tests {
         let hcl_report = HclReport::new(wrong_report.to_vec()).unwrap();
         let var_data_hash = hcl_report.var_data_sha256();
         let snp_report = hcl_report.try_into().unwrap();
-        verify_report_data(&var_data_hash, &snp_report).unwrap_err();
+        assert_eq!(
+            verify_report_data(&var_data_hash, &snp_report)
+                .unwrap_err()
+                .to_string(),
+            "SNP report report_data mismatch"
+        );
     }
 
     #[test]
     fn test_verify_signature() {
-        let quote = Quote {
-            signature: SIGNATURE.to_vec(),
-            message: MESSAGE.to_vec(),
-        };
+        let quote: Quote = bincode::deserialize(QUOTE).unwrap();
         let hcl_report = HclReport::new(REPORT.to_vec()).unwrap();
         verify_signature(&quote, &hcl_report).unwrap();
     }
 
     #[test]
     fn test_verify_quote_signature_failure() {
-        let mut wrong_message = MESSAGE.clone();
-        wrong_message.reverse();
-        let wrong_quote = Quote {
-            signature: SIGNATURE.to_vec(),
-            message: wrong_message.to_vec(),
-        };
+        let mut quote = QUOTE.clone();
+        quote[0x030] = 0;
+        let wrong_quote: Quote = bincode::deserialize(&quote).unwrap();
+
         let hcl_report = HclReport::new(REPORT.to_vec()).unwrap();
-        verify_signature(&wrong_quote, &hcl_report).unwrap_err();
+        assert_eq!(
+            verify_signature(&wrong_quote, &hcl_report)
+                .unwrap_err()
+                .downcast_ref::<VerifyError>()
+                .unwrap()
+                .to_string(),
+            VerifyError::SignatureMismatch.to_string()
+        );
     }
 
     #[test]
     fn test_verify_akpub_failure() {
-        let quote = Quote {
-            signature: SIGNATURE.to_vec(),
-            message: MESSAGE.to_vec(),
-        };
+        let quote: Quote = bincode::deserialize(QUOTE).unwrap();
         let mut wrong_report = REPORT.clone();
         // messing with AKpub in var data
         wrong_report[0x0540] = 0;
         let wrong_hcl_report = HclReport::new(wrong_report.to_vec()).unwrap();
-        verify_signature(&quote, &wrong_hcl_report).unwrap_err();
+        assert_eq!(
+            verify_signature(&quote, &wrong_hcl_report)
+                .unwrap_err()
+                .to_string(),
+            "Failed to get AKpub",
+        );
     }
 
     #[test]
     fn test_verify_quote_nonce() {
-        let quote = Quote {
-            signature: SIGNATURE.to_vec(),
-            message: MESSAGE.to_vec(),
-        };
+        let quote: Quote = bincode::deserialize(QUOTE).unwrap();
         verify_nonce(&quote, &REPORT_DATA).unwrap();
     }
 
     #[test]
     fn test_verify_quote_nonce_failure() {
-        let quote = Quote {
-            signature: SIGNATURE.to_vec(),
-            message: MESSAGE.to_vec(),
-        };
+        let quote: Quote = bincode::deserialize(QUOTE).unwrap();
         let mut wrong_report_data = REPORT_DATA.to_vec();
         wrong_report_data.reverse();
         verify_nonce(&quote, &wrong_report_data).unwrap_err();

attestation-service/verifier/src/az_tdx_vtpm/mod.rs

@@ -96,10 +96,11 @@ fn verify_tpm_nonce(quote: &TpmQuote, report_data: &[u8]) -> Result<()> {
 #[cfg(test)]
 mod tests {
     use super::*;
+    use az_tdx_vtpm::vtpm::Quote;
+    use az_tdx_vtpm::vtpm::VerifyError;
 
     const REPORT: &[u8; 2600] = include_bytes!("../../test_data/az-tdx-vtpm/hcl-report.bin");
-    const SIGNATURE: &[u8; 256] = include_bytes!("../../test_data/az-tdx-vtpm/tpm-quote.sig");
-    const MESSAGE: &[u8; 126] = include_bytes!("../../test_data/az-tdx-vtpm/tpm-quote.msg");
+    const QUOTE: &[u8; 1362] = include_bytes!("../../test_data/az-tdx-vtpm/quote.bin");
     const TD_QUOTE: &[u8; 5006] = include_bytes!("../../test_data/az-tdx-vtpm/td-quote.bin");
 
     #[test]
@@ -115,47 +116,48 @@ mod tests {
         wrong_report[0x0880] += 1;
         let hcl_report = HclReport::new(wrong_report.to_vec()).unwrap();
         let td_quote = parse_tdx_quote(TD_QUOTE).unwrap();
-        verify_hcl_var_data(&hcl_report, &td_quote).unwrap_err();
+        assert_eq!(
+            verify_hcl_var_data(&hcl_report, &td_quote)
+                .unwrap_err()
+                .to_string(),
+            "TDX Quote report data mismatch"
+        );
     }
 
     #[test]
     fn test_verify_tpm_signature() {
-        let quote = TpmQuote {
-            signature: SIGNATURE.to_vec(),
-            message: MESSAGE.to_vec(),
-        };
+        let quote: Quote = bincode::deserialize(QUOTE).unwrap();
         let hcl_report = HclReport::new(REPORT.to_vec()).unwrap();
         verify_tpm_signature(&quote, &hcl_report).unwrap();
     }
 
     #[test]
     fn test_verify_tpm_signature_failure() {
-        let mut wrong_message = MESSAGE.clone();
-        wrong_message.reverse();
-        let wrong_quote = TpmQuote {
-            signature: SIGNATURE.to_vec(),
-            message: wrong_message.to_vec(),
-        };
+        let mut quote = QUOTE.clone();
+        quote[0x020] = 0;
+        let wrong_quote: Quote = bincode::deserialize(&quote).unwrap();
+
         let hcl_report = HclReport::new(REPORT.to_vec()).unwrap();
-        verify_tpm_signature(&wrong_quote, &hcl_report).unwrap_err();
+        assert_eq!(
+            verify_tpm_signature(&wrong_quote, &hcl_report)
+                .unwrap_err()
+                .downcast_ref::<VerifyError>()
+                .unwrap()
+                .to_string(),
+            VerifyError::SignatureMismatch.to_string()
+        );
     }
 
     #[test]
     fn test_verify_tpm_nonce() {
-        let quote = TpmQuote {
-            signature: SIGNATURE.to_vec(),
-            message: MESSAGE.to_vec(),
-        };
-        let nonce = "tdx challenge".as_bytes();
+        let quote: Quote = bincode::deserialize(QUOTE).unwrap();
+        let nonce = "challenge".as_bytes();
         verify_tpm_nonce(&quote, nonce).unwrap();
     }
 
     #[test]
     fn test_verify_tpm_nonce_failure() {
-        let quote = TpmQuote {
-            signature: SIGNATURE.to_vec(),
-            message: MESSAGE.to_vec(),
-        };
+        let quote: Quote = bincode::deserialize(QUOTE).unwrap();
         let wrong_nonce = "wrong".as_bytes();
         verify_tpm_nonce(&quote, wrong_nonce).unwrap_err();
     }

attestation-service/verifier/test_data/az-snp-vtpm/vcek.pem

@@ -3,29 +3,29 @@ MIIFTDCCAvugAwIBAgIBADBGBgkqhkiG9w0BAQowOaAPMA0GCWCGSAFlAwQCAgUA
 oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUAogMCATCjAwIBATB7MRQwEgYD
 VQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDASBgNVBAcMC1NhbnRhIENs
 YXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5jZWQgTWljcm8gRGV2aWNl
-czESMBAGA1UEAwwJU0VWLU1pbGFuMB4XDTIzMDEyNDE3NTgyNloXDTMwMDEyNDE3
-NTgyNlowejEUMBIGA1UECwwLRW5naW5lZXJpbmcxCzAJBgNVBAYTAlVTMRQwEgYD
+czESMBAGA1UEAwwJU0VWLU1pbGFuMB4XDTIzMDEwMTA1MzExOFoXDTMwMDEwMTA1
+MzExOFowejEUMBIGA1UECwwLRW5naW5lZXJpbmcxCzAJBgNVBAYTAlVTMRQwEgYD
 VQQHDAtTYW50YSBDbGFyYTELMAkGA1UECAwCQ0ExHzAdBgNVBAoMFkFkdmFuY2Vk
 IE1pY3JvIERldmljZXMxETAPBgNVBAMMCFNFVi1WQ0VLMHYwEAYHKoZIzj0CAQYF
-K4EEACIDYgAExmG1ZbuoAQK93USRyZQcsyobfbaAEoKEELf/jK39cOVJt1t4s83W
-XM3rqIbS7qHUHQw/FGyOvdaEUs5+wwxpCWfDnmJMAQ+ctgZqgDEKh1NqlOuuKcKq
-2YAWE5cTH7sHo4IBFjCCARIwEAYJKwYBBAGceAEBBAMCAQAwFwYJKwYBBAGceAEC
+K4EEACIDYgAEP3PCTk5P1qVUrvZPD+Motv8TNuSxJs5IR21EHLVk7HKQ3bNFknCc
+mwE4ldVb27hjHGpizC9Oom6HHfa7XjX+3P+77N217Tn8/u2MUWhlv7koTxe/xwuV
+Xn07DiWV7ZSKo4IBFjCCARIwEAYJKwYBBAGceAEBBAMCAQAwFwYJKwYBBAGceAEC
 BAoWCE1pbGFuLUIwMBEGCisGAQQBnHgBAwEEAwIBAzARBgorBgEEAZx4AQMCBAMC
 AQAwEQYKKwYBBAGceAEDBAQDAgEAMBEGCisGAQQBnHgBAwUEAwIBADARBgorBgEE
 AZx4AQMGBAMCAQAwEQYKKwYBBAGceAEDBwQDAgEAMBEGCisGAQQBnHgBAwMEAwIB
-CDARBgorBgEEAZx4AQMIBAMCAXMwTQYJKwYBBAGceAEEBEDDhCejDUx6+dlvehW5
-cmmCWmTLdqI1L/1dGBFdia1HP46MC82aXZKGYSutSq37RCYgWjueT+qCMBE1oXDk
-d1JOMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0B
-AQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBA4ICAQACgCai9x8DAWzX/2IelNWm
-ituEBSiq9C9eDnBEckQYikAhPasfagnoWFAtKu/ZWTKHi+BMbhKwswBS8W0G1ywi
-cUWGlzigI4tdxxf1YBJyCoTSNssSbKmIh5jemBfrvIBo1yEd+e56ZJMdhN8e+xWU
-bvovUC2/7Dl76fzAaACLSorZUv5XPJwKXwEOHo7FIcREjoZn+fKjJTnmdXce0LD6
-9RHr+r+ceyE79gmK31bI9DYiJoL4LeGdXZ3gMOVDR1OnDos5lOBcV+quJ6JujpgH
-d9g3Sa7Du7pusD9Fdap98ocZslRfFjFi//2YdVM4MKbq6IwpYNB+2PCEKNC7SfbO
-NgZYJuPZnM/wViES/cP7MZNJ1KUKBI9yh6TmlSsZZOclGJvrOsBZimTXpATjdNMt
-cluKwqAUUzYQmU7bf2TMdOXyA9iH5wIpj1kWGE1VuFADTKILkTc6LzLzOWCofLxf
-onhTtSDtzIv/uel547GZqq+rVRvmIieEuEvDETwuookfV6qu3D/9KuSr9xiznmEg
-xynud/f525jppJMcD/ofbQxUZuGKvb3f3zy+aLxqidoX7gca2Xd9jyUy5Y/83+ZN
-bz4PZx81UJzXVI9ABEh8/xilATh1ZxOePTBJjN7lgr0lXtKYjV/43yyxgUYrXNZS
-oLSG2dLCK9mjjraPjau34Q==
+CDARBgorBgEEAZx4AQMIBAMCAXMwTQYJKwYBBAGceAEEBEA6dUWWsrgPLlF2yq6v
+VEvZSbse/BceAuFyGwp2fd/Jn04lmNJXQQtXEr6LTctPmYOLymx50lAmx2rwnxl5
+gvA8MEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0B
+AQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBA4ICAQA3s4HR1ZshYd/PeYXfiuLV
+kmTCWm+OBd9HVM0hXcNv2KWxRzmG7lBzNKfk71DLqsjOYK5uAS0Jdad9iSbJS6F9
+nQNL1O7/n8M3K6OYa1SYFubU1tXJjRL3Bzx/rcL1w6sGQIeXwDXNjxyPO433YbIW
+oQ6VuUj5AeTLlp3hChfrQ0Nkj3DbfsmDmSL4F0vsSq629YxQ6XTT+tIT897iMMVI
+IMUeJ4O7wxcMnoKoNbM+dTmKrkDm4/FdqYpsT2ziPD9FcTcMud0qZGy8YmUCa9cV
+/g7xKrDfRe8A8FDe1iFAVJ62xhS7GiOx/F2Gd/oEHto9dwE4/OVRmZlFy1njlxZt
+3Dd6W8z0TLmiyHngApx8VMJHNuf4+UeiDYkWo14ZzGlsMKHweGQhy/bRbkIpjNB/
+fUZsn404ZxV8+mbTdeMftIUAofDHryPq2/K4FZB6IucEil9S/dejUerlAlDn+uq/
+TT/FatsAv8gMnTHNB2/GRDRuiLf5bqRGXFRelV8K0edfoxxvW8JjiK2h6bsQf4aA
+JPH53P1GFWvEu9zOsGTldzOIvcPdykMFxhssRryI4YTTwAg6BPpXM83kdnGCEPgU
+pNO5zaEImuqtrxdmOZt8qGxyQ2DYgwS0QC8srEIxBtM9eBSJAodvgUiovwACF4+w
+5CU3rQt0CzyWLJop7k8GMw==
 -----END CERTIFICATE-----