@@ -105,6 +105,43 @@ TEST_CASE("Check Test endorsement with integer SVN")
105105 REQUIRE (endorsements.svn == " 102" );
106106}
107107
108+ TEST_CASE (" Check Test endorsement for UVM 0.2.9" )
109+ {
110+ char * end_path = std::getenv (" TEST_ENDORSEMENTS_PATH" );
111+ REQUIRE (end_path != nullptr );
112+
113+ auto endorsement = files::slurp (fmt::format (" {}/uvm_0.2.9.cose" , end_path));
114+ REQUIRE (!endorsement.empty ());
115+
116+ ccf::pal::SnpAttestationMeasurement measurement (
117+ " d0c9e2be22046e60779be88868cff64c2aa22047c15d3127ba495cee3fbc2854c5633f9da2"
118+ " 096e6c64ae2b69bbff8082" );
119+ ccf::pal::PlatformAttestationMeasurement uvm_measurement (measurement);
120+
121+ std::vector<ccf::pal::UVMEndorsements> custom_roots_of_trust = {
122+ ccf::pal::UVMEndorsements{
123+ " did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3."
124+ " 6.1.4.1.311.76.59.1.5" ,
125+ " Malicious-ConfAKS-AMD-UVM" ,
126+ " 1" }};
127+ REQUIRE_THROWS_WITH_AS (
128+ ccf::verify_uvm_endorsements_against_roots_of_trust (
129+ endorsement, uvm_measurement, custom_roots_of_trust),
130+ " UVM endorsements did "
131+ " did:x509:0:sha256:I__iuL25oXEVFdTP_aBLx_eT1RPHbCQ_ECBQfYZpt9s::eku:1.3.6."
132+ " 1.4.1.311.76.59.1.2, feed ContainerPlat-AMD-UVM, svn 103 do not match any "
133+ " of the "
134+ " known UVM roots of trust" ,
135+ std::logic_error);
136+
137+ auto endorsements = ccf::verify_uvm_endorsements_against_roots_of_trust (
138+ endorsement, uvm_measurement, ccf::default_uvm_roots_of_trust);
139+
140+ REQUIRE (endorsements.did == ccf::default_uvm_roots_of_trust[0 ].did );
141+ REQUIRE (endorsements.feed == ccf::default_uvm_roots_of_trust[0 ].feed );
142+ REQUIRE (endorsements.svn == " 103" );
143+ }
144+
108145TEST_CASE (" Check UVM roots of trust matching" )
109146{
110147 ccf::pal::UVMEndorsements old{" issuer1" , " subject1" , " 0" };
0 commit comments