Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Azure attestation validation #12

Merged
merged 5 commits into from
Oct 24, 2023
Merged

Fix Azure attestation validation #12

merged 5 commits into from
Oct 24, 2023

Conversation

hslatman
Copy link
Member

@hslatman hslatman commented Oct 23, 2023
edited
Loading

Fixes #11

Example using OpenSSL:

$ cat att.p7.pem
-----BEGIN PKCS7-----
MIIEEgYJKoZIhvcNAQcCoIIEAzCCA/8CAQExDzANBgkqhkiG9w0BAQsFADCBugYJ
KoZIhvcNAQcBoIGsBIGpeyJub25jZSI6IjEyMzQ1NjY3NjYiLCJwbGFuIjp7Im5h
bWUiOiIiLCJwcm9kdWN0IjoiIiwicHVibGlzaGVyIjoiIn0sInRpbWVTdGFtcCI6
eyJjcmVhdGVkT24iOiIxMS8yMC8xOCAyMjowNzozOSAtMDAwMCIsImV4cGlyZXNP
biI6IjExLzIwLzE4IDIyOjA4OjI0IC0wMDAwIn0sInZtSWQiOiIifaCCAj8wggI7
MIIBpKADAgECAhBnxW5Kh8dslEBA0E2mIBJ0MA0GCSqGSIb3DQEBBAUAMCsxKTAn
BgNVBAMTIHRlc3RzdWJkb21haW4ubWV0YWRhdGEuYXp1cmUuY29tMB4XDTE4MTEy
MDIxNTc1N1oXDTE4MTIyMDIxNTc1NlowKzEpMCcGA1UEAxMgdGVzdHN1YmRvbWFp
bi5tZXRhZGF0YS5henVyZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
AML/tBo86ENWPzmXZ0kPkX5dY5QZ150mA8lommszE71x2sCLonzv4/UWk4H+jMMW
RRwIea2CuQ5RhdWAHvKq6if4okKNt66fxm+YTVz9z0CTfCLmLT+nsdfOAsG1xZpp
EapC0Cd9vD6NCKyE8aYI1pliaeOnFjG0WvMY04uWz2MdAgMBAAGjYDBeMFwGA1Ud
AQRVMFOAENnYkHLa04Ut4Mpt7TkJFfyhLTArMSkwJwYDVQQDEyB0ZXN0c3ViZG9t
YWluLm1ldGFkYXRhLmF6dXJlLmNvbYIQZ8VuSofHbJRAQNBNpiASdDANBgkqhkiG
9w0BAQQFAAOBgQCLSM6aX5Bs1KHCJp4VQtxZPzXF71rVKCocHy3N9PTJQ9Fpnd+b
Yw2vSpQHg/AiG82WuDFpPReJvr7Pa938mZqW9HUOGjQKK2FYDTg6fXD8pkPdyghl
X5boGWAMMrf7bFkup+lsT+n2tRw2wbNknO1tQ0wICtqy2VqzWwLi45RBwTGB6DCB
5QIBATA/MCsxKTAnBgNVBAMTIHRlc3RzdWJkb21haW4ubWV0YWRhdGEuYXp1cmUu
Y29tAhBnxW5Kh8dslEBA0E2mIBJ0MA0GCSqGSIb3DQEBCwUAMA0GCSqGSIb3DQEB
AQUABIGAld1BM/yYIqqv8SDE4kjQo3Ul/IKAVR8ETKcve5BAdGSNkTUooUGVniTX
euvDj5NkmazOaKZp9fEtByqqPOyw/nlXaZgOO44HDGiPUJ90xVYmfeK6p9RpJBu6
kiKhnnYTelUk5u75phe5ZbMZfBhuPhXmYAdjc7Nmw97nx8NnprQ=
-----END PKCS7-----

$ openssl pkcs7 -inform der -in att.p7.der -print_certs
subject=CN = testsubdomain.metadata.azure.com
issuer=CN = testsubdomain.metadata.azure.com
-----BEGIN CERTIFICATE-----
MIICOzCCAaSgAwIBAgIQZ8VuSofHbJRAQNBNpiASdDANBgkqhkiG9w0BAQQFADAr
MSkwJwYDVQQDEyB0ZXN0c3ViZG9tYWluLm1ldGFkYXRhLmF6dXJlLmNvbTAeFw0x
ODExMjAyMTU3NTdaFw0xODEyMjAyMTU3NTZaMCsxKTAnBgNVBAMTIHRlc3RzdWJk
b21haW4ubWV0YWRhdGEuYXp1cmUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQDC/7QaPOhDVj85l2dJD5F+XWOUGdedJgPJaJprMxO9cdrAi6J87+P1FpOB
/ozDFkUcCHmtgrkOUYXVgB7yquon+KJCjbeun8ZvmE1c/c9Ak3wi5i0/p7HXzgLB
tcWaaRGqQtAnfbw+jQishPGmCNaZYmnjpxYxtFrzGNOLls9jHQIDAQABo2AwXjBc
BgNVHQEEVTBTgBDZ2JBy2tOFLeDKbe05CRX8oS0wKzEpMCcGA1UEAxMgdGVzdHN1
YmRvbWFpbi5tZXRhZGF0YS5henVyZS5jb22CEGfFbkqHx2yUQEDQTaYgEnQwDQYJ
KoZIhvcNAQEEBQADgYEAi0jOml+QbNShwiaeFULcWT81xe9a1SgqHB8tzfT0yUPR
aZ3fm2MNr0qUB4PwIhvNlrgxaT0Xib6+z2vd/JmalvR1Dho0CithWA04On1w/KZD
3coIZV+W6BlgDDK3+2xZLqfpbE/p9rUcNsGzZJztbUNMCArastlas1sC4uOUQcE=
-----END CERTIFICATE-----

$ openssl pkcs7 -inform der -in att.p7.der -print_certs -out att.p7.crt

$ openssl cms -verify -binary -inform der -in att.p7.der -certfile att.p7.crt -noverify -nointern
CMS Verification successful
{"nonce":"1234566766","plan":{"name":"","product":"","publisher":""},"timeStamp":{"createdOn":"11/20/18 22:07:39 -0000","expiresOn":"11/20/18 22:08:24 -0000"},"vmId":""}%

# shorter:
$ openssl cms -verify -binary -inform der -in att.p7.der -noverify
CMS Verification successful
{"nonce":"1234566766","plan":{"name":"","product":"","publisher":""},"timeStamp":{"createdOn":"11/20/18 22:07:39 -0000","expiresOn":"11/20/18 22:08:24 -0000"},"vmId":""}%

@hslatman hslatman mentioned this pull request Oct 23, 2023
Closed
@hslatman hslatman marked this pull request as ready for review October 23, 2023 22:14
@hslatman hslatman requested a review from maraino October 23, 2023 22:29
@hslatman hslatman merged commit 9bda91d into main Oct 24, 2023
@hslatman hslatman deleted the herman/fix-azure-attestation branch October 24, 2023 18:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maraino maraino maraino approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SHA-256 not supported for RSA encryption
2 participants
@hslatman @maraino