Support iasVersion 4

Co-authored-by: Fedor Indutny <79877362+indutny-signal@users.noreply.github.com>
This commit is contained in:
automated-signal 2022-08-08 18:38:08 -07:00 committed by GitHub
parent bbd2b54146
commit 785c04cc42
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 3 deletions

View File

@ -1123,6 +1123,7 @@ export function initialize({
async putAttestation(auth, publicKey) {
const data = JSON.stringify({
clientPublic: Bytes.toBase64(publicKey),
iasVersion: 4,
});
const result = (await _outerAjax(null, {
certificateAuthority,

View File

@ -431,6 +431,7 @@ function validateAttestationSignatureBody(
version: number;
isvEnclaveQuoteBody: string;
isvEnclaveQuoteStatus: string;
advisoryIDs: ReadonlyArray<string>;
},
encodedQuote: string
) {
@ -440,14 +441,20 @@ function validateAttestationSignatureBody(
const signatureTime = new Date(utcTimestamp).getTime();
const now = Date.now();
if (signatureBody.version !== 3) {
if (signatureBody.version !== 4) {
throw new Error('Attestation signature invalid version!');
}
if (!encodedQuote.startsWith(signatureBody.isvEnclaveQuoteBody)) {
throw new Error('Attestion signature mismatches quote!');
}
if (signatureBody.isvEnclaveQuoteStatus !== 'OK') {
throw new Error('Attestation signature status not "OK"!');
if (signatureBody.isvEnclaveQuoteStatus !== 'SW_HARDENING_NEEDED') {
throw new Error('Attestation signature status not "SW_HARDENING_NEEDED"!');
}
if (
signatureBody.advisoryIDs.length !== 1 ||
signatureBody.advisoryIDs[0] !== 'INTEL-SA-00334'
) {
throw new Error('Attestation advisory ids are incorrect');
}
if (signatureTime < now - 24 * 60 * 60 * 1000) {
throw new Error('Attestation signature timestamp older than 24 hours!');