Support iasVersion 4
This commit is contained in:
parent
aa2bb68d4a
commit
62962e4950
2 changed files with 11 additions and 3 deletions
|
@ -1123,6 +1123,7 @@ export function initialize({
|
||||||
async putAttestation(auth, publicKey) {
|
async putAttestation(auth, publicKey) {
|
||||||
const data = JSON.stringify({
|
const data = JSON.stringify({
|
||||||
clientPublic: Bytes.toBase64(publicKey),
|
clientPublic: Bytes.toBase64(publicKey),
|
||||||
|
iasVersion: 4,
|
||||||
});
|
});
|
||||||
const result = (await _outerAjax(null, {
|
const result = (await _outerAjax(null, {
|
||||||
certificateAuthority,
|
certificateAuthority,
|
||||||
|
|
|
@ -431,6 +431,7 @@ function validateAttestationSignatureBody(
|
||||||
version: number;
|
version: number;
|
||||||
isvEnclaveQuoteBody: string;
|
isvEnclaveQuoteBody: string;
|
||||||
isvEnclaveQuoteStatus: string;
|
isvEnclaveQuoteStatus: string;
|
||||||
|
advisoryIDs: ReadonlyArray<string>;
|
||||||
},
|
},
|
||||||
encodedQuote: string
|
encodedQuote: string
|
||||||
) {
|
) {
|
||||||
|
@ -440,14 +441,20 @@ function validateAttestationSignatureBody(
|
||||||
const signatureTime = new Date(utcTimestamp).getTime();
|
const signatureTime = new Date(utcTimestamp).getTime();
|
||||||
|
|
||||||
const now = Date.now();
|
const now = Date.now();
|
||||||
if (signatureBody.version !== 3) {
|
if (signatureBody.version !== 4) {
|
||||||
throw new Error('Attestation signature invalid version!');
|
throw new Error('Attestation signature invalid version!');
|
||||||
}
|
}
|
||||||
if (!encodedQuote.startsWith(signatureBody.isvEnclaveQuoteBody)) {
|
if (!encodedQuote.startsWith(signatureBody.isvEnclaveQuoteBody)) {
|
||||||
throw new Error('Attestion signature mismatches quote!');
|
throw new Error('Attestion signature mismatches quote!');
|
||||||
}
|
}
|
||||||
if (signatureBody.isvEnclaveQuoteStatus !== 'OK') {
|
if (signatureBody.isvEnclaveQuoteStatus !== 'SW_HARDENING_NEEDED') {
|
||||||
throw new Error('Attestation signature status not "OK"!');
|
throw new Error('Attestation signature status not "SW_HARDENING_NEEDED"!');
|
||||||
|
}
|
||||||
|
if (
|
||||||
|
signatureBody.advisoryIDs.length !== 1 ||
|
||||||
|
signatureBody.advisoryIDs[0] !== 'INTEL-SA-00334'
|
||||||
|
) {
|
||||||
|
throw new Error('Attestation advisory ids are incorrect');
|
||||||
}
|
}
|
||||||
if (signatureTime < now - 24 * 60 * 60 * 1000) {
|
if (signatureTime < now - 24 * 60 * 60 * 1000) {
|
||||||
throw new Error('Attestation signature timestamp older than 24 hours!');
|
throw new Error('Attestation signature timestamp older than 24 hours!');
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue