mirrors/signal-desktop
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 2 Wiki Activity Actions 1

Update Intel advisories for Legacy CDS

Browse source
This commit is contained in:
Fedor Indutny 2022-10-20 11:52:32 -07:00 committed by GitHub
parent 02a76edfb1
commit b82234b119
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
ts/textsecure/cds/LegacyCDS.ts
View file

@ -420,6 +420,8 @@ export class LegacyCDS extends CDSBase<LegacyCDSOptionsType> {
}
}
const ALLOWED_ADVISORIES = new Set(['INTEL-SA-00334', 'INTEL-SA-00615']);
function validateAttestationSignatureBody(
signatureBody: {
timestamp: string;
@ -445,12 +447,12 @@ function validateAttestationSignatureBody(
if (signatureBody.isvEnclaveQuoteStatus !== 'SW_HARDENING_NEEDED') {
throw new Error('Attestation signature status not "SW_HARDENING_NEEDED"!');
}
if (
signatureBody.advisoryIDs.length !== 1 ||
signatureBody.advisoryIDs[0] !== 'INTEL-SA-00334'
) {
if (!signatureBody.advisoryIDs.every(id => ALLOWED_ADVISORIES.has(id))) {
throw new Error('Attestation advisory ids are incorrect');
}
if (signatureBody.advisoryIDs.length > ALLOWED_ADVISORIES.size) {
throw new Error('Attestation advisory count is incorrect');
}
if (signatureTime < now - 24 * 60 * 60 * 1000) {
throw new Error('Attestation signature timestamp older than 24 hours!');
}