Add check to ensure zero bytes after attestation key digest

The description of the report data in the DCAP reference specifies that the last 32 bytes of the quoting enclave report data will be 0s. Previously this was not checked during the attestation key validation. Now these bytes are checked to be 0 during attestation key validation.
mobilecoinfoundation · Jul 18, 2022 · d8d7e31 · d8d7e31
1 parent 2f2cc06
commit d8d7e31
Showing 1 changed file with 39 additions and 10 deletions.
diff --git a/untrusted/quote_verify/src/lib.rs b/untrusted/quote_verify/src/lib.rs
@@ -1,5 +1,6 @@
 // Copyright (c) 2022 The MobileCoin Foundation
 
+use displaydoc::Display;
 use mbedtls::{
     alloc::Box as MbedtlsBox,
     bignum::Mpi,
@@ -11,7 +12,6 @@ use mbedtls::{
 use pem::PemError;
 use sha2::{Digest, Sha256};
 use std::mem::size_of;
-use displaydoc::Display;
 
 // The size of a quote header. Table 3 of
 // https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_ECDSA_QuoteLibReference_DCAP_API.pdf
@@ -21,6 +21,11 @@ const QUOTE_HEADER_SIZE: usize = 48;
 // https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_ECDSA_QuoteLibReference_DCAP_API.pdf
 const ENCLAVE_REPORT_SIZE: usize = 384;
 
+// The size of the report data in an enclave report. *Report Data* of
+// the Enclave Report Body. Table 5 of
+// https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_ECDSA_QuoteLibReference_DCAP_API.pdf
+const ENCLAVE_REPORT_DATA_SIZE: usize = 64;
+
 // Size of the full ECDSA signature.
 // Table 6 of
 // https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_ECDSA_QuoteLibReference_DCAP_API.pdf
@@ -63,11 +68,16 @@ const QUOTING_ENCLAVE_REPORT_START: usize = ATTESTATION_KEY_START + KEY_SIZE;
 // https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_ECDSA_QuoteLibReference_DCAP_API.pdf
 const QUOTING_ENCLAVE_SIGNATURE_START: usize = QUOTING_ENCLAVE_REPORT_START + ENCLAVE_REPORT_SIZE;
 
-// The starting byte of the signature for the quote. *QE Report Signature* of
-// the Quote Signature Data Structure. Table 4 of
+// The starting byte of the report data from the quote report. *Report Data* of
+// the Enclave Report Body. Table 5 of
 // https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_ECDSA_QuoteLibReference_DCAP_API.pdf
 const QUOTING_ENCLAVE_REPORT_DATA_START: usize = QUOTING_ENCLAVE_REPORT_START + 320;
 
+// The size of the message digest in the quoting enclave report data.  See
+// description of *QE Report* in table 4 of
+// https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_ECDSA_QuoteLibReference_DCAP_API.pdf
+const QUOTING_ENCLAVE_REPORT_DATA_DIGEST_SIZE: usize = 32;
+
 // The starting byte of the quoting enclave authentication data size for the
 // quote.
 // *Size* from Table 8 of
@@ -99,8 +109,6 @@ pub struct Quote {
     bytes: Vec<u8>,
 }
 
-impl Quote {}
-
 impl Quote {
     /// Returns a [Quote] created from the provided `bytes`.
     ///
@@ -140,10 +148,16 @@ impl Quote {
         hasher.update(authentication_data);
 
         let hash = hasher.finalize();
-        let report_data = &self.bytes
-            [QUOTING_ENCLAVE_REPORT_DATA_START..QUOTING_ENCLAVE_REPORT_DATA_START + hash.len()];
+        let start = QUOTING_ENCLAVE_REPORT_DATA_START;
+        let end = start + QUOTING_ENCLAVE_REPORT_DATA_DIGEST_SIZE;
+        let report_data = &self.bytes[start..end];
+
+        let start = end;
+        let end = QUOTING_ENCLAVE_REPORT_DATA_START + ENCLAVE_REPORT_DATA_SIZE;
+        let zero_pad_after = self.bytes[start..end]
+            == [0; (ENCLAVE_REPORT_DATA_SIZE - QUOTING_ENCLAVE_REPORT_DATA_DIGEST_SIZE)];
 
-        if report_data == hash.as_slice() {
+        if report_data == hash.as_slice() && zero_pad_after {
             Ok(())
         } else {
             Err(Error::AttestationKey)
@@ -254,8 +268,8 @@ pub enum Error {
     Signature(mbedtls::Error),
 
     /** A failure to convert a binary key into an mbedtls version.
-        This is unlikely to happen as it should only happen if there is an
-        error in the FFI or if there is a failure to malloc. */
+    This is unlikely to happen as it should only happen if there is an
+    error in the FFI or if there is a failure to malloc. */
     Key(mbedtls::Error),
 
     /// Invalid attestation key in quote
@@ -346,4 +360,19 @@ mod tests {
         quote.bytes[ATTESTATION_KEY_START] = 1;
         assert_eq!(quote.verify_attestation_key(), Err(Error::AttestationKey));
     }
+
+    #[test]
+    fn no_trailing_zeros_after_quote_report_data_digest() {
+        let mut quote = Quote::from_bytes(HW_QUOTE);
+        quote.bytes[QUOTING_ENCLAVE_REPORT_DATA_START + QUOTING_ENCLAVE_REPORT_DATA_DIGEST_SIZE] =
+            1;
+        assert_eq!(quote.verify_attestation_key(), Err(Error::AttestationKey));
+    }
+
+    #[test]
+    fn no_trailing_zeros_at_end_of_quote_report_data_digest() {
+        let mut quote = Quote::from_bytes(HW_QUOTE);
+        quote.bytes[QUOTING_ENCLAVE_REPORT_DATA_START + (ENCLAVE_REPORT_DATA_SIZE - 1)] = 1;
+        assert_eq!(quote.verify_attestation_key(), Err(Error::AttestationKey));
+    }
 }