Add note on documentation location for certificate order

mobilecoinfoundation · Jul 26, 2022 · ffef27f · ffef27f
1 parent 8541662
commit ffef27f
Showing 1 changed file with 10 additions and 8 deletions.
diff --git a/untrusted/quote_verify/src/lib.rs b/untrusted/quote_verify/src/lib.rs
@@ -118,17 +118,19 @@ impl Quote {
  let (_, pem) = pem::parse_x509_pem(ROOT_CERT_PEM)?;
  let root_cert = pem.parse_x509()?;
 
- let pems =
- Pem::iter_from_buffer(&self.bytes[QUOTING_ENCLAVE_CERTIFICATION_DATA_START..])
- .collect::<Result<Vec<_>, _>>()?;
+ let pems = Pem::iter_from_buffer(&self.bytes[QUOTING_ENCLAVE_CERTIFICATION_DATA_START..])
+ .collect::<Result<Vec<_>, _>>()?;
 
  // Certs have a lifetime dependent on `pems` so must create them once
  // the pems are held in place.
- let mut certs = pems.iter().map(|p|{
- p.parse_x509()
- }).collect::<Result<Vec<_>, _>>()?;
-
- // Certs are in order from leaf -> .. -> root. We need to start
+ let mut certs = pems
+ .iter()
+ .map(|p| p.parse_x509())
+ .collect::<Result<Vec<_>, _>>()?;
+
+ // Per Table 9 *Certification Data* (type 5) from
+ // https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_ECDSA_QuoteLibReference_DCAP_API.pdf
+ // certs are in order from leaf -> .. -> root. We need to start
  // verifying from the root.
  certs.reverse();