Skip to content

Correctly set author_key_digest and report_id fields in js_verify_snp_attestation #7004

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
May 19, 2025
Merged

Correctly set author_key_digest and report_id fields in js_verify_snp_attestation #7004

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
f26ad1f
Correctly set author_key_digest and report_id fields in js_verify_snp…
achamayou May 13, 2025
5c2414e
Make incorrect re-use a bit more difficult
achamayou May 13, 2025
95afa23
Merge branch 'main' into fix_field_duplication_in_js_verify_snp_attes…
maxtropets May 16, 2025
5a37e9e
Merge branch 'main' into fix_field_duplication_in_js_verify_snp_attes…
maxtropets May 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
230 changes: 138 additions & 92 deletions src/js/extensions/snp_attestation.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,94 +138,126 @@ namespace ccf::js::extensions

JS_CHECK_SET(a.set("policy", std::move(policy)));

auto family_id = jsctx.new_array_buffer_copy(attestation.family_id);
JS_CHECK_EXC(family_id);
JS_CHECK_SET(a.set("family_id", std::move(family_id)));
{
auto family_id = jsctx.new_array_buffer_copy(attestation.family_id);
JS_CHECK_EXC(family_id);
JS_CHECK_SET(a.set("family_id", std::move(family_id)));
}

auto image_id = jsctx.new_array_buffer_copy(attestation.image_id);
JS_CHECK_EXC(image_id);
JS_CHECK_SET(a.set("image_id", std::move(image_id)));
{
auto image_id = jsctx.new_array_buffer_copy(attestation.image_id);
JS_CHECK_EXC(image_id);
JS_CHECK_SET(a.set("image_id", std::move(image_id)));
}

JS_CHECK_SET(a.set_uint32("vmpl", attestation.vmpl));
JS_CHECK_SET(a.set_uint32(
"signature_algo", static_cast<uint32_t>(attestation.signature_algo)));

auto platform_version =
jsctx.wrap(make_js_tcb_version(jsctx, attestation.platform_version));
JS_CHECK_EXC(platform_version);
JS_CHECK_SET(a.set("platform_version", std::move(platform_version)));
{
auto platform_version =
jsctx.wrap(make_js_tcb_version(jsctx, attestation.platform_version));
JS_CHECK_EXC(platform_version);
JS_CHECK_SET(a.set("platform_version", std::move(platform_version)));
}

auto platform_info = jsctx.new_obj();
JS_CHECK_EXC(platform_info);
JS_CHECK_SET(
platform_info.set_uint32("smt_en", attestation.platform_info.smt_en));
JS_CHECK_SET(
platform_info.set_uint32("tsme_en", attestation.platform_info.tsme_en));
JS_CHECK_SET(a.set("plaform_info", std::move(platform_info)));
{
auto platform_info = jsctx.new_obj();
JS_CHECK_EXC(platform_info);
JS_CHECK_SET(
platform_info.set_uint32("smt_en", attestation.platform_info.smt_en));
JS_CHECK_SET(
platform_info.set_uint32("tsme_en", attestation.platform_info.tsme_en));
JS_CHECK_SET(a.set("plaform_info", std::move(platform_info)));
}

auto flags = jsctx.new_obj();
JS_CHECK_EXC(flags);
JS_CHECK_SET(
flags.set_uint32("author_key_en", attestation.flags.author_key_en));
JS_CHECK_SET(
flags.set_uint32("mask_chip_key", attestation.flags.mask_chip_key));
JS_CHECK_SET(
flags.set_uint32("signing_key", attestation.flags.signing_key));
JS_CHECK_SET(a.set("flags", std::move(flags)));

auto attestation_report_data =
jsctx.new_array_buffer_copy(attestation.report_data);
JS_CHECK_EXC(attestation_report_data);
JS_CHECK_SET(a.set("report_data", std::move(attestation_report_data)));

auto attestation_measurement =
jsctx.new_array_buffer_copy(attestation.measurement);
JS_CHECK_EXC(attestation_measurement);
JS_CHECK_SET(a.set("measurement", std::move(attestation_measurement)));

auto attestation_host_data =
jsctx.new_array_buffer_copy(attestation.host_data);
JS_CHECK_EXC(attestation_host_data);
JS_CHECK_SET(a.set("host_data", std::move(attestation_host_data)));

auto attestation_id_key_digest =
jsctx.new_array_buffer_copy(attestation.id_key_digest);
JS_CHECK_EXC(attestation_id_key_digest);
JS_CHECK_SET(a.set("id_key_digest", std::move(attestation_id_key_digest)));

auto attestation_author_key_digest =
jsctx.new_array_buffer_copy(attestation.author_key_digest);
JS_CHECK_EXC(attestation_author_key_digest);
JS_CHECK_SET(
a.set("author_key_digest", std::move(attestation_id_key_digest)));
{
auto flags = jsctx.new_obj();
JS_CHECK_EXC(flags);
JS_CHECK_SET(
flags.set_uint32("author_key_en", attestation.flags.author_key_en));
JS_CHECK_SET(
flags.set_uint32("mask_chip_key", attestation.flags.mask_chip_key));
JS_CHECK_SET(
flags.set_uint32("signing_key", attestation.flags.signing_key));
JS_CHECK_SET(a.set("flags", std::move(flags)));
}

auto attestation_report_id =
jsctx.new_array_buffer_copy(attestation.report_id);
JS_CHECK_EXC(attestation_report_id);
JS_CHECK_SET(a.set("report_id", std::move(attestation_id_key_digest)));
{
auto attestation_report_data =
jsctx.new_array_buffer_copy(attestation.report_data);
JS_CHECK_EXC(attestation_report_data);
JS_CHECK_SET(a.set("report_data", std::move(attestation_report_data)));
}

auto attestation_report_id_ma =
jsctx.new_array_buffer_copy(attestation.report_id_ma);
JS_CHECK_EXC(attestation_report_id_ma);
JS_CHECK_SET(a.set("report_id_ma", std::move(attestation_report_id_ma)));
{
auto attestation_measurement =
jsctx.new_array_buffer_copy(attestation.measurement);
JS_CHECK_EXC(attestation_measurement);
JS_CHECK_SET(a.set("measurement", std::move(attestation_measurement)));
}

auto reported_tcb =
jsctx.wrap(make_js_tcb_version(jsctx, attestation.reported_tcb));
JS_CHECK_EXC(reported_tcb);
JS_CHECK_SET(a.set("reported_tcb", std::move(reported_tcb)));
{
auto attestation_host_data =
jsctx.new_array_buffer_copy(attestation.host_data);
JS_CHECK_EXC(attestation_host_data);
JS_CHECK_SET(a.set("host_data", std::move(attestation_host_data)));
}

{
auto attestation_id_key_digest =
jsctx.new_array_buffer_copy(attestation.id_key_digest);
JS_CHECK_EXC(attestation_id_key_digest);
JS_CHECK_SET(
a.set("id_key_digest", std::move(attestation_id_key_digest)));
}

{
auto attestation_author_key_digest =
jsctx.new_array_buffer_copy(attestation.author_key_digest);
JS_CHECK_EXC(attestation_author_key_digest);
JS_CHECK_SET(
a.set("author_key_digest", std::move(attestation_author_key_digest)));
}

{
auto attestation_report_id =
jsctx.new_array_buffer_copy(attestation.report_id);
JS_CHECK_EXC(attestation_report_id);
JS_CHECK_SET(a.set("report_id", std::move(attestation_report_id)));
}

{
auto attestation_report_id_ma =
jsctx.new_array_buffer_copy(attestation.report_id_ma);
JS_CHECK_EXC(attestation_report_id_ma);
JS_CHECK_SET(a.set("report_id_ma", std::move(attestation_report_id_ma)));
}

{
auto reported_tcb =
jsctx.wrap(make_js_tcb_version(jsctx, attestation.reported_tcb));
JS_CHECK_EXC(reported_tcb);
JS_CHECK_SET(a.set("reported_tcb", std::move(reported_tcb)));
}

JS_CHECK_SET(a.set_uint32("cpuid_fam_id", attestation.cpuid_fam_id));
JS_CHECK_SET(a.set_uint32("cpuid_mod_id", attestation.cpuid_mod_id));
JS_CHECK_SET(a.set_uint32("cpuid_step", attestation.cpuid_step));

auto attestation_chip_id = jsctx.new_array_buffer_copy(attestation.chip_id);
JS_CHECK_EXC(attestation_chip_id);
JS_CHECK_SET(a.set("chip_id", std::move(attestation_chip_id)));
{
auto attestation_chip_id =
jsctx.new_array_buffer_copy(attestation.chip_id);
JS_CHECK_EXC(attestation_chip_id);
JS_CHECK_SET(a.set("chip_id", std::move(attestation_chip_id)));
}

auto committed_tcb =
jsctx.wrap(make_js_tcb_version(jsctx, attestation.committed_tcb));
JS_CHECK_EXC(committed_tcb);
JS_CHECK_SET(a.set("committed_tcb", std::move(committed_tcb)));
{
auto committed_tcb =
jsctx.wrap(make_js_tcb_version(jsctx, attestation.committed_tcb));
JS_CHECK_EXC(committed_tcb);
JS_CHECK_SET(a.set("committed_tcb", std::move(committed_tcb)));
}

JS_CHECK_SET(a.set_uint32("current_minor", attestation.current_minor));
JS_CHECK_SET(a.set_uint32("current_build", attestation.current_build));
Expand All @@ -234,21 +266,27 @@ namespace ccf::js::extensions
JS_CHECK_SET(a.set_uint32("committed_minor", attestation.committed_minor));
JS_CHECK_SET(a.set_uint32("committed_major", attestation.committed_major));

auto launch_tcb =
jsctx.wrap(make_js_tcb_version(jsctx, attestation.launch_tcb));
JS_CHECK_EXC(launch_tcb);
JS_CHECK_SET(a.set("launch_tcb", std::move(launch_tcb)));
{
auto launch_tcb =
jsctx.wrap(make_js_tcb_version(jsctx, attestation.launch_tcb));
JS_CHECK_EXC(launch_tcb);
JS_CHECK_SET(a.set("launch_tcb", std::move(launch_tcb)));
}

auto signature = jsctx.new_obj();
JS_CHECK_EXC(signature);

auto signature_r = jsctx.new_array_buffer_copy(attestation.signature.r);
JS_CHECK_EXC(signature_r);
JS_CHECK_SET(signature.set("r", std::move(signature_r)));
{
auto signature_r = jsctx.new_array_buffer_copy(attestation.signature.r);
JS_CHECK_EXC(signature_r);
JS_CHECK_SET(signature.set("r", std::move(signature_r)));
}

auto signature_s = jsctx.new_array_buffer_copy(attestation.signature.s);
JS_CHECK_EXC(signature_s);
JS_CHECK_SET(signature.set("s", std::move(signature_s)));
{
auto signature_s = jsctx.new_array_buffer_copy(attestation.signature.s);
JS_CHECK_EXC(signature_s);
JS_CHECK_SET(signature.set("s", std::move(signature_s)));
}

JS_CHECK_SET(a.set("signature", std::move(signature)));
JS_CHECK_SET(r.set("attestation", std::move(a)));
Expand All @@ -258,19 +296,27 @@ namespace ccf::js::extensions
auto u = jsctx.new_obj();
JS_CHECK_EXC(u);

auto did = jsctx.new_string(parsed_uvm_endorsements.value().did.c_str());
JS_CHECK_EXC(did);
JS_CHECK_SET(u.set("did", std::move(did)));
{
auto did =
jsctx.new_string(parsed_uvm_endorsements.value().did.c_str());
JS_CHECK_EXC(did);
JS_CHECK_SET(u.set("did", std::move(did)));
}

auto feed =
jsctx.new_string(parsed_uvm_endorsements.value().feed.c_str());
JS_CHECK_EXC(feed);
JS_CHECK_SET(u.set("feed", std::move(feed)));
{
auto feed =
jsctx.new_string(parsed_uvm_endorsements.value().feed.c_str());
JS_CHECK_EXC(feed);
JS_CHECK_SET(u.set("feed", std::move(feed)));
}

auto svn = jsctx.new_string(parsed_uvm_endorsements.value().svn.c_str());
JS_CHECK_EXC(svn);
JS_CHECK_SET(u.set("svn", std::move(svn)));
JS_CHECK_SET(r.set("uvm_endorsements", std::move(u)));
{
auto svn =
jsctx.new_string(parsed_uvm_endorsements.value().svn.c_str());
JS_CHECK_EXC(svn);
JS_CHECK_SET(u.set("svn", std::move(svn)));
JS_CHECK_SET(r.set("uvm_endorsements", std::move(u)));
}
}

return r.take();
Expand Down