-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Verifier
for ReportData
#25
Conversation
Codecov Report
@@ Coverage Diff @@
## nick/mr_signer #25 +/- ##
==================================================
+ Coverage 92.84% 93.10% +0.26%
==================================================
Files 2 2
Lines 433 464 +31
==================================================
+ Hits 402 432 +30
- Misses 31 32 +1
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
b75c274
to
718229f
Compare
d447e11
to
d4ddf6e
Compare
d4ddf6e
to
e09b29e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is fine for now, but we should also add a ReportDataMaskVerifier
for compatibility with EPID's sake.
Right now in EPID land, report_data
contains two things: 32 bytes of static noise identity public key, and 32 bytes of app-specific data we want to attest to (e.g. in consensus, this is a block signing public key, in fog ingest this, is the ingress public key---i.e. the key that senders should encrypt their fog hint for). When we switch to DCAP, I'd like to change this to some kind of a MAC over an associated data structure that contains these keys (i.e. give us more than 64 bytes worth of data that we can attest to), but that's not how it works now.
The upshot is that right now, mc-attest-ake
needs to be able to check that the first 32 bytes match, and ignore the rest of ReportData
.
6dd3831
to
86f7c82
Compare
e09b29e
to
796780f
Compare
created #28 to address the partial verification |
@samdealy bumped for re-review due to argument docs cleanup |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me, especially now that #27 is noted and won't get forgotten
No description provided.