mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
Fix invalid slice access in validateAk (#437)
This commit is contained in:
parent
1f9a788c21
commit
0887bc540f
@ -275,6 +275,9 @@ func (a *azureInstanceInfo) validateAk(runtimeDataRaw []byte, reportData []byte,
|
|||||||
}
|
}
|
||||||
|
|
||||||
sum := sha256.Sum256(runtimeDataRaw)
|
sum := sha256.Sum256(runtimeDataRaw)
|
||||||
|
if len(reportData) < len(sum) {
|
||||||
|
return fmt.Errorf("reportData has unexpected size: %d", len(reportData))
|
||||||
|
}
|
||||||
if !bytes.Equal(sum[:], reportData[:len(sum)]) {
|
if !bytes.Equal(sum[:], reportData[:len(sum)]) {
|
||||||
return errors.New("unexpected runtimeData digest in TPM")
|
return errors.New("unexpected runtimeData digest in TPM")
|
||||||
}
|
}
|
||||||
@ -284,7 +287,7 @@ func (a *azureInstanceInfo) validateAk(runtimeDataRaw []byte, reportData []byte,
|
|||||||
}
|
}
|
||||||
rawN, err := base64.RawURLEncoding.DecodeString(runtimeData.Keys[0].N)
|
rawN, err := base64.RawURLEncoding.DecodeString(runtimeData.Keys[0].N)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return fmt.Errorf("decoding modulus string: %w", err)
|
||||||
}
|
}
|
||||||
if !bytes.Equal(rawN, rsaParameters.ModulusRaw) {
|
if !bytes.Equal(rawN, rsaParameters.ModulusRaw) {
|
||||||
return fmt.Errorf("unexpected modulus value in TPM")
|
return fmt.Errorf("unexpected modulus value in TPM")
|
||||||
@ -292,7 +295,7 @@ func (a *azureInstanceInfo) validateAk(runtimeDataRaw []byte, reportData []byte,
|
|||||||
|
|
||||||
rawE, err := base64.RawURLEncoding.DecodeString(runtimeData.Keys[0].E)
|
rawE, err := base64.RawURLEncoding.DecodeString(runtimeData.Keys[0].E)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return fmt.Errorf("decoding exponent string: %w", err)
|
||||||
}
|
}
|
||||||
paddedRawE := make([]byte, 4)
|
paddedRawE := make([]byte, 4)
|
||||||
copy(paddedRawE, rawE)
|
copy(paddedRawE, rawE)
|
||||||
|
Loading…
Reference in New Issue
Block a user