Skip to content

Commit

Permalink
Include allow_ca and allow_x509 when computing meas hash
Browse files Browse the repository at this point in the history
  • Loading branch information
sree-revoori1 committed May 6, 2024
1 parent 8835c88 commit 793f940
Showing 1 changed file with 15 additions and 0 deletions.
15 changes: 15 additions & 0 deletions dpe/src/dpe_instance.rs
Original file line number Diff line number Diff line change
Expand Up @@ -453,6 +453,11 @@ impl DpeInstance {
uses_internal_input_info || context.uses_internal_input_info();
uses_internal_input_dice =
uses_internal_input_dice || context.uses_internal_input_dice();

// Add allow ca to hash
hasher.update(context.allow_ca().as_bytes())?;
// Add allow x509 to hash
hasher.update(context.allow_x509().as_bytes())?;
}

// Add internal input info to hash
Expand Down Expand Up @@ -793,6 +798,8 @@ pub mod tests {
for result in ChildToRootIter::new(leaf_idx, &dpe.contexts) {
let context = result.unwrap();
hasher.update(context.tci.as_bytes()).unwrap();
hasher.update(/*allow_ca=*/context.allow_ca().as_bytes()).unwrap();
hasher.update(/*allow_x509=*/context.allow_x509().as_bytes()).unwrap();
}

let digest = hasher.finish().unwrap();
Expand Down Expand Up @@ -843,7 +850,11 @@ pub mod tests {
let mut hasher = env.crypto.hash_initialize(DPE_PROFILE.alg_len()).unwrap();

hasher.update(child_context.tci.as_bytes()).unwrap();
hasher.update(/*allow_ca=*/false.as_bytes()).unwrap();
hasher.update(/*allow_x509=*/false.as_bytes()).unwrap();
hasher.update(parent_context.tci.as_bytes()).unwrap();
hasher.update(/*allow_ca=*/true.as_bytes()).unwrap();
hasher.update(/*allow_x509=*/true.as_bytes()).unwrap();
let mut internal_input_info = [0u8; INTERNAL_INPUT_INFO_SIZE];
dpe.serialize_internal_input_info(&mut env.platform, &mut internal_input_info)
.unwrap();
Expand Down Expand Up @@ -900,7 +911,11 @@ pub mod tests {
let mut hasher = env.crypto.hash_initialize(DPE_PROFILE.alg_len()).unwrap();

hasher.update(child_context.tci.as_bytes()).unwrap();
hasher.update(/*allow_ca=*/false.as_bytes()).unwrap();
hasher.update(/*allow_x509=*/false.as_bytes()).unwrap();
hasher.update(parent_context.tci.as_bytes()).unwrap();
hasher.update(/*allow_ca=*/true.as_bytes()).unwrap();
hasher.update(/*allow_x509=*/true.as_bytes()).unwrap();
hasher
.update(&TEST_CERT_CHAIN[..TEST_CERT_CHAIN.len()])
.unwrap();
Expand Down

0 comments on commit 793f940

Please sign in to comment.